Packet flow on openstack

Aug 31, 2020Download as PPTX, PDF0 likes440 views

The document describes the packet flow for a compute node in OpenStack. It outlines 7 steps for the packet flow within the compute node, including the instance tap interface forwarding to the Linux bridge, security group rules handling on the bridge, and tagging by Open vSwitch bridges. It then describes 4 steps for the physical network infrastructure, including VLAN tag handling by switches and routing by a router between the provider and external networks.

Packet flow on Compute
The following steps involve compute node .
1. The instance 1 tap interface (1) forwards the packet to the Linux bridge qbr. The packet contains destination MAC
address TG because the destination resides on another network.
2. Security group rules (2) on the Linux bridge qbr handle firewalling and state tracking for the packet.
3. The Linux bridge qbr forwards the packet to the Open vSwitch integration bridge br-int.
4. The Open vSwitch integration bridge br-int adds the internal tag for the provider network.
5. The Open vSwitch integration bridge br-int forwards the packet to the Open vSwitch provider bridge br-provider.
6. The Open vSwitch provider bridge br-provider replaces the internal tag with the actual VLAN tag (segmentation ID)
of the provider network.
7. The Open vSwitch provider bridge br-provider forwards the packet to the physical network via the provider network
interface.
.

Physical N/W Infra
The following steps involve the physical network infrastructure:
1.A switch (3) handles any VLAN tag operations between
provider network 1 and the router (4).
2.A router (4) routes the packet from provider network 1 to the
external network.
3.A switch (3) handles any VLAN tag operations between the
router (4) and the external network.
4.A switch (3) forwards the packet to the external network

Abbrevations :-
- qvo: veth pair openvswitch side
- qvb: veth pair bridge side
- qbr: bridge
• Tap InterfaceQBRBR-INT-----OVS-TAGGING--OVS-BR-Provider
Physical NIC via provider N/w Interface.
• BR-INT add internal tag for provider network.
• OVS-BR-Provider replace OVS tag with VLAN Tag

Packet walk@compute :-
•To find the tap interface associated to this VM NIC, the only way that i know is by using
classic Libvirt virsh command on that particular VM instance.
•From the previous step, we know that the VM instance id is “instance-0000000”
compute01# virsh dumpxml instance-00000003 | egrep "mac|tap" <mac
address='fa:16:3e:3b:53:26'/> <target dev='tapf7eae624-34'/>
•First, we know that VM is connected to the host via TAP interface. This TAP interface will be
used to send the outgoing traffic from the VM. So, we need to find which TAP interface is
connected to this VM.
OK, now we know that VM “c-private” is connected via tapf7eae624-34.
According to the compute node network diagram in the beginning of this slide, this TAP interface
should be connected to a linux bride first for firewall policy and/or QoS policy implementation
before actually connected to Openvswitch.

Let’s check linux bridge table on compute:-
The above output shows “tapf7eae624-34” is connected to a linux bridge name qbrf7eae624-
34 and this qbrf7eae624-34 bridge has another virtual interface named qvbf7eae624-34.

Now, we check openvswitch configuration
and check how this tap interface is connected

• What can we get from above output
• virtual interface qvof7eae624-34 is connected to openvswitch br-int bridge
and have internal tag=2 assigned by OVS.
• after that, the packet will be forwarded to br-tun bridge via patch interface.
• This means, untagged packet coming from the VM is received
via *qvof7eae624-34 and then sent out to to br-tun bridge with additional
internal tag.

Useful OVS Commands :-
• dump the mac address table on the compute node ovs :-
ovs-appctl fdb/show br-tun
• list the ovs port : ovs-ofctl show br-tun
• OVS flow table: ovs-ofctl dump-flows br-tun

The document discusses distributed virtual routers (DVR) in OpenStack Neutron. It describes the high-level architecture of DVR, which distributes routing functions from network nodes to compute nodes to improve performance and scalability compared to legacy centralized routing. Key aspects covered include east-west and north-south routing mechanisms, configuration, agent operation modes, database extensions, scheduling, and support for services. Plans are outlined for enhancing DVR in upcoming OpenStack releases.

[2018] 오픈스택 5년 운영의 경험NHN FORWARD

Open vSwitch 패킷 처리 구조Seung-Hoon Baek

Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf

We present a new open source project which provides IPv6 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.

