Post on 08-Aug-2015
transcript
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen(Danny) LiuDate : 2014/01/08
Te-Yen(Danny) LiuDate : 2014/01/08
Page 2
AgendaAgendaWhat is Virtual Switch?Virtual Network Topology using OVSWhat is Open vSwitch and Features?The Main ComponentsUsing OVS to build Network TopologyAdvanced ExamplesDemo
What is Virtual Switch?Virtual Network Topology using OVSWhat is Open vSwitch and Features?The Main ComponentsUsing OVS to build Network TopologyAdvanced ExamplesDemo
Page 3
What is Virtual Switch?What is Virtual Switch? In virtual network, virtual switch acts like an advanced edge switch for
VMs.
In virtual network, virtual switch acts like an advanced edge switch for VMs.
Physical Switch
Hypervisor
Virtual Switch
VM VM VMVirtual
Network(L2)vNIC
VIF
NIC as vSwitch’s uplink port
Data Flow
Page 4
Virtual Network Topology (1/2)Virtual Network Topology (1/2)An example of Virtual Network Topology in OpenStackAn example of Virtual Network Topology in OpenStack
Page 5
Virtual Network Topology (2/2)Virtual Network Topology (2/2) Another example of Virtual Network Topology in OpenStack They use Open vSwitch as the solution to deal with the complication in virtual
newtork and multi-tenancy
Another example of Virtual Network Topology in OpenStack They use Open vSwitch as the solution to deal with the complication in virtual
newtork and multi-tenancy
Page 6
What is Open vSwitch?What is Open vSwitch?A software-based solution
Resolve the problems of network separation and traffic visibility, so the cloud users can be assigned VMs with elastic and secure network configurations
Flexible Controller in User-SpaceFast Datapath in KernelAn implementation of Open Flow
A software-based solution Resolve the problems of network separation and traffic
visibility, so the cloud users can be assigned VMs with elastic and secure network configurations
Flexible Controller in User-SpaceFast Datapath in KernelAn implementation of Open Flow
Controller
Page 7
Open vSwitch DesignOpen vSwitch DesignDecision about how to process packet made in
userspaceFirst packet of new flow goes to ovs-vswitchd,
following packets hit cached entry in kernel
Decision about how to process packet made in userspace
First packet of new flow goes to ovs-vswitchd, following packets hit cached entry in kernel
Page 8
FeaturesFeatures Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and GRE-
tunneled mirrors LACP (IEEE 802.1AX-2008) Standard 802.1Q VLAN model with trunking BFD and 802.1ag link monitoring STP (IEEE 802.1D-1998) Fine-grained QoS control Support for HFSC qdisc Per VM interface traffic policing NIC bonding with source-MAC load balancing, active backup, and L4 hashing OpenFlow protocol support (including many extensions for virtualization) IPv6 support Multiple tunneling protocols (GRE, VXLAN, IPsec, GRE and VXLAN over IPsec) Remote configuration protocol with C and Python bindings Kernel and user-space forwarding engine options Multi-table forwarding pipeline with flow-caching engine Forwarding layer abstraction to ease porting to new software and hardware platforms
The newest version is 2.0
Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and GRE-tunneled mirrors
LACP (IEEE 802.1AX-2008) Standard 802.1Q VLAN model with trunking BFD and 802.1ag link monitoring STP (IEEE 802.1D-1998) Fine-grained QoS control Support for HFSC qdisc Per VM interface traffic policing NIC bonding with source-MAC load balancing, active backup, and L4 hashing OpenFlow protocol support (including many extensions for virtualization) IPv6 support Multiple tunneling protocols (GRE, VXLAN, IPsec, GRE and VXLAN over IPsec) Remote configuration protocol with C and Python bindings Kernel and user-space forwarding engine options Multi-table forwarding pipeline with flow-caching engine Forwarding layer abstraction to ease porting to new software and hardware platforms
