SlideShare a Scribd company logo
CloudStack Collaboration
Conference 2012
Under the Hood: Open vSwitch & OpenFlow in XCP &
XenServer


Dominic Curran
Citrix XenServer Software Engineer
Nov 2012


 Slides available under CC BY-SA 3.0
2


    Contents
    ●
        Linux Bridge
    ●
        What does Open vSwitch Provide ?
    ●
        Open vSwitch Project
    ●
        How Open vSwitch works
    ●
        How Openflow works




    Slides available under CC BY-SA 3.0
3


    What's wrong with Linux Bridge ?
    ●
        Linux Bridge:                           ●
                                                    Open vSwitch:
         –    Nothing !                             –   Full L2-L4 matching capability
         –    L2 switch. Fast & reliable            –   Decision in userspace
         –    Simple forwarding                     –   ACLs, QoS & Bonding
                                                    –   Mobility of state
                                                          Userspace Module
                                                           Userspace Module
                                          VM
                                           VM                                  VM
                                                                                VM

                 Bridge Kernel Module
                  Bridge Kernel Module                    OVS Kernel Module
                                                           OVS Kernel Module
                                          VM
                                           VM                                  VM
                                                                                VM


                   packet                                  packet


    Slides available under CC BY-SA 3.0
4


    What does Open vSwitch Provide ?
    ●
        Provide greater visibility into the XenServer networking layer
    ●
        Provide distributed fine grained networking configuration and
        control policies
    ●
        Allows XenServer to be part of switching fabric
    ●
        Makes Network Admins happy.
    ●
        A Little History:
         –   Research project from Standford University
         –   Bay Area startup – Nicira
         –   Partnered with Nicira 2009

    Slides available under CC BY-SA 3.0
5


    Open vSwitch Project
    ●
        http://openvswitch.org
    ●
        Developed under GPL & Apache 2 License
    ●
        Mailing Lists
        –   Announcements: announce@openvswitch.org
        –   User-level discussion: discuss@openvswitch.org
        –   Dev (code review, etc): dev@openvswitch.org
        –   Mail Archives available
    ●
        As of Linux 3.3 patches started to be accepted for Open
        vSwitch.

    Slides available under CC BY-SA 3.0
master
                                                 git clone git://openvswitch.org/openvswitch




                                                                                                 branch-1.8
                                                                                                 branch-1.7
                                                                                                 branch-1.6
                                                                                                 branch-1.5                        branch-1.4.3
                                                                                                                                   XS 6.1
                                                                                                                                   branch-1.4.2
                                                                                                                             LTS
                                                                                                                                   branch-1.4.1
    Open vSwitch Git Tree

                            Source repository:




                                                                                                 branch-1.4
                                                                                                 branch-1.3




                                                                                                                                                  Slides available under CC BY-SA 3.0
                                                                                                 branch-1.2
                                                                                                                                   XS 6.0.2
                                                                                                 branch-1.1                        XS 6.0




                                                                                                                             LTS
                                                 $
                                                                                                 vlan-maint


                                ●
                                                                                               (Open vSwitch 1.0)
6
7


    Open vSwitch OpenSource Contributors
    $ git log | grep Author | cut -d “:” -f 2 | sort | uniq -c | sort | -nr
    In no particular order:
    ●
        Redhat
    ●
        IBM
    ●
        NEC
    ●
        HP
    ●
        Nicira
    ●
        Fujitsu
    ●
        Google
    ●
        Broadcom
    ●
        Cisco
    ●
        Intel
    ●
        Citrix



        Slides available under CC BY-SA 3.0
8

    Main Components
    ●
         Open vSwitch
          –   Open source: www.openvswitch.org
          –   Kernel mode module for packet switching (openvswitch_mod.ko)
          –   User space daemon for rules evaluation (ovsdb-server & ovs-switchd)
          –   Configured via OpenFlow protocol: www.openflow.org


                                                                                 XenServer
                                                                                  XenServer          XenServer
                                                                                                      XenServer
    ●
         OpenFlow Controller                                                        Host                Host
                                                                                     Host
                                                                                        vSwitch          HostvSwitch
                                                                                         vSwitch              vSwitch
          –   Open vSwitch has a number of nice standalone features
          –   BUT remote management is probably its most powerful
          –   Nearly every aspect can be controlled remotely
                                                                                               OpenFlow
                                                                                               OpenFlow
          –   Typically a deployment uses a centralized Controller                             Controller
                                                                                                Controller
          –   DVSC (Distributed Virtual Switch Controller)
               ●
                   One DVS Controller can manage multiple XenServer pools
                                                                                    XenServer
                                                                                     XenServer
               ●
                   Can be hosted in the same pool as it is managing                    Host
                                                                                        Host  vSwitch
               ●
                   Provides Flexible way to group hosts for network management                 vSwitch



        Slides available under CC BY-SA 3.0
9


    Architecture of Open vSwitch
    ●
        Each host runs a vSwitch userspace daemon plus kernel module
         –   ovs-vswitchd & ovsdb-server
         –   Drop-in replacement for the Linux bridge based stack.
         –   Daemon evaluates flow rules to determine destination of each frame.
         –   Pushes rules down into the kernel as necessary.

