opendaylight ovsdb plugin network virtualization ... · pdf filevirtualization integration...

www.opendaylight.org

OpenDaylight OVSDB Plugin Network Virtualization Integration Project:

Past, Present and Future

Anil Vishnoi ([email protected])

Brocade Communication Systems


...will talk about :

What OVSDB Project offers? Why it's Center of Attraction? Brief Overview of Open vSwitch & Management Protocol High Level Architecture and Control Flow Past : Initial Architecture, Open Flow 1.3 Support, L2 Support Present : MD-SAL Migration, Southbound Plugin, L3 Support Future : Southbound Plugin Migration, LBaaS & FWaaS Support Want to do hands on? Looking for Contribution?


What OVSDB Project offers?

… network virtualization solution for Openstack … southbound plugin to configure Open vSwitch … library to encode/decode OVSDB protocol … rest & restconf interface to configure Open vSwitch … challenging software define networking problems to solve … challenging work items, if you want to contribute :)


OpenDaylight

DOVE Provider

VTN Provider

Neutron Service

OpenStack Neutron

OVSDB Provider

▪OpenDaylight exposes a single common OpenStack Service Northbound

▪API exposed matches Neutron API precisely

▪Multiple implementations of Neutron networks in OpenDaylight

▪OpenDaylight OpenStack Neutron Plugin simply passes through

▪Simplifies OpenStack plugin

▪Pushes complexity to OpenDaylight

Neutron ML2 MechanismDriver

OpenDaylight APIs (REST)

Reason 1: OpenStack Integration


Reason 2: SDN, NFV and OpenDaylight

6

Open, Programmable APIsOpen, Programmable APIs

Virtualization and Abstraction Layer Virtualization and Abstraction Layer

New Revenue

Lower Cost

SDNSDN NFVNFV

Orchestration, Automation and MANOOrchestration, Automation and MANO

Service Agility


Brief Overview of Open vSwitch : Main Features

Open vSwitch is an open source switching stack for virtualization. Enables massive network automation through programmatic extensions Open vSwitch brings many features standard in hardware devices to virtualized environments:

VLANs A variety of tunneling protocols LACP and other bonding modes QoS shaping and policing ACLs over a range of L2-L4 protocols NetFlow, sFlow, IPFIX, mirroring

Plus remote programmability and management features: OpenFlow 1.0/1.3 support All features and status remotely configurable and viewable. Support for many extensions (openflow, nicira)


Brief Overview of Open vSwitch: Programmability Aspect

Extensive flow matching capabilities Layer 1 – Tunnel ID, In Port, QoS priority, skb mark Layer 2 – MAC address, VLAN ID, Ethernet type Layer 3 – IPv4/IPv6 fields, ARP Layer 4 – TCP/UDP, ICMP, ND

Possible chain of actions Output to port (port range, flood, mirror) Discard, Resubmit to table x Packet Mangling (Push/Pop VLAN header, TOS, ...) Send to controller, Learn

Centralized Control One Open Flow connection per datapath One Management channel per system


Brief Overview of Open vSwitch: High Level Architecture


Open vSwitch Components:

ovsdb-server Database that holds switch-- level configuration‐ Custom database with nice properties:

Value constraints Weak references Garbage collection

Log based Speaks management protocol(JSON-RPC) to manager and ovs-vswitchd

ovs-vswitchd: Core component in the system:

Communicates with outside world using OpenFlow Communicates with ovsdb- server using management protocol Communicates with kernel module over netlink Communicates with the system through netdev abstract interface

Supports multiple independent datapaths (bridges) Packet classifier supports efficient flow lookup with wildcards and “explodes” these

(possibly) wildcard rules for fast processing by the datapath


OVSDB Management Protocol :

JSON-RPC based protocol Interact with OVSDB database for managing and configuring Open vSwitch Instance Provides methods like

Transact Monitor Monitor Get Schema Notifications

Allows data base operations like Insert Delete Mutate Update Select Abort Comment


High Level Architecture:


High Level Control Flow : Connect Ovsdb to Controller


High Level Control Flow : Programmed Flows – Pipeline processingOpenstack-setup-compute# ovs-vsctl show4575bb26-b73b-4e0a-a62a-9b3ff06e19af Manager "tcp:192.168.57.1:6640" is_connected: true Bridge br-int Controller "tcp:192.168.57.1:6633" is_connected: true fail_mode: secure Port br-int Interface br-int ovs_version: "2.0.2"