Deploying IPv6 on OpenStackVietnam Open Infrastructure User Group

This document discusses deploying IPv6 on OpenStack. It provides an overview of IPv6, including that IPv6 addresses the shortage of IPv4 addresses by providing a vastly larger 128-bit address space. It describes IPv6 address types and allocation methods. It also discusses IPv6 configuration modes in OpenStack, including stateless address autoconfiguration (SLAAC) and DHCPv6 stateless and stateful modes. Additionally, it covers deployment options for IPv6 on OpenStack like dual stack, NAT64/DNS64, and network tunnels. It provides details on IPv6 address and router advertisement configuration in OpenStack.

OVN - Basics and deep diveTrinath Somanchi

OVN provides virtual networking capabilities for Open vSwitch including logical switches, routers, security groups, and ACLs. It uses OVSDB to configure OVN components and provides native integration with OpenStack Neutron. OVN's architecture includes a northbound database for logical network definitions, a southbound database for physical mappings, and daemons like ovn-northd and ovn-controller that translate between the databases.

MP BGP-EVPN 실전기술-1편(개념잡기)JuHwan Lee

OpenStack Neutron IPv6 LessonsAkihiro Motoki

Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Vietnam Open Infrastructure User Group

This document discusses upgrading an Openstack network to SDN with Tungsten Fabric. It evaluates three solutions: 1) using the same database across regions, 2) hot-swapping Open vSwitch and virtual routers, and 3) using an ML2 plugin. The recommended solution is #3 as it provides minimum downtime. Key steps include installing the OpenContrail driver, synchronizing network resources between Openstack and Tungsten, and live migrating VMs. Topology 2 is also recommended as it requires minimum changes. The upgrade migrated 80 VMs and 16 compute nodes to the SDN network without downtime. Issues discussed include synchronizing resources and migrating VMs between Open vSwitch and virtual routers.

Modular Layer 2 In OpenStack Neutronmestery

Open vSwitch IntroductionHungWei Chiu

Introduce the basic concept of Open vSwitch. In this slide, we talked about how Linux kernel and networking stack worked together to forward and process the network packet and also compare those Linux networking stack functionality with Open vSwitch and Openflow. At the end of this slide, we talk about the challenge to integrate the Open vSwitch with Kubernetes, what kind of the networking function we need to resolve and what is the benefit we can get from the Open Vswitch.

Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Thomas Graf

Open vSwitch (OVS) has long been a critical component of the Neutron's reference implementation, offering reliable and flexible virtual switching for cloud environments. Being an early adopter of the OVS technology, Neutron's reference implementation made some compromises to stay within the early, stable featureset OVS exposed. In particular, Security Groups (SG) have been so far implemented by leveraging hybrid Linux Bridging and IPTables, which come at a significant performance overhead. However, thanks to recent developments and ongoing improvements within the OVS community, we are now able to implement feature-complete security groups directly within OVS. In this talk we will summarize the existing Security Groups implementation in Neutron and compare its performance with the Open vSwitch-only approach. We hope this analysis will form the foundation of future improvements to the Neutron Open vSwitch reference design.

OpenStack NetworkingOpenStack Korea Community

OpenStack NetworkingIlya Shakhat

Openstack Neutron, interconnections with BGP/MPLS VPNsThomas Morin

This document discusses the Openstack Neutron networking-bgpvpn project, which provides a Neutron API and service plugin that allows tenants to interconnect their Openstack networks and routers with BGP/MPLS VPNs. The API exposes constructs like BGPVPNs, network associations, and router associations. It works with drivers for Neutron/OVS, OpenDaylight, OpenContrail, and others. The goal is to provide a common way for tenants to control interconnections in a controller-agnostic manner. The project is part of Openstack and OPNFV, and provides a model for integrating telco functionality into Openstack.

Vxlan deep dive session rev0.5 finalKwonSun Bae

VXLAN is a protocol that allows large numbers of virtual LANs to be overlaid on a physical network by encapsulating Ethernet frames within UDP packets and transporting them over an IP network. It addresses the scalability limitations of VLANs in large multi-tenant cloud environments by using a 24-bit segment ID rather than a 12-bit VLAN ID. The document provides an overview of VXLAN, why it is used, key concepts like VTEPs and VNIs, and demonstrations of VXLAN configuration on Cisco and Arista switches.