    ●
        In isolation the vSwitch acts much as the Linux bridge does:
         –   Layer-2 MAC learning on physical and virtual interfaces.
         –   From the XenServers toolstack level there is very little observable difference.
         –   Under the hood the management tools, configuration of the stack etc are very
             different.

    ●
        Optionally may connect to central Controller for distributed coordination and control


        Slides available under CC BY-SA 3.0
1
0
    Main Components on one XenServer Host



                                          JSON/RPC
                  ovsdb-server                            ovs-vswitchd
                                                      Packet
                                                     Classifier    FlowTable
                                                                    FlowTable
                                                                      FlowTable

                                                                                   User
                                                                                   Kernel


          Netlink                                    openvswitch_mod.ko
          Management Protocol (Unix Socket)
                                                                     Hash lookup
                                                                        Table


    Slides available under CC BY-SA 3.0
1
1
    ovsdb-server & ovs-vswitchd
    ●
        ovsdb-server
         –   Database that holds switch-level configuration
         –   Custom database with properties of:
             ●
                 Value contraints
             ●
                 Weak references
             ●
                 Garbage collection
         –   Log-based (helpful from debugging)
         –   Speaks Management protocol to ovs-vswitchd & Controller


    ●
        ovs-vswitchd
         –   Core component in the system
         –   Supports multiple independent datapaths (bridges)
         –   Communicates
             ●
                 With controller using OpenFlow
             ●
                 With ovsdb-server using management protocol
             ●
                 With kernel module using netlink
    ●
        Packet classifier supports flow lookup with wildcard rules
        Slides available under CC BY-SA 3.0
1
2
    openvswitch_mod.ko
    ●
        Fast path
    ●
        Kernel module handles packet switching
    ●
        Exact-match cache of flows
         –    Lookup & forwarding
    ●
        Designed to be fast and simple
         –    Knows nothing of Openflow
    ●
        Implements Tunnel encapsulation/decapsulation



    Slides available under CC BY-SA 3.0
1
3
       How the Controller fits with the other Components
                                                                Controller

                                                ssl                                                      Off-box


    # ovs-vsctl …                                                             xenbr1
                                                                               xenbr1      xenbr2
                                                                                            xenbr2
                                                                  JSON/RPC
    # ovs-appctl ...
    # ovs-ofctl ...                    ovsdb-server                             ovs-vswitchd
                                                                               Packet
                                                                              Classifier   FlowTable
                                                                                            FlowTable

                                                                                                         User
                                                                                                         Kernel


                                 Netlink                                     openvswitch_mod.ko
                                 Management Protocol (6632/TCP)
                                                                                           Hash lookup
                                 OpenFlow Channel (6633/TCP)
                                                                                              Table
                                 Command Line (ovs-vsctl, ovs-appctl, ..)


         Slides available under CC BY-SA 3.0
1
4   XenServer Packet Flow – Packet Miss

                                             DVS Controller                                  Accessible via Browser
                                              OFPT_PACKET_IN

    DomU                       ssl
    Dom0

                                                                xenbr1
                                                                 xenbr1     xenbr2
                                                                             xenbr2
                                                JSON/RPC
                                                                                                        XAPI
                   ovsdb-server                                   ovs-vswitchd
                                                                                         MISS #2
                                                                                                      Toolstack
                                                                Packet
                                                               Classifier   FlowTable
                                                                             FlowTable

                                                                                                          User
                                                                                                          Kernel


                               Incoming                        openvswitch_mod.ko
                                 Packet                                                   MISS #1
                                             eth1                           Hash lookup
                                                                               Table


       Slides available under CC BY-SA 3.0
XenServer Host
                                                                                                        VM- Domain2
             Flow Table Entries                                                                         10.80.228.31
1
5
                                                                                      xenbr0
                                                                                       xenbr0
                                                                                                           (Charlie)
              ●
                    VM Charlie sends a ping to Bob.
                                                                             Port 1       Port 2
             # ovs-dpctl show xenbr0
             system@xapi0:                                                        PIF
                      lookups: hit:103033 missed:77944 lost:0
                                                                                eth0           vif2.0
                      flows: 30
                      port 0: xenbr0 (internal)
                      port 1: eth0
                      port 2: vif2.0

