SlideShare a Scribd company logo

Demystifying openvswitch

Prasad Mukhedkar, profile picture
Prasad Mukhedkar

The document provides an overview of software-defined networking (SDN) concepts and introduces Open vSwitch (OVS). It discusses: - The objectives of explaining SDN concepts, introducing OVS, and demonstrating its features through KVM virtualization and the Opendaylight controller. - Key takeaways around getting familiar with OVS CLI utilities, when to use different features, and creating VLANs for testbeds using KVM. - How SDN separates the control plane that makes forwarding decisions from the data plane that performs forwarding, allowing centralized network control. - An overview of OVS architecture with userspace control tools communicating with kernel-level datapath through a database, and support for

Technology
1 of 28
1
2
Most read
3
4
Most read
5
6
7
8
9
10
11
12
13
14
15
16
17
Most read
18
19
20
21
22
23
24
25
26
27
28
Demystifying OpenVswitch Start your SDN journey today! Prasad Mukhedkar Emerging Technologies Group, Red Hat. pmukhedk@redhat.com
Objectives and Takeways Session Objectives : ● High level overveiw of SDN Concepts and introduction of OpenvSwitch, ● Understand how to use OpenVswitch with KVM Virtualization ● Various OpenvSwitch Features with Demo ● SDN - OpenFlow ● SDN Controller (opendaylight project) Key Takeways : ● Getting familiar with openvswitch and its cli utilities ● When to use which Feature of OpenvSwitch. ● Creating vlans for your TestBeds (KVM). ● Opendaylight controller and OpenFlow
What is SDN? Software Defined Network? ● Separation of the control from the forwarding plane. ● Software programmability for network elements. ● Centralized network control and management . The control plane is where forwarding/routing decisions are made (Software Logic) The data plane is where the data forwarding action takes place. (instructions to carry traffic over hardware ) The SDN architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for the applications and network service.
10000 foot view of SDN Approach Notice how control and data planes are separated and how this separation helps applications to directly controls network opening doors for innovation. Network Infrastructure - This consists the network devices such as routers and switches, Both physical as well as virtual. Controller - This encompass the software based on a centralized controller which could be on a server that talks to all the devices in the network using open API’s, Like OpenFlow or OVMDB. Applications : This encompasses the variety of application for which the network exists. This includes voice, video, enterprise applications, security appliances such as intrusion detection. These application can to the controller using open API’s to give them what they want. For example, Voice traffic may ask the controller to have it treated with least latency while an enterprise backup server may tell the controller to give it bandwith whenever it is available.
Limitations of Linux Bridge Guest (VM) networking in KVM has traditionally been done using linux, It is simple to configure and manage but is not originally designed for virtual networking and therefore poses integration and management challenges. Linux Bridge An unmanaged software switch ! Robust, Does packet forwarding job very well. Fast, simple to use, No complexity Linux Bridge's “root cause problem” It is Closed for Innovations!
What is OpenvSwitch? OpenvSwitch is an open source openflow capable virtual switch. If you’re familiar with VMware, think of it as an open source Distributed ● Flexible Control in user-space with comprehensive management tools ● Fast Datapath (forwarding plane) in kernel ● Adopted in base kernel, since version 3.3 ● Open vSwitch was included since RHEL 6 .4 (only datapath, no Control). ● Any netdevice (physical/virtual) can be added as uplink port
OpenvSwitch Architecture The data path (ovs kernel module) uses netlink socket to interacts with vswitchd daemon that implements and manages any number ovs switches on local system, SDN Controller interacts with vswitchd using openflow protocol. The ovsdb-server maintains the switch table database and external clients can talk to ovsdb-server using json rpc and json being the data format. ovsdb database currently contains around 13 tables and this database is persistent across restarts.
Openvswitch installation Starting with Fedora 16 the openvswitch user space tools and the required kernel modules are included in the Fedora distribution. # sudo dnf install openvswitch openvswitch package contains all the required user space tools including the ovsdb and series of command line utilities to configure, monitor and manage open vswitch instances. Following are the important configuration files of openvswitch. RHEL 7 and later (Need openstack or openshift channel) #rpm -qc openvswitch /etc/logrotate.d/openvswitch /etc/openvswitch/conf.db /etc/openvswitch/system-id.conf /etc/sysconfig/openvswitch
