Openv switchの使い方とか

32,895 views

Published on

Open vSwitchコードリーディングで使った資料です。

Published in: Technology
0 Comments
53 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
32,895
On SlideShare
0
From Embeds
0
Number of Embeds
2,977
Actions
Shares
0
Downloads
512
Comments
0
Likes
53
Embeds 0
No embeds

No notes for slide

Openv switchの使い方とか

  1. 1. 1Open vSwitchの使い方とか
  2. 2. 2自己紹介• 菊田 宏(きくた こう)• 某社研究開発職• Twitter : @kotto_hihihi →ほぼROM• Open vSwitchを触り始めたキッカケ →OpenFlowスイッチを探していたら見つけた
  3. 3. 3今日話すこと• Open vSwitchの概要• Open vSwitchの基本的な使い方 ▫ 各コンポーネントの関係性• Open vSwitchのデータ構造
  4. 4. 4Open vSwitchとは• OSSの仮想スイッチ• Linux標準のbridgeと互換性あり• 開発者の大半はNicira社の人• ハードにポーティングすることを意識している
  5. 5. 5Open vSwitchで何ができる?• 転送機能 :Bridge, VLAN, STP, LACP, GRE, GRE over IPsec, CAPWAP• 管理機能 :NetFlow, sFlow• 制御機能 :OpenFlow1.0, 1.1, 1.2
  6. 6. 6Open vSwitchの歴史?• 2010/03/15 v1.0.0リリース ▫ OpenFlow1.0.0に対応 ▫ GRE対応 →1.0.1まで• 2011/04/05 v1.1.0リリース ▫ QoS対応 ▫ Bonding対応 ▫ OpenFlowのベンダ拡張(NXM)対応 →1.1.2まで• 2011/08/03 v1.2.0リリース ▫ とても性能が良くなったらしい →1.2.2まで• 2011/12/09 v1.3.0リリース ▫ FlowTableが255個に(OpenFlow1.1.0の機能が使える?) ▫ STPに対応 ▫ NXM機能拡張• 2012/01/30 v1.4.0リリース ▫ NXM機能拡張• ※0.9以前のドキュメントが見つけることができませんでした…
  7. 7. 7Open vSwitchインストール前提:Ubuntu 10.04 server amd64• パッケージインストール いろんなところでSSL対応したい場合はlibsslを入れる # apt-get install make pkg-config gcc autoconf libtool• Open vSwitchのインストール # wget http://openvswitch.org/releases/openvswitch-1.4.0.tar.gz # tar zxvf openvswitch-1.4.0.tar.gz # cd openvswitch-1.4.0 # ./boot.sh # ./configure --with-linux=/lib/modules/`uname -r`/build # make # make install # insmod datapath/linux/openvswitch_mod.ko• ovsdbの作成 # mkdir -p /usr/local/etc/openvswitch # ovsdb-tool create /usr/local/etc/openvswitch/conf.db ¥ vswitchd/vswitch.ovsschema
  8. 8. 8Open vSwitch起動• ovsdb-server起動 SSL対応したい場合はlibsslを入れる # ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock ¥ --remote=db:Open_vSwitch,manager_options ¥ --pidfile --detach• vswitchdの起動 # ovs-vsctl --no-wait init # ovs-vswitchd --pidfile --detach
  9. 9. 9基本的な使い方• Bridge作成 # ovs-vsctl add-br br0 # ovs-vsctl add-port br0 eth1 # ovs-vsctl add-port br0 eth2• 設定の確認 # ovs-vsctl list-br br0 # ovs-vsctl list-ports br0 eth1 br0 eth2 eth1 eth2 10.0.0.1/24 10.0.0.2/24
  10. 10. 10Open vSwitch設定の流れ① ovs-vsctlコマンドがovsdb-serverに設定情報を送信する② ovsdb-serverがovs-vswitchdに設定情報を送信する③ ovs-vswitchdがopenvswitch_modを設定する④ ovs-vswitchdがovsdb-serverに設定結果を送信する⑤ ovsdb-serverがovsdbに設定情報、設定結果を登録する →設定情報は①と②の間に書き込んでいるかもしれない⑥ ovsdb-serverがovs-vsctlコマンドに設定結果を送信する 設定情報はovsdbで持つ。 ovsdbの実態はovsdb-toolで ovs-vsctl 作成したconf.dbファイル。 ① ⑥ JSON-RPC ② ovs-vswitchd ovsdb-server ⑤ ovsdb ④ ③ openvswitch_mod
  11. 11. 11 少し脱線 設定済みのovsdbファイルをコピーすると同じ環境が作れる ovsdbファイルをコピー ovsdb-server, ovsdb ovsdb ovsdb ovsdb ovs-vswitchdを起動 ovsdb-server ovsdb-server ovsdb-server ovsdb-server コピー元と ovs-vswitchd ovs-vswitchd ovs-vswitchd ovs-vswitchd 同じ環境になる br0 br0 br0 br0eth1 eth2 eth1 eth2 eth1 eth2 eth1 eth2
  12. 12. 12 もう少しだけ脱線 ovs-vswitchdとovsdb-server間をTCP/IP or SSLで接続して、複数のOpen vSwitchホストをovsdb専用ホストで集中管理することもできる ovsdb ovsdb ovsdb ovsdb ovsdb 専用ホスト ovsdb-server ovsdb-server ovsdb-server ovsdb-server ovs-vswitchd ovs-vswitchd ovs-vswitchd ovs-vswitchdOpen vSwitch br0 br0 br0 br0 ホスト群 eth1 eth2 eth1 eth2 eth1 eth2 eth1 eth2