              ●
                    Then dump flows:                                                  10.80.2.144
                                                                                         (Bob)
             # ovs-dpctl dump-flows xenbr0 | grep "10.80.2.144"
             in_port(2),eth(src=72:41:36:a2:8c:d9,dst=00:21:1b:f3:63:45),eth_type(0x0800),i
    Flow 1




             pv4(src=10.80.228.31,dst=10.80.2.144,proto=1,tos=0,ttl=64,frag=no),icmp(type=8
             ,code=0), packets:5013, bytes:491274, used:0.760s, actions:1
             in_port(1),eth(src=00:21:1b:f3:63:45,dst=72:41:36:a2:8c:d9),eth_type(0x0800),i
    Flow 2




             pv4(src=10.80.2.144,dst=10.80.228.31,proto=1,tos=0,ttl=62,frag=no),icmp(type=0
             ,code=0), packets:5013, bytes:491274, used:0.760s, actions:2
              ●
                    L2-L4 Exact Match
              ●
                    Total Number of packet matches of this type
              ●
                    Total Number of bytes for this flow match
              ●
                    Time flow was last updated
              ●
                    Actions.        In this case switch packet to Port 2.
                  Slides available under CC BY-SA 3.0
1
6
    What about SYN attacks ?
    ●
        SYN attack form of Denial-of-Service attacks
                   Client            SYN         Server          Attacker     SYN          Server

                                  SYN-ACK
                                                      Wait..                SYN-ACK         Wait..
                                                                                            And wait...
                                                                                            And wait...
                                      ACK

                                                 OK                                         Timeout!

                          TCP – Three Way Handshake
                                                               Legitimate
                                                                 Client
                                                                              SYN
    ●   For Open vSwitch this is particular problem !
                                                                     ??
        –   Each SYN is a new flow, thus a user-kernel interaction
    ●   Recent Open vSwitch introduced a 'Flow Governor'
        –   Detects large quantities of short-lived flows
        –   Stops flow setup in kernel module, thus missing a user to kernel interaction

    Slides available under CC BY-SA 3.0
1
7
    Open vSwitch Features
    ●
          Supports OpenFlow 1.0
    ●
          Bonding
    ●
          802.1Q VLAN
    ●
          Tunneling – Supports GRE mode
    ●
          Ingress policing
    ●
          NetFlow v5
    ●
          Port mirroring (SPAN and RSPAN)
    ●
          ACLs (through OpenFlow)
    ●
          Bridge compatibility
    ●
          Documented in ovs-vswitchd.conf man page:
           –   http://openvswitch.org/cgi-bin/ovsman.cgi?page=vswitchd%2Fovs-vswitchd.conf.5



        Slides available under CC BY-SA 3.0
1
8
    What is OpenFlow ?
    ●
        OpenFlow allows the path of network packets to be setup by
        software.
    ●
        It is the enabler of 'Software Defined Networking'.
    ●
        Standard way to control flow-tables in commercial switches
        and routers.
    ●
        Gives Controller high level access to the datapath routing
        decisions of a switch.
    ●
        Currently, support is limited to 1.0 plus a number of extensions
    ●
        Now managed by Open Networking Foundation (ONF)


    Slides available under CC BY-SA 3.0
1
9
    How does the Protocol work ?
    ●
        It uses a binary protocol for faster processing
    ●
        Header:                   8-bit   8-bit    16-bit        32-bit


                               version    Type    Length    Transaction id


    ●
        Simple protocol for running on embedded
        CPUs in hardware switches
    ●
        vSwitch connects over SSL to port 6633 on the
        Controller.

    Slides available under CC BY-SA 3.0
2
0
        OpenFlow Initial Setup Protocol
    Message Types
                                                vSwitch                             Controller
    ●    Controller-to-Switch                                     OFPT_HELLO
                                                                                    - Version
    ●    Asynchronous                                             OFPT_HELLO        of vSwitch
                                              - Version of
    ●    Symmetric                            Controller
                                                              OFPT_ECHO_REQUES
                                                                              T
                                                                          EPLY
                                                               OFPT_ECHO_R

                      Connection Established
                                                                             S
                                                                OFPT_FEATURE
                                          - Datapath id
                                          - Capabilities      OFPT_FEATURES_RE
                                                                              PLY
                                          - Actions
                                          - Ports
                                              - Name
                                              - HW Address
                                              - Port number




        Slides available under CC BY-SA 3.0
2
1
    OpenFlow Protocol
                        vSwitch                                  Controller
                                               OFPFC_ADD

                Change entry                  OFPFC_MODIFY
                in FlowTable                             E
                                              OFPFC_DELET



                Reason to send:              OFPT_PACKET_IN
                 - Packet miss                                   - In Port
                OR                                               - Reason
                 - Explicit rule                                 - Buffer id
                                                                 - Data

                                                        EQUEST
              REPLY with:                  OFPT_STATS_R
              - Switch description          OFPT_STATS_REPLY
              - Flow statistics
              - Table statistics
              - Queue statistics
              - Port statistics


                                                      _REQUEST
                                          OFPT_BARRIER
                     Synchronize           OFPT_BARRIER_REP
                                                           LY

    Slides available under CC BY-SA 3.0
2
2
    What happens if Controller connections is lost ?
                                          vSwitch              OFPT_ECHO_REQUES
                                                                                  T   Controller
                                                                                          ?




                                                    ECHO_REQUEST
                                                      timeout ???



