SlideShare a Scribd company logo

Layer 3 Tunnel Support for Open vSwitch

Netronome
Netronome

Simon Horman, Netronome, "Layer 3 Tunnel Support for Open vSwitch" from July 14, 2016 at LinuxCon in Tokyo, Japan.

Technology
1 of 24
Download to read offline
© 2016 NETRONOME SYSTEMS, INC. 1© 2016 NETRONOME SYSTEMS, INC. Simon Horman Layer 3 Tunnel Support for Open vSwitch (OVS)
© 2016 NETRONOME SYSTEMS, INC. 2 Motivation Would like to: ▶  Allow rx and tx of packets over tunnels whose payload packet does not have an Ethernet header ▶  Add these features to upstream OVS then offload them
© 2016 NETRONOME SYSTEMS, INC. 3 Importance of Offloading 5 10 15 20 25 30 OVS Kernel Datapath with Netdev to VMs OVS User-Space Datapath with Netdev to VMs 100 Wildcard Rules 1000 Wildcard Rules 10000 Wildcard Rules 64000 Wildcard Rules Packetspersecond(millions) 12 CPU Cores 8 CPU Cores OVS Offload to iNIC with PMD to VMs 1 CPU CoreOVS L2/L3 Forwarding to 8 VMs with 64K Flows OVS Offload to iNIC with Netdev to VMs 1 CPU Core
© 2016 NETRONOME SYSTEMS, INC. 4 Scope Datapaths: ▶  Linux Kernel ▶  User-Space with and without DPDK Encapsulation Protocol: ▶  GRE (non-TEB) (rfc2794): • IP protocols over GRE • MPLS in GRE (rfc4023)
© 2016 NETRONOME SYSTEMS, INC. 5 Background: Tunnel vPorts Encapsulation and decapsulation is handled by output to/input from tunnel vports Not currently exposed in Open-Flow
© 2016 NETRONOME SYSTEMS, INC. 6 Kernel Datapath Tunnel vPorts Kernel Datapath: ▶  On rx tunnel vport decapsulates packet passing the result and metadata to the datapath ▶  On tx tunnel vport encapsulates packet based on metadata
© 2016 NETRONOME SYSTEMS, INC. 7 User-Space Tunnel vPorts Native Tunneling: ▶  Tunnel ingress and egress on separate OvS bridge ▶  Internal rules match ingress and egress packets for tunnel vPorts and apply push and pop tunnel actions accordingly ▶  Like the Kernel Datapath tunnel metadata is: • Available in flow key after decapsulation • Used as parameters for encapsulation
© 2016 NETRONOME SYSTEMS, INC. 8 Layer 3 Tunneling: Basic Concepts Layer 2 and 3 vPorts push_eth and pop_eth datapath actions Datapath Attributes and packet type
© 2016 NETRONOME SYSTEMS, INC. 9 Layer 2 and 3 vPorts Layer 2 or 3 is a mode of vports Default is layer 2: behavior of all vports until now
© 2016 NETRONOME SYSTEMS, INC. 10 pop_eth and push_eth Actions Add or remove an Ethernet header to/from start of packet Packets with a VLAN not currently permitted MPLS is treated as L2.5 and left alone Not currently exposed to OpenFlow: ▶  Automatically included in actions of datapath flow
© 2016 NETRONOME SYSTEMS, INC. 11 Datapath Attributes and Packet Type Presence of ETHERTYPE and ETHERNET attributes indicates L2 packet Presence of ETHERTYPE but not ETHERNET attribute indicates L3 packet ETHERTYPE corresponds to Protocol Type in GRE header
© 2016 NETRONOME SYSTEMS, INC. 12 GRE Header Checksum (optional) Reserved (optional) Protocol TypeVerReserved0C C: Checksum Present Delivery Header Payload Packet
© 2016 NETRONOME SYSTEMS, INC. 13 Operation OvS User-Space (ovs-vswitchd) is aware of which vports are Layer 2 and which are Layer 3 It is aware of the input port for each flow And thus when translating from OpenFlow to datapath flows it can add push_eth and pop_eth actions before output actions as necessary
© 2016 NETRONOME SYSTEMS, INC. 14 Packet Flow Key: eth_type, ... Actions: push_eth, output Layer 3 vPort Layer 2 vPort Key: eth, eth_type, ... Actions: pop_eth, output Layer 2 vPort Layer 3 vPort
© 2016 NETRONOME SYSTEMS, INC. 15 vPort Implementations User-Space (non-Datapath) Kernel Datapath User-Space Datapath
© 2016 NETRONOME SYSTEMS, INC. 16 User-Space (non-Datapath) vPorts vPorts have new layer3 flag to distinguish layer mode vPorts of the same type (e.g. GRE) but different layer mode share the same datapath vport
© 2016 NETRONOME SYSTEMS, INC. 17 Kernel Datapath vPorts Switch to using ipgre rather than gretap netdev in kernel ipgre (and ipvxlan) vports have recently been enhanced to allow rx/tx of TEB as well as non-TEB packets Thus facilitating a single datapath vport for use with both layer 2 and 3 user- space vports This design was motivated by a desire to avoid vport type explosion
© 2016 NETRONOME SYSTEMS, INC. 18 User-Space Datapath vPorts New user-space datapath only NEXT_BASE_LAYER flow key attribute Used to distinguish flows with layer 2 and 3 payload packets
© 2016 NETRONOME SYSTEMS, INC. 19 GRE Header Checksum (optional) Reserved (optional) Protocol TypeVerReserved0C C: Checksum Present Delivery Header Payload Packet
© 2016 NETRONOME SYSTEMS, INC. 20 Configuration Example ovs-vsctl add-port br0 tun1 -- set Interface tun1 type=gre options:remote_ip=10.0.0.2 options:key=flow options:layer3=true
© 2016 NETRONOME SYSTEMS, INC. 21 Future Work Encapsulation Protocols: ▶  MPLS in IP (rfc4023) ▶  MPLS in UDP (rfc7510) ▶  NSH (draft-ietf-sfc-nsh-05) ▶  VXLAN-GPE (draft-ietf-nvo3-vxlan-gpe-02) ▶  LISP (rfc6830)
© 2016 NETRONOME SYSTEMS, INC. 22 Credits Many, including: ▶  Lorand Jakub, Thomas Morin: Original implementation ▶  Jiri Benc: Kernel Tunnel Enhancements
© 2016 NETRONOME SYSTEMS, INC. 23 Availability Open vSwitch (User-Space): ▶  https://github.com/horms/openvswitch l3-vpn Kernel (Datapath): ▶  https://github.com/horms/linux l3-vpn Working towards upstream merge!
© 2016 NETRONOME SYSTEMS, INC. 24© 2016 NETRONOME SYSTEMS, INC. Simon Horman Thank You

