summaryrefslogtreecommitdiff
path: root/WHY-OVS.rst
diff options
context:
space:
mode:
Diffstat (limited to 'WHY-OVS.rst')
-rw-r--r--WHY-OVS.rst131
1 files changed, 131 insertions, 0 deletions
diff --git a/WHY-OVS.rst b/WHY-OVS.rst
new file mode 100644
index 000000000..5cfd7213e
--- /dev/null
+++ b/WHY-OVS.rst
@@ -0,0 +1,131 @@
+..
+ Licensed under the Apache License, Version 2.0 (the "License"); you may
+ not use this file except in compliance with the License. You may obtain
+ a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ License for the specific language governing permissions and limitations
+ under the License.
+
+ Convention for heading levels in Open vSwitch documentation:
+
+ ======= Heading 0 (reserved for the title in a document)
+ ------- Heading 1
+ ~~~~~~~ Heading 2
+ +++++++ Heading 3
+ ''''''' Heading 4
+
+ Avoid deeper levels because they do not render well.
+
+=================
+Why Open vSwitch?
+=================
+
+Hypervisors need the ability to bridge traffic between VMs and with the outside
+world. On Linux-based hypervisors, this used to mean using the built-in L2
+switch (the Linux bridge), which is fast and reliable. So, it is reasonable to
+ask why Open vSwitch is used.
+
+The answer is that Open vSwitch is targeted at multi-server virtualization
+deployments, a landscape for which the previous stack is not well suited. These
+environments are often characterized by highly dynamic end-points, the
+maintenance of logical abstractions, and (sometimes) integration with or
+offloading to special purpose switching hardware.
+
+The following characteristics and design considerations help Open vSwitch cope
+with the above requirements.
+
+The mobility of state
+---------------------
+
+All network state associated with a network entity (say a virtual machine)
+should be easily identifiable and migratable between different hosts. This may
+include traditional "soft state" (such as an entry in an L2 learning table), L3
+forwarding state, policy routing state, ACLs, QoS policy, monitoring
+configuration (e.g. NetFlow, IPFIX, sFlow), etc.
+
+Open vSwitch has support for both configuring and migrating both slow
+(configuration) and fast network state between instances. For example, if a VM
+migrates between end-hosts, it is possible to not only migrate associated
+configuration (SPAN rules, ACLs, QoS) but any live network state (including,
+for example, existing state which may be difficult to reconstruct). Further,
+Open vSwitch state is typed and backed by a real data-model allowing for the
+development of structured automation systems.
+
+Responding to network dynamics
+------------------------------
+
+Virtual environments are often characterized by high-rates of change. VMs
+coming and going, VMs moving backwards and forwards in time, changes to the
+logical network environments, and so forth.
+
+Open vSwitch supports a number of features that allow a network control system
+to respond and adapt as the environment changes. This includes simple
+accounting and visibility support such as NetFlow, IPFIX, and sFlow. But
+perhaps more useful, Open vSwitch supports a network state database (OVSDB)
+that supports remote triggers. Therefore, a piece of orchestration software can
+"watch" various aspects of the network and respond if/when they change. This is
+used heavily today, for example, to respond to and track VM migrations.
+
+Open vSwitch also supports OpenFlow as a method of exporting remote access to
+control traffic. There are a number of uses for this including global network
+discovery through inspection of discovery or link-state traffic (e.g. LLDP,
+CDP, OSPF, etc.).
+
+Maintenance of logical tags
+----------------------------
+
+Distributed virtual switches (such as VMware vDS and Cisco's Nexus 1000V) often
+maintain logical context within the network through appending or manipulating
+tags in network packets. This can be used to uniquely identify a VM (in a
+manner resistant to hardware spoofing), or to hold some other context that is
+only relevant in the logical domain. Much of the problem of building a
+distributed virtual switch is to efficiently and correctly manage these tags.
+
+Open vSwitch includes multiple methods for specifying and maintaining tagging
+rules, all of which are accessible to a remote process for orchestration.
+Further, in many cases these tagging rules are stored in an optimized form so
+they don't have to be coupled with a heavyweight network device. This allows,
+for example, thousands of tagging or address remapping rules to be configured,
+changed, and migrated.
+
+In a similar vein, Open vSwitch supports a GRE implementation that can handle
+thousands of simultaneous GRE tunnels and supports remote configuration for
+tunnel creation, configuration, and tear-down. This, for example, can be used
+to connect private VM networks in different data centers.
+
+Hardware integration
+--------------------
+
+Open vSwitch's forwarding path (the in-kernel datapath) is designed to be
+amenable to "offloading" packet processing to hardware chipsets, whether housed
+in a classic hardware switch chassis or in an end-host NIC. This allows for the
+Open vSwitch control path to be able to both control a pure software
+implementation or a hardware switch.
+
+There are many ongoing efforts to port Open vSwitch to hardware chipsets. These
+include multiple merchant silicon chipsets (Broadcom and Marvell), as well as a
+number of vendor-specific platforms. (The PORTING file discusses how one would
+go about making such a port.)
+
+The advantage of hardware integration is not only performance within
+virtualized environments. If physical switches also expose the Open vSwitch
+control abstractions, both bare-metal and virtualized hosting environments can
+be managed using the same mechanism for automated network control.
+
+Summary
+-------
+
+In many ways, Open vSwitch targets a different point in the design space than
+previous hypervisor networking stacks, focusing on the need for automated and
+dynamic network control in large-scale Linux-based virtualization environments.
+
+The goal with Open vSwitch is to keep the in-kernel code as small as possible
+(as is necessary for performance) and to re-use existing subsystems when
+applicable (for example Open vSwitch uses the existing QoS stack). As of Linux
+3.3, Open vSwitch is included as a part of the kernel and packaging for the
+userspace utilities are available on most popular distributions.
View Lorry Controller Status