The Basic Introduction of Open vSwitch

The Basic Introduction of Open vSwitch

Te-Yen(Danny) LiuDate : 2014/01/08

Te-Yen(Danny) LiuDate : 2014/01/08

Page 2

AgendaAgendaWhat is Virtual Switch?Virtual Network Topology using OVSWhat is Open vSwitch and Features?The Main ComponentsUsing OVS to build Network TopologyAdvanced ExamplesDemo

What is Virtual Switch?Virtual Network Topology using OVSWhat is Open vSwitch and Features?The Main ComponentsUsing OVS to build Network TopologyAdvanced ExamplesDemo

Page 3

What is Virtual Switch?What is Virtual Switch? In virtual network, virtual switch acts like an advanced edge switch for

VMs.

In virtual network, virtual switch acts like an advanced edge switch for VMs.

Physical Switch

Hypervisor

Virtual Switch

VM VM VMVirtual

Network(L2)vNIC

VIF

NIC as vSwitch’s uplink port

Data Flow

Page 4

Virtual Network Topology (1/2)Virtual Network Topology (1/2)An example of Virtual Network Topology in OpenStackAn example of Virtual Network Topology in OpenStack

Page 5

Virtual Network Topology (2/2)Virtual Network Topology (2/2) Another example of Virtual Network Topology in OpenStack They use Open vSwitch as the solution to deal with the complication in virtual

newtork and multi-tenancy

Another example of Virtual Network Topology in OpenStack They use Open vSwitch as the solution to deal with the complication in virtual

newtork and multi-tenancy

Page 6

What is Open vSwitch?What is Open vSwitch?A software-based solution

Resolve the problems of network separation and traffic visibility, so the cloud users can be assigned VMs with elastic and secure network configurations

Flexible Controller in User-SpaceFast Datapath in KernelAn implementation of Open Flow

A software-based solution Resolve the problems of network separation and traffic

visibility, so the cloud users can be assigned VMs with elastic and secure network configurations

Flexible Controller in User-SpaceFast Datapath in KernelAn implementation of Open Flow

Controller

Page 7

Open vSwitch DesignOpen vSwitch DesignDecision about how to process packet made in

userspaceFirst packet of new flow goes to ovs-vswitchd,

following packets hit cached entry in kernel

Decision about how to process packet made in userspace

First packet of new flow goes to ovs-vswitchd, following packets hit cached entry in kernel

Page 8

FeaturesFeatures Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and GRE-

tunneled mirrors LACP (IEEE 802.1AX-2008) Standard 802.1Q VLAN model with trunking BFD and 802.1ag link monitoring STP (IEEE 802.1D-1998) Fine-grained QoS control Support for HFSC qdisc Per VM interface traffic policing NIC bonding with source-MAC load balancing, active backup, and L4 hashing OpenFlow protocol support (including many extensions for virtualization) IPv6 support Multiple tunneling protocols (GRE, VXLAN, IPsec, GRE and VXLAN over IPsec) Remote configuration protocol with C and Python bindings Kernel and user-space forwarding engine options Multi-table forwarding pipeline with flow-caching engine Forwarding layer abstraction to ease porting to new software and hardware platforms

The newest version is 2.0

Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and GRE-tunneled mirrors

LACP (IEEE 802.1AX-2008) Standard 802.1Q VLAN model with trunking BFD and 802.1ag link monitoring STP (IEEE 802.1D-1998) Fine-grained QoS control Support for HFSC qdisc Per VM interface traffic policing NIC bonding with source-MAC load balancing, active backup, and L4 hashing OpenFlow protocol support (including many extensions for virtualization) IPv6 support Multiple tunneling protocols (GRE, VXLAN, IPsec, GRE and VXLAN over IPsec) Remote configuration protocol with C and Python bindings Kernel and user-space forwarding engine options Multi-table forwarding pipeline with flow-caching engine Forwarding layer abstraction to ease porting to new software and hardware platforms