Starting up the openvswitch service The Openvswitch.service is comprised by two daemons. One is a database and another is the switch itself. #/bin/systemctl start openvswitch.service #systemctl enable openvswitch.service 1. Kernel module gets loaded. module name is "openvswitch" #modinfo openvswitch filename: /lib/modules/4.1.6-200.fc22.x86_64/kernel/net/openvswitch/openvswitch.ko.xz license: GPL description: Open vSwitch switching datapath 2. Database is created. copied /usr/share/openvswitch/vswitch.ovsschema /etc/openvswitch/conf.db
Openvswitch command-line interfaces #ovs-vsctl - This command is used to set up, maintain, and inspect various ovs switch configurations. It provides a high level interface for Open vSwitch Database to query and apply changes on runtime. #ovs-ofctl and ovs-dpctl - These two commands are used for administering and monitoring flow entries. You learned that OVS manages two kinds of flow. OpenFlows - The flows managed at control plane. Datapath - Kernel flow. A kind of cached version of the OpenFlow. ovs-ofctl - speaks to OpenFlow module whereas ovs-dpctl - speaks to Kernel module. Following two are most used options of each of these commands ovs-appctl - This command offer a way to send commands to a running Open vSwitch and gather information that is not directly exposed to ovs-ofctl command. This is swiss army knife of openflow troubleshooting.
Setting up your first openvswitch bridge Multiple ways to Setup/Configure . - The ovs-vsctl is the primary command to create, remove and administer openvswitch. The operation performed using ovs-vsctl are persistent across system reboot. [root@kvmHOST1 ~]# ovs-vsctl add-br vswitch001 [root@kvmHOST1 ~]# ovs-vsctl show - Configuring a openvswitch bridge using network scripts. [root@kvmHOST1]cat /etc/sysconfig/network-scripts/ifcfg- vswitch002 DEVICE="vswitch002" BOOTPROTO="dhcp" DEFROUTE="yes" IPV4_FAILURE_FATAL="yes" IPV6INIT=no ONBOOT="yes" TYPE="OVSBridge" DEVICETYPE="ovs" Doc on ifcfg directives for openvswitch /usr/share/doc/openvswitch/README.RHEL
Integrating KVM VMs and OVS Edit VM XML Configuration #virsh edit vm-name <interface type='bridge'> <mac address='52:54:00:ce:51:53''/> <source bridge=vswitch001/> <virtualport type='openvswitch'/> <target dev=<vm001_vp01> <model type='virtio'/> </interface> Libvirt Network Pool #cat ovs-network.xml <network> <name>NewNetwork</name> <forward mode='bridge'/> <bridge name='vswitch1'/> <virtualport type='openvswitch'/> </network> virsh net-define ovs-network.xml Network vswitch-net defined from ovs-network.xml # virsh net-start vswitch-net Network vswitch-net started A quick method! #virt-xml vm_01 --edit --network virtualport_type='openvswitch',source=vswitch001 ,target=vm001_vp01
Feature 1 : Security / L2 Segregation VLAN isolation enforces VLAN membership of a VM without the knowledge of the guest itself. VLan1 : [root@kvmHOST1 ~]# ovs-vsctl set port fed1 tag=10 [root@kvmHOST1 ~]# ovs-vsctl set port fed2 tag=10 vLan2: [root@kvmHOST1 ~]# ovs-vsctl set port fed3 tag=20 [root@kvmHOST1 ~]# ovs-vsctl set port fed4 tag=20 #ovs-vsctl set port fed1 trunks=20,30,40 Monitor #ovsdb-client monitor Port name,trunks -- detach The default, vlan_mode used is "access", Its native mechanism of the vlan. VLAN Tag is added when packets enter a Access port, and stripped off when leave a access port. Other vlan_mode are native−tagged, native−untagged and trunk
libvirt Integration <portgroup name='novlan' default='yes'> </portgroup> <portgroup name='vlan-finance'> <vlan> <vlan-mode=native-tagged> <tag id='10'/> </vlan> </portgroup> <portgroup name='vlan-marketing'> <vlan trunk='yes'> <tag id='20'/> <tag id='30'/> <tag id='30'/> </vlan> </portgroup> portgroup feature of libvirt provides a method of easily putting guest connections to the network into different classes, with each class potentially having a different level/type of service.
Feature 2 : Overlay Networks Overlay Networks are industry standard techniques designed achieve Network Virtualization. Network Overlays such as Virtual eXtensible Local Area Network a(VXLAN) and Generic Routing Encapsulation (GRE) achieve network virtualization by overlaying layer 2 networks over physical layer 3 networks which enable network scalability and efficient use of current network infrastructure. Openvswitch supports multiple tunneling protocols (GRE, VXLAN, STT, and Geneve, with IPsec support) vm1 vm2 10.0.0.1 vxLan tunnle 10.0.0.2 overway N/W | | kvmhost1 kvmhost2 192.168.1.10 underlay N/W 192.168.2.20
Configuring Overlay Networks Host1 #ovs-vsctl add-port vswitch vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip=192.168.1.20 Host2 #ovs-vsctl add-port vswitch vxlan1 -- set interface vxlan2 type=vxlan options:remote_ip=192.168.1.10 Other options : local_ip, in_key, out_key,tos,ttl
