OpenStack Quantum SDN With Open Vswitch PDF

Underneath OpenStack Quantum:
Software Defined Networking

with Open vSwitch
Thomas Graf <tgraf@redhat.com>
Principal Software Engineer
Red Hat, Inc.
April 24, 2013
1
Part One
Why Open vSwitch?
Open vSwitch enables Linux to become part of a
Software Defined Networking architecture.
Application
Application
Application
Network Operating System

VM1
VM2
Switch
Switch
Open vSwitch
Switch
Switched Networks
Switches learn from the network traffic they
observe and decide independently.
Compute Node A
Tenant
1
Tenant
2
Network Node B
Tenant
3
Tenant
4
Bridge
Tenant
5
Tenant
6
Bridge
L3
Agent
Switch 1
Switch 2
Switch 3
Peter
3
Alice
Dynamically update flow tables

in a universal language.
In the Software Defined Networking architecture, the
control and data planes are decoupled, network
intelligence and state are logically centralized, and
the underlying network infrastructure is abstracted
from the applications.
Software-Defined Networking:
The New Norm for Networks
ONF White Paper
April 13, 2012

A logically centralized controller decides what is
best for the network based on a global view of the network.
Compute Node A
Tenant
1
Tenant
2
Network Node B
Tenant
3
vSwitch 1
Tenant
5
Tenant
4
Tenant
6
vSwitch 2
L3
Agent
Controller
Switch 1
OpenFlow
Switch 2
Switch 3
Peter
5
Alice

An attempt to create a well-known API for applications
of the Network that did not succeed yet.
OpenDaylight on its way to make this happen.
Application
Application
Application
Network Operating System

Open Interface (OpenFlow)
Switch
Vendor X
Virtual
Switch A
Virtual
Switch B
Switch
Vendor Y
OpenFlow
The Open Standard behind it.
1.
Match on arbitrary
bits in packet
(header)
2.
Execute actions
Forward to port
Drop
Send to
controller
Mangle packet
OpenFlow enables networks to evolve, by giving a remote

controller the power to modify the behavior of network
devices, through a well-defined "forwarding instruction
set". The growing OpenFlow ecosystem now includes
routers, switches, virtual switches, and access points from
a range of vendors.
7
ONF Website
OpenFlow Capable Devices
Software Switches
Open vSwitch, Cisco Nexus 1000V
VMware vSphere, NEC Hyper-V, ...
Hardware Switches
Brocade, Cisco, HP, IBM, Juniper Networks, NEC, ...
Switching ASICs
Indigo Open source firmware leveraging Ethernet
switch ASICs to support up to 48x 10G ports
Mellanox SwitchX-2 chip

Is it production ready?
Part Two
Open vSwitch
Open vSwitch is a virtual switch for hypervisors providing
network connectivity to virtual machines.
Controller
Compute Node A
Open Flow
pe
n
O
Tenant
3
ow
Fl
Tenant
2
n
pe
O
Tenant
1
Network Node B
Fl
ow
Compute Node A
Open vSwitch
Tenant
1
Tenant
2
Open vSwitch
L3
Agent
Hardware Switch
Alice
10
Tenant
3
Peter
Open vSwitch Project
Primarily used as a virtual switch for VMs
Multi Platform (Linux, Microsoft, and Silicon)
Developed by Nicira & Community
Apache License (User Space), GPL (Kernel)
OpenFlow 1.1 + extensions
Any netdevice (physical/virtual) can be added as uplink

port
11
How does it work?

Open vSwitch maintains a flow table that defines what
to do with each flow.
Compute/Network Node
Tenant
1
Tenant
2
Tenant
3
Tenant
n
Controller
br-int
Open vSwitch
Quantum OVS Agent
Quantum L3 Agent
Quantum DHCP Agent
br-eth1
eth1
Flow table
Patch ports
OpenFlow
br-tun
br-ext
eth0
To Network Node
12
External Network
Feature
Fine Grained Flow Table Control
13
Extensive flow matching capabilities
Layer 1 Tunnel ID, In Port, QoS priority, skb mark
Layer 2 MAC address, VLAN ID, Ethernet type
Layer 3 IPv4/IPv6 fields, ARP
Layer 4 TCP/UDP, ICMP, ND
Possible chain of actions
Output to port (port range, flood, mirror)
Discard, Resubmit to table x
Packet Mangling (Push/Pop VLAN header, TOS, ...)
Send to controller, Learn

Feature
Security / L2 Segregation
VLAN isolation enforces VLAN membership of
a VM without the knowledge of the guest itself.
Compute Node
# ovs-vsctl add-port ovsbr port2 tag=10
VLAN 1
VM1
VLAN 2
VM2
VM3
Open vSwitch
Caveat: MAX(VLAN_ID) limited

