Open vSwitch 2015 Fall Conference
Transcript of Open vSwitch 2015 Fall Conference
![Page 1: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/1.jpg)
New OVS instrumentation features aimed at real-time monitoring of virtual networks
Open vSwitch 2015 Fall Conference
Peter Phaal InMon Corp. November 2015
![Page 2: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/2.jpg)
![Page 3: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/3.jpg)
sFlow: Embedded Infrastructure Monitoring• Industry standard measurement technology integrated in merchant silicon, white box switches,
and branded switches from over 40 vendors (sFlow.org)
• Supported in Open vSwitch since v0.99.1 (25 Jan 2010)
• Open source Host sFlow agent for hosts and hypervisors (sFlow.net)
• Periodic export of standard counters
• Asynchronous export of random packet samples
Traffic visibility and control with sFlow, Peter Phaal, InMon, OVS 2014 Fall Conference
Comprehensive low latency monitoring required for closed-loop control
![Page 4: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/4.jpg)
New OVS Specific sFlow Counter Metrics• Datapath hits
• Datapath misses
• Datapath lost
• Datapath flows
• OVS CPU user
• OVS CPU system
• OVS memory
Managing Open vSwitch across a large heterogeneous fleet, Chad Norgan, Rackspace, OVS 2014 Fall Conference
sFlow agent sends OVS metrics periodically sent with standard interface counters
![Page 5: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/5.jpg)
sFlow Packet Flow Sampling
Packet Header + Forwarding Information (FIB)
• Packet Flow A Packet Flow is defined as the path or trajectory that a packet takes through a Network Device (i.e. the path that a packet takes as it is received on one interface, is subject to a switching/routing decision and is then sent on another interface.
• Packet Flow Sampling Packet Flow Sampling refers to the random selection of a fraction of the Packet Flows observed at a DataSource.
http://sflow.org/sflow_version_5.txt
![Page 6: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/6.jpg)
Capture Actions with Packet
- return output_userspace(dp, skb, key, a);+ return output_userspace(dp, skb, key, a, actions, actions_len);
Kernel patch (upstreamed)
Fall back to user space rule cache when running on older Kernel
• Future proof - all actions available to user space agent, no longer limited by information that can be encoded in cookie
• Accurate - packet and actions fused together in datapath
Features:
![Page 7: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/7.jpg)
sFlow Tunnel Structures
http://sflow.org/sflow_tunnels.txt
+--------+ +-------+ +-------+ +-------+ +-------+ +--------+ | Host A +---+ S1 +---+ S2 +---+ S3 +---+ S4 +---+ Host B | +--------+ ^ |ingress| ^ |transit| ^ |transit| ^ |egress | ^ +--------+ | +-------+ | +-------+ | +-------+ | +-------+ | (1) (3) | (2) (4) | | | | | | +------------------------------------+ | | | Outer Header | | | | (source S1, destination S4) | | +-------+------------------------------------+--------+ | Inner Header | | (source Host A, destination Host B) | +-----------------------------------------------------+ | Payload | | | +-----------------------------------------------------+
OVS OVS
![Page 8: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/8.jpg)
Tunnel Structures• sFlow Tunnel Structures extension defines metadata to
describe L2, L3, L4 tunnel encap / decap actions and tunnel attributes
• sFlow Version 5 already included MPLS and VLAN stack encapsulations
OVS user space sFlow agent extended to parse captured actions, populate sFlow tunnel structures, and export tunnel structures with sampled packet header
![Page 9: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/9.jpg)
flowSampleType HEADERheaderProtocol 1sampledPacketSize 1070strippedBytes 4headerLen 128headerBytes 00-00-00-CC-02-02-00-00-00-CC-01-02-08-00-45-00-04-1C-15-6F-40-00-40-11-C6-3D-AC-10-01-02- AC-10-02-02-BF-5B-13-89-04-08-5F-CD-00-00-08-48-56-35-49-7A-00-08-5C-89-00-00-00-00-00-00-00-01-00-00- 13-89-00-00-04-00-00-98-96-80-FF-FF-F8-30-36-37-38-39-30-31-32-33-34-35-36-37-38-39-30-31-32-33-34-35- 36-37-38-39-30-31-32-33-34-35-36-37-38-39-30-31-32-33-34-35-36-37-38-39-30-31-32-33-34-35
flowBlock_tag 0:1030extendedType in_VNIin_VNI 2flowBlock_tag 0:1024flowSampleType tunnel_ipv4_in_IPV4tunnel_ipv4_in_sampledPacketSize 0tunnel_ipv4_in_IPSize 0tunnel_ipv4_in_srcIP 192.168.1.1tunnel_ipv4_in_dstIP 192.168.2.1tunnel_ipv4_in_IPProtocol 17tunnel_ipv4_in_IPTOS 0tunnel_ipv4_in_UDPSrcPort 54024tunnel_ipv4_in_UDPDstPort 49431
Packet Header
Decapsulated Input Tunnel
https://github.com/sflow/sflowtool
