DOCSLIB.ORG

Open Vswitch Release 2.16.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Open Vswitch Release 2.16.0 Open vSwitch Release 2.16.0 Aug 16, 2021 Contents 1 Project 1 1.1 Community................................................1 1.2 Contributing...............................................1 1.3 Maintaining................................................1 1.4 Documentation..............................................2 1.5 Getting Help...............................................2 2 Getting Started 3 2.1 What Is Open vSwitch?.........................................4 2.1.1 Overview............................................4 2.1.2 What’s here?..........................................5 2.2 Why Open vSwitch?...........................................5 2.2.1 The mobility of state......................................6 2.2.2 Responding to network dynamics...............................6 2.2.3 Maintenance of logical tags...................................6 2.2.4 Hardware integration......................................6 2.2.5 Summary............................................7 2.3 Installing Open vSwitch.........................................7 2.3.1 Installation from Source....................................7 2.3.2 Installation from Packages................................... 50 2.3.3 Others.............................................. 58 3 Tutorials 63 3.1 OVS Faucet Tutorial........................................... 63 3.1.1 Setting Up OVS......................................... 63 3.1.2 Setting up Faucet........................................ 64 3.1.3 Overview............................................ 65 3.1.4 Switching............................................ 66 3.1.5 Routing............................................. 76 3.1.6 ACLs.............................................. 84 3.1.7 Finishing Up.......................................... 86 3.1.8 Further Directions........................................ 86 3.2 OVS IPsec Tutorial............................................ 86 3.2.1 Requirements.......................................... 86 3.2.2 Installing OVS and IPsec Packages............................... 87 3.2.3 Configuring IPsec tunnel.................................... 88 3.2.4 Troubleshooting......................................... 91 i 3.2.5 Bug Reporting......................................... 92 3.3 Open vSwitch Advanced Features.................................... 92 3.3.1 Getting Started......................................... 92 3.3.2 Using GDB........................................... 93 3.3.3 Motivation............................................ 94 3.3.4 Scenario............................................. 94 3.3.5 Setup.............................................. 95 3.3.6 Implementing Table 0: Admission control........................... 95 3.3.7 Testing Table 0......................................... 96 3.3.8 Implementing Table 1: VLAN Input Processing........................ 97 3.3.9 Testing Table 1......................................... 98 3.3.10 Implementing Table 2: MAC+VLAN Learning for Ingress Port................ 99 3.3.11 Testing Table 2......................................... 100 3.3.12 Implementing Table 3: Look Up Destination Port....................... 101 3.3.13 Testing Table 3......................................... 102 3.3.14 Implementing Table 4: Output Processing........................... 104 3.3.15 Testing Table 4......................................... 105 3.4 OVS Conntrack Tutorial......................................... 106 3.4.1 Definitions........................................... 106 3.4.2 Conntrack Related Fields.................................... 107 3.4.3 Sample Topology........................................ 108 3.4.4 Tool used to generate TCP segments.............................. 109 3.4.5 Matching TCP packets..................................... 109 3.4.6 Summary............................................ 113 4 How-to Guides 115 4.1 OVS................................................... 115 4.1.1 Open vSwitch with KVM.................................... 115 4.1.2 Encrypt Open vSwitch Tunnels with IPsec........................... 116 4.1.3 Open vSwitch with SELinux.................................. 119 4.1.4 Open vSwitch with Libvirt................................... 121 4.1.5 Open vSwitch with SSL.................................... 122 4.1.6 Using LISP tunneling...................................... 127 4.1.7 Connecting VMs Using Tunnels................................ 128 4.1.8 Connecting VMs Using Tunnels (Userspace)......................... 130 4.1.9 Isolating VM Traffic Using VLANs.............................. 134 4.1.10 Quality of Service (QoS) Rate Limiting............................ 136 4.1.11 How to Use the VTEP Emulator................................ 139 4.1.12 Monitoring VM Traffic Using sFlow.............................. 142 4.1.13 Using Open vSwitch with DPDK................................ 145 5 Deep Dive 183 5.1 OVS................................................... 183 5.1.1 Design Decisions In Open vSwitch............................... 183 5.1.2 Open vSwitch Datapath Development Guide.......................... 198 5.1.3 Fuzzing............................................. 202 5.1.4 Integration Guide for Centralized Control........................... 205 5.1.5 Porting Open vSwitch to New Software or Hardware..................... 208 5.1.6 OpenFlow Support in Open vSwitch.............................. 212 5.1.7 Bonding............................................. 216 5.1.8 Open vSwitch Networking Namespaces on Linux....................... 