Open Stack

Surely eliminating linux bridge for iptables by ovs+tc is quite important
for performance.


On Fri, Feb 13, 2015 at 01:57:46PM +0100,
Ihar Hrachyshka <ihrachys at redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 02/13/2015 01:47 PM, Miguel Ángel Ajo wrote:
> > Sorry, I forgot about
> > 
> > 5)  If we put all our OVS/OF bridge logic in just one bridge
> > (instead of N: br-tun, br-int, br-ex, br-xxx), the performance
> > should be yet higher, since, as far as I understood, flow rule
> > lookup could be more optimized into the kernel megaflows without
> > forwarding and re-starting evaluation due to patch ports. (Please
> > correct me here where I’m wrong, I just have very high level view
> > of this).
> 
> Indeed, that was also mentioned by Jiri in our private talks. That
> said, I'm as unaware of details here as you probably are (or more).

The current ovs instantiates only kernel datapath and optimizes out
patch port in kernel. the patch port logic is handled by ovs-vswitchd
side when building flow rules for kernel datapath.
I don't know which version, so you may be using old versions...

Or are you referring to recirculation?



> >> 2) Using OVS+OF to do QoS
> >> 
> >> other interesting stuff to look at:

What exactly do you mean? marking packet or tc queuing?


thanks,
-- 
Isaku Yamahata <isaku.yamahata at gmail.com>