Virtualized Network with OpenvSwitch

Paul SimCloud Consultantpaul.sim@canonical.com

Index

● OpenvSwitch Overview

● OpenvSwitch Architecture

● Configuration

● OpenvSwitch Demo

● Virtual Network with OpenvSwitch

● OpenStack with OpenvSwitch

● Use-case

OpenvSwitch Overview

❏ A virtual switch or Virtual Ethernet bridge (VEB)

❏ A key component of networking for virtualized

computing

❏ “Open” vSwitch version of Nicira’s proprietary vSwitch

❏ User-space : configuration, control

❏ Kernel-space : datapath (included in main Linux kernel

since version 3.3)

❏ Cisco Nexus 1000V, VMware vDS, IBM DVS 5000V, MS

Hyper-V vSwitch

OpenvSwitch Overview - Features

❏ Visibility into inter-VM communication via NetFlow,

sFlow(R), IPFIX, SPAN, LACP (IEEE 802.1AX-2008)

❏ Standard 802.1Q VLAN model with trunking

❏ STP (IEEE 802.1D-1998), Fine-grained QoS control

❏ NIC bonding with source-MAC load balancing, active

backup, and L4 hashing

❏ OpenFlow protocol support (including many extensions

for virtualization)

❏ Multiple tunneling protocols (VxLAN, Ethernet over

GRE, CAPWAP, IPsec, GRE over IPsec)

http://openvswitch.org/features/

OpenvSwitch Overview - Performance

OpenvSwitch Architecture

ovs-vsctlovsdb-client ovs-dpctl

ovs-vswitchdovs-brcompatd

brcompat.ko

openvswitch.ko

Kernel Datapath(Fast Path)

OVS Management(JSON RPC)

OpenFlow

Remote OpenvSwitch db

OpenFlow Controller

ovs-ofctl

user

sp

ace

Ker

nel s

pac

e

ovsdb-server

VM

vNICtap

Netlink

ovs-appctl

OpenvSwitch Architecture

VM

vNIC

tap1

eth0 eth1 eth2

VM

vNIC

tap2

br-ovs

vnet0 vnet1

bond0 eth2

Port

Interface

BridgePacket flows

Flow table

OpenvSwitch Architecture

❏ ovs-vswitchd : a daemon that implements the switch, along with a

companion Linux kernel module for flow-based switching.

❏ ovsdb-server : a lightweight database server that ovs-vswitchd queries to

obtain its configuration.

❏ ovs-vsctl : a utility for querying and updating the configuration of ovs-

vswitchd.

❏ ovs-dpctl : a tool for configuring and monitoring the switch kernel

module.

❏ ovs-appctl : a utility that sends commands to running Open vSwitch

daemons (ovs-vswitchd).

❏ ovs-controller : a simple OpenFlow controller reference implementation.

❏ brocompat.ko : Linux bridge compatibility module

❏ openvswitch.ko : Open vSwitch switching datapath

Configuration

Table Purpose

Open_vSwitch Open vSwitch configuration

Bridge Bridge configuration

Port Port configuration

Interface One physical network device in a Port

QoS Quality of Service configuration

Queue QoS output queue

Mirror Port mirroring

Controller OpenFlow controller configuration

Manager OVSDB management connection

NetFlow NetFlow configuration

SSL SSL configuration

sFlow sFlow configuration

Capability Capability configuration $man ovs-vswitchd.conf.db

Configuration sample(1)

~$ sudo ovs-vsctl show225d73cc-15b3-4db5-9b45-e783f7c49a10 Bridge br-tun Port "gre-3" Interface "gre-3" type: gre options: {in_key=flow, out_key=flow, remote_ip="192.168.0.10"} Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun}

Bridge br-int Port "tap1" tag: 1 Interface "tap1" Port "tap2" tag: 1 Interface "tap2" Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int}

Configuration sample(2)

VM

vNIC

tap1

br-int

eth0External IP

eth1192.168.0.20

eth2192.168.10.20

VM

vNIC

tap2

patch-tun patch-int br-tun

gre3

GRE tunnel192.168.0.10

Linux Networking Stack

OpenvSwitch Demo - Environment

VM

vNIC

tap1

OpenvSwitch Bridge

eth1

VM

vNIC

tap2

gre-1

eth0

GRE tunnel

VM

vNIC

tap1

OpenvSwitch Bridge

eth1

VM

vNIC

tap2

gre-1

eth0

Tunneling network 192.168.0.0/24

External network

Switch

Switch

Virtual Network with OpenvSwitch - OpenStack

Controller node

Keystone

Network node Compute node - 1 Compute node - 2

Nova

Glance Horizon

Neutron - Server

Neutron L3-agent

Neutron agent

NeutronOpenvSwitch Plug-in

Nova compute

Neutron agent

NeutronOpenvSwitch Plug-in

Nova compute

eth1 eth2

eth0

eth1 eth2

eth0

eth1 eth2

eth0

eth1 eth2

eth0

Management 192.168.0.0/24

Data 192.168.10.0/24

External network

Virtual Network with OpenvSwitch - OpenStack

Neutron OpenvSwitch plug-in GRE tunneling

Network node Compute node - 1

eth0

qg~~~

br-ext br-int

tap~~~

gre-2

gre-1

gre-2

gre-1

VM VM

eth0

qr~~~

br-tun tap1 tap2

br-int

br-

tun

Tunnel <-> compute node - 2

Tunnel

❏ qg~~~ : external gateway interface❏ qr~~~ : virtual router interface❏ tap~~~ : network service interface (DHCP, DNS and …)

Use-case - VMware NSX

Hypervisor

VM VM VM

Hypervisor

VM VM VM

NIC NIC

vNICvNICvNIC vNICvNICvNIC

OpenvSwitch

Switch

NSX Controller Cluster

OpenFlow

❏ Overlay networking❏ GRE & STT

❏ Centralized Controller❏ MAC-over-GRE

❏ ARP Proxy : No MAC flooding❏ Security : OpenvSwitch

Use-case - MidoNet

Hypervisor

VM VMMidoNet

Agent

Hypervisor

VM VM

NIC NIC

vNICvNIC vNICvNIC

OpenvSwitch

Switch

Distributed Database

❏ Overlay networking : GRE❏ L2 ~ L4 (stateful) virtual networking ❏ Virtual Router : for each tenant, provider❏ Forwarding decision in local❏ No OpenFlow❏ Distributed Database

❏ Cassandra : L4 session ❏ Zookeeper : MAC, F/W rules and ...

❏ Latency?

MidoNet Agent

MidoNet Controller

Use-case - Pica8

❏ Two running modes : OpenvSwitch mode and L2/L3 mode❏ Pics OVS : The implementation of OpenvSwitch on Pica8 hardware switch❏ MPLS, GRE❏ Standard 802.1Q VLAN model with trunking❏ link monitoring❏ NetFlow, sFlow

Use-case - Intel DPDK vSwitch

❏ High performance and ultra-low latency packet switching of OpenvSwitch using Intel DPDK(Data Plane Development Kit) acceleration technology.

❏ DPDK vSwitch suggests modified Qemu and OpenvSwitch.❏ 6WIND clams 6WINDGate shows 10x faster performance than standard OpenvSwitch.

❏ http://www.6wind.com/wp-content/uploads/PDF/prod/6WIND-Virtual-Switch-Product-Brief.pdf