SlideShare a Scribd company logo
1 of 23
Download to read offline
LinuxCon+ContainerCon+CloudOpen China 2017
Justin Pettit (@Justin_D_Pettit)
Ben Pfaff (@Ben_Pfaff)
The Open vSwitch and OVN
Projects
Highlights from the Year
● The Open vSwitch project moved to the Linux Foundation
● Released the 2.6 and 2.7 series
● Moving to a more regular six month release interval
○ Next release in August
● First release of OVN
Who Works on the OVS Projects?
● 230 individual contributors
● Contributions from a wide variety of companies
● 16 “committers”
● Diversity of contributors has increased with OVN
OVS Project Releases
● Improved support for OpenFlow in every release
● Version 2.6
○ OVN
○ NAT support (Linux kernels)
○ QoS and policing for DPDK
○ Basic connection tracking on DPDK and Hyper-V
● Version 2.7
○ Non-experimental support for DPDK
○ OVN traffic shaping and DSCP support
Open vSwitch
Open vSwitch Overview
● OVS is a multi-layer switch
● Visibility (NetFlow, sFlow, SPAN/RSPAN)
● Fine-grained ACLs and QoS policies
● Port bonding, LACP, tunneling
● Centralized control through OpenFlow and OVSDB
● Open source using Apache license
● Multiple ports to physical switches
OVS Architecture
Platforms
● Linux kernel
● Containers
● DPDK
○ Bypasses the kernel and packets go straight to userspace
■ Potentially very fast if traffic doesn’t need kernel
■ Need to recreate services supplied by kernel
● Hyper-V
○ Windows-based hypervisor
○ Different from Windows support, but that’s also being worked on
● Non-Linux kernel datapaths sometimes lag on features provided by the
kernel
Decoupled Design
● Decoupling Helps
○ A number of different SDN applications have been written without requiring changes to
OVS.
○ A number of new OpenFlow protocols have been added without changes to kernel
○ A number of new platforms have been added by implementing just a new datapath
● Flow programming with slow-path/fast-path design often performs better
than fixed-pipeline
● NSDI paper on design and implementation:
○ http://openvswitch.org/support/papers/nsdi2015.pdf
Future: BPF Datapath
● BPF provides a safe, virtual sandbox in the Linux kernel (as well as other
platforms)
● DPDK-like performance in Linux kernel with XDP
● Potentially greater portability across kernel versions and platforms
● Insert new functionality at run-time:
○ New network and tunneling protocols
○ Push OVN-specific actions into the datapath
Future: P4
● P4 is a domain-specific language for programming packet forwarding
planes
● Usual target is hardware, but has benefits for software, too
○ Run-time addition of new matches and actions
○ New matches and actions can be written more compactly than in C
○ Parser can be custom-tuned to important fields for faster flow lookup
○ A single P4 match-action implementation can be shared across multiple datapaths
OVN
Virtual Networking Overview
13
Physical Logical
What is OVN?
● Virtual networking for Open vSwitch (OVS)
● Developed within the OVS project
● Linux Foundation Collaborative Project
● License under the Apache license
● First release of OVN came with OVS 2.6
● First release of OpenStack Neutron integration available in the Newton
release
OVN Feature Overview
● Manages overlays and physical network connectivity
● Flexible security policies (ACLs)
● Distributed L3 routing, IPv4 and IPv6
● Native support for NAT, load-balancing, DHCP
● Works with Linux, DPDK, and Hyper-V
● L2 and L3 gateways
● Designed to be integrated into another system
○ OpenStack, Kubernetes, Docker, Mesos, oVirt
Goals
● Production-quality
● Straightforward design
● Scale to 1000s of hypervisors (each with many VMs/containers)
● Scale to 100s of thousands of ports
Designed to Scale
● Configuration coordinated through databases
● Local controller converts logical flow state into physical flow state
○ Centrally creating each hypervisor’s view is expensive
○ Identical state sent to each hypervisor
● Desired state clearly separated from run-time state
○ Easier to reason about the system
○ Replication story clear
● Grouping techniques reduce Cartesian Product issues
○ High-level grouping constructs in database
○ Use of conjunctive match in switch
1. Logical configuration in Northbound DB
CMS
OVN
Northbound DB
2. ovn-northd populates Southbound logical flows
CMS
OVN
Northbound DB
OVN
Southbound DB
ovn-northd
3. Hypervisors generate physical flows
CMS
OVN
Northbound DB
OVN
Southbound DB
ovn-northd
HV-1
ovn-controller
OVS
HV-n
ovn-controller
OVS
HV-2
ovn-controller
OVS ...
OVN Future work
● Database clustering
● Scaling improvements
● Service function chaining
● Encrypted tunnels
● Native DNS support
● ACL Logging
Other Resources
● OVS/OVN Repository
○ https://github.com/openvswitch/ovs
● OpenStack OVN Integration
○ https://docs.openstack.org/developer/networking-ovn/
● Kubernetes OVN Plugin
○ https://github.com/openvswitch/ovn-kubernetes
● OVS Orbit Podcast
○ https://ovsorbit.org/
Thank you for attending!
Ben Pfaff (@Ben_Pfaff)
Justin Pettit (@Justin_D_Pettit)

