The Evolution of Open Vswitch Integration for Openstack

The evolution of Open vSwitch integration for OpenStack

Daniel Alvarez [email protected] Numan Siddique [email protected] @numansiddique

13 Nov 2018 Agenda

● History of OpenvSwitch in OpenStack ● OVN architecture overview ● ML2/OVN vs ML2/OVS ○ Features ○ Performance ● What’s next? History of OpenvSwitch in OpenStack

Mitaka Release

Nova-network OpenvSwitch was Native support for: DHCP leveraged by introducing v4/v6, internal DNS, Load Linux bridge networking. OVS Firewall. OVS 2.5+ and Balancing. No Neutron Kernel 4.3+. agents/RPC. On its way to be the default networking 2011 2016 backend in TripleO.

2010 2016 Now

Diablo Release Newton Release

Quantum Open vSwitch Plugin. First Release of networking-ovn. Used OVS for L2 functionality. Replaced L2/ L3 neutron agents by native implementations. Still required Neutron DHCP and Metadata agents. OVN Architecture overview

Neutron with OVN Architecture networking-ovn 1. A Cloud Management System 2. ovn-northd Populates (Openstack in this eg.) creates Logical Southbound DB network components via the OVN OVN Northbound DB Northbound DB ovn-northd

OVN Southbound DB

ovn-controller ovn-controller ovn-controller

OVS OVS ... OVS

HV-1 HV-2 HV-n 3. Hypervisors Generate Physical Flows Comparing

ML2/OVN and ML2/OVS Comparing ML2/OVN and ML2/OVS (I)

ML2/OVN ML2/OVS

Native OpenStack OpenStack Product Kubernetes Compatibility oVirt

Resources/ C services/ Multiple python agents, Complexity single C agent, rabbitmq, medium footprint OVSDB protocol, smaller footprint.

L3 OpenFlow based L3-agent / Linux kernel namespaces, routing and iptables

L3HA OpenFlow + BFD L3-agent / Linux kernel (Native) namespaces + keepalived + VRRP over ha_xx network. Comparing ML2/OVN and ML2/OVS (II)

ML2/OVN ML2/OVS

L3 Always (except for Only with DVR, many DISTRIBUTED VLAN tenant networks) namespaces and hops (fip-, East/West snat-, qrouter-).

L3 OpenFlow, L3-agent / Linux kernel / DISTRIBUTED SNAT traffic through many namespaces and hops North/South the networker nodes (fip- snat-, qrouter-) (FIP) NAT using OVS SNAT through networker connection tracking nodes

DHCP OpenFlow (controller Response from networker action), nodes Response from comp. local to the instances dhcp-agent / dnsmasq + qdhcp- namespaces Fully distributed HA on compute nodes. Comparing ML2/OVN and ML2/OVS (III)

ML2/OVN ML2/OVS

ENCAP. Geneve, VLAN3 VXLAN, GRE, VLAN

Agents ovn-controller (C1 + N2) Neutron-l3-agent (C + N) ovn-metadata-agent (C) Neutron-dhcp-agent (N) Neutron-metadata-agent (C + N) Neutron-openvswitch-agent (C + N)

IPv6 OpenFlow Neutron-l3-agent + radvd (N) RA, RS, ND, NS handled locally in compute nodes

L4 Octavia driver, handles No Load distributed L4 Load Balancer in Balancing OpenFlow

Internal DNS OpenFlow Neutron-dhcp-agent + dnsmasq (N)

1-Compute 2- Networker 3-VLAN tenant networks support has some bugs on core-ovn that are being fixed at the time of writing this. Performance: Controlplane Performance: Dataplane Performance: CPU utilization

ML2/OVN

ML2/OVS What’s next?

● ML2/OVS to ML2/OVN migration tool ● ML2/OVS parity: QoS, SG logging, … ● Split OVN from OVS project for better agility and independence ● Adopt Raft OVSDB clustering (A/A) ● Performance: Incremental processing for ovn-northd and ovn-controller Q&A