    ●
        Immediately enter one of two modes:
         –    Fail secure mode
         –    Fail standalone mode



    Slides available under CC BY-SA 3.0
2
3
    WireShark Plugin for OpenFlow Protocol
    ●
         http://www.openflow.org/wk/index.php/OpenFlow_Wireshark_Dissector




    ●
         Command Line Alternative:

    # ovs-ofctl              snoop <bridge>




     Slides available under CC BY-SA 3.0
2
4
    Questions ?
    ●
        My Email: dominic.curran@citrix.com




              This work is licensed under a
              Creative Commons Attribution-ShareAlike 3.0 Unported License.

More Related Content

What's hot

[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
Ji-Woong Choi
 
Ceph with CloudStack
Ceph with CloudStackCeph with CloudStack
Ceph with CloudStack
ShapeBlue
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
Prasad Mukhedkar
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
VMware vSphere Networking deep dive
VMware vSphere Networking deep diveVMware vSphere Networking deep dive
VMware vSphere Networking deep dive
Sanjeev Kumar
 
Introduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentIntroduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application Development
Michelle Holley
 
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingBuilding Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Joe Huang
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
openflow
 
RYU Introduction
RYU IntroductionRYU Introduction
RYU Introduction
NCTU
 
오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기Nalee Jang
 
Neutron qos overview
Neutron qos overviewNeutron qos overview
Neutron qos overview
Sławomir Kapłoński
 
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
OpenStack Korea Community
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydney
Miguel Lavalle
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
OpenStackでも重要な役割を果たすPacemakerを知ろう!
OpenStackでも重要な役割を果たすPacemakerを知ろう!OpenStackでも重要な役割を果たすPacemakerを知ろう!
OpenStackでも重要な役割を果たすPacemakerを知ろう!
ksk_ha
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
rajdeep
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
OpenStack hands-on (All-in-One)
OpenStack hands-on (All-in-One)OpenStack hands-on (All-in-One)
OpenStack hands-on (All-in-One)
JeSam Kim
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
Pradeep Kumar
 

What's hot (20)

[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
 
Ceph with CloudStack
Ceph with CloudStackCeph with CloudStack
Ceph with CloudStack
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
 
VMware vSphere Networking deep dive
VMware vSphere Networking deep diveVMware vSphere Networking deep dive
VMware vSphere Networking deep dive
 
Introduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentIntroduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application Development
 
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingBuilding Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
 
RYU Introduction
RYU IntroductionRYU Introduction
RYU Introduction
 
오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기오픈소스로 구축하는 클라우드 이야기
오픈소스로 구축하는 클라우드 이야기
 
Neutron qos overview
Neutron qos overviewNeutron qos overview
Neutron qos overview
 
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydney
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Router
 
OpenStackでも重要な役割を果たすPacemakerを知ろう!
OpenStackでも重要な役割を果たすPacemakerを知ろう!OpenStackでも重要な役割を果たすPacemakerを知ろう!
OpenStackでも重要な役割を果たすPacemakerを知ろう!
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
OpenStack hands-on (All-in-One)
OpenStack hands-on (All-in-One)OpenStack hands-on (All-in-One)
OpenStack hands-on (All-in-One)
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
 

Viewers also liked

Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
YongKi Kim
 
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
The Linux Foundation
 
Windsor: Domain 0 Disaggregation for XenServer and XCP
	Windsor: Domain 0 Disaggregation for XenServer and XCP	Windsor: Domain 0 Disaggregation for XenServer and XCP
Windsor: Domain 0 Disaggregation for XenServer and XCP
The Linux Foundation
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP
The Linux Foundation
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
rranjithrajaram
 
Xen @ Google, 2011
Xen @ Google, 2011Xen @ Google, 2011
Xen @ Google, 2011
The Linux Foundation
 
Mirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliancesMirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliances
The Linux Foundation
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization Opportunities
The Linux Foundation
 
Openstack Xen and XCP
Openstack Xen and XCPOpenstack Xen and XCP
Openstack Xen and XCP
The Linux Foundation
 
Art of Using Xen at Scale
Art of Using Xen at ScaleArt of Using Xen at Scale
Art of Using Xen at Scale
The Linux Foundation
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
nvirters
 
Engaging the xen community
Engaging the xen communityEngaging the xen community
Engaging the xen community
The Linux Foundation
 
Xen and Apache cloudstack
Xen and Apache cloudstack  Xen and Apache cloudstack
Xen and Apache cloudstack
The Linux Foundation
 
Sdnds tw-meetup-2
Sdnds tw-meetup-2Sdnds tw-meetup-2
Sdnds tw-meetup-2
Fei Ji Siao
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and Futures
The Linux Foundation
 
Performance Tuning Xen
Performance Tuning XenPerformance Tuning Xen
Performance Tuning Xen
The Linux Foundation
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDK
Denys Haryachyy
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extension
julien pauli
 
Xenserver Networking
Xenserver NetworkingXenserver Networking
Xenserver Networking
Asrar Kadri
 
