]>
Commit | Line | Data |
---|---|---|
542cc9bb TG |
1 | Open vSwitch Project Ideas |
2 | ========================== | |
84f7a527 BP |
3 | |
4 | This file lists a number of project ideas for Open vSwitch. The ideas | |
9feb1017 | 5 | here overlap somewhat with those in the [OPENFLOW-1.1+.md] file. |
84f7a527 BP |
6 | |
7 | ||
8 | Programming Project Ideas | |
9 | ========================= | |
10 | ||
11 | Each of these projects would ideally result in a patch or a short | |
12 | series of them posted to ovs-dev. | |
13 | ||
9feb1017 TG |
14 | Please read [CONTRIBUTING.md] and [CodingStyle.md] in the top of the |
15 | source tree before you begin work. The [OPENFLOW-1.1+.md] file also has | |
16 | an introduction to how OpenFlow is implemented in Open vSwitch. It is | |
17 | also a good idea to look around the source tree for related code, and | |
84f7a527 BP |
18 | back through the Git history for commits on related subjects, to allow |
19 | you to follow existing patterns and conventions. | |
20 | ||
21 | Meters | |
22 | ------ | |
23 | ||
24 | Open vSwitch has OpenFlow protocol support for meters, but it does not | |
25 | have an implementation in the kernel or userspace datapaths. An | |
26 | implementation was proposed some time ago (I recommend looking for the | |
27 | discussion in the ovs-dev mailing list archives), but for a few | |
28 | different reasons it was not accepted. Some of those reasons apply | |
29 | only to a kernel implementation of meters. At the time, a userspace | |
30 | implementation wasn't as interesting, because the userspace switch | |
31 | did not perform at a production speed, but with the advent of | |
32 | multithreaded forwarding and, now, DPDK support, userspace-only meters | |
33 | would be a great way to get started. | |
34 | ||
35 | Improve SSL/TLS Security | |
36 | ------------------------ | |
37 | ||
38 | Open vSwitch allows some weak ciphers to be used for its secure | |
39 | connections. Security audits often suggest that the project remove | |
40 | those ciphers, but there's not a clean way to modify the acceptable | |
41 | ciphers. At the very least, the cipher list should be audited, but it | |
42 | would be nice to make it configurable. | |
43 | ||
44 | Open vSwitch does not insist on perfect forward security via ephemeral | |
45 | Diffie-Hellman key exchange when it establishes an SSL/TLS connection. | |
46 | Given the wiretapping revelations over the last year, it seems wise to | |
47 | turn this on. (This would probably amount to finding the right | |
48 | OpenSSL function to call or just reducing the acceptable ciphers | |
49 | further.) | |
50 | ||
51 | These changes might have backward-compatibility implications; one | |
52 | would have to test the behavior of the reduced cipher list OVS against | |
53 | older versions. | |
54 | ||
84f7a527 BP |
55 | Bash Command Completion |
56 | ----------------------- | |
57 | ||
58 | ovs-vsctl and other programs would be easier to use if bash command | |
59 | completion (with ``tab'', etc.) were supported. Alex Wang | |
60 | <alexw@nicira.com> is leading a team for this project. | |
61 | ||
62 | Auxiliary Connections | |
63 | --------------------- | |
64 | ||
65 | Auxiliary connections are a feature of OpenFlow 1.3 and later that | |
66 | allow OpenFlow messages to be carried over datagram channels such as | |
67 | UDP or DTLS. One place to start would be to implement a datagram | |
68 | abstraction library for OVS analogous to the ``stream'' library | |
69 | that already abstracts TCP, SSL, and other stream protocols. | |
70 | ||
84f7a527 BP |
71 | Basic OpenFlow 1.4 support |
72 | -------------------------- | |
73 | ||
74 | Some basic support for OpenFlow 1.4 is missing and needs to be | |
75 | implemented. These can be found by looking through lib/ofp-util.c for | |
76 | mentions of OFP14_VERSION followed by a call to OVS_NOT_REACHED (which | |
77 | aborts the program). | |
78 | ||
79 | OpenFlow 1.4: Flow monitoring | |
80 | ----------------------------- | |
81 | ||
82 | OpenFlow 1.4 introduces OFPMP_FLOW_MONITOR for notifying a controller | |
83 | of changes to selected flow tables. This feature is based on | |
84 | NXST_FLOW_MONITOR that is already part of Open vSwitch, so to | |
85 | implement this feature would be to extend that code to handle the | |
86 | OpenFlow 1.4 wire protocol. | |
87 | ||
88 | OpenFlow 1.3 also includes this feature as a ONF-defined extension, so | |
89 | ideally OVS would support that too. | |
90 | ||
91 | OpenFlow 1.4 Role Status Message | |