The newest version is 2.0
Page 9
sFlow with OpenvSwitchsFlow with OpenvSwitch
Page 10
The Main ComponentsThe Main Components
Page 11
ovsdb-serverovsdb-serverDatabase that holds switch level configurationCustom database with nice properties:Log-basedSpeaks OVSDB management protocol(JSON-RPC)
to manager and ovs-vswitchd
Database that holds switch level configurationCustom database with nice properties:Log-basedSpeaks OVSDB management protocol(JSON-RPC)
to manager and ovs-vswitchd
Page 12
Example: Setup QoSExample: Setup QoSThere are two ways to do that:
Interface Rate Limiting ( on Interface ) For instance:
– sudo ovs-vsctl set Interface eth1 ingress_policing_rate=10000– sudo ovs-vsctl set Interface eth1 ingress_policing_burst=1000
Port QoS Policy ( on Port ) For instance:
– sudo ovs-vsctl set port eth1 qos=@newqos \– -- --id=@newqos create qos type=linux-htb \– other-config:max-rate=200000000 queues=0=@q0,1=@q1 \– -- --id=@q0 create queue \– other-config:min-rate=100000000 \– other-config:max-rate=100000000 \– -- --id=@q1 create queue \– other-config:min-rate=50000000 \– other-config:max-rate=50000000
Qos can have more than 1 queue
There are two ways to do that: Interface Rate Limiting ( on Interface )
For instance: – sudo ovs-vsctl set Interface eth1 ingress_policing_rate=10000– sudo ovs-vsctl set Interface eth1 ingress_policing_burst=1000
Port QoS Policy ( on Port ) For instance:
– sudo ovs-vsctl set port eth1 qos=@newqos \– -- --id=@newqos create qos type=linux-htb \– other-config:max-rate=200000000 queues=0=@q0,1=@q1 \– -- --id=@q0 create queue \– other-config:min-rate=100000000 \– other-config:max-rate=100000000 \– -- --id=@q1 create queue \– other-config:min-rate=50000000 \– other-config:max-rate=50000000
Qos can have more than 1 queue
Page 13
The example of QoS in OVS DatabaseThe example of QoS in OVS Database It is a GUI tool to see the tables in the ovsdb-server This case is about checking QoS setting
It is a GUI tool to see the tables in the ovsdb-server This case is about checking QoS setting
Page 14
ovs-vswitchdovs-vswitchd
Core component in the system: Communicates with outside world using OpenFlow Communicates with ovsdb server using management
protocol (OVSDB) Communicates with kernel module over netlink Communicates with the system through netdev abstract
interfaceSupports multiple independent datapaths (bridges)Implements mirroring, bonding, and VLANs through
modifications of the same flow table exposed through OpenFlow
Core component in the system: Communicates with outside world using OpenFlow Communicates with ovsdb server using management
protocol (OVSDB) Communicates with kernel module over netlink Communicates with the system through netdev abstract
interfaceSupports multiple independent datapaths (bridges)Implements mirroring, bonding, and VLANs through
modifications of the same flow table exposed through OpenFlow
Page 15
OVS Kernel Module: openvswitch_mod.koOVS Kernel Module: openvswitch_mod.ko
Handles switching and tunnelingExact-match cache of flowsDesigned to be fast and simple
Packet comes in, if found, associated actions executed and counters updated. Otherwise, sent to userspace
Does no flow expiration Knows nothing of OpenFlow
Implements tunnels
Handles switching and tunnelingExact-match cache of flowsDesigned to be fast and simple