Citrix XenServer Design: Designing XenServer Network Configurations
Citrix XenServer Design:  Designing XenServer Network  ConfigurationsCitrix XenServer Design:  Designing XenServer Network  Configurations
Citrix XenServer Design: Designing XenServer Network Configurations
Nuno Alves
 

Viewers also liked (20)

Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPOscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP
 
Windsor: Domain 0 Disaggregation for XenServer and XCP
	Windsor: Domain 0 Disaggregation for XenServer and XCP	Windsor: Domain 0 Disaggregation for XenServer and XCP
Windsor: Domain 0 Disaggregation for XenServer and XCP
 
Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP Scale11x : Virtualization with Xen and XCP
Scale11x : Virtualization with Xen and XCP
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
 
Xen @ Google, 2011
Xen @ Google, 2011Xen @ Google, 2011
Xen @ Google, 2011
 
Mirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliancesMirage: extreme specialisation of virtual appliances
Mirage: extreme specialisation of virtual appliances
 
Xen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization OpportunitiesXen PV Performance Status and Optimization Opportunities
Xen PV Performance Status and Optimization Opportunities
 
Openstack Xen and XCP
Openstack Xen and XCPOpenstack Xen and XCP
Openstack Xen and XCP
 
Art of Using Xen at Scale
Art of Using Xen at ScaleArt of Using Xen at Scale
Art of Using Xen at Scale
 
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2Tech Talk by Ben Pfaff: Open vSwitch - Part 2
Tech Talk by Ben Pfaff: Open vSwitch - Part 2
 
Engaging the xen community
Engaging the xen communityEngaging the xen community
Engaging the xen community
 
Xen and Apache cloudstack
Xen and Apache cloudstack  Xen and Apache cloudstack
Xen and Apache cloudstack
 
Sdnds tw-meetup-2
Sdnds tw-meetup-2Sdnds tw-meetup-2
Sdnds tw-meetup-2
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and FuturesLF Collaboration Summit: Xen Project 4 4 Features and Futures
LF Collaboration Summit: Xen Project 4 4 Features and Futures
 
Performance Tuning Xen
Performance Tuning XenPerformance Tuning Xen
Performance Tuning Xen
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDK
 
Mysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extensionMysqlnd, an unknown powerful PHP extension
Mysqlnd, an unknown powerful PHP extension
 
Xenserver Networking
Xenserver NetworkingXenserver Networking
Xenserver Networking
 
Citrix XenServer Design: Designing XenServer Network Configurations
Citrix XenServer Design:  Designing XenServer Network  ConfigurationsCitrix XenServer Design:  Designing XenServer Network  Configurations
Citrix XenServer Design: Designing XenServer Network Configurations
 

Similar to Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer

Kafka 10000 feet view
Kafka 10000 feet viewKafka 10000 feet view
Kafka 10000 feet view
younessx01
 
Multisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the GapMultisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the Gap
Dimitri Mazmanov
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
yfauser
 
Learn OpenStack from trystack.cn ——Folsom in practice
Learn OpenStack from trystack.cn  ——Folsom in practiceLearn OpenStack from trystack.cn  ——Folsom in practice
Learn OpenStack from trystack.cn ——Folsom in practice
OpenCity Community
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
Sebastien Goasguen
 
Deep Dive Into Quantum
Deep Dive Into QuantumDeep Dive Into Quantum
Deep Dive Into Quantum
OpenCity Community
 
neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_update
Akihiro Motoki
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)
Chiradeep Vittal
 
[OSS Upstream Training] 5 open stack liberty_recap
[OSS Upstream Training] 5 open stack liberty_recap[OSS Upstream Training] 5 open stack liberty_recap
[OSS Upstream Training] 5 open stack liberty_recap
Vietnam Open Infrastructure User Group
 
open stackliberty_recap_by_VietOpenStack
open stackliberty_recap_by_VietOpenStackopen stackliberty_recap_by_VietOpenStack
open stackliberty_recap_by_VietOpenStack
Vietnam Open Infrastructure User Group
 
OpenSAF Symposium_Architecture_and_Roadmap_Update9.19.11
OpenSAF Symposium_Architecture_and_Roadmap_Update9.19.11OpenSAF Symposium_Architecture_and_Roadmap_Update9.19.11
OpenSAF Symposium_Architecture_and_Roadmap_Update9.19.11
OpenSAF Foundation
 
netapp c-mode terms
netapp c-mode termsnetapp c-mode terms
netapp c-mode terms
Ashwin Pawar
 
Open v switch20150410b
Open v switch20150410bOpen v switch20150410b
Open v switch20150410b
Richard Kuo
 
Subversion
SubversionSubversion
Subversion Overview
Subversion OverviewSubversion Overview
Subversion Overview
polarion
 
Mpls conference 2016-data center virtualisation-11-march
Mpls conference 2016-data center virtualisation-11-marchMpls conference 2016-data center virtualisation-11-march
Mpls conference 2016-data center virtualisation-11-march
Aricent
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networking
yfauser
 
What Multisite Means for Identity Management
What Multisite Means for Identity ManagementWhat Multisite Means for Identity Management
What Multisite Means for Identity Management
OPNFV
 
