]>
Commit | Line | Data |
---|---|---|
542cc9bb TG |
1 | Open vSwitch Project Ideas |
2 | ========================== | |
84f7a527 BP |
3 | |
4 | This file lists a number of project ideas for Open vSwitch. The ideas | |
9feb1017 | 5 | here overlap somewhat with those in the [OPENFLOW-1.1+.md] file. |
84f7a527 BP |
6 | |
7 | ||
8 | Programming Project Ideas | |
9 | ========================= | |
10 | ||
11 | Each of these projects would ideally result in a patch or a short | |
12 | series of them posted to ovs-dev. | |
13 | ||
9feb1017 TG |
14 | Please read [CONTRIBUTING.md] and [CodingStyle.md] in the top of the |
15 | source tree before you begin work. The [OPENFLOW-1.1+.md] file also has | |
16 | an introduction to how OpenFlow is implemented in Open vSwitch. It is | |
17 | also a good idea to look around the source tree for related code, and | |
84f7a527 BP |
18 | back through the Git history for commits on related subjects, to allow |
19 | you to follow existing patterns and conventions. | |
20 | ||
21 | Meters | |
22 | ------ | |
23 | ||
24 | Open vSwitch has OpenFlow protocol support for meters, but it does not | |
25 | have an implementation in the kernel or userspace datapaths. An | |
26 | implementation was proposed some time ago (I recommend looking for the | |
27 | discussion in the ovs-dev mailing list archives), but for a few | |
28 | different reasons it was not accepted. Some of those reasons apply | |
29 | only to a kernel implementation of meters. At the time, a userspace | |
30 | implementation wasn't as interesting, because the userspace switch | |
31 | did not perform at a production speed, but with the advent of | |
32 | multithreaded forwarding and, now, DPDK support, userspace-only meters | |
33 | would be a great way to get started. | |
34 | ||
35 | Improve SSL/TLS Security | |
36 | ------------------------ | |
37 | ||
38 | Open vSwitch allows some weak ciphers to be used for its secure | |
39 | connections. Security audits often suggest that the project remove | |
40 | those ciphers, but there's not a clean way to modify the acceptable | |
41 | ciphers. At the very least, the cipher list should be audited, but it | |
42 | would be nice to make it configurable. | |
43 | ||
44 | Open vSwitch does not insist on perfect forward security via ephemeral | |
45 | Diffie-Hellman key exchange when it establishes an SSL/TLS connection. | |
46 | Given the wiretapping revelations over the last year, it seems wise to | |
47 | turn this on. (This would probably amount to finding the right | |
48 | OpenSSL function to call or just reducing the acceptable ciphers | |
49 | further.) | |
50 | ||
51 | These changes might have backward-compatibility implications; one | |
52 | would have to test the behavior of the reduced cipher list OVS against | |
53 | older versions. | |
54 | ||
84f7a527 BP |
55 | Bash Command Completion |
56 | ----------------------- | |
57 | ||
58 | ovs-vsctl and other programs would be easier to use if bash command | |
59 | completion (with ``tab'', etc.) were supported. Alex Wang | |
60 | <alexw@nicira.com> is leading a team for this project. | |
61 | ||
62 | Auxiliary Connections | |
63 | --------------------- | |
64 | ||
65 | Auxiliary connections are a feature of OpenFlow 1.3 and later that | |
66 | allow OpenFlow messages to be carried over datagram channels such as | |
67 | UDP or DTLS. One place to start would be to implement a datagram | |
68 | abstraction library for OVS analogous to the ``stream'' library | |
69 | that already abstracts TCP, SSL, and other stream protocols. | |
70 | ||
71 | Controller connection logging to pcap file | |
72 | ------------------------------------------ | |
73 | ||
74 | http://patchwork.openvswitch.org/patch/2249/ is an RFC patch that | |
75 | allows the switch to record the traffic on OpenFlow controller | |
76 | connections to a pcap file for later analysis. The patch lacks a good | |
77 | way to enable and disable the feature. The task here would be to add | |
78 | that and repost the patch. | |
79 | ||
80 | Basic OpenFlow 1.4 support | |
81 | -------------------------- | |
82 | ||
83 | Some basic support for OpenFlow 1.4 is missing and needs to be | |
84 | implemented. These can be found by looking through lib/ofp-util.c for | |
85 | mentions of OFP14_VERSION followed by a call to OVS_NOT_REACHED (which | |
86 | aborts the program). | |
87 | ||
88 | OpenFlow 1.4: Flow monitoring | |
89 | ----------------------------- | |
90 | ||
91 | OpenFlow 1.4 introduces OFPMP_FLOW_MONITOR for notifying a controller | |
92 | of changes to selected flow tables. This feature is based on | |
93 | NXST_FLOW_MONITOR that is already part of Open vSwitch, so to | |