  13. 13. 13libvirtとの連携brctlコマンドを使うことができればよい• bridge-utilsをインストールする # apt-get install bridge-utils• ovs-brcompatdを起動する # cd openvswitch-1.4.0 # insmod openvswitch-1.4.0/datapath/linux/brcompat_mod.ko # ovs-brcompatd --pidfile --detach• brctlコマンドが使えるようになる # brctl addbr br1 # brctl addif br1 eth1 # brctl addif br1 eth2• brctlコマンドで設定した結果がovs-vsctlコマンドで確認できる # ovs-vsctl list-br br1 # ovs-vsctl list-ports br1 eth1 eth2
  14. 14. 14 brctlコマンド利用時の設定の流れ ① brctlコマンドがbrcompat_modを設定する ② brcompat_modがovs-brcompatdに設定情報を通知する ③ ovs-brcompatdがovs-vsctlコマンドを実行する ④ 以降、ovs-vsctlコマンド利用時と同じbrctl ovs-vsctl ③ ④ ⑨ ① JSON-RPC ⑤ ovs-brcompatd ovs-vswitchd ovsdb-server ⑧ ovsdb ⑦ ② ⑥brcompat_mod openvswitch_mod
  15. 15. 15 OpenFlowスイッチとして使う • 最初からOpenFlowのフローエントリベースで動作している#ovs-ofctl dump-flows br0NXST_FLOW reply (xid=0x4):cookie=0x0, duration=2058.998s, table=0, n_packets=183, n_bytes=29257, priority=0 actions=NORMAL • フローエントリを削除すると通信できなくなる#ovs-ofctl del-flows br0#ovs-ofctl dump-flows br0NXST_FLOW reply (xid=0x4):
  16. 16. 16OpenFlowスイッチとして使う• ovs-ofctlコマンドでフローエントリが書ける # ovs-ofctl add-flow br0 ¥ in_port=1,dl_type=0x0800,nw_src=10.0.0.1,nw_dst=10.0.0.2,actions=output:2 # ovs-ofctl add-flow br0 ¥ in_port=2,dl_type=0x0800,nw_src=10.0.0.2,nw_dst=10.0.0.1,actions=output:1 →フィルタリングにも使える• フローエントリを書くときに使えるfield in_port, dl_vlan, dl_vlan_pcp, dl_src, dl_dst, dl_type, nw_src, nw_dst, nw_proto, nw_tos, nw_ecn, nw_ttl, tp_src, tp_dst, icmp_type, icmp_code, table, vlan_tci, ip_frag, arp_sha, arp_tha, ipv6_src, ipv6_dst, ipv6_label, nd_target, nd_sll, nd_tll, tun_id, regX →OpenFlow 1.1, 1.2に9割対応しているらしい
  17. 17. 17 ovs-ofctlでフローエントリ設定の流れ ① ovs-ofctlコマンドがovs-vswitchdに設定情報を送信する ② ovs-vswitchdがopenvswitch_modを設定するbrctl ovs-ofctl ovs-vsctl ① JSON-RPC ovs-brcompatd ovs-vswitchd ovsdb-server ovsdb ②brcompat_mod openvswitch_mod
  18. 18. 18コントローラから制御する• OpenFlowコントローラと接続する # ovs-vsctl set-controller br0 tcp:172.0.0.10:6633• OpenFlowコントローラが設定されるとL2SWとして動作するための フローエントリが消える # ovs-ofctl dump-flows br0 NXST_FLOW reply (xid=0x4): →以降、コントローラの制御で動作する。 コントローラ ovs-vswitchd br0 eth1 eth2
  19. 19. 19Open vSwitchのデータ構造ovsdb-clientを使ってovsdbのデータ構造を見る どんなDBがあるか? どんなtableがあるか? # ovsdb-client list-dbs # ovsdb-client list-tables Open_vSwitch Open_vSwitch Table ------------ Capability SSL Bridge Controller NetFlow Port Mirror Queue QoS Interface Open_vSwitch sFlow Manager
  20. 20. 20Open vSwitchのデータ構造各tableのcolumnと設定可能な値の定義# ovsdb-client list-columns Open_vSwitch BridgeColumn Type------------- ------------------------------------------------------------------------------status {"key":"string","max":"unlimited","min":0,"value":"string"}fail_mode {"key":{"enum":["set",["secure","standalone"]],"type":"string"},"min":0}other_config {"key":"string","max":"unlimited","min":0,"value":"string"}_version "uuid"name "string"datapath_type "string"netflow {"key":{"refTable":"NetFlow","type":"uuid"},"min":0}ports {"key":{"refTable":"Port","type":"uuid"},"max":"unlimited","min":0}external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}flood_vlans {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}_uuid "uuid"controller {"key":{"refTable":"Controller","type":"uuid"},"max":"unlimited","min":0}datapath_id {"key":"string","min":0}stp_enable "boolean"mirrors {"key":{"refTable":"Mirror","type":"uuid"},"max":"unlimited","min":0}sflow {"key":{"refTable":"sFlow","type":"uuid"},"min":0}
  21. 21. 21Open vSwitchのデータ構造 Open_vSwitch 1 1 1 1 0,* 0,* 0,1 0,*Manager Capability SSL Bridge 1 1 1 1 1 0,1 0,* 0,* 0,1 NetFlow Mirror Controller sFlow 1 0,* 0,* Port 1 1 0,1 * QoS Interface 1 0,* Queue