92 | -------------------------------- | |
93 | ||
94 | OpenFlow 1.4 section 7.4.4 ``Controller Role Status Message'' | |
95 | defines a new message sent by a switch to notify the controller that | |
96 | its role (whether it is a master or a slave) has changed. OVS should | |
97 | implement this. | |
98 | ||
99 | OpenFlow 1.3 also includes this feature as a ONF-defined extension, so | |
100 | ideally OVS would support that too. | |
101 | ||
102 | OpenFlow 1.4 Vacancy Events | |
103 | --------------------------- | |
104 | ||
105 | OpenFlow 1.4 section 7.4.5 ``Table Status Message'' defines a new | |
106 | message sent by a switch to notify the controller that a flow table is | |
107 | close to filling up (or that it is no longer close to filling up). | |
108 | OVS should implement this. | |
109 | ||
110 | OpenFlow 1.3 also includes this feature as a ONF-defined extension, so | |
111 | ideally OVS would support that too. | |
112 | ||
113 | OpenFlow 1.4 Group and Meter Change Notification | |
114 | ------------------------------------------------ | |
115 | ||
116 | OpenFlow 1.4 adds a feature whereby a controller can ask the switch to | |
117 | send it copies of messages that change groups and meters. (This is | |
118 | only useful in the presence of multiple controllers.) OVS should | |
119 | implement this. | |
120 | ||
121 | OpenFlow 1.3 also includes this feature as a ONF-defined extension, so | |
122 | ideally OVS would support that too. | |
123 | ||
124 | ||
125 | Testing Project Ideas | |
126 | ===================== | |
127 | ||
128 | Each of these projects would ideally result in confirmation that | |
129 | features work or bug reports explaining how they do not. Please sent | |
130 | bug reports to dev at openvswitch.org, with as many details as you have. | |
131 | ||
132 | ONF Plugfest Results Analysis | |
133 | ----------------------------- | |
134 | ||
135 | Ben Pfaff has a collection of files reporting Open vSwitch conformance | |
136 | to OpenFlow 1.3 provided by one of the vendors at the ONF plugfest | |
137 | last year. Some of the reported failures have been fixed, some of the | |
138 | other failures probably result from differing interpretations of | |
139 | OpenFlow 1.3, and others are probably genuine bugs in Open vSwitch. | |
140 | Open vSwitch has also improved in the meantime. Ben can provide the | |
141 | results, privately, to some person or team who wishes to check them | |
142 | out and try to pick out the genuine bugs. | |
143 | ||
144 | OpenFlow Fuzzer | |
145 | --------------- | |
146 | ||
147 | Build a ``fuzzer'' for the OpenFlow protocol (or use an existing | |
148 | one, if there is one) and run it against the Open vSwitch | |
149 | implementation. One could also build a fuzzer for the OSVDB protocol. | |
150 | ||
151 | Ryu Certification Tests Analysis | |
152 | -------------------------------- | |
153 | ||
154 | The Ryu controller comes with a suite of ``certification tests'' | |
155 | that check the correctness of a switch's implementation of various | |
156 | OpenFlow 1.3 features. The INSTALL file in the OVS source tree has a | |
157 | section that explains how to easily run these tests against an OVS | |
158 | source tree. Run the tests and figure out whether any tests fail but | |
159 | should pass. (Some tests fail and should fail because OVS does not | |
160 | implement the particular feature; for example, OVS does not implement | |
161 | PBB encapsulation, so related tests fail.) | |
162 | ||
163 | OFTest Results Analysis | |
164 | ----------------------- | |
165 | ||
166 | OFTest is a test suite for OpenFlow 1.0 compliance. The INSTALL file | |
167 | in the OVS source tree has a section that explains how to easily run | |
168 | these tests against an OVS source tree. Run the tests and figure out | |
169 | whether any tests fail but should pass, and ideally why. OFTest is | |
170 | not particularly well vetted--in the past, at least, some tests have | |
171 | failed against OVS due to bugs in OFTest, not in OVS--so some care is | |
172 | warranted. | |
173 | ||
174 | ||
175 | Documentation Project Ideas | |
176 | =========================== | |
177 | ||
178 | Each of these projects would ideally result in creating some new | |
179 | documentation for users. Some documentation might be suitable to | |
180 | accompany Open vSwitch as part of its source tree most likely either | |
181 | in plain text or ``nroff'' (manpage) format. | |
182 | ||
183 | OpenFlow Basics Tutorial | |
184 | ------------------------ | |
185 | ||