Feature 3 : QoS The network QoS (quality of service) QoS refers to the ability of the network to handle it traffic such that it meets the service needs of certain applications. It is often used as a synonym for traffic control. QoS Policing - Rate Limiting Qos Shaping - Dedicated Queue Input(inbound) and output(outbound) traffic
Feature 3 : QoS Configuration Shaping Create a queue(q0) with required network bandwidth. Here in this example I am limiting the egress traffic bandwidth to 10 MBps. Create a Queue #ovs-vsctl --id=@q0 create queue other-config:min- rate=100000 other-config:max-rate=100000 Create Qos #ovs-vsctl create qos type=linux-htb queues=0=05c73c42-3191-4025-96ce- cd6b86ab2775 Add Qos to a port #ovs-vsctl set port vent0 qos= 09f5b3c4- 35b7-4326-bae8-780b7ccadb3f Policing To apply QoS on a VM to control its inbound traffic, Modify its interface table to configure an ingress policing rule. There are two rules to set: ingress_policing_rate: The maximum rate (in Kbps) that this VM should be allowed to send. ingress_policing_burst: A parameter to the policing algorithm to indicate the maximum amount of data (in Kb) that this interface can send beyond the policing rate. ovs-vsctl set interface fed1 ingress_policing_rate=20000 ovs-vsctl set interface fed1 ingress_policing_burst=200
Feature 4 : Port Mirroring OpenVswitch support port mirroring features out of the box, This feature is exactly similar to the port mirroring capability available on the new generation physical switches. With Port Mirroring Network administrator can get an insight on what kind of traffic is flowing on the network. #ovs-vsctl -- --id=@m create mirror name=M1 -- add bridge vswitch001 mirrors @m $ovs-vsctl set port fed1 -- set mirror M1 select_src_port=@fed1 select_dst_port=@fed2 select_dst_port = Ports on which incoming packets are selected for select_src_port = Ports on which outgoing packets are selected for mirroring. select_all = Its boolean, when to true. every packet incoming or outgoing on any port connected to bridge will be mirrored. output_port = specify to which port we want to send this mirrored traffic
Feature 4 : Port Mirroring SPAN (Switched Port Analyzer) #ip link add dummy0 type dummy # ovs-vsctl -- --id=@dummy0 get port dummy0 -- set mirror mymirror select_all=true output-port=@dummy0
SDN Controllers An SDN controller is an application in software-defined networking (SDN) that manages flow control to enable intelligent networking. Flow table is managed by a remote SDN controller, You can install or remove control flows using the SDN controller connected to the bridge
Managing Openvswitch via a SDN Controller By connecting an openvswitch to SDN controller, We get level of abstraction and automation required to revolutionize networking. #ovs-vsctl set-controller vswitch0 tcp:192.168.1.20:6633
More about openflow OpenFlow allows creating powerful L2-L4 service insertion, A flow contains entries that matches packets and apply actions that may include packet forwarding, packet modification and others. Basically rules are used to create expression, If expression matches, The defined Action is applied.
Flow example Example : 1 cookie=0x0, duration=14.604s, table=0, n_packets=61, n_bytes=7418, idle_timeout=10, hard_timeout=30,tcp, vlan_tci=0x0000, dl_src=52:54:00:CE:51:52, dl_dst=52:54:00:CE:51:53, nw_src=10.0.0.1, nw_dst=10.0.0.2, nw_tos=0, tp_src=22, tp_dst=554 actions=output:1 Example 2 : Where can I learn more about flow ? https://flowsim.flowgrammable.org/
OpenVswitch Troubleshooting - openvswitch Services Log files : /var/log/openvswitch/ovs-vswitchd.log /var/log/openvswitch/ovsdb-server.log - VLOG : OpenvSwitch has a built-in logging mechanism called VLOG. The VLOG facility expose deep internal information of various components. First Determine at what level your problem is occurring, Is it Bonding problem? #ovs-appctl vlog/list ovs-appctl vlog/list | grep -i bond - Verbosity of logging supported are (must be: emer, err, warn, info, or dbg), #ovs-appctl vlog/set module[:facility[:level]]
OpenVswitch Troubleshooting - ovsdb-client utility to query the ovs database Tables : #ovsdb-client list-tables Bridge, Queue,QoS,Port, Interface # "ovsdb-client list-columns <table_name>" Prints columns in a particular table, There are many columns in each table. ovsdb-client monitor <table_name> <cloumn_name> --detach - Some other handy tools #ovsdb-tool showlog" to see data inserted into ovsdb, its openvswitch configuration #ovs-vsctl --format=table --column=name,vlan_mode
OpenVswitch Troubleshooting "Show My Network State" is good utility to get graphically display of the virtual/physical network topology inside a single host. The tools is available here for download, https://sites.google.com/site/showmynetworkstate/
Questions?

