1. Virtualized Network with OpenvSwitch
Paul Sim
Cloud Consultant
paul.sim@canonical.com

2. Index
● OpenvSwitch Overview
● OpenvSwitch Architecture
● Configuration
● OpenvSwitch Demo
● Virtual Network with OpenvSwitch
● OpenStack with OpenvSwitch
● Use-case

3. OpenvSwitch Overview
❏ A virtual switch or Virtual Ethernet bridge (VEB)
❏ A key component of networking for virtualized
computing
❏ “Open” vSwitch version of Nicira’s proprietary vSwitch
❏ User-space : configuration, control
❏ Kernel-space : datapath (included in main Linux kernel
since version 3.3)
❏ Cisco Nexus 1000V, VMware vDS, IBM DVS 5000V, MS
Hyper-V vSwitch

4. OpenvSwitch Overview - Features
❏ Visibility into inter-VM communication via NetFlow,
sFlow(R), IPFIX, SPAN, LACP (IEEE 802.1AX-2008)
❏ Standard 802.1Q VLAN model with trunking
❏ STP (IEEE 802.1D-1998), Fine-grained QoS control
❏ NIC bonding with source-MAC load balancing, active
backup, and L4 hashing
❏ OpenFlow protocol support (including many extensions
for virtualization)
❏ Multiple tunneling protocols (VxLAN, Ethernet over
GRE, CAPWAP, IPsec, GRE over IPsec)
http://openvswitch.org/features/

5. OpenvSwitch Overview - Performance

6. OpenvSwitch Architecture
user space
ovs-vsctl
ovsdb-client
ovs-appctl
ovs-dpctl
ovs-brcompatd
Remote
OpenvSwitch db
OVS Management
(JSON RPC)
ovsdb-server
ovs-vswitchd
OpenFlow
Controller
OpenFlow
Kernel space
ovs-ofctl
brcompat.ko
Netlink
openvswitch.ko
Kernel Datapath(Fast Path)
VM
tap
vNIC

7. OpenvSwitch Architecture
VM
VM
vNIC
vNIC
tap1
tap2
Port
Flow table
vnet0
vnet1
Packet flows
br-ovs
bond0
eth0
eth2
eth1
eth2
Bridge
Interface

8. OpenvSwitch Architecture
❏
ovs-vswitchd : a daemon that implements the switch, along with a
companion Linux kernel module for flow-based switching.
❏
ovsdb-server : a lightweight database server that ovs-vswitchd queries to
obtain its configuration.
❏
ovs-vsctl : a utility for querying and updating the configuration of ovsvswitchd.
❏
ovs-dpctl : a tool for configuring and monitoring the switch kernel
module.
❏
ovs-appctl : a utility that sends commands to running Open vSwitch
daemons (ovs-vswitchd).
❏
ovs-controller : a simple OpenFlow controller reference implementation.
❏
brocompat.ko : Linux bridge compatibility module
❏
openvswitch.ko : Open vSwitch switching datapath

9. Configuration
Table
Open_vSwitch
Bridge
Port
Interface
QoS
Purpose
Open vSwitch configuration
Bridge configuration
Port configuration
One physical network device in a Port
Quality of Service configuration
Queue
QoS output queue
Mirror
Port mirroring
Controller
OpenFlow controller configuration
Manager
OVSDB management connection
NetFlow
NetFlow configuration
SSL
sFlow
Capability
SSL configuration
sFlow configuration
Capability configuration
$man ovs-vswitchd.conf.db

10. Configuration sample(1)
~$ sudo ovs-vsctl show
225d73cc-15b3-4db5-9b45-e783f7c49a10
Bridge br-tun
Port "gre-3"
Interface "gre-3"
type: gre
options: {in_key=flow, out_key=flow, remote_ip="
Bridge br-int
192.168.0.10"}
Port "tap1"
Port br-tun
tag: 1
Interface br-tun
Interface "tap1"
type: internal
Port "tap2"
Port patch-int
tag: 1
Interface patch-int
Interface "tap2"
type: patch
Port br-int
options: {peer=patch-tun}
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}

