XenServer Network stack Open vswitch mode

In the previous article, we introduced the XenServer Bridge network stack pattern, and now in this document we will cover another open-source network stack pattern supported by XenServer: Open vswitch. XenServer now the version of the deployment is installed by default in open Vswitch mode, if we do not need to do LACP or bind more network cards and the use of distributed switches, it is recommended in the production environment or use the Linux bridge mode.

Open Vswitch is an open-source software Virtual switch for Linux-based virtualization platforms. In essence, Citrix also integrates it into its own xenserver products and supports it strongly. and based on its development of its own virtual distributed switch products available to xenserver use. Starting with XenServer6.0, Citrix takes it as the default network stack mode for XenServer. The Open Vswitch offers a variety of functions similar to that of a hardware switch, and the open Vswitch provides more functionality than bridge, such as VLAN functionality, Port mirroring, and QoS, compared to the Bridge network protocol stack. The specific functions provided by Openvswitch are as follows:

• Netflow:netflow was originally developed by Cisco to monitor network traffic and provide administrators with a visual view of network traffic.

• Sflow:sflow Technology is an open standard technology protocol for monitoring networks, providing administrators with a visual view of network traffic.

• Switched port Analyzer (SPAN): span or port mirroring is used to replicate or mirror packets from one port to another switch. This is typically used for monitoring and scanning purposes, such as deploying a trusted TDA device for network security threat scanning.

• Remote switched Port Analyzer (RSPAN): RSPAN As the name implies is long-range span technology. Using span technology we can send a copy or mirror of some of the switches on the switch to a monitored port (hereinafter referred to as the controlled port) to a traffic analyzer connected to the monitoring port, such as Cisco IDs or a PC with sniffer tools. The controlled ports and monitoring ports can be on the same switch or on different switches (remote span).

• Quality of Service (QoS): QoS (Quality of services, quality of service) refers to a network that can utilize a variety of basic technologies to provide better service capabilities for specified network traffic and is a security mechanism for the network. is a technique used to solve problems such as network latency and blocking.

• Link Aggregation Control Protocol (LACP): Provides the capabilities of the LACP protocol to aggregate multiple physical network interfaces to the peer switch, providing redundant logical links and aggregation of bandwidth.

• OpenFlow Suppor: Allows the control plane of the OpenFlow to abstract our packets from the open vswitch, which is primarily used as a forwarding plane. This feature provides support for virtual switches as Sdn.

• Generic Routing Encapsulation (GRE): GRE is a generic Routing encapsulation protocol that encapsulates datagrams for some network layer protocols so that these encapsulated datagrams can be transmitted over the IPV4 network.

• Vxlan:vxlan (Virtual extensible Local Areanetwork) is a technology that encapsulates two beginning with a three-layer protocol that extends the two-tier network in three-tier scope. The so-called sophomore layer technology.

Here is the key to mention the OpenFlow technology, now more fiery new network architecture Software Definition Network (SDN), now the industry is divided into two major camps in this area to seize the commanding heights, one of the traditional network equipment manufacturers, such as Cisco, they take openflow as the core technology, The control of network equipment is separated from the data plane to realize the flexible control of network traffic, which provides a good platform for the innovation of core network and application. This enables a software-defined network. Another faction is represented by emerging virtualization vendors, such as VMware, which are dominated by overlay technology and hold open banners that do not care about the underlying hardware and are more concerned with how the software defines and controls the network. The two camps have a confrontation and resonance.

Undoubtedly open vswitch is also the OpenFlow technology camp. OpenFlow is a set of protocols and APIs that originate from Stanford University's Ethane project, which implements the idea of a programmable network, and the OpenFlow protocol is the communication protocol between the Controller and the switch, as seen from the SDN architecture. The controller uses the OpenFlow protocol to add, update, and delete stream table entries in the switch. In December 2009, Openflow.org released the 1.0 version of the OpenFlow standard, and in February 2011, Openflow.org continued to release the standard version 1.1, after which ONF was responsible.

Next we first introduce the architecture and components of open vswitch.

In open vswitch, if viewed as a whole, the main simplified structure of open vswitch on the server is as follows:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/78/0C/wKioL1Z0_mLwh4ojAAAfRjuQGCU738.png "title=" 2.png " alt= "Wkiol1z0_mlwh4ojaaafrjuqgcu738.png"/>

It can be understood that the open vswitch mainly contains two parts of controller and DataPath. One of the datapath we translate as a data path is essentially an Ethernet switch.

Among them, the controller layer is a network management layer, unified management and configuration of the following various datapath layer devices. The controller layer can also be tightly integrated with OpenFlow.