Packet comes in, if found, associated actions executed and counters updated. Otherwise, sent to userspace
Does no flow expiration Knows nothing of OpenFlow
Implements tunnels
Page 16
Using OVS to build Network TopologyUsing OVS to build Network TopologyPhysical Machine to Physical Machine Physical Machine to Physical Machine
>ovs-vsctl add-br br0>ovs-vsctl add-port br0 eth0>ovs-vsctl add-port br0 eth1
Page 17
Using OVS to build Network TopologyUsing OVS to build Network TopologyVirtual Machine to Virtual Machine
Hypervisor is KVM
Virtual Machine to Virtual Machine Hypervisor is KVM
>ovs-vsctl add-br br0
>cat /etc/ovs-ifup#!/bin/sh switch= 'br0'/sbin/ifconfig $1 0.0.0.0 upovs-vsctl add-port ${switch} $1
>cat /etc/ovs-ifup#!/bin/sh switch= 'br0'/sbin/ifconfig $1 0.0.0.0 downovs-vsctl del-port ${switch} $1
>kvm -m 512 -net nic,macaddr=00:11:22:33:44:55-net \tap,script= /etc/ovs-ifup ,downscript= /etc/ovs-ifdown-drive \file = /path/to/disk-image ,boot=on >kvm -m 512 -net nic,macaddr=11:22:33:44:55:66-net \ tap,script= /etc/ovs-ifup ,downscript= /etc/ovs-ifdown-drive \file = /path/to/disk-image ,boot=on
Page 18
Using OVS to build Network TopologyUsing OVS to build Network TopologyThe profile of the virtual network
Internal port is connected to IP Stack VMs connect with outside network via vport ( tap virtual
interface )
The profile of the virtual network Internal port is connected to IP Stack VMs connect with outside network via vport ( tap virtual
interface )
Page 19
Using OVS to build Network TopologyUsing OVS to build Network TopologyVirtual Machine to Virtual Machine with GRE TunnelVirtual Machine to Virtual Machine with GRE Tunnel
GRE Tunnel
GRE Tunnel
Page 20
Using OVS to build Network TopologyUsing OVS to build Network Topologysudo ifconfig eth1 0sudo ovs-vsctl add-br br1sudo ovs-vsctl add-br br2sudo ovs-vsctl add-port br1 eth0sudo ifconfig br1 192.168.1.155 netmask 255.255.255.0sudo ifconfig br2 10.1.1.1 netmask 255.255.255.0sudo ovs-vsctl add-port br2 gre0 -- set interface gre0 type=gre options:remote_ip=192.168.1.152
sudo ifconfig eth1 0sudo ovs-vsctl add-br br1sudo ovs-vsctl add-br br2sudo ovs-vsctl add-port br1 eth0sudo ifconfig br1 192.168.1.152 netmask 255.255.255.0sudo ifconfig br2 10.1.1.2 netmask 255.255.255.0sudo ovs-vsctl add-port br2 gre0 -- set interface gre0 type=gre options:remote_ip=192.168.1.155
sudo vi /etc/ovs-ifup#!/bin/shswitch='br2'/sbin/ifconfig $1 0.0.0.0 upovs-vsctl add-port ${switch} $1
sudo vi /etc/ovs-ifdown#!/bin/shswitch=’br2’/sbin/ifconfig $1 0.0.0.0 downovs-vsctl del-port ${switch} $1
sudo chmod +x /etc/ovs-ifup /etc/ovs-ifdown
sudo kvm -m 512 -net nic,macaddr=11:22:33:44:55:66 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown -cdrom /home/brent/images/ubuntu-12.04-desktop-i386.iso &
Page 21
Using OVS to build Network TopologyUsing OVS to build Network TopologyBridge to Bridge
They need a patch port to communicate with each other
Bridge to Bridge They need a patch port to communicate with each other
ovs-vsctl add-br br0ovs-vsctl add-br br1 ovs-vsctl add-port br0 patch-to-br1ovs-vsctl set interface patch-to-br1type=patchovs-vsctl set interface patch-to-br1 options:peer=patch-to-br0
ovs-vsctl add-port br1 patch-to-br0ovs-vsctl set nterface patch-to-br0type=patchovs-vsctl set interface patch-to-br0 options:peer=patch-to-br1
Page 22
Demo TopologyDemo Topology The host: OVS1 and OVS2 communicate with each other by GRE Tunnel The host: KVM will provision a VM guest and communicates with OVS1
and OVS2
The host: OVS1 and OVS2 communicate with each other by GRE Tunnel The host: KVM will provision a VM guest and communicates with OVS1
and OVS2