A multi-tenant architecture for Apache Axis2
A multi-tenant architecture for Apache Axis2A multi-tenant architecture for Apache Axis2
A multi-tenant architecture for Apache Axis2
Afkham Azeez
 
Windows offloaded data_transfer_steve_olsson
Windows offloaded data_transfer_steve_olssonWindows offloaded data_transfer_steve_olsson
Windows offloaded data_transfer_steve_olsson
scsibeast
 

Similar to Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer (20)

Kafka 10000 feet view
Kafka 10000 feet viewKafka 10000 feet view
Kafka 10000 feet view
 
Multisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the GapMultisite OpenStack for NFV: Bridging the Gap
Multisite OpenStack for NFV: Bridging the Gap
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
Learn OpenStack from trystack.cn ——Folsom in practice
Learn OpenStack from trystack.cn  ——Folsom in practiceLearn OpenStack from trystack.cn  ——Folsom in practice
Learn OpenStack from trystack.cn ——Folsom in practice
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
Deep Dive Into Quantum
Deep Dive Into QuantumDeep Dive Into Quantum
Deep Dive Into Quantum
 
neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_update
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)
 
[OSS Upstream Training] 5 open stack liberty_recap
[OSS Upstream Training] 5 open stack liberty_recap[OSS Upstream Training] 5 open stack liberty_recap
[OSS Upstream Training] 5 open stack liberty_recap
 
open stackliberty_recap_by_VietOpenStack
open stackliberty_recap_by_VietOpenStackopen stackliberty_recap_by_VietOpenStack
open stackliberty_recap_by_VietOpenStack
 
OpenSAF Symposium_Architecture_and_Roadmap_Update9.19.11
OpenSAF Symposium_Architecture_and_Roadmap_Update9.19.11OpenSAF Symposium_Architecture_and_Roadmap_Update9.19.11
OpenSAF Symposium_Architecture_and_Roadmap_Update9.19.11
 
netapp c-mode terms
netapp c-mode termsnetapp c-mode terms
netapp c-mode terms
 
Open v switch20150410b
Open v switch20150410bOpen v switch20150410b
Open v switch20150410b
 
Subversion
SubversionSubversion
Subversion
 
Subversion Overview
Subversion OverviewSubversion Overview
Subversion Overview
 
Mpls conference 2016-data center virtualisation-11-march
Mpls conference 2016-data center virtualisation-11-marchMpls conference 2016-data center virtualisation-11-march
Mpls conference 2016-data center virtualisation-11-march
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networking
 
What Multisite Means for Identity Management
What Multisite Means for Identity ManagementWhat Multisite Means for Identity Management
What Multisite Means for Identity Management
 
A multi-tenant architecture for Apache Axis2
A multi-tenant architecture for Apache Axis2A multi-tenant architecture for Apache Axis2
A multi-tenant architecture for Apache Axis2
 
Windows offloaded data_transfer_steve_olsson
Windows offloaded data_transfer_steve_olssonWindows offloaded data_transfer_steve_olsson
Windows offloaded data_transfer_steve_olsson
 

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
The Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
The Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
The Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
The Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
The Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
The Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
The Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
The Linux Foundation
 

