OpenFlow-based virtual TAP using open vSwitch and DPDK

Currently, server (host) virtualization technology that brings effective use of server resources to a data center is promising as cloud services are being prevalent with increasing traffic volumes and requirements for higher service quality. Proposed network TAP, named vTAP (Virtual Test Access Port), overcomes the problem that existing hardware TAP devices cannot be utilized for virtual network links to monitor traffic among virtual machines (VMs) at a packet level. vTAP can be implemented by a virtual switch that gives network connectivity to VMs by switching packets over the virtual network links. The port mirroring feature of a virtual switch can be a naive solution to provide packet level monitoring among VMs. However, using the feature in an environment that needs to treat large volume of network traffic with low delay such as NFV (Network Function Virtualization) incurs performance degradation in packet switching capability of the switch and error-prone manual configurations. This paper provides design and implementation approaches to vTAP using Open vSwitch with DPDK (Data Plane Development Kit) and an OpenFlow SDN (Software-Defined Networking) controller to overcome the problems. DPDK can accelerate overall packet processing operations needed in vTAP, and OpenFlow controller can provide a centralized and flexible way to apply and manage TAP policies in an SDN network. This paper also provides performance comparisons of the proposed vTAP and the naive method, port mirroring.