openvswitch ko minus open vswitch
play

openvswitch.ko minus Open vSwitch Joe Stringer, VMware - PowerPoint PPT Presentation

Feb 13, 2024 •426 likes •755 views

openvswitch.ko minus Open vSwitch Joe Stringer, VMware http://garfieldminusgarfield.net/post/26843739 2 Software-Defined Networking 3 Flows Classify a set of packets that have some common criteria Not all flows are created equal

  1. openvswitch.ko minus Open vSwitch Joe Stringer, VMware

  2. http://garfieldminusgarfield.net/post/26843739 2

  3. Software-Defined Networking 3

  4. Flows Classify a set of packets that have some common criteria ● Not all flows are created equal ● ● Granularity => Power => Performance? ○ If possible, one lookup ● 4

  5. How we described flow-based policy in Linux Generic Netlink Families ● Shared flow table resource (datapath) ● ○ Need a bounding box for which set of flows apply Associate rx/tx ports ● Define the flow ● ○ Packet fields, metadata that can be matched on Describe how to handle packets when flow table empty ● 5

  6. Datapath family datapath0 datapathN Flow Flow Table Table datapath0 datapathN # ovs-dpctl add-dp datapath0 6

  7. Virtual port (vport) family datapath0 Flow Table vport vport tunnel internal netdev device # ovs-dpctl add-if datapath0 <netdev> 7

  8. Flow family Flow datapath in_port(p0), match+actions } eth(), eth_type(0x0806), Flow arp() Table output(p1) Flow mask Masks Flow identifier p0 p1 pN # ovs-dpctl add-flow datapath0 “in_port(0),eth(),eth_type(0x0806),arp()”, 1 8

  9. Flow family: lookup hit 1 Flow Key Table in_port(p0), 2 eth(src=01:23:45:67:89:f0, dst=ff:ff:ff:ff:ff:ff), Matching flow -> actions eth_type(0x0806), arp(sip=192.168.0.1, tip=192.168.0.2,op=1,...), 9

  10. Masked tuple matching (megaflow) eth(src=x,dst=y),ip(dst=1.2.3.0) eth(src=x,dst=y),ip(dst=1.2.3.1) } eth(src=x,dst=y),ip(dst=1.2.3.2) eth(src=x,dst=y),ip(dst=1.2.3.3) eth(src=x/ff:ff:ff:ff:ff:ff,dst=y/ff:ff:ff:ff:ff:ff), ip(dst=1.2.3.0/255.255.255.248) eth(src=x,dst=y),ip(dst=1.2.3.4) eth(src=x,dst=y),ip(dst=1.2.3.5) eth(src=x,dst=y),ip(dst=1.2.3.6) eth(src=x,dst=y),ip(dst=1.2.3.7) 10

  11. Flow family: lookup hit (megaflow) 1 Flow Unmasked key Table in_port(p0), 3 eth(src=01:23:45:67:89:f0, dst=ff:ff:ff:ff:ff:ff), Matching flow -> actions Masked key eth_type(0x0806), arp(sip=192.168.0.1, tip=192.168.0.2,op=1,...), 2 Mask list 11

  12. Flow family: Lookup miss * netlink socket 1 2 3 Key Upcall Flow in_port(1), packet Table eth(), metadata eth_type(0x1234) * netlink socket may be set to ‘0’, indicating default drop 12

  13. Packet family: userspace upcall SDN control User Kernel Flow Downcall Upcall flow key packet mask packet metadata actions metadata actions ufid 13

  14. Packet family: Execute User Kernel Downcall modified packet packet metadata actions 14

  15. OVS Netlink API Summary Datapath family ● Shared flow table ○ Access to stack ○ Place to hang ports ○ Virtual port (vport) family ● Access for rx/tx with the datapath ○ ● Flow family Describe forwarding behavior ○ Packet family ● ○ Handle packet+metadata to/from userspace 15

  16. Notable Megaflows ● Improvements ● Traffic Isolation NetFilter integration ● Recirculation ● 16

  17. Megaflows Optimizations Ktps Flows Masks CPU % (TCP_CRR) (user / kernel) Megaflows disabled 37 1,051,884 1 45 / 40 No optimizations 56 905,758 3 37 / 40 With priority sorting 57 785,124 4 39 / 45 With prefix tracking 95 13 10 0 / 15 With staged lookup 115 14 13 0 / 15 All optimizations 117 15 14 0 / 20 From “The Design and Implementation of OVS”, Ben Pfaff et al., NSDI ’15 17