219 5.1.9 Scaling OVSDB Access With Relay.............................. 220 5.1.10 OVSDB Replication Implementation.............................. 221 5.1.11 DPDK Support......................................... 223 ii 5.1.12 OVS-on-Hyper-V Design.................................... 223 5.1.13 Language Bindings....................................... 230 5.1.14 Debugging with Record/Replay................................ 231 5.1.15 Testing............................................. 232 5.1.16 Tracing packets inside Open vSwitch.............................. 240 5.1.17 Userspace Datapath - TSO................................... 241 5.1.18 C IDL Compound Indexes................................... 243 5.1.19 Open vSwitch Extensions.................................... 246 6 Reference Guide 249 6.1 Man Pages................................................ 249 6.1.1 ovs-appctl............................................ 249 6.1.2 ovs-ctl.............................................. 253 6.1.3 ovs-l3ping............................................ 260 6.1.4 ovs-pki............................................. 262 6.1.5 ovs-sim............................................. 265 6.1.6 ovs-parse-backtrace....................................... 267 6.1.7 ovs-tcpdump.......................................... 267 6.1.8 ovs-tcpundump......................................... 268 6.1.9 ovs-test............................................. 269 6.1.10 ovs-vlan-test.......................................... 271 6.1.11 ovsdb-server........................................... 272 6.1.12 ovsdb.............................................. 280 6.1.13 ovsdb.............................................. 283 7 Open vSwitch Internals 295 7.1 Contributing to Open vSwitch...................................... 295 7.1.1 Submitting Patches....................................... 295 7.1.2 Backporting patches...................................... 301 7.1.3 Coding Style.......................................... 304 7.1.4 Windows Datapath Coding Style................................ 312 7.1.5 Documentation Style...................................... 315 7.1.6 Open vSwitch Library ABI Updates.............................. 321 7.2 Mailing Lists............................................... 322 7.2.1 ovs-announce.......................................... 322 7.2.2 ovs-discuss........................................... 323 7.2.3 ovs-dev............................................. 323 7.2.4 ovs-git.............................................. 323 7.2.5 ovs-build............................................ 323 7.2.6 bugs............................................... 323 7.2.7 security............................................. 323 7.3 Patchwork................................................ 323 7.3.1 git-pw.............................................. 323 7.3.2 pwclient............................................. 324 7.4 Release Process............................................. 324 7.4.1 Release Strategy........................................ 324 7.4.2 Release Numbering....................................... 325 7.4.3 Release Scheduling....................................... 325 7.4.4 How to Branch......................................... 326 7.4.5 How to Release......................................... 326 7.4.6 Contact............................................. 326 7.5 Reporting Bugs.............................................. 327 7.6 Security Process............................................. 327 7.6.1 What is a vulnerability?..................................... 328 iii 7.6.2 Step 1: Reception........................................ 328 7.6.3 Step 2: Assessment....................................... 328 7.6.4 Step 3a: Document....................................... 328 7.6.5 Step 3b: Fix........................................... 330 7.6.6 Step 4: Embargoed Disclosure................................. 330 7.6.7 Step 5: Public Disclosure.................................... 331 7.7 The Linux Foundation
Load more

Recommended publications
  • Practice Test Version 1.8 LPI 117-101: Practice Exam QUESTION NO: 1 CORRECT TEXT
    LPI 117-101 117-101 LPI 101 General Linux, Part I Practice Test Version 1.8 LPI 117-101: Practice Exam QUESTION NO: 1 CORRECT TEXT You suspect that a new ethernet card might be conflicting with another device. Which file should you check within the /proc tree to learn which IRQs are being used by which kernel drives? Answer: interrupts QUESTION NO: 2 How many SCSI ids for peripherals can SCSI-1 support? A. 5 B. 6 C. 7 D. 8 Answer: C Explanation: SCSI-1 support total 7 peripherals. There are several different types of SCSI devices. The original SCSI specification is commonly referred to as SCSI-1. The newer specification, SCSI-2, offers increased speed and performance, as well as new commands. Fast SCSI increases throughput to more than 10MB per second. Fast-Wide SCSI provides a wider data path and throughput of up to 40MB per second and up to 15 devices. There there are Ultra-SCSI and Ultra-Wide-SCSI QUESTION NO: 3 You need to install a fax server. Which type of fax/modem should you install to insure Linux compatibility? Test-King.com A. External Serial Fax/modem B. External USB Fax/modem C. Internal ISA Fax/modem D. Internal PCI Fax/modem Answer: A QUESTION NO: 4 You are running Linux 2.0.36 and you need to add a USB mouse to your system. Which of the following statements is true? "Welcome to Certification's Main Event" - www.test-king.com 2 LPI 117-101: Practice Exam A. You need to rebuild the kernel.
    [Show full text]
  • I.MX Linux® Reference Manual
