Openvswitch and ovsdb

In this blog, I will provide an overview of ovsdb, this is mainly a collection of information from various locations.

Openvswitch is a virtual switch targeted for virtualized environments to switch traffic between VMs.  Its integrated into the latest Linux kernel.

Following are the critical components of Openvswitch.

  • ovs-vswitchd, a daemon that implements the switch, along with a companion Linux kernel module for flow-based switching. We can talk to ovs-switchd using Openflow protocol.
  • ovsdb-server, a lightweight database server that ovs-vswitchd queries to obtain its configuration. External clients can talk to ovsdb-server using ovsdb management protocol.
  • control and management cluster contains client tools to talk to ovsdb-server and ovs-vswitchd.

          |      Control &       |
          |     Management       |
          |      Cluster         |
             |                \
             | OVSDB           \ OpenFlow
             | Mgmt             \
             |                   \
       | +--------------+       +--------------+    |
       | |              |       |              |    |
       | | ovsdb-server |-------| ovs-vswitchd |    |
       | |              |       |              |    |
       | +--------------+       +--------------+    |
       |                               |            |
       |                        +----------------+  |
       |                        | Forwarding Path|  |
       |                        +----------------+  |

Following are some notes on the internals:

  • ovsdb-server maintains the switch table database and external clients can talk to ovsdb-server using json rpc and json being the data format.
  • ovsdb database currently contains around 13 tables and these can be extended further.
              • Bridge – Bridge configuration.
              • Port – Port configuration.
              • Interface – One physical network device in a Port.
              • Flow_Table – OpenFlow table configuration
              • QoS – Quality of Service configuration
              • Queue – QoS output queue.
              • Mirror – Port mirroring.
              • Controller – OpenFlow controller configuration.
              • Manager – OVSDB management connection.
              • NetFlow – NetFlow configuration.
              • SSL – SSL configuration.
              • sFlow – sFlow configuration.
              • IPFIX – IPFIX configuration
  • ovsdb clients can use the ovsdb management protocol can manipulate the above tables.
  • Following are the different json rpc methods specified by the protocol.
      • list_dbs – List databases
      • get_schema – Get schema
      • transact – operations on database
      • cancel – cancel transact request
      • monitor – monitor certain table columns
      • update – sent by server to client for tables that are monitored
      • monitor_cancel – cancelling monitor request
      • lock, steal, unlock – locking, unlocking operations on database
      • echo – to check liveliness
  • Using the transact rpc method, different database operations like select, insert, delete can be done.

Following are some client tools that Open vswitch provides:

  • ovs-dpctl, a tool for configuring the switch kernel module.
  • ovs-ofctl, to list implemented flows in the OVS kernel module
  • ovs-vsctl, a utility for querying and updating the configuration of ovs-vswitchd.
  • ovs-appctl, a utility that sends commands to running Open vSwitch daemons.
  • ovsdb-client, a command line utility to ovsdb server.

Mininet uses openvswitch and ovsdb internally.

To illustrate some of the theory above, I created following simple Mininet topology.

sudo mn --controller=remote,ip= --topo=linear,3

This is a 3 node linear topology.

Now, lets try to look at the contents of the database

mininet@mininet-vm:~$ sudo ovsdb-client list-dbs
mininet@mininet-vm:~$ sudo ovsdb-client list-tables

Above, we see the database and tables. Now, lets try to look at columns in bridge table:

mininet@mininet-vm:~$ sudo ovsdb-client list-columns Bridge
Column        Type                                                                          
------------- ------------------------------------------------------------------------------
status        {"key":"string","max":"unlimited","min":0,"value":"string"}                   
fail_mode     {"key":{"enum":["set",["secure","standalone"]],"type":"string"},"min":0}      
other_config  {"key":"string","max":"unlimited","min":0,"value":"string"}                   
_version      "uuid"                                                                        
name          "string"                                                                      
datapath_type "string"                                                                      
netflow       {"key":{"refTable":"NetFlow","type":"uuid"},"min":0}                          
ports         {"key":{"refTable":"Port","type":"uuid"},"max":"unlimited","min":0}           
external_ids  {"key":"string","max":"unlimited","min":0,"value":"string"}                   
flood_vlans   {"key":{"maxInteger":4095,"minInteger":0,"type":"integer"},"max":4096,"min":0}
_uuid         "uuid"                                                                        
controller    {"key":{"refTable":"Controller","type":"uuid"},"max":"unlimited","min":0}     
datapath_id   {"key":"string","min":0}                                                      
stp_enable    "boolean"                                                                     
mirrors       {"key":{"refTable":"Mirror","type":"uuid"},"max":"unlimited","min":0}         
sflow         {"key":{"refTable":"sFlow","type":"uuid"},"min":0}

Now, lets try to dump the contents of bridge table.

