--- # System prepended metadata title: 'CNTUG meetup #24' tags: [Meetup, Co-writing] --- ###### tags: `Meetup`、`Co-writing` # CNTUG meetup #24 [TOC] ## Session 1. OpenvSwitch 深入淺出 http://www.openvswitch.org/ ![](http://www.openvswitch.org/assets/featured-image.jpg) Openflow --- - Maintained by Open Networking Foundation (ONF) - The first standard communication interface defined network... Format --- - Rule (比對規則): Switch Port, Layer 2 Header, Layer 3 Header, Layer 4 Header - Action (比對到規則後要做的事) - Forward packet to ports - Encapsulate and forward to controller - Modify fields (修改 Header 任何欄位) - Normal Pipeline - Extension (現實環境可能有些狀況是 OpenFlow 預設沒有支援的,可以寫 Extension 來擴充功能) - Stats Open vSwitch --- - Need to prepare all flow rules - without linux kernel (mostly) - Openflow controller - Program your logic - CLI - Difficult to maintain all logics > OpenFlow Rule 雖然很漂亮,但是很難下,例如:在一般 Linux Kernel 底下,NAT 直接用 iptables 就可以完成,但是如果改用 OpenFlow Rule,就必須下一大堆 Rule (除了 ARP Rule 之外還必須修改 Src IP, Dst IP),增加管理上及實作上的複雜度。 Other funcations --- - Linux - Tunneling - GRE/VXLAN/GRE/STTNVGRE - iptables extension - nfqueue .. etc - 802.1q VLAN - Link Aggregation with/without LACP - QoS - Traffic Shaping - Socket Applications - VPN, other networking functions. > Linux Kernel (iptables) 能做到的功能比 Open vSwitch 還要多出很多,且Linux 社群比 Open vSwitch 社群還要龐大更多,因此建議根據使用情境,來決定是否採用 Open vSwitch 或是使用 Linux Kernel 就可以了。 Kuberbetes & OVS --- - Kubernetes & Networking - Pod communication - Pod to Pod - Pod to WAN - Service - ClusterIP - NodePort - Network Policy - Kubernetes 不實作,交給CNI - CNI Flannel - Linux Bridge - ARP Table - Routing Table - Iptables - Iptables - Challenge - Pod to Pod - Same Node - Different Node - Overlay? - Pod to WAN - NAT - Kube-proxy (service) - Monitor service object - Create/Update/Remove rules - Translate policy to OpenFlow rules and apply to all switches. - NetworkPolicy - Monitor network... - Projects - K-vswitch https://github.com/k-vswitch/k-vswitch ![](https://github.com/k-vswitch/k-vswitch/raw/master/docs/images/k-vswitch-overview-diagram.png) - SONA-CNI https://github.com/sonaproject/sona-cni https://wiki.onosproject.org/display/ONOS/SONA-CNI+Installation ![](https://wiki.onosproject.org/download/attachments/39814396/SONA-CNI-arch.png?version=1&modificationDate=1559538458700&api=v2) - Ovn-kubernetes - ...etc Why OVS? --- - Networking performance? - Open vSwitch + DPDK (Kernal Bypass) - Hardware offloading - Service Chain? - Similar to Service Mesh - Service Mesh 大多都是用 iptables 來完成,iptable rules 數量一大,效率就降低(因為需要一條條比對),且極難維護 - Rewrite packets header - Redirect packets within different Pods - Networking Traffic Monitor? - Latency - Counters > 複雜度大於好處,未必需要導入 Kubernetes Do I Need it? --- ### One - Learn how system works - Computing/Storage/Networking - Linux (將基本LINUX功夫學好,這些底層概念都可以帶著走) - Increase your value (你和其他人的價值差別在哪) - Don't rely on Framework or Tools - Helm/Operator framework ...etc - Never be the Yaml Engineer > Don't be YAML engineer! 不懂底下如何運作,只知道如何寫 YAML 就可以 work Q&A --- SR-IOV https://github.com/feiskyer/sdn-handbook/blob/master/linux/sr-iov.md ## Session 2. Stratum - 讓你擁有真正的SDN - Challenge: - Challenge: - Challenge: Handling Migration - Widespread, greenfield adoption of new technology is not feasible - Types of Migration - Need interfaces, models and operations to be consistent to allow incremental adoption along these axes - Wanted - New control interface with: - Abstraction for different types of switching chips - Well defined interfaces and behavior - Extensibility - Common models for configuation and monitoring - Common interafces for operations - Common platform abstraction - Open source switch stack P4 (Programming Protocol-indenpendent Packet Processors) --- https://p4.org/ - Domain-specific language to formally... - Example: https://github.com/p4lang/behavioral-model/blob/master/mininet/simple_router.p4 P4Runtime overview --- - API for runtime control of P4-defined switches - Community-developed (p4.org API WG) - Initial contribution by Google and Barefoot - RC of version 1.0 available: https://p4.org/specs/ - gRPC/protobuf-based API definition - P4 program-independent - Enables filed-reconfigurability Though P4Runtime are great, but... --- - Missing - Configuration - Monitoring - Operations Enhanced Configuration --- - Configuration and Management - Declarative configuration - Streaming telemetry - Model-driven management and operations - gNMI - network management interafce - gNOI - network operations interface - Vendor-neutral data models > Google (seed code) + ONF (and community) = stratum Vision --- - Stratum supports multiple silicon products - Stratum runs on many platforms - Widely deployed in production SDN fabrics - Enables P4Runtime and OpenConfig in the industry ![](https://i.imgur.com/Yx4m1dt.png) {%pdf https://www.opennetworking.org/wp-content/uploads/2019/08/Day1-Brian-OConnor-NG-SDN-Stratum.pdf %} {%pdf https://www.opennetworking.org/wp-content/uploads/2018/12/Stratum_-An-Overview.pdf %} ![](https://i.imgur.com/vNZ3Qc6.png) - Stratum Use Cases - Cloud SDN Fabric - CORD: 5G Mobile & More - Thick Switch/Router ![](https://i.imgur.com/fR52aQu.png) ![](https://i.imgur.com/5eCukQw.png) ![](https://i.imgur.com/LH1h4VU.png) Stratum Implementation Details --- - Implements P4Runtime, gNMI, and gNOI services - Controlled locally or remotely using gRPC - Written in C++11 - Runs as a Linux process in user space - Can be distributed with ONL - Built using Bazel Project Status --- - Reference platforms from 2 ASIC vendors and 6 platform vendors Getting Involved --- - https://github.com/stratum/stratum