Whereas previous work on the intersections of BPF and Open vSwitch focused on porting the Open vSwitch datapath to BPF, we explore the use of BPF to extend Open vSwitch with new actions, at runtime. Such extensions allow operators to customize Open vSwitch with actions that are unlikely to be eligible for upstream (e.g., tied to the operator's constraints). They also facilitate debugging (e.g., by mirroring specific packets), monitoring (via the aggregation of statistics on the switch), and experimentation of new actions and protocols.
In this presentation, after providing motivation for this work, we will discuss the integration of BPF extensions with Open vSwitch, with a focus on the impact on caching mechanisms. We will present two approaches from the academic literature, namely SoftFlow and our Oko work, as well as our more recent approach to better leverage the BPF verifier. We will illustrate each approach with evaluations and specific examples. By sharing our ideas and progress, we seek feedback from the community for future directions.
The first approach we will discuss, SoftFlow, integrates extensions as OpenFlow actions in Open vSwitch. Packet re-classifications may however be needed after each SoftFlow action that modifies packet headers. SoftFlow allows developers to set a boolean metadata value to avoid unnecessary classifications. Our first Oko prototype implements a more radical approach: by making extensions filters (OpenFlow match fields) with read-only access to packets, we remove the need for re-classifications, but severely limit use cases. In our first prototype, however, we failed to recognize the potential of the BPF verifier. Because the verifier already tracks packet writes, it can tell us whether a re-classification is needed. With this last approach, we integrate extensions as actions with read-write access to packets and transparently avoid most unnecessary classifications.
