In previous articles, I introduced the architectures of OpenStack using Linux Bridge and Open vSwitch plug-ins. In this post, we will introduce OVN, a newer Neutron Plug-in with a different architecture.
Contents
Overview
OVN can be described as a distributed SDN controller that creates virtual networks through OVS. Below are some of the features OVN provides:
- Provides an abstraction layer for OVS through L2 and L3 overlays, while managing connectivity with physical networks.
- Supports flexible ACLs implemented using OVS connection tracking.
- Supports distributed L3 routing implemented via OVS flows, with support for both IPv4 and IPv6.
- NAT and load balancing utilizing OVS connection tracking.
- Distributed DHCP
- Supports all OVS datapaths, such as the default Linux kernel datapath or DPDK
- Supports L3 gateways from virtual networks to physical networks
- Supports software-based L2 gateways
- Provides connectivity between VMs and containers running on VMs without requiring a second-layer overlay network
OVN not only has a plugin implementation for OpenStack Neutron (networking-ovn) but also provides a CNI plugin for Kubernetes.
Components
OVN includes the following components:
- OVN Northbound Database
- ovn-northd
- OVN Southbound Database
- ovn-controller
- ovs-vswitchd
- ovsdb-server
OVN Northbound Database
The OVN Northbound Database is responsible for receiving network configurations from the CMS (Cloud Management System), which can be OpenStack, Kubernetes, or other supported systems.
ovn-northd
ovn-northd connects to the upstream OVN Northbound Database and the downstream OVN Southbound Database. It is responsible for converting logical configurations based on conventional networking concepts (routers, switches, etc.) in the OVN Northbound Database into logical datapath flows in the OVN Southbound Database.
OVN Southbound Database
The OVN Southbound Database is the core of the entire OVN architecture, connecting upwards to ovn-northd and downwards to the ovn-controllers on all nodes.
The OVN Southbound Database stores three types of data:
- Physical Network (PN) tables: Contains data on how to reach hypervisors and other nodes
- Logical Network (LN) tables: Stores virtual networks described via logical datapath flows provided by northd
- Binding tables: Stores the relationships between virtual network components and the physical network
Hypervisors are responsible for providing data for the PN (Physical Network) and Port Binding tables, while ovn-northd provides data for the Logical Network (LN) tables.
ovn-controller
ovn-controller(8) is the OVN agent and software gateway on each hypervisor. It connects upwards to the OVN Southbound Database to understand OVN configurations and status, and provides data for the PN and Port Binding tables.
Meanwhile, ovs-vswitchd and ovsdb-server are original OVS components; one is responsible for controlling network traffic, and the other for monitoring and managing Open vSwitch configurations.
Architecture
Summary
The above is a general overview of OVN concepts and its components. In the next article, we will introduce how OVN integrates with OpenStack.
Reference
- https://man7.org/linux/man-pages/man7/ovn-architecture.7.html
- https://blog.russellbryant.net/2016/09/29/ovs-2-6-and-the-first-release-of-ovn/
Copyright Notice: All articles on this blog are licensed under CC BY-NC-SA 4.0 unless otherwise specified.