  22. 22. 22Open vSwitchのデータ構造実際の設定はどうなっているかovs-vsctlコマンドで確認# ovs-vsctl list bridge_uuid : 333ad8b8-7486-40ab-9d29-5051144734c2controller : [311d4af1-6d48-4b75-85ed-17e67a94cfb0]datapath_id : "000000151769d908"datapath_type : ""external_ids : {}fail_mode : []flood_vlans : []mirrors : []name : "br0"netflow : []other_config : {}ports : [65f57564-d408-42ac-84f7-7c6a4b433a5e, 86ecd3a9-7776-4567-83a3-ae19b9e4b46e,f490bdfa-8424-475a-9949-d10e2d3b8820]sflow : []status : {}stp_enable : false
  23. 23. 23ovsdbに直接設定ovs-vsctlコマンドでfail_modeにsecureを設定してみる# ovs-vsctl set Bridge br0 fail_mode=secure# ovs-vsctl list Bridge_uuid : 333ad8b8-7486-40ab-9d29-5051144734c2controller : [34d55998-475b-47d4-aa72-a37cfa6d294a]datapath_id : "000000151769d908"datapath_type : ""external_ids : {}fail_mode : secureflood_vlans : []mirrors : []name : "br0"netflow : []other_config : {}ports : [65f57564-d408-42ac-84f7-7c6a4b433a5e, 86ecd3a9-7776-4567-83a3-ae19b9e4b46e,f490bdfa-8424-475a-9949-d10e2d3b8820]sflow : []status : {}stp_enable : false
  24. 24. 24まとめ• Open vSwitchの基本的な使い方を紹介• Open vSwitchを構成するコンポーネントの関係性を紹介• Open vSwitchのデータ構造を紹介
  25. 25. 25(参考)Open_vSwitchテーブル構造# ovsdb-client list-columns Open_vSwitch Open_vSwitchColumn Type--------------- ------------------------------------------------------------------------------------------_uuid "uuid"system_type {"key":"string","min":0}external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}capabilities {"key":"string","max":"unlimited","min":0,"value":{"refTable":"Capability","type":"uuid"}}system_version {"key":"string","min":0}_version "uuid"manager_options {"key":{"refTable":"Manager","type":"uuid"},"max":"unlimited","min":0}other_config {"key":"string","max":"unlimited","min":0,"value":"string"}statistics {"key":"string","max":"unlimited","min":0,"value":"string"}cur_cfg "integer"ssl {"key":{"refTable":"SSL","type":"uuid"},"min":0}ovs_version {"key":"string","min":0}next_cfg "integer"db_version {"key":"string","min":0}bridges {"key":{"refTable":"Bridge","type":"uuid"},"max":"unlimited","min":0}
  26. 26. 26(参考)Bridgeテーブル構造# ovsdb-client list-columns Open_vSwitch BridgeColumn Type------------- ------------------------------------------------------------------------------status {"key":"string","max":"unlimited","min":0,"value":"string"}fail_mode {"key":{"enum":["set",["secure","standalone"]],"type":"string"},"min":0}other_config {"key":"string","max":"unlimited","min":0,"value":"string"}_version "uuid"name "string"datapath_type "string"netflow {"key":{"refTable":"NetFlow","type":"uuid"},"min":0}ports {"key":{"refTable":"Port","type":"uuid"},"max":"unlimited","min":0}external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}flood_vlans {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}_uuid "uuid"controller {"key":{"refTable":"Controller","type":"uuid"},"max":"unlimited","min":0}datapath_id {"key":"string","min":0}stp_enable "boolean"mirrors {"key":{"refTable":"Mirror","type":"uuid"},"max":"unlimited","min":0}sflow {"key":{"refTable":"sFlow","type":"uuid"},"min":0}