+
![Page 10: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/10.jpg)
leaf1 leaf2
spine1 spine2
OVS ovn-controller
10.0.0.80 10.0.0.81
10.0.0.82 10.0.0.83
swp1
swp1 swp2
swp2 swp1
swp1 swp2
swp2
Server 1
Docker Container 1 sad_feynman
Docker Container 2 angry_hopper
192.168.1.1/24
192.168.1.254/24swp3 swp3
192.168.2.254/24
OVS ovn-controller
Server 2
Docker Container 1 clever_wilson
Docker Container 2 lonely_albattani
192.168.2.1/24eth1 eth1eth0 eth0
10.0.0.84 10.0.0.85
eth0
eth0
eth0
eth0
Out of band management
switch
ovn-northd
10.0.0.86eth0
00:00:00:CC:01:02 00:00:00:CC:02:02172.16.2.2172.16.1.2
00:00:00:CC:01:01172.16.1.1
00:00:00:CC:02:01172.16.2.1
Logical SwitchesName Portssw0 server1-container2, server2-container2sw1 server1-container1,server2-container2
Logical PortsName MAC
server1-container1 00:00:00:CC:01:01 server2-container2server1-container2 00:00:00:CC:01:02
server2-container1 00:00:00:CC:02:01server2-container2 00:00:00:CC:02:01
host host
sFlow-RTanalytics
MetricsSource Data
physical switches flows, counters, resources
virtual switches flows, counters, resources, tunnel encap/decap
hosts uuid, mac, name, resources
containers/VMs uuid, mac, name, resources
Orchestration Server
Demo: VirtualBox, Cumulux VX, OVN, Docker
OVS part of ecosystem: How is sFlow combined to provide comprehensive visibility?
![Page 11: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/11.jpg)
https://github.com/pphaal/ovs-2015(includes PCAP file to replay data from test network)
Live Demo
![Page 12: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/12.jpg)
![Page 13: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/13.jpg)
• SC15: The International Conference for High Performance Computing, Networking, Storage and Analytics, Austin, Nov 15th - 19th
• “SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference”
• Live sFlow driven “weathermap”
http://inmon.sc15.org/sflow-rt/app/sc15-weather/html/
![Page 14: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/14.jpg)
Visibility for DevOps tools
Network
RE
ST
AP
I
sFlow-RT
Logstash splunk>
•Streaming filtering and summarization reduces data volume and increases scaleability of backend tools
•Streaming flow analytics to generate application metrics
![Page 15: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/15.jpg)
sFlow-RTReal-time Analytics
Feedback Control in Cloud Stacks
“Typically the resource that is most scarce is the network.” Amin Vahdat, ONS2015 Keynote
http://blog.sflow.com/2015/06/optimizing-software-defined-data-center.html
![Page 16: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/16.jpg)
ONS 2015: Leaf and Spine Traffic Engineering Using Segment Routing and SDN
http://blog.sflow.com/2015/06/leaf-and-spine-traffic-engineering.html
Controller activatedSpine
Rack 1
Rack 2
Rack 3
Rack 4
Controller
With visibility into underlay, OVS can push MPLS labels and load balance traffic (Emulated in Mininet before deploying on physical network)
![Page 17: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/17.jpg)
Additional use cases• Bandwidth on demand: Dynamically provision optical circuits
http://blog.sflow.com/2014/09/sdn-control-of-hybrid-packet-optical.html
• Reduce latency: QoS marking of Elephant flows at network edgehttp://blog.sflow.com/2015/01/hybrid-openflow-ecmp-testbed.html
• Increase availability: Detect and filter DDoS flood attackshttp://blog.sflow.com/2014/03/ons2014-sdn-idol-finalist-demonstrations.html
• Increase available bandwidth and reduce latency: Co-locate heavily communicating VMs / containers
• Increase available CPU: Auto scaling service pools
• Increase available bandwidth and reduce latency: Optimize network paths for NFV / service chaining
![Page 18: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/18.jpg)
Final Comments
• Open vSwitch is part of a comprehensive cloud infrastructure ecosystem that embeds standard sFlow instrumentation
• Combining sFlow measurements from physical and virtual infrastructure provides end-to-end visibility into resources needed to deliver virtual network services.
• Measurement based feedback is key to optimizing cloud infrastructure
“If you can not measure it, you can not improve it.” Lord Kelvin
![Page 19: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/19.jpg)
Questions?
![Page 20: Open vSwitch 2015 Fall Conference](https://reader037.fdocuments.us/reader037/viewer/2022100307/58a1ab771a28ab78628bf1d1/html5/thumbnails/20.jpg)
Detailed OVN/OVS Packet Path
Physical Network
Linux Routing
br-ext br-int
OVS
Encap/decap actions applied on port connecting to router
Encapsulated traffic
Virtual Machine / Container