Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Open vSwitch Introduction HungWei Chiu
Who Am I • HungWei Chiu (hwchiu) • Open Networking Foundation • Member of Technical Staff • https://hwchiu.com • Kubernete...
Agenda • What/How • TCP/IP Model • Linux Bridge • What/How • Open vSwitch • Open vSwitch in Kubernetes
We all learned
Data Link Switch v.s Router TCP/IP Model Network Transport Application Physical Data Link Physical Data Link Network Physi...
Router v.s Switch • Both • Store and forward packets • Network layer • Data Link layer • Router: • Routing table • Routing...
Docker eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 Linux Host Container 172.17.8.57
Can You Explain
Data Link Switch v.s Router TCP/IP Model Network Transport Application Physical Data Link Physical Data Link Network Physi...
Linux Host Switch v.s Router TCP/IP Model Data Link Network Transport Application Physical Data Link Physical Data Link Ne...
Docker eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 Linux Host Container 172.17.8.57 net_dev Kernel obj...
Docker eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 Linux Host Container 172.17.8.57 net_dev Kernel obj...
Tables • Arp Table (Learning MAC/IP) • Linux Bridge • Forwarding Table (Forward by MAC) • Netfilter • Iptables (Layer 3, NA...
Control • Arp • arp • Forwarding • brctl show/brctl showman’s • Routing • route • ip route • netfilter • iptables/ebtables ...
Multiple Nodes Host Agent • No Standard Protocol Host Agent Host Agent Host Agent Host Controller Agent • Execute commands...
Open vSwitch
Introduction https://www.openvswitch.org/
Openflow • Maintained by Open Networking Foundation (ONF) • The first standard communication interface defined between contro...
Openflow controller Openflow Enabled Switch Security Channel Flow Table Openflow Enabled Switch Security Channel Flow Table O...
Format Rule Action Stats • Forward packet to ports • Encapsulate and forward to controller • Modify fields • Normal Pipelin...
Example Switch Port dst_mac Layer 3 Layer 4src_mac Action port 3*** * 00:11:32:…. Switching Switch Port src_ip Layer 4Laye...
Compare • Linux • Arp Table (Learning MAC/IP) • Linux Bridge • Forwarding Table (Forward by MAC) • Netfilter • Iptables (La...
Docker example again
Docker eth0 Open vSwith Ovsbr0 Container 172.17.8.1 172.17.8.56 Linux Host Container 172.17.8.57
Flows Switch Port Layer 2 Layer 3 Layer 4eth_type Action …*…* Arp ARP Switch Port Layer 3 Header Layer 4 HeaderLayer2 Acti...
Open vSwtich • Need to prepare all flow rules • Without Linux Kernel (mostly) • Openflow controller • Program your logic • C...
Other functions • Linux • Tunneling • GRE/VXLAN/GRE/ STT/NVGRE • iptables extension • nfqueue ..etc • 802.1q VLAN • Linux ...
Multiple Nodes Host OVS Host OVS Host OVS Host OVS Host Openflow Controller
Kubernetes & OVS
Kubernetes & Networking • Pod communication • Pod to Pod • Pod to Wan • Service • ClusterIP • NodePort • NetworkPolicy CNI...
Challenge • CNI • Pod to Pod • Same Node • Different Node • Overlay ? • Pod to Wan • NAT
Challenge • Kube-proxy (service) • Monitor service object • Create/Update/Remove rules • Translate policy to OpenFlow rule...
Challenge • Additional controller • Open vSwitch controller • Openflow • OVSDB • …etc • Kubernetes controller
Projects • K-vswitch • SONA-CNI • Ovn-kubernetes • ..etc
https://github.com/k-vswitch/k-vswitch k-vswitch
sona-cni https://wiki.onosproject.org/display/ONOS/SONA-CNI+Installation
Why OVS?
Why • Networking performance? • Open vSwitch + DPDK (Kernel Bypass) • Hardware offloading • Service chain? • Rewrite packet...
K8S Node Pod Pod Pod eth0 Openflow Switch Openflow Switch Openflow Switch Data network K8S Node Pod Pod Pod eth0 K8S Node Pod...
Do I Need It?
One • Learn how system works • Computing/Storage/Networking • Linux • Increase your value • Don’t rely on Framework or Too...
Q&A
Upcoming SlideShare
Loading in …5
×
Software
653 views
Jan. 06, 2020