  27. 27. 27(参考)Portテーブル構造# ovsdb-client list-columns Open_vSwitch PortColumn Type--------------- -------------------------------------------------------------------------------------------------------bond_fake_iface "boolean"status {"key":"string","max":"unlimited","min":0,"value":"string"}other_config {"key":"string","max":"unlimited","min":0,"value":"string"}bond_mode {"key":{"enum":["set",["active-backup","balance-slb","balance-tcp","stable"]],"type":"string"},"min":0}_version "uuid"interfaces {"key":{"refTable":"Interface","type":"uuid"},"max":"unlimited"}name "string"bond_updelay "integer"vlan_mode {"key":{"enum":["set",["access","native-tagged","native-untagged","trunk"]],"type":"string"},"min":0}lacp {"key":{"enum":["set",["active","off","passive"]],"type":"string"},"min":0}mac {"key":"string","min":0}_uuid "uuid"external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}trunks {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}statistics {"key":"string","max":"unlimited","min":0,"value":"integer"}fake_bridge "boolean"tag {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"min":0}bond_downdelay "integer"qos {"key":{"refTable":"QoS","type":"uuid"},"min":0}
  28. 28. 28(参考)Interfaceテーブル構造# ovsdb-client list-columns Open_vSwitch InterfaceColumn Type---------------------- ----------------------------------------------------------------status {"key":"string","max":"unlimited","min":0,"value":"string"}link_resets {"key":"integer","min":0}link_speed {"key":"integer","min":0}duplex {"key":{"enum":["set",["full","half"]],"type":"string"},"min":0}admin_state {"key":{"enum":["set",["down","up"]],"type":"string"},"min":0}ofport {"key":"integer","min":0}_version "uuid"other_config {"key":"string","max":"unlimited","min":0,"value":"string"}name "string"link_state {"key":{"enum":["set",["down","up"]],"type":"string"},"min":0}type "string"mtu {"key":"integer","min":0}mac {"key":"string","min":0}cfm_mpid {"key":"integer","min":0}cfm_fault {"key":"boolean","min":0}_uuid "uuid"external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}options {"key":"string","max":"unlimited","min":0,"value":"string"}ingress_policing_rate {"key":{"minInteger":0,"type":"integer"}}statistics {"key":"string","max":"unlimited","min":0,"value":"integer"}cfm_remote_mpids {"key":"integer","max":"unlimited","min":0}ingress_policing_burst {"key":{"minInteger":0,"type":"integer"}}lacp_current {"key":"boolean","min":0}
  29. 29. 29(参考)QoSテーブル構造# ovsdb-client list-columns Open_vSwitch QoSColumn Type------------ --------------------------------------------------------------------------------------------------------------------------------------queues{"key":{"maxInteger":4294967295,"minInteger":0,"type":"integer"},"max":"unlimited","min":0,"value":{"refTable":"Queue","type":"uuid"}}external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}_uuid "uuid"type "string"other_config {"key":"string","max":"unlimited","min":0,"value":"string"}_version "uuid"
  30. 30. 30(参考)Queueテーブル構造# ovsdb-client list-columns Open_vSwitch QueueColumn Type------------ -----------------------------------------------------------------external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}_uuid "uuid"dscp {"key":{"maxInteger":63,"minInteger":0,"type":"integer"},"min":0}other_config {"key":"string","max":"unlimited","min":0,"value":"string"}_version "uuid"
