Open vSwitch 2015 Fall Conference
The Open vSwitch 2015 Fall Conference was held at the San Jose Doubletree on November 16 and 17, 2015.
|Welcome (Ben Pfaff, VMware)
|Keynote: Open vSwitch Musings (Chris Wright, Red Hat)
|Opening Talk: Introduction to OVN, the Open Virtual Network for Open vSwitch (Russell Bryant, Red Hat; Justin Pettit and Ben Pfaff, VMware)
|Talks, Session 1
|Geneve: What is it and why is OVN using it? (Jesse Gross, VMware)
|Network Service Headers: Additions to OVS to support Service Function Chaining in the kernel and userspace datapaths (Uri Elzur, Intel; Thomas Graf, Noiro Networks; Russell Bryant, Red Hat; Danny Zhou, Intel)
|Using Open vSwitch to realize NFV and service chaining in a Carrier Network (Jeff Peterson, Entry Point)
|Talks, Session 2:
|MidoNet and the Open vSwitch Datapath (Duarte Nunes, Midokura)
|Mininet and Open vSwitch (Bob Lantz, ON.Lab)
|OVS and L7 classification (DPI) use cases and demos: L7 stateful firewall, L7 QoS, L7 service chaining (Franck Baudin, Qosmos)
|Implementing OpenFlow on a hardware switch (Tony van der Peet, Allied Telesis)
|Talks, Session 3:
|Untangle complex network setups (Rashid Khan and Jiri Benc, Red Hat)
|New OVS instrumentation features aimed at real-time monitoring of virtual networks (Peter Phaal, InMon)
|A Proposal for Using TC Classification with Open vSwitch (Simon Horman, Netronome)
|The State of Stateful Services (Joe Stringer and Jarno Rajahalme, VMware)
|Day 1 Closing (Ben Pfaff, VMware)
|Day 2 Opening (Ben Pfaff, VMware)
|Talks, Session 4:
|How hot is the OVN? (James H. Chou, IBM)
|Integrating OVS with Container Systems (Gurucharan Shetty, VMware; Dan Williams, Red Hat)
|PDF 1 and 2
|Enabling extensibility in OVN (Gal Sagie, Huawei; Liran Schour, IBM)
|Talks, Session 5:
|Open vSwitch in OPNFV (Mark D. Gray and Maryam Tahhan, Intel; Thomas F. Herbert, Red Hat)
|An Automation Framework and Methodology for Measuring OVS Performance (Vasmi Abidi and Ying Chen, VMware)
|Open vSwitch: Game Show Edition (Ben Pfaff, VMware)
|Is the OVS Community Open Enough? (Thomas Graf, Noiro Networks)
|Project Dragonflow (Gal Sagie, Huawei)
|Playing with OVN in a Sandbox (Russell Bryant, Red Hat)
|Using Open vSwitch for service function chain (SFC) and SFC proxy to realize NFV (Yukihiro Nakagawa, Fujitsu)
|OVS Kernel Testing (Andy Zhou and Joe Stringer, VMware)
|OVS on Hyper-V (Nithin Raju and Sairam Vengugopal, VMware)
|ovn4nfv: A lean network controller for OPNFV (Vikram Dham, Dell)
|Open vSwitch Port to Solaris (Venu Iyer, Oracle)
|(presented without slides)
|Talks, Session 6:
|DPDK Optimization Techniques and Open vSwitch Enhancements for Netdev DPDK (Muthurajan Jayakumar and Gerald Rogers, Intel)
|OVS, DPDK and Software Dataplane Acceleration (Kevin Traynor, Intel; Thomas F. Herbert, Red Hat)
|FM10K: Acceleration of Network Virtualized Workloads with a 25G/100G Network Adapter (Dan Daly, Intel)
|Talks, Session 7:
|Match: A Generic Packet Processing Pipeline Runtime Integrated with OVS (Hao Zheng, Intel)
|C-like DSL for Open vSwitch (Saurabh Shrivastava, Nuage Networks)
|Linux network namespaces support in Open vSwitch (Jiri Benc, Red Hat)
|OVS Datapath Specialization using P4 (Muhammad Shahbaz, Princeton)
|Day 2 Closing (Ben Pfaff, VMware)
Introduction to OVN, the Open Virtual Network for Open vSwitch (Russell Bryant, Red Hat; Justin Pettit and Ben Pfaff, VMware)
OVN, which stands for Open Virtual Network, is a new project within the Open vSwitch community that aims to provide powerful virtual networking features to cloud networks. This talk, by three OVN contributors, will introduce the goals and current status of the OVN project.
