Download as PDF, PPTX
Uploaded byHungWei Chiu
Open vSwitch Introduction
The document provides an introduction to Open vSwitch (OVS) by Hungwei Chiu, explaining its function in networking and its integration with Kubernetes. It details the differences between routers and switches, outlines the TCP/IP model, and discusses the OpenFlow protocol as a communication interface between control and forwarding layers in a software-defined networking architecture. The document also addresses challenges in Kubernetes networking with OVS, including pod communication and policy management.
In this document
Powered by AI
Introduction by HungWei Chiu, covering Open vSwitch and an overview of technical topics to be discussed.
Explains TCP/IP model, differences between routers and switches, and Linux Bridge components affecting container networking.
Details Linux kernel packet processing including net_dev, ARP, and routing tables, along with ARP and forwarding tables.
Overview of controls and commands used in networking such as routing and filtering using tools like iptables.
Introduction to Open vSwitch and OpenFlow, including architecture, flow tables, and the communication model between SDN components.
Describes flow management in Open vSwitch, including examples of packet actions, rules, and how flows are processed.
Functionality of Open vSwitch beyond basic packet switching, including tunneling, QoS, and link aggregation.
Implementation of Open vSwitch in a multi-node context with an OpenFlow controller managing multiple hosts.
Integration of Kubernetes networking with Open vSwitch, challenges faced, and projects enhancing functionality.
Reasons to use Open vSwitch, focusing on performance benefits, DPDK, and networking traffic management capabilities.
Final thoughts on networking skills, the importance of understanding systems, followed by a Q&A session.
More Related Content
![[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN](https://cdn.slidesharecdn.com/ss_thumbnails/openstackteam5interoperabilitywithml2-151221120433-thumbnail.jpg?width=640&height=640&fit=bounds)
![[오픈소스컨설팅]RHEL7/CentOS7 Pacemaker기반-HA시스템구성-v1.0](https://cdn.slidesharecdn.com/ss_thumbnails/rhel-centos7-pacemaker-based-ha-admin-guidev1-151215000535-thumbnail.jpg?width=640&height=640&fit=bounds)
![[MeetUp][1st] 오리뎅이의_쿠버네티스_네트워킹](https://cdn.slidesharecdn.com/ss_thumbnails/3-191024235922-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Open vSwitch Introduction
![SDN Demystified, by Dean Pemberton [APNIC 38]](https://cdn.slidesharecdn.com/ss_thumbnails/sdndemystified1410925639-140917000156-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
Open vSwitch Introduction
- 1.
- 2. Who Am I •HungWei Chiu (hwchiu) • Open Networking Foundation • Member of Technical Staff • https://hwchiu.com • Kubernetes/Container • Networking/Linux/Kernel • Co-Organizer of SDNDS-TW/ CNTUG
- 3. Agenda • What/How • TCP/IPModel • Linux Bridge • What/How • Open vSwitch • Open vSwitch in Kubernetes
- 4.
- 5. Data Link Switch v.sRouter TCP/IP Model Network Transport Application Physical Data Link Physical Data Link Network Physical Data Link Network Transport Application Physical Client Server Switch Router
- 6. Router v.s Switch •Both • Store and forward packets • Network layer • Data Link layer • Router: • Routing table • Routing algorithms • Switch • Switch table • Learning algorithms
- 7.
- 8.
- 9. Data Link Switch v.sRouter TCP/IP Model Network Transport Application Physical Data Link Physical Data Link Network Physical Data Link Network Transport Application Physical Client Server Switch Router eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 Linux Host Container 172.17.8.57 Container to WAN
- 10. Linux Host Switch v.sRouter TCP/IP Model Data Link Network Transport Application Physical Data Link Physical Data Link Network Physical Data Link Network Transport Application Physical Client Server Switch Router Container WAN Linux Bridge Linux Bridge Instances veth function call function call
- 11. Docker eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 LinuxHost Container 172.17.8.57 net_dev Kernel object Packet Linux Bridge br0 • Received Packets • ebtables • iptables • Forward to net_dev (172.17.9.1) Packet: 172.17.8.56 -> 172.17.8.1
- 12. Docker eth0 Linux Bridge br0 Container 172.17.8.1 172.17.8.56 10.1.2.3 LinuxHost Container 172.17.8.57 net_dev Kernel object Linux Kernel • Received Packet • Iptables • Routing tables • ARP tables • Forward to eth0 (10.1.2.3) Packet: 172.17.8.56 -> 172.17.8.1 Packet
- 13. Tables • Arp Table(Learning MAC/IP) • Linux Bridge • Forwarding Table (Forward by MAC) • Netfilter • Iptables (Layer 3, NAT…etc) • Ebtables (Layer 2 filter…etc) • Linux Kernel • Routing table (Routing by IP (Destination/Source))
- 14. Control • Arp • arp •Forwarding • brctl show/brctl showman’s • Routing • route • ip route • netfilter • iptables/ebtables • iptables-save/iptables-restore …etc
- 15. Multiple Nodes Host Agent • NoStandard Protocol Host Agent Host Agent Host Agent Host Controller Agent • Execute commands • API Call (netlink)
- 16.
