[ovs.git] / TODO.md

Open vSwitch Project Ideas
==========================

This file lists a number of project ideas for Open vSwitch.  The ideas
here overlap somewhat with those in the [OPENFLOW-1.1+.md] file.


Programming Project Ideas
=========================

Each of these projects would ideally result in a patch or a short
series of them posted to ovs-dev.

Please read [CONTRIBUTING.md] and [CodingStyle.md] in the top of the
source tree before you begin work. The [OPENFLOW-1.1+.md] file also has
an introduction to how OpenFlow is implemented in Open vSwitch. It is
also a good idea to look around the source tree for related code, and
back through the Git history for commits on related subjects, to allow
you to follow existing patterns and conventions.

Meters
------

Open vSwitch has OpenFlow protocol support for meters, but it does not
have an implementation in the kernel or userspace datapaths.  An
implementation was proposed some time ago (I recommend looking for the
discussion in the ovs-dev mailing list archives), but for a few
different reasons it was not accepted.  Some of those reasons apply
only to a kernel implementation of meters.  At the time, a userspace
implementation wasn't as interesting, because the userspace switch
did not perform at a production speed, but with the advent of
multithreaded forwarding and, now, DPDK support, userspace-only meters
would be a great way to get started.

Improve SSL/TLS Security
------------------------

Open vSwitch allows some weak ciphers to be used for its secure
connections.  Security audits often suggest that the project remove
those ciphers, but there's not a clean way to modify the acceptable
ciphers.  At the very least, the cipher list should be audited, but it
would be nice to make it configurable.

Open vSwitch does not insist on perfect forward security via ephemeral
Diffie-Hellman key exchange when it establishes an SSL/TLS connection.
Given the wiretapping revelations over the last year, it seems wise to
turn this on.  (This would probably amount to finding the right
OpenSSL function to call or just reducing the acceptable ciphers
further.)

These changes might have backward-compatibility implications; one
would have to test the behavior of the reduced cipher list OVS against
older versions.

Bash Command Completion
-----------------------

ovs-vsctl and other programs would be easier to use if bash command
completion (with ``tab'', etc.) were supported.  Alex Wang
<alexw@nicira.com> is leading a team for this project.

Auxiliary Connections
---------------------

Auxiliary connections are a feature of OpenFlow 1.3 and later that
allow OpenFlow messages to be carried over datagram channels such as
UDP or DTLS.  One place to start would be to implement a datagram
abstraction library for OVS analogous to the ``stream'' library
that already abstracts TCP, SSL, and other stream protocols.

Basic OpenFlow 1.4 support
--------------------------

Some basic support for OpenFlow 1.4 is missing and needs to be
implemented.  These can be found by looking through lib/ofp-util.c for
mentions of OFP14_VERSION followed by a call to OVS_NOT_REACHED (which
aborts the program).

OpenFlow 1.4: Flow monitoring
-----------------------------

OpenFlow 1.4 introduces OFPMP_FLOW_MONITOR for notifying a controller
of changes to selected flow tables.  This feature is based on
NXST_FLOW_MONITOR that is already part of Open vSwitch, so to
implement this feature would be to extend that code to handle the
OpenFlow 1.4 wire protocol.

OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
ideally OVS would support that too.

OpenFlow 1.4 Role Status Message
--------------------------------

OpenFlow 1.4 section 7.4.4 ``Controller Role Status Message''
defines a new message sent by a switch to notify the controller that
its role (whether it is a master or a slave) has changed. OVS should
implement this.

OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
ideally OVS would support that too.

OpenFlow 1.4 Vacancy Events
---------------------------

OpenFlow 1.4 section 7.4.5 ``Table Status Message'' defines a new
message sent by a switch to notify the controller that a flow table is
close to filling up (or that it is no longer close to filling up).
OVS should implement this.

OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
ideally OVS would support that too.

OpenFlow 1.4 Group and Meter Change Notification
------------------------------------------------

OpenFlow 1.4 adds a feature whereby a controller can ask the switch to
send it copies of messages that change groups and meters. (This is
only useful in the presence of multiple controllers.) OVS should
implement this.

OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
ideally OVS would support that too.
   

Testing Project Ideas
=====================

Each of these projects would ideally result in confirmation that
features work or bug reports explaining how they do not.  Please sent
bug reports to dev at openvswitch.org, with as many details as you have.

