+ All Categories
Home > Documents > Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf Part One Why Open vSwitch?...

Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf Part One Why Open vSwitch?...

Date post: 26-Aug-2018
Category:
Upload: truongnguyet
View: 224 times
Download: 0 times
Share this document with a friend
20
Thomas Graf <[email protected]> 1 Underneath OpenStack Quantum: Software Defined Networking with Open vSwitch Thomas Graf <[email protected]> Principal Software Engineer Red Hat, Inc. April 24, 2013
Transcript
Page 1: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>1

Underneath OpenStack Quantum:Software Defined Networkingwith Open vSwitch

Thomas Graf <[email protected]>Principal Software EngineerRed Hat, Inc.

April 24, 2013

Page 2: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>2

Part OneWhy Open vSwitch?

Open vSwitch enables Linux to become part of a Software Defined Networking architecture.

Network Operating System

Application Application Application

Switch

Switch

Switch

VM1 VM2

Open vSwitch

Page 3: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>3

Switched NetworksSwitches learn from the network traffic they

observe and decide independently.Compute Node A

Bridge

Network Node B

Bridge

AlicePeter

Switch 1

Switch 2 Switch 3

Tenant1

Tenant2

Tenant3

Tenant4

Tenant5

Tenant6

L3Agent

Page 4: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>4

Dynamically update flow tables in a universal language.

In the Software Defined Networking architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications.

Software-Defined Networking:The New Norm for Networks

ONF White PaperApril 13, 2012

Page 5: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>5

Software Defined NetworkingA logically centralized controller decides what is

best for the network based on a global view of the network.

Tenant1

Compute Node A

vSwitch 1

Network Node B

vSwitch 2

AlicePeter

Switch 1

Switch 2 Switch 3

Controller

OpenFlow

Tenant2

Tenant3

Tenant4

Tenant5

Tenant6

L3Agent

Page 6: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>6

Software Defined Networking

VirtualSwitch A

Network Operating System

Application Application Application

SwitchVendor X

SwitchVendor Y

VirtualSwitch B

Open Interface (OpenFlow)

An attempt to create a well-known API for applicationsof the Network that did not succeed yet.

OpenDaylight on its way to make this happen.

Page 7: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>7

OpenFlow

Match on arbitrary bits in packet (header)

Execute actions● Forward to port● Drop● Send to

controller● Mangle packet

2.2.

The Open Standard behind it.

OpenFlow enables networks to evolve, by giving a remote controller the power to modify the behavior of network devices, through a well-defined "forwarding instruction set". The growing OpenFlow ecosystem now includes routers, switches, virtual switches, and access points from a range of vendors.

ONF Website

1.1.

Page 8: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>8

OpenFlow Capable Devices

● Software Switches● Open vSwitch, Cisco Nexus 1000V● VMware vSphere, NEC Hyper-V, ...

● Hardware Switches● Brocade, Cisco, HP, IBM, Juniper Networks, NEC, ...

● Switching ASICs● Indigo – Open source firmware leveraging Ethernet switch ASICs to support up to 48x 10G ports● Mellanox SwitchX-2 chip

Page 9: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>9

Is it production ready?

Page 10: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>10

Part TwoOpen vSwitch

Compute Node A

Open vSwitch

Network Node B

Open vSwitch

Hardware Switch

Alice Peter

Controller

Open

Flow

Ope

n F

low

Open Flow

Open vSwitch is a virtual switch for hypervisors providingnetwork connectivity to virtual machines.

Tenant1

Tenant2

Tenant3

Compute Node A

Tenant1

Tenant2

Tenant3

L3Agent

Page 11: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>11

Open vSwitch Project

● Primarily used as a virtual switch for VMs

● Multi Platform (Linux, Microsoft, and Silicon)

● Developed by Nicira & Community

● Apache License (User Space), GPL (Kernel)

● OpenFlow 1.1 + extensions

● Any netdevice (physical/virtual) can be added as uplink port

Page 12: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>12

How does it work?