Data path The datapath layer is actually a virtual switch device that functions like a traditional switch. A virtual switch in the open vswitch is called a datapath. It is mainly called in the name. In fact, this datapath and bridge almost, the difference is that datapath by the open Vswitch Controller management, support more features. Its main functions are:

Passing traffic between virtual machines

Traffic communication for virtual machines and external networks

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/78/0E/wKiom1Z0_nqA2zR6AAPM_fDoK30979.png "title=" 2.png " alt= "Wkiom1z0_nqa2zr6aapm_fdok30979.png"/>

This figure is from the network

As shown, this diagram shows the specific logical implementation architecture of the Open vswitch. The top-level expression means that the OpenFlow protocol is used to connect to the OpenFlow controller to implement the SDN control plane presence.

This layer in the middle is Openvswitch's own service daemon, etc., mainly operating in domain 0 user space.

• OVS-VSWITCHD: This component is openvswitch in the user space of the daemon, the main implementation of Virtual Switch switching functions. Communicates directly with the kernel module datapath through the NetLink protocol.

• Ovsdb-server:open vswitch database, the main storage openvswitch configuration information, ovs-vswitchd mainly read ovsdb-server inside the saved configuration information to work. Ovs-vswitchd will communicate through UNIX sockets and Ovsdb-server.

The bottom of this layer runs the Open vswitch kernel module Datapath,datapath mainly run in kernel space, is the main application of our configuration packet rules of the program, is responsible for the work of the frontline engineer.

Let's talk about how the open vswitch works.

In the kernel module of the system, the Open vswitch can create multiple "data paths (DataPath)" (This is similar to the Ethernet switch, similar to what we said above), and you can create multiple "vports" (switch ports) in each DataPath.

Each datapath is associated with a flow table, and the flow in these flow tables is the key information that the user space maps based on the header and metadata, and the general operation is to forward the packet to another vport. When a packet arrives at a vport, the kernel module does the processing of extracting key information from its stream and finding the key information in the flow table. When there is a matching stream, it performs the corresponding operation. If there is no match, it will be given to the user state of the OVS-VSWITCHD query flow, after the user state processing, the processed packets will be output to the correct port, and set up a new datapath rules, subsequent packets can be implemented by the new DataPath rules for fast forwarding. The details are as follows:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/78/0C/wKioL1Z0_qjTCBHiAAC0GUNkxcM503.png "title=" 2.png " alt= "Wkiol1z0_qjtcbhiaac0gunkxcm503.png"/>

Pictures from the web

We've spent a certain amount of time on the architecture of Open vswitch and Opne vswitch and how open vswitch works. Next i need to show you how the Open vswitch is combined with the Xen virtualization bottom in Xen or XenServer.

The Opne vswitch device architecture diagram in the Xen environment is shown in the diagram below

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/78/0E/wKiom1Z0_rLxTwQQAACtJ9-Hmjw655.png "title=" 2.png " Width= "509" height= "377" border= "0" hspace= "0" vspace= "0" style= "WIDTH:509PX;HEIGHT:377PX;" alt= "wkiom1z0_ Rlxtwqqaactj9-hmjw655.png "/>

Pictures from the web

As we can see, in a Xen environment, Open Vswitch creates a data path datapath in each Xen host domain 0. It is then managed through a unified controller.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/78/0E/wKiom1Z0_tCCiIIxAAAuzWVNDEY900.png "title=" 2.png " alt= "Wkiom1z0_tcciiixaaauzwvndey900.png"/>

The virtual machine NIC is directly connected to the open vswitch datapath that is the bridge port. After the packet has been forwarded to DataPath, we have the processing mechanism described above to handle the packet. The tap here is a port on the switch.

A network connection in more than one Xen or XenServer host.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/78/0C/wKioL1Z0_vaTUSs6AAFq-XrZob8356.png "title=" 2.png " alt= "Wkiol1z0_vatuss6aafq-xrzob8356.png"/>

In XenServer, Citrix developed a distributed virtual switch based on Openvswitch.

Distributed Virtual Switch Architecture diagram

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/78/0E/wKiom1Z0_v_SGneDAAED4xb1BDo398.png "title=" 2.png " Width= "height=" border= "0" hspace= "0" vspace= "0" style= "width:500px;height:180px;" alt= "wkiom1z0_v_ Sgnedaaed4xb1bdo398.png "/>

In XenServer, the distributed virtual Switch as shown, XenServer has a specially packaged virtual machine, import XenServer as a distributed switch controller, the XenServer on each of the Open Vswitch Network unified management.

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/78/0C/wKioL1Z0_zCRle5tAABJaStjtTU181.png "title=" 2.png " alt= "Wkiol1z0_zcrle5taabjastjttu181.png"/>

This article is from "I take fleeting chaos" blog, please be sure to keep this source http://tasnrh.blog.51cto.com/4141731/1726329

XenServer Network stack Open vswitch mode