Open source standards for network orchestration, part 2: Open vSwitch

Posted by admin January 30, 2015
Open source standards for network orchestration, part 2: Open vSwitch

I started our series on open source standards by looking at OpenDaylight, the software project focused on accelerating adoption of software-defined networking and network functions virtualization. The emergence of SDN and NFV has been pivotal for networking, not just because of technical improvements to network architecture and design, which are still in the early stages of being implemented, but also due to the collaboration that has ensued, as vendors of all stripes look to shape the industry's future.

That's to say, many parties are looking to support open source network orchestration in some capacity, leading to a variety of projects aimed at opening up how network resources are managed and how switches operate. In part 2 of this series, I'll dive into Open vSwitch, the multilayer virtual switch initiative issued under the Apache 2.0 license.

Open vSwitch: An open source project for virtual switching

"OVS is both the most prominent open source alternative to VMware and Cisco virtual switch solutions and an increasingly important fixture of other open source networking projects."

Virtual switching isn't a new concept. VMware's pioneering of server virtualization allowed for virtual switches to replace physical ones. Essentially, a software stack running on a server that hosts VMs could provide a switch that connected to virtual or logical Ethernet ports.  The major difference between virtual switches such as OVS and legacy virtual L2 bridges such as that included in Linux is that they are designed to handle highly dynamic cloud environments where network state (both configured and real-time) may need to move along with vSwitch instances between hosts.

There are proprietary virtual switch solutions such as the Cisco Nexus 1000V and the VMware vSphere Distributed Switch (vDS). Open vSwitch, sometimes referred to as OVS, is both the most prominent open source alternative and an increasingly important fixture of other open source networking projects.  OVS works on Linux hyper-visors such as Xen and KVM, is the default in Xen Cloud Platform and XenServer 6.0, and it is integrated into OpenStack, which we'll look at in a subsequent part of this series. The kernel datapath module is also now included directly in Linux.

Designed to enable network control via OpenFlow and management via the Open vSwitch Database protocol, OVS functions as a soft switch and is also able to offload data plane processing to switching silicon on NICs or external hardware switches. Just a few of its important features include:

  • Support for tunneling protocols such as VXLAN and IPsec.
  • OpenFlow compatibility, including numerous extensions for virtualization.
  • Traffic policing for each VM interface.
  • Use of the Link Aggregation Control Protocol for link aggregation.
  • Compatibility with IPv6.

The design of Open vSwitch
Open vSwitch is comprised primarily of a number of control plane components that live in the user space, plus the kernel module which handles the actual data plane functions.

  • Ovs-vswitchd:The most important component is the Ovs-vswitchd, which runs the switch. It talks directly with OVS kernel module via the netlink protocol.  If an outbound packet handled by the kernel doesn't have a cache entry determining how it should be forwarded, the kernel messages the Ovs-vswitchd which does a look up in the database to find a flow table entry that matches the packet in question. The forwarding instructions are messaged back to the kernel, which establishes a cache entry.  Ovs-vswitchd can also communicate with OpenFlow controllers.
  • Ovs-dbserver: This server support the management plane functionality to Ovs-vswitchd, storing all configuration changes typically using OVS' OVSDB schema. It provides the JSON-RPC based OVSDB protocol to external OVS clients that are used to configure the switch.

Unlike the Cisco Nexus 1000V or VMware's solution, OVS does not have a native SDN controller. It is designed instead to work with third-party controllers and cloud orchestrators, so OpenDaylight or the OpenStack Neutron OpenFlow and OVSDB plugins could be used.

Open vSwitch is the de facto standard for OpenFlow implementation.Open vSwitch is the de facto standard for OpenFlow implementation.

Open vSwitch and SDN 
OVS has been instrumental in the progress of SDN innovation, since it is both open and high performance.

"Open vSwitch is the most popular network back-end for OpenStack deployments and widely accepted as the de facto standard OpenFlow implementation," explained OVS contributors Justin Pettit, Ben Pfaff and Ethan Jackson in a post for Network Heresy. "For Open vSwitch to be successful, it not only must be highly programmable and general, it must also be blazingly fast.  For the past several years, our development efforts have focused on precisely this tension - building a software switch that does not compromise on either generality or speed."

OVS performance has dramatically improved over the past several releases. For example, features such as kernel cache megaflow support (based on field wildcarding) that allows the kernel to send less exceptions to ovs-vswitchd, and classifier improvements in ovs-vswitchd such as Priority Sorting, Staged Lookup and Prefix Tracking dramatically reduces the number of megaflows pushed into the kernel from millions to dozens. OVS 2.0 also made ovs-vswitchd a multithreaded process and enabled better separation of real-time and management-plane tasks.

The takeaway: Open vSwitch is a prominent open source project for Linux-based virtual switches. An alternative to Cisco and VMware solutions, it is a primary innovation platform and the recognized, standard open switch for use with OpenFlow. Key features include its utilization of the OpenFlow control plane, its highly flexible OVSDB protocol for management plane, its ability to offload dataplane handling to hardware and its high performance design and advancements over time.