Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Demystifying OpenVswitch
Start your SDN journey today!
Prasad Mukhedkar
Emerging Technologies Group, Red Hat.
pmukhedk@red...
Objectives and Takeways
Session Objectives :
● High level overveiw of SDN Concepts and introduction of OpenvSwitch,
● Unde...
What is SDN? Software Defined Network?
● Separation of the control from the forwarding plane.
● Software programmability f...
10000 foot view of SDN Approach
Notice how control and data planes are separated and how this separation helps application...
Limitations of Linux Bridge
Guest (VM) networking in KVM has traditionally been done using linux, It is simple to
configur...
What is OpenvSwitch?
OpenvSwitch is an open source openflow capable virtual switch. If you’re familiar
with VMware, think ...
OpenvSwitch Architecture
The data path (ovs kernel module) uses netlink socket to interacts with vswitchd daemon that impl...
Openvswitch installation
Starting with Fedora 16 the openvswitch user space tools and the
required kernel modules are incl...
Starting up the openvswitch service
The Openvswitch.service is comprised by two daemons. One is a database and
another is ...
Openvswitch command-line interfaces
#ovs-vsctl - This command is used to set up, maintain, and inspect various ovs switch
...
Setting up your first openvswitch bridge
Multiple ways to Setup/Configure .
- The ovs-vsctl is the primary command to crea...
Integrating KVM VMs and OVS
Edit VM XML Configuration
#virsh edit vm-name
<interface type='bridge'>
<mac address='52:54:00...
Feature 1 : Security / L2 Segregation
VLAN isolation enforces VLAN membership of a VM without the knowledge of the guest i...
libvirt Integration
<portgroup name='novlan' default='yes'>
</portgroup>
<portgroup name='vlan-finance'>
<vlan>
<vlan-mode...
Feature 2 : Overlay Networks
Overlay Networks are industry standard techniques designed achieve Network Virtualization.
Ne...
Configuring Overlay Networks
Host1
#ovs-vsctl add-port vswitch vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip...
Feature 3 : QoS
The network QoS (quality of service) QoS refers to the ability of the network to handle
it traffic such th...
Feature 3 : QoS Configuration
Shaping
Create a queue(q0) with required network
bandwidth. Here in this example I am limiti...
Feature 4 : Port Mirroring
OpenVswitch support port mirroring features out of the box, This feature is exactly
similar to ...
Feature 4 : Port Mirroring
SPAN (Switched Port Analyzer)
#ip link add dummy0 type dummy
# ovs-vsctl -- --id=@dummy0 get po...
SDN Controllers
An SDN controller is an application in software-defined networking (SDN) that manages flow control to enab...
Managing Openvswitch via a SDN Controller
By connecting an openvswitch to SDN controller, We get level of abstraction and
...
More about openflow
OpenFlow allows creating powerful L2-L4 service insertion, A flow contains entries that
matches packet...
Flow example
Example : 1
cookie=0x0, duration=14.604s, table=0, n_packets=61, n_bytes=7418,
idle_timeout=10, hard_timeout=...
OpenVswitch Troubleshooting
- openvswitch Services Log files :
/var/log/openvswitch/ovs-vswitchd.log
/var/log/openvswitch/...
OpenVswitch Troubleshooting
-
ovsdb-client utility to query the ovs database
Tables : #ovsdb-client list-tables
Bridge, Qu...
OpenVswitch Troubleshooting
"Show My Network State" is good utility to get graphically display of the virtual/physical
net...
Questions?
Upcoming SlideShare
Loading in …5
×

