Virtualized Network with OpenvSwitch
Paul Sim Cloud Consultant
[email protected]
Index ● OpenvSwitch Overview ● OpenvSwitch Architecture ● Configuration ● OpenvSwitch Demo ● Virtual Network with OpenvSwitch ● OpenStack with OpenvSwitch ● Use-case
OpenvSwitch Overview
❏ A virtual switch or Virtual Ethernet bridge (VEB) ❏ A key component of networking for virtualized computing ❏ “Open” vSwitch version of Nicira’s proprietary vSwitch ❏ User-space : configuration, control ❏ Kernel-space : datapath (included in main Linux kernel since version 3.3) ❏ Cisco Nexus 1000V, VMware vDS, IBM DVS 5000V, MS Hyper-V vSwitch
OpenvSwitch Overview - Features ❏ Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, LACP (IEEE 802.1AX-2008) ❏ Standard 802.1Q VLAN model with trunking ❏ STP (IEEE 802.1D-1998), Fine-grained QoS control ❏ NIC bonding with source-MAC load balancing, active backup, and L4 hashing ❏ OpenFlow protocol support (including many extensions for virtualization) ❏ Multiple tunneling protocols (VxLAN, Ethernet over GRE, CAPWAP, IPsec, GRE over IPsec) http://openvswitch.org/features/
OpenvSwitch Overview - Performance
OpenvSwitch Architecture
user space
ovs-vsctl ovsdb-client
ovs-appctl
ovs-dpctl
ovs-brcompatd
Remote OpenvSwitch db
OVS Management (JSON RPC)
ovsdb-server
ovs-vswitchd
OpenFlow Controller
OpenFlow
Kernel space
ovs-ofctl brcompat.ko
Netlink
openvswitch.ko Kernel Datapath(Fast Path)
VM tap
vNIC
OpenvSwitch Architecture
VM
VM
vNIC
vNIC
tap1
tap2
Port
Flow table vnet0
vnet1
Packet flows
br-ovs bond0
eth0
eth2
eth1
eth2
Bridge
Interface
OpenvSwitch Architecture ❏
ovs-vswitchd : a daemon that implements the switch, along with a companion Linux kernel module for flow-based switching.
❏
ovsdb-server : a lightweight database server that ovs-vswitchd queries to obtain its configuration.
❏
ovs-vsctl : a utility for querying and updating the configuration of ovsvswitchd.
❏
ovs-dpctl : a tool for configuring and monitoring the switch kernel module.
❏
ovs-appctl : a utility that sends commands to running Open vSwitch daemons (ovs-vswitchd).
❏
ovs-controller : a simple OpenFlow controller reference implementation.
❏
brocompat.ko : Linux bridge compatibility module
❏
openvswitch.ko : Open vSwitch switching datapath
Configuration Table Open_vSwitch Bridge Port Interface QoS
Purpose Open vSwitch configuration Bridge configuration Port configuration One physical network device in a Port Quality of Service configuration
Queue
QoS output queue
Mirror
Port mirroring
Controller
OpenFlow controller configuration
Manager
OVSDB management connection
NetFlow
NetFlow configuration
SSL sFlow Capability
SSL configuration sFlow configuration Capability configuration
$man ovs-vswitchd.conf.db
Configuration sample(1) ~$ sudo ovs-vsctl show 225d73cc-15b3-4db5-9b45-e783f7c49a10 Bridge br-tun Port "gre-3" Interface "gre-3" type: gre options: {in_key=flow, out_key=flow, remote_ip=" Bridge br-int 192.168.0.10"} Port "tap1" Port br-tun tag: 1 Interface br-tun Interface "tap1" type: internal Port "tap2" Port patch-int tag: 1 Interface patch-int Interface "tap2" type: patch Port br-int options: {peer=patch-tun} Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int}
Configuration sample(2)
VM
VM
vNIC
vNIC
tap1
tap2
br-int
gre3
patch-tun
patch-int
br-tun
Linux Networking Stack
eth0 External IP
eth1 192.168.0.20
eth2 192.168.10.20
GRE tunnel 192.168.0.10
OpenvSwitch Demo - Environment External network Switch eth0
eth0
VM
VM
VM
VM
vNIC
vNIC
vNIC
vNIC
tap1
tap2
tap1
tap2
OpenvSwitch Bridge
gre-1
GRE tunnel
gre-1
OpenvSwitch Bridge
eth1
eth1 Switch
Tunneling network 192.168.0.0/24
Virtual Network with OpenvSwitch - OpenStack External network
eth0
eth0
eth0
eth0
Controller node
Network node
Compute node - 1
Compute node - 2
Nova
Keystone
Neutron - Server
Neutron agent
Neutron agent
Glance
Horizon
Neutron L3-agent
Neutron OpenvSwitch Plug-in
Neutron OpenvSwitch Plug-in
Nova compute
Nova compute
eth1
eth2
eth1
eth2
eth1
eth2
Management 192.168.0.0/24 Data 192.168.10.0/24
eth1
eth2
Virtual Network with OpenvSwitch - OpenStack Neutron OpenvSwitch plug-in GRE tunneling Tunnel <-> compute node - 2 Network node
Compute node - 1 gre-2
gre-2
qr~~~
br-tun
qg~~~
br-tun
tap~~~
VM
VM
tap1
tap2
Tunnel br-ext
gre-1
br-int
eth0
gre-1
br-int
eth0
❏ ❏ ❏
qg~~~ : external gateway interface qr~~~ : virtual router interface tap~~~ : network service interface (DHCP, DNS and …)
Use-case - VMware NSX
VM
VM
VM
VM
VM
VM
vNIC
vNIC
vNIC
vNIC
vNIC
vNIC
OpenFlow
OpenvSwitch Hypervisor
NSX Controller Cluster
Hypervisor NIC
NIC
Switch
❏ ❏
❏ ❏
Overlay networking GRE & STT ❏ Centralized Controller ❏ MAC-over-GRE ARP Proxy : No MAC flooding Security : OpenvSwitch
Use-case - MidoNet
VM vNIC
VM vNIC
VM
MidoNet Agent
VM
vNIC
vNIC
MidoNet Agent
Distributed Database
OpenvSwitch Hypervisor
Hypervisor NIC
MidoNet Controller
NIC
Switch
❏ ❏ ❏ ❏ ❏ ❏
❏
Overlay networking : GRE L2 ~ L4 (stateful) virtual networking Virtual Router : for each tenant, provider Forwarding decision in local No OpenFlow Distributed Database ❏ Cassandra : L4 session ❏ Zookeeper : MAC, F/W rules and ... Latency?
Use-case - Pica8
❏ ❏ ❏ ❏ ❏ ❏
Two running modes : OpenvSwitch mode and L2/L3 mode Pics OVS : The implementation of OpenvSwitch on Pica8 hardware switch MPLS, GRE Standard 802.1Q VLAN model with trunking link monitoring NetFlow, sFlow
Use-case - Intel DPDK vSwitch
❏ ❏ ❏
High performance and ultra-low latency packet switching of OpenvSwitch using Intel DPDK(Data Plane Development Kit) acceleration technology. DPDK vSwitch suggests modified Qemu and OpenvSwitch. 6WIND clams 6WINDGate shows 10x faster performance than standard OpenvSwitch. ❏
http://www.6wind.com/wp-content/uploads/PDF/prod/6WIND-Virtual-Switch-Product-Brief.pdf