The newest version is 2.0

Page 9

sFlow with OpenvSwitchsFlow with OpenvSwitch

Page 10

The Main ComponentsThe Main Components

Page 11

ovsdb-serverovsdb-serverDatabase that holds switch level configurationCustom database with nice properties:Log-basedSpeaks OVSDB management protocol(JSON-RPC)

to manager and ovs-vswitchd

Database that holds switch level configurationCustom database with nice properties:Log-basedSpeaks OVSDB management protocol(JSON-RPC)

to manager and ovs-vswitchd

Page 12

Example: Setup QoSExample: Setup QoSThere are two ways to do that:

Interface Rate Limiting ( on Interface ) For instance:

– sudo ovs-vsctl set Interface eth1 ingress_policing_rate=10000– sudo ovs-vsctl set Interface eth1 ingress_policing_burst=1000

Port QoS Policy ( on Port ) For instance:

– sudo ovs-vsctl set port eth1 qos=@newqos \– -- --id=@newqos create qos type=linux-htb \– other-config:max-rate=200000000 queues=0=@q0,1=@q1 \– -- --id=@q0 create queue \– other-config:min-rate=100000000 \– other-config:max-rate=100000000 \– -- --id=@q1 create queue \– other-config:min-rate=50000000 \– other-config:max-rate=50000000

Qos can have more than 1 queue

There are two ways to do that: Interface Rate Limiting ( on Interface )

For instance: – sudo ovs-vsctl set Interface eth1 ingress_policing_rate=10000– sudo ovs-vsctl set Interface eth1 ingress_policing_burst=1000

Port QoS Policy ( on Port ) For instance:

– sudo ovs-vsctl set port eth1 qos=@newqos \– -- --id=@newqos create qos type=linux-htb \– other-config:max-rate=200000000 queues=0=@q0,1=@q1 \– -- --id=@q0 create queue \– other-config:min-rate=100000000 \– other-config:max-rate=100000000 \– -- --id=@q1 create queue \– other-config:min-rate=50000000 \– other-config:max-rate=50000000

Qos can have more than 1 queue

Page 13

The example of QoS in OVS DatabaseThe example of QoS in OVS Database It is a GUI tool to see the tables in the ovsdb-server This case is about checking QoS setting

It is a GUI tool to see the tables in the ovsdb-server This case is about checking QoS setting

Page 14

ovs-vswitchdovs-vswitchd

Core component in the system: Communicates with outside world using OpenFlow Communicates with ovsdb server using management

protocol (OVSDB) Communicates with kernel module over netlink Communicates with the system through netdev abstract

interfaceSupports multiple independent datapaths (bridges)Implements mirroring, bonding, and VLANs through

modifications of the same flow table exposed through OpenFlow

Core component in the system: Communicates with outside world using OpenFlow Communicates with ovsdb server using management

protocol (OVSDB) Communicates with kernel module over netlink Communicates with the system through netdev abstract

interfaceSupports multiple independent datapaths (bridges)Implements mirroring, bonding, and VLANs through

modifications of the same flow table exposed through OpenFlow

Page 15

OVS Kernel Module: openvswitch_mod.koOVS Kernel Module: openvswitch_mod.ko

Handles switching and tunnelingExact-match cache of flowsDesigned to be fast and simple

Packet comes in, if found, associated actions executed and counters updated. Otherwise, sent to userspace

Does no flow expiration Knows nothing of OpenFlow

Implements tunnels

Handles switching and tunnelingExact-match cache of flowsDesigned to be fast and simple

Packet comes in, if found, associated actions executed and counters updated. Otherwise, sent to userspace

Does no flow expiration Knows nothing of OpenFlow

Implements tunnels

Page 16

Using OVS to build Network TopologyUsing OVS to build Network TopologyPhysical Machine to Physical Machine Physical Machine to Physical Machine

>ovs-vsctl add-br br0>ovs-vsctl add-port br0 eth0>ovs-vsctl add-port br0 eth1

Page 17

Using OVS to build Network TopologyUsing OVS to build Network TopologyVirtual Machine to Virtual Machine

Hypervisor is KVM

Virtual Machine to Virtual Machine Hypervisor is KVM

>ovs-vsctl add-br br0

>cat /etc/ovs-ifup#!/bin/sh switch= 'br0'/sbin/ifconfig $1 0.0.0.0 upovs-vsctl add-port ${switch} $1