  18. Notable improvements: Upcall hashing netlink netlink netlink socket socket socket Virtual port 18

  19. Notable improvements: conntrack 2 actions 1 ct() ... NetFilter Flow Table 19

  20. Notable improvements: recirculate 2 actions 1 ct() recirc(0x1) NetFilter Flow 3 Table 20

  21. CLI tools ● openvswitch.ko Open vSwitch (ovs-vswitchd) ● MidoNet ● ● Weave Net Kernel API users Indigo Virtual Switch ● 21

  22. CLI tools - datapath / vport # modprobe openvswitch # ovs-dpctl show # ovs-dpctl add-dp myDP system@myDP: # ip li add dev dummy0 type dummy lookups: hit:0 missed:177 lost:177 # ovs-dpctl add-if myDP dummy0 flows: 0 # ip li add dev dummy1 type dummy masks: hit:0 total:0 hit/pkt:0.00 # ovs-dpctl add-if myDP dummy1 port 0: myDP (internal) port 1: dummy0 port 2: dummy1 22

  23. CLI tools - flow # ovs-dpctl add-flow "in_port(1),eth(),eth_type(0x806),arp()" 2 # ovs-dpctl add-flow "in_port(2),eth(),eth_type(0x806),arp()" 1 # ovs-dpctl add-flow "in_port(1),eth(),eth_type(0x800),ipv4(proto=1),icmp()" 2 # ovs-dpctl add-flow "in_port(2),eth(),eth_type(0x800),ipv4(proto=1),icmp()" 1 # ovs-dpctl dump-flows in_port(2),eth_type(0x0806), packets:0, bytes:0, used:never, actions:1 in_port(1),eth_type(0x0806), packets:0, bytes:0, used:never, actions:2 in_port(2),eth_type(0x0800),ipv4(proto=1), packets:0, bytes:0, used:never, actions:1 in_port(1),eth_type(0x0800),ipv4(proto=1), packets:0, bytes:0, used:never, actions:2 23

  24. Open vSwitch Daemon http://openvswitch.org/assets/featured-image.jpg 24

  25. MidoNet https://www.midonet.org/i/graphic.png 25

  26. Weave Net https://www.weave.works/wp-content/uploads/d989f137a913d15c6ab2afe14149d8acfd180db3.png 26

  27. Indigo Virtual Switch http://www.bigswitch.com/sites/default/files/_/switch_light_archictecture.png 27

  28. Common threads: integration Lightweight Tunneling ● Netfilter ● ● XFRM QoS ● Hardware offloads ● 28

  29. Common threads: complexity Desired configuration is orders of magnitude more complex than kernel API ● Dozens of tables ○ Thousands of priorities ○ Compile hundreds of lookups into a single* lookup ● ○ Lower per-packet costs for complex pipelines * or small integer when subsystem input is required 29

  30. Summary SDN has driven openvswitch.ko development ● logically centralized packet forwarding behaviour ○ OVS Netlink API provides generally useful primitives ● Variety of users ● OVS, MidoNet, WeaveNet, IVS ○ Allows userspace to integrate with other kernel functionality ● Minimize kernel code complexity ● 30

  31. http://garfieldminusgarfield.net/post/37998316 31

  32. fin joe@ovn.org

Recommend

P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture

P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture

P4 and Open vSwitch Ben Pfaff blp@nicira.com Open vSwitch Commiter Open vSwitch Architecture ... VM 1 VM 2 VM n VMs Netlink Hypervisor OVSDB kernel module ovsdb-server ovs-vswitchd user kernel OpenFlow OVSDB NICs Controller

163 views • 13 slides
Open vSwitch: Part 2 Ben Pfaff VMware NSBU What is Open vSwitch? Semi-official description:

Open vSwitch: Part 2 Ben Pfaff VMware NSBU What is Open vSwitch? Semi-official description:

Open vSwitch: Part 2 Ben Pfaff VMware NSBU What is Open vSwitch? Semi-official description: Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive

637 views • 15 slides
Configuring and Benchmarking Open vSwitch, DPDK and vhost-user Pei Zhang ( )

Configuring and Benchmarking Open vSwitch, DPDK and vhost-user Pei Zhang ( )

Configuring and Benchmarking Open vSwitch, DPDK and vhost-user Pei Zhang ( ) pezhang@redhat.com October 26, 2017 Agenda 1. Background 2. Configure Open vSwitch, DPDK and vhost-user 3. Improve network performance 4. Show results

