Daniel Alvarez dalvarez@redhat.comNuman Siddique nusiddiq@redhat.com @numansiddique

The evolution of Open vSwitch integration for OpenStack

13 Nov 2018

Agenda

● History of OpenvSwitch in OpenStack ● OVN architecture overview● ML2/OVN vs ML2/OVS

○ Features○ Performance

● What’s next?

History of OpenvSwitch in OpenStack

2016

Mitaka Release

OpenvSwitch was leveraged by introducing OVS Firewall. OVS 2.5+ and Kernel 4.3+.

2016

Newton Release

First Release of networking-ovn. Replaced L2/ L3 neutron agents by native implementations. Still required Neutron DHCP and Metadata agents.

2010

Nova-network

Linux bridge networking.

2011

Diablo Release

Quantum Open vSwitch Plugin. Used OVS for L2 functionality.

Now

Native support for: DHCP v4/v6, internal DNS, Load Balancing. No Neutron agents/RPC. On its way to be the default networking backend in TripleO.

OVN Architecture overview

OVN Architecture

3. Hypervisors Generate Physical Flows

Neutron with networking-ovn

ovn-northd

HV-1

ovn-controller

OVS

HV-n

ovn-controller

OVS

HV-2

ovn-controller

OVS ...

2. ovn-northd Populates Southbound DB

1. A Cloud Management System(Openstack in this eg.) creates Logical network components via the OVN Northbound DB

OVNNorthbound DB

OVNSouthbound DB

ComparingML2/OVN and ML2/OVS

Comparing ML2/OVN and ML2/OVS (I)ML2/OVN ML2/OVS

NativeProductCompatibility

OpenStackKubernetesoVirt

OpenStack

Resources/Complexity

C services/single C agent,OVSDB protocol, smaller footprint.

Multiple python agents, rabbitmq, medium footprint

L3 OpenFlow based L3-agent / Linux kernel namespaces, routing and iptables

L3HA OpenFlow + BFD (Native)

L3-agent / Linux kernel namespaces + keepalived + VRRP over ha_xx network.

Comparing ML2/OVN and ML2/OVS (II)ML2/OVN ML2/OVS

L3DISTRIBUTED East/West

Always (except for VLAN tenant networks)

Only with DVR, many namespaces and hops (fip-, snat-, qrouter-).

L3DISTRIBUTEDNorth/South (FIP)

OpenFlow,SNAT traffic through the networker nodesNAT using OVS connection tracking

L3-agent / Linux kernel / many namespaces and hops (fip- snat-, qrouter-)SNAT through networker nodes

DHCP OpenFlow (controller action),Response from comp.local to the instances

Fully distributed HA on compute nodes.

Response from networkernodes

dhcp-agent / dnsmasq + qdhcp- namespaces

Comparing ML2/OVN and ML2/OVS (III)ML2/OVN ML2/OVS

ENCAP. Geneve, VLAN3 VXLAN, GRE, VLAN

Agents ovn-controller (C1 + N2)ovn-metadata-agent (C)

Neutron-l3-agent (C + N)Neutron-dhcp-agent (N)Neutron-metadata-agent (C + N)Neutron-openvswitch-agent (C + N)

IPv6 OpenFlowRA, RS, ND, NS handled locally in compute nodes

Neutron-l3-agent + radvd (N)

L4LoadBalancing

Octavia driver, handles distributed L4 Load Balancer in OpenFlow

No

Internal DNS OpenFlow Neutron-dhcp-agent + dnsmasq (N)

1-Compute 2- Networker 3-VLAN tenant networks support has some bugs on core-ovn that are being fixed at the time of writing this.

Performance: Controlplane

Performance: Dataplane

Performance: CPU utilizationML2/OVN

ML2/OVS

What’s next?

● ML2/OVS to ML2/OVN migration tool● ML2/OVS parity: QoS, SG logging, … ● Split OVN from OVS project for better agility and

independence● Adopt Raft OVSDB clustering (A/A)● Performance: Incremental processing for ovn-northd

and ovn-controller

Q&A