Introduction to OpenvSwitch

Transcript

1. Introduction to OVS Hung-Wei Chiu, Linker Networks TFC Meetup 2017/09/23

2. Hung Wei-Chu • Linker Networks Software Engineer ◦ Container/Virtualization •

   SDNDS-TW Co-Founder • Experiences ◦ Synology Network Software Engineer ◦ Open Source Contributor ▪ Mininet / Floodlight / ONOS / FRRouting ◦ Blog ▪ hwchiu.com

3. Before we talk about to OpenvSwitch.

4. Have you heard Linux Bridge ?

5. Linux Bridge • Connect two Ethernet segments together. • Packets

   are forwarded based on Ethernet address. • Support filter and shape traffic ◦ ebtables ◦ Via Netfilter, TC

6. System view eth0 eth1 wlan0 br0 Linux Host

7. System view eth0 eth1 wlan0 br0 Linux Host tap0 tap1

   VM1 eth0 Container1 eth0

8. Other functions • Packet filter ◦ iptables/ebtables • Traffic shape

   ◦ TC • 802.1Q ◦ Vlan • Bonding ◦ 802.3 ad/rr/alb/xor. etc

9. System view User Space Kernel Space iptables ebtables TC Linux

   Kernel (Magic) br0 eth0 eth1 L2 forwarding L3 routing ACL/Firewall NAT/Port forwarding

10. Linux Bridge • Full function provided by kernel network stack

    + bridge • Bridge only handle ◦ L2 forwarding ◦ STP/RSTP

11. So, What is OpenvSwitch

12. Introduction • 2008 ◦ First paper about OpenFlow (SDN) ◦

    Nicira company ▪ OpenvSwitch + Openflow = NVP (Network Virtualization Platform) • 2012 ◦ VMware buy Nicira ▪ NSX

13. Introduction • Hypervisors need to bridge traffic. ◦ Linux Bridge

    • Why OpenvSwitch ? ◦ Targeted at multi-server virtualization. ◦ Responding to network dynamics ◦ Maintenance of logical tags ◦ Hardware Integration

14. Features • IPv6 • LACP ◦ 802.3ad • STP/RSTP •

    VLAN • Overlay network ◦ GRE/VXLAN/STT/Geneve • OpenFlow

15. Compare • OpenvSwitch V.S Linux Bridge ◦ Architecture ◦ Functions

16. System view User Space Kernel Space ovs-vsctl ovs-dpctl ovs-ofctl OpenvSwitch

    eth0 eth1 L2 forwarding L3 routing ACL/Firewall NAT/Port forwarding

17. All in one • iptables/ebtables won’t work anymore. • Linux

    native function add complicated ◦ VLAN ◦ Bonding • OpenvSwitch try to handle provide features by itself.

18. How • Handle packets via Openflow rules. • Handle port

    types ◦ Vlan ◦ Bonding • Some features are supported by linux kernel. ◦ Traffic Control ◦ Conntrack

19. Openflow • What is Openflow?

20. Openflow • One of the first SDN standards. • Defined

    the communication protocol in SDN. ◦ Controller to forwarding plane of network devices.

21. Openflow rule L2 headers L3 headers L4 headers Switch port

    • Forward/Flood • Drop • Modify header • Local • Forward to Controller Packer bytes/counts Match Action Statistics

22. Example • L2 forwarding src_MAC L3 headers L4 headers Switch

    port dst_MAC Action * * 00:11:32:aa:bb:cc * * Forward port 6 src_MAC L3 headers L4 headers Switch port dst_MAC Action * * * * * Normal

23. Example • L3 forwarding L2 headers dst_ip L4 headers Switch

    port src_ip Action 1 * 140.113.123.234 140.114.123.234 * Forward port 4

24. Example • Firewall L2 headers src_tcp_port dst_tcp_port Switch port L3

    headers Action 1 * * * 22 Drop

25. Who control those openflow rules ?

26. Controller • SDN Brain • Centralized control all SDN network

    devices. • Communicated via Northbound API ◦ Openflow/SNMP/OVSDB/NetConf.

27. Control Plane Data Plane Network Devices (OVS) Controller (ONOS) NAT

    Routing Firewall Control Plane Data Plane Network Devices (OVS) Control Plane Data Plane Network Devices (OVS)

28. OpenvSwitch • Support connection mode ◦ Controller ◦ Standalone ▪

    Default behavior is L2 forwarding • You can control openflow rules via ◦ Openflow controller ◦ OVS tools

29. How to handle port type • Implement it by OVS

    itself • VLAN ◦ Match packet header. ◦ You can also push/pop vlan tags on openflow rules. • Bonding ◦ Active-backup ◦ balance-slb ◦ balance-tcp

30. How to handle bonding • Active-backup ◦ Only backup. •

    Balance-slb ◦ Based on source MAC + vlan Tag ◦ Work with LACP • Balance-tcp ◦ Based on L2/L3/L4 headers ◦ Work with LACP

31. The other features • Traffic Shape by queue ◦ Linux

    kernel TC • Conntrack ◦ Linux kernel conntrack module

32. How to use OVS • Create ovs bridge (datapath) ◦

    ovs-vsctl add-br br0 • How to attach port ◦ ovs-vsctl add-port br0 eth0 • How to dump flows ◦ ovs-ofctl dump-flows br0

33. Step by Step User Space Kernel Space ovs-vswitchd ovsdb

34. Step by Step (add-br) User Space Kernel Space ovs-vswitchd ovsdb

    br0

35. Step by Step (add-port) User Space Kernel Space ovs-vswitchd ovsdb

    br0 eth0 eth1

36. Step by Step User Space Kernel Space ovs-vswitchd ovsdb br0

    eth0 eth1 Packets come from eth0/eth1 are fully controller by br0 now.

37. Router Example (ping) 10.0.0.254 30.0.0.254 20.0.0.254 ovs (10.0.0.254, 20.0.0.254, 30.0.0.254)

    eth0 eth1 eth2

38. First • We need to handle ARP request for gateway.

    ◦ table = 0, priority=65535, arp, arp_tpa=10.0.0.254, actions=LOCAL ◦ table = 0, priority=65535, arp, arp_tpa=20.0.0.254, actions=LOCAL ◦ table = 0, priority=65535, arp, arp_tpa=30.0.0.254, actions=LOCAL • System will reply ARP response for those ARP request.

39. Second • We need to handle ARP reply from gateway.

    ◦ table = 0, priority=65535, arp, arp_spa=10.0.0.1, actions=output:1 ◦ table = 0, priority=65535, arp, arp_tpa=20.0.0.1, actions=output:2 ◦ table = 0, priority=65535, arp, arp_tpa=30.0.0.1, actions=output:3

40. Final • We need to handle ICMP request/reply ◦ table

    = 0, icmp, nw_dst = 10.0.0.1, actions=mod_dl_dst=00:00:00:00:00:01,output:1 ◦ table = 0, icmp, nw_dst = 20.0.0.1, actions=mod_dl_dst=00:00:00:00:00:02,output:2 ◦ table = 0, icmp, nw_dst = 30.0.0.1, actions=mod_dl_dst=00:00:00:00:00:03,output:3

41. How to Contribute to ONOS Thank You!