This document provides an overview of Open vSwitch, including what it is, its main components, features, and how it can be used to build virtual network topologies. Open vSwitch is a software-defined networking switch that can be used to create virtual networks and handle network traffic between virtual machines and tunnels. It uses a distributed database, ovsdb-server, and a userspace daemon, ovs-vswitchd, to implement features like virtual switching, tunneling protocols, and OpenFlow support. Examples are provided for using Open vSwitch with KVM virtual machines and GRE tunnels to create virtual network topologies.
2. Agenda
What is Virtual Switch?
Virtual Network Topology using OVS
What is Open vSwitch and Features?
The Main Components
Using OVS to build Network Topology
Advanced Examples
Demo
Page 2
3. What is Virtual Switch?
In virtual network, virtual switch acts like an advanced edge
switch for VMs.
Hypervisor
vNIC
VIF
VM
VM
VM
Virtual
Network
(L2)
Virtual Switch
NIC as vSwitch’s
uplink port
Data Flow
Physical Switch
Page 3
5. Virtual Network Topology (2/2)
Another example of Virtual Network Topology in OpenStack
They use Open vSwitch as the solution to deal with the complication in virtual
newtork and multi-tenancy
Page 5
6. What is Open vSwitch?
A software-based solution
Resolve the problems of network separation and traffic
visibility, so the cloud users can be assigned VMs with
elastic and secure network configurations
Flexible Controller in User-Space
Fast Datapath in Kernel
An implementation of Open Flow
Controller
Page 6
7. Open vSwitch Design
Decision about how to process packet made in
userspace
First packet of new flow goes to ovs-vswitchd,
following packets hit cached entry in kernel
Page 7
8. Features
Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and
GRE-tunneled mirrors
LACP (IEEE 802.1AX-2008)
Standard 802.1Q VLAN model with trunking
BFD and 802.1ag link monitoring
STP (IEEE 802.1D-1998)
Fine-grained QoS control
Support for HFSC qdisc
Per VM interface traffic policing
NIC bonding with source-MAC load balancing, active backup, and L4 hashing
OpenFlow protocol support (including many extensions for virtualization)
IPv6 support
Multiple tunneling protocols (GRE, VXLAN, IPsec, GRE and VXLAN over IPsec)
Remote configuration protocol with C and Python bindings
Kernel and user-space forwarding engine options
Multi-table forwarding pipeline with flow-caching engine
Forwarding layer abstraction to ease porting to new software and hardware platforms
The newest version is 2.0
Page 8
11. ovsdb-server
Database that holds switch level configuration
Custom database with nice properties:
Log-based
Speaks OVSDB management protocol(JSON-RPC)
to manager and ovs-vswitchd
Page 11
12. Example: Setup QoS
There are two ways to do that:
Interface Rate Limiting ( on Interface )
For
instance:
– sudo ovs-vsctl set Interface eth1 ingress_policing_rate=10000
– sudo ovs-vsctl set Interface eth1 ingress_policing_burst=1000
Port QoS Policy ( on Port )
For
–
–
–
–
–
–
–
–
–
instance:
sudo ovs-vsctl set port eth1 qos=@newqos
-- --id=@newqos create qos type=linux-htb
other-config:max-rate=200000000 queues=0=@q0,1=@q1
-- --id=@q0 create queue
other-config:min-rate=100000000
other-config:max-rate=100000000
-- --id=@q1 create queue
other-config:min-rate=50000000
other-config:max-rate=50000000
Qos
can have more than 1 queue
Page 12
13. The example of QoS in OVS Database
It is a GUI tool to see the tables in the ovsdb-server
This case is about checking QoS setting
Page 13
14. ovs-vswitchd
Core component in the system:
Communicates with outside world using OpenFlow
Communicates with ovsdb-server using management
protocol (OVSDB)
Communicates with kernel module over netlink
Communicates with the system through netdev abstract
interface
Supports multiple independent datapaths (bridges)
Implements mirroring, bonding, and VLANs through
modifications of the same flow table exposed
through OpenFlow
Page 14
15. OVS Kernel Module: openvswitch_mod.ko
Handles switching and tunneling
Exact-match cache of flows
Designed to be fast and simple
Packet comes in, if found, associated actions
executed and counters updated. Otherwise, sent to
userspace
Does no flow expiration
Knows nothing of OpenFlow
Implements tunnels
Page 15
16. Using OVS to build Network Topology
Physical Machine to Physical Machine
>ovs-vsctl add-br br0
>ovs-vsctl add-port br0 eth0
>ovs-vsctl add-port br0 eth1
Page 16
18. Using OVS to build Network Topology
The profile of the virtual network
Internal port is connected to IP Stack
VMs connect with outside network via vport ( tap virtual
interface )
Page 18
19. Using OVS to build Network Topology
Virtual Machine to Virtual Machine with GRE Tunnel
GRE Tunnel
GRE Tunnel
Page 19
21. Using OVS to build Network Topology
Bridge to Bridge
They need a patch port to communicate with each other
ovs-vsctl add-br br0
ovs-vsctl add-br br1
ovs-vsctl add-port br0 patch-to-br1
ovs-vsctl set interface patch-to-br1type=patch
ovs-vsctl set interface patch-to-br1 options:peer=patch-to-br0
ovs-vsctl add-port br1 patch-to-br0
ovs-vsctl set nterface patch-to-br0type=patch
ovs-vsctl set interface patch-to-br0 options:peer=patch-to-br1
Page 21
22. Demo Topology
The host: OVS1 and OVS2 communicate with each other by GRE Tunnel
The host: KVM will provision a VM guest and communicates with OVS1
and OVS2
Page 22