ONF Plugfest Results Analysis
-----------------------------

Ben Pfaff has a collection of files reporting Open vSwitch conformance
to OpenFlow 1.3 provided by one of the vendors at the ONF plugfest
last year.  Some of the reported failures have been fixed, some of the
other failures probably result from differing interpretations of
OpenFlow 1.3, and others are probably genuine bugs in Open vSwitch.
Open vSwitch has also improved in the meantime.  Ben can provide the
results, privately, to some person or team who wishes to check them
out and try to pick out the genuine bugs.

OpenFlow Fuzzer
---------------

Build a ``fuzzer'' for the OpenFlow protocol (or use an existing
one, if there is one) and run it against the Open vSwitch
implementation.  One could also build a fuzzer for the OSVDB protocol.

Ryu Certification Tests Analysis
--------------------------------

The Ryu controller comes with a suite of ``certification tests''
that check the correctness of a switch's implementation of various
OpenFlow 1.3 features.  The INSTALL file in the OVS source tree has a
section that explains how to easily run these tests against an OVS
source tree.  Run the tests and figure out whether any tests fail but
should pass.  (Some tests fail and should fail because OVS does not
implement the particular feature; for example, OVS does not implement
PBB encapsulation, so related tests fail.)

OFTest Results Analysis
-----------------------

OFTest is a test suite for OpenFlow 1.0 compliance.  The INSTALL file
in the OVS source tree has a section that explains how to easily run
these tests against an OVS source tree.  Run the tests and figure out
whether any tests fail but should pass, and ideally why.  OFTest is
not particularly well vetted--in the past, at least, some tests have
failed against OVS due to bugs in OFTest, not in OVS--so some care is
warranted.


Documentation Project Ideas
===========================

Each of these projects would ideally result in creating some new
documentation for users.  Some documentation might be suitable to
accompany Open vSwitch as part of its source tree most likely either
in plain text or ``nroff'' (manpage) format.

OpenFlow Basics Tutorial
------------------------

Open vSwitch has a tutorial that covers its advanced features, but it
does not have a basic tutorial.  There are several tutorials on the
Internet already, so a new tutorial would have to distinguish itself
in some way. One way would be to use the Open vSwitch ``sandbox''
environment already used in the advanced tutorial.  The sandbox does
not require any real network or even supervisor privilege on the
machine where it runs, and thus it is easy to use with hardly any
up-front setup, so it is a gentle way to get started.

FlowVisor via patch ports
-------------------------

FlowVisor is a proxy that sits between OpenFlow controllers and a
switch. It divides up switch resources, allowing each controller to
control a ``slice'' of the network. For example, it can break up a
network based on VLAN, allowing different controllers to handle
packets with different VLANs.

It seems that Open vSwitch has features that allow it to implement at
least simple forms of FlowVisor control without any need for
FlowVisor.  Consider an Open vSwitch instance with three bridges.
Bridge br0 has physical ports eth0 and eth1.  Bridge v9 has no
physical ports, but it has two ``patch ports'' that connect it to
br0.  Bridge v11 has the same setup.  Flows in br0 match packets
received on vlan 9, strip the vlan header, and direct them to the
appropriate patch port leading to v9.  Additional flows in br0 match
packets received from v9, attach a VLAN 9 tag to them, and direct them
out eth0 or eth1 as appropriate.  Other flows in br0 treat packets on
VLAN 11 similarly.  Controllers attached to bridge v9 or v11 may thus
work as if they had full control of a network.

It seems to me that this is a good example of the power of OpenFlow
and Open vSwitch. The point of this project is to explain how to do
this, with detailed examples, in case someone finds it handy and to
open eyes toward the generality of Open vSwitch usefulness.

``Cookbooks''
-------------

The Open vSwitch website has a few ``cookbook'' entries that
describe how to use Open vSwitch in a few scenarios. There are only a
few of these and all of them are dated. It would be a good idea to
come up with ideas for some more and write them. These could be added
to the Open vSwitch website or the source tree or somewhere else.

Demos
-----

Record a demo of Open vSwitch functionality in use (or something else
relevant) and post it to youtube or another video site so that we can
link to it from openvswitch.org.