Demystifying openvswitch

4,331 views

Published on

Openvswitch, Coud Networking, SDN, KVM, OpenDayLight

Published in: Technology
  • Be the first to comment

Demystifying openvswitch

  1. 1. Demystifying OpenVswitch Start your SDN journey today! Prasad Mukhedkar Emerging Technologies Group, Red Hat. pmukhedk@redhat.com
  2. 2. Objectives and Takeways Session Objectives : ● High level overveiw of SDN Concepts and introduction of OpenvSwitch, ● Understand how to use OpenVswitch with KVM Virtualization ● Various OpenvSwitch Features with Demo ● SDN - OpenFlow ● SDN Controller (opendaylight project) Key Takeways : ● Getting familiar with openvswitch and its cli utilities ● When to use which Feature of OpenvSwitch. ● Creating vlans for your TestBeds (KVM). ● Opendaylight controller and OpenFlow
  3. 3. What is SDN? Software Defined Network? ● Separation of the control from the forwarding plane. ● Software programmability for network elements. ● Centralized network control and management . The control plane is where forwarding/routing decisions are made (Software Logic) The data plane is where the data forwarding action takes place. (instructions to carry traffic over hardware ) The SDN architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for the applications and network service.
  4. 4. 10000 foot view of SDN Approach Notice how control and data planes are separated and how this separation helps applications to directly controls network opening doors for innovation. Network Infrastructure - This consists the network devices such as routers and switches, Both physical as well as virtual. Controller - This encompass the software based on a centralized controller which could be on a server that talks to all the devices in the network using open API’s, Like OpenFlow or OVMDB. Applications : This encompasses the variety of application for which the network exists. This includes voice, video, enterprise applications, security appliances such as intrusion detection. These application can to the controller using open API’s to give them what they want. For example, Voice traffic may ask the controller to have it treated with least latency while an enterprise backup server may tell the controller to give it bandwith whenever it is available.
  5. 5. Limitations of Linux Bridge Guest (VM) networking in KVM has traditionally been done using linux, It is simple to configure and manage but is not originally designed for virtual networking and therefore poses integration and management challenges. Linux Bridge An unmanaged software switch ! Robust, Does packet forwarding job very well. Fast, simple to use, No complexity Linux Bridge's “root cause problem” It is Closed for Innovations!
  6. 6. What is OpenvSwitch? OpenvSwitch is an open source openflow capable virtual switch. If you’re familiar with VMware, think of it as an open source Distributed ● Flexible Control in user-space with comprehensive management tools ● Fast Datapath (forwarding plane) in kernel ● Adopted in base kernel, since version 3.3 ● Open vSwitch was included since RHEL 6 .4 (only datapath, no Control). ● Any netdevice (physical/virtual) can be added as uplink port
  7. 7. OpenvSwitch Architecture The data path (ovs kernel module) uses netlink socket to interacts with vswitchd daemon that implements and manages any number ovs switches on local system, SDN Controller interacts with vswitchd using openflow protocol. The ovsdb-server maintains the switch table database and external clients can talk to ovsdb-server using json rpc and json being the data format. ovsdb database currently contains around 13 tables and this database is persistent across restarts.
  8. 8. Openvswitch installation Starting with Fedora 16 the openvswitch user space tools and the required kernel modules are included in the Fedora distribution. # sudo dnf install openvswitch openvswitch package contains all the required user space tools including the ovsdb and series of command line utilities to configure, monitor and manage open vswitch instances. Following are the important configuration files of openvswitch. RHEL 7 and later (Need openstack or openshift channel) #rpm -qc openvswitch /etc/logrotate.d/openvswitch /etc/openvswitch/conf.db /etc/openvswitch/system-id.conf /etc/sysconfig/openvswitch
  9. 9. Starting up the openvswitch service The Openvswitch.service is comprised by two daemons. One is a database and another is the switch itself. #/bin/systemctl start openvswitch.service #systemctl enable openvswitch.service 1. Kernel module gets loaded. module name is "openvswitch" #modinfo openvswitch filename: /lib/modules/4.1.6-200.fc22.x86_64/kernel/net/openvswitch/openvswitch.ko.xz license: GPL description: Open vSwitch switching datapath 2. Database is created. copied /usr/share/openvswitch/vswitch.ovsschema /etc/openvswitch/conf.db