14
Feature
Tunneling
Tunneling provides isolation and reduces
dependencies on the physical network.
Compute Node 2
Compute Node 1
Controller
VNET 1
Fl
ow
O
VM4
Open vSwitch
VM6
Open vSwitch
{ GRE | STT | VXLAN } Tunnel
Hardware Switch
15
VM5
ow
Fl
pe
n
VM3
n
pe
VM2
VNET 1
VNET 2
O
VM1
VNET 2
Feature
Visibility
Supports industry standard technology to
monitor the use of a network.
16
NetFlow
Port Mirroring
SPAN
RSPAN
ERSPAN
Feature
Quality of Service
Uses existing Traffic Control Layer
Policer (Ingress rate limiter)
HTB, HFSC (Egress traffic classes)
Controller (Open Flow) can select Traffic Class

Virtual Host
# ovs-vsctl set Interface port2 \

ingress_policing_rate=1000
VLAN 10
VM1
VM2
1mbit
port1
ovsbr
17
port2
Architecture
Management
ovs-ofctl
OpenFlow
ovs-dpctl
sFlow
ovsdb-tool
ovs-vsctl
(3)
User
space
2 upcall
vswitchd
5 reinject
Netlink
Kernel
Datapath
ovsdb
4
6
Packet Processing
Flow Table
From NetDevice
To NetDevice
Promiscuous Mode
18
Management Workflow
Modifying the Flow Table

Strip VLAN header of all packets from MAC address
11:22:33:44:55:66 and forward packet to port 1.
# ovs-ofctl add-flow ovsbr \
dl_src=11:22:33:44:55:66,actions=strip_vlan,output:1
# ovs-ofctl dump-flows ovsbr
[...]
cookie=0x0, duration=36.24s, table=0, n_packets=0,
n_bytes=0, idle_age=36, dl_src=11:22:33:44:55:66
actions=strip_vlan,output:1
19
Questions?
Open vSwitch
OpenFlow
http://www.openflow.org/
Open Networking Foundation
http://www.openvswitch.org/
http://www.opennetworking.org/
sFlow
http://www.sflow.org/
Going with the Flow: Googles Secret Switch to the Next Wave of
Networking
20
http://www.wired.com/wiredenterprise/2012/04/going-with-the-flow-google/

OpenStack Quantum SDN With Open Vswitch PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OpenStack Quantum SDN With Open Vswitch PDF

Uploaded by

Copyright:

Available Formats

Underneath OpenStack Quantum:

Software Defined Networking

Thomas Graf <tgraf@redhat.com>

Network Operating System

Thomas Graf <tgraf@redhat.com>

Dynamically update flow tables

Thomas Graf <tgraf@redhat.com>

Software Defined Networking

Software Defined Networking

Network Operating System

Thomas Graf <tgraf@redhat.com>

OpenFlow enables networks to evolve, by giving a remote

Thomas Graf <tgraf@redhat.com>

OpenFlow Capable Devices

Open vSwitch, Cisco Nexus 1000V

VMware vSphere, NEC Hyper-V, ...

Brocade, Cisco, HP, IBM, Juniper Networks, NEC, ...

Mellanox SwitchX-2 chip

Thomas Graf <tgraf@redhat.com>

Thomas Graf <tgraf@redhat.com>

Open vSwitch Project

Primarily used as a virtual switch for VMs

Multi Platform (Linux, Microsoft, and Silicon)

Developed by Nicira & Community

Apache License (User Space), GPL (Kernel)

OpenFlow 1.1 + extensions

Any netdevice (physical/virtual) can be added as uplink

Thomas Graf <tgraf@redhat.com>

How does it work?

Extensive flow matching capabilities

Layer 1 Tunnel ID, In Port, QoS priority, skb mark

Layer 2 MAC address, VLAN ID, Ethernet type

Layer 3 IPv4/IPv6 fields, ARP

Layer 4 TCP/UDP, ICMP, ND

Possible chain of actions

Output to port (port range, flood, mirror)

Discard, Resubmit to table x

Packet Mangling (Push/Pop VLAN header, TOS, ...)

Send to controller, Learn

# ovs-vsctl add-port ovsbr port2 tag=10

Caveat: MAX(VLAN_ID) limited

Thomas Graf <tgraf@redhat.com>

{ GRE | STT | VXLAN } Tunnel

Thomas Graf <tgraf@redhat.com>

Thomas Graf <tgraf@redhat.com>

Uses existing Traffic Control Layer

Policer (Ingress rate limiter)

HTB, HFSC (Egress traffic classes)

Controller (Open Flow) can select Traffic Class

# ovs-vsctl set Interface port2 \

Thomas Graf <tgraf@redhat.com>

Thomas Graf <tgraf@redhat.com>

Modifying the Flow Table

Thomas Graf <tgraf@redhat.com>

Open Networking Foundation

Thomas Graf <tgraf@redhat.com>

You might also like