mininet@mininet-vm:~$ sudo ovsdb-client dump Open_vSwitch
Bridge table
_uuid                                controller                                                                   datapath_id        datapath_type external_ids fail_mode flood_vlans mirrors name netflow other_config                     ports                                                                                                                                                    sflow status stp_enable
------------------------------------ ---------------------------------------------------------------------------- ------------------ ------------- ------------ --------- ----------- ------- ---- ------- -------------------------------- -------------------------------------------------------------------------------------------------------------------------------------------------------- ----- ------ ----------
4aa95bd1-6e44-48c3-9836-a634a2b3bee9 [56efde50-b9a5-4696-98a9-f632438ec860, 80454ec0-b75b-4ba1-83aa-c87c80e3c409] "0000000000000001" ""            {}           secure    []          []      "s1" []      {datapath-id="0000000000000001"} [1ecfc08a-cccb-432b-a6f2-a88b6953b27b, 20338ec9-a7ed-4275-9a1a-4dce0d17f9d0, d026cd6a-c6e5-418c-bfae-8912beccbab8]                                       []    {}     false     
31ade9d7-3a84-4809-a067-21d6ab13d3a0 [c309252b-384e-4120-9180-8c6f3e21d52d, df9f8e75-32a0-4bab-81ae-22161e5d8ce5] "0000000000000002" ""            {}           secure    []          []      "s2" []      {datapath-id="0000000000000002"} [4a304026-d090-4163-8328-0d9c1f55ef51, 504ea36c-2ec6-4010-91d5-ff9ebe6d792f, 8ddd5e79-9b74-48f2-b251-d8ee521146e4, c8e82b90-41d5-4834-aa9b-05d6faf0baf4] []    {}     false     
0a3f793d-4958-44a5-9639-a36384927f58 [9e921896-32e9-4f4e-b1e2-332fb2339f76, fc81e564-6aa5-4ad0-9518-58ce3094451b] "0000000000000003" ""            {}           secure    []          []      "s3" []      {datapath-id="0000000000000003"} [0c5005d8-b999-4c6b-bf6e-a638032737f8, 25c8166d-28d8-47f5-b1fc-69940ec42960, cc54c4d5-32b9-4e0e-9aff-42dd4fdcd1a5]                                       []    {}     false

Above, we see the 3 bridges along with their properties.

Now, lets try to change some properties of this topology using ovs-vsctl. Lets try to delete 1 of the ports in the bridge.

sudo ovs-vsctl del-port s2 s2-eth2

When we look at the controller for the topology now, we should see the link between s2 and s1 go away.
Once we add it back,

sudo ovs-vsctl add-port s2 s2-eth2

Link should show back on the controller topology.

Following is the generic format for ovs-vsctl.

ovs-vsctl <command> <table name> <record name> <setting=value>

Lets say, we want to mirror packets from s2-eth2 interface of bridge s2 and send towards interface s2-eth3, we can execute the following command. This will modify the bridge and mirror table appropriately.

sudo ovs-vsctl set bridge s2 mirrors=@m -- --id=@eth2 get port s2-eth2 -- --id=@eth3 get Port s2-eth3 -- --id=@m create mirror name=mymirror select-dst-port=@eth2 select-src-port=@eth2 output-port=@eth3

Do a “pingall” from Mininet and allow simpleforwarding controller application to install flows. To dump the flow table, we can use ovs-ofctl. Flows can also be dumped using raw dump of the flow table from ovs-vsctl or ovsdb-client.

mininet@mininet-vm:~$ sudo ovs-ofctl dump-flows s2
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=79.866s, table=0, n_packets=1, n_bytes=98, priority=1,ip,nw_dst= actions=output:3
 cookie=0x0, duration=79.898s, table=0, n_packets=4, n_bytes=392, priority=1,ip,nw_dst= actions=output:5
 cookie=0x0, duration=79.884s, table=0, n_packets=2, n_bytes=196, priority=1,ip,nw_dst= actions=mod_dl_dst:d2:87:9b:ac:c0:9f,output:4

We can also create a network and configure the network without using Mininet. Following is an example for doing this:

sudo ovs-vsctl add-br s1
  sudo ovs-vsctl add-br s2
  sudo ovs-vsctl add-br s3
  sudo ovs-vsctl add-port s1 patch-s1
  sudo ovs-vsctl set interface patch-s1 type=patch
  sudo ovs-vsctl set interface patch-s1 options:peer=patch-s2
  sudo ovs-vsctl add-port s2 patch-s2
  sudo ovs-vsctl set interface patch-s2 type=patch
  sudo ovs-vsctl set interface patch-s2 options:peer=patch-s1
  sudo ovs-vsctl set-controller tcp:
  sudo ovs-vsctl set-controller s1 tcp:
  sudo ovs-vsctl set-controller s2 tcp:

The above set of commands will create a linear 2 node topology with a patch connection between the 2 nodes. Its not clear to me how mininet creates connection between nodes since I did not observe a patch connection with Mininet created topology.

Opendaylight and ovsdb:

As part of Opendaylight Hydrogen release planned early 2014, ovsdb southbound plugin will be introduced. This can allow the controller to manage vswitch using ovsdb protocol. Openflow plugin was already supported which allowed openflow flows to be installed. There is also a Openstack+Opendaylight integration project happening that will allow the Openstack to use the ML2 plugin of ODL for the networking stuff. ML2 plugin will talk to ovsdb southbound plugin. More details on this later once I understand this better.

Following link captures more details on the integration of ovsdb with Opendaylight. I have tried this tutorial which shows a practical example of ovsdb integration with Opendaylight. This would need us to compile ovsdb code and copy to controller. Instructions for this is present in the tutorial as well.


3 thoughts on “Openvswitch and ovsdb

  1. naturally like your website but you need to take a look at the spelling on quite a
    few of your posts. A number of them are rife with spelling issues and I in finding it very bothersome to tell the truth on the other hand I will surely come
    back again.

    1. Thanks for your feedback. I will pay more attention to the spelling. If possible, can you please provide me few sample instances. For this blog, when I did spellcheck, I see 2 issues: I should change Openvswitch to Open vswitch, Opendaylight to OpenDaylight.

  2. Hi,

    can you please provide the flow between user space to kernel space and kernel space to user space like how flow tables are stored in kernel ?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s