Full software-defined switching with OVS at the core
Tophan replaces your physical top-of-rack switches with software-defined virtual switches built on Open vSwitch. Every hypervisor node runs a local OVS instance managed centrally through Dragon’s Eye, giving you the same port-group and VLAN capabilities as enterprise hardware — without the enterprise hardware.
Each VM NIC connects to a virtual port on the local OVS bridge. Port groups define network membership, VLAN tags, and security policy. When you create a VM, you assign it to a port group — the switch configuration follows automatically. No manual trunk configuration, no patching cables, no waiting for the network team.
Microsegmentation goes further than traditional VLANs. You can isolate individual VMs from each other even within the same subnet, applying per-port ACLs that travel with the VM during live migration. Traffic mirroring lets you tap any port or port group for inspection without inserting physical taps.
The entire switch fabric is defined in code and versioned. Rolling back a network change is the same as rolling back any other configuration — one click in Dragon’s Eye.
| Feature | Description |
|---|---|
| Port Groups | Logical groupings with shared VLAN, QoS, and security policy |
| VLAN Trunking | 802.1Q tagging, native VLAN assignment, trunk/access modes |
| Traffic Mirroring | Mirror any port or group to a capture VM for analysis |
| Microsegmentation | Per-VM ACLs enforced at the virtual port level |
| Distributed Switching | Consistent config across all nodes, auto-sync on join |
| Live Migration Aware | Port policy follows the VM to the destination host |
| Flow Tables | Programmable OpenFlow rules for advanced traffic engineering |
| Spanning Tree | Loop prevention across multi-bridge topologies |