Scribd Logo
Upload

Welcome to Scribd!

  • 124 views

    QOS Openvswitch - en

    Uploaded by

    Steve Nguyen
    Open vSwitch provides a flexible software-defined networking solution for virtualized environments. It separates the data plane in the kernel from the control plane in userspace. This allows for network scalability improvements like migration without IP address changes using GRE tunnels. While Open vSwitch currently supports basic QoS features like interface rate limiting and port queues, there is still work to be done in areas like extended VLAN support and improving the QoS controller.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd

    QOS Openvswitch - en

    Uploaded by

    Steve Nguyen
    124 views27 pages
    Open vSwitch provides a flexible software-defined networking solution for virtualized environments. It separates the data plane in the kernel from the control plane in userspace. This allows for network scalability improvements like migration without IP address changes using GRE tunnels. While Open vSwitch currently supports basic QoS features like interface rate limiting and port queues, there is still work to be done in areas like extended VLAN support and improving the QoS controller.

    Original Title

    QOS Openvswitch.en

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Open vSwitch provides a flexible software-defined networking solution for virtualized environments. It separates the data plane in the kernel from the control plane in userspace. This allows for network scalability improvements like migration without IP address changes using GRE tunnels. While Open vSwitch currently supports basic QoS features like interface rate limiting and port queues, there is still work to be done in areas like extended VLAN support and improving the QoS controller.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    124 views27 pages

    QOS Openvswitch - en

    Uploaded by

    Steve Nguyen
    Open vSwitch provides a flexible software-defined networking solution for virtualized environments. It separates the data plane in the kernel from the control plane in userspace. This allows for network scalability improvements like migration without IP address changes using GRE tunnels. While Open vSwitch currently supports basic QoS features like interface rate limiting and port queues, there is still work to be done in areas like extended VLAN support and improving the QoS controller.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 27

    Open vSwitch QoS

    Netlter Workshop, Seville, Spain

    Simon Horman <[email protected]> Horms Solutions Ltd., Tokyo

    October 2010

    Open vSwitch

    Server
    Open vSwitch Datapath Open vSwitch Controller

    Flexibility for Networking in Virtualised Environments Flexible Controller in User-Space Fast Datapath in Kernel

    Open vSwitch Availability

    Available from openvswitch.org Development code is available in git Announce, discussion and development mailing lists User-space (controller and tools) is under the Apache license Kernel (datapath) is under the GPLv2 Shared headers are dual-licensed

    Open vSwitch Concepts

    A switch contains ports A port may have one or more interfaces


    Bonding allows more than once interface per port

    Packets are forward by ow

    Packets are Managed as Flows

    A ow may be identied by any combination of


    Input port VLAN ID (802.1Q) Ethernet Source MAC address Ethernet Destination MAC address IP Source MAC address IP Destination MAC address TCP/UDP/... Source Port TCP/UDP/... Destination Port

    Packets are Managed as Flows


    1 2

    The rst packet of a ow is sent to the controller The controller programs the datapaths actions for a ow
    Usually one, but may be a list Actions include:
    Forward to a port or ports, mirror Encapsulate and forward to controller Drop

    3 4

    And returns the packet to the datapath Subsequent packets are handled directly by the datapath
    Server
    Open vSwitch Datapath
    1 2 4 3

    Open vSwitch Controller

    Network Scalability Problems in Virtualised Environments

    Migration VLANs QoS Management

    Migration

    KVM and Xen provide Live Migration With bridging, IP address migration must occur with in the same L2 network Open vSwitch avoids this problem using GRE tunnels

    VLANs

    Per-Customer VLANs are desirable for security reasons But there is a limit of 4094 VLANs

    More VLANs

    Two, apparently competing, approaches


    1

    IETF / Cisco
    RFC5517 Private VLANs

    IEEE
    802.1ad Provider Bridges (Q-in-Q) 802.1ah Provider Backbone Brides (MAC-in-MAC)

    RFC5517 Private VLANs

    Uses existing 802.1Q framing


    Simple to implement (in software/rmware)

    Makes use of pairs of VIDs


    Requires all switches to support of Private VLANs otherwise switch tables may not merge

    Provides L2 broadcast isolation


    Forwarding may occur at L3 Requires the router to perform proxy ARP

    Currently not supported by Open vSwitch

    RFC5517 Private VLANs

    Three VLAN classications Promiscuous


    May communicate with endpoints on any port e.g.: Gateway, Management Host

    Community
    May only communicate with endpoints on promiscuous ports or ports belonging to the same comunity e.g.: Dierent hosts belonging to the same customer

    Isolated
    May only communicate with endpoints on promiscuous ports e.g.: Hosts that only require access to the gateway

    Private VLANs Domain View

    P C1 C2 I

    Promiscous domain (P)


    May communicate with endpoints in the same domain and sub-domains

    Two community sub-domains (C1 , C2 )


    May communicate with endpoints in the same domain and parent-domain

    Isolated sub-domain (I)


    May communicate with endpoints in the parent domain May not communicate with endpoints in the same domain

    802.1ad Provider Bridges (Q-in-Q)

    Current standard is 802.1ad-2005, Approved December 2005 Builds on 802.1Q New Framing
    C-VID (inner)
    Renamed 802.1Q VID There may be more than one C-VID (inner-inner, ...)

