OVN Open virtual Network

Open Virtual Network

OVN(Open Virtual Network) is a series of daemons for the Open vSwitch that translate virtual network configuration into OpenFlow.

OVN provides a higher-layer of abstraction than Open vSwitch, working with logical routers and logical switches, rather than flows.

Why did we choose OVN for Nodus?

One of the best programmable controller

Hides OVS complexity

Broader eco-system

L2 CNI - Support for unicast, multicast, broadcast applications

One site level IPAM - No IP address restriction with number of nodes

Possible to implement critical features with table-based pipline

(Firewall, Routing, Switching, Load balancing, Network Policy)

SmartNIC( Smart Network Interface Card) friendly

Nodus Architecture blocks

NFN Operator

Expose virtual, provider, chaining CRDs to external world
Programs OVN to create L2 switches.
Watch for PODs being coming up
- Assigns IP address for every network of the deployment
- Looks for replicas and auto create routes for chaining to work
- Create LBs for distributing the load across CNF replicas

NFN Agent

Performs CNI operations
Configures VLAN and Routes in linux kernel(in case of routes, it cloud do it both root and network namespace )
Communicates with OVSDB to inform of provider interface.(create ovs bridge and creates external-ids:ovn-bridge-mappings)

07/20 meeting minutes

Kural addressed the Qiang queries related to the CNI and architectural diagram.
Kural gave the following pointer to understand the CNI and CNI code
- https://www.dasblinkenlichten.com/understanding-cni-container-networking-interface/
- https://github.com/containernetworking/plugins/blob/main/plugins/main/bridge/bridge.go
AR
- For Qiang and Jiahao
- - https://github.com/akraino-edge-stack/icn-nodus/tree/master/demo/calico-nodus-secondary-sfc-setup
  - Change the vagrant version to 2.2.19 in the line number https://github.com/akraino-edge-stack/icn-nodus/blob/master/demo/calico-nodus-secondary-sfc-setup/setup.sh#L14 and bring up the demo
  - OVS and OVN ramp up
  - - OVS deep dive - https://www.youtube.com/watch?v=x-F9bDRxjAM&ab_channel=OpenInfrastructureFoundation
    - OVN deep dive - https://docs.ovn.org/en/latest/tutorials/ovn-sandbox.html & video - https://www.youtube.com/watch?v=okralc7LrZo&ab_channel=OpenInfrastructureFoundation
  - Please run the ovs-vsctl command in the ovn-controller pod and ovn-nbctl command in the ovn-control-plane pod to understand the flow
  - Kural’s presentation on the Nodus - https://www.youtube.com/watch?v=hGiOHIkxaoQ&t=3s&ab_channel=OpenvSwitch
  - Quick start on understanding the Kubernetes operator framework - https://sdk.operatorframework.io/docs/building-operators/golang/quickstart/
- For Kural
- - Get the login for OPNFV lab and LF Edge lab login for Qiang and Jiahao.

OVN Demo

Function defination

 1# ADD_BR()
 2ovs-vsctl add-br br-int-1
 3# ADD_NAMESPACES(foo1)
 4ip netns add foo1
 5# NS_EXEC([namespace],[command])
 6ip netns exec foo1 ip link
 7# ADD_VETH(foo1, foo1, br-int, "192.168.1.2/24","f0:00:00:01:02:03",
 8# "192.168.1.1")
 9# ADD_VETH([port],[namespace],[ovs-br],[ip_addr],[mac_addr],[gateway],
10# [ip_addr_flags])
11
12
13ip link add $1 type veth peer name ovs-$1
14ip link set $1 netns $2
15ip link set dev ovs-$1 up
16ovs-vsctl add-port $3 ovs-$1 -- \
17set interface ovs-$1 external-ids:iface-id="$1"
18
19ip netns exec $2 ip addr add $4 dev $1 $7
20ip netns exec $2 ip link set dev $1 up
21ip netns exec $2 ip link set dev $1 address $5
22ip netns exec $2 ip route add default via $6
23
24ip link del ovs-foo1

Setup Demo

 1function ADD_NAMESPACES(){
 2        ip netns add $1
 3}
 4
 5
 6function ADD_VETH(){
 7set -x
 8
 9ip link add $1 type veth peer name ovs-$1
10ip link set $1 netns $2
11ip link set dev ovs-$1 up
12ovs-vsctl add-port $3 ovs-$1 -- \
13set interface ovs-$1 external-ids:iface-id="$1"
14
15ip netns exec $2 ip addr add $4 dev $1 $7
16ip netns exec $2 ip link set dev $1 up
17ip netns exec $2 ip link set dev $1 address $5
18ip netns exec $2 ip route add default via $6
19}
20
21ovs-vsctl add-br br-int-1
22ovn-nbctl create Logical_Router name=R1
23ovn-nbctl create Logical_Router name=R2 options:chassis=hv1
24
25ovn-nbctl ls-add foo
26ovn-nbctl ls-add bar
27ovn-nbctl ls-add alice
28ovn-nbctl ls-add join
29
30# Connect foo to R1
31ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
32ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
33            type=router options:router-port=foo addresses='"00:00:01:01:02:03"'
34
35# Connect bar to R1
36ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
37ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
38            type=router options:router-port=bar addresses='"00:00:01:01:02:04"'
39
40# Connect alice to R2
41ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
42ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
43            type=router options:router-port=alice addresses='"00:00:02:01:02:03"'
44
45# Connect R1 to join
46ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
47ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
48            type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
49
50# Connect R2 to join
51ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
52ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
53            type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
54
55# Static routes.
56ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
57ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
58
59
60
61ADD_NAMESPACES foo1
62ADD_VETH foo1 foo1 br-int-1 "192.168.1.2/24" "f0:00:00:01:02:03" "192.168.1.1"
63ovn-nbctl lsp-add foo foo1 -- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
64ADD_NAMESPACES alice1
65ADD_VETH alice1 alice1 br-int-1 "172.16.1.2/24" "f0:00:00:01:02:04" "172.16.1.1"
66ovn-nbctl lsp-add alice alice1 -- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
67ADD_NAMESPACES bar1
68ADD_VETH bar1 bar1 br-int-1 "192.168.2.2/24" "f0:00:00:01:02:05" "192.168.2.1"
69ovn-nbctl lsp-add bar bar1 -- lsp-set-addresses bar1 "f0:00:00:01:02:05 192.168.2.2"

