Open Virtual Switch – The future of network virtualization
In last few years server virtualization has evolved very rapidly. But this virtualization challenges the traditional networking architecture. To cross the hurdles caused by traditional networks there is new paradigm called open virtual switch.
Open virtual switch, a layer 2 switch which is engineered for virtual machines to offer many features and supports some layer 3 protocols like Netflow,Sflow,routing between vlans etc .It is intelligent and learning switch. It is widely used in many public and private cloud platforms because of its wide feature set and ability to program using centralized controller. Openvswitch is an alternative to the normal bridge networking in virtual environment which utilizes OpenFlow Protocol.
As in case of any switch there are two most important things data path and control path. Open virtual switch also has two paths- data path and control path. Data path is the path through which packets are forwarded and control path took decision on packets, decision can be anything from routing, moving packets to other network devices
Control Path
Situates in user space and makes decision.
Data Path
Situates in kernel space since kernel space is faster than user space hence packets flow through this path based on decision made by control path.
Working
Whenever packet arrives, data path matches with existing flows, if there are no existing flows packet will be send to controller for generating flow together with a flow key, a flow key describes packet in general term.
Now based on flow key controller will generate a new flow and updates kernel space.
With Centralized Controller
Open virtual switch can also be used with a remote controller rather than a user space controller. With this setup Network Admin can write their own program to control traffic flowing across different interface.
Control paths create table with decisions and data path follows what is in that table.
Control paths exist in user space and data path exist in kernel space since routing through kernel space is faster than through user space open virtual switch always try to minimize using user space.
If there is no existing flow in kernel path for a particular packet it sends packet to user space which will generate a flow and send it to kernel space but in the meantime if there are packets in which there is no active flow it will be queued in user space waiting for user space to generate flow, if the user space buffer is full it will result in DROP and hence we see non zero number in ovs-dpctl show i.e. lost.
Data path is multi threaded but currently control path is not multi threaded.
Features:
Some of the features of open virtual switch:
– Netflow,Sflow
– Quality of service(QOS)
– Generic Routing Encapsulation(GRE) Tunneling
– NIC Bonding
– VLAN
– Openflow support
Installing Open virtual switch
Open virtual switch can be run on any Linux based virtualization platform
On ubuntu 12.04
apt-get install openvswitch-switch
Security in Open virtual switch:
Optical virtual switch does not support netfilter rules, but comes with its own open flow security rules. Using open flow rules both MAC based and port based filtering can be offered.
Resources:
