A few known issues with Open Virtual Switch
OVS is engineered to offer many more features compared to native Linux bridges, but these come with a small performance penalty.
Since for every new connection, OVS needs flow (which is handled by user space), this can result in heavy CPU utilisation during heavy network traffic. While the kernel waits for the flow from user space, there may be new connections with no existing flows, which will also be queued in user space. If the user space buffer is full, it will drop new packets.
This can be seen by the following code: …where, Hit refers to packets matched with existing kernel flows; Missed refers to there being no existing flows—so the packet is sent to user space for flow generation; Lost occurs when there is not enough of a free buffer in user space and, hence, the packet gets dropped. OVS 1.11 addresses this issue by introducing kernel wildcarding or mega flows. With this, only a single flow is required for multiple TCP/UDP ports and protocols, which is good enough to handle multiple connections, matching source and destination.
Even though this minimises the context switch and improves performance, it doesn’t completely solve high CPU usage—to address this issue, OVS 2.0 comes with multithreaded user space and many other improvements.