OpenStack networking (Neutron) CREATE-NET

VLANs in the Linux KernelKernel TLV

Issues of OpenStack multi-region modeJoe Huang

This document discusses issues with running OpenStack in a multi-region mode and proposes Tricircle as a solution. It notes that in a multi-region OpenStack deployment, each region runs independently with separate instances of services like Nova, Cinder, Neutron, etc. Tricircle aims to integrate multiple OpenStack regions into a unified cloud by acting as a central API gateway and providing global views and replication of resources, tenants, and metering data across regions. It discusses how Tricircle could address issues around networking, quotas, resource utilization monitoring and more in a multi-region OpenStack deployment.

NSX-T Architecture and Components.pptxAtif Raees

NSX-T Data Center uses a distributed architecture with separate management, control, and data planes. The management plane includes the NSX Manager cluster for storing configurations. The control plane includes the NSX Controller for maintaining and propagating states. The data plane forwards traffic on various endpoints like ESXi hosts, NSX Edges, and bare metal servers. Logical switching uses overlay networking to connect virtual machines, while logical routing provides east-west and north-south routing between logical networks and physical infrastructure.

Open vSwitch Offload: Conntrack and the Upstream KernelNetronome

Offloading all or part of the Open vSwitch datapath to SmartNICs has been shown to not only release CPU resources on the server, but improve traffic processing performance. Recently steps have been made to support such offloading in the upstream Linux kernel. This has focused on creating an OVS datapath using the TC flower filter and utilizing the offload hooks already present here. This presentation focuses on how Connection Tracking (Conntrack) may fit into this model. It describes current work being undertaken with the Netfilter community to allow offloading of Conntrack entries. It continues to link this work with the offloading of Conntrack rules within OVS-TC.

[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi

Understanding Open vSwitch YongKi Kim

오픈스택 기반 클라우드 서비스 구축 방안 및 사례SONG INSEOB

EBPF and Linux NetworkingPLUMgrid

In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.

Kolla talk at OpenStack Summit 2017 in SydneyVikram G Hosakote

The Basic Introduction of Open vSwitchTe-Yen Liu

This document provides an overview of Open vSwitch, including what it is, its main components, features, and how it can be used to build virtual network topologies. Open vSwitch is a software-defined networking switch that can be used to create virtual networks and handle network traffic between virtual machines and tunnels. It uses a distributed database, ovsdb-server, and a userspace daemon, ovs-vswitchd, to implement features like virtual switching, tunneling protocols, and OpenFlow support. Examples are provided for using Open vSwitch with KVM virtual machines and GRE tunnels to create virtual network topologies.

OpenStack sdnAdrián Norte Fernández

This document discusses OpenStack SDN using Neutron and GRE tunneling. It explains that Neutron provides networking as a service and uses plugins like ml2 with Open vSwitch for SDN. GRE tunneling is used to encapsulate VM traffic between compute and network nodes. Network namespaces are used to create isolated virtual routers and DHCP servers without collisions on each node. The packet flow between an external network, routers, bridges and a VM is outlined.

10 sdn-vir-6upSachin Siddappa

This document discusses network virtualization and its history. It provides the following key points: 1) Network virtualization aims to decouple virtual networks from physical infrastructure through techniques like tunneling and encapsulation, allowing independent address spaces and topologies. 2) Early work included overlay networks for deployment and experimentation. Virtualization is now used in data centers to isolate tenant traffic and connect virtual machines across sites. 3) The OpenVirteX project aims to advance network virtualization by exposing the entire physical topology to virtual network controllers and allowing independent address spaces and topologies through header rewriting. This would provide more flexibility than existing solutions.

