OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston - - PowerPoint PPT Presentation

openstack and ovn
SMART_READER_LITE
LIVE PREVIEW

OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston - - PowerPoint PPT Presentation

Jan 25, 2024 397 likes •665 views

OpenStack and OVN Whats New with OVS 2.7 OpenStack Summit -- Boston 2017 Russell Bryant (@russellbryant) Justin Pettit (@Justin_D_Pettit) Ben Pfaff (@Ben_Pfaff) Virtual Networking Overview Provides a logical network abstraction on top of a

slide-1
SLIDE 1

OpenStack Summit -- Boston 2017

Russell Bryant (@russellbryant) Justin Pettit (@Justin_D_Pettit) Ben Pfaff (@Ben_Pfaff)

OpenStack and OVN

What’s New with OVS 2.7

slide-2
SLIDE 2

Virtual Networking Overview

Provides a logical network abstraction on top of a physical network

2

VMA VMB VMC L-Switch VM3 HV2 L-Switch L-Router L-Switch L-Switch VM5 VM4 VM3 VM1 VM2 VM4 VMB VMC VM5 HV1 VM1 VM2 VMA Physical Logical

slide-3
SLIDE 3

What is OVN?

  • Virtual networking for Open vSwitch (OVS)
  • Developed within the OVS project
  • Linux Foundation Collaborative Project
  • License under the Apache license
  • OVS/OVN releases every six months
slide-4
SLIDE 4

OVN Feature Overview

  • Manages overlays and physical network connectivity
  • Flexible security policies (ACLs)
  • Distributed L3 routing, IPv4 and IPv6
  • Native support for NAT, load-balancing, DHCP
  • Works with Linux, DPDK, and Hyper-V
  • L2 and L3 gateways
  • Designed to be integrated into another system

○ OpenStack, Kubernetes, Docker, Mesos, oVirt

slide-5
SLIDE 5

Who’s Using OVN?

  • Existing Project Integrations

○ OpenStack https://github.com/openstack/networking-ovn ○ Quilt project https://github.com/quilt/quilt ○ Kubernetes https://github.com/openvswitch/ovn-kubernetes ○ Docker networking https://github.com/openvswitch/ovs ○

  • Virt

https://www.ovirt.org

  • Products

○ Red Hat Virtualization (RHV) - OVN available as Tech Preview ○ Red Hat OpenStack and OpenShift support on the roadmap

slide-6
SLIDE 6

OVN Project Releases

  • OVS Version 2.7

○ QoS via egress shaping ○ DSCP marking ○ IP source-based routing

  • OVS Version 2.8

○ Native DNS support ○ IPAM IPv6 support ○ Database clustering (in progress) ○ ACL logging (in progress)

  • Ocata Release

○ Support for OVN L3 gateways with NAT ○ Native DHCPv6 support ○ Mixed DPDK and kernel datapath environment ○ Many new tests

  • Pike Release (Completed)

○ Simplified L3 gateway support ○ SSL support for OVN DBs ○ CI with OVS master and latest release ○ Many new tests

  • Pike Release (In Progress)

○ Support for OpenStack Metadata API ○ L3 Gateway high-availability ○ Kolla container images ○ Improvements to TripleO Support ○ Ansible-based ML2/OVS to OVN migration

slide-7
SLIDE 7

OpenStack Integration

slide-8
SLIDE 8

How OVN fits into Neutron

neutron-server ML2/OVN driver (networking-ovn) OVN services (ovn-northd, ovn-controller, OVN DBs) Open vSwitch neutron-server ML2/OVS driver Neutron agents (OVS, L3, DHCP, Metadata) Open vSwitch

slide-9
SLIDE 9
  • penstack/networking-ovn
  • Implements the OVN backend for Neutron
  • Implements various Neutron interfaces

○ ML2 mechanism driver ○ L3 service plugin ○ QoS notification driver ○ Trunk driver (vlan-aware-vms)

  • Configures OVN using OVSDB protocol via python-ovs library
slide-10
SLIDE 10

Migration to OVN

  • Proof of concept Ansible playbook available to migrate from ML2/OVS
  • Requires use of OVS Firewall with ML2/OVS first
  • In-place upgrade without any VM migrations
  • Attempts to minimize data plane downtime

○ Measured as ~10 seconds in the migration of a 10 node cloud

  • Open question: do we need to build a no-downtime rolling migration?

○ Much more difficult than the in-place migration with minimal downtime

slide-11
SLIDE 11

OpenStack Deployment with OVN

  • DevStack

○ For development and basic testing only ○ https://docs.openstack.org/developer/networking-ovn/testing.html

  • TripleO

○ tripleo-heat-templates/environments/neutron-ml2-ovn.yaml

slide-12
SLIDE 12

Performance

slide-13
SLIDE 13

Differences from ML2/OVS Control Plane

  • ML2/OVS

○ RPC over message queues ○ Neutron agents ○ Python services

  • OVN

○ Database-driven ○ OVN replaces Neutron agents ○ C binaries

slide-14
SLIDE 14

ML2/OVS vs OVN Control Plane Comparison

  • Results for Nova VM Creation time with OVN:

https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs-and-ovn-control-plane/

ML2/OVS (Seconds) OVN (Seconds) % Improvement Average 80.7 23.4 70.9% 95% 163.2 35.3 78.4% Maximum 221.9 47.8 78.4% Minimum 18.7 3.8 79.8%

slide-15
SLIDE 15

Data Plane Performance

  • Distributed routing

○ Does not bounce traffic through namespaces ○ OVN performs route calculation then applies simple packet modification to future packets

  • ACLs and NAT use native connection tracking functionality

○ Linux: Netfilter conntrack kernel module ○ DPDK: New OVS userspace connection tracker

slide-16
SLIDE 16

Geneve vs VxLAN Performance

  • OVN supports Geneve and STT for hypervisor connectivity

○ VxLAN doesn’t provide enough metadata

  • Support for Geneve-offloading on some NICs (more coming)
  • Existing checksum-offloading in many NICs provides comparable Geneve

performance to VxLAN-offloading

slide-17
SLIDE 17

Future

slide-18
SLIDE 18

Feature Development

  • Database clustering (Under development)
  • ACL Logging (Under development)
  • Securely handle a compromised hypervisor
  • Scaling improvements
  • Service function chaining
  • Encrypted tunnels
  • Native OpenStack LBaaS support
  • OpenStack support of multiple SNAT gateways on a network
slide-19
SLIDE 19

Open vSwitch BPF Datapath

  • BPF provides a safe, virtual sandbox in the Linux kernel (as well as other

platforms)

  • Potentially greater portability across kernel versions and platforms
  • Insert new functionality at run-time:

○ New network and tunneling protocols ○ Push OVN-specific actions into the datapath

slide-20
SLIDE 20

Break OVN out of OVS Repository?

  • Projects have different trajectories
  • Separate group of OVN contributors
  • Considerations

○ Work needed to break things into libraries ○ Development under the “openvswitch” project? ○ Use same governance policy as OVS? ○ Continue same release cycle as OVS?

slide-21
SLIDE 21

Other Resources

  • OVS/OVN Repository

○ https://github.com/openvswitch/ovs

  • OpenStack OVN Integration

○ https://docs.openstack.org/developer/networking-ovn/

  • Kubernetes OVN Plugin

○ https://github.com/openvswitch/ovn-kubernetes

  • OVS Orbit Podcast

○ https://ovsorbit.org/

slide-22
SLIDE 22

Thank you for attending!

Ben Pfaff (@Ben_Pfaff) Justin Pettit (@Justin_D_Pettit) Russell Bryant (@russellbryant)

slide-23
SLIDE 23
slide-24
SLIDE 24
  • 1. Logical configuration in Northbound DB

CMS OVN Northbound DB

slide-25
SLIDE 25
  • 2. ovn-northd populates Southbound logical flows

CMS OVN Northbound DB OVN Southbound DB

  • vn-northd
slide-26
SLIDE 26
  • 3. Hypervisors generate physical flows

CMS OVN Northbound DB OVN Southbound DB

  • vn-northd

HV-1

  • vn-controller

OVS HV-n

  • vn-controller

OVS HV-2

  • vn-controller

OVS ...