94 | implement this feature would be to extend that code to handle the | |
95 | OpenFlow 1.4 wire protocol. | |
96 | ||
97 | OpenFlow 1.3 also includes this feature as a ONF-defined extension, so | |
98 | ideally OVS would support that too. | |
99 | ||
100 | OpenFlow 1.4 Role Status Message | |
101 | -------------------------------- | |
102 | ||
103 | OpenFlow 1.4 section 7.4.4 ``Controller Role Status Message'' | |
104 | defines a new message sent by a switch to notify the controller that | |
105 | its role (whether it is a master or a slave) has changed. OVS should | |
106 | implement this. | |
107 | ||
108 | OpenFlow 1.3 also includes this feature as a ONF-defined extension, so | |
109 | ideally OVS would support that too. | |
110 | ||
111 | OpenFlow 1.4 Vacancy Events | |
112 | --------------------------- | |
113 | ||
114 | OpenFlow 1.4 section 7.4.5 ``Table Status Message'' defines a new | |
115 | message sent by a switch to notify the controller that a flow table is | |
116 | close to filling up (or that it is no longer close to filling up). | |
117 | OVS should implement this. | |
118 | ||
119 | OpenFlow 1.3 also includes this feature as a ONF-defined extension, so | |
120 | ideally OVS would support that too. | |
121 | ||
122 | OpenFlow 1.4 Group and Meter Change Notification | |
123 | ------------------------------------------------ | |
124 | ||
125 | OpenFlow 1.4 adds a feature whereby a controller can ask the switch to | |
126 | send it copies of messages that change groups and meters. (This is | |
127 | only useful in the presence of multiple controllers.) OVS should | |
128 | implement this. | |
129 | ||
130 | OpenFlow 1.3 also includes this feature as a ONF-defined extension, so | |
131 | ideally OVS would support that too. | |
132 | ||
133 | ||
134 | Testing Project Ideas | |
135 | ===================== | |
136 | ||
137 | Each of these projects would ideally result in confirmation that | |
138 | features work or bug reports explaining how they do not. Please sent | |
139 | bug reports to dev at openvswitch.org, with as many details as you have. | |
140 | ||
141 | ONF Plugfest Results Analysis | |
142 | ----------------------------- | |
143 | ||
144 | Ben Pfaff has a collection of files reporting Open vSwitch conformance | |
145 | to OpenFlow 1.3 provided by one of the vendors at the ONF plugfest | |
146 | last year. Some of the reported failures have been fixed, some of the | |
147 | other failures probably result from differing interpretations of | |
148 | OpenFlow 1.3, and others are probably genuine bugs in Open vSwitch. | |
149 | Open vSwitch has also improved in the meantime. Ben can provide the | |
150 | results, privately, to some person or team who wishes to check them | |
151 | out and try to pick out the genuine bugs. | |
152 | ||
153 | OpenFlow Fuzzer | |
154 | --------------- | |
155 | ||
156 | Build a ``fuzzer'' for the OpenFlow protocol (or use an existing | |
157 | one, if there is one) and run it against the Open vSwitch | |
158 | implementation. One could also build a fuzzer for the OSVDB protocol. | |
159 | ||
160 | Ryu Certification Tests Analysis | |
161 | -------------------------------- | |
162 | ||
163 | The Ryu controller comes with a suite of ``certification tests'' | |
164 | that check the correctness of a switch's implementation of various | |
165 | OpenFlow 1.3 features. The INSTALL file in the OVS source tree has a | |
166 | section that explains how to easily run these tests against an OVS | |
167 | source tree. Run the tests and figure out whether any tests fail but | |
168 | should pass. (Some tests fail and should fail because OVS does not | |
169 | implement the particular feature; for example, OVS does not implement | |
170 | PBB encapsulation, so related tests fail.) | |
171 | ||
172 | OFTest Results Analysis | |
173 | ----------------------- | |
174 | ||
175 | OFTest is a test suite for OpenFlow 1.0 compliance. The INSTALL file | |
176 | in the OVS source tree has a section that explains how to easily run | |
177 | these tests against an OVS source tree. Run the tests and figure out | |
178 | whether any tests fail but should pass, and ideally why. OFTest is | |
179 | not particularly well vetted--in the past, at least, some tests have | |
180 | failed against OVS due to bugs in OFTest, not in OVS--so some care is | |
181 | warranted. | |
182 | ||
183 | ||
184 | Documentation Project Ideas | |
185 | =========================== | |
186 | ||
187 | Each of these projects would ideally result in creating some new | |
188 | documentation for users. Some documentation might be suitable to | |
189 | accompany Open vSwitch as part of its source tree most likely either | |