More Related Content

What's hot (20)

OpenStack Neutron IPv6 LessonsAkihiro Motoki

Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Vietnam Open Infrastructure User Group

Modular Layer 2 In OpenStack Neutronmestery

Open vSwitch IntroductionHungWei Chiu

Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Thomas Graf

OpenStack NetworkingOpenStack Korea Community

OpenStack NetworkingIlya Shakhat

Openstack Neutron, interconnections with BGP/MPLS VPNsThomas Morin

Vxlan deep dive session rev0.5 finalKwonSun Bae

OpenStack networking (Neutron) CREATE-NET

VLANs in the Linux KernelKernel TLV

Issues of OpenStack multi-region modeJoe Huang

NSX-T Architecture and Components.pptxAtif Raees

Open vSwitch Offload: Conntrack and the Upstream KernelNetronome

[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi

Understanding Open vSwitch YongKi Kim

오픈스택 기반 클라우드 서비스 구축 방안 및 사례SONG INSEOB

EBPF and Linux NetworkingPLUMgrid

Kolla talk at OpenStack Summit 2017 in SydneyVikram G Hosakote

The Basic Introduction of Open vSwitchTe-Yen Liu

OpenStack Neutron IPv6 LessonsAkihiro Motoki

Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Vietnam Open Infrastructure User Group

Modular Layer 2 In OpenStack Neutronmestery

Open vSwitch IntroductionHungWei Chiu

Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Thomas Graf

OpenStack NetworkingOpenStack Korea Community

OpenStack NetworkingIlya Shakhat

Openstack Neutron, interconnections with BGP/MPLS VPNsThomas Morin

Vxlan deep dive session rev0.5 finalKwonSun Bae

OpenStack networking (Neutron) CREATE-NET

VLANs in the Linux KernelKernel TLV

Issues of OpenStack multi-region modeJoe Huang

NSX-T Architecture and Components.pptxAtif Raees

Open vSwitch Offload: Conntrack and the Upstream KernelNetronome

[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi

Understanding Open vSwitch YongKi Kim

오픈스택 기반 클라우드 서비스 구축 방안 및 사례SONG INSEOB

EBPF and Linux NetworkingPLUMgrid

Kolla talk at OpenStack Summit 2017 in SydneyVikram G Hosakote

The Basic Introduction of Open vSwitchTe-Yen Liu

Similar to Packet flow on openstack (20)

OpenStack sdnAdrián Norte Fernández

10 sdn-vir-6upSachin Siddappa

Packet switchingSabyasachi Upadhyay

The document discusses packet switching and computer networks. It describes how packet switches enable packets to travel between hosts even without a direct connection by using buffers and queues. It explains the two main approaches to packet switching - connectionless datagram switching which uses destination addresses, and connection-oriented virtual circuit switching which establishes connections using labels. The key aspects of each approach like forwarding tables, signaling process, and connection setup and teardown are outlined.

#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015Dmitri Kalintsev

The document provides an overview of troubleshooting methodology for VMware NSX. It discusses that NSX implements logical switching and routing services on top of an IP transport network. The key things to check when troubleshooting include validating the IP transport connectivity using tools like ping, and examining the VTEP tables and MAC tables on the NSX controller and hosts for a given virtual network identifier (VNI) to understand virtual machine connectivity and forwarding. An example is provided where pinging between VMs populates the MAC tables on hosts, demonstrating how NSX forwarding works based on these tables.

Floodlight OpenFlow DDoSYoav Francis

This document summarizes a research project exploring DDoS vulnerabilities in OpenFlow controllers. The researchers aimed to test if an OpenFlow controller could be overwhelmed by a flood of packet-in messages from switches. They found that the Floodlight controller's performance degraded significantly under high packet-in loads. They also demonstrated a way to generate packet-in events from endpoint hosts using specially crafted ARP packets, allowing them to deny network service. The research highlights security issues in current SDN implementations and the need for mechanisms like rate limiting and anomaly detection to mitigate DDoS risks.

nested-kvmsethuraman ramanathan

This document discusses Contrail 3.0.2 cloud solution with nested KVM virtual machines. It begins with an overview of data center orchestration with OpenStack and Contrail. It then covers overlay networking using MPLS over GRE and MPLS over UDP tunnels. The document demonstrates how to create nested KVM virtualization and shows routes and packet forwarding between nested virtual machines and physical hosts. It provides commands to view routes, tunnels, and trace packets between nested and physical systems.

Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub

"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes

Proof of Transit: Securely Verifying a Path or Service ChainFrank Brockners

1) The document proposes methods for securely verifying that network traffic follows the intended service chain or path using "proof of transit" techniques. 2) It describes using Shamir's secret sharing scheme to distribute secret shares to each service function, which then cumulatively update a value to validate the correct path at a verifier. 3) Implementations in VPP and IOS are shown as proofs of concept, with the verification managed by an OpenDaylight controller application.

