Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Open VSwitch .. Use it for your day to day needs

R
rranjithrajaram

Slides of open vSwitch used for Fudcon 2015. Main agenda for this talk was.. why openvswitch is a better alternative to Linux bridge and why you should start using it as the bridge for your KVM host.

1 of 19
Ranjith Rajaram Presented by: Sr. Technical Account Manager, Red Hat Open vSwitch
Agenda 1.What is open vSwitch 2. Features of open vSwitch 3. Components of open vSwitch 4. Better alternative for Linux Bridge' 5. Peep into OpenFlow 6. Demo 7.1 QoS 7.2 Flow
Open vSwitch and its features
Multi layer virtual switch licensed under Apache 2.0 Enables network automation through programmatic extensions Flexible control in user-space Fast Datapath in Kernel Supports monitoring protocols like Netflow, sflow etc Included in Linux 3.3 kernel by default Open vSwitch
Visibility into inter VM communication via netflow,sflow Standard 802.1q VLAN model via trunking Per VM interface traffic policing NIC Bonding Openflow protocol support Multiple tunneling protocols like GRE,VxLAN, IPSec, GRE over IPSEC) Open vSwitch: Features http://openvswitch.org/features
Components of Open vSwitch
The main components are: ovs-vswitchd, a daemon that implements the switch, along with a companion Linux kernel module (openswitch_mod.ko) for flow-based switching. Kernel module openswitch_mod.ko ovsdb-server, a lightweight database server that ovs-vswitchd queries to obtain its configuration. OpenVswitch: Components
Better than Linux Bridge
Comparison with Linux Bridge Open vSwitch: Linux Bridge: - Full L2-L4 matching capability - Just a L2 device - Decision in UserSpace - No complexity - ACL's, Qos, Bonding - Simple forwarding - Mobility of state - OpenFlow Controller - distributed vSwitches
Open vSwitch: openFlow
Peep into OpenFlow ● OpenFlow allows the path of network packets to be setup by software. ● Enabler of 'Software Defined Networking'. ● Standard way to control flow-tables in commercial switches and routers. ● Gives Controller high level access to the datapath routing decisions of a switch ● OpenFlow protocol standards are defined by Open Networking Foundation
Open vSwitch: Modes
Openvswitch modes ● Open vSwitch can operate in Normal mode or Flow mode ● In normal mode, it acts as a layer 2 learning switch ● In flow mode, it uses flow tables set by openflow controllers or flows added manually using ovs-ofctl add-flow ● Open vSwitch flow is composed of match and action. ● Flow tables are composed of many flows and are processed in a well defined order using priority and starting from table 0 ● The match part of the flow defines what fields of the packet must match inorder to hit the flow. You can match l2/3/4 frame
Openvswitch : Flow contiued ● Once a match is found, action part of a flow defines what actually happens ● Match can also be wildcarded, so that you can match against a range of IP or ports ● Action part can be forwarding to a particular interface, dropping the message, change most part of the header ● If the message does not match any flow, it is dropped or SDN controller will be consulted. It can also be redirected to another table
Open vSwitch: Demo
Demo: OVS QoS QoS Administrators might need to restrict bandwidth of the virtual guest depending on the hosting plan or what they pay for # ovs-vsctl set Interface vnet0 ingress_policing_rate=1000 # ovs-vsctl set Interface vnet0 ingress_policing_burst=100 The vnet0 interface in this case in this switch port to which the virtual guest is connected.
Demo: Flow Flow If the incoming packet matches rules, lets take some action on it # ovs-ofctl add-flow bridge “table=0, tcp, nw_proto=6, tp_dst=5001, priority=10, action=drop If a tcp packet destined to port 5001 enters table 0, then the action is to drop the packet
Open vSwitch features Multi-layered switch Better control Summary
Questions? rrajaram@redhat.com Contact:

More Related Content

Open VSwitch .. Use it for your day to day needs

  • 1. Ranjith Rajaram Presented by: Sr. Technical Account Manager, Red Hat Open vSwitch
  • 2. Agenda 1.What is open vSwitch 2. Features of open vSwitch 3. Components of open vSwitch 4. Better alternative for Linux Bridge' 5. Peep into OpenFlow 6. Demo 7.1 QoS 7.2 Flow
  • 3. Open vSwitch and its features
  • 4. Multi layer virtual switch licensed under Apache 2.0 Enables network automation through programmatic extensions Flexible control in user-space Fast Datapath in Kernel Supports monitoring protocols like Netflow, sflow etc Included in Linux 3.3 kernel by default Open vSwitch
  • 5. Visibility into inter VM communication via netflow,sflow Standard 802.1q VLAN model via trunking Per VM interface traffic policing NIC Bonding Openflow protocol support Multiple tunneling protocols like GRE,VxLAN, IPSec, GRE over IPSEC) Open vSwitch: Features http://openvswitch.org/features
  • 7. The main components are: ovs-vswitchd, a daemon that implements the switch, along with a companion Linux kernel module (openswitch_mod.ko) for flow-based switching. Kernel module openswitch_mod.ko ovsdb-server, a lightweight database server that ovs-vswitchd queries to obtain its configuration. OpenVswitch: Components
  • 9. Comparison with Linux Bridge Open vSwitch: Linux Bridge: - Full L2-L4 matching capability - Just a L2 device - Decision in UserSpace - No complexity - ACL's, Qos, Bonding - Simple forwarding - Mobility of state - OpenFlow Controller - distributed vSwitches
  • 11. Peep into OpenFlow ● OpenFlow allows the path of network packets to be setup by software. ● Enabler of 'Software Defined Networking'. ● Standard way to control flow-tables in commercial switches and routers. ● Gives Controller high level access to the datapath routing decisions of a switch ● OpenFlow protocol standards are defined by Open Networking Foundation
  • 13. Openvswitch modes ● Open vSwitch can operate in Normal mode or Flow mode ● In normal mode, it acts as a layer 2 learning switch ● In flow mode, it uses flow tables set by openflow controllers or flows added manually using ovs-ofctl add-flow ● Open vSwitch flow is composed of match and action. ● Flow tables are composed of many flows and are processed in a well defined order using priority and starting from table 0 ● The match part of the flow defines what fields of the packet must match inorder to hit the flow. You can match l2/3/4 frame
  • 14. Openvswitch : Flow contiued ● Once a match is found, action part of a flow defines what actually happens ● Match can also be wildcarded, so that you can match against a range of IP or ports ● Action part can be forwarding to a particular interface, dropping the message, change most part of the header ● If the message does not match any flow, it is dropped or SDN controller will be consulted. It can also be redirected to another table
  • 16. Demo: OVS QoS QoS Administrators might need to restrict bandwidth of the virtual guest depending on the hosting plan or what they pay for # ovs-vsctl set Interface vnet0 ingress_policing_rate=1000 # ovs-vsctl set Interface vnet0 ingress_policing_burst=100 The vnet0 interface in this case in this switch port to which the virtual guest is connected.
  • 17. Demo: Flow Flow If the incoming packet matches rules, lets take some action on it # ovs-ofctl add-flow bridge “table=0, tcp, nw_proto=6, tp_dst=5001, priority=10, action=drop If a tcp packet destined to port 5001 enters table 0, then the action is to drop the packet
  • 18. Open vSwitch features Multi-layered switch Better control Summary

Editor's Notes

  1. Ovs-ofctl add-flow br0 “table=0 dl_src=XXX action=drop”