Openvswitch Concepts and principles

1 What is Openvswitch

Openvswitch, referred to as OvS, is a virtual switching software that is used primarily for virtual machine VM environments, as a virtual switch that supports Xen/xenserver, KVM, and VirtualBox multiple virtualization technologies.

In this virtualized environment of a single machine, a virtual switch (vswitch) has two main functions: passing traffic between VM VMS and enabling communication between VMs and outside networks.

The entire OvS code is written in C. The following features are currently available:

• Standard 802.1Q VLAN model with trunk and access ports

• nic bonding with or without LACP on upstream switch

• NetFlow, SFlow (R), and mirroring for increased VISIB ility

• QoS (Quality of Service) configuration, plus policing

• GRE, GRE over IPSEC, VXLAN, and LISP tunneling

• 802.1ag connectivity fault management

• OpenFlow 1.0 plus numerous exte Nsions

• Transactional configuration database with C and Python bindings

• High-performance Forwarding using a Linux kernel module

2 Composition of the Openvswitch

• Ovs-vswitchd: Daemon, implements the Exchange function, and the Linux kernel Compatibility module, implements the stream-based exchange flow-based switching.

• Ovsdb-server: A lightweight database service that mainly stores the entire OvS configuration information, including interface, swap, VLAN, etc. OVS-VSWITCHD will work based on the configuration information in the database.

• Ovs-dpctl: A tool used to configure the switch kernel module to control the forwarding rules.

• Ovs-vsctl: The main point is to get or change the configuration information of the OVS-VSWITCHD, which updates the database in Ovsdb-server when the tool is operating.

• Ovs-appctl: Mainly to the OvS daemon to send commands, generally not used.

• Ovsdbmonitor:gui tool to display data information in Ovsdb-server.

• Ovs-controller: A simple OpenFlow controller

• Ovs-ofctl: Used to control the flow table content of OvS as a openflow switch when working.

3 Openvswitch and other vswitch

Other vswitch here include the VMware vnetwork distributed switch and Cisco Nexus 1000V.

The VMware vnetwork distributed switch and Cisco's Cisco Nexus 1000V This virtual switch provides a centralized control approach. While OvS is a standalone vswitch, he runs on every physical machine that implements virtualization and provides remote management. OVS provides two protocols for remote management in virtualized environments: One is OpenFlow, which manages the behavior of the switch through a flow table, and one is Ovsdb management protocol, which exposes the port state of Sietch.

(ii)-Concept and Workflow 1

1 vswitch, Bridge, Datapath

In the network, switches and bridges are the same concept, OvS implements a virtual machine's Ethernet switch, in other words, OvS realizes an Ethernet bridge. So, in OvS, give a switch, or a bridge, with a professional noun called datapath!

To understand how OvS works, you need to know the concept of the bridge first.

Network Bridge is also called a bridge, connected to two LAN devices, bridge work in the data link layer, the two LAN connection, according to the MAC address to forward the frame, can be seen as a "low-level router" (Router working in the network layer, according to IP geology forwarding).

1.1 How the Bridge works

The bridge processing package follows several rules:

• Packets received on an interface will no longer send this package to that interface.

• Each received package learns its source MAC address.

• If the packet is a multicast or broadcast packet (determined by a 2-tier MAC address), it is forwarded to all ports except the receive port, and if the upper-level protocol is interested, the upper processing is also submitted.

• If the address of the packet cannot be found in the cam table, it is forwarded to a port other than the receive port.

• If it can be found in the cam table, it is forwarded to the appropriate port and is not sent if both the send and receive are unified ports.

Note that the bridge is based on 混杂模式工作 . For more information about bridges, please refer to the relevant materials.

Bridge in the 2 OvS

Above, said, a bridge is a switch. In the OvS,

Ovs-vsctl add-br brname (Br-int) [email protected]:~# ifconfig       br-int    Link encap:Ethernet  HWaddr 1a:09:56:ea:0b:49         inet6 addr: fe80::1809:56ff:feea:b49/64 scope:link       UP BROADCAST RUNNING MULTICAST  MTU:1500   Metric:1      RX packets:1584 errors:0 dropped:0  overruns:0 frame:0      tx packets:6 errors:0 dropped:0  overruns:0 carrier:0      collisions:0 txqueuelen:0        RX bytes:316502  (316.5 KB)   TX bytes:468  ( 468.0 B)

When we create a switch (bridge), the network function is not affected at this time, but will produce a virtual network card, the name is Brname, the reason is to generate a virtual network card, is to achieve the next bridge (switch) function. With this switch, I also need to add a port for this switch, a port, a physical network card, when the NIC joins the switch, it works like a port on a normal switch.

Ovs-vsctl Add-port Brname Port

Here to pay special attention, network card after joining the Network Bridge, to follow the work of the Network Bridge standard work, then join a port must be in promiscuous mode work, working in the link layer, processing 2 layers of frames, so this port does not need to configure IP. (You've never seen an exchange port with an IP right)

Then you may ask, the usual switch does not have a management interface, you can telnet to the switch to configure it, then the virtual switch created in the OvS there is wood there, some! Since the creation of the switch Brname created a virtual network port Brname, then, you have configured the virtual network card after the IP, it is equivalent to the switch management interface configured IP, at this time a normal virtual switch is done.

IP address add 192.168.1.1/24 dev brname

Finally, let's take a look at a BR for specific information:

[email protected]:~# ovs-vsctl showbc12c8d2-6900-42dd-9c1c-30e8ecb99a1bbridge  "Br0"      Port  "eth0"         Interface  "eth0"      Port  "Br0"         Interface  "Br0"              type: internalovs_version:  "1.4.0+ Build0 "

First, this shows a bridge called BR0 (switch), the switch has two interfaces, one is eth0, and the other is br0, it says that when creating a bridge will create a bridge name and the same interface, and automatically as a port of the bridge, then the role of this virtual interface, On the one hand, it can be used as the management port of the switch, on the other hand, it realizes the function of the bridge based on this virtual interface.

Concepts and Work Flow 2

This section shows a simple example of a typical workflow that openvswitch in a virtualized environment.

As already mentioned, OvS is primarily used in virtualized environments. The communication between a virtual machine and the outside network is used by the virtual machine, as follows a typical structure diagram:

Then, the usual workflow is as follows:

650) this.width=650; "src=" Http://img.my.csdn.net/uploads/201304/03/1364959886_3705.png "style=" line-height : 29.75px;border:0px;height:auto; "/>

• 1 VM Instance instance generates a packet and sends it to the virtual network interface Vnic within the instance, which is the eth0 in instance.

• 2 This packet is routed to the Vnic interface on the physical node, which is the Vnet interface.

• 3 packets come out of the vnet Nic and reach the bridge (virtual Switch) on the br100.

• 4 packets are processed by the switch, which is emitted from the physical interface on the physical node and eth0 on the physical node.

• 5 when the packet goes out from Eth0, it is operated according to the route on the physical node and the default gateway, and this time the packet is no longer under your control.

This article from "Nicol Lock Silk Sorrow" blog, please make sure to keep this source http://smoke520.blog.51cto.com/9256117/1792983

Openvswitch Concepts and principles