More Related Content

PDF
Understanding Open vSwitch
YongKi Kim
 
PPTX
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
PDF
Linux Networking Explained
Thomas Graf
 
PDF
netfilter and iptables
Kernel TLV
 
PPTX
OpenvSwitch Deep Dive
rajdeep
 
PDF
Open vSwitch Introduction
HungWei Chiu
 
PPTX
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group
 
PPTX
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 
Understanding Open vSwitch
YongKi Kim
 
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
Linux Networking Explained
Thomas Graf
 
netfilter and iptables
Kernel TLV
 
OpenvSwitch Deep Dive
rajdeep
 
Open vSwitch Introduction
HungWei Chiu
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 

What's hot (20)

PDF
Large scale overlay networks with ovn: problems and solutions
Han Zhou
 
PDF
Virtualized network with openvswitch
Sim Janghoon
 
PPTX
OVN - Basics and deep dive
Trinath Somanchi
 
PPTX
SDN Architecture & Ecosystem
Kingston Smiler
 
PDF
BGP Dynamic Routing and Neutron
rktidwell
 
ODP
eBPF maps 101
SUSE Labs Taipei
 
PPTX
OVN DBs HA with scale test
Aliasgar Ginwala
 
PDF
BPF Internals (eBPF)
Brendan Gregg
 
PDF
Neutron packet logging framework
Vietnam Open Infrastructure User Group
 
PDF
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
PDF
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
PDF
Linux systems - Linux Commands and Shell Scripting
Emertxe Information Technologies Pvt Ltd
 
PDF
VLANs in the Linux Kernel
Kernel TLV
 
PDF
Linux BPF Superpowers
Brendan Gregg
 
PDF
Routed Provider Networks on OpenStack
Romana Project
 
PPTX
Packet Walk(s) In Kubernetes
Don Jayakody
 
PPTX
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
PPTX
Introduction to CNI (Container Network Interface)
HungWei Chiu
 
PPTX
Software Defined Networks
Shreeya Shah
 
PDF
Namespaces and cgroups - the basis of Linux containers
Kernel TLV
 
Large scale overlay networks with ovn: problems and solutions
Han Zhou
 
Virtualized network with openvswitch
Sim Janghoon
 
OVN - Basics and deep dive
Trinath Somanchi
 
SDN Architecture & Ecosystem
Kingston Smiler
 
BGP Dynamic Routing and Neutron
rktidwell
 
eBPF maps 101
SUSE Labs Taipei
 
OVN DBs HA with scale test
Aliasgar Ginwala
 
BPF Internals (eBPF)
Brendan Gregg
 
Neutron packet logging framework
Vietnam Open Infrastructure User Group
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Thomas Graf
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
Linux systems - Linux Commands and Shell Scripting
Emertxe Information Technologies Pvt Ltd
 
VLANs in the Linux Kernel
Kernel TLV
 
Linux BPF Superpowers
Brendan Gregg
 
Routed Provider Networks on OpenStack
Romana Project
 
Packet Walk(s) In Kubernetes
Don Jayakody
 
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
Introduction to CNI (Container Network Interface)
HungWei Chiu
 
Software Defined Networks
Shreeya Shah
 
Namespaces and cgroups - the basis of Linux containers
Kernel TLV
 
Ad

Similar to Demystifying openvswitch (20)

PPTX
Week_3.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
NavumGupta1
 
PPTX
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PROIDEA
 
PPTX
Cloud v2
Valentin URSAN
 
PDF
Understanding network and service virtualization
SDN Hub
 
PPTX
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
PPTX
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
Sungman Jang
 
PDF
BuildingSDNmanageableswitch.pdf
Fernando Velez Varela
 
PDF
An Introduce of OPNFV (Open Platform for NFV)
Mario Cho
 
PDF
Opencontrail network virtualization
Nicolai van der Smagt
 
PDF
PLNOG 13: Nicolai van der Smagt: SDN
PROIDEA
 
PPTX
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
GIST (Gwangju Institute of Science and Technology)
 
PDF
OVS-LinuxCon 2013.pdf
DanielHanganu2
 
PPTX
Optimising nfv service chains on open stack using docker
Satya Sanjibani Routray
 
PPTX
Optimising nfv service chains on open stack using docker
Ananth Padmanabhan
 
PDF
Osdc2014 openstack networking yves_fauser
yfauser
 
PDF
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
NETWAYS
 
PDF
SDN: A New Approach to Networking Technology
IRJET Journal
 
PPTX
Optimising nfv service chains on open stack using docker
Rahul Krishna Upadhyaya
 
PPT
Docker Multi Host Networking, Rachit Arora, IBM
Neependra Khare
 
PPTX
OpenStack Networking and Automation
Adam Johnson
 
Week_3.pptxmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
NavumGupta1
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PROIDEA
 
Cloud v2
Valentin URSAN
 
Understanding network and service virtualization
SDN Hub
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
Sungman Jang
 
BuildingSDNmanageableswitch.pdf
Fernando Velez Varela
 
An Introduce of OPNFV (Open Platform for NFV)
Mario Cho
 
Opencontrail network virtualization
Nicolai van der Smagt
 
PLNOG 13: Nicolai van der Smagt: SDN
PROIDEA
 
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
GIST (Gwangju Institute of Science and Technology)
 
OVS-LinuxCon 2013.pdf
DanielHanganu2
 
Optimising nfv service chains on open stack using docker
Satya Sanjibani Routray
 
Optimising nfv service chains on open stack using docker
Ananth Padmanabhan
 
Osdc2014 openstack networking yves_fauser
yfauser
 
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
NETWAYS
 
SDN: A New Approach to Networking Technology
IRJET Journal
 
Optimising nfv service chains on open stack using docker
Rahul Krishna Upadhyaya
 
Docker Multi Host Networking, Rachit Arora, IBM
Neependra Khare
 
OpenStack Networking and Automation
Adam Johnson
 
Ad

Recently uploaded (20)

PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Encapsulation theory and applications.pdf
gurumoop
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
A Presentation on Artificial Intelligence
memembruh336
 