How to contribute
=================

If you plan to contribute code for a feature, please let everyone know
on ovs-dev before you start work.  This will help avoid duplicating
work.

Please consider the following:

  * Testing.  Please test your code.

  * Unit tests.  Please consider writing some.  The tests directory
    has many examples that you can use as a starting point.

  * ovs-ofctl.  If you add a feature that is useful for some
    ovs-ofctl command then you should add support for it there.

  * Documentation.  If you add a user-visible feature, then you
    should document it in the appropriate manpage and mention it in
    NEWS as well.

  * Coding style (see the [CodingStyle.md] file at the top of the
    source tree).

  * The patch submission guidelines (see [CONTRIBUTING.md]).  I
    recommend using "git send-email", which automatically follows a
    lot of those guidelines.


Bug Reporting
=============

Please report problems to bugs@openvswitch.org.


Local Variables:
mode: text
End:

[OPENFLOW-1.1+.md]:OPENFLOW-1.1+.md
[CONTRIBUTING.md]:CONTRIBUTING.md
[CodingStyle.md]:CodingStyle.md
Commit	Line	Data
542cc9bb TG	1	Open vSwitch Project Ideas
542cc9bb TG	2	==========================
84f7a527 BP	3
84f7a527 BP	4	This file lists a number of project ideas for Open vSwitch. The ideas
9feb1017	5	here overlap somewhat with those in the [OPENFLOW-1.1+.md] file.
84f7a527 BP	6
	7
	8	Programming Project Ideas
	9	=========================
	10
	11	Each of these projects would ideally result in a patch or a short
	12	series of them posted to ovs-dev.
	13
9feb1017 TG	14	Please read [CONTRIBUTING.md] and [CodingStyle.md] in the top of the
	15	source tree before you begin work. The [OPENFLOW-1.1+.md] file also has
	16	an introduction to how OpenFlow is implemented in Open vSwitch. It is
	17	also a good idea to look around the source tree for related code, and
84f7a527 BP	18	back through the Git history for commits on related subjects, to allow
	19	you to follow existing patterns and conventions.
	20
	21	Meters
	22	------
	23
	24	Open vSwitch has OpenFlow protocol support for meters, but it does not
	25	have an implementation in the kernel or userspace datapaths. An
	26	implementation was proposed some time ago (I recommend looking for the
	27	discussion in the ovs-dev mailing list archives), but for a few
	28	different reasons it was not accepted. Some of those reasons apply
	29	only to a kernel implementation of meters. At the time, a userspace
	30	implementation wasn't as interesting, because the userspace switch
	31	did not perform at a production speed, but with the advent of
	32	multithreaded forwarding and, now, DPDK support, userspace-only meters
	33	would be a great way to get started.
	34
	35	Improve SSL/TLS Security
	36	------------------------
	37
	38	Open vSwitch allows some weak ciphers to be used for its secure
	39	connections. Security audits often suggest that the project remove
	40	those ciphers, but there's not a clean way to modify the acceptable
	41	ciphers. At the very least, the cipher list should be audited, but it
	42	would be nice to make it configurable.
	43
	44	Open vSwitch does not insist on perfect forward security via ephemeral
	45	Diffie-Hellman key exchange when it establishes an SSL/TLS connection.
	46	Given the wiretapping revelations over the last year, it seems wise to
	47	turn this on. (This would probably amount to finding the right
	48	OpenSSL function to call or just reducing the acceptable ciphers
	49	further.)
	50
	51	These changes might have backward-compatibility implications; one
	52	would have to test the behavior of the reduced cipher list OVS against
	53	older versions.
	54
84f7a527 BP	55	Bash Command Completion
	56	-----------------------
	57
	58	ovs-vsctl and other programs would be easier to use if bash command
	59	completion (with ``tab'', etc.) were supported. Alex Wang
	60	<alexw@nicira.com> is leading a team for this project.
	61
	62	Auxiliary Connections
	63	---------------------
	64
	65	Auxiliary connections are a feature of OpenFlow 1.3 and later that
	66	allow OpenFlow messages to be carried over datagram channels such as
	67	UDP or DTLS. One place to start would be to implement a datagram
	68	abstraction library for OVS analogous to the ``stream'' library
	69	that already abstracts TCP, SSL, and other stream protocols.
	70
84f7a527 BP	71	Basic OpenFlow 1.4 support
	72	--------------------------
	73
