Ryu: Network Operating System

Kei Ohmura (NTT) <ohmura.kei@lab.ntt.co.jp> Isaku Yamahata (VA Linux) <yamahata@private.email.ne.jp> <yamahata@valinux.co.jp> Aug 29, 2012 http://osrg.github.com/ryu/

Outline

Introduction

How it works

Integration with OpenStack

Demo

Summary

2

Introduction

What is “Ryu”

流 (ryu)

means “flow” in Japanese

4

What is “Ryu”

流 (ryu)

means “flow” in Japanese

5 Host A

Host B

Packet

Network packet

“flow” Packet

What is “Ryu”

龍 (ryu)

means “Japanese dragon”, one of water gods

6 Host A

Host B

Packet

Network packet

“flow” Packet

What is “Ryu”

7 Host A

Host B

Packet

Network packet

“flow” Packet

龍 (ryu)

manages “flow” of water

What is “Ryu”

manages network

packet “flow”

8 Host A

Host B

Packet

Network packet

“flow” Packet

Ryu: network operating system

Open-sourced network operating system Network operating system

Logically centralized controller for managing thousands of network switches A platform for building network applications to manage switches

Open source software (Apache v2) Fully written in Python Project site: http://osrg.github.com/ryu/

9 Host A

Host B

Ryu

Packet

Packet

OpenFlow protocol

Our goals

De facto OSS network operating system A platform for building network applications

Well-defined API to implement network applications Provides useful applications and libraries Supports OpenFlow protocol to manage OpenFlow

switch and Open vSwitch

Standard network controller of cloud software (e.g. OpenStack)

Default Controller for feadora/debian/ubuntu

High quality enough for use in large production environment Code quality Functionality Usability

10

Features of Ryu

Generality Vendor-free network operating system

Interoperability testing with various OpenFlow switches

Supports not only OpenFlow protocol but also other useful protocols, if necessary

Supports various IaaS platforms Supports various IaaS platform such as

CloudStack and OpenStack in the future

11

Architecture overview

12

Network I/O

Openflow protocol Parser/serializer

API

app app

Open vSwitch

Openflow switch(*)

Open vSwitch

Operators

RESTful management API

Logically centralized controller ・Supports OpenFlow 1.0, 1.2

(including Nicira Extension)

Programmatic network control interface ・ We can implement

network control applications on top of the Ryu

Ryu network operating system

OpenFlow protocol

Current status and work items

OpenFlow protocol OF1.0 + Nicira extensions, OF1.1 (WIP), OF1.2, OF1.3 (WIP) OF-Config (not yet undertaken)

Ryu applications/libraries GRE tunneling VLAN support (WIP) MAC based segregation Topology discovery (WIP) HA support using Zookeeper (WIP)

Supports IaaS

Ryu plugin was merged into OpenStack Essex Quantum Updating patches for OpenStack Folsom release

Its release is planned at Sep 27th, 2012

Others Integration testing with Open vSwitch (OF1.0, OF1.2) Supports ovddb jsonrpc (WIP) 13

How it works

How to use

Install Ryu from pip

Install Ryu from the source code

Run sample application

15

$ git clone git://github.com/osrg/ryu.git $ cd ryu; sudo python ./setup.py install

$ ryu-manager yourapp.py

$ sudo pip install ryu

mac learning switch

Run mac learning switch application

16

Setup test environment with mininet(*), if you don‟t have OpenFlow switches. (*) http://openflow.org/mininet

$ ryu-manager ryu/app/simple_switch.py

Host A

Ryu

Host B

FlowTable

OpenFlow Switch

L1 port: 1 L1 port: 0

mac learning switch

Run mac learning switch application

17

$ ryu-manager ryu/app/simple_switch.py

Host A

Ryu

Host B

FlowTable

OpenFlow Switch

Ping the Host B

L1 port: 0 L1 port: 1

mac learning switch

Run mac learning switch application

18

$ ryu-manager ryu/app/simple_switch.py

Host A

Ryu

Host B

FlowTable

OpenFlow Switch

Flow table has no rule how to handle this ping packet.