More Related Content

What's hot

[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 

What's hot (20)

Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
 
오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)Introduction to CNI (Container Network Interface)
Introduction to CNI (Container Network Interface)
 
OpenStack High Availability
OpenStack High AvailabilityOpenStack High Availability
OpenStack High Availability
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
ML2/OVN アーキテクチャ概観
ML2/OVN アーキテクチャ概観ML2/OVN アーキテクチャ概観
ML2/OVN アーキテクチャ概観
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network View
 
오픈스택 기반 클라우드 서비스 구축 방안 및 사례
오픈스택 기반 클라우드 서비스 구축 방안 및 사례오픈스택 기반 클라우드 서비스 구축 방안 및 사례
오픈스택 기반 클라우드 서비스 구축 방안 및 사례
 
20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)
 
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
 
BGP Unnumbered で遊んでみた
BGP Unnumbered で遊んでみたBGP Unnumbered で遊んでみた
BGP Unnumbered で遊んでみた
 
From SDN to Cloud Networking
From SDN to Cloud NetworkingFrom SDN to Cloud Networking
From SDN to Cloud Networking
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교  및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교  및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
 
日本OpenStackユーザ会 第37回勉強会
日本OpenStackユーザ会 第37回勉強会日本OpenStackユーザ会 第37回勉強会
日本OpenStackユーザ会 第37回勉強会
 

Viewers also liked

Viewers also liked (20)

Fully automated kubernetes deployment and management
Fully automated kubernetes deployment and managementFully automated kubernetes deployment and management
Fully automated kubernetes deployment and management
 
Practical CNI
Practical CNIPractical CNI
Practical CNI
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internals
 
Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps. Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps.
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
 
LiteOS
LiteOS LiteOS
LiteOS
 
Obstacles & Solutions for Livepatch Support on ARM64 Architecture
Obstacles & Solutions for Livepatch Support on ARM64 ArchitectureObstacles & Solutions for Livepatch Support on ARM64 Architecture
Obstacles & Solutions for Livepatch Support on ARM64 Architecture
 
Hyperledger Technical Community in China.
Hyperledger Technical Community in China. Hyperledger Technical Community in China.
Hyperledger Technical Community in China.
 
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharbor
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
 
OpenStack on AArch64
OpenStack on AArch64OpenStack on AArch64
OpenStack on AArch64
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
 
GPU Acceleration for Containers on Intel Processor Graphics
GPU Acceleration for Containers on Intel Processor GraphicsGPU Acceleration for Containers on Intel Processor Graphics
GPU Acceleration for Containers on Intel Processor Graphics
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API Certification
 
Rethinking the OS
Rethinking the OSRethinking the OS
Rethinking the OS
 
Building a Better Thermostat
Building a Better ThermostatBuilding a Better Thermostat
Building a Better Thermostat
 
OCI Support in Mesos
OCI Support in MesosOCI Support in Mesos
OCI Support in Mesos
 
Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoT
 

Similar to The Open vSwitch and OVN Projects

What's new in OpenStack Liberty
What's new in OpenStack LibertyWhat's new in OpenStack Liberty
What's new in OpenStack Liberty
Stephen Gordon
 

Similar to The Open vSwitch and OVN Projects (20)

LF_OVS_17_State of the OVN
LF_OVS_17_State of the OVNLF_OVS_17_State of the OVN
LF_OVS_17_State of the OVN
 
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdfOpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
 
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFVOpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
 
Ovn vancouver
Ovn vancouverOvn vancouver
Ovn vancouver
 
Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...
Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...
Tim Hall and Ryan Betts [InfluxData] | InfluxDB Roadmap and Engineering Updat...
 
Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?Summit 16: How to Compose a New OPNFV Solution Stack?
Summit 16: How to Compose a New OPNFV Solution Stack?
 
OVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitchOVN: Scaleable Virtual Networking for Open vSwitch
OVN: Scaleable Virtual Networking for Open vSwitch
 
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storageWebinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
Webinar: OpenEBS - Still Free and now FASTEST Kubernetes storage
 
DENT - Mini Summit - UWG.pdf
DENT - Mini Summit - UWG.pdfDENT - Mini Summit - UWG.pdf
DENT - Mini Summit - UWG.pdf
 
What's new in OpenStack Liberty
What's new in OpenStack LibertyWhat's new in OpenStack Liberty
What's new in OpenStack Liberty
 
Programming the Network Data Plane
Programming the Network Data PlaneProgramming the Network Data Plane
Programming the Network Data Plane
 
Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101
 
OpenStack Paris Meetup on Nfv 2014/10/07
OpenStack Paris Meetup on Nfv 2014/10/07OpenStack Paris Meetup on Nfv 2014/10/07
OpenStack Paris Meetup on Nfv 2014/10/07
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVS
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
 
OpenStack Telco Architecture: OpenStack Summit Boston 2017
OpenStack Telco Architecture: OpenStack Summit Boston 2017OpenStack Telco Architecture: OpenStack Summit Boston 2017
OpenStack Telco Architecture: OpenStack Summit Boston 2017
 
Open v switch20150410b
Open v switch20150410bOpen v switch20150410b
Open v switch20150410b
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
 

More from LinuxCon ContainerCon CloudOpen China

More from LinuxCon ContainerCon CloudOpen China (16)

SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home.
 
Scale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesScale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 services
 
Secure Containers with EPT Isolation
Secure Containers with EPT IsolationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation
 
Open Source Software Business Models Redux
Open Source Software Business Models ReduxOpen Source Software Business Models Redux
Open Source Software Business Models Redux
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
 
Introduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving ContainerIntroduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving Container
 
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersRebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
 
Policy-based Resource Placement
Policy-based Resource PlacementPolicy-based Resource Placement
Policy-based Resource Placement
 
From Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering PrimerFrom Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering Primer
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
 
UEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS BootUEFI HTTP/HTTPS Boot
UEFI HTTP/HTTPS Boot
 
How Open Source Communities do Standardization
How Open Source Communities do StandardizationHow Open Source Communities do Standardization
How Open Source Communities do Standardization
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
 
Container Security
Container SecurityContainer Security
Container Security
 
Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStack
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
 