Page 23
OVS with GRE Tunnel Demo (1/2)OVS with GRE Tunnel Demo (1/2) OVS1 and OVS2 communicate with each other by GRE Tunnel OVS1 and OVS2 communicate with each other by GRE Tunnel
sudo ovs-vsctl add-br br0sudo ovs-vsctl add-br br1sudo ovs-vsctl add-port br0 eth0sudo ifconfig eth0 0sudo ifconfig br0 192.168.1.10 netmask 255.255.255.0sudo route add default gw 192.168.1.1 br0sudo ifconfig br1 10.1.2.10 netmask 255.255.255.0sudo ovs-vsctl add-port br1 gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.11
sudo ovs-vsctl add-br br0sudo ovs-vsctl add-br br1sudo ovs-vsctl add-port br0 eth0sudo ifconfig eth0 0 sudo ifconfig br0 192.168.1.11 netmask 255.255.255.0sudo route add default gw 192.168.1.1 br0sudo ifconfig br1 10.1.2.11 netmask 255.255.255.0sudo ovs-vsctl add-port br1 gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.10
br0
eth0
br1
IP: 192.168.1.10Default GW: 192.168.1.1
Remote IP: 192.168.1.11
gre1
IP: 10.1.2.10
Page 24
OVS with GRE Tunnel Demo (2/2)OVS with GRE Tunnel Demo (2/2) OVS1 and OVS2 in bare metal mode to communicate with each other by
GRE Tunnel
OVS1 and OVS2 in bare metal mode to communicate with each other by GRE Tunnel
sudo ovs-vsctl add-br br-intsudo ifconfig eth0 192.168.1.10 netmask 255.255.255.0sudo route add default gw 192.168.1.1 eth0sudo ovs-vsctl add-port br-int mgmt0 -- set interface mgmt0 type=internalsudo ifconfig mgmt0 10.1.2.10 netmask 255.255.255.0sudo ovs-vsctl add-port br-int gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.11
sudo ovs-vsctl add-br br-intsudo ifconfig eth0 192.168.1.11 netmask 255.255.255.0sudo route add default gw 192.168.1.1 eth0sudo ovs-vsctl add-port br-int mgmt0 -- set interface mgmt0 type=internalsudo ifconfig mgmt0 10.1.2.11 netmask 255.255.255.0sudo ovs-vsctl add-port br-int gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.10
br0
mgmt0
IP: 192.168.1.10Default GW: 192.168.1.1
Remote IP: 192.168.1.11
gre1
IP: 10.1.2.10
eth0
Page 25
OVS with KVM and guest VM DemoOVS with KVM and guest VM Demo The host: KVM will provision a VM guest and communicates with OVS1 and OVS2 The host: KVM will provision a VM guest and communicates with OVS1 and OVS2
sudo ovs-vsctl add-br br0sudo ovs-vsctl add-port br0 eth0sudo ovs-vsctl list portsudo ifconfig eth0 0sudo ifconfig br0 192.168.1.20 netmask 255.255.255.0sudo route add default gw 192.168.1.1 br0sudo kvm -m 512 -hda /home/liudanny/kvm_lab/linux-core-4.7.7-openvswitch-1.11.0_guagga-0.99.22.4.img -net nic,macaddr=00:11:22:33:44:55 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdownsudo kvm -m 512 -hda /home/liudanny/kvm_lab/linux-core-4.7.7-openvswitch-1.11.0_guagga-0.99.22.4.img -net nic,macaddr=11:22:33:44:55:66 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown
br0 IP: 192.168.1.20Default GW: 192.168.1.1
tap0
eth0
VM1
tap1
VM2
IP: 10.1.2.10 IP: 10.1.2.11
Page 26
Q&AQ&A
Page 27
ReferenceReference http://blog.scottlowe.org/2013/05/07/using-gre-tunnels-with-open
-vswitch/ http://lamoop.com/post/2013-11-18/40060149263 http://www.youtube.com/watch?v=rYW7kQRyUvA http://networkstatic.net/open-vswitch-gre-tunnel-configuration/ http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-ope
nvswitch/ http://openvswitch.org/ovs-vswitchd.conf.db.5.pdf http://openvswitch.org/
http://blog.scottlowe.org/2013/05/07/using-gre-tunnels-with-open-vswitch/
http://lamoop.com/post/2013-11-18/40060149263 http://www.youtube.com/watch?v=rYW7kQRyUvA http://networkstatic.net/open-vswitch-gre-tunnel-configuration/ http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-ope
nvswitch/ http://openvswitch.org/ovs-vswitchd.conf.db.5.pdf http://openvswitch.org/