Recommended

SoC Solutions Enabling Server-Based Networking
SoC Solutions Enabling Server-Based NetworkingSoC Solutions Enabling Server-Based Networking
SoC Solutions Enabling Server-Based Networking
Netronome
 
Design, Verification and Emulation of an Island-Based Network Flow Processor
Design, Verification and Emulation of an Island-Based Network Flow ProcessorDesign, Verification and Emulation of an Island-Based Network Flow Processor
Design, Verification and Emulation of an Island-Based Network Flow Processor
Netronome
 
The Need for Complex Analytics from Forwarding Pipelines
The Need for Complex Analytics from Forwarding Pipelines The Need for Complex Analytics from Forwarding Pipelines
The Need for Complex Analytics from Forwarding Pipelines
Netronome
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsLeveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Netronome
 
Using Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationUsing Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking Acceleration
Netronome
 
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server ArchitectureUsing Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
Netronome
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PROIDEA
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW Offloads
Netronome
 

Recommended

SoC Solutions Enabling Server-Based Networking
SoC Solutions Enabling Server-Based NetworkingSoC Solutions Enabling Server-Based Networking
SoC Solutions Enabling Server-Based Networking
Netronome
 
Design, Verification and Emulation of an Island-Based Network Flow Processor
Design, Verification and Emulation of an Island-Based Network Flow ProcessorDesign, Verification and Emulation of an Island-Based Network Flow Processor
Design, Verification and Emulation of an Island-Based Network Flow Processor
Netronome
 
The Need for Complex Analytics from Forwarding Pipelines
The Need for Complex Analytics from Forwarding Pipelines The Need for Complex Analytics from Forwarding Pipelines
The Need for Complex Analytics from Forwarding Pipelines
Netronome
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsLeveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Netronome
 
Using Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking AccelerationUsing Agilio SmartNICs for OpenStack Networking Acceleration
Using Agilio SmartNICs for OpenStack Networking Acceleration
Netronome
 
