Rationale

OpenShift's default CNI plugin OVN-Kubernetes uses OVS' kernel datapaths which pose challenges to achieving network wirespeed in container and VM workloads. DPDK and OVS' userspace datapaths promise to mitigate these problems:

Bypassing the kernel avoids the overhead associated with kernel-space operations. DPDK's Poll Mode Drivers (PMDs) actively poll for packets instead of relying on interrupts, achieving lower latency and higher packet processing rates. Hugepages reduce the overhead of page table management and improve memory access efficiency, increasing the memory throughput and reducing TLB misses. Optimized memory management techniques tailored for high-performance packet processing, like memory pools and cache-aligned data structures, minimize cache misses. Batch instead of per-packet processing can improve the efficiency of packet handling, especially in high-throughput scenarios.

This could provide deterministic scheduling of the datapath, simpler system dimensioning and increased performance which would give Red Hat a competitive advantage over VMware etc and will benefit our Telco customers.

Scope

Evaluate OpenShift and OVN-Kubernetes with OVS' userspace datapath. OpenShift's (primary) network stack shall operate completely in userspace:

• OVS bridges br-ex and br-int are of type netdev (userspace) rather than system (kernel),
• DPDK drivers (rather than kernel drivers) are used when attaching physical NICs to OVS bridges,
• VDUSE devices (rather than VETH devices) are used to provide network connectivity aka eth0 in containers, and
• vhost-vdpa devices (rather than tap devices) are used to provide network connectivity to KubeVirt virtual machines.

Identify missing functionality and other shortcomings in OVS, DPDK, VDUSE and KubeVirt. The primary objective is to assess the feasibility, benefits, and costs of userspace networking in OpenShift as soon as possible. Submitting patches for upstream projects and reporting unrelated bugs are considered incidental.

Key results

• An OpenShift release image which allows to install a OpenShift cluster with OVS' userspace datapaths for the primary cluster network.
• A successful deployment of an OpenShift cluster which uses OVS' userspace datapaths for its primary network.
• Preliminary test results for OpenShift's conformance test suite run against a OpenShift cluster with OVS' userspace datapaths.
• Preliminary benchmark results for pod-to-pod-on-different-nodes scenario and vm-to-vm-on-different-nodes scenario on bare-metal.