tags: Meetup、Co-writing

CNTUG meetup #24

• CNTUG meetup #24
  • Session 1. OpenvSwitch 深入淺出
  • Openflow
  • Format
  • Open vSwitch
  • Other funcations
  • Kuberbetes & OVS
  • Why OVS?
  • Do I Need it?
    • One
  • Q&A
  • Session 2. Stratum - 讓你擁有真正的SDN
  • P4 (Programming Protocol-indenpendent Packet Processors)
  • P4Runtime overview
  • Though P4Runtime are great, but…
  • Enhanced Configuration
  • Vision
  • Stratum Implementation Details
  • Project Status
  • Getting Involved

Session 1. OpenvSwitch 深入淺出

http://www.openvswitch.org/

Openflow

• Maintained by Open Networking Foundation (ONF)
• The first standard communication interface defined network…

Format

• Rule (比對規則): Switch Port, Layer 2 Header, Layer 3 Header, Layer 4 Header
• Action (比對到規則後要做的事)
  • Forward packet to ports
  • Encapsulate and forward to controller
  • Modify fields (修改 Header 任何欄位)
  • Normal Pipeline
  • Extension (現實環境可能有些狀況是 OpenFlow 預設沒有支援的，可以寫 Extension 來擴充功能)
• Stats

Open vSwitch

• Need to prepare all flow rules
  • without linux kernel (mostly)
• Openflow controller
  • Program your logic
• CLI
  • Difficult to maintain all logics

OpenFlow Rule 雖然很漂亮，但是很難下，例如：在一般 Linux Kernel 底下，NAT 直接用 iptables 就可以完成，但是如果改用 OpenFlow Rule，就必須下一大堆 Rule (除了 ARP Rule 之外還必須修改 Src IP, Dst IP)，增加管理上及實作上的複雜度。

Other funcations

• Linux
  • Tunneling
    • GRE/VXLAN/GRE/STTNVGRE
  • iptables extension
    • nfqueue .. etc
  • 802.1q VLAN
  • Link Aggregation with/without LACP
  • QoS
  • Traffic Shaping
  • Socket Applications
    • VPN, other networking functions.

Linux Kernel (iptables) 能做到的功能比 Open vSwitch 還要多出很多，且Linux 社群比 Open vSwitch 社群還要龐大更多，因此建議根據使用情境，來決定是否採用 Open vSwitch 或是使用 Linux Kernel 就可以了。

Kuberbetes & OVS

• Kubernetes & Networking
  • Pod communication
    • Pod to Pod
    • Pod to WAN
  • Service
    • ClusterIP
    • NodePort
  • Network Policy
    • Kubernetes 不實作，交給CNI
  • CNI Flannel
    • Linux Bridge
    • ARP Table
    • Routing Table
    • Iptables
  • Iptables
• Challenge
  • Pod to Pod
    • Same Node
    • Different Node
      • Overlay?
  • Pod to WAN
    • NAT
  • Kube-proxy (service)
    • Monitor service object
      • Create/Update/Remove rules
    • Translate policy to OpenFlow rules and apply to all switches.
  • NetworkPolicy
    • Monitor network…
• Projects
  • K-vswitch https://github.com/k-vswitch/k-vswitch
    Image Not Showing Possible Reasons

    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported

    Learn More →
  • SONA-CNI https://github.com/sonaproject/sona-cni https://wiki.onosproject.org/display/ONOS/SONA-CNI+Installation
    Image Not Showing Possible Reasons

    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported

    Learn More →
  • Ovn-kubernetes
  • …etc

Why OVS?

• Networking performance?
  • Open vSwitch + DPDK (Kernal Bypass)
  • Hardware offloading
• Service Chain?
  • Similar to Service Mesh
  • Service Mesh 大多都是用 iptables 來完成，iptable rules 數量一大，效率就降低(因為需要一條條比對)，且極難維護
  • Rewrite packets header
  • Redirect packets within different Pods
• Networking Traffic Monitor?
  • Latency
  • Counters

複雜度大於好處，未必需要導入 Kubernetes

Do I Need it?

One

• Learn how system works
  • Computing/Storage/Networking
    • Linux (將基本LINUX功夫學好，這些底層概念都可以帶著走)
  • Increase your value (你和其他人的價值差別在哪)
• Don't rely on Framework or Tools
  • Helm/Operator framework …etc
  • Never be the Yaml Engineer

Don't be YAML engineer! 不懂底下如何運作，只知道如何寫 YAML 就可以 work

Q&A

SR-IOV
https://github.com/feiskyer/sdn-handbook/blob/master/linux/sr-iov.md

Session 2. Stratum - 讓你擁有真正的SDN

• Challenge:
• Challenge:
• Challenge: Handling Migration
  • Widespread, greenfield adoption of new technology is not feasible
  • Types of Migration
  • Need interfaces, models and operations to be consistent to allow incremental adoption along these axes
• Wanted
  • New control interface with:
    • Abstraction for different types of switching chips
    • Well defined interfaces and behavior
    • Extensibility
  • Common models for configuation and monitoring
  • Common interafces for operations
  • Common platform abstraction
  • Open source switch stack

P4 (Programming Protocol-indenpendent Packet Processors)

https://p4.org/

• Domain-specific language to formally…
• Example: https://github.com/p4lang/behavioral-model/blob/master/mininet/simple_router.p4

P4Runtime overview

• API for runtime control of P4-defined switches
• Community-developed (p4.org API WG)
  • Initial contribution by Google and Barefoot
  • RC of version 1.0 available: https://p4.org/specs/
• gRPC/protobuf-based API definition
• P4 program-independent
• Enables filed-reconfigurability

Though P4Runtime are great, but…

• Missing
  • Configuration
  • Monitoring
  • Operations

Enhanced Configuration

• Configuration and Management
• Declarative configuration
• Streaming telemetry
• Model-driven management and operations
  • gNMI - network management interafce
  • gNOI - network operations interface
• Vendor-neutral data models

Google (seed code) + ONF (and community) = stratum

Vision

• Stratum supports multiple silicon products
• Stratum runs on many platforms
• Widely deployed in production SDN fabrics
• Enables P4Runtime and OpenConfig in the industry

• Stratum Use Cases
  • Cloud SDN Fabric
  • CORD: 5G Mobile & More
  • Thick Switch/Router

Stratum Implementation Details

• Implements P4Runtime, gNMI, and gNOI services
• Controlled locally or remotely using gRPC
• Written in C++11
• Runs as a Linux process in user space
• Can be distributed with ONL
• Built using Bazel

Project Status

• Reference platforms from 2 ASIC vendors and 6 platform vendors

Getting Involved

• https://github.com/stratum/stratum