Virtualized Network with OpenvSwitch

Paul Sim
Cloud Consultant
paul.sim@canonical.com

Index
OpenvSwitch Overview
OpenvSwitch Architecture
Configuration
OpenvSwitch Demo
Virtual Network with OpenvSwitch
OpenStack with OpenvSwitch
Use-case

OpenvSwitch Overview

A virtual switch or Virtual Ethernet bridge (VEB)

A key component of networking for virtualized
computing
Open vSwitch version of Niciras proprietary vSwitch
User-space : configuration, control
Kernel-space : datapath (included in main Linux kernel
since version 3.3)
Cisco Nexus 1000V, VMware vDS, IBM DVS 5000V, MS
Hyper-V vSwitch

OpenvSwitch Overview - Features

Visibility into inter-VM communication via NetFlow,
sFlow(R), IPFIX, SPAN, LACP (IEEE 802.1AX-2008)
Standard 802.1Q VLAN model with trunking
STP (IEEE 802.1D-1998), Fine-grained QoS control
NIC bonding with source-MAC load balancing, active
backup, and L4 hashing
OpenFlow protocol support (including many extensions
for virtualization)
Multiple tunneling protocols (VxLAN, Ethernet over
GRE, CAPWAP, IPsec, GRE over IPsec)
http://openvswitch.org/features/

OpenvSwitch Overview - Performance

OpenvSwitch Architecture

user space

ovs-vsctl
ovsdb-client

ovs-appctl

ovs-dpctl

ovs-brcompatd

Remote
OpenvSwitch db

OVS Management
(JSON RPC)

ovsdb-server

ovs-vswitchd

OpenFlow
Controller

OpenFlow

Kernel space

ovs-ofctl
brcompat.ko

Netlink

openvswitch.ko
Kernel Datapath(Fast Path)

VM
tap

vNIC

OpenvSwitch Architecture

VM

VM

vNIC

vNIC

tap1

tap2

Port

Flow table
vnet0

vnet1

Packet flows

br-ovs
bond0

eth0

eth2

eth1

eth2

Bridge

Interface

OpenvSwitch Architecture

ovs-vswitchd : a daemon that implements the switch, along with a

companion Linux kernel module for flow-based switching.

ovsdb-server : a lightweight database server that ovs-vswitchd queries to

obtain its configuration.

ovs-vsctl : a utility for querying and updating the configuration of ovsvswitchd.

ovs-dpctl : a tool for configuring and monitoring the switch kernel

module.

ovs-appctl : a utility that sends commands to running Open vSwitch

daemons (ovs-vswitchd).

ovs-controller : a simple OpenFlow controller reference implementation.

brocompat.ko : Linux bridge compatibility module

openvswitch.ko : Open vSwitch switching datapath

Configuration
Table
Open_vSwitch
Bridge
Port
Interface
QoS

Purpose
Open vSwitch conguration
Bridge conguration
Port conguration
One physical network device in a Port
Quality of Service conguration

Queue

QoS output queue

Mirror

Port mirroring

Controller

OpenFlow controller conguration

Manager

OVSDB management connection

NetFlow

NetFlow conguration

SSL
sFlow
Capability

SSL conguration
sFlow conguration
Capability configuration

$man ovs-vswitchd.conf.db

Configuration sample(1)
~$ sudo ovs-vsctl show
225d73cc-15b3-4db5-9b45-e783f7c49a10
Bridge br-tun
Port "gre-3"
Interface "gre-3"
type: gre
options: {in_key=flow, out_key=flow, remote_ip="
Bridge br-int
192.168.0.10"}
Port "tap1"
Port br-tun
tag: 1
Interface br-tun
Interface "tap1"
type: internal
Port "tap2"
Port patch-int
tag: 1
Interface patch-int
Interface "tap2"
type: patch
Port br-int
options: {peer=patch-tun}
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}

Configuration sample(2)

VM

VM

vNIC

vNIC

tap1

tap2

br-int

gre3

patch-tun

patch-int

br-tun

Linux Networking Stack

eth0
External IP

eth1
192.168.0.20

eth2
192.168.10.20

GRE tunnel
192.168.0.10

OpenvSwitch Demo - Environment

External network
Switch
eth0

eth0

VM

VM

VM

VM

vNIC

vNIC

vNIC

vNIC

tap1

tap2

tap1

tap2

OpenvSwitch Bridge

gre-1

GRE tunnel

gre-1

OpenvSwitch Bridge

eth1

eth1
Switch

Tunneling network
192.168.0.0/24

Virtual Network with OpenvSwitch - OpenStack

External network

eth0

eth0

eth0

eth0

Controller node

Network node

Compute node - 1

Compute node - 2

Nova

Keystone

Neutron - Server

Neutron agent

Neutron agent

Glance

Horizon

Neutron L3-agent

Neutron
OpenvSwitch Plug-in

Neutron
OpenvSwitch Plug-in

Nova compute

Nova compute

eth1

eth2

eth1

eth2

eth1

eth2

Management 192.168.0.0/24
Data 192.168.10.0/24

eth1

eth2

Virtual Network with OpenvSwitch - OpenStack

Neutron OpenvSwitch plug-in GRE tunneling
Tunnel <-> compute node - 2
Network node

Compute node - 1
gre-2

gre-2

qr~~~

br-tun

qg~~~

br-tun

tap~~~

VM

VM

tap1

tap2

Tunnel
br-ext

gre-1

br-int

eth0

gre-1

br-int

eth0

qg~~~ : external gateway interface

qr~~~ : virtual router interface
tap~~~ : network service interface (DHCP, DNS and )

Use-case - VMware NSX

VM

VM

VM

VM

VM

VM

vNIC

vNIC

vNIC

vNIC

vNIC

vNIC

OpenFlow

OpenvSwitch
Hypervisor

NSX Controller
Cluster

Hypervisor
NIC

NIC

Switch

Overlay networking
GRE & STT
Centralized Controller
MAC-over-GRE
ARP Proxy : No MAC flooding
Security : OpenvSwitch

Use-case - MidoNet

VM
vNIC

VM
vNIC

VM

MidoNet
Agent

VM

vNIC

vNIC

MidoNet
Agent

Distributed
Database

OpenvSwitch
Hypervisor

Hypervisor
NIC

MidoNet
Controller

NIC

Switch

Overlay networking : GRE

L2 ~ L4 (stateful) virtual networking
Virtual Router : for each tenant, provider
Forwarding decision in local
No OpenFlow
Distributed Database
Cassandra : L4 session
Zookeeper : MAC, F/W rules and ...
Latency?

Use-case - Pica8

Two running modes : OpenvSwitch mode and L2/L3 mode

Pics OVS : The implementation of OpenvSwitch on Pica8 hardware switch
MPLS, GRE
Standard 802.1Q VLAN model with trunking
link monitoring
NetFlow, sFlow

Use-case - Intel DPDK vSwitch

High performance and ultra-low latency packet switching of OpenvSwitch using Intel
DPDK(Data Plane Development Kit) acceleration technology.
DPDK vSwitch suggests modified Qemu and OpenvSwitch.
6WIND clams 6WINDGate shows 10x faster performance than standard OpenvSwitch.

http://www.6wind.com/wp-content/uploads/PDF/prod/6WIND-Virtual-Switch-Product-Brief.pdf