Demystifying openvswitch

  • 1. Demystifying OpenVswitch Start your SDN journey today! Prasad Mukhedkar Emerging Technologies Group, Red Hat. pmukhedk@redhat.com
  • 2. Objectives and Takeways Session Objectives : ● High level overveiw of SDN Concepts and introduction of OpenvSwitch, ● Understand how to use OpenVswitch with KVM Virtualization ● Various OpenvSwitch Features with Demo ● SDN - OpenFlow ● SDN Controller (opendaylight project) Key Takeways : ● Getting familiar with openvswitch and its cli utilities ● When to use which Feature of OpenvSwitch. ● Creating vlans for your TestBeds (KVM). ● Opendaylight controller and OpenFlow
  • 3. What is SDN? Software Defined Network? ● Separation of the control from the forwarding plane. ● Software programmability for network elements. ● Centralized network control and management . The control plane is where forwarding/routing decisions are made (Software Logic) The data plane is where the data forwarding action takes place. (instructions to carry traffic over hardware ) The SDN architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for the applications and network service.
  • 4. 10000 foot view of SDN Approach Notice how control and data planes are separated and how this separation helps applications to directly controls network opening doors for innovation. Network Infrastructure - This consists the network devices such as routers and switches, Both physical as well as virtual. Controller - This encompass the software based on a centralized controller which could be on a server that talks to all the devices in the network using open API’s, Like OpenFlow or OVMDB. Applications : This encompasses the variety of application for which the network exists. This includes voice, video, enterprise applications, security appliances such as intrusion detection. These application can to the controller using open API’s to give them what they want. For example, Voice traffic may ask the controller to have it treated with least latency while an enterprise backup server may tell the controller to give it bandwith whenever it is available.
  • 5. Limitations of Linux Bridge Guest (VM) networking in KVM has traditionally been done using linux, It is simple to configure and manage but is not originally designed for virtual networking and therefore poses integration and management challenges. Linux Bridge An unmanaged software switch ! Robust, Does packet forwarding job very well. Fast, simple to use, No complexity Linux Bridge's “root cause problem” It is Closed for Innovations!
  • 6. What is OpenvSwitch? OpenvSwitch is an open source openflow capable virtual switch. If you’re familiar with VMware, think of it as an open source Distributed ● Flexible Control in user-space with comprehensive management tools ● Fast Datapath (forwarding plane) in kernel ● Adopted in base kernel, since version 3.3 ● Open vSwitch was included since RHEL 6 .4 (only datapath, no Control). ● Any netdevice (physical/virtual) can be added as uplink port
  • 7. OpenvSwitch Architecture The data path (ovs kernel module) uses netlink socket to interacts with vswitchd daemon that implements and manages any number ovs switches on local system, SDN Controller interacts with vswitchd using openflow protocol. The ovsdb-server maintains the switch table database and external clients can talk to ovsdb-server using json rpc and json being the data format. ovsdb database currently contains around 13 tables and this database is persistent across restarts.
  • 8. Openvswitch installation Starting with Fedora 16 the openvswitch user space tools and the required kernel modules are included in the Fedora distribution. # sudo dnf install openvswitch openvswitch package contains all the required user space tools including the ovsdb and series of command line utilities to configure, monitor and manage open vswitch instances. Following are the important configuration files of openvswitch. RHEL 7 and later (Need openstack or openshift channel) #rpm -qc openvswitch /etc/logrotate.d/openvswitch /etc/openvswitch/conf.db /etc/openvswitch/system-id.conf /etc/sysconfig/openvswitch
  • 9. Starting up the openvswitch service The Openvswitch.service is comprised by two daemons. One is a database and another is the switch itself. #/bin/systemctl start openvswitch.service #systemctl enable openvswitch.service 1. Kernel module gets loaded. module name is "openvswitch" #modinfo openvswitch filename: /lib/modules/4.1.6-200.fc22.x86_64/kernel/net/openvswitch/openvswitch.ko.xz license: GPL description: Open vSwitch switching datapath 2. Database is created. copied /usr/share/openvswitch/vswitch.ovsschema /etc/openvswitch/conf.db