186 | Open vSwitch has a tutorial that covers its advanced features, but it | |
187 | does not have a basic tutorial. There are several tutorials on the | |
188 | Internet already, so a new tutorial would have to distinguish itself | |
189 | in some way. One way would be to use the Open vSwitch ``sandbox'' | |
190 | environment already used in the advanced tutorial. The sandbox does | |
191 | not require any real network or even supervisor privilege on the | |
192 | machine where it runs, and thus it is easy to use with hardly any | |
193 | up-front setup, so it is a gentle way to get started. | |
194 | ||
195 | FlowVisor via patch ports | |
196 | ------------------------- | |
197 | ||
198 | FlowVisor is a proxy that sits between OpenFlow controllers and a | |
199 | switch. It divides up switch resources, allowing each controller to | |
200 | control a ``slice'' of the network. For example, it can break up a | |
201 | network based on VLAN, allowing different controllers to handle | |
202 | packets with different VLANs. | |
203 | ||
204 | It seems that Open vSwitch has features that allow it to implement at | |
205 | least simple forms of FlowVisor control without any need for | |
206 | FlowVisor. Consider an Open vSwitch instance with three bridges. | |
207 | Bridge br0 has physical ports eth0 and eth1. Bridge v9 has no | |
208 | physical ports, but it has two ``patch ports'' that connect it to | |
209 | br0. Bridge v11 has the same setup. Flows in br0 match packets | |
210 | received on vlan 9, strip the vlan header, and direct them to the | |
211 | appropriate patch port leading to v9. Additional flows in br0 match | |
212 | packets received from v9, attach a VLAN 9 tag to them, and direct them | |
213 | out eth0 or eth1 as appropriate. Other flows in br0 treat packets on | |
214 | VLAN 11 similarly. Controllers attached to bridge v9 or v11 may thus | |
215 | work as if they had full control of a network. | |
216 | ||
217 | It seems to me that this is a good example of the power of OpenFlow | |
218 | and Open vSwitch. The point of this project is to explain how to do | |
219 | this, with detailed examples, in case someone finds it handy and to | |
220 | open eyes toward the generality of Open vSwitch usefulness. | |
221 | ||
222 | ``Cookbooks'' | |
223 | ------------- | |
224 | ||
225 | The Open vSwitch website has a few ``cookbook'' entries that | |
226 | describe how to use Open vSwitch in a few scenarios. There are only a | |
227 | few of these and all of them are dated. It would be a good idea to | |
228 | come up with ideas for some more and write them. These could be added | |
229 | to the Open vSwitch website or the source tree or somewhere else. | |
230 | ||
231 | Demos | |
232 | ----- | |
233 | ||
234 | Record a demo of Open vSwitch functionality in use (or something else | |
235 | relevant) and post it to youtube or another video site so that we can | |
236 | link to it from openvswitch.org. | |
237 | ||
238 | ||
239 | How to contribute | |
240 | ================= | |
241 | ||
242 | If you plan to contribute code for a feature, please let everyone know | |
243 | on ovs-dev before you start work. This will help avoid duplicating | |
244 | work. | |
245 | ||
246 | Please consider the following: | |
247 | ||
542cc9bb | 248 | * Testing. Please test your code. |
84f7a527 | 249 | |
542cc9bb TG |
250 | * Unit tests. Please consider writing some. The tests directory |
251 | has many examples that you can use as a starting point. | |
84f7a527 | 252 | |
542cc9bb TG |
253 | * ovs-ofctl. If you add a feature that is useful for some |
254 | ovs-ofctl command then you should add support for it there. | |
84f7a527 | 255 | |
542cc9bb TG |
256 | * Documentation. If you add a user-visible feature, then you |
257 | should document it in the appropriate manpage and mention it in | |
258 | NEWS as well. | |
84f7a527 | 259 | |
9feb1017 TG |
260 | * Coding style (see the [CodingStyle.md] file at the top of the |
261 | source tree). | |
84f7a527 | 262 | |
9feb1017 TG |
263 | * The patch submission guidelines (see [CONTRIBUTING.md]). I |
264 | recommend using "git send-email", which automatically follows a | |
542cc9bb | 265 | lot of those guidelines. |
84f7a527 BP |
266 | |
267 | ||
268 | Bug Reporting | |
269 | ============= | |
270 | ||
271 | Please report problems to bugs@openvswitch.org. | |
272 | ||
273 | ||
274 | Local Variables: | |
275 | mode: text | |
276 | End: | |
9feb1017 TG |
277 | |
278 | [OPENFLOW-1.1+.md]:OPENFLOW-1.1+.md | |
279 | [CONTRIBUTING.md]:CONTRIBUTING.md | |
280 | [CodingStyle.md]:CodingStyle.md |