Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Implementation Principle

Open vSwitch

The OVS software architecture consists of the kernel-mode datapath and user-mode vswitchd and ovsdb, as shown in Figure 1.

datapath is a kernel module responsible for data exchange. It reads data from the network port, quickly matches flow entries in the flow table, and directly forwards the data that is successfully matched or sends the data that fails to be matched to the vswitchd process for processing. The hook function is registered during OVS initialization and port binding to make the kernel module take over the packet processing on the port.

vswitchd is a daemon for OVS management and control. It saves configuration information to OVSDB through the UNIX socket and interacts with the kernel module through Netlink.

ovsdb is an OVS database that stores OVS configuration information.

In addition, OVS's release package contains a series of management tools, such as ovs-vsctl, ovs-dpctl, ovs-ofctl, ovs-appctl and ovs-docker, facilitating OVS's configuration and use.

Figure 1 OVS software architecture

In Figure 2, dotted lines show the direction of data packets in the Linux network protocol before OVS takes over network data. After receiving the data packets, physical NIC ports parse the packets layer by layer using the kernel protocol stack, exit the kernel mode, and transmits the data to the kernel mode.

After OVS creates a bridge and binds the physical NIC, the data flow is received from the port of the physical NIC, enters OVS through the vPort of OVS in kernel mode, and matches the flow table based on the key value of the data packets. If the matching is successful, the subsequent flow table action is executed. If the operation fails, upcall is performed and the packets are processed by vswitchd.

Figure 2 Principles of OVS

Calico

Calico consists of Felix, Confd, and BIRD, as shown in Figure 3.

  • Felix is a daemon that runs Calico nodes and functions as the endpoint of each node. It manages pod information on the current host, exchanges cluster pod information with the etcd service, and combines routing information and ACL policies.
  • Confd stores Calico configuration information generated by etcd and provides it for the Bird Internet Routing Daemon (BIRD) layer.
  • BIRD is a core component. BIRD in Calico refers to BIRD client and BIRD route reflector. BIRD proactively reads routing information configured by Felix on the local host and distributes routes in the data center through the Border Gateway Protocol (BGP).

In addition, the etcd component is a dependent component of Calico. You need to deploy the etcd service in the cluster in advance or reuse the etcd component of Kubernetes. Calico also provides the calicoctl management tool, which is used to confirm and configure the status of the Calico node.

Figure 3 Calico software architecture
Parent topic: Introduction