382 views • 25 slides
An Introduction to Open vSwitch LinuxCon Japan, Yokohama Simon Horman &lt;simon@horms.net&gt;

An Introduction to Open vSwitch LinuxCon Japan, Yokohama Simon Horman &lt;simon@horms.net&gt;

An Introduction to Open vSwitch LinuxCon Japan, Yokohama Simon Horman &lt;simon@horms.net&gt; Horms Solutions Ltd., Tokyo 2nd June 2011 Contents Introduction Management and Configuration Basics Examples of Advanced Configuration Open vSwitch

851 views • 36 slides
Open vSwitch: A Whirlwind Tour Jus8n Pe:t March 3, 2011

Open vSwitch: A Whirlwind Tour Jus8n Pe:t March 3, 2011

Open vSwitch: A Whirlwind Tour Jus8n Pe:t March 3, 2011 Overview Visibility (NetFlow, sFlow, SPAN/RSPAN) Fine-grained ACLs and QoS policies

467 views • 17 slides
OVN: Open Virtual Network for Open vSwitch Ben Pfaff (@Ben_Pfaff) Justin Pettit

OVN: Open Virtual Network for Open vSwitch Ben Pfaff (@Ben_Pfaff) Justin Pettit

OVN: Open Virtual Network for Open vSwitch Ben Pfaff (@Ben_Pfaff) Justin Pettit (@Justin_D_Pettit) Virtual Networking Overview Provides a logical network abstraction on top of a physical network VM1 VM2 VMA VMB L-Switch VM1 VM2 VMA

477 views • 25 slides
OVN: Open Virtual Network for Open vSwitch Russell Bryant (@russellbryant) Kyle Mestery

OVN: Open Virtual Network for Open vSwitch Russell Bryant (@russellbryant) Kyle Mestery

OVN: Open Virtual Network for Open vSwitch Russell Bryant (@russellbryant) Kyle Mestery (@mestery) Justin Pettit (@Justin_D_Pettit) Virtual Networking Overview Provides a logical network abstraction on top of a physical network VM1 VM2

584 views • 33 slides
Open vSwitch Jus0n Pe2t and Jesse Gross Linux Collabora0on

Open vSwitch Jus0n Pe2t and Jesse Gross Linux Collabora0on

Open vSwitch Jus0n Pe2t and Jesse Gross Linux Collabora0on Summit April 7, 2011 What is Virtualiza0on? Mul0ple virtual machines on the same

501 views • 19 slides
The Design and Implementation of Open vSwitch Ben Pfaff Justin Pettit Teemu Koponen

The Design and Implementation of Open vSwitch Ben Pfaff Justin Pettit Teemu Koponen

The Design and Implementation of Open vSwitch Ben Pfaff Justin Pettit Teemu Koponen Ethan J. Jackson Andy Zhou Jarno Rajahalme Jesse Gross Alex Wang Jonathan Stringer Pravin Shelar Keith Amidon Martin

573 views • 18 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

429 views • 39 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
Open vSwitch in Neutron Performance Challenges and Hardware O ffl oad Date: Hong Kong, 6th Nov.

Open vSwitch in Neutron Performance Challenges and Hardware O ffl oad Date: Hong Kong, 6th Nov.

Open vSwitch in Neutron Performance Challenges and Hardware O ffl oad Date: Hong Kong, 6th Nov. 2013 Authors: Yongsheng Gong gongysh@unitedstack.com Bo Liang liang.bo@99cloud.net 1 197 Deployments Hyper-V 5% Nicira 5% Brocade 3% big

630 views • 23 slides
Open vSwitch: Extending Networking into the Virtualization Layer Ben Pfaff Justin Pettit Teemu

Open vSwitch: Extending Networking into the Virtualization Layer Ben Pfaff Justin Pettit Teemu

Open vSwitch: Extending Networking into the Virtualization Layer Ben Pfaff Justin Pettit Teemu Koponen Keith Amidon Martin Casado Nicira Networks, Inc. Scott Shenker UC Berkeley, Computer Science Division Outline Virtualization and

208 views • 17 slides
Traffic Monitoring in Open vSwitch An Wang, Yang Guo , Fang Hao, T.V. Lakshman and Songqing Chen

Traffic Monitoring in Open vSwitch An Wang, Yang Guo , Fang Hao, T.V. Lakshman and Songqing Chen

UMON: Flexible and Fine Grained Traffic Monitoring in Open vSwitch An Wang, Yang Guo , Fang Hao, T.V. Lakshman and Songqing Chen NIST Outline Introduction UMON design and implementation Evaluation Summary Credit: An

396 views • 16 slides
Generic Linux Debugging By Ansis Atteka Open vSwitch Team May 17th, 2018 In NSBU we do...