Geneve: What is it and why is OVN using it? (Jesse Gross, VMware)
OVN has adopted the Geneve protocol as its primary encapsulation format between hypervisors. While not as well known as VXLAN, Geneve is designed to be a more future-proof superset of VXLAN's features and is supported by a wide array of both software and hardware makers. This flexibility is already being used by OVN to build a pipeline that is both more powerful and simpler than what could be done before. To better understand why Geneve came into existence, the talk will give an overview of the protocol itself and its capabilities. We'll then take a look at its support in OVN as well as other implementations and where it might go in the future.
Network Service Headers: Additions to OVS to support Service Function Chaining in the kernel and userspace datapaths (Uri Elzur, Intel; Thomas Graf, Noiro Networks; Russell Bryant, Red Hat; Danny Zhou, Intel)
In this talk we will review the contributions made to Open vSwitch to support Network Service Headers (NSH) based SFC (Service Function Chaining) into the kernel and DPDK accelerated userspace datapaths. For the handling of NSH, OVS must be able to:
- Act as OpenFlow classifier to classify packets that need to be pushed through a service function chain and add the requisite NSH header. This header allows the infrastructure to sequence this frame through the different services it requires.
- Acts as a Service Function Forwarder (SFF) which steers an NSH encapsulated frame to the next service, by looking at the NSH service path and service index to determine how the frame should be forwarded.
- Provides a mechanism allowing NSH encapsulated frame to carry shared metadata between service functions along the instantiated service path.
The configuration interface uses a combination of OpenFlow and OVSDB to allow control and orchestration layers to program these service chains into Open vSwitch. We will discuss the details of the patches submitted to OVS, compare the kernel and DPDK accelerated userspace modes in terms of performance and capability, and discuss the pressing needs for service function chaining today both in the Data Center and Telco markets. We also intend to discuss and share future plans for NSH in OVS, which includes OAM support, variable metadata length support, and the continuous optimization of forwarding performance.
Using Open vSwitch to realize NFV and service chaining in a Carrier Network (Jeff Peterson, Entry Point)
This presentation will explore an Optical Network Terminal (ONT) replacement that provides cloud functionality at the subscriber edge in a carrier network. The new ONT - a Virtual Broadband Gateway (VBG) - is used to transform an incoming optical signal to an electrical and/or wireless signal for voice, data, and other services. The VBG is a single instance of hardware that is used to create multiple virtual routers, switches, and service demarcations using Open vSwitch, NFV, and SFC (Service Function Chaining). The VBG is being used to simplify the network at the subscriber premise and to provide a point of presence at the premise for all of the network stakeholders (network operator, service provider, and subscriber).
The VBG includes the following features:
- Linux-based OS
- Dataplane - Open vSwitch
- OpenFlow capable
- Supports multiple virtual machines (Cloud at the Edge)
- Supports Service Function Chaining (SFC)
- Supports Network Functions Virtualization (NFV)
- Supports software (CPU) switching
- Supports Trusted Platform Module (TPM)
- Supports Virtual Analog Terminal Adapter (V-ATA)
MidoNet and the Open vSwitch Datapath (Duarte Nunes, Midokura)
MidoNet, an open source virtual network platform, uses the Open vSwitch kernel module as it's datapath, relying on it not only for packet switching and decision caching, but also as an efficient way to implement features like flow tracing and congestion analysis.
In this talk we'll go over the basics of how MidoNet interacts with the kernel module and manages installed flows. We'll cover how mechanisms such as megaflows and connection tracking are leveraged to power some of MidoNet's features. Finally, we'll also present some performance considerations stemming from the ways the datapath is employed.
Mininet and Open vSwitch (Bob Lantz, ON.Lab)
Mininet is an emulation framework that quickly creates virtual networks of hosts, switches, and SDN controllers on your laptop for development, research, teaching, or any other use. For scalability, Mininet hosts are usually just processes in network namespaces, connected to software switches (typically Open vSwitch) via virtual Ethernet links.
