meetup #2

OpenvSwitch 初探 pichuang@sdnds-tw

About me

❖ pichuang a.k.a. ⼩小⾶飛機!

❖ 救⽕火員型研究⽣生!

❖ NCTU CSCC TA!

❖ NCTU Wireless Internet Lab!

❖ http://roan.logdown.com!

❖ http://fbl.me/pichuang

OpenvSwitch Introduction

❖ Production Quality!

❖ Multi Layer virtual switch!

❖ L2 - L4!

❖ Support OpenFlow protocol!

❖ Written in platform-independent C

OpenvSwitch Features❖ VLAN tagging and trunking (802.1q)!

❖ Standard Spanning Tree Protocol (802.1d)!

❖ Link Aggregation Control Protocol (802.3ad)!

❖ Port mirror!

❖ RSPAN!

❖ SPAN

❖ Flow monitor!

❖ sFlow!

❖ NetFlow!

❖ IP Flow Information Export (IPFIX)!

❖ QoS Control!

❖ Tunneling Protocol!

❖ VXLAN!

❖ GRE!

❖ IPSEC!

❖ Support Intel® DPDK!

❖ Support Linux Kenrel 3.11 ~ 3.14

OpenvSwitch Overview

datapath!ovs kernel module

ovs-vswitchd ovsdb-server

OpenFlow Controller

Kernel space

User space

Remote

unix socket

netlink

OpenFlow protocol

kmod_openvswitch

datapath!ovs kernel module

ovs-vswitchd ovsdb-server

OpenFlow Controller

Kernel space

User space

Remote

unix socket

netlink

OpenFlow protocol

❖ a.k.a “datapath"!

❖ Fast Path lookup!

❖ Strict match!

❖ Similar to linux bridge !

❖ Hook network device handle!

❖ Extract Flow key!

❖ jhash3!

❖ Implement tunneling protocol!

❖ Megaflow (Wildcard table)

ovs-dpctl❖ Manage datapath command!

❖ ovs-dpctl show!

❖ ovs-dpctl dump-flows!

❖ ovs-dpctl add-flow!

❖ ovs-dpctl -h!

!

❖ ovs-dpctl-top (python)

ovs-vswitchd

datapath!ovs kernel module

ovs-vswitchd ovsdb-server

OpenFlow Controller

Kernel space

User space

Remote

unix socket

netlink

OpenFlow protocol

❖ OpenvSwitch core component!

❖ Talk to datapath via netlink!

❖ Communicate with ovsdb-server via unix socket!

❖ Implement various protocols!

❖ like OpenFlow protocol!

❖ Include exactly table(Fast lookup) and wildcard table (Slow lookup)

ovs-ofctl❖ Manage ovs-vswitchd command!

❖ ovs-ofctl dump-flows <bridge name>!

❖ ovs-ofctl show <bridge name>!

❖ ovs-ofctl dump-tables <bridge name>!

❖ ovs-ofctl -h

ovs-appctl❖ Manage logging level!

❖ ovs-appctl vlog/list!

❖ ovs-appctl vlog/set {module name}:{console, syslog, file}:{off, emer, err, warn, info, dbg}!

❖ Generate packet for trace!

❖ ovs-appctl ofproto/trace <bridge name>!

❖ http://goo.gl/tWbZXH

ovsdb-server

datapath!ovs kernel module

ovs-vswitchd ovsdb-server

OpenFlow Controller

Kernel space

User space

Remote

unix socket

netlink

OpenFlow protocol

❖ ovs-vswitchd configuration is stored on disk!

❖ The OVSDB management protocol (RFC 7047)!

❖ vswitch.ovsschema!

❖ JSON Format

ovs-vsctl❖ Manages ovs-vswitchd configuration !

❖ ovs-vsctl show!

❖ …!

❖ ovs-vsctl -h

ovsdb-tool❖ Open vSwitch database management utility!

❖ ovsdb-tool create conf.db vswitch.ovsschema!

❖ ovsdb-tool query!

❖ ovsdb-tool -h

ovs-ctl❖ OpenvSwitch Startup Script!

❖ /usr/share/openvswitch/scripts/ovs-ctl!

❖ ovs-ctl start!

❖ ovs-ctl stop!

❖ ovs-ctl -h

Match Flow

Flow match

datapath flow table

ovs-vswitchd wildcard flow table

ovs-vswitchd exactly flow table

OpenFlow Controller

unknown packet

upcall (netlink)Kernel space

OpenFlow PACKET_IN

Flow install

datapath flow table

ovs-vswitchd wildcard flow table

ovs-vswitchd exactly flow table

OpenFlow Controller

install flow entryKernel space

OpenFlow PACKET_OUT

execute actions

packet out

Debugging OpenvSwitch

OpenvSwitch Setting

Daemon❖ Start!

❖ ovs-ctl start!

❖ custom init script !

❖ Check!

❖ ovs-ctl status!

❖ ps aux |grep ovs

Logging

❖ ovsdb-tool show-log [-mmm]!

❖ cat /var/log/openvswitch/{ovsdb-server,ovs-vswitchd}.log

ovs-vsctl show

❖ Controller!

❖ Connection methods: tcp, ssl!

❖ OpenFlow protocol: 6633, 6653!

❖ is_connected: true!

❖ fail_mode!

❖ secure, standalone

ovs-ofctl

datapath flow table

ovs-vswitchd wildcard flow table

ovs-vswitchd exactly flow table

OpenFlow Controller

Kernel space

ovs-ofctl show <bridge name>❖ Features Reply!

❖ dpid!

❖ ofport <-> interface

ovs-dpctl

datapath flow table

ovs-vswitchd wildcard flow table

ovs-vswitchd exactly

OpenFlow Controller

Kernel space

ovs-dpctl show❖ hit!

❖ hit existing entry!

❖ missed!

❖ send to userspace!

❖ drop!

❖ flows

Flow

ovs-ofctl

datapath flow table

ovs-vswitchd wildcard flow table

ovs-vswitchd exactly flow table

OpenFlow Controller

Kernel space

ovs-ofctl dump-flows <bridge name>❖ xid!

❖ check fields!

❖ duration, idle_age, priority, in_port!

❖ actions

ovs-dpctl

datapath flow table

ovs-vswitchd wildcard flow table

ovs-vswitchd exactly

OpenFlow Controller

Kernel space

ovs-dpctl dump-flows❖ packets!

❖ used!

❖ actions

ovs-appctl bridge/dump-flows <br>❖ Include hidden flow!

❖ Send packet to OpenFlow Controller

Thank you