Open vSwitch
Generated by GPT-5-miniExpansion Funnel Raw 111 → Dedup 23 → NER 20 → Enqueued 18
| Open vSwitch | |
|---|---|
 | |
| Name | Open vSwitch |
| Title | Open vSwitch |
| Developer | Nicira Networks; VMware; Linux Foundation |
| Released | 2009 |
| Latest release version | 2.17 (example) |
| Programming language | C; Python |
| Operating system | Linux kernel; FreeBSD; Microsoft Windows |
| License | Apache License |
Open vSwitch is an open-source, multilayer virtual switch designed for network automation, virtualization, and software-defined networking. It originated from efforts by Nicira Networks and later became associated with VMware and the Linux Foundation, and it integrates with platforms such as KVM, Xen, QEMU, and OpenStack. The project targets modern data center, cloud, and carrier environments and interoperates with control planes like OpenFlow, Neutron, OVN, and Contrail.
Overview
Open vSwitch provides a programmable virtual switch for use within hypervisors and container hosts, intended to replace simple bridge implementations with a feature-rich, extensible datapath. It supports standards and protocols used across projects such as OpenFlow, NETCONF, gRPC, and integrates with orchestration systems like Kubernetes, Mesos, and CloudStack. The design emphasizes compatibility with Linux kernel networking primitives, userspace agents, and protocols adopted by vendors including Cisco Systems, Juniper Networks, Arista Networks, and Broadcom. Major industry users include Amazon Web Services, Google Cloud Platform, Microsoft Azure, and IBM Cloud adopters building custom virtual networking stacks.
Architecture
The architecture separates control and datapath: a userspace daemon implements control plane logic and a kernel or userspace datapath handles packet forwarding. Core components include the ovs-vswitchd daemon, the kernel module datapath, and the management utility ovs-vsctl; these interact with messaging and databases inspired by SQLite and etcd patterns. Control protocols and southbound APIs such as OpenFlow and OVN Southbound Database allow integration with controllers like OpenDaylight, ONOS, Ryu, and Floodlight. The datapath leverages DPDK for high-performance userspace forwarding and can offload flows to SmartNIC hardware and SR-IOV capable devices. Integration with virtualization stacks is common: libvirt interfaces to QEMU, APIs for Hyper-V, and bindings for Docker and CRI-O.
Features and Capabilities
Open vSwitch implements advanced features: flow-based switching via OpenFlow rules, tunneling protocols like VXLAN, GRE, STT, and Geneve, and overlay management through OVN. It supports Quality of Service and policing with DiffServ markings, traffic shaping through tc, and mirroring for observability with tools like tcpdump and Wireshark. Monitoring and telemetry integrate with sFlow, NetFlow, and IPFIX, and tracing works with eBPF and perf. Security features include access control lists, integration with Open vSwitch Database (OVSDB), and interoperability with SELinux and AppArmor policies.
Deployment and Use Cases
Common deployments include virtualized data centers for OpenStack clouds, container networking for Kubernetes clusters, NFV platforms operated by AT&T and Verizon, and research networks at institutions like University of California, Berkeley and Stanford University. Use cases span multi-tenant isolation for providers such as Rackspace, service chaining for Cisco offerings, load balancing with HAProxy, distributed firewalling with Palo Alto Networks, and telemetry pipelines feeding Prometheus and Grafana. Integration scenarios include service meshes like Istio, SD-WAN appliances from Silver Peak, and hardware acceleration using Mellanox Technologies SmartNICs and Intel DPDK-enabled NICs.
Performance and Scalability
Performance is addressed via kernel datapath optimization, userspace DPDK acceleration, and offloads to programmable ASICs and SmartNICs from vendors such as NVIDIA, Broadcom, and Intel. Scalability patterns include hierarchical flow caching, connection tracking inspired by netfilter, and distributed control via controllers like ONOS and OpenDaylight. Benchmarks often compare throughput against Linux bridge and vendor virtual switches from Cisco Nexus, VMware NSX, and Arista EOS; optimizations include NUMA-aware placement, hugepages, and CPU pinning used by cloud providers such as DigitalOcean and Linode. High availability is achieved with clustering integrated into orchestration layers like Pacemaker and database replication similar to PostgreSQL streaming.
Development and Community
The project has contributors from companies including VMware, Red Hat, Intel, Mellanox Technologies, Cumulus Networks, and Facebook. The governance model follows open-source practices adopted by the Linux Foundation and uses mailing lists, Gerrit code review, and continuous integration systems like Jenkins and Travis CI. Documentation and RFC-style design proposals are discussed in venues alongside standards bodies such as the IETF and the Open Networking Foundation. Academic research from MIT, Princeton University, and Carnegie Mellon University has influenced features; commercial forks and integrations appear in products from Canonical and SUSE.
Security and Management
Management interfaces include OVSDB schema tooling, command-line utilities, and RESTful control through controllers like OpenDaylight; authentication and authorization integrate with LDAP, Kerberos, and OAuth providers. Security hardening draws on practices used by Red Hat Enterprise Linux and Ubuntu distributions, and vulnerability handling follows processes aligned with CVE reporting and coordinated disclosure with vendors such as Microsoft and Cisco Systems. Operational tooling commonly includes logging to ELK Stack components, metrics exported to Prometheus, and policy enforcement using OPA. Ongoing audits and fuzzing efforts are performed in collaboration with organizations like CERT and research groups at ETH Zurich.
Category:Networking software