Virtualized Network with OpenvSwitch

Paul SimCloud Consultantpaul.sim@canonical.com

Index

OpenvSwitch Overview

OpenvSwitch Architecture

Configuration

OpenvSwitch Demo

Virtual Network with OpenvSwitch

OpenStack with OpenvSwitch

Use-case

OpenvSwitch Overview

A virtual switch or Virtual Ethernet bridge (VEB)

A key component of networking for virtualized

computing

Open vSwitch version of Niciras proprietary vSwitch

User-space : configuration, control

Kernel-space : datapath (included in main Linux kernel

since version 3.3)

Cisco Nexus 1000V, VMware vDS, IBM DVS 5000V, MS

Hyper-V vSwitch

OpenvSwitch Overview - Features

Visibility into inter-VM communication via NetFlow,

sFlow(R), IPFIX, SPAN, LACP (IEEE 802.1AX-2008)

Standard 802.1Q VLAN model with trunking

STP (IEEE 802.1D-1998), Fine-grained QoS control

NIC bonding with source-MAC load balancing, active

backup, and L4 hashing

OpenFlow protocol support (including many extensions

for virtualization)

Multiple tunneling protocols (VxLAN, Ethernet over

GRE, CAPWAP, IPsec, GRE over IPsec)

http://openvswitch.org/features/

OpenvSwitch Overview - Performance

OpenvSwitch Architecture

ovs-vsctlovsdb-client ovs-dpctl

ovs-vswitchdovs-brcompatd

brcompat.ko

openvswitch.ko

Kernel Datapath(Fast Path)

OVS Management(JSON RPC)

OpenFlow

Remote OpenvSwitch db

OpenFlow Controller

ovs-ofctl

user

spa

ce K

erne

l spa

ce

ovsdb-server

VM

vNICtap

Netlink

ovs-appctl

OpenvSwitch Architecture

VM

vNIC

tap1

eth0 eth1 eth2

VM

vNIC

tap2

br-ovs

vnet0 vnet1

bond0 eth2

Port

Interface

BridgePacket flows

Flow table

OpenvSwitch Architecture ovs-vswitchd : a daemon that implements the switch, along with a

companion Linux kernel module for flow-based switching.

ovsdb-server : a lightweight database server that ovs-vswitchd queries to

obtain its configuration.

ovs-vsctl : a utility for querying and updating the configuration of ovs-

vswitchd.

ovs-dpctl : a tool for configuring and monitoring the switch kernel

module.

ovs-appctl : a utility that sends commands to running Open vSwitch

daemons (ovs-vswitchd).

ovs-controller : a simple OpenFlow controller reference implementation.

brocompat.ko : Linux bridge compatibility module

openvswitch.ko : Open vSwitch switching datapath

Configuration

Table Purpose

Open_vSwitch Open vSwitch conguration

Bridge Bridge conguration

Port Port conguration

Interface One physical network device in a Port

QoS Quality of Service conguration

Queue QoS output queue

Mirror Port mirroring

Controller OpenFlow controller conguration

Manager OVSDB management connection

NetFlow NetFlow conguration

SSL SSL conguration

sFlow sFlow conguration

Capability Capability configuration $man ovs-vswitchd.conf.db

Configuration sample(1)

~$ sudo ovs-vsctl show225d73cc-15b3-4db5-9b45-e783f7c49a10 Bridge br-tun Port "gre-3" Interface "gre-3" type: gre options: {in_key=flow, out_key=flow, remote_ip="192.168.0.10"} Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun}

Bridge br-int Port "tap1" tag: 1 Interface "tap1" Port "tap2" tag: 1 Interface "tap2" Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int}

Configuration sample(2)

VM

vNIC

tap1

br-int

eth0External IP

eth1192.168.0.20

eth2192.168.10.20

VM

vNIC

tap2

patch-tun patch-int br-tun

gre3

GRE tunnel192.168.0.10

Linux Networking Stack

OpenvSwitch Demo - Environment

VM

vNIC

tap1

OpenvSwitch Bridge

eth1

VM

vNIC

tap2

gre-1

eth0

GRE tunnel

VM

vNIC

tap1

OpenvSwitch Bridge

eth1

VM

vNIC

tap2

gre-1

eth0

Tunneling network 192.168.0.0/24

External network

Switch

Switch

Virtual Network with OpenvSwitch - OpenStack

Controller node

Keystone

Network node Compute node - 1 Compute node - 2

Nova

Glance Horizon

Neutron - Server

Neutron L3-agent

Neutron agent

NeutronOpenvSwitch Plug-in

Nova compute

Neutron agent

NeutronOpenvSwitch Plug-in

Nova compute

eth1 eth2

eth0

eth1 eth2

eth0

eth1 eth2

eth0

eth1 eth2

eth0

Management 192.168.0.0/24

Data 192.168.10.0/24

External network

Virtual Network with OpenvSwitch - OpenStack

Neutron OpenvSwitch plug-in GRE tunneling

Network node Compute node - 1

eth0

qg~~~

br-ext br-int

tap~~~gre-2

gre-1

gre-2

gre-1

VM VM

eth0

qr~~~

br-tun tap1 tap2

br-int

br-t

un

Tunnel compute node - 2

Tunnel

qg~~~ : external gateway interface qr~~~ : virtual router interface tap~~~ : network service interface (DHCP, DNS and )

Use-case - VMware NSX

Hypervisor

VM VM VM

Hypervisor

VM VM VM

NIC NIC

vNICvNICvNIC vNICvNICvNIC

OpenvSwitch

Switch

NSX Controller Cluster

OpenFlow

Overlay networking GRE & STT

Centralized Controller MAC-over-GRE

ARP Proxy : No MAC flooding Security : OpenvSwitch

Use-case - MidoNet

Hypervisor

VM VMMidoNet

Agent

Hypervisor

VM VM

NIC NIC

vNICvNIC vNICvNIC

OpenvSwitch

Switch

Distributed Database

Overlay networking : GRE L2 ~ L4 (stateful) virtual networking Virtual Router : for each tenant, provider Forwarding decision in local No OpenFlow Distributed Database

Cassandra : L4 session Zookeeper : MAC, F/W rules and ...

Latency?

MidoNet Agent

MidoNet Controller

Use-case - Pica8

Two running modes : OpenvSwitch mode and L2/L3 mode Pics OVS : The implementation of OpenvSwitch on Pica8 hardware switch MPLS, GRE Standard 802.1Q VLAN model with trunking link monitoring NetFlow, sFlow

Use-case - Intel DPDK vSwitch

High performance and ultra-low latency packet switching of OpenvSwitch using Intel DPDK(Data Plane Development Kit) acceleration technology.

DPDK vSwitch suggests modified Qemu and OpenvSwitch. 6WIND clams 6WINDGate shows 10x faster performance than standard OpenvSwitch.

http://www.6wind.com/wp-content/uploads/PDF/prod/6WIND-Virtual-Switch-Product-Brief.pdf