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server ArchitectureUsing Network Acceleration for an Optimized Edge Cloud Server Architecture
Using Network Acceleration for an Optimized Edge Cloud Server Architecture
Netronome
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PROIDEA
 
DPDK Support for New HW Offloads
DPDK Support for New HW OffloadsDPDK Support for New HW Offloads
DPDK Support for New HW Offloads
Netronome
 
Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network design
Alexander Petrovskiy
 
Scaleway Approach to VXLAN EVPN Fabric
Scaleway Approach to VXLAN EVPN FabricScaleway Approach to VXLAN EVPN Fabric
Scaleway Approach to VXLAN EVPN Fabric
Scaleway
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
Cumulus Networks
 
OCP U.S. Summit 2017 Presentation
OCP U.S. Summit 2017 PresentationOCP U.S. Summit 2017 Presentation
OCP U.S. Summit 2017 Presentation
Netronome
 
IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44
Jisc
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
Krunal Shah
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
Cumulus Networks
 
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Cloud Native Day Tel Aviv
 
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
Indonesia Network Operators Group
 
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND
 
Cisco data center training for ibm
Cisco data center training for ibmCisco data center training for ibm
Cisco data center training for ibm
Christian Silva Espinoza
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 Overview
Cumulus Networks
 
From virtual to high end HW routing for the adult
From virtual to high end HW routing for the adultFrom virtual to high end HW routing for the adult
From virtual to high end HW routing for the adult
MarketingArrowECS_CZ
 
Summit 16: Achieving Low Latency Network Function with Opnfv
Summit 16: Achieving Low Latency Network Function with OpnfvSummit 16: Achieving Low Latency Network Function with Opnfv
Summit 16: Achieving Low Latency Network Function with Opnfv
OPNFV
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Michelle Holley
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
Cumulus Networks
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
APNIC
 
Summit 16: Optimizing OPNFV for Distributed NFV Applications
Summit 16: Optimizing OPNFV for Distributed NFV ApplicationsSummit 16: Optimizing OPNFV for Distributed NFV Applications
Summit 16: Optimizing OPNFV for Distributed NFV Applications
OPNFV
 
DPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and DemonstrationDPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and Demonstration
OPNFV
 
NFV в сетях операторов связи
NFV в сетях операторов связиNFV в сетях операторов связи
NFV в сетях операторов связи
TERMILAB. Интернет - лаборатория
 
Network Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge RoutersNetwork Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge Routers
Ankur Singhal
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
openflow
 

More Related Content

What's hot

Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network design
Alexander Petrovskiy
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
Krunal Shah
 

What's hot (20)

Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network design
 
Scaleway Approach to VXLAN EVPN Fabric
Scaleway Approach to VXLAN EVPN FabricScaleway Approach to VXLAN EVPN Fabric
Scaleway Approach to VXLAN EVPN Fabric
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
 
OCP U.S. Summit 2017 Presentation
OCP U.S. Summit 2017 PresentationOCP U.S. Summit 2017 Presentation
OCP U.S. Summit 2017 Presentation
 
IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44IPv6 at Mythic Beasts - Networkshop44
IPv6 at Mythic Beasts - Networkshop44
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
 
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
Erez Cohen & Aviram Bar Haim, Mellanox - Enhancing Your OpenStack Cloud With ...
 
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
 
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
6WIND - SPEED MATTERS: The Challenge 2014 Contest Winners
 
Cisco data center training for ibm
Cisco data center training for ibmCisco data center training for ibm
Cisco data center training for ibm
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 Overview
 
From virtual to high end HW routing for the adult
From virtual to high end HW routing for the adultFrom virtual to high end HW routing for the adult
From virtual to high end HW routing for the adult
 
Summit 16: Achieving Low Latency Network Function with Opnfv
Summit 16: Achieving Low Latency Network Function with OpnfvSummit 16: Achieving Low Latency Network Function with Opnfv
Summit 16: Achieving Low Latency Network Function with Opnfv
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
Summit 16: Optimizing OPNFV for Distributed NFV Applications
Summit 16: Optimizing OPNFV for Distributed NFV ApplicationsSummit 16: Optimizing OPNFV for Distributed NFV Applications
Summit 16: Optimizing OPNFV for Distributed NFV Applications
 
DPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and DemonstrationDPACC Acceleration Progress and Demonstration
DPACC Acceleration Progress and Demonstration
 
NFV в сетях операторов связи
NFV в сетях операторов связиNFV в сетях операторов связи
NFV в сетях операторов связи
 

Similar to Layer 3 Tunnel Support for Open vSwitch

Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
igede tirtanata
 

Similar to Layer 3 Tunnel Support for Open vSwitch (20)

Network Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge RoutersNetwork Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge Routers
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
 
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...
 