- 17.
- 18. Openflow • Maintained byOpen Networking Foundation (ONF) • The first standard communication interface defined between control and forwarding layers of an SDN architecture. https://en.wikipedia.org/wiki/OpenFlow
- 19. Openflow controller Openflow Enabled Switch SecurityChannel Flow Table Openflow Enabled Switch Security Channel Flow Table Openflow protocol Architecture
- 20. Format Rule Action Stats •Forward packet to ports • Encapsulate and forward to controller • Modify fields • Normal Pipeline • Extension Packet/Bytes counter Switch Port Layer 2 Header Layer 3 Header Layer 4 Header
- 21. Example Switch Port dst_macLayer 3 Layer 4src_mac Action port 3*** * 00:11:32:…. Switching Switch Port src_ip Layer 4Layer 2 Action port 4*** * Routing dst_ip 140.113.2.4 Switch Port src_ip Layer 4Layer 2 Action drop*1.2.0.0/16* * Firewall dst_ip 140.113.2.4
- 22. Compare • Linux • ArpTable (Learning MAC/IP) • Linux Bridge • Forwarding Table (Forward by MAC) • Netfilter • Iptables (Layer 3, NAT…etc) • Ebtables (Layer 2 filter…etc) • Linux Kernel • Routing table (Routing by IP (Destination/Source)) • Openflow • Rules • Switch Port • Layer 2/3/4 Header • Action • Forward/Drop • Normal Pipeline • Modify fields • …etc • Stats • Counter
- 23.
- 24.
- 25. Flows Switch Port Layer2 Layer 3 Layer 4eth_type Action …*…* Arp ARP Switch Port Layer 3 Header Layer 4 HeaderLayer2 Action • Change src/dst Mac • Forward to port…..…..* * Routing Switch Port Layer 3 Header Layer 4 Action * * NAT * Layer2 ….. ….. • Change src/dst IP • Forward to port
- 26. Open vSwtich • Needto prepare all flow rules • Without Linux Kernel (mostly) • Openflow controller • Program your logic • CLI • Difficult to maintain all logics.
- 27. Other functions • Linux •Tunneling • GRE/VXLAN/GRE/ STT/NVGRE • iptables extension • nfqueue ..etc • 802.1q VLAN • Linux • Link Aggregation with/ without LACP • QoS • Traffic Shaping • Socket Applications • VPN, other networking functions.
- 28.
- 29.
- 30. Kubernetes & Networking •Pod communication • Pod to Pod • Pod to Wan • Service • ClusterIP • NodePort • NetworkPolicy CNI Flannel • Linux Bridge • ARP Table • Routing Table • Iptables Iptables Implemented by CNI.
- 31. Challenge • CNI • Podto Pod • Same Node • Different Node • Overlay ? • Pod to Wan • NAT
- 32. Challenge • Kube-proxy (service) •Monitor service object • Create/Update/Remove rules • Translate policy to OpenFlow rules and apply to all switches. • NetworkPolicy • Monitor network policy object • Create/Update/Remove rules • Translate policy to OpenFlow rules and apply to all switches.
- 33. Challenge • Additional controller •Open vSwitch controller • Openflow • OVSDB • …etc • Kubernetes controller
- 34. Projects • K-vswitch • SONA-CNI •Ovn-kubernetes • ..etc
- 35.
- 36.
- 37.
- 38. Why • Networking performance? •Open vSwitch + DPDK (Kernel Bypass) • Hardware offloading • Service chain? • Rewrite packets header • Redirect packets within different Pods • Networking Traffic Monitor? • Latency • Counters
- 39. K8S Node Pod PodPod eth0 Openflow Switch Openflow Switch Openflow Switch Data network K8S Node Pod Pod Pod eth0 K8S Node Pod Pod Pod eth0 Openflow Controller Reference Architecture
- 40. Do I NeedIt?
- 41. One • Learn howsystem works • Computing/Storage/Networking • Linux • Increase your value • Don’t rely on Framework or Tools • Helm/Operator …etc • Never be the Yaml Engineer
- 42.