	74	Some basic support for OpenFlow 1.4 is missing and needs to be
	75	implemented. These can be found by looking through lib/ofp-util.c for
	76	mentions of OFP14_VERSION followed by a call to OVS_NOT_REACHED (which
	77	aborts the program).
	78
	79	OpenFlow 1.4: Flow monitoring
	80	-----------------------------
	81
	82	OpenFlow 1.4 introduces OFPMP_FLOW_MONITOR for notifying a controller
	83	of changes to selected flow tables. This feature is based on
	84	NXST_FLOW_MONITOR that is already part of Open vSwitch, so to
	85	implement this feature would be to extend that code to handle the
	86	OpenFlow 1.4 wire protocol.
	87
	88	OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
	89	ideally OVS would support that too.
	90
	91	OpenFlow 1.4 Role Status Message
	92	--------------------------------
	93
	94	OpenFlow 1.4 section 7.4.4 ``Controller Role Status Message''
	95	defines a new message sent by a switch to notify the controller that
	96	its role (whether it is a master or a slave) has changed. OVS should
	97	implement this.
	98
	99	OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
	100	ideally OVS would support that too.
	101
	102	OpenFlow 1.4 Vacancy Events
	103	---------------------------
	104
	105	OpenFlow 1.4 section 7.4.5 ``Table Status Message'' defines a new
	106	message sent by a switch to notify the controller that a flow table is
	107	close to filling up (or that it is no longer close to filling up).
	108	OVS should implement this.
	109
	110	OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
	111	ideally OVS would support that too.
	112
	113	OpenFlow 1.4 Group and Meter Change Notification
	114	------------------------------------------------
	115
	116	OpenFlow 1.4 adds a feature whereby a controller can ask the switch to
	117	send it copies of messages that change groups and meters. (This is
	118	only useful in the presence of multiple controllers.) OVS should
	119	implement this.
	120
	121	OpenFlow 1.3 also includes this feature as a ONF-defined extension, so
	122	ideally OVS would support that too.
	123
	124
	125	Testing Project Ideas
	126	=====================
	127
	128	Each of these projects would ideally result in confirmation that
	129	features work or bug reports explaining how they do not. Please sent
	130	bug reports to dev at openvswitch.org, with as many details as you have.
	131
	132	ONF Plugfest Results Analysis
	133	-----------------------------
	134
135	Ben Pfaff has a collection of files reporting Open vSwitch conformance
136	to OpenFlow 1.3 provided by one of the vendors at the ONF plugfest
137	last year. Some of the reported failures have been fixed, some of the
138	other failures probably result from differing interpretations of
139	OpenFlow 1.3, and others are probably genuine bugs in Open vSwitch.
140	Open vSwitch has also improved in the meantime. Ben can provide the
141	results, privately, to some person or team who wishes to check them
142	out and try to pick out the genuine bugs.
143
144	OpenFlow Fuzzer
145	---------------
146
147	Build a ``fuzzer'' for the OpenFlow protocol (or use an existing
148	one, if there is one) and run it against the Open vSwitch
149	implementation. One could also build a fuzzer for the OSVDB protocol.
150
151	Ryu Certification Tests Analysis
152	--------------------------------
153
154	The Ryu controller comes with a suite of ``certification tests''
155	that check the correctness of a switch's implementation of various
156	OpenFlow 1.3 features. The INSTALL file in the OVS source tree has a
157	section that explains how to easily run these tests against an OVS
158	source tree. Run the tests and figure out whether any tests fail but
159	should pass. (Some tests fail and should fail because OVS does not
160	implement the particular feature; for example, OVS does not implement
161	PBB encapsulation, so related tests fail.)
162
163	OFTest Results Analysis
164	-----------------------
165
166	OFTest is a test suite for OpenFlow 1.0 compliance. The INSTALL file
167	in the OVS source tree has a section that explains how to easily run
168	these tests against an OVS source tree. Run the tests and figure out
169	whether any tests fail but should pass, and ideally why. OFTest is
170	not particularly well vetted--in the past, at least, some tests have
171	failed against OVS due to bugs in OFTest, not in OVS--so some care is
172	warranted.
173
174
175	Documentation Project Ideas
176	===========================