>cat /etc/ovs-ifup#!/bin/sh switch= 'br0'/sbin/ifconfig $1 0.0.0.0 downovs-vsctl del-port ${switch} $1

>kvm -m 512 -net nic,macaddr=00:11:22:33:44:55-net \tap,script= /etc/ovs-ifup ,downscript= /etc/ovs-ifdown-drive \file = /path/to/disk-image ,boot=on        >kvm -m 512 -net nic,macaddr=11:22:33:44:55:66-net \     tap,script= /etc/ovs-ifup ,downscript= /etc/ovs-ifdown-drive \file = /path/to/disk-image ,boot=on

Page 18

Using OVS to build Network TopologyUsing OVS to build Network TopologyThe profile of the virtual network

Internal port is connected to IP Stack VMs connect with outside network via vport ( tap virtual

interface )

The profile of the virtual network Internal port is connected to IP Stack VMs connect with outside network via vport ( tap virtual

interface )

Page 19

Using OVS to build Network TopologyUsing OVS to build Network TopologyVirtual Machine to Virtual Machine with GRE TunnelVirtual Machine to Virtual Machine with GRE Tunnel

GRE Tunnel

GRE Tunnel

Page 20

Using OVS to build Network TopologyUsing OVS to build Network Topologysudo ifconfig eth1 0sudo ovs-vsctl add-br br1sudo ovs-vsctl add-br br2sudo ovs-vsctl add-port br1 eth0sudo ifconfig br1 192.168.1.155 netmask 255.255.255.0sudo ifconfig br2 10.1.1.1 netmask 255.255.255.0sudo ovs-vsctl add-port br2 gre0 -- set interface gre0 type=gre options:remote_ip=192.168.1.152

sudo ifconfig eth1 0sudo ovs-vsctl add-br br1sudo ovs-vsctl add-br br2sudo ovs-vsctl add-port br1 eth0sudo ifconfig br1 192.168.1.152 netmask 255.255.255.0sudo ifconfig br2 10.1.1.2 netmask 255.255.255.0sudo ovs-vsctl add-port br2 gre0 -- set interface gre0 type=gre options:remote_ip=192.168.1.155

sudo vi /etc/ovs-ifup#!/bin/shswitch='br2'/sbin/ifconfig $1 0.0.0.0 upovs-vsctl add-port ${switch} $1

sudo vi /etc/ovs-ifdown#!/bin/shswitch=’br2’/sbin/ifconfig $1 0.0.0.0 downovs-vsctl del-port ${switch} $1

sudo chmod +x /etc/ovs-ifup /etc/ovs-ifdown

sudo kvm -m 512 -net nic,macaddr=11:22:33:44:55:66 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown -cdrom /home/brent/images/ubuntu-12.04-desktop-i386.iso &

Page 21

Using OVS to build Network TopologyUsing OVS to build Network TopologyBridge to Bridge

They need a patch port to communicate with each other

Bridge to Bridge They need a patch port to communicate with each other

ovs-vsctl add-br br0ovs-vsctl add-br br1 ovs-vsctl add-port br0 patch-to-br1ovs-vsctl set interface patch-to-br1type=patchovs-vsctl set interface patch-to-br1 options:peer=patch-to-br0

ovs-vsctl add-port br1 patch-to-br0ovs-vsctl set nterface patch-to-br0type=patchovs-vsctl set interface patch-to-br0 options:peer=patch-to-br1

Page 22

Demo TopologyDemo Topology The host: OVS1 and OVS2 communicate with each other by GRE Tunnel The host: KVM will provision a VM guest and communicates with OVS1

and OVS2

The host: OVS1 and OVS2 communicate with each other by GRE Tunnel The host: KVM will provision a VM guest and communicates with OVS1

and OVS2

Page 23

OVS with GRE Tunnel Demo (1/2)OVS with GRE Tunnel Demo (1/2) OVS1 and OVS2 communicate with each other by GRE Tunnel OVS1 and OVS2 communicate with each other by GRE Tunnel

sudo ovs-vsctl add-br br0sudo ovs-vsctl add-br br1sudo ovs-vsctl add-port br0 eth0sudo ifconfig eth0 0sudo ifconfig br0 192.168.1.10 netmask 255.255.255.0sudo route add default gw 192.168.1.1 br0sudo ifconfig br1 10.1.2.10 netmask 255.255.255.0sudo ovs-vsctl add-port br1 gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.11

