Improving Open vSwitch & Network Stack Integration

This proposal has been accepted as a session.


One Line Summary

How can we best combine the benefits of Open vSwitch and other kernel components like Netfilter in a single system?


Open vSwitch’s flow table model enables a significant degree of
fine-grained programmability as opposed to the coarser configurability
of more traditional functional blocks. However, as a mostly stateless
flow processor, it can be difficult to support features which require
per-packet state or deep inspection. In these cases, the functionality
provided by Netfilter and related subsystems is a better fit.

Since these two halves cover different use cases, they are
complementary rather than overlapping. However, they also need to be
better integrated to realize the full benefits of each. Frequently,
this comes down to issues of scoping and the exchange of metadata
between different components, which is a good starting point for


  • Jesse Gross



    Jesse Gross is a lead developer on the Open vSwitch project, responsible for the fast path and is maintainer of the kernel components available as part of Linux 3.3. He is also the author of stateless transport tunneling (STT), a tunneling mechanism for high performance network virtualization with software, currently under discussion in the IETF. Jesse works at VMware (formerly Nicira), an early contributor to many of the technologies related to software defined networking.


Leave a private comment to organizers about this proposal