Adding stateful features to OVS

This proposal has been accepted as a session.


One Line Summary

Discuss adding stateful features to OVS by leveraging kernel functions


Open vSwitch is a full-featured, multilayer virtual switch. It’s traditionally been programmed through OpenFlow, which was originally targeted at hardware switches and built around matching packet headers. New demands have necessitated keeping track of state across packets and flows. In this presentation, we look at leveraging some of the kernel’s features to enable stateful services. We will discuss the best approaches to integrate with the kernel and how to expose those services through a traditionally stateless protocol like OpenFlow. In particular, we will look at connection tracking, NAT, load-balancing, and DPI.


networking, security, Open vSwitch, OVS, NAT, firewall


  • Justin Pettit



    Justin Pettit is an engineer at VMware’s Networking & Security BU. Justin joined VMware through the Nicira acquisition and was a founding employee at Nicira Networks. He was one of the original authors of the OpenFlow Standard, working on both the specification and reference implementation. He is one of the lead developers of Open vSwitch and involved in the development of VMware’s other products. Prior to Nicira, Justin worked at three successful startups focused on network security.