In this talk, I will provide a brief overview and demonstration of Mininet, describe how it uses Open vSwitch, and present some experiences so far and thoughts on how OVS might evolve to support the use case of network emulation.
OVS and L7 classification (DPI) use cases and demos: L7 stateful firewall, L7 QoS, L7 service chaining (Franck Baudin, Qosmos)
L7 classification with OVS without patch is now possible thanks to conntrack framework and well-crafted OVS rules. The basic idea is to rely on a userland L7 classifier, typically based on a DPI engine, marking the conntracks with L7 classification. Thanks to the new connmark and connlabel matchers, holding the L7 classification thanks to the L7 application mentioned previously, we can craft L7 OVS rules.
This presentation will explains and demonstrate the asynchronous design of L7 classification in two basic use cases:
- QoS: BitTorrent rate limiting, ftp rate limiting
- L7 Firewall: BitTorrent denial, ssh on non-regular ports denial
For the demo part, one client VM and one server VM will be interconnected by OVS, with L7 rules applied on the server port (typical micro-segmentation use case). There will be neither OpenStack nor OpenDayLight for this part, just KVM/virsh/namespaces and OVS.
The second part of the talk will demonstrate, on the same laptop, with the same OVS, a service chaining use case with VMs managed by OpenStack Kilo (vanilla, no patch) and Service Chaining managed by OpenDayLight Lithium (vanilla, no patch). The rationales of the technical choices will be explained: why no NSH, what about an NFV use case with DPDK OVS, what about using OVS as a ServiceClassifier and/or as a ServiceFunctionForwarder, what about a real NFV deployment ingredients, ...
Implementing OpenFlow on a hardware switch (Tony van der Peet, Allied Telesis)
I will share my experience of implementing OpenFlow on a hardware switch, using Open vSwitch, and describe the main lessons learned. Then I will discuss future plans, involving TTPs, a new ofproto and OF-DPA.
Untangle complex network setups (Rashid Khan and Jiri Benc, Red Hat)
While debugging networking related problems on modern cloud and container based solutions, one often finds oneself trapped in a maze of Open vSwitch bridges combined with regular bridges, tunnels, veth pairs and network namespaces with tens or hundreds of network interfaces. The relationship between those is usually anything but clear.
The talk will present plotnetcfg, an open source tool to visually represent relationship between network interfaces on a single host, including Open vSwitch bridges. To illustrate the complexity of current Open vSwitch users, some of the more interesting setups seen in the wild will be shown and described.
New OVS instrumentation features aimed at real-time monitoring of virtual networks (Peter Phaal, InMon)
The talk will describe the recently added packet-sampling mechanism that returns the full list of OVS actions from the kernel. A demonstration will show how the OVS sFlow agent uses this mechanism to provide real-time tunnel visibility. The motivation for this visibility will be discussed, using examples such as end-to-end troubleshooting across physical and virtual networks, and tuning network packet paths by influencing workload placement in a VM/Container environment.
A Proposal for Using TC Classification with Open vSwitch (Simon Horman, Netronome)
The traffic control (TC) framework of the Linux Kernel provides a rich set of components for packet control and classification. Recent work in TC with the eBPF classifier has highlighted the richness of this framework and raises the question of how TC could be leveraged to offload classification from Open vSwitch. In such a model, TC could also serve as an abstraction layer where classification could seamlessly be offloaded to other devices, such as an intelligent NIC, through the use of eBPF. This presentation will explore these offload opportunities and suggest ways in which OVS may benefit from leveraging TC classification.
The State of Stateful Services (Joe Stringer and Jarno Rajahalme, VMware)
Last year, we outlined plans to build out support for connection tracking in OVS and described multiple potential users of this functionality - ranging from stateful firewalling to NAT and DPI. This talk provides an overview of what has been merged today, and takes a look at the next steps for extending OVS stateful service support.
How hot is the OVN? (James H. Chou, IBM)
OVN brings much-needed support for a native virtualization layer to the datacenter, with the goal of providing native support for virtual networking abstractions that are production quality and can scale. But how much can it really scale? Ideally we'd like to have just one virtual network fabric in a data center, but that seems unachievable with the current design - the OVN architecture paper describes a network consisting of a mere few thousands of servers as a large network.
