openvswitchand...
TRANSCRIPT
![Page 1: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/1.jpg)
© 2012 Nicira. All rights reserved. CONFIDENTIAL.
Open vSwitch and SoBware Defined Networking Jesse Gross Nicira
LinuxCon Japan June 6, 2012
![Page 2: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/2.jpg)
© 2012 Nicira. All rights reserved. .
Open vSwitch: What is it?
• Open source switching stack for virtualizaMon. • The new entry point into the network is the hypervisor.
• Two ways to view OVS: – Gaining back visibility and control that usually comes from the features of a hardware switch
– An opportunity to exploit the flexibility that comes from soBware and virtualizaMon
![Page 3: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/3.jpg)
© 2012 Nicira. All rights reserved. .
Open vSwitch: Why do I care?
• Data centers are both larger and more dynamic than
before.
• VirtualizaMon provides flexibility to computaMon
resources but the network is now the boTleneck.
• This requires: – a programmaMc interface – access to hypervisor state – data plane constructs to build a distributed system
![Page 4: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/4.jpg)
© 2012 Nicira. All rights reserved. .
(Partial) List of Contributors
![Page 5: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/5.jpg)
© 2012 Nicira. All rights reserved. .
Project
• hTp://openvswitch.org • Mailing Lists – Announcements: [email protected] – User-‐level discussion: [email protected] – Dev (code review, etc): [email protected] – Archives available
• Userspace is Apache licensed • Kernel is GPLv2 • Source repository:
git clone git://openvswitch.org/openvswitch
![Page 6: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/6.jpg)
© 2012 Nicira. All rights reserved. .
OVS Main Components
openvswitch.ko
ovsdb-‐server
User
Kernel
Control & Management Cluster
ovs-‐vswitchd
Management Protocol (6632/TCP)
OpenFlow (6633/TCP)
Netlink
Off-‐box
![Page 7: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/7.jpg)
© 2012 Nicira. All rights reserved. .
Centralized Control
• One OpenFlow connecMon per datapath – Exports idealized view of switch’s datapath
• Lookup based on L2-‐L4 • Full wildcarding and prioriMes • AcMons: forward, drop, modify, and queue
• Missed flows go to central controller
• One management channel per system
– Switch-‐level configuraMon – Resources – Counters
![Page 8: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/8.jpg)
© 2012 Nicira. All rights reserved. .
ovs-‐vswitchd
• Core component in the system: – Communicates with outside world using OpenFlow – Communicates with ovsdb-‐server using management protocol – Communicates with kernel module over netlink – Communicates with the system through netdev abstract interface
• Supports mulMple independent datapaths (bridges) • Packet classifier supports efficient flow lookup with wildcards
and “explodes” these (possibly) wildcard rules for fast processing by the datapath
• Implements mirroring, bonding, and VLANs through modificaMons of the same flow table exposed through OpenFlow
• Checks datapath flow counters to handle flow expiraMon and stats requests
![Page 9: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/9.jpg)
© 2012 Nicira. All rights reserved. .
• Kernel module that handles switching and tunneling
• Exact-‐match cache of flows
• Designed to be fast and simple – Packet comes in, if found, associated acMons executed and
counters updated. Otherwise, sent to userspace – Does no flow expiraMon – Knows nothing of OpenFlow
• ~170 KLOC total in Open vSwitch • ~12 KLOC in kernel
openvswitch.ko
![Page 10: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/10.jpg)
© 2012 Nicira. All rights reserved. .
• Database that holds switch-‐level configuraMon • Custom database with nice properMes:
– Value constraints – Weak references
– Garbage collecMon
• Log-‐based (awesome for debugging)
• Speaks management protocol (JSON-‐RPC) to manager and
ovs-‐vswitchd
ovsdb-server
![Page 11: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/11.jpg)
© 2012 Nicira. All rights reserved. .
• Default networking stack for open source Xen Cloud Plalorm (XCP)
• Default networking stack for Citrix XenServer and basis for their Distributed Virtual Switch (DVS)
• DistribuMon packaging – Debian – Ubuntu – SUSE – Fedora – Red Hat
• Kernel module part of Linux 3.3 • NaMvely supported by libvirt 0.9.11
Packaging
![Page 12: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/12.jpg)
© 2012 Nicira. All rights reserved. .
The Bigger Picture
Controller Cluster
Quantum
Quantum Plugin
OVS OVS OVS OVS
Nova SwiB
![Page 13: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/13.jpg)
© 2012 Nicira. All rights reserved. .
• OVS has been the de facto reference implementaMon of OpenFlow for some Mme
• OVS has full OpenFlow 1.0 Support, plus – Nicira Extensible Match (basis of OXM in 1.2)
– Resubmit
– Support for mulMple controllers (basis for 1.2 design) – Other extensions
• Support for later versions planned – hTp://openvswitch.org/development/openflow-‐1-‐x-‐plan/
OVS and OpenFlow
![Page 14: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/14.jpg)
© 2012 Nicira. All rights reserved. .
• Simple L2 learning switch using OpenFlow
• All switches (including OVS) can do this autonomously
• Programmability makes it a building block
Demo
![Page 15: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/15.jpg)
© 2012 Nicira. All rights reserved. .
Performance
1
10
100
1000
10000
100000
1000000
Small Packet (mbps)
Bulk Throughput (mbps)
Latency (μs) Flow setups (fps)
NaMve Linux Bridge Open vSwitch
![Page 16: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/16.jpg)
© 2012 Nicira. All rights reserved. .
• Networking is a distributed system
• Different components of the system need to interconnect and
share state
• IP has won as the fast and cheap backbone of choice • Tunneling is the mechanism to give the power of Open
vSwitch to the enMre network
• Currently working on expanding the capabiliMes of OVS tunnels and integraMng with upstream
Tunneling
![Page 17: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/17.jpg)
© 2012 Nicira. All rights reserved. .
• You may have heard of STT
– draB-‐davie-‐sT-‐01.txt • MoMvaMon:
– Hypervisor-‐originated tunnels needed – SoBware performance of tunnels typically lags naMve I/O performance due to loss of NIC support for TCP SegmentaMon Offload (TSO) and other offloads
– Remember the order of magnitude difference between large and small packets?
– STT retains TSO by faking out the NIC
Speaking of tunnels…
![Page 18: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/18.jpg)
© 2012 Nicira. All rights reserved. .
• Keeping OVS up with OpenFlow specs (1.1, 1.2 and beyond) • Your favorite networking funcMonality
– MPLS, private VLANs, etc.
• Port to your favorite hardware – This has been done for some HW
– Can leverage HW forwarding paths more sophisMcated than the kernel module (e.g. TCAM)
Opportunities
![Page 19: OpenvSwitchand SoBwareDefinedNetworking©"2012"Nicira."All"rights"reserved."CONFIDENTIAL." OpenvSwitch"and" SoBware"Defined"Networking" JesseGross Nicira LinuxCon"Japan "June6,2012](https://reader033.vdocuments.net/reader033/viewer/2022053114/608e86a9a4b2aa03060f8a89/html5/thumbnails/19.jpg)