Docker networking basics & coupling with Software Defined NetworksAdrien Blind

This presentation reminds Docker networking, exposes Software Defined Network basic paradigms, and then proposes a mixed-up implementation taking benefits of a coupled use of these two technologies. Implementation model proposed could be a good starting point to create multi-tenant PaaS platforms. As a bonus, OpenStack Neutron internal design is presented. You can also have a look on our previous presentation related to enterprise patterns for Docker: http://fr.slideshare.net/ArnaudMAZIN/docker-meetup-paris-enterprise-docker

Understanding network and service virtualizationSDN Hub

This document discusses network and service virtualization technologies. It begins with an overview of challenges with current network architectures and how virtualization addresses them. It then covers three key trends: 1) network virtualization using SDN to program networks dynamically, 2) service virtualization using NFV to virtualize network functions, and 3) new infrastructure tools like Open vSwitch, OpenDaylight, and Docker networking. Finally, it discusses approaches to deploying network and service virtualization and provides a vendor landscape.

Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingAdam Johnson

Meetup docker using software defined networksOCTO Technology

Docker networking by default isolates containers but allows communication through exposed ports or linking. Software defined networking (SDN) provides alternatives to group related containers across multiple hosts. SDNs use tunnels between hosts and bridges within each host to isolate tenant networks without VLAN limits. Containers connect to bridges using pipework while avoiding Docker's default bridge isolation. This allows resilient, multi-tenant container networks spanning multiple hosts.

Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks

Dos on 802.11 and other security issues ( Case Study ) Shrobon Biswas

Openstack Networking Internals - first partlilliput12

MK-PPT Chapter 5.ppt advanced computer networks1JT19IS042SandhyaH

13_TCP_Attack.pptxAlmaOraevi

TCP provides reliable communication between applications. SYN flooding fills the queue for half-open connections, preventing new connections. TCP reset spoofing breaks connections by sending reset packets with spoofed headers. Session hijacking spoofs packets within the sequence window to inject commands by redirecting output to the attacker's listening port. Defenses include randomizing ports/sequence numbers and encrypting payloads.

Kubernetes networking - basicsJuraj Hantak

The document discusses Kubernetes networking concepts including pods, services, and ingress. It provides examples of how containers within pods communicate via Docker networking. It also explains how Kubernetes networking solves the problems of pod-to-pod, service-to-pod, and external-to-service communications using services, iptables, and kube-proxy. The document demonstrates creating a deployment, service, and ingress to expose an application externally via a load balancer.

WAN Traffic ControlOfer Ben Yaacov

This document proposes a solution for applying quality of service (QoS) policies to traffic between private and public clouds. A pass-through traffic control (TC) device would be installed between cloud networks and routers to rate limit virtual extensible local area network (VxLAN) packets using their virtual network identifiers. The TC device uses tools like Open vSwitch and traffic control commands to classify traffic and set limits on egress queues to control bandwidth. A Neutron plugin and agent architecture is suggested to manage the TC devices and configure QoS policies from the network controller.

OpenStack sdnAdrián Norte Fernández

10 sdn-vir-6upSachin Siddappa

Packet switchingSabyasachi Upadhyay

#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015Dmitri Kalintsev

Floodlight OpenFlow DDoSYoav Francis

nested-kvmsethuraman ramanathan

Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub

"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes

Proof of Transit: Securely Verifying a Path or Service ChainFrank Brockners

Docker networking basics & coupling with Software Defined NetworksAdrien Blind

Understanding network and service virtualizationSDN Hub

Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingAdam Johnson

Meetup docker using software defined networksOCTO Technology

Cohesive Networks Support Docs: Welcome to VNS3 3.5 Cohesive Networks

Dos on 802.11 and other security issues ( Case Study ) Shrobon Biswas

Openstack Networking Internals - first partlilliput12

MK-PPT Chapter 5.ppt advanced computer networks1JT19IS042SandhyaH

13_TCP_Attack.pptxAlmaOraevi

Kubernetes networking - basicsJuraj Hantak

WAN Traffic ControlOfer Ben Yaacov

Recently uploaded (20)

Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell

HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungenpanagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-nomad-web-best-practices-und-verwaltung-von-multiuser-umgebungen/ HCL Nomad Web wird als die nächste Generation des HCL Notes-Clients gefeiert und bietet zahlreiche Vorteile, wie die Beseitigung des Bedarfs an Paketierung, Verteilung und Installation. Nomad Web-Client-Updates werden “automatisch” im Hintergrund installiert, was den administrativen Aufwand im Vergleich zu traditionellen HCL Notes-Clients erheblich reduziert. Allerdings stellt die Fehlerbehebung in Nomad Web im Vergleich zum Notes-Client einzigartige Herausforderungen dar. Begleiten Sie Christoph und Marc, während sie demonstrieren, wie der Fehlerbehebungsprozess in HCL Nomad Web vereinfacht werden kann, um eine reibungslose und effiziente Benutzererfahrung zu gewährleisten. In diesem Webinar werden wir effektive Strategien zur Diagnose und Lösung häufiger Probleme in HCL Nomad Web untersuchen, einschließlich - Zugriff auf die Konsole - Auffinden und Interpretieren von Protokolldateien - Zugriff auf den Datenordner im Cache des Browsers (unter Verwendung von OPFS) - Verständnis der Unterschiede zwischen Einzel- und Mehrbenutzerszenarien - Nutzung der Client Clocking-Funktion

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Toradex brings robust Linux support to SMARC (Smart Mobility Architecture), ensuring high performance and long-term reliability for embedded applications. Here’s how: • Optimized Torizon OS & Yocto Support – Toradex provides Torizon OS, a Debian-based easy-to-use platform, and Yocto BSPs for customized Linux images on SMARC modules. • Seamless Integration with i.MX 8M Plus and i.MX 95 – Toradex SMARC solutions leverage NXP’s i.MX 8 M Plus and i.MX 95 SoCs, delivering power efficiency and AI-ready performance. • Secure and Reliable – With Secure Boot, over-the-air (OTA) updates, and LTS kernel support, Toradex ensures industrial-grade security and longevity. • Containerized Workflows for AI & IoT – Support for Docker, ROS, and real-time Linux enables scalable AI, ML, and IoT applications. • Strong Ecosystem & Developer Support – Toradex offers comprehensive documentation, developer tools, and dedicated support, accelerating time-to-market. With Toradex’s Linux support for SMARC, developers get a scalable, secure, and high-performance solution for industrial, medical, and AI-driven applications. Do you have a specific project or application in mind where you're considering SMARC? We can help with Free Compatibility Check and help you with quick time-to-market For more information: https://www.toradex.com/computer-on-modules/smarc-arm-family

Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveScyllaDB

Want to learn practical tips for designing systems that can scale efficiently without compromising speed? Join us for a workshop where we’ll address these challenges head-on and explore how to architect low-latency systems using Rust. During this free interactive workshop oriented for developers, engineers, and architects, we’ll cover how Rust’s unique language features and the Tokio async runtime enable high-performance application development. As you explore key principles of designing low-latency systems with Rust, you will learn how to: - Create and compile a real-world app with Rust - Connect the application to ScyllaDB (NoSQL data store) - Negotiate tradeoffs related to data modeling and querying - Manage and monitor the database for consistently low latencies

AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...Alan Dix

Talk at the final event of Data Fusion Dynamics: A Collaborative UK-Saudi Initiative in Cybersecurity and Artificial Intelligence funded by the British Council UK-Saudi Challenge Fund 2024, Cardiff Metropolitan University, 29th April 2025 https://alandix.com/academic/talks/CMet2025-AI-Changes-Everything/ Is AI just another technology, or does it fundamentally change the way we live and think? Every technology has a direct impact with micro-ethical consequences, some good, some bad. However more profound are the ways in which some technologies reshape the very fabric of society with macro-ethical impacts. The invention of the stirrup revolutionised mounted combat, but as a side effect gave rise to the feudal system, which still shapes politics today. The internal combustion engine offers personal freedom and creates pollution, but has also transformed the nature of urban planning and international trade. When we look at AI the micro-ethical issues, such as bias, are most obvious, but the macro-ethical challenges may be greater. At a micro-ethical level AI has the potential to deepen social, ethnic and gender bias, issues I have warned about since the early 1990s! It is also being used increasingly on the battlefield. However, it also offers amazing opportunities in health and educations, as the recent Nobel prizes for the developers of AlphaFold illustrate. More radically, the need to encode ethics acts as a mirror to surface essential ethical problems and conflicts. At the macro-ethical level, by the early 2000s digital technology had already begun to undermine sovereignty (e.g. gambling), market economics (through network effects and emergent monopolies), and the very meaning of money. Modern AI is the child of big data, big computation and ultimately big business, intensifying the inherent tendency of digital technology to concentrate power. AI is already unravelling the fundamentals of the social, political and economic world around us, but this is a world that needs radical reimagining to overcome the global environmental and human challenges that confront us. Our challenge is whether to let the threads fall as they may, or to use them to weave a better future.