We describe our observations of OVN behavior both in actual (test) OpenStack deployments of various sizes as well as the test harness we use to simulate logical and physical networks of various sizes. Our focus is on characterizing the growth characteristics in CPU, filesystem I/O, and network traffic with the growth in number of chassis, focusing both on initial power-on (following, say, an unexpected power loss to multiple racks of servers) as well as performance changes due to logical network changes as the number of chassis grows. We pinpoint bottlenecks in OVN, both expected (ovsdb-server) and unexpected, with the goal of identifying areas which must be improved in order to provide high availability and scalability to at least tens, if not hundreds, of thousands of servers.
This abstract describes work which is getting underway. We expect to have results before the conference.
Integrating OVS with Container Systems (Gurucharan Shetty, VMware; Dan Williams, Red Hat)
OVS provides the flexibility to easily isolate traffic between containers, nodes, and external resources, and allows flexible linkage of containers on different nodes. We'll talk about how container systems like OpenShift and OVN can provide isolated, multi-tenant networks among Docker and Kubernetes containers. Come learn about our experiences with VXLAN performance and NIC offload, optimizing OpenFlow rules for faster container spin-up, and our Open vSwitch network architecture.
Enabling extensibility in OVN (Gal Sagie, Huawei; Liran Schour, IBM)
In this talk we discuss the need to enable flexible construction of the OVN processing pipeline. In addition, we describe an example where this feature can be used and propose a path to implementation. Currently, OVN implements a fixed logical pipeline composed from several stages. Each pipeline stage, assigned with a unique table id, is translated into a flow table configured on every OVS instance by the ovn-controller. In some cases, however, an external entity with out-of-band knowledge needs to impose workflow-specific actions on some flows. To grow the OVN ecosystem, it can be beneficial to enable 3rd party components to change the logical pipeline by adding new stages.
We describe an example of such a component that detects elephant flows by sflow monitoring from overlay edges and marks them for differentiated processing in the physical forwarding plane. When detected, elephant flows are being marked by adding logical flows that set DSCP field to a specific value. Physical forwarding plane then uses these marks to separate elephants flows from the rest, e.g. by sending them over ad-hoc optical circuits or over specialized DCI links. Implementation-wise, we propose to extend the current fixed logical pipeline to be flexible by providing a SB control API whereby entities external to the OVN control plane can add new pipeline stages. As a result, external loosely coupled entities will be be able to define new flow tables where workload-specific logical flows can be added.
We will also describe another approach that allows reactiveness in the model and hence simpler to develop more sophisticated external network services and applications, and how it can be implemented in OVN.
Open vSwitch in OPNFV (Mark D. Gray and Maryam Tahhan, Intel; Thomas F. Herbert, Red Hat)
This talk is about Open vSwitch with a software accelerated data plane (DPDK) and the OPNFV project. OVS for OPNFV is not a development project. It is a new project in OPNFV to deploy OVS with software accelerated data plane for NFV deployments for telcos and similar users.
We will begin by introducing Open Platform for NFV (OPNFV). The focus will be on the the goals for the OVS in OPNFV and how we hope to generate feedback to upstream DPDK and OVS projects. We will discuss the usability of OVS/DPDK in real-world deployment environments. Also, we will discuss both the short-term goals for the OVS for OPNFV project in the next release of OPNFV, Brahmaputra and the goals beyond this first release.
The OVS for OPNFV project provides specific deployments of OVS/DPDK utilizing complex Cloud and NFV high performance networking environments. Included will be packaging challenges, and specifics of how we plan to deploy OVS/DPDK as an alternate OVS package.
It is crucial to be able to characterize the performance of a virtual switch to determine its capabilities and suitability for deployment in Telco NFV environments, so we will look at the work undertaken by the OPNFV VSPERF project to define a test suite for characterizing the performance of the virtual switch and any considerations that must be taken into account when doing so.
Finally, the talk will conclude with our experience so far with OVS for OPNFV and the outlook for the future of NFV including needed improvements in OVS/DPDK needed by NFV and SFC.
An Automation Framework and Methodology for Measuring OVS Performance (Vasmi Abidi and Ying Chen, VMware)
We will present our methodology and test design for measuring performance of OVS.