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
Excitingly simple multi-path OpenStack networking: LAG-less, L2-less, yet ful...
 
Module 1 slides
Module 1 slidesModule 1 slides
Module 1 slides
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
 
[Retired] routing on the host an introduction – cumulus networks® knowledge ...
[Retired] routing on the host an introduction – cumulus networks® knowledge ...[Retired] routing on the host an introduction – cumulus networks® knowledge ...
[Retired] routing on the host an introduction – cumulus networks® knowledge ...
 
vPC techonology for full ha from dc core to baremetel server.
vPC techonology for full ha from dc core to baremetel server.vPC techonology for full ha from dc core to baremetel server.
vPC techonology for full ha from dc core to baremetel server.
 
The new imperative in the data center with workload centric networking
The new imperative in the data center with workload centric networkingThe new imperative in the data center with workload centric networking
The new imperative in the data center with workload centric networking
 
2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
 
Packet Guide SONET/SDH
Packet Guide SONET/SDHPacket Guide SONET/SDH
Packet Guide SONET/SDH
 
Automating linux network performance testing
Automating linux network performance testingAutomating linux network performance testing
Automating linux network performance testing
 
6LoWPAN: An open IoT Networking Protocol
6LoWPAN: An open IoT Networking Protocol6LoWPAN: An open IoT Networking Protocol
6LoWPAN: An open IoT Networking Protocol
 
Ocpeu14
Ocpeu14Ocpeu14
Ocpeu14
 
6LoWPAN: An Open IoT Networking Protocol
6LoWPAN: An Open IoT Networking Protocol6LoWPAN: An Open IoT Networking Protocol
6LoWPAN: An Open IoT Networking Protocol
 
vPC_Final
vPC_FinalvPC_Final
vPC_Final
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networking
 
configuration of switch campus network
configuration of switch campus networkconfiguration of switch campus network
configuration of switch campus network
 
Computer Network - Network Layer
Computer Network - Network LayerComputer Network - Network Layer
Computer Network - Network Layer
 

More from Netronome

ODSA Sub-Project Launch
ODSA Sub-Project Launch ODSA Sub-Project Launch
ODSA Sub-Project Launch
Netronome
 
Unifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFUnifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPF
Netronome
 
Offloading Linux LAG Devices Via Open vSwitch and TC
Offloading Linux LAG Devices Via Open vSwitch and TCOffloading Linux LAG Devices Via Open vSwitch and TC
Offloading Linux LAG Devices Via Open vSwitch and TC
Netronome
 
eBPF Debugging Infrastructure - Current Techniques
eBPF Debugging Infrastructure - Current TechniqueseBPF Debugging Infrastructure - Current Techniques
eBPF Debugging Infrastructure - Current Techniques
Netronome
 
Efficient JIT to 32-bit Arches
Efficient JIT to 32-bit ArchesEfficient JIT to 32-bit Arches
Efficient JIT to 32-bit Arches
Netronome
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP
Netronome
 

More from Netronome (20)

Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
Disaggregation a Primer: Optimizing design for Edge Cloud & Bare Metal applic...
 
LFSMM AF XDP Queue I-DS
LFSMM AF XDP Queue I-DSLFSMM AF XDP Queue I-DS
LFSMM AF XDP Queue I-DS
 
LFSMM Verifier Optimizations and 1 M Instructions
LFSMM Verifier Optimizations and 1 M InstructionsLFSMM Verifier Optimizations and 1 M Instructions
LFSMM Verifier Optimizations and 1 M Instructions
 
Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports
 
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware OffloadsQuality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
 
ODSA Sub-Project Launch
ODSA Sub-Project Launch ODSA Sub-Project Launch
ODSA Sub-Project Launch
 
Flexible and Scalable Domain-Specific Architectures
Flexible and Scalable Domain-Specific ArchitecturesFlexible and Scalable Domain-Specific Architectures
Flexible and Scalable Domain-Specific Architectures
 
Unifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFUnifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPF
 