Electronic_Mail_Attacks-1-35.pdf by xploitniftliyevhuseyn

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, transcript, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul

Artificial intelligence is changing how businesses operate. Companies are using AI agents to automate tasks, reduce time spent on repetitive work, and focus more on high-value activities. Noah Loul, an AI strategist and entrepreneur, has helped dozens of companies streamline their operations using smart automation. He believes AI agents aren't just tools—they're workers that take on repeatable tasks so your human team can focus on what matters. If you want to reduce time waste and increase output, AI agents are the next move.

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

This is a Quick Research Guide (QRG). QRGs include the following: - A brief, high-level overview of the QRG topic. - A milestone timeline for the QRG topic. - Links to various free online resource materials to provide a deeper dive into the QRG topic. - Conclusion and a recommendation for at least two books available in the SJPL system on the QRG topic. QRGs planned for the series: - Artificial Intelligence QRG - Quantum Computing QRG - Big Data Analytics QRG - Spacecraft Guidance, Navigation & Control QRG (coming 2026) - UK Home Computing & The Birth of ARM QRG (coming 2027) Any questions or comments? - Please contact Arthur Morgan at [email protected]. 100% human made.

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Explore the benefits and features of advanced logistics management software for businesses in Riyadh. This guide delves into the latest technologies, from real-time tracking and route optimization to warehouse management and inventory control, helping businesses streamline their logistics operations and reduce costs. Learn how implementing the right software solution can enhance efficiency, improve customer satisfaction, and provide a competitive edge in the growing logistics sector of Riyadh.

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

Procurement Insights Cost To Value Guide.pptxJon Hansen

HCL Nomad Web – Best Practices and Managing Multiuser Environmentspanagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-nomad-web-best-practices-and-managing-multiuser-environments/ HCL Nomad Web is heralded as the next generation of the HCL Notes client, offering numerous advantages such as eliminating the need for packaging, distribution, and installation. Nomad Web client upgrades will be installed “automatically” in the background. This significantly reduces the administrative footprint compared to traditional HCL Notes clients. However, troubleshooting issues in Nomad Web present unique challenges compared to the Notes client. Join Christoph and Marc as they demonstrate how to simplify the troubleshooting process in HCL Nomad Web, ensuring a smoother and more efficient user experience. In this webinar, we will explore effective strategies for diagnosing and resolving common problems in HCL Nomad Web, including - Accessing the console - Locating and interpreting log files - Accessing the data folder within the browser’s cache (using OPFS) - Understand the difference between single- and multi-user scenarios - Utilizing Client Clocking

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

Mobile App Development Company in Saudi ArabiaSteve Jonas

EmizenTech is a globally recognized software development company, proudly serving businesses since 2013. With over 11+ years of industry experience and a team of 200+ skilled professionals, we have successfully delivered 1200+ projects across various sectors. As a leading Mobile App Development Company In Saudi Arabia we offer end-to-end solutions for iOS, Android, and cross-platform applications. Our apps are known for their user-friendly interfaces, scalability, high performance, and strong security features. We tailor each mobile application to meet the unique needs of different industries, ensuring a seamless user experience. EmizenTech is committed to turning your vision into a powerful digital product that drives growth, innovation, and long-term success in the competitive mobile landscape of Saudi Arabia.

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In Francechb3

Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxAnoop Ashok

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

AI and Data Privacy in 2025: Global TrendsInData Labs

In this infographic, we explore how businesses can implement effective governance frameworks to address AI data privacy. Understanding it is crucial for developing effective strategies that ensure compliance, safeguard customer trust, and leverage AI responsibly. Equip yourself with insights that can drive informed decision-making and position your organization for success in the future of data privacy. This infographic contains: -AI and data privacy: Key findings -Statistics on AI data privacy in the today’s world -Tips on how to overcome data privacy challenges -Benefits of AI data security investments. Keep up-to-date on how AI is reshaping privacy standards and what this entails for both individuals and organizations.

Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell

HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungenpanagenda

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveScyllaDB

AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...Alan Dix

Electronic_Mail_Attacks-1-35.pdf by xploitniftliyevhuseyn

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

Procurement Insights Cost To Value Guide.pptxJon Hansen

HCL Nomad Web – Best Practices and Managing Multiuser Environmentspanagenda

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

Mobile App Development Company in Saudi ArabiaSteve Jonas

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In Francechb3

Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxAnoop Ashok

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

AI and Data Privacy in 2025: Global TrendsInData Labs

Packet flow on openstack

1. Packet flow on Compute The following steps involve compute node . 1. The instance 1 tap interface (1) forwards the packet to the Linux bridge qbr. The packet contains destination MAC address TG because the destination resides on another network. 2. Security group rules (2) on the Linux bridge qbr handle firewalling and state tracking for the packet. 3. The Linux bridge qbr forwards the packet to the Open vSwitch integration bridge br-int. 4. The Open vSwitch integration bridge br-int adds the internal tag for the provider network. 5. The Open vSwitch integration bridge br-int forwards the packet to the Open vSwitch provider bridge br-provider. 6. The Open vSwitch provider bridge br-provider replaces the internal tag with the actual VLAN tag (segmentation ID) of the provider network. 7. The Open vSwitch provider bridge br-provider forwards the packet to the physical network via the provider network interface. .

2. Physical N/W Infra The following steps involve the physical network infrastructure: 1.A switch (3) handles any VLAN tag operations between provider network 1 and the router (4). 2.A router (4) routes the packet from provider network 1 to the external network. 3.A switch (3) handles any VLAN tag operations between the router (4) and the external network. 4.A switch (3) forwards the packet to the external network

3. Abbrevations :- - qvo: veth pair openvswitch side - qvb: veth pair bridge side - qbr: bridge • Tap InterfaceQBRBR-INT-----OVS-TAGGING--OVS-BR-Provider Physical NIC via provider N/w Interface. • BR-INT add internal tag for provider network. • OVS-BR-Provider replace OVS tag with VLAN Tag

5. North South Flow:-

6. Instances on different N/W :-

7. Instances on same N/w:-

9. Packet walk@compute :- •To find the tap interface associated to this VM NIC, the only way that i know is by using classic Libvirt virsh command on that particular VM instance. •From the previous step, we know that the VM instance id is “instance-0000000” compute01# virsh dumpxml instance-00000003 | egrep "mac|tap" <mac address='fa:16:3e:3b:53:26'/> <target dev='tapf7eae624-34'/> •First, we know that VM is connected to the host via TAP interface. This TAP interface will be used to send the outgoing traffic from the VM. So, we need to find which TAP interface is connected to this VM. OK, now we know that VM “c-private” is connected via tapf7eae624-34. According to the compute node network diagram in the beginning of this slide, this TAP interface should be connected to a linux bride first for firewall policy and/or QoS policy implementation before actually connected to Openvswitch.

10. Let’s check linux bridge table on compute:- The above output shows “tapf7eae624-34” is connected to a linux bridge name qbrf7eae624- 34 and this qbrf7eae624-34 bridge has another virtual interface named qvbf7eae624-34.

11. Now, we check openvswitch configuration and check how this tap interface is connected

12. • What can we get from above output • virtual interface qvof7eae624-34 is connected to openvswitch br-int bridge and have internal tag=2 assigned by OVS. • after that, the packet will be forwarded to br-tun bridge via patch interface. • This means, untagged packet coming from the VM is received via *qvof7eae624-34 and then sent out to to br-tun bridge with additional internal tag.

13. Useful OVS Commands :- • dump the mac address table on the compute node ovs :- ovs-appctl fdb/show br-tun • list the ovs port : ovs-ofctl show br-tun • OVS flow table: ovs-ofctl dump-flows br-tun

Packet flow on openstack

Recommended

More Related Content

What's hot (20)

Similar to Packet flow on openstack (20)

Recently uploaded (20)

Packet flow on openstack