Sergey Nivens - Fotolia
A comprehensive guide to Open vSwitch and its capabilities
Distributed multilayer switches are essential to managing several network connections between VMs. Open vSwitch offers admins automated and dynamic network control for virtual systems.
Open vSwitch is a virtual switch released over 10 years ago and has since been widely implemented into numerous virtual management systems, including OpenStack, OpenNebula and oVirt. However, unless admins have hands-on experience with the technology, they might not be familiar with what it is or how it works.
Open vSwitch offers a strong service for controlling network connections between VMs running in highly dynamic, multiserver environments such as the cloud. With Open vSwitch, admins get a network control system that can respond and adapt to their systems as they change.
The Open vSwitch kernel module was built into the Linux kernel since version 3.3. Given its widespread use, it is worth obtaining a basic understanding of Open vSwitch, especially for those working with virtualization and cloud technologies.
Introduction to Open vSwitch and its features
The Open vSwitch system is a production-quality multilayer virtual switch platform similar to VMware vSwitch or Cisco Nexus 1000V. Open vSwitch is a Linux Foundation collaborative project and is available under the open source Apache 2.0 license. Admins can use Open vSwitch in their distributed virtual systems that span multiple physical servers, including large-scale deployments. Admins can run each stable release through a large suite of regression tests, which include hundreds of system-level tests and thousands of unit tests.
Open vSwitch delivers virtual switch capabilities to virtual server environments, while also providing network automation through programmatic extensions. The system supports standard management protocols and interfaces such as NetFlow, IEEE 802.1, Remote Switched Port Analyzer (RSPAN) and IP Flow Information Export. Open vSwitch exposes standard visibility and control interfaces to the virtual network layer, providing a structure for automated and dynamic network control to virtualized systems.
Open vSwitch supports several hypervisors, such as KVM, Xen, VirtualBox and Proxmox Virtual Environment. Though Open vSwitch primarily targets Linux platforms, admins can also use it on Windows, FreeBSD and non-POSIX embedded systems. In addition, admins can use Open vSwitch with the Data Plane Development Kit, a collection of libraries for accelerating packet processing across different CPU architectures.
Open vSwitch offers a wide range of features, such as multicast snooping, per-VM interface traffic policing and network interface card bonding with source-MAC load balancing. The program also provides kernel and user-space forwarding engine options and a multi-table forwarding pipeline with a flow-caching engine.
In addition, Open vSwitch supports OpenFlow protocols, multiple tunneling protocols and remote configuration protocols, as well as forwarding layer abstraction to ease porting to new software and hardware.
Along with its other features, Open vSwitch provides fined-grained quality-of-service control, which includes traffic queuing and shaping. Open vSwitch contains several security mechanisms, such as traffic filtering and virtual LAN isolation, which enables extensive system monitoring with support for sFlow, NetFlow, RSPAN and Switched Port Analyzer. Open vSwitch can also use OpenFlow or Open vSwitch database (OVSDB) management protocols to facilitate automation.
Dig deeper into Open vSwitch
Because Open vSwitch is written in the C language, it provides a platform-independent service that can be easily ported to other systems. Open vSwitch reuses existing subsystems where applicable, which keeps the in-kernel code as small as possible.
Open vSwitch can operate either partly in the kernel domain, which requires admins to initiate the Open vSwitch kernel module, or entirely in the user domain without the assistance of a kernel module. However, a user-based deployment can incur a performance penalty. For this reason, many services are kernel-based deployments.
The kernel module processes the packets received from the user domain. To implement the module, admins have two options: compile the module included with the Open vSwitch distribution or use the module already built into the Linux kernel. Numerous Linux distributions now include the module, including Red Hat, Ubuntu, Debian, Fedora and openSUSE. However, the built-in module doesn't provide all the features available to the Open vSwitch distribution, such as support for the Locator/ID Separation Protocol.
The Open vSwitch distribution includes several components. The two primary ones are the management daemon (ovs-vswitchd) and the OVSDB server (ovsdb-server). The ovs-vswitchd daemon manages and controls the Open vSwitch switches on the local machine where admins install the daemon. At startup, the daemon retrieves configuration data from the database server and sets up the Open vSwitch data paths.
Upon completion of the data paths configuration, the daemon can manage the switching across each bridge described in the configuration data. If configuration information in the database changes, the daemon automatically updates its settings to match. A single daemon instance can manage a large collection of switch instances up to the number of supported data paths.
In addition, Open vSwitch contains a database server, which is a lightweight database management system that provides remote procedure call (RPC) interfaces to one or more Open vSwitch databases. The server can implement JSON-RPC client connections, overactive or passive Unix domain sockets and TCP/IP. The database server can support replication as well as several service models, including stand-alone, clustered and active backup.
Another component to Open vSwitch is its inclusion of scripts and specifications for building Red Hat Package Manager packages for Citrix XenServer and Red Hat Enterprise Linux. The Open vSwitch distribution provides a number of important tools for implementing and running it. For example, admins can use the ovs-dpctl utility to configure the kernel module, the ovs-vsctl utility to query and update the daemon's configurations, and the ovs-appctl utility to send commands to running Open vSwitch daemons.