Generic Linux Debugging By Ansis Atteka Open vSwitch Team May 17th, 2018 In NSBU we do...

Generic Linux Debugging By Ansis Atteka Open vSwitch Team May 17th, 2018 In NSBU we do... Network debugging , which is: about using networking Interfaces (NSX Controller REST API, ip-route, OVSDB, tcpdump e.t.c.); very useful at

599 views • 28 slides
OVN: Scaleable Virtual Networking for Open vSwitch Kyle Mestery (@mestery) Justin Pettit

OVN: Scaleable Virtual Networking for Open vSwitch Kyle Mestery (@mestery) Justin Pettit

OVN: Scaleable Virtual Networking for Open vSwitch Kyle Mestery (@mestery) Justin Pettit (@Justin_D_Pettit) The Case for Network Virtualization Network provisioning needs to be self-service. Virtual networking needs to be abstracted

826 views • 37 slides
Open vSwitch Config for libvirt VMs Jonas Andre advised by Johannes Naab Wednesday 9 th January,

Open vSwitch Config for libvirt VMs Jonas Andre advised by Johannes Naab Wednesday 9 th January,

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Open vSwitch Config for libvirt VMs Jonas Andre advised by Johannes Naab Wednesday 9 th January, 2019 Chair of Network Architectures and

311 views • 13 slides
Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch

Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch

Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch instead! Who we are? Jakub Libosvar Software Engineer at Red Hat libosvar@redhat.com Rodolfo Alonso Software Engineer

397 views • 29 slides
Fast Software Cache Design for Network Appliances Dong Zhou, Huacheng Yu, Michael Kaminsky,

Fast Software Cache Design for Network Appliances Dong Zhou, Huacheng Yu, Michael Kaminsky,

Fast Software Cache Design for Network Appliances Dong Zhou, Huacheng Yu, Michael Kaminsky, David G. Andersen Flow Caching in Open vSwitch Microflow Cache Exact Match Single Hash Table 2 Flow Caching in Open vSwitch srcAddr=10.1.2.3,

570 views • 28 slides
Page 1 1 Collision Detection Applications Naive Collision Detection determining if player

Page 1 1 Collision Detection Applications Naive Collision Detection determining if player

University of British Columbia Project 3 CPSC 314 Computer Graphics extra credit explained Jan-Apr 2005 can earn up to 110% of total points Tamara Munzner grading scheme: buckets minus, check-minus, check, check-plus, plus

249 views • 8 slides
VPP: The ultimate NFV vSwitch (and more!)? Franck Baudin, Principal Product Manager - OpenStack

VPP: The ultimate NFV vSwitch (and more!)? Franck Baudin, Principal Product Manager - OpenStack

VPP: The ultimate NFV vSwitch (and more!)? Franck Baudin, Principal Product Manager - OpenStack NFV - Red Hat Uri Elzur, DNSG CTO - Intel OpenStack Summit | Barcelona 2016 Agenda FD.io project and community overview FD.io Vector Packet

680 views • 43 slides
T minus 1 class Homework 10 will be out shortly About 6 questions No more

T minus 1 class Homework 10 will be out shortly About 6 questions No more

T minus 1 class Homework 10 will be out shortly About 6 questions No more homeworks after that! No quiz next week Next class will be review CMSC 203: Lecture 26 Graphs Cont. Special Graphs Complete Graph: K n

409 views • 21 slides
Writing your Natural History Report T-minus 21 days What should you be doing now?

Writing your Natural History Report T-minus 21 days What should you be doing now?

Writing your Natural History Report T-minus 21 days What should you be doing now? Researching your topic Use the library Wikipedia is a good starting place, but not enough by itself Search Google Scholar using keywords on your topic

413 views • 28 slides
Fibonacci Heap Group Minus One Second December 6, 2016 Group Minus One Second Fibonacci Heap

Fibonacci Heap Group Minus One Second December 6, 2016 Group Minus One Second Fibonacci Heap

Introduction Fibonacci Heap Time Complexity Analysis Fibonacci Heap Group Minus One Second December 6, 2016 Group Minus One Second Fibonacci Heap Introduction Fibonacci Heap Time Complexity Analysis Outline Introduction Motivation

848 views • 51 slides

More recommend