More from The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 

Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer

  • 1. CloudStack Collaboration Conference 2012 Under the Hood: Open vSwitch & OpenFlow in XCP & XenServer Dominic Curran Citrix XenServer Software Engineer Nov 2012 Slides available under CC BY-SA 3.0
  • 2. 2 Contents ● Linux Bridge ● What does Open vSwitch Provide ? ● Open vSwitch Project ● How Open vSwitch works ● How Openflow works Slides available under CC BY-SA 3.0
  • 3. 3 What's wrong with Linux Bridge ? ● Linux Bridge: ● Open vSwitch: – Nothing ! – Full L2-L4 matching capability – L2 switch. Fast & reliable – Decision in userspace – Simple forwarding – ACLs, QoS & Bonding – Mobility of state Userspace Module Userspace Module VM VM VM VM Bridge Kernel Module Bridge Kernel Module OVS Kernel Module OVS Kernel Module VM VM VM VM packet packet Slides available under CC BY-SA 3.0
  • 4. 4 What does Open vSwitch Provide ? ● Provide greater visibility into the XenServer networking layer ● Provide distributed fine grained networking configuration and control policies ● Allows XenServer to be part of switching fabric ● Makes Network Admins happy. ● A Little History: – Research project from Standford University – Bay Area startup – Nicira – Partnered with Nicira 2009 Slides available under CC BY-SA 3.0
  • 5. 5 Open vSwitch Project ● http://openvswitch.org ● Developed under GPL & Apache 2 License ● Mailing Lists – Announcements: announce@openvswitch.org – User-level discussion: discuss@openvswitch.org – Dev (code review, etc): dev@openvswitch.org – Mail Archives available ● As of Linux 3.3 patches started to be accepted for Open vSwitch. Slides available under CC BY-SA 3.0
  • 6. master git clone git://openvswitch.org/openvswitch branch-1.8 branch-1.7 branch-1.6 branch-1.5 branch-1.4.3 XS 6.1 branch-1.4.2 LTS branch-1.4.1 Open vSwitch Git Tree Source repository: branch-1.4 branch-1.3 Slides available under CC BY-SA 3.0 branch-1.2 XS 6.0.2 branch-1.1 XS 6.0 LTS $ vlan-maint ● (Open vSwitch 1.0) 6
  • 7. 7 Open vSwitch OpenSource Contributors $ git log | grep Author | cut -d “:” -f 2 | sort | uniq -c | sort | -nr In no particular order: ● Redhat ● IBM ● NEC ● HP ● Nicira ● Fujitsu ● Google ● Broadcom ● Cisco ● Intel ● Citrix Slides available under CC BY-SA 3.0
  • 8. 8 Main Components ● Open vSwitch – Open source: www.openvswitch.org – Kernel mode module for packet switching (openvswitch_mod.ko) – User space daemon for rules evaluation (ovsdb-server & ovs-switchd) – Configured via OpenFlow protocol: www.openflow.org XenServer XenServer XenServer XenServer ● OpenFlow Controller Host Host Host vSwitch HostvSwitch vSwitch vSwitch – Open vSwitch has a number of nice standalone features – BUT remote management is probably its most powerful – Nearly every aspect can be controlled remotely OpenFlow OpenFlow – Typically a deployment uses a centralized Controller Controller Controller – DVSC (Distributed Virtual Switch Controller) ● One DVS Controller can manage multiple XenServer pools XenServer XenServer ● Can be hosted in the same pool as it is managing Host Host vSwitch ● Provides Flexible way to group hosts for network management vSwitch Slides available under CC BY-SA 3.0
  • 9. 9 Architecture of Open vSwitch ● Each host runs a vSwitch userspace daemon plus kernel module – ovs-vswitchd & ovsdb-server – Drop-in replacement for the Linux bridge based stack. – Daemon evaluates flow rules to determine destination of each frame. – Pushes rules down into the kernel as necessary. ● In isolation the vSwitch acts much as the Linux bridge does: – Layer-2 MAC learning on physical and virtual interfaces. – From the XenServers toolstack level there is very little observable difference. – Under the hood the management tools, configuration of the stack etc are very different. ● Optionally may connect to central Controller for distributed coordination and control Slides available under CC BY-SA 3.0
  • 10. 1 0 Main Components on one XenServer Host JSON/RPC ovsdb-server ovs-vswitchd Packet Classifier FlowTable FlowTable FlowTable User Kernel Netlink openvswitch_mod.ko Management Protocol (Unix Socket) Hash lookup Table Slides available under CC BY-SA 3.0
  • 11. 1 1 ovsdb-server & ovs-vswitchd ● ovsdb-server – Database that holds switch-level configuration – Custom database with properties of: ● Value contraints ● Weak references ● Garbage collection – Log-based (helpful from debugging) – Speaks Management protocol to ovs-vswitchd & Controller ● ovs-vswitchd – Core component in the system – Supports multiple independent datapaths (bridges) – Communicates ● With controller using OpenFlow ● With ovsdb-server using management protocol ● With kernel module using netlink ● Packet classifier supports flow lookup with wildcard rules Slides available under CC BY-SA 3.0
  • 12. 1 2 openvswitch_mod.ko ● Fast path ● Kernel module handles packet switching ● Exact-match cache of flows – Lookup & forwarding ● Designed to be fast and simple – Knows nothing of Openflow ● Implements Tunnel encapsulation/decapsulation Slides available under CC BY-SA 3.0