Openstack-setup-compute# ovs-ofctl dump-flows br-int -O OpenFlow13 cookie=0x0, duration=23.662s, table=0, n_packets=0, n_bytes=0, dl_type=0x88cc actions=CONTROLLER:65535 cookie=0x0, duration=17.982s, table=0, n_packets=4, n_bytes=320, priority=0 actions=goto_table:20 cookie=0x0, duration=17.474s, table=20, n_packets=1, n_bytes=70, priority=0 actions=goto_table:30 cookie=0x0, duration=16.966s, table=30, n_packets=1, n_bytes=70, priority=0 actions=goto_table:40 cookie=0x0, duration=16.449s, table=40, n_packets=1, n_bytes=70, priority=0 actions=goto_table:50 cookie=0x0, duration=15.933s, table=50, n_packets=1, n_bytes=70, priority=0 actions=goto_table:60 cookie=0x0, duration=15.417s, table=60, n_packets=1, n_bytes=70, priority=0 actions=goto_table:70 cookie=0x0, duration=14.913s, table=70, n_packets=1, n_bytes=70, priority=0 actions=goto_table:80 cookie=0x0, duration=14.404s, table=80, n_packets=1, n_bytes=70, priority=0 actions=goto_table:90 cookie=0x0, duration=13.896s, table=90, n_packets=0, n_bytes=0, priority=0 actions=goto_table:100 cookie=0x0, duration=13.387s, table=100, n_packets=0, n_bytes=0, priority=0 actions=goto_table:110 cookie=0x0, duration=12.875s, table=110, n_packets=0, n_bytes=0, priority=0 actions=drop


High Level Control Flow : Create Network/Subnet/Port


Openstack-setup-compute# ovs-vsctl show4575bb26-b73b-4e0a-a62a-9b3ff06e19af Manager "tcp:192.168.57.1:6640" is_connected: true Bridge br-int Controller "tcp:192.168.57.1:6633" is_connected: true fail_mode: secure Port br-int Interface br-int Port "vxlan-192.168.201.128" Interface "vxlan-192.168.201.128" type: vxlan options: {key=flow, local_ip="192.168.201.129", remote_ip="192.168.201.128"} Port "tap860039e7-9b" Interface "tap860039e7-9b" ovs_version: "2.0.2"

High Level Control Flow : Bridge configuration changes


High Level Control Flow : Programmed Flows - L2 Routing (First VM Created)Openstack-setup-compute# ovs-ofctl dump-flows br-int -O OpenFlow13table=0, dl_type=0x88cc actions=CONTROLLER:65535table=0, priority=0 actions=goto_table:20table=20, priority=0 actions=goto_table:30table=30, priority=0 actions=goto_table:40table=40, priority=0 actions=goto_table:50table=50, priority=0 actions=goto_table:60table=60, priority=0 actions=goto_table:70table=70, priority=0 actions=goto_table:80table=80, priority=0 actions=goto_table:90table=90, priority=0 actions=goto_table:100table=100, priority=0 actions=goto_table:110table=110, priority=0 actions=drop

table=110, tun_id=0x1,dl_dst=fa:16:3e:e5:e2:e1 actions=output:2 (Incoming traffic for VM)table=0, tun_id=0x1,in_port=1 actions=load:0x2->NXM_NX_REG0[],goto_table:20 (Other Incoming Traffic)table=110, priority=16384,reg0=0x2,tun_id=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=output:2 (If Broadcast, send it VM port-- that's the only port related to network with vxlan-id = 0x1)table=110, priority=8192,tun_id=0x1 actions=drop (Else drop it)

table=0, in_port=2,dl_src=fa:16:3e:e5:e2:e1 actions=set_field:0x1->tun_id,load:0x1->NXM_NX_REG0[],goto_table:20 (Tag outgoing VM Traffic)table=110, priority=16383,reg0=0x1,tun_id=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=output:2,output:1 (If broadcast, sent it on all port)table=110, tun_id=0x1,dl_dst=fa:16:3e:e3:35:86 actions=output:1 (DHCP traffic of the network– send it out)

table=0, priority=8192,in_port=2 actions=drop (Drop rest all traffic from VM)


