Concept
Many of the concepts on the Web in open vswitch are different from those that are normally touched, here are some of the terms and concepts used in open vswitch.
-
-
Packet (Packet)
-
-
The smallest data unit forwarded by the network, each packet from a port, will eventually be sent to one or more destination ports, the process of forwarding packets is the only function of the network.
-
-
Bridge (Bridge)
-
-
The Network bridge in the Open vswitch corresponds to the physical switch, and its function is to forward packets received from the port to another port or ports according to a certain flow rule.
-
-
Port (Ports)
-
The
-
Port is the unit that is sending and receiving packets. In Open vswitch, each port belongs to a specific network bridge. The packets received by the port are processed by the stream rules and sent to other ports, and the data from the other ports is packets. The open Vswitch supports the following ports:
-
Normal port: The user can bind the network card in the operating system to the open vswitch, and the open vswitch generates a normal port to handle the packets in and out of the NIC.
-
Internal Port: When the set port type is Internal,open vswitch will create a fast virtual network card, all packets received by this port will be given to the network card, the packet sent by the network card through the port to Open VSwitch.
|
when open vswitch creates a A new bridge, a internal port |
-
Patch port is created by default with the same name as the bridge: when there are multiple open vswitch bridges in the machine , you can use patch port to connect two bridges together. Patch ports are always paired, connected on two bridges, exchanging data between two bridges.
|
Patch port is a room term, Refers to the connection card used to switch the network cable. The card above the network to appear in pairs, when the need to connect two devices, only two devices must be connected to the same network port. |
-
Tunnel port: Tunnel Port is a virtual port that supports communication with remote ports located on other locations on the network using tunneling techniques such as GRE or Vxlan.
-
-
Interface (iface/interface)
-
-
An interface is a component of an open vswitch with an externally switched packet. An interface is a network card of the operating system, this network card may be the virtual network card generated by open vswitch, or the physical network card may be mounted on the open vswitch, or the operating system's virtual network card (TUN/TAP) is mounted on the open vswitch.
-
-
Flow (Stream)
-
-
The flow defines the exchange rules for packets between ports. Each stream is divided into two parts: match and action, and the matching section selects which packets need to be processed by this stream, and the action determines how these matched packets are forwarded. The stream describes a port-to-port forwarding rule on a bridge. For example, I can define a stream like this:
from Port A is the matching part, and to Port B is the action part.
The definition of a stream can be very complex, such as:
当数据包来自端口A,并且其源MAC是aa:aa:aa:aa:aa:aa,并且其拥有vlan tag为a,并且其源IP是a.a.a.a,并且其协议是TCP,其TCP源端口号为a,则修改其源IP为b.b.b.b,发往端口B
|
-
-
Datapath
-
-
Because the flow can be very complex, for each incoming packet to try to match all streams, the efficiency is very low, so there is datapath this thing. DataPath is a cache of streams, which saves the execution of the stream and, when the next time a packet is matched to the same stream, is processed directly through the datapath. Considering the forwarding efficiency, the datapath is fully implemented in the kernel state, and the default timeout time is very short, about 3 seconds.
Realize
When an open Vswitch interface receives a packet, it is processed by the described process:
After receiving the packet, will be handed over to the DataPath kernel module processing, when matched to the corresponding datapath will be directly output, if there is no match, will be handed to the user state Ovs-vswitchd query flow, the user state processing, will be processed after the packet output to the correct port, And a new DataPath rule is set, and subsequent packets can be quickly forwarded through the new DataPath rules.
Conclusion
Aside from the flow management, open vswitch works very simple, next time will introduce the use of open vswitch management tools, build a network, and debug the flow and DataPath.
How Open VSwitch Works