The evolution of Open vSwitch integration for OpenStack Daniel Alvarez [email protected] Numan Siddique [email protected] @numansiddique 13 Nov 2018 Agenda ● History of OpenvSwitch in OpenStack ● OVN architecture overview ● ML2/OVN vs ML2/OVS ○ Features ○ Performance ● What’s next? History of OpenvSwitch in OpenStack Mitaka Release Nova-network OpenvSwitch was Native support for: DHCP leveraged by introducing v4/v6, internal DNS, Load Linux bridge networking. OVS Firewall. OVS 2.5+ and Balancing. No Neutron Kernel 4.3+. agents/RPC. On its way to be the default networking 2011 2016 backend in TripleO. 2010 2016 Now Diablo Release Newton Release Quantum Open vSwitch Plugin. First Release of networking-ovn. Used OVS for L2 functionality. Replaced L2/ L3 neutron agents by native implementations. Still required Neutron DHCP and Metadata agents. OVN Architecture overview Neutron with OVN Architecture networking-ovn 1. A Cloud Management System 2. ovn-northd Populates (Openstack in this eg.) creates Logical Southbound DB network components via the OVN OVN Northbound DB Northbound DB ovn-northd OVN Southbound DB ovn-controller ovn-controller ovn-controller OVS OVS ... OVS HV-1 HV-2 HV-n 3. Hypervisors Generate Physical Flows Comparing ML2/OVN and ML2/OVS Comparing ML2/OVN and ML2/OVS (I) ML2/OVN ML2/OVS Native OpenStack OpenStack Product Kubernetes Compatibility oVirt Resources/ C services/ Multiple python agents, Complexity single C agent, rabbitmq, medium footprint OVSDB protocol, smaller footprint. L3 OpenFlow based L3-agent / Linux kernel namespaces, routing and iptables L3HA OpenFlow + BFD L3-agent / Linux kernel (Native) namespaces + keepalived + VRRP over ha_xx network. Comparing ML2/OVN and ML2/OVS (II) ML2/OVN ML2/OVS L3 Always (except for Only with DVR, many DISTRIBUTED VLAN tenant networks) namespaces and hops (fip-, East/West snat-, qrouter-). L3 OpenFlow, L3-agent / Linux kernel / DISTRIBUTED SNAT traffic through many namespaces and hops North/South the networker nodes (fip- snat-, qrouter-) (FIP) NAT using OVS SNAT through networker connection tracking nodes DHCP OpenFlow (controller Response from networker action), nodes Response from comp. local to the instances dhcp-agent / dnsmasq + qdhcp- namespaces Fully distributed HA on compute nodes. Comparing ML2/OVN and ML2/OVS (III) ML2/OVN ML2/OVS ENCAP. Geneve, VLAN3 VXLAN, GRE, VLAN Agents ovn-controller (C1 + N2) Neutron-l3-agent (C + N) ovn-metadata-agent (C) Neutron-dhcp-agent (N) Neutron-metadata-agent (C + N) Neutron-openvswitch-agent (C + N) IPv6 OpenFlow Neutron-l3-agent + radvd (N) RA, RS, ND, NS handled locally in compute nodes L4 Octavia driver, handles No Load distributed L4 Load Balancer in Balancing OpenFlow Internal DNS OpenFlow Neutron-dhcp-agent + dnsmasq (N) 1-Compute 2- Networker 3-VLAN tenant networks support has some bugs on core-ovn that are being fixed at the time of writing this. Performance: Controlplane Performance: Dataplane Performance: CPU utilization ML2/OVN ML2/OVS What’s next? ● ML2/OVS to ML2/OVN migration tool ● ML2/OVS parity: QoS, SG logging, … ● Split OVN from OVS project for better agility and independence ● Adopt Raft OVSDB clustering (A/A) ● Performance: Incremental processing for ovn-northd and ovn-controller Q&A.