  10. 10. Openvswitch command-line interfaces #ovs-vsctl - This command is used to set up, maintain, and inspect various ovs switch configurations. It provides a high level interface for Open vSwitch Database to query and apply changes on runtime. #ovs-ofctl and ovs-dpctl - These two commands are used for administering and monitoring flow entries. You learned that OVS manages two kinds of flow. OpenFlows - The flows managed at control plane. Datapath - Kernel flow. A kind of cached version of the OpenFlow. ovs-ofctl - speaks to OpenFlow module whereas ovs-dpctl - speaks to Kernel module. Following two are most used options of each of these commands ovs-appctl - This command offer a way to send commands to a running Open vSwitch and gather information that is not directly exposed to ovs-ofctl command. This is swiss army knife of openflow troubleshooting.
  11. 11. Setting up your first openvswitch bridge Multiple ways to Setup/Configure . - The ovs-vsctl is the primary command to create, remove and administer openvswitch. The operation performed using ovs-vsctl are persistent across system reboot. [root@kvmHOST1 ~]# ovs-vsctl add-br vswitch001 [root@kvmHOST1 ~]# ovs-vsctl show - Configuring a openvswitch bridge using network scripts. [root@kvmHOST1]cat /etc/sysconfig/network-scripts/ifcfg- vswitch002 DEVICE="vswitch002" BOOTPROTO="dhcp" DEFROUTE="yes" IPV4_FAILURE_FATAL="yes" IPV6INIT=no ONBOOT="yes" TYPE="OVSBridge" DEVICETYPE="ovs" Doc on ifcfg directives for openvswitch /usr/share/doc/openvswitch/README.RHEL
  12. 12. Integrating KVM VMs and OVS Edit VM XML Configuration #virsh edit vm-name <interface type='bridge'> <mac address='52:54:00:ce:51:53''/> <source bridge=vswitch001/> <virtualport type='openvswitch'/> <target dev=<vm001_vp01> <model type='virtio'/> </interface> Libvirt Network Pool #cat ovs-network.xml <network> <name>NewNetwork</name> <forward mode='bridge'/> <bridge name='vswitch1'/> <virtualport type='openvswitch'/> </network> virsh net-define ovs-network.xml Network vswitch-net defined from ovs-network.xml # virsh net-start vswitch-net Network vswitch-net started A quick method! #virt-xml vm_01 --edit --network virtualport_type='openvswitch',source=vswitch001 ,target=vm001_vp01
  13. 13. Feature 1 : Security / L2 Segregation VLAN isolation enforces VLAN membership of a VM without the knowledge of the guest itself. VLan1 : [root@kvmHOST1 ~]# ovs-vsctl set port fed1 tag=10 [root@kvmHOST1 ~]# ovs-vsctl set port fed2 tag=10 vLan2: [root@kvmHOST1 ~]# ovs-vsctl set port fed3 tag=20 [root@kvmHOST1 ~]# ovs-vsctl set port fed4 tag=20 #ovs-vsctl set port fed1 trunks=20,30,40 Monitor #ovsdb-client monitor Port name,trunks -- detach The default, vlan_mode used is "access", Its native mechanism of the vlan. VLAN Tag is added when packets enter a Access port, and stripped off when leave a access port. Other vlan_mode are native−tagged, native−untagged and trunk
  14. 14. libvirt Integration <portgroup name='novlan' default='yes'> </portgroup> <portgroup name='vlan-finance'> <vlan> <vlan-mode=native-tagged> <tag id='10'/> </vlan> </portgroup> <portgroup name='vlan-marketing'> <vlan trunk='yes'> <tag id='20'/> <tag id='30'/> <tag id='30'/> </vlan> </portgroup> portgroup feature of libvirt provides a method of easily putting guest connections to the network into different classes, with each class potentially having a different level/type of service.
  15. 15. Feature 2 : Overlay Networks Overlay Networks are industry standard techniques designed achieve Network Virtualization. Network Overlays such as Virtual eXtensible Local Area Network a(VXLAN) and Generic Routing Encapsulation (GRE) achieve network virtualization by overlaying layer 2 networks over physical layer 3 networks which enable network scalability and efficient use of current network infrastructure. Openvswitch supports multiple tunneling protocols (GRE, VXLAN, STT, and Geneve, with IPsec support) vm1 vm2 10.0.0.1 vxLan tunnle 10.0.0.2 overway N/W | | kvmhost1 kvmhost2 192.168.1.10 underlay N/W 192.168.2.20
  16. 16. Configuring Overlay Networks Host1 #ovs-vsctl add-port vswitch vxlan1 -- set interface vxlan1 type=vxlan options:remote_ip=192.168.1.20 Host2 #ovs-vsctl add-port vswitch vxlan1 -- set interface vxlan2 type=vxlan options:remote_ip=192.168.1.10 Other options : local_ip, in_key, out_key,tos,ttl
  17. 17. Feature 3 : QoS The network QoS (quality of service) QoS refers to the ability of the network to handle it traffic such that it meets the service needs of certain applications. It is often used as a synonym for traffic control. QoS Policing - Rate Limiting Qos Shaping - Dedicated Queue Input(inbound) and output(outbound) traffic