L1 port: 1 L1 port: 0

mac learning switch

Run mac learning switch application

19

$ ryu-manager ryu/app/simple_switch.py

Host A

Ryu

Host B

FlowTable

OpenFlow Switch

Forwards the packet that encapsulated by the OpenFlow messages to the controller

L1 port: 1 L1 port: 0

mac learning switch

Run mac learning switch application

20

$ ryu-manager ryu/app/simple_switch.py

Host A

Ryu

Host B

FlowTable

OpenFlow Switch

Calls packet-in handler and installs the rule into the switch

Rule: {in_port: 0, dst_mac: HostB, actions: {Output: 1}}

L1 port: 1 L1 port: 0

mac learning switch

Run mac learning switch application

21

$ ryu-manager ryu/app/simple_switch.py

Host A

Ryu

Host B

FlowTable

OpenFlow Switch

L1 port: 1 L1 port: 0

(*) Strictly speaking, it‟s different from the code. If you are interested in it, please see the code.

Multiple controllers for high availability

Centralized controller is single point of failure (SPOF) To avoid SPOF, we have used Zookeeper(*) and multiple controllers feature of

OpenFlow Monitoring controllers by using Zookeeper to detect controller failure If the master controller is down, the slave controller sends the RoleRequest message to

the switch to change its role to the „master‟

22

Host A

Ryu (master)

Host B

FlowTable

OpenFlow Switch

Ryu (slave)

Zookeeper (*) http://zookeeper.apache.org/

Integration with OpenStack

OpenStack

Nova: cloud management system Nova compute node

Physical machine that runs guest VM instances

Nova network node Physical machine that runs networks gateway to the outside

network

Quantum: network management system Quantum server

Manages network configuration Nova requests quantum-server for network configuration

Quantum agent It runs on nova compute/network node

Quantum plugin Plugin for each network technology Ryu plugin

24

Integration with OpenStack

OpenStack Open source software for building

private and public clouds

What does Ryu bring to OpenStack? Flat L2 networks regardless of the

underlying physical network

Scalable multi-tenant isolations Ryu provides tunneling based isolations

VLAN doesn‟t scale larger than 4096

We don‟t need high-end switches

25

How Ryu works with OpenStack

26

Quantum db: [datapath id, Tunnel ip]

[network uuid, tunnel key]

Quantum-node: Somewhere where compute/network can communicate. Typically on network-node

Quantum Server

Vif driver Ryu agent OVS

Create Tap port

Create Tunnel port

linux_net driver OVS

Ryu db [in memory] [Tenant id, tunnel id]

[dpid, port, tenant id, mac addr] [dpid, port, remote_dpid]

Ryu-node: Somewhere where compute/network can communicate. Typically on network-node

Ryu

Ryu agent

Compute-node network-node

OpenFlow

REST API

DB Access Quantum API

Demo

Demo

Multiple controllers using Zookeeper (HA)

Ryu + OpenStack (GRE tunneling)

28

Ryu Demo (HA)

29

Host A

Ryu (master)

Host B

Open vSwitch

Zookeeper

Ryu (slave)

Failover

Ryu demo (GRE tunneling)

30 Linux(phyisical machine)

KVM

Linux

OVS

Qemu/KVM

ping

Linux

Qemu/KVM

ping

Linux

Nova compute

Quantum agent

bridge

KVM

Linux

OVS Nova compute

Quantum agent

GRE tunnel

KVM

Linux

OVS

Qemu/KVM

ping

Linux

Qemu/KVM

ping

Linux

Nova compute

Quantum agent

GRE tunnel

ryu

Quantum server

Nova network Openstack

servers

Qemu/KVM

ping

Linux

Qemu/KVM

ping

Linux

GRE tunnel

31

Tenant A VM 1

Tenant A VM 2

Tenant B VM 1

OVS 1

Host 1

Tenant A VM 3

Tenant B VM 2

Tenant B VM 3

OVS 2

Host 2

Tenant A VM 4

Tenant B VM 4

Tenant B VM 5

OVS 3

Host 3 GRE tunnel 1-3

GRE tunnel 1-2

GRE tunnel 2-3

Tenant A ID -> 1 Tenant B ID -> 2

Ryu demo (GRE tunneling)

