[ovs-discuss] Questions about performance

Kristoffer Egefelt kristoffer at itoc.dk
Wed May 15 03:09:23 PDT 2013


I have a setup with linux kernel 3.2, xen 4.1.2 and openvswitch 1.7.3 - on 10G infrastructure.

The NAT firewall is connected to openvswitch which causes connection delays and dropped packets under high load.

With packet counts > 150.000/s delay rises and cpu load > 90%.
Packet counts > 400.000/s and there is packet loss.
Flowcount between 4-15K, but this does not seem to be a problem after setting flow-eviction-threshold="20000"

The delay is measured by ab, where the connection time and standard deviation is much higher when the load goes up - but only when openvswitch is used on the NAT firewall.

I'm reading about much higher packet counts (1.2Mil) and almost line rate 10G transfers using MTU 1500.

Am I doing something wrong?

Openvswitch is running a very basic configuration, no controller, no pre-defined flows.

Should I simply not use openvswitch for loads > 200.000p/s or is there maybe something wrong with my setup?
It seems that the CPU is the bottleneck, would it help to pre-define flows?

Hope someone can help, as I'd really like to run everything on OVS.




