OK, so you're asking how many packets does OVS buffer on an OpenFlow
connection? That was not clear from the question. It is documented in
ovs-vswitchd(8):
Packet buffering.
The OpenFlow specification, version 1.2, says:
Switches that implement buffering are expected to expose,
through documentation, both the amount of available buffering,
and the length of time before buffers may be reused.
Open vSwitch maintains a separate set of 256 packet buffers for each
OpenFlow connection. Any given packet buffer is preserved until it is
referenced by an OFPT_FLOW_MOD or OFPT_PACKET_OUT request or for 5 sec‐
onds, whichever comes first.
Also, PKTBUF_CNT isn't 512, it's 256.
On Fri, Apr 15, 2016 at 05:42:02AM +0000, Ali Volkan Atli wrote:
> Hi Ben
>
> No doubt you are a legend but you are wrong in this question or I'm
> totally screwed :)
>
> I think you did not understand the question correctly. OvS has a
> buffer mechanism for each controller. While trying to add a flow_mod
> with max_length is not OFPCML_NO_BUFFER, the packets are stored in the
> buffer. If the maximum capacity is exceeded, OvS start sending the
> whole packets instead of related parts in the packet-in
> messages. Finally, its size (PKTBUF_CNT) is 512.
>
> @Majid, just set max-lenght (different than 0xFFFF) and then drop the
> packet-in messages in the controller and then you'll see the whole packets
> after 512th packet-in.
>
> - Volkan
>
> ________________________________________
> From: discuss [discuss-boun...@openvswitch.org] on behalf of Ben Pfaff
> [b...@ovn.org]
> Sent: Thursday, April 14, 2016 6:56 PM
> To: Majid Taleqani
> Cc: discuss@openvswitch.org
> Subject: Re: [ovs-discuss] open vSwitch port input buffer capacity
>
> On Thu, Apr 14, 2016 at 01:52:31PM +0000, Majid Taleqani wrote:
> > i am writing a DDOS mitigation for openflow networks using pox
> > controller and open vSwitch version 1.9. as DDOS attacks aim at
> > Flooding flow tables and input buffers, i wonder what is the maximum
> > capacity of each switch port input buffer.
>
> OVS ports themselves don't have buffers, so this is a question of your
> NIC driver's buffering strategy.
>
> > i know after the switch input buffer overflows then the switch sends
> > the whole packet to the controller
>
> No, that's wrong. Buffer overflow has nothing to do with sending
> packets to the controller.
>
> > and then the controller responses by sending packet out message which
> > contains the whole packet and also the action. i want to know how
> > much data and at what rate should a host send data to overflow a
> > switch port input buffer and if is it possible to change the switch
> > port input buffers? is it possible to change the amount of time that a
> > packet stays in buffer before timeouts? thanks
> _______________________________________________
> discuss mailing list
> discuss@openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
