Introduction to OpenvSwitch

Slide 1

Slide 1 text

Introduction to OVS Hung-Wei Chiu, Linker Networks TFC Meetup 2017/09/23

Slide 2

Slide 2 text

Hung Wei-Chu ● Linker Networks Software Engineer ○ Container/Virtualization ● SDNDS-TW Co-Founder ● Experiences ○ Synology Network Software Engineer ○ Open Source Contributor ■ Mininet / Floodlight / ONOS / FRRouting ○ Blog ■ hwchiu.com

Slide 3

Slide 3 text

Before we talk about to OpenvSwitch.

Slide 4

Slide 4 text

Have you heard Linux Bridge ?

Slide 5

Slide 5 text

Linux Bridge ● Connect two Ethernet segments together. ● Packets are forwarded based on Ethernet address. ● Support filter and shape traffic ○ ebtables ○ Via Netfilter, TC

Slide 6

Slide 6 text

System view eth0 eth1 wlan0 br0 Linux Host

Slide 7

Slide 7 text

System view eth0 eth1 wlan0 br0 Linux Host tap0 tap1 VM1 eth0 Container1 eth0

Slide 8

Slide 8 text

Other functions ● Packet filter ○ iptables/ebtables ● Traffic shape ○ TC ● 802.1Q ○ Vlan ● Bonding ○ 802.3 ad/rr/alb/xor. etc

Slide 9

Slide 9 text

System view User Space Kernel Space iptables ebtables TC Linux Kernel (Magic) br0 eth0 eth1 L2 forwarding L3 routing ACL/Firewall NAT/Port forwarding

Slide 10

Slide 10 text

Linux Bridge ● Full function provided by kernel network stack + bridge ● Bridge only handle ○ L2 forwarding ○ STP/RSTP

Slide 11

Slide 11 text

So, What is OpenvSwitch

Slide 12

Slide 12 text

Introduction ● 2008 ○ First paper about OpenFlow (SDN) ○ Nicira company ■ OpenvSwitch + Openflow = NVP (Network Virtualization Platform) ● 2012 ○ VMware buy Nicira ■ NSX

Slide 13

Slide 13 text

Introduction ● Hypervisors need to bridge traffic. ○ Linux Bridge ● Why OpenvSwitch ? ○ Targeted at multi-server virtualization. ○ Responding to network dynamics ○ Maintenance of logical tags ○ Hardware Integration

Slide 14

Slide 14 text

Features ● IPv6 ● LACP ○ 802.3ad ● STP/RSTP ● VLAN ● Overlay network ○ GRE/VXLAN/STT/Geneve ● OpenFlow

Slide 15

Slide 15 text

Compare ● OpenvSwitch V.S Linux Bridge ○ Architecture ○ Functions

Slide 16

Slide 16 text

System view User Space Kernel Space ovs-vsctl ovs-dpctl ovs-ofctl OpenvSwitch eth0 eth1 L2 forwarding L3 routing ACL/Firewall NAT/Port forwarding

Slide 17

Slide 17 text

All in one ● iptables/ebtables won’t work anymore. ● Linux native function add complicated ○ VLAN ○ Bonding ● OpenvSwitch try to handle provide features by itself.

Slide 18

Slide 18 text

How ● Handle packets via Openflow rules. ● Handle port types ○ Vlan ○ Bonding ● Some features are supported by linux kernel. ○ Traffic Control ○ Conntrack

Slide 19

Slide 19 text

Openflow ● What is Openflow?

Slide 20

Slide 20 text

Openflow ● One of the first SDN standards. ● Defined the communication protocol in SDN. ○ Controller to forwarding plane of network devices.

Slide 21

Slide 21 text

Openflow rule L2 headers L3 headers L4 headers Switch port ● Forward/Flood ● Drop ● Modify header ● Local ● Forward to Controller Packer bytes/counts Match Action Statistics

Slide 22

Slide 22 text

Example ● L2 forwarding src_MAC L3 headers L4 headers Switch port dst_MAC Action * * 00:11:32:aa:bb:cc * * Forward port 6 src_MAC L3 headers L4 headers Switch port dst_MAC Action * * * * * Normal

Slide 23

Slide 23 text

Example ● L3 forwarding L2 headers dst_ip L4 headers Switch port src_ip Action 1 * 140.113.123.234 140.114.123.234 * Forward port 4

Slide 24

Slide 24 text

Example ● Firewall L2 headers src_tcp_port dst_tcp_port Switch port L3 headers Action 1 * * * 22 Drop

Slide 25

Slide 25 text

Who control those openflow rules ?