  18. 18. Feature 3 : QoS Configuration Shaping Create a queue(q0) with required network bandwidth. Here in this example I am limiting the egress traffic bandwidth to 10 MBps. Create a Queue #ovs-vsctl --id=@q0 create queue other-config:min- rate=100000 other-config:max-rate=100000 Create Qos #ovs-vsctl create qos type=linux-htb queues=0=05c73c42-3191-4025-96ce- cd6b86ab2775 Add Qos to a port #ovs-vsctl set port vent0 qos= 09f5b3c4- 35b7-4326-bae8-780b7ccadb3f Policing To apply QoS on a VM to control its inbound traffic, Modify its interface table to configure an ingress policing rule. There are two rules to set: ingress_policing_rate: The maximum rate (in Kbps) that this VM should be allowed to send. ingress_policing_burst: A parameter to the policing algorithm to indicate the maximum amount of data (in Kb) that this interface can send beyond the policing rate. ovs-vsctl set interface fed1 ingress_policing_rate=20000 ovs-vsctl set interface fed1 ingress_policing_burst=200
  19. 19. Feature 4 : Port Mirroring OpenVswitch support port mirroring features out of the box, This feature is exactly similar to the port mirroring capability available on the new generation physical switches. With Port Mirroring Network administrator can get an insight on what kind of traffic is flowing on the network. #ovs-vsctl -- --id=@m create mirror name=M1 -- add bridge vswitch001 mirrors @m $ovs-vsctl set port fed1 -- set mirror M1 select_src_port=@fed1 select_dst_port=@fed2 select_dst_port = Ports on which incoming packets are selected for select_src_port = Ports on which outgoing packets are selected for mirroring. select_all = Its boolean, when to true. every packet incoming or outgoing on any port connected to bridge will be mirrored. output_port = specify to which port we want to send this mirrored traffic
  20. 20. Feature 4 : Port Mirroring SPAN (Switched Port Analyzer) #ip link add dummy0 type dummy # ovs-vsctl -- --id=@dummy0 get port dummy0 -- set mirror mymirror select_all=true output-port=@dummy0
  21. 21. SDN Controllers An SDN controller is an application in software-defined networking (SDN) that manages flow control to enable intelligent networking. Flow table is managed by a remote SDN controller, You can install or remove control flows using the SDN controller connected to the bridge
  22. 22. Managing Openvswitch via a SDN Controller By connecting an openvswitch to SDN controller, We get level of abstraction and automation required to revolutionize networking. #ovs-vsctl set-controller vswitch0 tcp:192.168.1.20:6633
  23. 23. More about openflow OpenFlow allows creating powerful L2-L4 service insertion, A flow contains entries that matches packets and apply actions that may include packet forwarding, packet modification and others. Basically rules are used to create expression, If expression matches, The defined Action is applied.
  24. 24. Flow example Example : 1 cookie=0x0, duration=14.604s, table=0, n_packets=61, n_bytes=7418, idle_timeout=10, hard_timeout=30,tcp, vlan_tci=0x0000, dl_src=52:54:00:CE:51:52, dl_dst=52:54:00:CE:51:53, nw_src=10.0.0.1, nw_dst=10.0.0.2, nw_tos=0, tp_src=22, tp_dst=554 actions=output:1 Example 2 : Where can I learn more about flow ? https://flowsim.flowgrammable.org/
  25. 25. OpenVswitch Troubleshooting - openvswitch Services Log files : /var/log/openvswitch/ovs-vswitchd.log /var/log/openvswitch/ovsdb-server.log - VLOG : OpenvSwitch has a built-in logging mechanism called VLOG. The VLOG facility expose deep internal information of various components. First Determine at what level your problem is occurring, Is it Bonding problem? #ovs-appctl vlog/list ovs-appctl vlog/list | grep -i bond - Verbosity of logging supported are (must be: emer, err, warn, info, or dbg), #ovs-appctl vlog/set module[:facility[:level]]
  26. 26. OpenVswitch Troubleshooting - ovsdb-client utility to query the ovs database Tables : #ovsdb-client list-tables Bridge, Queue,QoS,Port, Interface # "ovsdb-client list-columns <table_name>" Prints columns in a particular table, There are many columns in each table. ovsdb-client monitor <table_name> <cloumn_name> --detach - Some other handy tools #ovsdb-tool showlog" to see data inserted into ovsdb, its openvswitch configuration #ovs-vsctl --format=table --column=name,vlan_mode
  27. 27. OpenVswitch Troubleshooting "Show My Network State" is good utility to get graphically display of the virtual/physical network topology inside a single host. The tools is available here for download, https://sites.google.com/site/showmynetworkstate/
  28. 28. Questions?

×