Massively Parallel RISC-V Processing with Transactional Memory
Massively Parallel RISC-V Processing with Transactional MemoryMassively Parallel RISC-V Processing with Transactional Memory
Massively Parallel RISC-V Processing with Transactional Memory
 
Offloading Linux LAG Devices Via Open vSwitch and TC
Offloading Linux LAG Devices Via Open vSwitch and TCOffloading Linux LAG Devices Via Open vSwitch and TC
Offloading Linux LAG Devices Via Open vSwitch and TC
 
eBPF Debugging Infrastructure - Current Techniques
eBPF Debugging Infrastructure - Current TechniqueseBPF Debugging Infrastructure - Current Techniques
eBPF Debugging Infrastructure - Current Techniques
 
Efficient JIT to 32-bit Arches
Efficient JIT to 32-bit ArchesEfficient JIT to 32-bit Arches
Efficient JIT to 32-bit Arches
 
eBPF & Switch Abstractions
eBPF & Switch AbstractionseBPF & Switch Abstractions
eBPF & Switch Abstractions
 
eBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging InfrastructureeBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging Infrastructure
 
BPF Hardware Offload Deep Dive
BPF Hardware Offload Deep DiveBPF Hardware Offload Deep Dive
BPF Hardware Offload Deep Dive
 
Demystify eBPF JIT Compiler
Demystify eBPF JIT CompilerDemystify eBPF JIT Compiler
Demystify eBPF JIT Compiler
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP
 
P4 Introduction
P4 Introduction P4 Introduction
P4 Introduction
 
Host Data Plane Acceleration: SmartNIC Deployment Models
Host Data Plane Acceleration: SmartNIC Deployment ModelsHost Data Plane Acceleration: SmartNIC Deployment Models
Host Data Plane Acceleration: SmartNIC Deployment Models
 
The Power of SmartNICs
The Power of SmartNICsThe Power of SmartNICs
The Power of SmartNICs
 

Recently uploaded

Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
UK Journal
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Recently uploaded (20)

