In this article, I’ll highlight a practical case for customizing the Red Hat OpenShift software-defined network (SDN). To achieve this, I will identify the OpenShift-Ansible inventory parameters that configure different aspects of the OpenShift SDN, specifically the cluster, portal, and docker networks.
Why customize the SDN?
An important question I am often asked is: Why do you need to customize the SDN? Isn’t it completely internal? Users generally assume there is no need to customize the SDN because OpenShift’s SDN has no impact on networks outside the OpenShift cluster; therefore, IP conflicts should not be a concern. However, this is not always the case.
Continue reading “How to customize the Red Hat OpenShift 3.11 SDN”
After loads of email and IRC discussions, the Open Virtual Network (OVN) source code has been separated from the Open vSwitch (OVS) source code, and the two projects now operate independently. In this article, we’ll explain the reasons for separating OVN from OVS, the technical aspects of the split, and the upcoming challenges for the OVN project.
Continue reading “The clean break of Open Virtual Network from Open vSwitch”
Open vSwitch (OVS) can use the kernel datapath or the userspace datapath. There are interesting developments in the kernel datapath using hardware offloading through the TC Flower packet classifier, but in this article, the focus will be on the userspace datapath accelerated with the Data Plane Development Kit (DPDK) and its new feature—partial flow hardware offloading—to accelerate the virtual switch even more.
This article explains how the virtual switch worked before versus now and why the new feature can potentially save resources while improving the packet processing rate.
Continue reading “Speeding up Open vSwitch with partial hardware offloading”
OVN (Open Virtual Network) is a subcomponent of Open vSwitch (OVS). It allows for the expression of overlay networks by connecting logical routers and logical switches. Cloud providers and cloud management systems have been using OVS for many years as a performant method for creating and managing overlay networks.
Lately, OVN has come into its own because it is being used more in Red Hat products. The result has been an increased amount of scrutiny for real-world scenarios with OVN. This has resulted in new features being added to OVN. More importantly, this has led to tremendous changes to improve performance in OVN.
In this article, I will discuss two game-changing performance improvements that have been added to OVN in the past year, and I will discuss future changes that we may see in the coming year.
Continue reading “Performance improvements in OVN: Past and future”
Diving into XDP
In the first part of this series on XDP, I introduced XDP and discussed the simplest possible example. Let’s now try to do something less trivial, exploring some more-advanced eBPF features—maps—and some common pitfalls.
XDP is available in Red Hat Enterprise Linux 8, which you can download and run now.
Continue reading “Using eXpress Data Path (XDP) maps in RHEL 8: Part 2”
Open Virtual Network (OVN) is a subproject of Open vSwitch (OVS), a performant, programmable, multi-platform virtual switch. OVN adds to the OVS existing capabilities the support for overlay networks by introducing virtual network abstractions such as virtual switches and routers. Moreover, OVN provides native methods for setting up Access Control Lists (ACLs) and network services such as DHCP. Many Red Hat products, such as Red Hat OpenStack Platform and Red Hat Virtualization, are now using OVN, and Red Hat OpenShift Container Platform will be using OVN soon.
In this article, I’ll cover how OVN ARP/ND_NS actions work, the main limitations in the current implementation, and how to overcome those. First, I’ll provide a brief overview of OVN’s architecture to facilitate the discussion:
Continue reading “IP packet buffering in OVN”
XDP: From zero to 14 Mpps
In past years, the kernel community has been using different approaches in the quest for ever-increasing networking performance. While improvements have been measurable in several areas, a new wave of architecture-related security issues and related counter-measures has undone most of the gains, and purely in-kernel solutions for some packet-processing intensive workloads still lag behind the bypass solution, namely Data Plane Development Kit (DPDK), by almost an order of magnitude.
But the kernel community never sleeps (almost literally) and the holy grail of kernel-based networking performance has been found under the name of XDP: the eXpress Data Path. XDP is available in Red Hat Enterprise Linux 8, which you can download and run now.
Continue reading “Achieving high-performance, low-latency networking with XDP: Part I”
Networks are fun to work with, but often they are also a source of trouble. Network troubleshooting can be difficult, and reproducing the bad behavior that is happening in the field can be painful as well.
Luckily, there are some tools that come to the aid: network namespaces, virtual machines,
netfilter. Simple network setups can be reproduced with network namespaces and
veth devices, while more-complex setups require interconnecting virtual machines with a software bridge and using standard networking tools, like
tc, to simulate the bad behavior. If you have an issue with ICMP replies generated because an SSH server is down,
iptables -A INPUT -p tcp --dport 22 -j REJECT --reject-with icmp-host-unreachable in the correct namespace or VM can do the trick.
This article describes using eBPF (extended BPF), an extended version of the Berkeley Packet Filter, to troubleshoot complex network issues. eBPF is a fairly new technology and the project is still in an early stage, with documentation and the SDK not yet ready. But that should improve, especially with XDP (eXpress Data Path) being shipped in Red Hat Enterprise Linux 8, which you can download and run now.
Continue reading “Network debugging with eBPF (RHEL 8)”
In this article, I discuss external connectivity in Open Virtual Network (OVN), a subproject of Open vSwitch (OVS), using a distributed gateway router.
OVN provides external connectivity in two ways:
- A logical router with a distributed gateway port, which is referred to as a distributed gateway router in this article
- A logical gateway router
In this article, you will see how to create a distributed gateway router and an example of how it works.
Creating a distributed gateway router has some advantages over using a logical gateway router for the CMS (cloud management system):
- It is easier to create a distributed gateway router because the CMS doesn’t need to create a transit logical switch, which is needed for a logical gateway router.
- A distributed gateway router supports distributed north/south traffic, whereas the logical gateway router is centralized on a single gateway chassis.
- A distributed gateway router supports high availability.
Note: The CMS can be OpenStack, Red Hat OpenShift, Red Hat Virtualization, or any other system that manages a cloud.
Continue reading “How to create an Open Virtual Network distributed gateway router”
In part one of this series, we explored the dynamic IP address management (IPAM) capabilities of Open Virtual Network. We covered the
exclude_ips options on logical switches. We then saw how these options get applied to logical switch ports whose addresses have been set to the special “dynamic” value. OVN, a subproject of Open vSwitch, is used for virtual networking in a number of Red Hat products like Red Hat OpenStack Platform, Red Hat Virtualization, and Red Hat OpenShift Container Platform in a future release.
In this part, we’re going to explore some of the oversights and downsides in the feature, how those have been corrected, and what’s in store for OVN in future versions.
Continue reading “Dynamic IP address management in Open Virtual Network (OVN): Part Two”