MPLS Enlightened Open vSwitch -...
Transcript of MPLS Enlightened Open vSwitch -...
![Page 1: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/1.jpg)
MPLS Enlightened Open vSwitchNetfilter Workshop, Montpellier
Simon Horman <[email protected]>
Horms Solutions Ltd.
July 2014
1 / 12
![Page 2: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/2.jpg)
Open vSwitch
Multi-Layer Software Switch
Datapath provides fast-path for known flows
Two implementations: Userspace and Linux Kernel
ovs-vswitchd is the brains of the operation
In userspaceFlow setup using wild-carded Open Flow flowsMay connect to Open Flow controller
2 / 12
![Page 3: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/3.jpg)
Open vSwitch
Multi-Layer Software Switch
Datapath provides fast-path for known flows
Two implementations: Userspace and Linux Kernel
ovs-vswitchd is the brains of the operation
In userspaceFlow setup using wild-carded Open Flow flowsMay connect to Open Flow controller
2 / 12
![Page 4: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/4.jpg)
Open vSwitch
Multi-Layer Software Switch
Datapath provides fast-path for known flows
Two implementations: Userspace and Linux Kernel
ovs-vswitchd is the brains of the operation
In userspaceFlow setup using wild-carded Open Flow flowsMay connect to Open Flow controller
2 / 12
![Page 5: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/5.jpg)
OpenFlow
Protocol for control of switches
Switch connects to controller
Switch may send missed-packets to controller
Controller may add flows to switch
3 / 12
![Page 6: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/6.jpg)
Multi Protocol Label Switching
A packet may include a label stack which is composed of one or morelabel stack entries (LSEs)
Inserted just before L3 header
4 / 12
![Page 7: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/7.jpg)
Anatomy of an MPLS LSE
An MPLS LSE contains:
LabelTraffic Class (TC)Bottom of Stack (BoS) bitTTL
Label TC TTLoSB
5 / 12
![Page 8: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/8.jpg)
OpenFlow and MPLS: Basic Support
match: MPLS Label, TC and BoS bit
set field: MPLS Label and TC
Set MPLS TTL
Dec MPLS TTL
MPLS push
MPLS pop
6 / 12
![Page 9: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/9.jpg)
OpenFlow and MPLS: Basic Support
match: MPLS Label, TC and BoS bit
set field: MPLS Label and TC
Set MPLS TTL
Dec MPLS TTL
MPLS push
MPLS pop
6 / 12
![Page 10: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/10.jpg)
OpenFlow and MPLS: Basic Support
match: MPLS Label, TC and BoS bit
set field: MPLS Label and TC
Set MPLS TTL
Dec MPLS TTL
MPLS push
MPLS pop
6 / 12
![Page 11: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/11.jpg)
OpenFlow and MPLS: Basic Support
match: MPLS Label, TC and BoS bit
set field: MPLS Label and TC
Set MPLS TTL
Dec MPLS TTL
MPLS push
MPLS pop
6 / 12
![Page 12: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/12.jpg)
MPLS Push and Pop
Payload
DstAddr
SrcAddr
EtherType
Payload
DstAddr
SrcAddr
LSE
802.1MPLS
EtherType
Payload
DstAddr
SrcAddr
LSE
MPLS
EtherType
LSE
stack depth 1
stack depth 2
MPLS Pop MPLS Push
7 / 12
![Page 13: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/13.jpg)
Status of Basic Support
Status:
ovs-vswtichd: Merged
user-space datapath: Merged
Linux kernel datapath: Merged very recently (patchset v2.62)
Linux network core: GSO MPLS: Merged (v3.10, v3.16-rc1)
8 / 12
![Page 14: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/14.jpg)
Complications Part I: Background
L3+ actions applied to MPLS packets.e.g.: mpls pop(0x0800),dec ttl
MPLS LSE does not include EtherType
Label TC TTLoSB
Rather, it is supplied by the MPLS pop action
So decoding of the inner-packet can’t occur untilan MPLS action is applied
9 / 12
![Page 15: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/15.jpg)
Complications Part I: Background
L3+ actions applied to MPLS packets.e.g.: mpls pop(0x0800),dec ttl
MPLS LSE does not include EtherType
Label TC TTLoSB
Rather, it is supplied by the MPLS pop action
So decoding of the inner-packet can’t occur untilan MPLS action is applied
9 / 12
![Page 16: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/16.jpg)
Complications Part I: Background
L3+ actions applied to MPLS packets.e.g.: mpls pop(0x0800),dec ttl
MPLS LSE does not include EtherType
Label TC TTLoSB
Rather, it is supplied by the MPLS pop action
So decoding of the inner-packet can’t occur untilan MPLS action is applied
9 / 12
![Page 17: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/17.jpg)
Complications Part I: Background
L3+ actions applied to MPLS packets.e.g.: mpls pop(0x0800),dec ttl
MPLS LSE does not include EtherType
Label TC TTLoSB
Rather, it is supplied by the MPLS pop action
So decoding of the inner-packet can’t occur untilan MPLS action is applied
9 / 12
![Page 18: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/18.jpg)
Complications Part II: Circular Dependency
The actions for a packet actions aren’t known untila flow is looked-up
But the L3 portion of the match can’t be filled in untilan MPLS pop action is applied
10 / 12
![Page 19: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/19.jpg)
Complications Part II: Circular Dependency
The actions for a packet actions aren’t known untila flow is looked-up
But the L3 portion of the match can’t be filled in untilan MPLS pop action is applied
10 / 12
![Page 20: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/20.jpg)
Solution: Recirculation
Allow a packet to be re-injected after actions are applied
Status: Merged last month (2nd rewrite)
11 / 12
![Page 21: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/21.jpg)
Solution: Recirculation
Allow a packet to be re-injected after actions are appliede.g.:
1 Lookup flow2 Apply actions, modifying packet3 Lookup flow for modified packet4 Apply actions
Status: Merged last month (2nd rewrite)
11 / 12
![Page 22: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/22.jpg)
Solution: Recirculation
Allow a packet to be re-injected after actions are appliede.g.:
1 Lookup flow2 Apply actions, modifying packet3 Lookup flow for modified packet4 Apply actions
Status: Merged last month (2nd rewrite)
11 / 12
![Page 23: MPLS Enlightened Open vSwitch - iptablesworkshop.netfilter.org/2014/wiki/images/c/c9/OVS-MPLS.pdf · Open vSwitch Multi-Layer Software Switch Datapath provides fast-path for known](https://reader031.fdocuments.us/reader031/viewer/2022022610/5b94e35009d3f2d7438b739b/html5/thumbnails/23.jpg)
Questions
12 / 12