###### tags: `Meetup`、`Co-writing` # CNTUG meetup #24 [TOC] ## Session 1. OpenvSwitch 深入淺出 http://www.openvswitch.org/  Openflow --- - Maintained by Open Networking Foundation (ONF) - The first standard communication interface defined network... Format --- - Rule (比對規則): Switch Port, Layer 2 Header, Layer 3 Header, Layer 4 Header - Action (比對到規則後要做的事) - Forward packet to ports - Encapsulate and forward to controller - Modify fields (修改 Header 任何欄位) - Normal Pipeline - Extension (現實環境可能有些狀況是 OpenFlow 預設沒有支援的，可以寫 Extension 來擴充功能) - Stats Open vSwitch --- - Need to prepare all flow rules - without linux kernel (mostly) - Openflow controller - Program your logic - CLI - Difficult to maintain all logics > OpenFlow Rule 雖然很漂亮，但是很難下，例如：在一般 Linux Kernel 底下，NAT 直接用 iptables 就可以完成，但是如果改用 OpenFlow Rule，就必須下一大堆 Rule (除了 ARP Rule 之外還必須修改 Src IP, Dst IP)，增加管理上及實作上的複雜度。 Other funcations --- - Linux - Tunneling - GRE/VXLAN/GRE/STTNVGRE - iptables extension - nfqueue .. etc - 802.1q VLAN - Link Aggregation with/without LACP - QoS - Traffic Shaping - Socket Applications - VPN, other networking functions. > Linux Kernel (iptables) 能做到的功能比 Open vSwitch 還要多出很多，且Linux 社群比 Open vSwitch 社群還要龐大更多，因此建議根據使用情境，來決定是否採用 Open vSwitch 或是使用 Linux Kernel 就可以了。 Kuberbetes & OVS --- - Kubernetes & Networking - Pod communication - Pod to Pod - Pod to WAN - Service - ClusterIP - NodePort - Network Policy - Kubernetes 不實作，交給CNI - CNI Flannel - Linux Bridge - ARP Table - Routing Table - Iptables - Iptables - Challenge - Pod to Pod - Same Node - Different Node - Overlay? - Pod to WAN - NAT - Kube-proxy (service) - Monitor service object - Create/Update/Remove rules - Translate policy to OpenFlow rules and apply to all switches. - NetworkPolicy - Monitor network... - Projects - K-vswitch https://github.com/k-vswitch/k-vswitch  - SONA-CNI https://github.com/sonaproject/sona-cni https://wiki.onosproject.org/display/ONOS/SONA-CNI+Installation  - Ovn-kubernetes - ...etc Why OVS? --- - Networking performance? - Open vSwitch + DPDK (Kernal Bypass) - Hardware offloading - Service Chain? - Similar to Service Mesh - Service Mesh 大多都是用 iptables 來完成，iptable rules 數量一大，效率就降低(因為需要一條條比對)，且極難維護 - Rewrite packets header - Redirect packets within different Pods - Networking Traffic Monitor? - Latency - Counters > 複雜度大於好處，未必需要導入 Kubernetes Do I Need it? --- ### One - Learn how system works - Computing/Storage/Networking - Linux (將基本LINUX功夫學好，這些底層概念都可以帶著走) - Increase your value (你和其他人的價值差別在哪) - Don't rely on Framework or Tools - Helm/Operator framework ...etc - Never be the Yaml Engineer > Don't be YAML engineer! 不懂底下如何運作，只知道如何寫 YAML 就可以 work Q&A --- SR-IOV https://github.com/feiskyer/sdn-handbook/blob/master/linux/sr-iov.md ## Session 2. Stratum - 讓你擁有真正的SDN - Challenge: - Challenge: - Challenge: Handling Migration - Widespread, greenfield adoption of new technology is not feasible - Types of Migration - Need interfaces, models and operations to be consistent to allow incremental adoption along these axes - Wanted - New control interface with: - Abstraction for different types of switching chips - Well defined interfaces and behavior - Extensibility - Common models for configuation and monitoring - Common interafces for operations - Common platform abstraction - Open source switch stack P4 (Programming Protocol-indenpendent Packet Processors) --- https://p4.org/ - Domain-specific language to formally... - Example: https://github.com/p4lang/behavioral-model/blob/master/mininet/simple_router.p4 P4Runtime overview --- - API for runtime control of P4-defined switches - Community-developed (p4.org API WG) - Initial contribution by Google and Barefoot - RC of version 1.0 available: https://p4.org/specs/ - gRPC/protobuf-based API definition - P4 program-independent - Enables filed-reconfigurability Though P4Runtime are great, but... --- - Missing - Configuration - Monitoring - Operations Enhanced Configuration --- - Configuration and Management - Declarative configuration - Streaming telemetry - Model-driven management and operations - gNMI - network management interafce - gNOI - network operations interface - Vendor-neutral data models > Google (seed code) + ONF (and community) = stratum Vision --- - Stratum supports multiple silicon products - Stratum runs on many platforms - Widely deployed in production SDN fabrics - Enables P4Runtime and OpenConfig in the industry  {%pdf https://www.opennetworking.org/wp-content/uploads/2019/08/Day1-Brian-OConnor-NG-SDN-Stratum.pdf %} {%pdf https://www.opennetworking.org/wp-content/uploads/2018/12/Stratum_-An-Overview.pdf %}  - Stratum Use Cases - Cloud SDN Fabric - CORD: 5G Mobile & More - Thick Switch/Router    Stratum Implementation Details --- - Implements P4Runtime, gNMI, and gNOI services - Controlled locally or remotely using gRPC - Written in C++11 - Runs as a Linux process in user space - Can be distributed with ONL - Built using Bazel Project Status --- - Reference platforms from 2 ASIC vendors and 6 platform vendors Getting Involved --- - https://github.com/stratum/stratum