  • 10. Openvswitch command-line interfaces #ovs-vsctl - This command is used to set up, maintain, and inspect various ovs switch configurations. It provides a high level interface for Open vSwitch Database to query and apply changes on runtime. #ovs-ofctl and ovs-dpctl - These two commands are used for administering and monitoring flow entries. You learned that OVS manages two kinds of flow. OpenFlows - The flows managed at control plane. Datapath - Kernel flow. A kind of cached version of the OpenFlow. ovs-ofctl - speaks to OpenFlow module whereas ovs-dpctl - speaks to Kernel module. Following two are most used options of each of these commands ovs-appctl - This command offer a way to send commands to a running Open vSwitch and gather information that is not directly exposed to ovs-ofctl command. This is swiss army knife of openflow troubleshooting.
  • 11. Setting up your first openvswitch bridge Multiple ways to Setup/Configure . - The ovs-vsctl is the primary command to create, remove and administer openvswitch. The operation performed using ovs-vsctl are persistent across system reboot. [root@kvmHOST1 ~]# ovs-vsctl add-br vswitch001 [root@kvmHOST1 ~]# ovs-vsctl show - Configuring a openvswitch bridge using network scripts. [root@kvmHOST1]cat /etc/sysconfig/network-scripts/ifcfg- vswitch002 DEVICE="vswitch002" BOOTPROTO="dhcp" DEFROUTE="yes" IPV4_FAILURE_FATAL="yes" IPV6INIT=no ONBOOT="yes" TYPE="OVSBridge" DEVICETYPE="ovs" Doc on ifcfg directives for openvswitch /usr/share/doc/openvswitch/README.RHEL
  • 12. Integrating KVM VMs and OVS Edit VM XML Configuration #virsh edit vm-name <interface type='bridge'> <mac address='52:54:00:ce:51:53''/> <source bridge=vswitch001/> <virtualport type='openvswitch'/> <target dev=<vm001_vp01> <model type='virtio'/> </interface> Libvirt Network Pool #cat ovs-network.xml <network> <name>NewNetwork</name> <forward mode='bridge'/> <bridge name='vswitch1'/> <virtualport type='openvswitch'/> </network> virsh net-define ovs-network.xml Network vswitch-net defined from ovs-network.xml # virsh net-start vswitch-net Network vswitch-net started A quick method! #virt-xml vm_01 --edit --network virtualport_type='openvswitch',source=vswitch001 ,target=vm001_vp01
  • 13. Feature 1 : Security / L2 Segregation VLAN isolation enforces VLAN membership of a VM without the knowledge of the guest itself. VLan1 : [root@kvmHOST1 ~]# ovs-vsctl set port fed1 tag=10 [root@kvmHOST1 ~]# ovs-vsctl set port fed2 tag=10 vLan2: [root@kvmHOST1 ~]# ovs-vsctl set port fed3 tag=20 [root@kvmHOST1 ~]# ovs-vsctl set port fed4 tag=20 #ovs-vsctl set port fed1 trunks=20,30,40 Monitor #ovsdb-client monitor Port name,trunks -- detach The default, vlan_mode used is "access", Its native mechanism of the vlan. VLAN Tag is added when packets enter a Access port, and stripped off when leave a access port. Other vlan_mode are native−tagged, native−untagged and trunk
  • 14. libvirt Integration <portgroup name='novlan' default='yes'> </portgroup> <portgroup name='vlan-finance'> <vlan> <vlan-mode=native-tagged> <tag id='10'/> </vlan> </portgroup> <portgroup name='vlan-marketing'> <vlan trunk='yes'> <tag id='20'/> <tag id='30'/> <tag id='30'/> </vlan> </portgroup> portgroup feature of libvirt provides a method of easily putting guest connections to the network into different classes, with each class potentially having a different level/type of service.
  • 15. Feature 2 : Overlay Networks Overlay Networks are industry standard techniques designed achieve Network Virtualization. Network Overlays such as Virtual eXtensible Local Area Network a(VXLAN) and Generic Routing Encapsulation (GRE) achieve network virtualization by overlaying layer 2 networks over physical layer 3 networks which enable network scalability and efficient use of current network infrastructure. Openvswitch supports multiple tunneling protocols (GRE, VXLAN, STT, and Geneve, with IPsec support) vm1 vm2 10.0.0.1 vxLan tunnle 10.0.0.2 overway N/W | | kvmhost1 kvmhost2 192.168.1.10 underlay N/W 192.168.2.20
  • 16. Configuring Overlay Networks Host1 #ovs-vsctl add-port vswitch vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip=192.168.1.20 Host2 #ovs-vsctl add-port vswitch vxlan1 -- set interface vxlan2 type=vxlan options:remote_ip=192.168.1.10 Other options : local_ip, in_key, out_key,tos,ttl
  • 17. Feature 3 : QoS The network QoS (quality of service) QoS refers to the ability of the network to handle it traffic such that it meets the service needs of certain applications. It is often used as a synonym for traffic control. QoS Policing - Rate Limiting Qos Shaping - Dedicated Queue Input(inbound) and output(outbound) traffic