Open vSwitch Introduction

Introduce the basic concept of Open vSwitch. In this slide, we talked about how Linux kernel and networking stack worked together to forward and process the network packet and also compare those Linux networking stack functionality with Open vSwitch and Openflow.
At the end of this slide, we talk about the challenge to integrate the Open vSwitch with Kubernetes, what kind of the networking function we need to resolve and what is the benefit we can get from the Open Vswitch.

Related Books

Free with a 30 day trial from Scribd

See all
Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age William Powers
(4/5)
Free
In the Plex: How Google Thinks, Works, and Shapes Our Lives Steven Levy
(4.5/5)
Free
An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths Glenn Reynolds
(4/5)
Free
World Wide Mind: The Coming Integration of Humanity, Machines, and the Internet Michael Chorost
(4/5)
Free
Emergence: The Connected Lives of Ants, Brains, Cities, and Software Steven Johnson
(4/5)
Free
Tubes: A Journey to the Center of the Internet Andrew Blum
(4/5)
Free
The Impulse Economy: Understanding Mobile Shoppers and What Makes Them Buy Gary Schwartz
(4.5/5)
Free
Blog Schmog: The Truth About What Blogs Can (and Can't) Do for Your Business Robert W. Bly
(4/5)
Free
The End of Business As Usual: Rewire the Way You Work to Succeed in the Consumer Revolution Brian Solis
(5/5)
Free
Socialnomics: How Social Media Transforms the Way We Live and Do Business Erik Qualman
(3/5)
Free
The Nature of the Future: Dispatches from the Socialstructed World Marina Gorbis
(4/5)
Free
Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live Jeff Jarvis
(3.5/5)
Free
Talking Back to Facebook: The Common Sense Guide to Raising Kids in the Digital Age James P. Steyer
(4.5/5)
Free
The Thank You Economy Gary Vaynerchuk
(4/5)
Free
Blog, Inc.: Blogging for Passion, Profit, and to Create Community Joy Deangdeelert Cho
(3.5/5)
Free
Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance Julia Angwin
(4/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
New Dark Age: Technology and the End of the Future James Bridle
(4.5/5)
Free
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World Don Tapscott
(4/5)
Free
The Emperor's New Mind: Concerning Computers, Minds, and the Laws of Physics Roger Penrose
(4/5)
Free
The Death of Expertise: The Campaign Against Established Knowledge and Why it Matters Tom Nichols
(4.5/5)
Free
Alone Together: Why We Expect More from Technology and Less from Each Other Sherry Turkle
(4/5)
Free
Algorithms to Live By: The Computer Science of Human Decisions Tom Griffiths
(4.5/5)
Free
Kill All Normies: Online Culture Wars From 4Chan And Tumblr To Trump And The Alt-Right Angela Nagle
(4/5)
Free
The Art of Social Media: Power Tips for Power Users Guy Kawasaki
(4/5)
Free
An Introduction to Information Theory: Symbols, Signals and Noise John R. Pierce
(4.5/5)
Free
The Dark Net: Inside the Digital Underworld Jamie Bartlett
(3.5/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community that Will Listen Kristen Meinzer
(4.5/5)
Free
Cognitive Surplus: Creativity and Generosity in a Connected Age Clay Shirky
(3.5/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Ten Arguments for Deleting Your Social Media Accounts Right Now Jaron Lanier
(4/5)
Free
The New New Thing: A Silicon Valley Story Bruce Reizen
(4.5/5)
Free
Once Upon an Algorithm: How Stories Explain Computing Martin Erwig
(4/5)
Free
no profile picture user