190 | in plain text or ``nroff'' (manpage) format. | |
191 | ||
192 | OpenFlow Basics Tutorial | |
193 | ------------------------ | |
194 | ||
195 | Open vSwitch has a tutorial that covers its advanced features, but it | |
196 | does not have a basic tutorial. There are several tutorials on the | |
197 | Internet already, so a new tutorial would have to distinguish itself | |
198 | in some way. One way would be to use the Open vSwitch ``sandbox'' | |
199 | environment already used in the advanced tutorial. The sandbox does | |
200 | not require any real network or even supervisor privilege on the | |
201 | machine where it runs, and thus it is easy to use with hardly any | |
202 | up-front setup, so it is a gentle way to get started. | |
203 | ||
204 | FlowVisor via patch ports | |
205 | ------------------------- | |
206 | ||
207 | FlowVisor is a proxy that sits between OpenFlow controllers and a | |
208 | switch. It divides up switch resources, allowing each controller to | |
209 | control a ``slice'' of the network. For example, it can break up a | |
210 | network based on VLAN, allowing different controllers to handle | |
211 | packets with different VLANs. | |
212 | ||
213 | It seems that Open vSwitch has features that allow it to implement at | |
214 | least simple forms of FlowVisor control without any need for | |
215 | FlowVisor. Consider an Open vSwitch instance with three bridges. | |
216 | Bridge br0 has physical ports eth0 and eth1. Bridge v9 has no | |
217 | physical ports, but it has two ``patch ports'' that connect it to | |
218 | br0. Bridge v11 has the same setup. Flows in br0 match packets | |
219 | received on vlan 9, strip the vlan header, and direct them to the | |
220 | appropriate patch port leading to v9. Additional flows in br0 match | |
221 | packets received from v9, attach a VLAN 9 tag to them, and direct them | |
222 | out eth0 or eth1 as appropriate. Other flows in br0 treat packets on | |
223 | VLAN 11 similarly. Controllers attached to bridge v9 or v11 may thus | |
224 | work as if they had full control of a network. | |
225 | ||
226 | It seems to me that this is a good example of the power of OpenFlow | |
227 | and Open vSwitch. The point of this project is to explain how to do | |
228 | this, with detailed examples, in case someone finds it handy and to | |
229 | open eyes toward the generality of Open vSwitch usefulness. | |
230 | ||
231 | ``Cookbooks'' | |
232 | ------------- | |
233 | ||
234 | The Open vSwitch website has a few ``cookbook'' entries that | |
235 | describe how to use Open vSwitch in a few scenarios. There are only a | |
236 | few of these and all of them are dated. It would be a good idea to | |
237 | come up with ideas for some more and write them. These could be added | |
238 | to the Open vSwitch website or the source tree or somewhere else. | |
239 | ||
240 | Demos | |
241 | ----- | |
242 | ||
243 | Record a demo of Open vSwitch functionality in use (or something else | |
244 | relevant) and post it to youtube or another video site so that we can | |
245 | link to it from openvswitch.org. | |
246 | ||
247 | ||
248 | How to contribute | |
249 | ================= | |
250 | ||
251 | If you plan to contribute code for a feature, please let everyone know | |
252 | on ovs-dev before you start work. This will help avoid duplicating | |
253 | work. | |
254 | ||
255 | Please consider the following: | |
256 | ||
542cc9bb | 257 | * Testing. Please test your code. |
84f7a527 | 258 | |
542cc9bb TG |
259 | * Unit tests. Please consider writing some. The tests directory |
260 | has many examples that you can use as a starting point. | |
84f7a527 | 261 | |
542cc9bb TG |
262 | * ovs-ofctl. If you add a feature that is useful for some |
263 | ovs-ofctl command then you should add support for it there. | |
84f7a527 | 264 | |
542cc9bb TG |
265 | * Documentation. If you add a user-visible feature, then you |
266 | should document it in the appropriate manpage and mention it in | |
267 | NEWS as well. | |
84f7a527 | 268 | |
9feb1017 TG |
269 | * Coding style (see the [CodingStyle.md] file at the top of the |
270 | source tree). | |
84f7a527 | 271 | |
9feb1017 TG |
272 | * The patch submission guidelines (see [CONTRIBUTING.md]). I |
273 | recommend using "git send-email", which automatically follows a | |
542cc9bb | 274 | lot of those guidelines. |
84f7a527 BP |
275 | |
276 | ||
277 | Bug Reporting | |
278 | ============= | |
279 | ||
280 | Please report problems to bugs@openvswitch.org. | |
281 | ||
282 | ||
283 | Local Variables: | |
284 | mode: text | |
285 | End: | |
9feb1017 TG |
286 | |
287 | [OPENFLOW-1.1+.md]:OPENFLOW-1.1+.md | |
288 | [CONTRIBUTING.md]:CONTRIBUTING.md | |
289 | [CodingStyle.md]:CodingStyle.md |