    i.MX Linux® Reference Manual Document Number: IMXLXRM Rev. 1, 01/2017 i.MX Linux® Reference Manual, Rev. 1, 01/2017 2 NXP Semiconductors Contents Section number Title Page Chapter 1 About this Book 1.1 Audience....................................................................................................................................................................... 27 1.1.1 Conventions................................................................................................................................................... 27 1.1.2 Definitions, Acronyms, and Abbreviations....................................................................................................27 Chapter 2 Introduction 2.1 Overview.......................................................................................................................................................................31 2.1.1 Software Base................................................................................................................................................ 31 2.1.2 Features.......................................................................................................................................................... 31 Chapter 3 Machine-Specific Layer (MSL) 3.1 Introduction...................................................................................................................................................................37 3.2 Interrupts (Operation)..................................................................................................................................................
    [Show full text]
  • Intel FPGA Programmable Acceleration Card N3000
    Intel® Acceleration Stack User Guide Intel FPGA Programmable Acceleration Card N3000 Updated for Intel® Acceleration Stack for Intel® Xeon® CPU with FPGAs: 1.1 Subscribe UG-20244 | 2021.06.14 Send Feedback Latest document on the web: PDF | HTML Contents Contents 1. About this Document...................................................................................................... 4 1.1. Acronym List ........................................................................................................5 2. System Requirements..................................................................................................... 7 2.1. Cooling Requirements............................................................................................ 7 3. Hardware Installation................................................................................................... 11 3.1. Installing the Intel FPGA PAC N3000.......................................................................11 4. Installing the OPAE Software........................................................................................16 4.1. Install Additional Packages.................................................................................... 17 4.2. Install the Release Package................................................................................... 17 4.2.1. Remove Previous OPAE Packages............................................................... 18 4.2.2. Install the Acceleration Stack for Runtime..................................................
    [Show full text]
  • BSD UNIX Toolbox 1000+ Commands for Freebsd, Openbsd
    76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page i BSD UNIX® TOOLBOX 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iv BSD UNIX® Toolbox: 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD® Power Users Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-37603-4 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data is available from the publisher. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permis- sion should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
    [Show full text]
  • Hypervisor Based Password Security
    HyperPass: Hypervisor Based Password Security James "Murphy" McCauley, Radhika Mittal Abstract Phishing attacks: It has been shown that it is quite Passwords are the linchpin in the security of an increasing possible to fool users into divulging passwords and other number of online services – services that range from private data [11]. While some are quick to dismiss such social networking to business communication to banking. attacks as “user error”, phishing can be coupled with Given their importance, it is unfortunate that passwords network-based attacks or can incorporate techniques such are relatively easily stolen using a number of different as homograph domain names to create user experiences types of attack. We introduce HyperPass: an approach that are very difficult to differentiate from legitimate ones. and proof-of-concept system that aims to prevent some of Attacking hosts: By compromising a user’s machine, these attacks by moving passwords from a user’s normal passwords can be stolen directly in any of several operating environment into a secure hypervisor. Notably, ways, e.g., by examining HTTP post data, reading them this is done while maintaining compatibility with existing from browser password managers, or logging keystrokes. online services, applications, and operating systems. These techniques have been used by botnets (the Torpig botnet alone steals a password every second [30]) as well 1 Introduction as by off-the-shelf “spyware” which has even been pre- installed on rental computers [24]. While preventing Passwords are the linchpin of online security. Certainly, this sort of host compromise is an ongoing effort by both there are other major technologies involved in cyberse- industry and academia, it continues to be an elusive goal.