We use a combination of Ansible and other open-source tools for orchestrating configuration management, organizing tests, and storing results.
We use this framework to routinely run repeatable, reliable performance tests using both software tools (e.g. netperf in a VM) and hardware tools (e.g. RFC2544 tests with Spirent).
We will discuss how to configure the system (Linux and OVS) for achieving maximum performance on multicore machines, and how to tune to get consistent results. Consistent numbers are important to be able to detect performance regressions across different builds.
We will present results to compare performance of KVM OVS with different data paths.
Project Dragonflow (Gal Sagie, Huawei)
How Project Dragonflow leverages OVS's megaflow mechanism for a fast pipeline installation with a hybrid (reactive+proactive) approach.
Playing with OVN in a Sandbox (Russell Bryant, Red Hat)
How Open vSwitch ``
make sandbox'' provides a useful
simulation environment for testing, as described
Is the OVS Community Open Enough? (Thomas Graf, Noiro Networks)
This lightning talk addresses the question whether the OpenvSwitch project is open and diverse enough based on work completed in the last 12 months. We will discuss whether the community functioned as a team with a closer look at the decision making process.
Using Open vSwitch for service function chain (SFC) and SFC proxy to realize NFV (Yukihiro Nakagawa, Fujitsu)
The talk will describe Open vSwitch used for SFC and SFC proxy to support SFC-unaware Virtual Network Function (VNF). A demonstration of Software-Defined WAN (SD-WAN) will show how the network performance is improved on demand by dynamically chaining WAN acceleration VNF in our OPNFV testbed. We will be using this testbed for the evaluation of end-to-end QoS in WAN which is important for the NFV infrastructure.
OVS Kernel Testing (Andy Zhou and Joe Stringer, VMware)
The talk will give some background on what we have done so far to test of the OVS kernel module and the design choices we have made. It also aims to solicit input on what could be done to further improve kernel testing coverage.
OVS on Hyper-V (Nithin Raju and Sairam Vengugopal, VMware)
This talk will present the progress made on the Open vSwitch port to Hyper-V, a collaboration between VMware and Cloudbase.
ovn4nfv: A lean network controller for OPNFV (Vikram Dham, Dell)
This talk will take a look at network virtualization features required for OPNFV and introduce ovn4nfv, a project proposed in OPNFV. ovn4nfv will enable OVN as another, and simpler, option for network control in OPNFV.
Open vSwitch Port to Solaris (Venu Iyer, Oracle)
Oracle has ported Open vSwitch to Solaris. This talk describes the rationale for the port, its progress, and its path for the future.
DPDK Optimization Techniques and Open vSwitch Enhancements for Netdev DPDK (Muthurajan Jayakumar and Gerald Rogers, Intel)
How does DPDK deliver optimal performance with small packet sizes? In this talk, we will emphasize top three performance optimization techniques that address:
- Core related optimizations in a multi-core environment - to improve IPC (inter processor communication) performance,
- Memory related optimizations - hiding the latency with s/w prefetch techniques and
- Network i/o related optimizations - amortizing the PCIe bus overhead.
For a real world example, we will illustrate these optimizations used in the latest enhancements to Open vSwitch with Netdev-DPDK, developed over the past couple of quarters. Specifically we would discuss the additional new features, performance enhancements and future features. Intel continues to add new features at a regular cadence to enhance the user space capabilities. Recent enhancements include QOS, Statistics, and useability. Open vSwitch with Netdev-DPDK has achieved greater than 10x the performance of kernel based Open vSwitch. The presentation will discuss recent performance changes in DPDK and other performance modifications to the User Space processing. The presentation would include the latest performance we have achieved, and future performance targets.
OVS, DPDK and Software Dataplane Acceleration (Kevin Traynor, Intel; Thomas F. Herbert, Red Hat)
This talk is about Open vSwitch with netdev DPDK.
Currently DPDK presents the best alternative high speed software data path for support of high speed interfaces in OVS. We have seen DPDK/OVS provide throughput that can compete with hardware switching fabrics at close to 40Gb line rates. However, DPDK presents challenges when compared with the Linux kernel datapath. DPDK lacks refinements available from over 20 years of development of Linux kernel networking and devices. Different semantics in DPDK for provisioning interfaces, the user experience in that they need architecture knowledge for optimum performance, and a challenging debugging environment are a few of these challenges.