High Level Control Flow : Programmed Flows - L2 Routing (Second VM Created)Openstack-setup-compute# ovs-ofctl dump-flows br-int -O OpenFlow13table=0, dl_type=0x88cc actions=CONTROLLER:65535table=0, priority=0 actions=goto_table:20table=20, priority=0 actions=goto_table:30table=30, priority=0 actions=goto_table:40table=40, priority=0 actions=goto_table:50table=50, priority=0 actions=goto_table:60table=60, priority=0 actions=goto_table:70table=70, priority=0 actions=goto_table:80table=80, priority=0 actions=goto_table:90table=90, priority=0 actions=goto_table:100table=100, priority=0 actions=goto_table:110table=110, priority=0 actions=drop

table=110, tun_id=0x1,dl_dst=fa:16:3e:e5:e2:e1 actions=output:2 (Incoming traffic for VM)table=0, tun_id=0x1,in_port=1 actions=load:0x2->NXM_NX_REG0[],goto_table:20 (Other Incoming Traffic)table=110, priority=16384,reg0=0x2,tun_id=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=output:2 (If Broadcast, send it VM port-- that's the only port related to network with vxlan-id = 0x1)table=110, priority=8192,tun_id=0x1 actions=drop (Else drop it)table=0, in_port=2,dl_src=fa:16:3e:e5:e2:e1 actions=set_field:0x1->tun_id,load:0x1->NXM_NX_REG0[],goto_table:20 (Tag outgoing VM Traffic)table=110, priority=16383,reg0=0x1,tun_id=0x1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=output:2,output:1 (If broadcast, sent it on all port)table=110, tun_id=0x1,dl_dst=fa:16:3e:e3:35:86 actions=output:1 (DHCP traffic of the network– send it out)table=0, priority=8192,in_port=2 actions=drop (Drop rest all traffic from VM)

table=110, tun_id=0x1,dl_dst=fa:16:3e:49:e9:5a actions=output:2 (VM1-->VM2)


OVSDB Project : Past


OVSDB Project : Present – Migration to MD-SAL & L3 Service


OVSDB Project : Present – Southbound Plugin


OVSDB Project : Present Migrated following AD-SAL based module to MD-SAL

Net-virt provider Plugin bundle

Implemented SAL compatibility layer to support backward compatibility for VTN project Implemented Yang based Southbound Plugin module Implemented L3 Service

East West Traffic Routing North South Traffic Routing : WIP

Improved integration tests / code coverage Cleaned up stale code


OVSDB Project : Future – Migration to Southbound Plugin


OVSDB Project : Future – Northbound MD-SAL Migration


OVSDB Project : Future – Migration to Neutron Yang Models


OVSDB Project : Future – Clustering and New L3 Service


Want to do hands on? Clone ovsdb code

git clone https://git.opendaylight.org/gerrit/ovsdb Build it

mvn clean install Setup one or two node openstack setup. Do following config on network node to connect it to OpenDaylight controller:

Stop neutron-plugin-openvswitch-agent (if running) Configure ml2_conf.ini for OpenDaylight

type_drivers = local,gre,vxlan tenant_network_types = vxlan mechanism_drivers = opendaylight

Configure ml2_conf_odl.ini url = http://<controller-ip>:8080/controller/nb/v2/neutron username = admin password = admin

Restart neutron server Set “local_ip” attribute for ovsdb on both control and compute node

OVSUUID=$(ovs-vsctl get Open_vSwitch . _uuid); ovs-vsctl set Open_vSwitch $OVSUUID other_config:local_ip=<local-ip>

Set manager for ovsdb instance on all the nodes ovs-vsctl set-manager tcp:<controller-ip>:6640

Setup is ready to create the network.

For Devstack based setup - https://wiki.opendaylight.org/view/OVSDB:Helium_and_Openstack_on_Fedora20


Start from here..

Pull the code and review documentation at - https://wiki.opendaylight.org/view/OVSDB_Integration:Main

Connect with active developers in the community on the #opendaylight-ovsdb IRC channel at freenode.net

Checkout OVSDB trello page : https://trello.com/odlovsdb Join the conversation through lists.opendaylight.org and

ask.opendaylight.org

https://wiki.opendaylight.org/view/OVSDB_Integration:Main

https://trello.com/odlovsdb

opendaylight ovsdb plugin network virtualization ... · pdf filevirtualization integration...

Documents