    [Show full text]
  • Oracle® Linux Virtualization Manager Getting Started Guide
    Oracle® Linux Virtualization Manager Getting Started Guide F25124-11 September 2021 Oracle Legal Notices Copyright © 2019, 2021 Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
    [Show full text]
  • Linux® 用户的freebsd 快速入门向导
    Linux® 用户的 FreeBSD 快速入门向导 John Ferrell 修订: db2a5c8513 版权 © 2008 The FreeBSD Documentation Project FreeBSD 是 FreeBSD 基金会的注册商标 Linux 是 Linus Torvalds 的注册商标。 Intel, Celeron, Centrino, Core, EtherExpress, i386, i486, Itanium, Pentium, 和 Xeon 是 Intel Corporation 及其分支机构在美国和其他国家的商标或注册商标。 Red Hat, RPM, 是 Red Hat, Inc. 在美国和其他国家的注册商标。 UNIX是 Open Group 在美国和其它国家的注册商标。 许多制造商和经销商使用一些称为商标的图案或文字设计来彰显自己的产品。 本文档中 出现的, 为 FreeBSD Project 所知晓的商标,后面将以 “™” 或 “®” 符号来标注。 2020-12-24 01:34:44 +0000 由 Guangyuan Yang. 摘要 本文档旨在快速使那些高级 Linux® 用户熟悉FreeBSD的一些基础知识。 目录 1. 简介 ...................................................................................................................................... 1 2. Shell程序:没有Bash吗? ......................................................................................................... 1 3. Packages和Ports:在 FreeBSD 中添加软件 ................................................................................... 2 4. 系统启动:运行级别在哪里? ................................................................................................... 3 5. 网络配置 ............................................................................................................................... 4 6. 防火墙 .................................................................................................................................. 4 7. 升级 FreeBSD .......................................................................................................................... 5 8. procfs:已是过去式但仍未被遗忘 ...........................................................................................
    [Show full text]
  • Circuit‐Based Logical Layer 2 Bridging in Software‐Defined Data Center Networking
    Received: 2 November 2018 Revised: 3 May 2019 Accepted: 13 July 2019 DOI: 10.1002/dac.4128 RESEARCH ARTICLE Circuit‐based logical layer 2 bridging in software‐defined data center networking Yao‐Chun Wang | Ying‐Dar Lin Computer Science, National Chiao Tung Summary University, Hsinchu, Taiwan With the expansion of the size of data centers, software‐defined networking Correspondence (SDN) is becoming a trend for simplifying the data center network manage- Yao‐Chun Wang, Computer Science, National Chiao Tung University, Hsinchu, ment with central and flexible flow control. To achieve L2 abstractions in a Taiwan. multitenant cloud, Open vSwitch (OVS) is commonly used to build overlay Email: [email protected] tunnels (eg, Virtual eXtensible Local Area Network [VXLAN]) on top of existing underlying networks. However, the poor VXLAN performance of OVS is of huge concern. Instead of solving the performance issues of OVS, in this paper, we proposed a circuit‐based logical layer 2 bridging mechanism (CBL2), which builds label‐switched circuits and performs data‐plane multicasting in a software‐defined leaf‐spine fabric to achieve scalable L2 without overlay tunneling. Our evaluations indicate that direct transmission in OVS improves throughput performance by 58% compared with VXLAN tunneling, and data‐ plane multicasting for ARP reduces address resolution latency from 149 to 0.5 ms, compared with control‐plane broadcast forwarding. The evaluation results also show that CBL2 provides 0.6, 0.4, and 11‐ms protection switching time, respectively, in the presence of switch failure, link failure, and port shutdown in practical deployment. KEYWORDS cloud, datacenter, layer 2, multitenancy, network virtualization, OpenFlow, SDN 1 | INTRODUCTION Infrastructure‐as‐a‐Service (IaaS)1 providers enable enterprise customers (who are also called tenants) to obtain flex- ible and on‐demand virtualized infrastructures, by using virtualization technologies that share the computing resources (eg, servers, storages, and networks) in a data center.