Recently uploaded

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
 

The Open vSwitch and OVN Projects

  • 1. LinuxCon+ContainerCon+CloudOpen China 2017 Justin Pettit (@Justin_D_Pettit) Ben Pfaff (@Ben_Pfaff) The Open vSwitch and OVN Projects
  • 2. Highlights from the Year ● The Open vSwitch project moved to the Linux Foundation ● Released the 2.6 and 2.7 series ● Moving to a more regular six month release interval ○ Next release in August ● First release of OVN
  • 3. Who Works on the OVS Projects? ● 230 individual contributors ● Contributions from a wide variety of companies ● 16 “committers” ● Diversity of contributors has increased with OVN
  • 4. OVS Project Releases ● Improved support for OpenFlow in every release ● Version 2.6 ○ OVN ○ NAT support (Linux kernels) ○ QoS and policing for DPDK ○ Basic connection tracking on DPDK and Hyper-V ● Version 2.7 ○ Non-experimental support for DPDK ○ OVN traffic shaping and DSCP support
  • 6. Open vSwitch Overview ● OVS is a multi-layer switch ● Visibility (NetFlow, sFlow, SPAN/RSPAN) ● Fine-grained ACLs and QoS policies ● Port bonding, LACP, tunneling ● Centralized control through OpenFlow and OVSDB ● Open source using Apache license ● Multiple ports to physical switches
  • 8. Platforms ● Linux kernel ● Containers ● DPDK ○ Bypasses the kernel and packets go straight to userspace ■ Potentially very fast if traffic doesn’t need kernel ■ Need to recreate services supplied by kernel ● Hyper-V ○ Windows-based hypervisor ○ Different from Windows support, but that’s also being worked on ● Non-Linux kernel datapaths sometimes lag on features provided by the kernel
  • 9. Decoupled Design ● Decoupling Helps ○ A number of different SDN applications have been written without requiring changes to OVS. ○ A number of new OpenFlow protocols have been added without changes to kernel ○ A number of new platforms have been added by implementing just a new datapath ● Flow programming with slow-path/fast-path design often performs better than fixed-pipeline ● NSDI paper on design and implementation: ○ http://openvswitch.org/support/papers/nsdi2015.pdf
  • 10. Future: BPF Datapath ● BPF provides a safe, virtual sandbox in the Linux kernel (as well as other platforms) ● DPDK-like performance in Linux kernel with XDP ● Potentially greater portability across kernel versions and platforms ● Insert new functionality at run-time: ○ New network and tunneling protocols ○ Push OVN-specific actions into the datapath
  • 11. Future: P4 ● P4 is a domain-specific language for programming packet forwarding planes ● Usual target is hardware, but has benefits for software, too ○ Run-time addition of new matches and actions ○ New matches and actions can be written more compactly than in C ○ Parser can be custom-tuned to important fields for faster flow lookup ○ A single P4 match-action implementation can be shared across multiple datapaths
  • 12. OVN
  • 14. What is OVN? ● Virtual networking for Open vSwitch (OVS) ● Developed within the OVS project ● Linux Foundation Collaborative Project ● License under the Apache license ● First release of OVN came with OVS 2.6 ● First release of OpenStack Neutron integration available in the Newton release
  • 15. OVN Feature Overview ● Manages overlays and physical network connectivity ● Flexible security policies (ACLs) ● Distributed L3 routing, IPv4 and IPv6 ● Native support for NAT, load-balancing, DHCP ● Works with Linux, DPDK, and Hyper-V ● L2 and L3 gateways ● Designed to be integrated into another system ○ OpenStack, Kubernetes, Docker, Mesos, oVirt
  • 16. Goals ● Production-quality ● Straightforward design ● Scale to 1000s of hypervisors (each with many VMs/containers) ● Scale to 100s of thousands of ports
  • 17. Designed to Scale ● Configuration coordinated through databases ● Local controller converts logical flow state into physical flow state ○ Centrally creating each hypervisor’s view is expensive ○ Identical state sent to each hypervisor ● Desired state clearly separated from run-time state ○ Easier to reason about the system ○ Replication story clear ● Grouping techniques reduce Cartesian Product issues ○ High-level grouping constructs in database ○ Use of conjunctive match in switch
  • 18. 1. Logical configuration in Northbound DB CMS OVN Northbound DB
  • 19. 2. ovn-northd populates Southbound logical flows CMS OVN Northbound DB OVN Southbound DB ovn-northd
  • 20. 3. Hypervisors generate physical flows CMS OVN Northbound DB OVN Southbound DB ovn-northd HV-1 ovn-controller OVS HV-n ovn-controller OVS HV-2 ovn-controller OVS ...
  • 21. OVN Future work ● Database clustering ● Scaling improvements ● Service function chaining ● Encrypted tunnels ● Native DNS support ● ACL Logging
  • 22. Other Resources ● OVS/OVN Repository ○ https://github.com/openvswitch/ovs ● OpenStack OVN Integration ○ https://docs.openstack.org/developer/networking-ovn/ ● Kubernetes OVN Plugin ○ https://github.com/openvswitch/ovn-kubernetes ● OVS Orbit Podcast ○ https://ovsorbit.org/
  • 23. Thank you for attending! Ben Pfaff (@Ben_Pfaff) Justin Pettit (@Justin_D_Pettit)