Thursday, March 12, 2015

Network Virtualization for OVS (Open vSwitch) - Open Virtual Network

Open vSwitch is a open source virtual switch that provide logical switching on hypervisors similar to the VMware vSwitch and the Cisco Nexus 1000V. Full feature of Open vSwitch can be found here.  We can find good resource on Open vSwitch here and here

Open vSwitch has 3 main components:
  • ovsdv-vswitchd
  • ovsdb-server
  • Kernel module
image source: http://www.jedelman.com/uploads/9/7/8/6/9786883/8614557.jpg?531

This diagram explain the operation of Open vSwitch very well.  Visually we can see the various components in a physical host (a picture is worth a thousand words).

image source: https://networkheresy.files.wordpress.com/2011/06/screen-shot-2011-06-05-at-6-44-32-pm.png

When we look at the features supported by Open vSwitch (OVS), we see that the list is very comprehensive for a switch.  (note: a switch is for layer 2 switching, check out my other post if you are not familiar with the 7 Layers of the OSI model).  There are 2 features on the list that makes OVS a good tool for OpenStack.  The 2 features are:
  1. OpenFlow protocol support
  2. Multiple tunneling protocols (GRE, VXLAN, IPsec, GRE and VXLAN over IPsec)
According to this article, OVS is the most popular plugin for OpenStack.

Open Virtual Network
On Jan 13, 2015, it was announced that a new sub-project was created under the OVS project - Open Virtual Network (OVN).

The main idea of Open Virtual Network is provide a lightweight control plane that provides native support for common virtual networking abstractions.  

Open Virtual Network (OVN) will include:
  • logical switches and routers,
  • security groups, and
  • L2/L3/L4 ACLs,
and they are to be implemented on top of a an overly network such as VXLAN, NVGRE or GENEVE.   This is  most suitable to integrate with OpenStack Neutron as a plugin.


This article further explain that OVN provide Neutron with improved data plane performance through shortcut, distributed logical L3 processing and in-kernel based security groups, without running special OpenStack agents on hypervisors. Lastly, it will provide a scale-out and highly available gateway solution responsible for bridging from logical into physical space.

OVN will also work with Linux container systems.  Containers are also widely deployed in the OpenStack platforms. I also had a blog post on this topic on my OpenStack for Beginners series.

Open Virtual Network Architecture
Open Virtual Network builds on top of OVS and has the following layers:
  1. Open vSwitch
  2. OVN Controller
  3. OVN Database
Detail of the OVN architecture can be found in this OVN Architectural Guide.

1. Open vSwitch
As Open Virtual Network is a sub-project OVS and is therefore a natural layer for the foundation.  OVS has special extension for OpenFlow support and thus OVN is tailor to how OVS used OpenFlow.  OVN may not work with other OpenFlow implementation.

OVN used the OVS integration guide (IntegrationGuide.md) in the OVS repository.  This defines the interaction between the OVN controller and the hypervisor or container that used the OVS.

2. OVN Controller
This controller resides on each hypervisor and is not a centralized model that is popular on most SDN implementation.  The OVN controller runs on the hypervisor or host as a daemon.  The OVN controller on the southbound interface with the ovs-switchd using the OpenFlow protocol and the ovsdb-server using the OSVDB protocol. And on the northbound interfaces with the OVN Database using the OSVDB protocol.

This diagram is taken from the OVN Architecture Guide:
                             OVN Database
                                    |
                                    |
                          (OVSDB Protocol)
                                    |
   +-------------------------------------------------------------------+
   |                                |                                  |
   |                                |                                  |
   |                           ovn-controller                          |
   |                              |     |                              |
   |                              |     |                              |
   |               +--------------+     +--------------+               |
   |               |                                   |               |
   |               |                                   |               |
   |       (OVSDB Protocol)                       (OpenFlow)           |
   |               |                                   |               |
   |               |                                   |               |
   |         ovsdb-server                         ovs-vswitchd         |
   |                                                                   |
   +---------------------------- Hypervisor ---------------------------+

3. OVN Database
At this initial state of OVN, OVSDB is being used as the OVN Database. One of the design goal for the OVN Database is high availability but the ovsdb-server does not support clustering and it is important to resolve this issue as the OVN is supported to be a production ready feature.

This OVN Database stores 3 types of information:
  1. Physical Network Information
  2. Logical Network Information
  3. Binding (logical element location, logical port and MAC address association)
Cloud Management System
Open Virtual Network requires a Cloud Management System such as OpenStack to function.  There is a plugin available for OpenStack and OVN integration.  This plugin translate the Cloud Management System configuration into the OVN Logical network information (in the form of logical data path flows) that are stored in the OVN Database.

More to come in the near future
Hopefully, we can see more development of this Open Virtual Network soon and if I am able to attend the OpenStack Vancouver summit I will certainly gather more information in this area and share them in this blog.

Reference:
"Features." Features. N.p., n.d. Web. 12 Mar. 2015.
 "OVN, Bringing Native Virtual Networking to OVS." Network Heresy. N.p., 13 Jan. 2015. Web. 12 Mar. 2015.


5 comments:

  1. I am very glad to read this nice article. I am happy that you made this concept very clear in front of people and to be very frank this is useful information too. Keep it up. http://goo.gl/Tc5L9j

    ReplyDelete
  2. creativity of writer is purely impressive. It has touched to the level of expertise with his writing. Everything is up to the mark. Written perfectly and I can use such information for my coming assignment.APC KVM USB

    ReplyDelete
  3. Good article regarding various technologies like security, networking, cloud etc. Virtualisation is also described in a good way. Easy to understand.

    ReplyDelete
  4. I appreciate your valuable information.I think virtualization is a great way to deal with applications that require their own machine, and does not run well with others on the same OS.thanks for sharing useful content
    virtualization training course

    ReplyDelete
  5. Really I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. read more

    ReplyDelete