 1# destroy the env
 2ip netns del foo1
 3ip netns del bar1
 4ip netns del alice1    
 5ovn-nbctl lr-del R1
 6ovn-nbctl lr-del R2
 7ovn-nbctl ls-del foo
 8ovn-nbctl ls-del bar
 9ovn-nbctl ls-del alice
10ovn-nbctl ls-del join
11ovs-vsctl del-br br-int-1

OVS demo

 1# Create 2 VRFs(namespasce) VRF1 and VRF2
 2ip netns add VRF1
 3ip netns add VRF2
 4ip netns list
 5# Create virtual ethernet port vEth1 and vEth2 and connect them to eatch other
 6ip link add veth1 type veth peer name veth2
 7# Create virtual ethernet port vEth3 and vEth4 and connect them to each other
 8ip link add veth3 type veth peer name veth4
 9# Move vEth1 to VRF1
10ip link set veth1 netns VRF1
11# Move vEth3 to VRF2
12ip link set veth3 netns VRF2
13# Assign IP addresses to vEth
14# ip netns exec VRF1 ifconfig veth1 10.10.10.1/24 up
15ip netns exec VRF1 ip addr add 10.10.10.1/24 dev veth1 
16ip netns exec VRF1 ip link set veth1 up
17# ip netns exec VRF1 ifconfig
18ip netns exec VRF1 ip a
19# ip netns exec VRF2 ifconfig veth3 10.10.10.2/24 up
20ip netns exec VRF2 ip addr add 10.10.10.2/24 dev veth3
21ip netns exec VRF2 ip link set veth3 up
22ip netns exec VRF2 ip a
23
24# Create vSwitch1
25ovs-vsctl add-br vSwitch1
26# Assign vEth2 and vEth4 to vSwitch1
27ovs-vsctl add-port vSwitch1 veth2
28ovs-vsctl add-port vSwitch1 veth4
29
30ip link set veth2 up
31ip link set veth4 up 
32# Test connectivity
33ip netns exec VRF1 ping -c 3 10.10.10.2
34ip addr add 10.10.10.3/24 dev vSwitch1
35ping -c 3 10.10.10.1
36ping -c 3 10.10.10.2
37# Enable Spanning Tree of vSwith1
38ovs-ctl set bridge vSwitch1 stp_enable=true
39# the port from listening to forwarding, it can work to receive packet
40ovsdb-client dump
41# ovs-ctl set bridge vSwitch1 stp_enable=false
42# ovsdb-client dump
43
44
45# Assign IP address to SVI(Bridge Interface,switch virtual interface) of vSwitch1
46
47# Check the MAC address table of vSwitch1
48ovs-appctl fdb/show vSwitch1

Reference

[7/15 10:33 AM] Ramakrishnan, Kuralamudhan https://www.dasblinkenlichten.com/understanding-cni-container-networking-interface/ [7/15 10:36 AM] Ramakrishnan, Kuralamudhan https://github.com/containernetworking/cni/blob/main/SPEC.md [7/15 10:36 AM] Ramakrishnan, Kuralamudhan https://github.com/containernetworking/plugins/tree/main/plugins/main/bridge [7/15 10:37 AM] Ramakrishnan, Kuralamudhan https://github.com/containernetworking/plugins/blob/main/plugins/main/bridge/bridge.go

[9:13 AM] Ramakrishnan, Kuralamudhan https://github.com/ovn-org/ovn/blob/main/tests/system-ovn.at [9:14 AM] Ramakrishnan, Kuralamudhan https://github.com/ovn-org/ovn/blob/main/tests/system-ovn.at#L24 [9:16 AM] Ramakrishnan, Kuralamudhan https://github.com/ovn-org/ovn/blob/main/tests/system-ovn.at#L612 [9:18 AM] Ramakrishnan, Kuralamudhan https://man7.org/linux/man-pages/man8/ovn-trace.8.html [9:27 AM] 9:27 AM Meeting ended: 52m 22s Please read my blog on the future work - https://medium.com/@rkamudhan/service-function-chaining-in-kubernetes-using-squid-proxy-for-sase-providers-7c477a76893e like 1

Till now, I have a rough understanding of the OVS and the OVN usage, Instead of the OVN sandbox, I try the common OVS and OVN command in the ovn-controller pod to construct a network.

Because I failed to set up the OVN sandbox environment, I don’t know if should I run the OVS first and then set up the ovn sand-box environment.

And last Friday, the Poland colleague introduced the recent work they did about the nodus, the main focus on the recent pr on the ICN gerrit.

Airren Ren