    S-VID (outer)
    Dierent ether-type to C-VID May be translated

    Currently not supported by Linux Kernel / Open vSwitch

    802.1ad Framing Provider Bridges


    DA SA S-VID C-VID VID Destination MAC address Source MAC addresss Service VLAN ID Customer VLAN ID VLAN ID

    DA SA Payload

    DA SA VID Payload

    DA SA S-VID C-VID Payload

    802.1 802.1Q

    802.1ad

    802.1ah Provider Backbone Bridges (MAC-in-MAC)

    Current standard is 802.1ah-2008, Approved August 2008 Builds on 802.1ad New Framing
    MAC encapsulation provides full Client VLAN isolation
    Inner MAC is unknown outside of its scope

    I-SID: Up to 224 16million backbone services I-VID semantics are the same as the S-VLAN
    Only edge switches need to be Provider Backbone Bridge aware Core switches need only be Provider Bridge (802.1ad) aware

    Currently not supported by Linux Kernel / Open vSwitch

    802.1ah Framing Provider Backbone Bridges


    B-DA Backbone Destination MAC address B-SA Backbone Source MAC address B-VID Backbone VLAN ID I-SID DA SA S-VID C-VID VID DA SA Payload Payload Service ID Destination MAC address Source MAC addresss Service VLAN ID Customer VLAN ID VLAN ID DA SA VID DA SA S-VID C-VID Payload

    B-DA B-SA B-VID I-SID DA SA S-VID C-VID Payload

    802.1 802.1Q

    802.1ad

    802.1ah

    QoS

    Open vSwitch QoS capabilities


    1 2

    Interface rate limiting Port QoS policy

    QoS: Interface rate limiting

    A rate and burst can be assigned to an Interface Conceptually similar to Xens netback credit scheduler # ovs-vsctl set Interface tap0 ingress_policing_rate=100000 # ovs-vsctl set Interface tap0 ingress_policing_burst=10000 Simple Appears to work as expected

    QoS: No interface rate limiting example

    # netperf -4 -t UDP_STREAM -H 172.17.50.253 -- -m 8972 UDP UNIDIRECTIONAL SEND TEST from 0.0.0.0 (0.0.0.0) port 0 AF_ to +172.17.50.253 (172.17.50.253) port 0 AF_INET Socket Message Elapsed Messages Size Size Time Okay Errors Throughput bytes bytes secs # # 10^6bits/sec 120832 109568 8972 10.01 10.01 146797 146620 0 1052.60 1051.33

    tap networking used jumbo frames required to reach line speed (210Mbits/s with 1500 byte frames) virtio should do better?

    QoS: Interface rate limiting example

    # netperf -4 -t UDP_STREAM -H 172.17.50.253 UDP UNIDIRECTIONAL SEND TEST from 0.0.0.0 (0.0.0.0) port 0 AF_ to 172.17.50.253 (172.17.50.253) port 0 AF_INET Socket Message Elapsed Messages Size Size Time Okay Errors Throughput bytes bytes secs # # 10^6bits/sec 120832 109568 8972 10.01 10.01 149735 14684 0 1073.66 105.29

    Dierence in sent and received packets indicates a ow control problem. virtio should do better?

    QoS: Port QoS policy

    A port may be assigned one ore more QoS policy Each QoS policy consists of a class and a qdisc
    Classes and qdisc use the Linux kernels tc implementation Only HTB classes are supported at this time Each class has a single qdisc associated with it The class of a ow is chosen by the controller

    The QoS policy (i.e. class) of a ow is chosen by the controller

    QoS: Port QoS policy example


    Programming the Datapath 1:# 2: 3: 4: 5: 6: 7: 8: 9: ovs-vsctl set port eth1 qos=@newqos \ -- --id=@newqos create qos type=linux-htb \ other-config:max-rate=200000000 queues=0=@q0,1=@q1 \ -- --id=@q0 create queue \ other-config:min-rate=100000000 \ other-config:max-rate=100000000 \ -- --id=@q1 create queue \ other-config:min-rate=50000000 \ other-config:max-rate=50000000

    QoS: Port QoS policy example

    Hard-coding the controller # ovs-ofctl add-flow br0 "in_port=2 ip nw_dst=172.17.50.253 \ idle_timeout=0 actions=enqueue:1:0" # ovs-ofctl add-flow br0 "in_port=3 ip nw_dst=172.17.50.253 \ idle_timeout=0 actions=enqueue:1:1" Only suitable for testing

    QoS: Port QoS policy example


    Guest 0: # netperf -4 -t TCP_STREAM -H 172.17.50.253 -l 30 -- -m 8972 TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 172.17.50.253 (172.17.50.253) port 0 AF_INET Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 87380 16384 8972 30.01 99.12 Guest 1: # netperf -4 -t TCP_STREAM -H 172.17.50.253 -l 30 -- -m 8972 ... 87380 16384 8972 30.14 49.56

    QoS: Port QoS policy controller improvements

    Add a default queue to the Port table Add enqueue to the FLOOD and NORMAL ports or use NOX (a dierent controller)

    Conclusion

    Open vSwitch is aimed at addressing short-comings in using bridging in virtualised environments It is a young project and there is much scope to contribute
    Extended VLAN support
    Private VLANs 802.1ad 802.1ah

    Improved QoS
    Add a default queue to the Port table Add enqueue to the FLOOD and NORMAL ports or use NOX (a dierent controller)

    High-Level Management

    You might also like