Slides of open vSwitch used for Fudcon 2015. Main agenda for this talk was.. why openvswitch is a better alternative to Linux bridge and why you should start using it as the bridge for your KVM host.

1. Ranjith Rajaram
Presented by:
Sr. Technical Account Manager, Red Hat
Open vSwitch

2. Agenda
1.What is open vSwitch
2. Features of open vSwitch
3. Components of open vSwitch
4. Better alternative for Linux Bridge'
5. Peep into OpenFlow
6. Demo
7.1 QoS
7.2 Flow

3. Open vSwitch and its features

4. Multi layer virtual switch licensed under Apache
2.0
Enables network automation through
programmatic extensions
Flexible control in user-space
Fast Datapath in Kernel
Supports monitoring protocols like Netflow,
sflow etc
Included in Linux 3.3 kernel by default
Open vSwitch

5. Visibility into inter VM communication via
netflow,sflow
Standard 802.1q VLAN model via trunking
Per VM interface traffic policing
NIC Bonding
Openflow protocol support
Multiple tunneling protocols like GRE,VxLAN,
IPSec, GRE over IPSEC)
Open vSwitch: Features
http://openvswitch.org/features

6. Components of Open vSwitch

7. The main components are:
ovs-vswitchd, a daemon that implements the switch, along with
a companion Linux kernel module (openswitch_mod.ko) for
flow-based switching.
Kernel module openswitch_mod.ko
ovsdb-server, a lightweight database server that ovs-vswitchd
queries to obtain its configuration.
OpenVswitch: Components

8. Better than Linux Bridge

9. Comparison with Linux Bridge
Open vSwitch: Linux Bridge:
- Full L2-L4 matching capability - Just a L2 device
- Decision in UserSpace - No complexity
- ACL's, Qos, Bonding - Simple forwarding
- Mobility of state
- OpenFlow Controller
- distributed vSwitches

10. Open vSwitch: openFlow

11. Peep into OpenFlow
●
OpenFlow allows the path of network packets to be setup by
software.
● Enabler of 'Software Defined Networking'.
● Standard way to control flow-tables in commercial switches
and routers.
● Gives Controller high level access to the datapath routing
decisions of a switch
● OpenFlow protocol standards are defined by Open Networking
Foundation

12. Open vSwitch: Modes

13. Openvswitch modes
●
Open vSwitch can operate in Normal mode or Flow mode
● In normal mode, it acts as a layer 2 learning switch
● In flow mode, it uses flow tables set by openflow controllers
or flows added manually using ovs-ofctl add-flow
● Open vSwitch flow is composed of match and action.
● Flow tables are composed of many flows and are processed in
a well defined order using priority and starting from table 0
● The match part of the flow defines what fields of the packet
must match inorder to hit the flow. You can match l2/3/4 frame

14. Openvswitch : Flow contiued
●
Once a match is found, action part of a flow defines what
actually happens
● Match can also be wildcarded, so that you can match against
a range of IP or ports
● Action part can be forwarding to a particular interface,
dropping the message, change most part of the header
● If the message does not match any flow, it is dropped or SDN
controller will be consulted. It can also be redirected to
another table

15. Open vSwitch: Demo

16. Demo: OVS QoS
QoS
Administrators might need to restrict bandwidth of the virtual guest depending
on the hosting plan or what they pay for
# ovs-vsctl set Interface vnet0 ingress_policing_rate=1000
# ovs-vsctl set Interface vnet0 ingress_policing_burst=100
The vnet0 interface in this case in this switch port to which the virtual
guest is connected.

17. Demo: Flow
Flow
If the incoming packet matches rules, lets take some
action on it
# ovs-ofctl add-flow bridge “table=0, tcp, nw_proto=6,
tp_dst=5001, priority=10, action=drop
If a tcp packet destined to port 5001 enters table 0, then the action is to
drop the packet

18. Open vSwitch features
Multi-layered switch
Better control
Summary

19. Questions?
rrajaram@redhat.com
Contact: