Mirantis

Blog

vCider Virtual Switch Overview

by Roman Bogorodskiy
July 30, 2011

A couple of months ago, Chris Marino, CEO at vCider, stopped by the Mirantis office and gave a very interesting presentation on the vCider networking solution for clouds. A few days later, he kindly provided me with beta access to their product.

A few days ago, vCider announced public availability of the product. So now it’s a good time to blog about my experience concerning it.

About vCider Virtual Switch
To make a long story short, vCider Virtual Switch allows you to build a virtual Layer 2network across several Linux boxes; these boxes might be Virtual Machines (VMs) on a cloud (or even in different clouds), or it might be a physical server.

The flow is pretty simple: you download a package (DEBs and RPMs are available on the site) and install it to all of the boxes for which you will create a network. No configuration is required except for creating a file with an account token.

After that, all you have to do is to visit the vCider Dashboard and create networks and assign nodes to them.

So to start playing with that, I created two nodes on Rackspace and created a virtual network for them for which I used 192.168.87.0/24 address space.

On both boxes two new network interfaces appeared:

On the first box:

and on the second one:

tracepath output looks like this:

arping also works fine:

Performance
One of the most important questions is performance. First, I used iperf to measure bandwidth on the public interfaces:

So it gives average bandwidth ~9.3Mbit/sec.

And here’s the same test via vCider network:

It gives an average bandwidth of 8.5Mbit/sec, and it’s about 91% of the original bandwidth, which is not bad I believe.

For the sake of experimenting, I tried to emulate TAP networking using openvpn. I chose the quickest configuration possible and just ran openvpn on the server this way:

and on the client:

As you might guess, openvpn runs in user space and it tunnels traffic over the public
interfaces on the boxes I use for tests.

And I conducted another iperf test:

It gives an average bandwidth of 8.3Mbit/sec, and it’s 89% of the original bandwidth. It’s just a little slower than vCider Virtual Switch which is very good for openvpn, but I have to note it’s not quite a fair comparison:

  • I don’t use encryption in my openvpn setup
  • Real-world openvpn configuration will be much more complex
  • I believe openvpn will scale significantly worse with the growth of the number of machines in the network, as openvpn works in client/server mode while vCider works in p2p mode and uses central service to grab metadata such as routing information etc.

Also, it seems to me that the vCider team’s comparison to openvpm is helpful, as they have a note on it in the FAQ — be sure to check it out.

Support
It’s a pleasure to note that the vСider team is very responsive. As I started testing the product at quite an early stage, I spotted some issues, and even they were not critical. It’s a great pleasure to see they are all fixed in the next version.

Conclusion
vCider Virtual Switch is a product with expected behavior, good performance, complete documentation, and it’s easy to use. The vCider team provides good support as well.

It seems that for relatively small setups within a single trusted environment, e.g. about 5-8 VMs within a single cloud provider, where traffic encryption and performance are not that critical, one could go with a openvpn setup. However, when either security or performance becomes important or the size of the setup increases, vCider Virtual Switch would be a good choice.

I am looking forward to new releases and specifically I’m very curious about multicast support and exposed API which manages networks.

Further reading
* vCider Home Page
* vCider Virual Switch FAQ
* Wikipedia article on OSI model
* OpenVPN Home Page

1 comment
Google Plus Mirantis

One Response

  1. jbrendel

    Roman, thank you for taking the time to test our vCider solution and to write about it.

    It’s worth noting that vCider has encryption always turned on by default. As you said, you tested OpenVPN without any encryption.

    Just to provide some additional data points to your performance measurements: We have done tests where the encryption settings for both solutions were the same. With encryption switched off on both vCider as well as OpenVPN, vCider gives around 1.5 times better throughput. And with encryption switched on in both cases, vCider compares even more favorably, giving almost 3 times better throughput.

    But it’s not only throughput: Our measurements have revealed that OpenVPN’s performance is essentially CPU limited in both the encrypted and unencrypted case: For OpenVPN we get essentially 100% CPU utilization during the iperf measurement, while for vCider we have 10% to 20% (depending on the encryption setting).

    Of course, if your traffic traverses a wider network then throughput measurements will be increasingly influenced by the additional hops and other factors outside of your control.

    However, even then you will get noticeably lower CPU load and less context switches with vCider.

    July 5, 2011 13:43
    Reply

Some HTML is OK


or, reply to this post via trackback.


7 × = 56