  31. 31. 31(参考)Controllerテーブル構造# ovsdb-client list-columns Open_vSwitch ControllerColumn Type---------------------- ---------------------------------------------------------------------------_uuid "uuid"external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}status {"key":"string","max":"unlimited","min":0,"value":"string"}local_netmask {"key":"string","min":0}_version "uuid"is_connected "boolean"controller_burst_limit {"key":{"minInteger":25,"type":"integer"},"min":0}max_backoff {"key":{"minInteger":1000,"type":"integer"},"min":0}controller_rate_limit {"key":{"minInteger":100,"type":"integer"},"min":0}local_ip {"key":"string","min":0}local_gateway {"key":"string","min":0}connection_mode {"key":{"enum":["set",["in-band","out-of-band"]],"type":"string"},"min":0}inactivity_probe {"key":"integer","min":0}target "string"role {"key":{"enum":["set",["master","other","slave"]],"type":"string"},"min":0}
  32. 32. 32(参考)Managerテーブル構造# ovsdb-client list-columns Open_vSwitch ManagerColumn Type---------------- --------------------------------------------------------------------------_uuid "uuid"external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}status {"key":"string","max":"unlimited","min":0,"value":"string"}max_backoff {"key":{"minInteger":1000,"type":"integer"},"min":0}_version "uuid"is_connected "boolean"connection_mode {"key":{"enum":["set",["in-band","out-of-band"]],"type":"string"},"min":0}inactivity_probe {"key":"integer","min":0}target "string"
  33. 33. 33(参考)Capabilityテーブル構造# ovsdb-client list-columns Open_vSwitch CapabilityColumn Type-------- -----------------------------------------------------------_uuid "uuid"details {"key":"string","max":"unlimited","min":0,"value":"string"}_version "uuid"
  34. 34. 34(参考)SSLテーブル構造# ovsdb-client list-columns Open_vSwitch SSLColumn Type----------------- -----------------------------------------------------------certificate "string"external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}_uuid "uuid"private_key "string"ca_cert "string"bootstrap_ca_cert "boolean"_version "uuid"
  35. 35. 35(参考)Mirrorテーブル構造# ovsdb-client list-columns Open_vSwitch MirrorColumn Type--------------- ------------------------------------------------------------------------------------_uuid "uuid"external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}select_vlan {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}select_src_port {"key":{"refTable":"Port","refType":"weak","type":"uuid"},"max":"unlimited","min":0}_version "uuid"select_all "boolean"name "string"statistics {"key":"string","max":"unlimited","min":0,"value":"integer"}select_dst_port {"key":{"refTable":"Port","refType":"weak","type":"uuid"},"max":"unlimited","min":0}output_port {"key":{"refTable":"Port","refType":"weak","type":"uuid"},"min":0}output_vlan {"key":{"maxInteger":4095,"minInteger":1,"type":"integer"},"min":0}
  36. 36. 36(参考)NetFlowテーブル構造# ovsdb-client list-columns Open_vSwitch NetFlowColumn Type------------------- ------------------------------------------------------------------_uuid "uuid"external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}targets {"key":"string","max":"unlimited"}add_id_to_interface "boolean"_version "uuid"active_timeout {"key":{"minInteger":-1,"type":"integer"}}engine_id {"key":{"maxInteger":255,"minInteger":0,"type":"integer"},"min":0}engine_type {"key":{"maxInteger":255,"minInteger":0,"type":"integer"},"min":0}
  37. 37. 37(参考)sFlowテーブル構造# ovsdb-client list-columns Open_vSwitch sFlowColumn Type------------ -----------------------------------------------------------_uuid "uuid"external_ids {"key":"string","max":"unlimited","min":0,"value":"string"}targets {"key":"string","max":"unlimited"}agent {"key":"string","min":0}header {"key":"integer","min":0}_version "uuid"sampling {"key":"integer","min":0}polling {"key":"integer","min":0}

×