  • 18. Feature 3 : QoS Configuration Shaping Create a queue(q0) with required network bandwidth. Here in this example I am limiting the egress traffic bandwidth to 10 MBps. Create a Queue #ovs-vsctl --id=@q0 create queue other-config:min- rate=100000 other-config:max-rate=100000 Create Qos #ovs-vsctl create qos type=linux-htb queues=0=05c73c42-3191-4025-96ce- cd6b86ab2775 Add Qos to a port #ovs-vsctl set port vent0 qos= 09f5b3c4- 35b7-4326-bae8-780b7ccadb3f Policing To apply QoS on a VM to control its inbound traffic, Modify its interface table to configure an ingress policing rule. There are two rules to set: ingress_policing_rate: The maximum rate (in Kbps) that this VM should be allowed to send. ingress_policing_burst: A parameter to the policing algorithm to indicate the maximum amount of data (in Kb) that this interface can send beyond the policing rate. ovs-vsctl set interface fed1 ingress_policing_rate=20000 ovs-vsctl set interface fed1 ingress_policing_burst=200
  • 19. Feature 4 : Port Mirroring OpenVswitch support port mirroring features out of the box, This feature is exactly similar to the port mirroring capability available on the new generation physical switches. With Port Mirroring Network administrator can get an insight on what kind of traffic is flowing on the network. #ovs-vsctl -- --id=@m create mirror name=M1 -- add bridge vswitch001 mirrors @m $ovs-vsctl set port fed1 -- set mirror M1 select_src_port=@fed1 select_dst_port=@fed2 select_dst_port = Ports on which incoming packets are selected for select_src_port = Ports on which outgoing packets are selected for mirroring. select_all = Its boolean, when to true. every packet incoming or outgoing on any port connected to bridge will be mirrored. output_port = specify to which port we want to send this mirrored traffic
  • 20. Feature 4 : Port Mirroring SPAN (Switched Port Analyzer) #ip link add dummy0 type dummy # ovs-vsctl -- --id=@dummy0 get port dummy0 -- set mirror mymirror select_all=true output-port=@dummy0
  • 21. SDN Controllers An SDN controller is an application in software-defined networking (SDN) that manages flow control to enable intelligent networking. Flow table is managed by a remote SDN controller, You can install or remove control flows using the SDN controller connected to the bridge
  • 22. Managing Openvswitch via a SDN Controller By connecting an openvswitch to SDN controller, We get level of abstraction and automation required to revolutionize networking. #ovs-vsctl set-controller vswitch0 tcp:192.168.1.20:6633
  • 23. More about openflow OpenFlow allows creating powerful L2-L4 service insertion, A flow contains entries that matches packets and apply actions that may include packet forwarding, packet modification and others. Basically rules are used to create expression, If expression matches, The defined Action is applied.
  • 24. Flow example Example : 1 cookie=0x0, duration=14.604s, table=0, n_packets=61, n_bytes=7418, idle_timeout=10, hard_timeout=30,tcp, vlan_tci=0x0000, dl_src=52:54:00:CE:51:52, dl_dst=52:54:00:CE:51:53, nw_src=10.0.0.1, nw_dst=10.0.0.2, nw_tos=0, tp_src=22, tp_dst=554 actions=output:1 Example 2 : Where can I learn more about flow ? https://flowsim.flowgrammable.org/
  • 25. OpenVswitch Troubleshooting - openvswitch Services Log files : /var/log/openvswitch/ovs-vswitchd.log /var/log/openvswitch/ovsdb-server.log - VLOG : OpenvSwitch has a built-in logging mechanism called VLOG. The VLOG facility expose deep internal information of various components. First Determine at what level your problem is occurring, Is it Bonding problem? #ovs-appctl vlog/list ovs-appctl vlog/list | grep -i bond - Verbosity of logging supported are (must be: emer, err, warn, info, or dbg), #ovs-appctl vlog/set module[:facility[:level]]
  • 26. OpenVswitch Troubleshooting - ovsdb-client utility to query the ovs database Tables : #ovsdb-client list-tables Bridge, Queue,QoS,Port, Interface # "ovsdb-client list-columns <table_name>" Prints columns in a particular table, There are many columns in each table. ovsdb-client monitor <table_name> <cloumn_name> --detach - Some other handy tools #ovsdb-tool showlog" to see data inserted into ovsdb, its openvswitch configuration #ovs-vsctl --format=table --column=name,vlan_mode
  • 27. OpenVswitch Troubleshooting "Show My Network State" is good utility to get graphically display of the virtual/physical network topology inside a single host. The tools is available here for download, https://sites.google.com/site/showmynetworkstate/

Editor's Notes

  • #23: controller, They are directly use fastpath (Data path). However, Note that each Flow Table entry has two timers: