Ovs

Features

Software-Defined Networking Services - Provides a software-defined networking platform to programmatically define and update network forwarding rules.

OpenFlow Virtual Switches - Implements a software-defined network switch using the OpenFlow protocol to decouple control and data planes.

Layer 2 Tunnels - Encapsulates Ethernet frames to extend virtual layer 2 networks across physical layer 3 boundaries.

OpenFlow Control Protocols - Implements the OpenFlow protocol to decouple the control plane from the data plane for programmable network forwarding.

Network Traffic Routing - Directs data across virtual networks using a protocol supporting multiple tables and tag matching.

Overlay Networks - Connects virtual machines across physical hosts using encapsulated tunnels to create a unified logical overlay network.

Forwarding Controllers - Exposes network forwarding functions to programmatic control via standardized management interfaces.

Packet Processing Frameworks - Provides a programmable framework for routing packets through a sequence of tables and actions for complex header manipulation.

Pipeline-Based Packet Routing - Directs packets to specific ports, controllers, or queues using a pipeline of processing actions.

SDN Data Planes - Provides a high-performance packet processing engine with hardware offloading and kernel-bypass capabilities.

Traffic Tunnels - Encapsulates network data streams within transport protocols to extend virtual networks across physical servers.

Tunneling Gateways - Functions as a network tunneling gateway to extend virtual networks across physical hosts via VXLAN and GRE.

Virtual Layer 2 Switches - Functions as a virtualized switching platform managing VLANs and packet forwarding for virtual machines and containers.

Virtual Local Area Networks - Implements virtual local area networks to isolate traffic and prevent interference between virtual machines.

Datapath Splits - Separates the high-level control plane in userspace from the fast-path packet forwarding performed in the kernel.

Virtual Network Management - Manages virtual network interfaces, bonds physical links, and implements VLAN segmentation for virtualized environments.

Switch Configuration Management - Provides a command-line interface for controlling switch processes, loading kernel modules, and managing system settings.

Schema-Based Data Models - Uses a schema-based system within its transactional database to manage switch settings and enforce structural integrity.

Database Replication - Synchronizes configuration data across multiple servers to ensure high availability of the switch state.

Configuration Transaction Engines - Utilizes a transactional, schema-based configuration database to ensure consistency across switch clusters.

Poll-Mode Drivers - Uses poll-mode drivers to bypass the kernel network stack, achieving higher throughput and lower latency.

Transactional Configuration Storage - Implements a transactional database for persistent storage of switch settings, accessible via C and Python bindings.

Hardware Switching Offload - Provides interfaces to extend software-defined networking capabilities to physical hardware-level switching.

Network Diagnostics - Traces packet paths and samples flows to analyze behavior and debug connectivity issues in virtual networks.

Network Traffic Management - Manages bandwidth and prioritizes specific data flows using quality of service policies and rate limiting.

Network Interface Bonding - Implements standard bonding protocols to combine multiple physical interfaces into a single logical link.

Network Task Offloads - Offloads checksum calculations and segment processing from the CPU to network hardware.

Hardware-Accelerated Packet Forwarding - Offloads packet matching and forwarding rules to physical NIC hardware for line-rate performance.

Packet Manipulation Toolkits - Modifies, strips, or adds network layer fields to packets during the switching process.

Connection State Management - Tracks the state and history of network connections to manage packet flow based on session state.

Traffic Rate Limiters - Enforces bandwidth policies to cap the maximum data rate for specific network ports or flows.

Virtual Machine Connectivity - Establishes secure private tunnels to connect remote virtual machines across different physical hosts.

Access Control Lists - Implements access control lists to filter network traffic based on specific permit or deny criteria.

Traffic Isolation - Implements network-level traffic isolation to segregate virtual machine communication and ensure tenant privacy.

Encrypted Tunneling - Secures data transmission between switches using encryption protocols to ensure authenticity and privacy.

Firewalls - Implements firewalling actions and connection tracking to secure network data flows.

Secure Tunneling - Encrypts tunnel data using IPsec to ensure privacy and integrity for traffic between switches.

Traffic Shaping and Prioritization - Configures quality of service policies and policing to manage bandwidth and prioritize critical traffic.

Network Traffic Analysis - Analyzes packet flow using sampling and tracing tools to diagnose network behavior.

sFlow Monitoring - Supports network packet sampling and flow data export via sFlow for real-time traffic analysis.

Packet Path Tracing - Tracks individual packet movements through the switch to diagnose forwarding logic and connectivity issues.

Open vSwitch is a software-defined network switch and high-performance data plane engine. It functions as a virtual layer 2 switch and network orchestrator, implementing the OpenFlow protocol to decouple the control plane from the data plane for programmable network forwarding.

The project distinguishes itself through a userspace-kernel datapath split and the use of poll-mode drivers for kernel-bypass acceleration. It provides a network tunneling gateway to extend virtual networks across physical hosts and utilizes a transactional, schema-based configuration database with state replication for high availability.

Its capability surface includes comprehensive network forwarding with support for link aggregation, VLAN segmentation, and packet header manipulation. It incorporates security primitives such as firewall rule implementation, connection state tracking, and IPsec tunnel encryption. Additionally, it offers traffic engineering tools for quality of service enforcement and observability features including sFlow monitoring and packet path tracing.

The system is managed via a command-line interface for switch configuration and network topology simulation.

Features