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 

Layer 3 Tunnel Support for Open vSwitch

  • 1. © 2016 NETRONOME SYSTEMS, INC. 1© 2016 NETRONOME SYSTEMS, INC. Simon Horman Layer 3 Tunnel Support for Open vSwitch (OVS)
  • 2. © 2016 NETRONOME SYSTEMS, INC. 2 Motivation Would like to: ▶  Allow rx and tx of packets over tunnels whose payload packet does not have an Ethernet header ▶  Add these features to upstream OVS then offload them
  • 3. © 2016 NETRONOME SYSTEMS, INC. 3 Importance of Offloading 5 10 15 20 25 30 OVS Kernel Datapath with Netdev to VMs OVS User-Space Datapath with Netdev to VMs 100 Wildcard Rules 1000 Wildcard Rules 10000 Wildcard Rules 64000 Wildcard Rules Packetspersecond(millions) 12 CPU Cores 8 CPU Cores OVS Offload to iNIC with PMD to VMs 1 CPU CoreOVS L2/L3 Forwarding to 8 VMs with 64K Flows OVS Offload to iNIC with Netdev to VMs 1 CPU Core
  • 4. © 2016 NETRONOME SYSTEMS, INC. 4 Scope Datapaths: ▶  Linux Kernel ▶  User-Space with and without DPDK Encapsulation Protocol: ▶  GRE (non-TEB) (rfc2794): • IP protocols over GRE • MPLS in GRE (rfc4023)
  • 5. © 2016 NETRONOME SYSTEMS, INC. 5 Background: Tunnel vPorts Encapsulation and decapsulation is handled by output to/input from tunnel vports Not currently exposed in Open-Flow
  • 6. © 2016 NETRONOME SYSTEMS, INC. 6 Kernel Datapath Tunnel vPorts Kernel Datapath: ▶  On rx tunnel vport decapsulates packet passing the result and metadata to the datapath ▶  On tx tunnel vport encapsulates packet based on metadata
  • 7. © 2016 NETRONOME SYSTEMS, INC. 7 User-Space Tunnel vPorts Native Tunneling: ▶  Tunnel ingress and egress on separate OvS bridge ▶  Internal rules match ingress and egress packets for tunnel vPorts and apply push and pop tunnel actions accordingly ▶  Like the Kernel Datapath tunnel metadata is: • Available in flow key after decapsulation • Used as parameters for encapsulation
  • 8. © 2016 NETRONOME SYSTEMS, INC. 8 Layer 3 Tunneling: Basic Concepts Layer 2 and 3 vPorts push_eth and pop_eth datapath actions Datapath Attributes and packet type
  • 9. © 2016 NETRONOME SYSTEMS, INC. 9 Layer 2 and 3 vPorts Layer 2 or 3 is a mode of vports Default is layer 2: behavior of all vports until now
  • 10. © 2016 NETRONOME SYSTEMS, INC. 10 pop_eth and push_eth Actions Add or remove an Ethernet header to/from start of packet Packets with a VLAN not currently permitted MPLS is treated as L2.5 and left alone Not currently exposed to OpenFlow: ▶  Automatically included in actions of datapath flow
  • 11. © 2016 NETRONOME SYSTEMS, INC. 11 Datapath Attributes and Packet Type Presence of ETHERTYPE and ETHERNET attributes indicates L2 packet Presence of ETHERTYPE but not ETHERNET attribute indicates L3 packet ETHERTYPE corresponds to Protocol Type in GRE header
  • 12. © 2016 NETRONOME SYSTEMS, INC. 12 GRE Header Checksum (optional) Reserved (optional) Protocol TypeVerReserved0C C: Checksum Present Delivery Header Payload Packet
  • 13. © 2016 NETRONOME SYSTEMS, INC. 13 Operation OvS User-Space (ovs-vswitchd) is aware of which vports are Layer 2 and which are Layer 3 It is aware of the input port for each flow And thus when translating from OpenFlow to datapath flows it can add push_eth and pop_eth actions before output actions as necessary
  • 14. © 2016 NETRONOME SYSTEMS, INC. 14 Packet Flow Key: eth_type, ... Actions: push_eth, output Layer 3 vPort Layer 2 vPort Key: eth, eth_type, ... Actions: pop_eth, output Layer 2 vPort Layer 3 vPort
  • 15. © 2016 NETRONOME SYSTEMS, INC. 15 vPort Implementations User-Space (non-Datapath) Kernel Datapath User-Space Datapath
  • 16. © 2016 NETRONOME SYSTEMS, INC. 16 User-Space (non-Datapath) vPorts vPorts have new layer3 flag to distinguish layer mode vPorts of the same type (e.g. GRE) but different layer mode share the same datapath vport
  • 17. © 2016 NETRONOME SYSTEMS, INC. 17 Kernel Datapath vPorts Switch to using ipgre rather than gretap netdev in kernel ipgre (and ipvxlan) vports have recently been enhanced to allow rx/tx of TEB as well as non-TEB packets Thus facilitating a single datapath vport for use with both layer 2 and 3 user- space vports This design was motivated by a desire to avoid vport type explosion
  • 18. © 2016 NETRONOME SYSTEMS, INC. 18 User-Space Datapath vPorts New user-space datapath only NEXT_BASE_LAYER flow key attribute Used to distinguish flows with layer 2 and 3 payload packets
  • 19. © 2016 NETRONOME SYSTEMS, INC. 19 GRE Header Checksum (optional) Reserved (optional) Protocol TypeVerReserved0C C: Checksum Present Delivery Header Payload Packet
  • 20. © 2016 NETRONOME SYSTEMS, INC. 20 Configuration Example ovs-vsctl add-port br0 tun1 -- set Interface tun1 type=gre options:remote_ip=10.0.0.2 options:key=flow options:layer3=true
  • 21. © 2016 NETRONOME SYSTEMS, INC. 21 Future Work Encapsulation Protocols: ▶  MPLS in IP (rfc4023) ▶  MPLS in UDP (rfc7510) ▶  NSH (draft-ietf-sfc-nsh-05) ▶  VXLAN-GPE (draft-ietf-nvo3-vxlan-gpe-02) ▶  LISP (rfc6830)
  • 22. © 2016 NETRONOME SYSTEMS, INC. 22 Credits Many, including: ▶  Lorand Jakub, Thomas Morin: Original implementation ▶  Jiri Benc: Kernel Tunnel Enhancements
  • 23. © 2016 NETRONOME SYSTEMS, INC. 23 Availability Open vSwitch (User-Space): ▶  https://github.com/horms/openvswitch l3-vpn Kernel (Datapath): ▶  https://github.com/horms/linux l3-vpn Working towards upstream merge!
  • 24. © 2016 NETRONOME SYSTEMS, INC. 24© 2016 NETRONOME SYSTEMS, INC. Simon Horman Thank You