11. Configuration sample(2)
VM
VM
vNIC
vNIC
tap1
tap2
br-int
gre3
patch-tun
patch-int
br-tun
Linux Networking Stack
eth0
External IP
eth1
192.168.0.20
eth2
192.168.10.20
GRE tunnel
192.168.0.10

12. OpenvSwitch Demo - Environment
External network
Switch
eth0
eth0
VM
VM
VM
VM
vNIC
vNIC
vNIC
vNIC
tap1
tap2
tap1
tap2
OpenvSwitch Bridge
gre-1
GRE tunnel
gre-1
OpenvSwitch Bridge
eth1
eth1
Switch
Tunneling network
192.168.0.0/24

13. Virtual Network with OpenvSwitch - OpenStack
External network
eth0
eth0
eth0
eth0
Controller node
Network node
Compute node - 1
Compute node - 2
Nova
Keystone
Neutron - Server
Neutron agent
Neutron agent
Glance
Horizon
Neutron L3-agent
Neutron
OpenvSwitch Plug-in
Neutron
OpenvSwitch Plug-in
Nova compute
Nova compute
eth1
eth2
eth1
eth2
eth1
eth2
Management 192.168.0.0/24
Data 192.168.10.0/24
eth1
eth2

14. Virtual Network with OpenvSwitch - OpenStack
Neutron OpenvSwitch plug-in GRE tunneling
Tunnel <-> compute node - 2
Network node
Compute node - 1
gre-2
gre-2
VM
qr~~~
br-tun
qg~~~
br-tun
tap~~~
VM
tap1
tap2
Tunnel
br-ext
gre-1
br-int
eth0
gre-1
br-int
eth0
❏
❏
❏
qg~~~ : external gateway interface
qr~~~ : virtual router interface
tap~~~ : network service interface (DHCP, DNS and …)

15. Use-case - VMware NSX
VM
VM
VM
VM
VM
VM
vNIC
vNIC
vNIC
vNIC
vNIC
vNIC
OpenFlow
OpenvSwitch
Hypervisor
NSX Controller
Cluster
Hypervisor
NIC
NIC
Switch
❏
❏
❏
❏
Overlay networking
GRE & STT
❏ Centralized Controller
❏ MAC-over-GRE
ARP Proxy : No MAC flooding
Security : OpenvSwitch

16. Use-case - MidoNet
VM
vNIC
VM
vNIC
VM
MidoNet
Agent
VM
vNIC
vNIC
MidoNet
Agent
Distributed
Database
OpenvSwitch
Hypervisor
Hypervisor
NIC
MidoNet
Controller
NIC
Switch
❏
❏
❏
❏
❏
❏
❏
Overlay networking : GRE
L2 ~ L4 (stateful) virtual networking
Virtual Router : for each tenant, provider
Forwarding decision in local
No OpenFlow
Distributed Database
❏ Cassandra : L4 session
❏ Zookeeper : MAC, F/W rules and ...
Latency?

17. Use-case - Pica8
❏
❏
❏
❏
❏
❏
Two running modes : OpenvSwitch mode and L2/L3 mode
Pics OVS : The implementation of OpenvSwitch on Pica8 hardware switch
MPLS, GRE
Standard 802.1Q VLAN model with trunking
link monitoring
NetFlow, sFlow

18. Use-case - Intel DPDK vSwitch
❏
❏
❏
High performance and ultra-low latency packet switching of OpenvSwitch using Intel
DPDK(Data Plane Development Kit) acceleration technology.
DPDK vSwitch suggests modified Qemu and OpenvSwitch.
6WIND clams 6WINDGate shows 10x faster performance than standard OpenvSwitch.
❏
http://www.6wind.com/wp-content/uploads/PDF/prod/6WIND-Virtual-Switch-Product-Brief.pdf