sudo ovs-vsctl add-br br0sudo ovs-vsctl add-br br1sudo ovs-vsctl add-port br0 eth0sudo ifconfig eth0 0 sudo ifconfig br0 192.168.1.11 netmask 255.255.255.0sudo route add default gw 192.168.1.1 br0sudo ifconfig br1 10.1.2.11 netmask 255.255.255.0sudo ovs-vsctl add-port br1 gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.10

br0

eth0

br1

IP: 192.168.1.10Default GW: 192.168.1.1

Remote IP: 192.168.1.11

gre1

IP: 10.1.2.10

Page 24

OVS with GRE Tunnel Demo (2/2)OVS with GRE Tunnel Demo (2/2) OVS1 and OVS2 in bare metal mode to communicate with each other by

GRE Tunnel

OVS1 and OVS2 in bare metal mode to communicate with each other by GRE Tunnel

sudo ovs-vsctl add-br br-intsudo ifconfig eth0 192.168.1.10 netmask 255.255.255.0sudo route add default gw 192.168.1.1 eth0sudo ovs-vsctl add-port br-int mgmt0 -- set interface mgmt0 type=internalsudo ifconfig mgmt0 10.1.2.10 netmask 255.255.255.0sudo ovs-vsctl add-port br-int gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.11

sudo ovs-vsctl add-br br-intsudo ifconfig eth0 192.168.1.11 netmask 255.255.255.0sudo route add default gw 192.168.1.1 eth0sudo ovs-vsctl add-port br-int mgmt0 -- set interface mgmt0 type=internalsudo ifconfig mgmt0 10.1.2.11 netmask 255.255.255.0sudo ovs-vsctl add-port br-int gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.10

br0

mgmt0

IP: 192.168.1.10Default GW: 192.168.1.1

Remote IP: 192.168.1.11

gre1

IP: 10.1.2.10

eth0

Page 25

OVS with KVM and guest VM DemoOVS with KVM and guest VM Demo The host: KVM will provision a VM guest and communicates with OVS1 and OVS2 The host: KVM will provision a VM guest and communicates with OVS1 and OVS2

sudo ovs-vsctl add-br br0sudo ovs-vsctl add-port br0 eth0sudo ovs-vsctl list portsudo ifconfig eth0 0sudo ifconfig br0 192.168.1.20 netmask 255.255.255.0sudo route add default gw 192.168.1.1 br0sudo kvm -m 512 -hda /home/liudanny/kvm_lab/linux-core-4.7.7-openvswitch-1.11.0_guagga-0.99.22.4.img -net nic,macaddr=00:11:22:33:44:55 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdownsudo kvm -m 512 -hda /home/liudanny/kvm_lab/linux-core-4.7.7-openvswitch-1.11.0_guagga-0.99.22.4.img -net nic,macaddr=11:22:33:44:55:66 -net tap,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown

br0 IP: 192.168.1.20Default GW: 192.168.1.1

tap0

eth0

VM1

tap1

VM2

IP: 10.1.2.10 IP: 10.1.2.11

Page 26

Q&AQ&A

Page 27

ReferenceReference http://blog.scottlowe.org/2013/05/07/using-gre-tunnels-with-open

-vswitch/ http://lamoop.com/post/2013-11-18/40060149263 http://www.youtube.com/watch?v=rYW7kQRyUvA http://networkstatic.net/open-vswitch-gre-tunnel-configuration/ http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-ope

nvswitch/ http://openvswitch.org/ovs-vswitchd.conf.db.5.pdf http://openvswitch.org/

http://blog.scottlowe.org/2013/05/07/using-gre-tunnels-with-open-vswitch/

http://lamoop.com/post/2013-11-18/40060149263 http://www.youtube.com/watch?v=rYW7kQRyUvA http://networkstatic.net/open-vswitch-gre-tunnel-configuration/ http://networkstatic.net/configuring-vxlan-and-gre-tunnels-on-ope

nvswitch/ http://openvswitch.org/ovs-vswitchd.conf.db.5.pdf http://openvswitch.org/