    [Show full text]
  • QEMU Version 4.2.0 User Documentation I
    QEMU version 4.2.0 User Documentation i Table of Contents 1 Introduction ::::::::::::::::::::::::::::::::::::: 1 1.1 Features :::::::::::::::::::::::::::::::::::::::::::::::::::::::: 1 2 QEMU PC System emulator ::::::::::::::::::: 2 2.1 Introduction :::::::::::::::::::::::::::::::::::::::::::::::::::: 2 2.2 Quick Start::::::::::::::::::::::::::::::::::::::::::::::::::::: 2 2.3 Invocation :::::::::::::::::::::::::::::::::::::::::::::::::::::: 3 2.3.1 Standard options :::::::::::::::::::::::::::::::::::::::::: 3 2.3.2 Block device options :::::::::::::::::::::::::::::::::::::: 12 2.3.3 USB options:::::::::::::::::::::::::::::::::::::::::::::: 23 2.3.4 Display options ::::::::::::::::::::::::::::::::::::::::::: 23 2.3.5 i386 target only::::::::::::::::::::::::::::::::::::::::::: 30 2.3.6 Network options :::::::::::::::::::::::::::::::::::::::::: 31 2.3.7 Character device options:::::::::::::::::::::::::::::::::: 38 2.3.8 Bluetooth(R) options ::::::::::::::::::::::::::::::::::::: 42 2.3.9 TPM device options :::::::::::::::::::::::::::::::::::::: 43 2.3.10 Linux/Multiboot boot specific ::::::::::::::::::::::::::: 44 2.3.11 Debug/Expert options ::::::::::::::::::::::::::::::::::: 45 2.3.12 Generic object creation :::::::::::::::::::::::::::::::::: 54 2.3.13 Device URL Syntax ::::::::::::::::::::::::::::::::::::: 66 2.4 Keys in the graphical frontends :::::::::::::::::::::::::::::::: 69 2.5 Keys in the character backend multiplexer ::::::::::::::::::::: 69 2.6 QEMU Monitor ::::::::::::::::::::::::::::::::::::::::::::::: 70 2.6.1 Commands :::::::::::::::::::::::::::::::::::::::::::::::
    [Show full text]
  • Neutron Integration
    oVirt – Neutron Integration July 2013 Mike Kolesnik 1/49 Agenda oVirt network configuration Neutron overview Integration benefits External providers Neutron as an external provider Under the hook Future work 2/49 oVirt Network Configuration 3/49 Network View Network - a logical entity that represents a layer 2 broadcast domain Defined within the scope of a data center 4/49 Adding a New Network Give it a name Define the network properties (VLAN, MTU, VM/Non-VM) 5/49 Adding a New Network Make the network available in the selected clusters. 6/49 Host Level Configuration Optional vs. required networks Host level configuration: 7/49 Adding Network to a vNIC 8/49 Supported Configuration - Linux Bridge 1 .. N 1 .. N VM VM VM VM SW Bridge SW Bridge SW Bridge VLAN VLAN VLAN bond NIC NIC 9/49 Neutron Overview 10/49 OpenStack Networking - Neutron Neutron provides network connectivity-as-a- service It offers a plug-in architecture designed to support various network technologies through vendor specific plug-ins and API extensions Exposes REST API for accessing the service Available plugins: Linux Bridge, OVS, Cisco Nexus, NVP, Ryu, NEC, etc... 11/49 Neutron high level architecture Neutron API Neutron Plugin - Create network - Create network . Compute nodes API clients . configured according to - Create Port - Create Port selected plugin, by either: * Agent at each node * External network controller (e.g. UCSM) API extensions DB API + plugin = Neutron service Compute nodes 12/49 Integration Benefits Add support in oVirt for the various network technologies provided via Neutron plugins Leverage L3 services modeled in Neutron Enjoy both worlds: Neutron for managing VM networks oVirt for managing infrastructure networks (Migration network, storage network etc.) Neutron networks are exposed side by side with oVirt networks which allows the user to use oVirt mature implementation for network configuration 13/49 Integration bits 14/49 External Providers An external product that can be used to provide resources for oVirt Resources that can be provided: hosts, networks, etc.