  • 13. 1 3 How the Controller fits with the other Components Controller ssl Off-box # ovs-vsctl … xenbr1 xenbr1 xenbr2 xenbr2 JSON/RPC # ovs-appctl ... # ovs-ofctl ... ovsdb-server ovs-vswitchd Packet Classifier FlowTable FlowTable User Kernel Netlink openvswitch_mod.ko Management Protocol (6632/TCP) Hash lookup OpenFlow Channel (6633/TCP) Table Command Line (ovs-vsctl, ovs-appctl, ..) Slides available under CC BY-SA 3.0
  • 14. 1 4 XenServer Packet Flow – Packet Miss DVS Controller Accessible via Browser OFPT_PACKET_IN DomU ssl Dom0 xenbr1 xenbr1 xenbr2 xenbr2 JSON/RPC XAPI ovsdb-server ovs-vswitchd MISS #2 Toolstack Packet Classifier FlowTable FlowTable User Kernel Incoming openvswitch_mod.ko Packet MISS #1 eth1 Hash lookup Table Slides available under CC BY-SA 3.0
  • 15. XenServer Host VM- Domain2 Flow Table Entries 10.80.228.31 1 5 xenbr0 xenbr0 (Charlie) ● VM Charlie sends a ping to Bob. Port 1 Port 2 # ovs-dpctl show xenbr0 system@xapi0: PIF lookups: hit:103033 missed:77944 lost:0 eth0 vif2.0 flows: 30 port 0: xenbr0 (internal) port 1: eth0 port 2: vif2.0 ● Then dump flows: 10.80.2.144 (Bob) # ovs-dpctl dump-flows xenbr0 | grep "10.80.2.144" in_port(2),eth(src=72:41:36:a2:8c:d9,dst=00:21:1b:f3:63:45),eth_type(0x0800),i Flow 1 pv4(src=10.80.228.31,dst=10.80.2.144,proto=1,tos=0,ttl=64,frag=no),icmp(type=8 ,code=0), packets:5013, bytes:491274, used:0.760s, actions:1 in_port(1),eth(src=00:21:1b:f3:63:45,dst=72:41:36:a2:8c:d9),eth_type(0x0800),i Flow 2 pv4(src=10.80.2.144,dst=10.80.228.31,proto=1,tos=0,ttl=62,frag=no),icmp(type=0 ,code=0), packets:5013, bytes:491274, used:0.760s, actions:2 ● L2-L4 Exact Match ● Total Number of packet matches of this type ● Total Number of bytes for this flow match ● Time flow was last updated ● Actions. In this case switch packet to Port 2. Slides available under CC BY-SA 3.0
  • 16. 1 6 What about SYN attacks ? ● SYN attack form of Denial-of-Service attacks Client SYN Server Attacker SYN Server SYN-ACK Wait.. SYN-ACK Wait.. And wait... And wait... ACK OK Timeout! TCP – Three Way Handshake Legitimate Client SYN ● For Open vSwitch this is particular problem ! ?? – Each SYN is a new flow, thus a user-kernel interaction ● Recent Open vSwitch introduced a 'Flow Governor' – Detects large quantities of short-lived flows – Stops flow setup in kernel module, thus missing a user to kernel interaction Slides available under CC BY-SA 3.0
  • 17. 1 7 Open vSwitch Features ● Supports OpenFlow 1.0 ● Bonding ● 802.1Q VLAN ● Tunneling – Supports GRE mode ● Ingress policing ● NetFlow v5 ● Port mirroring (SPAN and RSPAN) ● ACLs (through OpenFlow) ● Bridge compatibility ● Documented in ovs-vswitchd.conf man page: – http://openvswitch.org/cgi-bin/ovsman.cgi?page=vswitchd%2Fovs-vswitchd.conf.5 Slides available under CC BY-SA 3.0
  • 18. 1 8 What is OpenFlow ? ● OpenFlow allows the path of network packets to be setup by software. ● It is the enabler of 'Software Defined Networking'. ● Standard way to control flow-tables in commercial switches and routers. ● Gives Controller high level access to the datapath routing decisions of a switch. ● Currently, support is limited to 1.0 plus a number of extensions ● Now managed by Open Networking Foundation (ONF) Slides available under CC BY-SA 3.0
  • 19. 1 9 How does the Protocol work ? ● It uses a binary protocol for faster processing ● Header: 8-bit 8-bit 16-bit 32-bit version Type Length Transaction id ● Simple protocol for running on embedded CPUs in hardware switches ● vSwitch connects over SSL to port 6633 on the Controller. Slides available under CC BY-SA 3.0
  • 20. 2 0 OpenFlow Initial Setup Protocol Message Types vSwitch Controller ● Controller-to-Switch OFPT_HELLO - Version ● Asynchronous OFPT_HELLO of vSwitch - Version of ● Symmetric Controller OFPT_ECHO_REQUES T EPLY OFPT_ECHO_R Connection Established S OFPT_FEATURE - Datapath id - Capabilities OFPT_FEATURES_RE PLY - Actions - Ports - Name - HW Address - Port number Slides available under CC BY-SA 3.0
  • 21. 2 1 OpenFlow Protocol vSwitch Controller OFPFC_ADD Change entry OFPFC_MODIFY in FlowTable E OFPFC_DELET Reason to send: OFPT_PACKET_IN - Packet miss - In Port OR - Reason - Explicit rule - Buffer id - Data EQUEST REPLY with: OFPT_STATS_R - Switch description OFPT_STATS_REPLY - Flow statistics - Table statistics - Queue statistics - Port statistics _REQUEST OFPT_BARRIER Synchronize OFPT_BARRIER_REP LY Slides available under CC BY-SA 3.0
  • 22. 2 2 What happens if Controller connections is lost ? vSwitch OFPT_ECHO_REQUES T Controller ? ECHO_REQUEST timeout ??? ● Immediately enter one of two modes: – Fail secure mode – Fail standalone mode Slides available under CC BY-SA 3.0
  • 23. 2 3 WireShark Plugin for OpenFlow Protocol ● http://www.openflow.org/wk/index.php/OpenFlow_Wireshark_Dissector ● Command Line Alternative: # ovs-ofctl snoop <bridge> Slides available under CC BY-SA 3.0
  • 24. 2 4 Questions ? ● My Email: dominic.curran@citrix.com This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.