Two neutron agents, openvswitch and ofagent, implement mostly same functionalities in different ways.
- What's same?
- Basic architecture
- the agent runs on each compute/network node.
- it controls an OpenFlow switich on the node.
- Basic architecture
- What's different?
- The following is a summary of the differences.
- note: this list is intended to show differences wrt designs and development directions. some of items (noted as "planned") have not been implemented in neutron master yet.
|Advantages||Possibly can achieve better performance using Open vSwitch(OVS) specific advanced features like Nicira Extensions (NX) and patch ports.||More portable to switches other than OVS. Easier to handle asynchronous messages because it's a full featured OpenFlow controller.|
|OpenFlow version||OpenFlow 1.0 + NX||OpenFlow 1.3 without vendor extensions|
|How to compose flows?||ovs-ofctl command line arguments (plain texts)||Use Ryu ofproto library (python objects)|
|How to install flows into a switch?||Invoke ovs-ofctl command||An OpenFlow controller embedded in the agent sends OpenFlow messages to the switch|
|Supported switches||OVS only||OpenFlow 1.3 switches including OVS (planned)|
|Neutron plugin||openvswitch plugin (planned to be deprecated) or ML2 plugin||ML2 plugin|
|Port monitoring||ovsdb monitoring via ovs-vsctl command||OpenFlow port statistics. Accept async messages to monitor changes (planned)|
|Management Protocol (eg. tunnel port creation)||ovsdb via ovs-vsctl command||use standard protocols like OF-Config where appropriate. otherwise, sub-driver (planned)|
|Device ID||Neutron port ID (UUID) stored in ovsdb||Port name as linuxbridge|
|"internal" VLAN||802.1q tagged VLAN||OpenFlow metadata|
|Local ARP responder||Install NX flows for each FDB entries. Currently tunnel network types only.||The embedded OpenFlow controller handles packet-ins and sends back ARP responses. Implemented for all network types.|
|Multiple bridges||Considering bridges per functionalities.||Uses a single bridge in favor of portability.|
|Security Groups / Firewall driver||use NX. namely tcp_flags NXM, learn action, or future conntrack support (planned)||probably implement only a subset of rules using plain OpenFlow|
|Tagged VLANs in tenent network||Not supported||Supported|
|XenAPI (Agent in a separate domain)||Supported using a special rootwrap||Not supported|