    [Show full text]
  • Flexible, Software-Defined Networking Infrastructure
    Flexible, software-defined networking infrastructure Red Hat Enterprise Linux enabling the clouds Clouds Need Red Hat Enterprise Linux Rashid Khan Russell Bryant Networking Services Office of Technology Wednesday, May 03, 2017 #redhat #rhsummit OS Matters Red Hat Enterprise Linux Enables, Empowers, Excels, Enterprise Cloud Red Hat Enterprise Linux (RHEL) #redhat #rhsummit OS Matters ! Core operating system needs support ● Evaluation of patches regarding stability and ● Dedicated to RHEL impact (Hardening) ○ ~700 Developers ● Single point of support (no tennis match of bugs) ○ ~ 400 QA ● Minimizes downtime with balance of stability and security (CVE) ● In addition ○ Layered products Guarantee of API and ABI ■ Developers ● Applications will work after minor upgrades ■ QA ● 3rd party kernel modules under kabi program will ○ Support Services continue work ○ ~14,000 people ready to ● Synchronization of user space with kernel ensure your success features ○ ● Somethings like HW Integration with layered products, and Ansible, and a acceleration cannot be done whole portfolio of products without the OS! #redhat #rhsummit Network Security, Isolation, Tunnels Security and Isolation For Multi-tenancy, Fairness, Enterprise readiness ● Robust Firewalling ○ Connection Tracking with NAT in OVS ○ NetFilter ● Network Namespaces ● L2 Security via MACsec ● L3 Security via IPsec #redhat #rhsummit Tunnels and Isolation ● VLANs (limited identifiers) ● VXLAN with HW offload with IPv6 also ● Geneve (more flexible) ● QinQ 802.1ad (great results) C C C C C V C
    [Show full text]
  • White Box Networking in Remote and Branch Offices
    White Box Networking in Remote and Branch Offices WHITEPAPER White Box Networking in Remote and Branch Offices With hundreds or thousands of locations to be connected, managing network services in remote or branch offices can be a significant challenge. Network services support everything from internal and guest Wi-Fi to Internet access, internal data networking, VoIP phones and video. All of these services have to be delivered and managed in a cost-effective way, but many solutions require rolling an IT truck to each location (prohibitively expensive) or adopting expensive proprietary hardware along with onerous support contracts. Pica8 offers a different solution – white box switches and networking software that support all the features a branch office needs with remote management, but without the high cost and without vendor lock-in. This paper describes Pica8’s approach to remote and branch office networking. Remote and Branch Office Networking Challenges Branch office networks have several common elements. Branches are hundreds or thousands of miles away from the corporate headquarters, and there are typically no trained IT people on site in each branch. Rather, these networks are centrally controlled and administered from the corporate data center. Recognizing the need for trouble-free, centrally-managed networking infrastructure many years ago, branch office equipment vendors built proprietary, fully-integrated systems to handle networking chores. The problem with this approach is that entrenched vendors with proprietary hardware/software architectures demand high costs as they extend their contracts with locked-in enterprise customers. In addition, full-service 24x7 solution support (hardware, software, interoperability and applications) adds to the cost, exacting the steepest possible pricing from enterprise customers.
    [Show full text]