177
178	Each of these projects would ideally result in creating some new
179	documentation for users. Some documentation might be suitable to
180	accompany Open vSwitch as part of its source tree most likely either
181	in plain text or ``nroff'' (manpage) format.
182
183	OpenFlow Basics Tutorial
184	------------------------
185
186	Open vSwitch has a tutorial that covers its advanced features, but it
187	does not have a basic tutorial. There are several tutorials on the
188	Internet already, so a new tutorial would have to distinguish itself
189	in some way. One way would be to use the Open vSwitch ``sandbox''
190	environment already used in the advanced tutorial. The sandbox does
191	not require any real network or even supervisor privilege on the
192	machine where it runs, and thus it is easy to use with hardly any
193	up-front setup, so it is a gentle way to get started.
194
195	FlowVisor via patch ports
196	-------------------------
197
198	FlowVisor is a proxy that sits between OpenFlow controllers and a
199	switch. It divides up switch resources, allowing each controller to
200	control a ``slice'' of the network. For example, it can break up a
201	network based on VLAN, allowing different controllers to handle
202	packets with different VLANs.
203
204	It seems that Open vSwitch has features that allow it to implement at
205	least simple forms of FlowVisor control without any need for
206	FlowVisor. Consider an Open vSwitch instance with three bridges.
207	Bridge br0 has physical ports eth0 and eth1. Bridge v9 has no
208	physical ports, but it has two ``patch ports'' that connect it to
209	br0. Bridge v11 has the same setup. Flows in br0 match packets
210	received on vlan 9, strip the vlan header, and direct them to the
211	appropriate patch port leading to v9. Additional flows in br0 match
212	packets received from v9, attach a VLAN 9 tag to them, and direct them
213	out eth0 or eth1 as appropriate. Other flows in br0 treat packets on
214	VLAN 11 similarly. Controllers attached to bridge v9 or v11 may thus
215	work as if they had full control of a network.
216
217	It seems to me that this is a good example of the power of OpenFlow
218	and Open vSwitch. The point of this project is to explain how to do
219	this, with detailed examples, in case someone finds it handy and to
220	open eyes toward the generality of Open vSwitch usefulness.
221
222	``Cookbooks''
223	-------------
224
225	The Open vSwitch website has a few ``cookbook'' entries that
226	describe how to use Open vSwitch in a few scenarios. There are only a
227	few of these and all of them are dated. It would be a good idea to
228	come up with ideas for some more and write them. These could be added
229	to the Open vSwitch website or the source tree or somewhere else.
230
231	Demos
232	-----
233
234	Record a demo of Open vSwitch functionality in use (or something else
235	relevant) and post it to youtube or another video site so that we can
236	link to it from openvswitch.org.
237
238
239	How to contribute
240	=================
241
242	If you plan to contribute code for a feature, please let everyone know
243	on ovs-dev before you start work. This will help avoid duplicating
244	work.
245
246	Please consider the following:
247
542cc9bb	248	* Testing. Please test your code.
84f7a527	249
542cc9bb TG	250	* Unit tests. Please consider writing some. The tests directory
542cc9bb TG	251	has many examples that you can use as a starting point.
84f7a527	252
542cc9bb TG	253	* ovs-ofctl. If you add a feature that is useful for some
542cc9bb TG	254	ovs-ofctl command then you should add support for it there.
84f7a527	255
542cc9bb TG	256	* Documentation. If you add a user-visible feature, then you
	257	should document it in the appropriate manpage and mention it in
	258	NEWS as well.
84f7a527	259
9feb1017 TG	260	* Coding style (see the [CodingStyle.md] file at the top of the
9feb1017 TG	261	source tree).
84f7a527	262
9feb1017 TG	263	* The patch submission guidelines (see [CONTRIBUTING.md]). I
9feb1017 TG	264	recommend using "git send-email", which automatically follows a
542cc9bb	265	lot of those guidelines.
84f7a527 BP	266
	267
	268	Bug Reporting
	269	=============
	270
	271	Please report problems to bugs@openvswitch.org.
	272
	273
	274	Local Variables:
	275	mode: text
	276	End:
9feb1017 TG	277
	278	[OPENFLOW-1.1+.md]:OPENFLOW-1.1+.md
	279	[CONTRIBUTING.md]:CONTRIBUTING.md
	280	[CodingStyle.md]:CodingStyle.md