In the past few articles, we introduced OpenStack's use of Linux Bridge and Open vSwitch plug-ins. In this article, we will introduce a relatively new, different architecture Neutron plug-in—OVN.
Table of Contents
Overview
OVN can be described as a distributed SDN controller built on top of OVS. Below are some of the capabilities OVN provides:
- Provides an abstraction layer via L2 and L3 overlays for OVS, while also enabling management of virtual and physical network connectivity
- Supports stateful ACLs using OVS connection tracking
- Supports distributed L3 routing via OVS flows, with simultaneous support for IPv4 and IPv6
- Enables NAT and load balancing using OVS connection tracking
- Distributed DHCP
- Supports all OVS datapaths, such as the default Linux kernel datapath or DPDK
- Supports L3 gateway functionality from virtual to physical networks
- Supports software-based L2 gateway
- Can provide connectivity between VMs and containers running on VMs, in scenarios where a second-layer overlay network is not required
OVN not only offers a plugin implementation for OpenStack Neutron (networking-ovn), but also provides a CNI plugin for Kubernetes.
Components
OVN includes the following components:
- OVN Northbound Database
- ovn-northd
- OVN Southbound Database
- ovn-controller
- ovs-vswitchd
- ovsdb-server
OVN Northbound Database
OVN Northbound Database receives network configurations from the CMS (Cloud Management System), which may be OpenStack, Kubernetes, or any other supported system.
ovn-northd
ovn-northd connects to the OVN Northbound Database at the top and the OVN Southbound Database at the bottom. It translates network abstractions (routers, switches, etc.) from the Northbound Database into logical datapath flows within the database.
OVN Southbound Database
The OVN Southbound Database is the core of the OVN architecture, connecting upward to ovn-northd and downward to ovn-controller on every hypervisor.
The OVN Southbound Database stores three types of data:
- Physical Network (PN) tables: store information on how to reach the hypervisor and other components
- Logical Network (LN) tables: cache virtual network descriptions provided by northd via logical datapath flows
- Binding tables: store the relationships between virtual network elements and physical network components
Hypervisors provide data for the Port Network (PN) and Port Binding tables, while ovn-northd provides data for the Logical Network (LN) tables.
ovn-controller
ovn-controller(8) is the OVN agent and software gateway running on each hypervisor. It connects to the OVN Southbound Database, receives OVN configuration and status, and provides data for the PN and Port Binding tables.
ovs-vswitchd and ovsdb-server are original components of OVS itself—a switch that controls traffic flows and a database server that manages and monitors Open vSwitch configurations.
Architecture
Summary
Above is a general overview of OVN's core concepts and components. In the next article, we will discuss how OVN integrates with OpenStack.
Reference
- https://man7.org/linux/man-pages/man7/ovn-architecture.7.html
- https://blog.russellbryant.net/2016/09/29/ovs-2-6-and-the-first-release-of-ovn/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless otherwise stated.