Tenant1

Compute/Network Node

Open vSwitchQuantum OVS AgentQuantum L3 AgentQuantum DHCP Agent

Flow table

eth0

Open vSwitch maintains a flow table that defines whatto do with each flow.

Tenant2

Tenant3

Tenantn

Controllerbr-int

br-extbr-eth1

eth1

External Network

OpenFlow

To Network Node

br-tun

Patch ports

Page 13: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>13

FeatureFine Grained Flow Table Control● Extensive flow matching capabilities

● Layer 1 – Tunnel ID, In Port, QoS priority, skb mark● Layer 2 – MAC address, VLAN ID, Ethernet type● Layer 3 – IPv4/IPv6 fields, ARP● Layer 4 – TCP/UDP, ICMP, ND

● Possible chain of actions● Output to port (port range, flood, mirror)● Discard, Resubmit to table x● Packet Mangling (Push/Pop VLAN header, TOS, ...)● Send to controller, Learn

Page 14: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>14

FeatureSecurity / L2 Segregation

VM1

Compute Node

VM2 VM3

Open vSwitch

VLAN 1 VLAN 2

VLAN isolation enforces VLAN membership ofa VM without the knowledge of the guest itself.

# ovs-vsctl add-port ovsbr port2 tag=10

Caveat: MAX(VLAN_ID) limited

Page 15: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>15

FeatureTunneling

VM1

Compute Node 1

VM2 VM3

Open vSwitch

VM4

Compute Node 2

VM5 VM6

Open vSwitch

Hardware Switch

Controller

Open

Flow

Open Flow

{ GRE | STT | VXLAN } Tunnel

VNET 1 VNET 1VNET 2 VNET 2

Tunneling provides isolation and reducesdependencies on the physical network.

Page 16: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>16

FeatureVisibility

● NetFlow

● Port Mirroring● SPAN● RSPAN● ERSPAN

Supports industry standard technology tomonitor the use of a network.

Page 17: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>17

FeatureQuality of Service

● Uses existing Traffic Control Layer● Policer (Ingress rate limiter)● HTB, HFSC (Egress traffic classes)

● Controller (Open Flow) can select Traffic Class

VM1

Virtual Host

VM2

ovsbr

VLAN 10

port1 port2

1mbit

# ovs-vsctl set Interface port2 \ ingress_policing_rate=1000

Page 18: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>18

Architecture

ovsdbvswitchd

Datapath

OpenFlow

Kernel

Userspace

Management

ovs-vsctl

Flow Table

ovs-dpctl

upcall

Netlink

sFlow

To NetDeviceFrom NetDevice

Promiscuous Mode

reinject

1

2

(3)

4

5

6

7

Packet Processing

Management Workflow

ovsdb-tool

ovs-ofctl

Page 19: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>19

Modifying the Flow Table

# ovs-ofctl add-flow ovsbr \ dl_src=11:22:33:44:55:66,actions=strip_vlan,output:1

# ovs-ofctl dump-flows ovsbr[...] cookie=0x0, duration=36.24s, table=0, n_packets=0, n_bytes=0, idle_age=36, dl_src=11:22:33:44:55:66 actions=strip_vlan,output:1

Strip VLAN header of all packets from MAC address11:22:33:44:55:66 and forward packet to port 1.

Page 20: Open vSwitch: Software Defined Networking - ZHAW … · 2 Thomas Graf  Part One Why Open vSwitch? Open vSwitch enables Linux to become part of a Software Defined

Thomas Graf <[email protected]>20

Questions?● Open vSwitch

● http://www.openvswitch.org/

● OpenFlow

● http://www.openflow.org/

● Open Networking Foundation

● http://www.opennetworking.org/

● sFlow

● http://www.sflow.org/

● Going with the Flow: Google’s Secret Switch to the Next Wave of Networking

● http://www.wired.com/wiredenterprise/2012/04/going-with-the-flow-google/


Recommended