Slide 26

Slide 26 text

Controller ● SDN Brain ● Centralized control all SDN network devices. ● Communicated via Northbound API ○ Openflow/SNMP/OVSDB/NetConf.

Slide 27

Slide 27 text

Control Plane Data Plane Network Devices (OVS) Controller (ONOS) NAT Routing Firewall Control Plane Data Plane Network Devices (OVS) Control Plane Data Plane Network Devices (OVS)

Slide 28

Slide 28 text

OpenvSwitch ● Support connection mode ○ Controller ○ Standalone ■ Default behavior is L2 forwarding ● You can control openflow rules via ○ Openflow controller ○ OVS tools

Slide 29

Slide 29 text

How to handle port type ● Implement it by OVS itself ● VLAN ○ Match packet header. ○ You can also push/pop vlan tags on openflow rules. ● Bonding ○ Active-backup ○ balance-slb ○ balance-tcp

Slide 30

Slide 30 text

How to handle bonding ● Active-backup ○ Only backup. ● Balance-slb ○ Based on source MAC + vlan Tag ○ Work with LACP ● Balance-tcp ○ Based on L2/L3/L4 headers ○ Work with LACP

Slide 31

Slide 31 text

The other features ● Traffic Shape by queue ○ Linux kernel TC ● Conntrack ○ Linux kernel conntrack module

Slide 32

Slide 32 text

How to use OVS ● Create ovs bridge (datapath) ○ ovs-vsctl add-br br0 ● How to attach port ○ ovs-vsctl add-port br0 eth0 ● How to dump flows ○ ovs-ofctl dump-flows br0

Slide 33

Slide 33 text

Step by Step User Space Kernel Space ovs-vswitchd ovsdb

Slide 34

Slide 34 text

Step by Step (add-br) User Space Kernel Space ovs-vswitchd ovsdb br0

Slide 35

Slide 35 text

Step by Step (add-port) User Space Kernel Space ovs-vswitchd ovsdb br0 eth0 eth1

Slide 36

Slide 36 text

Step by Step User Space Kernel Space ovs-vswitchd ovsdb br0 eth0 eth1 Packets come from eth0/eth1 are fully controller by br0 now.

Slide 37

Slide 37 text

Router Example (ping) 10.0.0.254 30.0.0.254 20.0.0.254 ovs (10.0.0.254, 20.0.0.254, 30.0.0.254) eth0 eth1 eth2

Slide 38

Slide 38 text

First ● We need to handle ARP request for gateway. ○ table = 0, priority=65535, arp, arp_tpa=10.0.0.254, actions=LOCAL ○ table = 0, priority=65535, arp, arp_tpa=20.0.0.254, actions=LOCAL ○ table = 0, priority=65535, arp, arp_tpa=30.0.0.254, actions=LOCAL ● System will reply ARP response for those ARP request.

Slide 39

Slide 39 text

Second ● We need to handle ARP reply from gateway. ○ table = 0, priority=65535, arp, arp_spa=10.0.0.1, actions=output:1 ○ table = 0, priority=65535, arp, arp_tpa=20.0.0.1, actions=output:2 ○ table = 0, priority=65535, arp, arp_tpa=30.0.0.1, actions=output:3

Slide 40

Slide 40 text

Final ● We need to handle ICMP request/reply ○ table = 0, icmp, nw_dst = 10.0.0.1, actions=mod_dl_dst=00:00:00:00:00:01,output:1 ○ table = 0, icmp, nw_dst = 20.0.0.1, actions=mod_dl_dst=00:00:00:00:00:02,output:2 ○ table = 0, icmp, nw_dst = 30.0.0.1, actions=mod_dl_dst=00:00:00:00:00:03,output:3

Slide 41

Slide 41 text

How to Contribute to ONOS Thank You!