For those less familiar, we will begin our talk with a discussion of how DPDK integrates with OVS by way of the netdev API. We will cover how to use, deploy and debug OVS with DPDK. We will cover issues of achieving high performance in real-world scenarios such as host-guest, and guest to guest.
Finally, we talk about the future of supporting ever higher demands for fast packet switching in OVS and the role of DPDK and other paradigms for acceleration.
FM10K: Acceleration of Network Virtualized Workloads with a 25G/100G Network Adapter (Dan Daly, Intel)
In this talk we will demonstrate the use of Intel(r) FM10000 based Ethernet adapters to accelerate workloads running over network virtualized infrastructure on standard high volume servers. Using Open vSwitch as the control point, these network adapters are able to accelerate the usage of virtual L2/L3 networks, ACLs applied across virtual domains, Network Address Translation and Service Function Chaining. When used in conjunction with an accelerated OVS, individual virtual network functions (VNFs) can use DPDK to set up filtering and traffic management functions to efficiently scale up to 100Gbs going into a single VNF, or into a set of VNFs working in concert. We will share performance results that demonstrate the efficient usage of a virtualized platform at 100Gb Ethernet line rates, and discuss the OVS implications of leveraging these platform specific capabilities.
Match: A Generic Packet Processing Pipeline Runtime Integrated with OVS (Hao Zheng, Intel)
In this talk we discuss Match, a generic interface for capability discovery and state management of a match-action based packet processing pipeline, and how this can be used to accelerate Open vSwitch. Match fills a role on a programmable platform where optimized pipelines outside of OVS can be leveraged, such as optimized software pipelines and hardware acceleration devices. We will share some of the integration done with OVS, including the ability for OVS to leverage external TCAM and hash lookup resources, the ability for OVS to offload VXLAN encap / decap, and the ability to control the packet forwarding of packets going in and out of a hardware virtual functions (VFs) into VMs and containers.
This talk continues on the discussion we had in the last OVS conference, in the last pair of LinuxCons, and some discussions at the P4 conference on a runtime for programmable pipelines.
C-like DSL for Open vSwitch (Saurabh Shrivastava, Nuage Networks)
OVS can be abstracted as a stack based processor with a set of registers, RAM and with an instruction set for function calls, conditional and unconditional jumps, memory load and stores, logical operators such as ||, &&, !. This processor can now be programmed in C (with restrictions).
The programming model is that a packet enters the processing pipeline at the "main" function, does several function calls, lookups RAM, eventually modifying packet by writing into well known "global" variables which correspond to flow fields.
The code section is implemented in table 0, RAM in table 1. REG0 is used as the "program counter", function call parameters are loaded into registers, return value of the function is pushed on to the stack, conditional jump is implemented by playing with rule priority.
Linux network namespaces support in Open vSwitch (Jiri Benc, Red Hat)
The Linux kernel provides network namespaces (netns) as a facility to partition the networking stack. Although Open vSwitch has a rudimentary support for bridges spanning several network namespaces, the support is incomplete. This often leads to surprising results and things not working as expected.
The talk will present the major problems with netns support in Open vSwitch and propose options to solve them. Some of the problems can be addressed using mechanisms that the kernel already provides, for some of them new API will be needed.
OVS Datapath Specialization using P4 (Muhammad Shahbaz, Princeton)
Unlike OpenFlow, which provides a pipelined match-action table (MAT) abstraction, the native Open vSwitch (OVS) itself, on the other hand, provides a pool of MATs for the user to program. There is no inherent notion of a pipeline and it's the responsibility of the user to not only maintain tables' state but also explicitly construct the pipeline by installing carefully crafted flow rules at runtime. This abstraction, though very powerful, makes it hard to manage the switch as the number of MATs increase. P4 helps solve this problem by enabling users to statically define MAT pipelines as P4 programs and letting them only manage the tables' state at runtime. This has many benefits and, furthermore, with a P4 program one can also specialize OVS to implement only the required features like parsing Ethernet headers and not IP headers in case of layer-2 forwarding. In this talk, we will list these benefits and share our experience of compiling P4 to OVS.