Summary

Future items

Enrich applications and libraries Integration with Quantum IPAM and L3 API Firewall Virtual network to physical network, and vice

versa Convert among GRE key, VLAN tag, MPLS label, …

Enhance controller performance

Distributed controllers No single point of failure Datacenter-wide scalability

Multi-processing

33

Summary

Ryu is an open-sourced network operating system licensed under Apache License v2.

Site: http://osrg.github.com/ryu/

ML: ryu-devel@lists.sourceforge.net

Set up Ryu enviroment with VM images https://github.com/osrg/ryu/wiki/RYU-

OpenStack-environment-VM-image-file-HOWTO

34

Appendix

Block diagram of Ryu

36

Openflow protocol Parser/serializer

Event queue/dispatcher

RyuApp magement

HTTP server (WSGI)

Switch management/OFP event

REST API RyuApp

GREtunnel RyuApp

Discovery RyuApp VLAN

Storage Memory

...

Higher level event

GRE tunneling with OpenStack

Network Tenant creation GRE key assignment Gateway creation

Guest VM instance creation Port creation

tenant <-> key <-> port relationship

Setting flow to the VM port

Tunnel port management Tunnel port creation/deletion

Track physical compute node

Setting flow to the tunnel port

37

Ryu

OVS Ryu agent

Vif driver

Quantum server

OVS

Ryu agent

Vif driver

OVS Ryu agent

Vif driver

vport-gre: remote_ip=xxx, local_ip=yyy, key=0

Quantum db: (datapath id, Tunnel ip)

The Agent polls db: Create vport-gre Update port status

(tenant uuid, tunnel_id)

Ryu db (in memory) (Tenant id, tunnel id)

(dpid, port, tenant id, mac addr) (dpid, port, local_ip, remote_ip)

(tenant, tunnel)

vm port(dpid, tenant uuid, mac addr)

OVS Ryu agent

linux_net driver

Gw port(dpid, Tenant uuid, mac addr)

(tenant uuid, tunnel_id)

Linux_net driver creates gw ports

Vif driver creates vm port

Network id(uuid) creation/deletionq On vm creation: port uuid, mac address

Tunnel id

Dataflow VM Port: (dpid, Tenant uuid, mac addr) Tunnel port: (dpid, local_ip, remote_ip)

Ryu Quantum

server

OVS linux_net driver

Network Creation

Network-node

2. Create net 4. uuid

nova-network

1. create network

6. Create gw-xxx

7. (tenant_id, network_id, dpid, Port, mac)

3. Network uuid,Tunnel key

5.plug

8 (network_id, dpid, port, mac)

9. set flow entryies

Ryu Quantum

server

OVS vif driver

Instance Creation

compute-node

2. Create port 3. uuid

nova-compute

1. create instance

5. Create tap-xxx

7. (network_id, dpid, port, mac)

4.plug

6. (tenant_id, network_id, dpid, Port, mac) 8. set flow entryies

Ryu Quantum server

OVS

Node boot up

Compute/Network-node

Ryu agent

ryu_v2.ini

Quantum db

1. Get IP address

2. Register (dpid, ipaddress)

3. Get list of (dpid, ip address) (and polling)

4. Create vport-gre to ip address

5. register (dpid, port-id, remote_dpid)

Table 0 Table 1 Table 2

Src table Tunnel out Local out

VM port

match action

in_port src mac

set_tunnel goto table 1

in_port drop

match action

tunnel_id dst mac

output(tunnel) goto table 2

match action

tunnel_id dst mac

output(vm) tunnel_id goto table 2

tunnel_id drop Tunnel port in_port

tunnel_id goto table 2

in_port drop

OVS

VM1

VM2 GRE tunnel

tunnel port

VM port

In port

Flow Table Usage