Virtualized Network with OpenvSwitch
Paul SimCloud [email protected]
Index
● OpenvSwitch Overview
● OpenvSwitch Architecture
● Configuration
● OpenvSwitch Demo
● Virtual Network with OpenvSwitch
● OpenStack with OpenvSwitch
● Use-case
OpenvSwitch Overview
❏ A virtual switch or Virtual Ethernet bridge (VEB)
❏ A key component of networking for virtualized
computing
❏ “Open” vSwitch version of Nicira’s proprietary vSwitch
❏ User-space : configuration, control
❏ Kernel-space : datapath (included in main Linux kernel
since version 3.3)
❏ Cisco Nexus 1000V, VMware vDS, IBM DVS 5000V, MS
Hyper-V vSwitch
OpenvSwitch Overview - Features
❏ Visibility into inter-VM communication via NetFlow,
sFlow(R), IPFIX, SPAN, LACP (IEEE 802.1AX-2008)
❏ Standard 802.1Q VLAN model with trunking
❏ STP (IEEE 802.1D-1998), Fine-grained QoS control
❏ NIC bonding with source-MAC load balancing, active
backup, and L4 hashing
❏ OpenFlow protocol support (including many extensions
for virtualization)
❏ Multiple tunneling protocols (VxLAN, Ethernet over
GRE, CAPWAP, IPsec, GRE over IPsec)
http://openvswitch.org/features/
OpenvSwitch Overview - Performance
OpenvSwitch Architecture
ovs-vsctlovsdb-client ovs-dpctl
ovs-vswitchdovs-brcompatd
brcompat.ko
openvswitch.ko
Kernel Datapath(Fast Path)
OVS Management(JSON RPC)
OpenFlow
Remote OpenvSwitch db
OpenFlow Controller
ovs-ofctl
user
sp
ace
Ker
nel s
pac
e
ovsdb-server
VM
vNICtap
Netlink
ovs-appctl
OpenvSwitch Architecture
VM
vNIC
tap1
eth0 eth1 eth2
VM
vNIC
tap2
br-ovs
vnet0 vnet1
bond0 eth2
Port
Interface
BridgePacket flows
Flow table
OpenvSwitch Architecture
❏ ovs-vswitchd : a daemon that implements the switch, along with a
companion Linux kernel module for flow-based switching.
❏ ovsdb-server : a lightweight database server that ovs-vswitchd queries to
obtain its configuration.
❏ ovs-vsctl : a utility for querying and updating the configuration of ovs-
vswitchd.
❏ ovs-dpctl : a tool for configuring and monitoring the switch kernel
module.
❏ ovs-appctl : a utility that sends commands to running Open vSwitch
daemons (ovs-vswitchd).
❏ ovs-controller : a simple OpenFlow controller reference implementation.
❏ brocompat.ko : Linux bridge compatibility module
❏ openvswitch.ko : Open vSwitch switching datapath
Configuration
Table Purpose
Open_vSwitch Open vSwitch configuration
Bridge Bridge configuration
Port Port configuration
Interface One physical network device in a Port
QoS Quality of Service configuration
Queue QoS output queue
Mirror Port mirroring
Controller OpenFlow controller configuration
Manager OVSDB management connection
NetFlow NetFlow configuration
SSL SSL configuration
sFlow sFlow configuration
Capability Capability configuration $man ovs-vswitchd.conf.db
Configuration sample(1)
~$ sudo ovs-vsctl show225d73cc-15b3-4db5-9b45-e783f7c49a10 Bridge br-tun Port "gre-3" Interface "gre-3" type: gre options: {in_key=flow, out_key=flow, remote_ip="192.168.0.10"} Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun}
Bridge br-int Port "tap1" tag: 1 Interface "tap1" Port "tap2" tag: 1 Interface "tap2" Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int}
Configuration sample(2)
VM
vNIC
tap1
br-int
eth0External IP
eth1192.168.0.20
eth2192.168.10.20
VM
vNIC
tap2
patch-tun patch-int br-tun
gre3
GRE tunnel192.168.0.10
Linux Networking Stack
OpenvSwitch Demo - Environment
VM
vNIC
tap1
OpenvSwitch Bridge
eth1
VM
vNIC
tap2
gre-1
eth0
GRE tunnel
VM
vNIC
tap1
OpenvSwitch Bridge
eth1
VM
vNIC
tap2
gre-1
eth0
Tunneling network 192.168.0.0/24
External network
Switch
Switch
Virtual Network with OpenvSwitch - OpenStack
Controller node
Keystone
Network node Compute node - 1 Compute node - 2
Nova
Glance Horizon
Neutron - Server
Neutron L3-agent
Neutron agent
NeutronOpenvSwitch Plug-in
Nova compute
Neutron agent
NeutronOpenvSwitch Plug-in
Nova compute
eth1 eth2
eth0
eth1 eth2
eth0
eth1 eth2
eth0
eth1 eth2
eth0
Management 192.168.0.0/24
Data 192.168.10.0/24
External network
Virtual Network with OpenvSwitch - OpenStack
Neutron OpenvSwitch plug-in GRE tunneling
Network node Compute node - 1
eth0
qg~~~
br-ext br-int
tap~~~
gre-2
gre-1
gre-2
gre-1
VM VM
eth0
qr~~~
br-tun tap1 tap2
br-int
br-
tun
Tunnel <-> compute node - 2
Tunnel
❏ qg~~~ : external gateway interface❏ qr~~~ : virtual router interface❏ tap~~~ : network service interface (DHCP, DNS and …)
Use-case - VMware NSX
Hypervisor
VM VM VM
Hypervisor
VM VM VM
NIC NIC
vNICvNICvNIC vNICvNICvNIC
OpenvSwitch
Switch
NSX Controller Cluster
OpenFlow
❏ Overlay networking❏ GRE & STT
❏ Centralized Controller❏ MAC-over-GRE
❏ ARP Proxy : No MAC flooding❏ Security : OpenvSwitch
Use-case - MidoNet
Hypervisor
VM VMMidoNet
Agent
Hypervisor
VM VM
NIC NIC
vNICvNIC vNICvNIC
OpenvSwitch
Switch
Distributed Database
❏ Overlay networking : GRE❏ L2 ~ L4 (stateful) virtual networking ❏ Virtual Router : for each tenant, provider❏ Forwarding decision in local❏ No OpenFlow❏ Distributed Database
❏ Cassandra : L4 session ❏ Zookeeper : MAC, F/W rules and ...
❏ Latency?
MidoNet Agent
MidoNet Controller
Use-case - Pica8
❏ Two running modes : OpenvSwitch mode and L2/L3 mode❏ Pics OVS : The implementation of OpenvSwitch on Pica8 hardware switch❏ MPLS, GRE❏ Standard 802.1Q VLAN model with trunking❏ link monitoring❏ NetFlow, sFlow
Use-case - Intel DPDK vSwitch
❏ High performance and ultra-low latency packet switching of OpenvSwitch using Intel DPDK(Data Plane Development Kit) acceleration technology.
❏ DPDK vSwitch suggests modified Qemu and OpenvSwitch.❏ 6WIND clams 6WINDGate shows 10x faster performance than standard OpenvSwitch.
❏ http://www.6wind.com/wp-content/uploads/PDF/prod/6WIND-Virtual-Switch-Product-Brief.pdf
Top Related