  • Be the first to comment

  • Be the first to like this

Open vSwitch Introduction

  1. 1. Open vSwitch Introduction HungWei Chiu
  2. 2. Who Am I • HungWei Chiu (hwchiu) • Open Networking Foundation • Member of Technical Staff • https://hwchiu.com • Kubernetes/Container • Networking/Linux/Kernel • Co-Organizer of SDNDS-TW/ CNTUG
  3. 3. Agenda • What/How • TCP/IP Model • Linux Bridge • What/How • Open vSwitch • Open vSwitch in Kubernetes
  4. 4. We all learned
  5. 5. Data Link Switch v.s Router TCP/IP Model Network Transport Application Physical Data Link Physical Data Link Network Physical Data Link Network Transport Application Physical Client Server Switch Router
  6. 6. Router v.s Switch • Both • Store and forward packets • Network layer • Data Link layer • Router: • Routing table • Routing algorithms • Switch • Switch table • Learning algorithms
  7. 7. Docker eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 Linux Host Container 172.17.8.57
  8. 8. Can You Explain
  9. 9. Data Link Switch v.s Router TCP/IP Model Network Transport Application Physical Data Link Physical Data Link Network Physical Data Link Network Transport Application Physical Client Server Switch Router eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 Linux Host Container 172.17.8.57 Container to WAN
  10. 10. Linux Host Switch v.s Router TCP/IP Model Data Link Network Transport Application Physical Data Link Physical Data Link Network Physical Data Link Network Transport Application Physical Client Server Switch Router Container WAN Linux Bridge Linux Bridge Instances veth function call function call
  11. 11. Docker eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 Linux Host Container 172.17.8.57 net_dev Kernel object Packet Linux Bridge br0 • Received Packets • ebtables • iptables • Forward to net_dev (172.17.9.1) Packet: 172.17.8.56 -> 172.17.8.1
  12. 12. Docker eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 Linux Host Container 172.17.8.57 net_dev Kernel object Linux Kernel • Received Packet • Iptables • Routing tables • ARP tables • Forward to eth0 (10.1.2.3) Packet: 172.17.8.56 -> 172.17.8.1 Packet
  13. 13. Tables • Arp Table (Learning MAC/IP) • Linux Bridge • Forwarding Table (Forward by MAC) • Netfilter • Iptables (Layer 3, NAT…etc) • Ebtables (Layer 2 filter…etc) • Linux Kernel • Routing table (Routing by IP (Destination/Source))
  14. 14. Control • Arp • arp • Forwarding • brctl show/brctl showman’s • Routing • route • ip route • netfilter • iptables/ebtables • iptables-save/iptables-restore …etc
  15. 15. Multiple Nodes Host Agent • No Standard Protocol Host Agent Host Agent Host Agent Host Controller Agent • Execute commands • API Call (netlink)
  16. 16. Open vSwitch
  17. 17. Introduction https://www.openvswitch.org/
  18. 18. Openflow • Maintained by Open Networking Foundation (ONF) • The first standard communication interface defined between control and forwarding layers of an SDN architecture. https://en.wikipedia.org/wiki/OpenFlow
  19. 19. Openflow controller Openflow Enabled Switch Security Channel Flow Table Openflow Enabled Switch Security Channel Flow Table Openflow protocol Architecture
  20. 20. Format Rule Action Stats • Forward packet to ports • Encapsulate and forward to controller • Modify fields • Normal Pipeline • Extension Packet/Bytes counter Switch Port Layer 2 Header Layer 3 Header Layer 4 Header
  21. 21. Example Switch Port dst_mac Layer 3 Layer 4src_mac Action port 3*** * 00:11:32:…. Switching Switch Port src_ip Layer 4Layer 2 Action port 4*** * Routing dst_ip 140.113.2.4 Switch Port src_ip Layer 4Layer 2 Action drop*1.2.0.0/16* * Firewall dst_ip 140.113.2.4
  22. 22. Compare • Linux • Arp Table (Learning MAC/IP) • Linux Bridge • Forwarding Table (Forward by MAC) • Netfilter • Iptables (Layer 3, NAT…etc) • Ebtables (Layer 2 filter…etc) • Linux Kernel • Routing table (Routing by IP (Destination/Source)) • Openflow • Rules • Switch Port • Layer 2/3/4 Header • Action • Forward/Drop • Normal Pipeline • Modify fields • …etc • Stats • Counter
  23. 23. Docker example again
  24. 24. Docker eth0 Open vSwith Ovsbr0 Container 172.17.8.1 172.17.8.56 Linux Host Container 172.17.8.57
  25. 25. Flows Switch Port Layer 2 Layer 3 Layer 4eth_type Action …*…* Arp ARP Switch Port Layer 3 Header Layer 4 HeaderLayer2 Action • Change src/dst Mac • Forward to port…..…..* * Routing Switch Port Layer 3 Header Layer 4 Action * * NAT * Layer2 ….. ….. • Change src/dst IP • Forward to port
  26. 26. Open vSwtich • Need to prepare all flow rules • Without Linux Kernel (mostly) • Openflow controller • Program your logic • CLI • Difficult to maintain all logics.
  27. 27. Other functions • Linux • Tunneling • GRE/VXLAN/GRE/ STT/NVGRE • iptables extension • nfqueue ..etc • 802.1q VLAN • Linux • Link Aggregation with/ without LACP • QoS • Traffic Shaping • Socket Applications • VPN, other networking functions.
  28. 28. Multiple Nodes Host OVS Host OVS Host OVS Host OVS Host Openflow Controller
  29. 29. Kubernetes & OVS
  30. 30. Kubernetes & Networking • Pod communication • Pod to Pod • Pod to Wan • Service • ClusterIP • NodePort • NetworkPolicy CNI Flannel • Linux Bridge • ARP Table • Routing Table • Iptables Iptables Implemented by CNI.
  31. 31. Challenge • CNI • Pod to Pod • Same Node • Different Node • Overlay ? • Pod to Wan • NAT
  32. 32. Challenge • Kube-proxy (service) • Monitor service object • Create/Update/Remove rules • Translate policy to OpenFlow rules and apply to all switches. • NetworkPolicy • Monitor network policy object • Create/Update/Remove rules • Translate policy to OpenFlow rules and apply to all switches.
  33. 33. Challenge • Additional controller • Open vSwitch controller • Openflow • OVSDB • …etc • Kubernetes controller
  34. 34. Projects • K-vswitch • SONA-CNI • Ovn-kubernetes • ..etc
  35. 35. https://github.com/k-vswitch/k-vswitch k-vswitch
  36. 36. sona-cni https://wiki.onosproject.org/display/ONOS/SONA-CNI+Installation
  37. 37. Why OVS?
  38. 38. Why • Networking performance? • Open vSwitch + DPDK (Kernel Bypass) • Hardware offloading • Service chain? • Rewrite packets header • Redirect packets within different Pods • Networking Traffic Monitor? • Latency • Counters
  39. 39. K8S Node Pod Pod Pod eth0 Openflow Switch Openflow Switch Openflow Switch Data network K8S Node Pod Pod Pod eth0 K8S Node Pod Pod Pod eth0 Openflow Controller Reference Architecture
  40. 40. Do I Need It?
  41. 41. One • Learn how system works • Computing/Storage/Networking • Linux • Increase your value • Don’t rely on Framework or Tools • Helm/Operator …etc • Never be the Yaml Engineer
  42. 42. Q&A

    Be the first to comment

    Login to see the comments

Introduce the basic concept of Open vSwitch. In this slide, we talked about how Linux kernel and networking stack worked together to forward and process the network packet and also compare those Linux networking stack functionality with Open vSwitch and Openflow. At the end of this slide, we talk about the challenge to integrate the Open vSwitch with Kubernetes, what kind of the networking function we need to resolve and what is the benefit we can get from the Open Vswitch.

Views

Total views

653

On Slideshare

0

From embeds

0

Number of embeds

3

Actions

Downloads

25

Shares

0

Comments

0

Likes

0

×