产品
ovn是轻量级的SDN controller,网络的事情交给SDN来完成,openstack neutron-server只提供api和db。
不再需要那么多agent(neutron-openvswitch-agent,neutron-l3-agent,neutron-dhcp-agent)等
ovn组件之间用自己方式通信,不再用RPC通信。
networking-ovn作为neutron-server的plugin,把neutron-server api请求写到ovn-north DB中。
ovn-northd监听ovn-north DB,然后把ovn-north DB翻译成ovn-south DB
ovn-controller监听ovn-south DB,获取信息然后操作ovs
对应openstack neutron的数据库,都是逻辑的概念,由neutron plugin写数据库
logical switch等价于neutron network,logical router等价于neutron中的router
logical port 等价于openstack中的port,分为如下几类
logical port
其它都能在neutron中找到对应的东西
NB_Global Northbound configuration
Logical_Switch L2 logical switch
Logical_Switch_Port L2 logical switch port
Address_Set Address Sets
Load_Balancer load balancer
ACL Access Control List (ACL) rule
Logical_Router L3 logical router
QoS QOS table
Logical_Router_Port L3 logical router port
Logical_Router_Static_Route Logical router static routes
NAT NAT rules
DHCP_Options DHCP options
Connection OVSDB client connections.
DNS Native DNS resolution
SSL SSL configuration.
Gateway_Chassis Gateway_Chassis configuration
逻辑网络 物理网络 以及二者的对应关系
逻辑网络由ovn-northd写,物理网络和二者对应关系由ovn-controller写
SB_Global Southbound configuration
Chassis Physical Network Hypervisor and Gateway Information
Encap Encapsulation Types
Address_Set Address Sets
Logical_Flow Logical Network Flows
Multicast_Group Logical Port Multicast Groups
Datapath_Binding Physical-Logical Datapath Bindings
Port_Binding Physical-Logical Port Bindings
MAC_Bindin IP to MAC bindings
DHCP_Options DHCP Options supported by native OVN DHCP
DHCPv6_Options DHCPv6 Options supported by native OVN DHCPv6
主要是把logical switch和logical router翻译成logical flow
logical flow有switch和router datapath,每个datapath又分为ingress和egress
流量依次经过每一个table,并且先ingress后egree
Logical Switch Datapaths
Ingress Table 0: Admission Control and Ingress Port Security - L2
Ingress Table 1: Ingress Port Security - IP
Ingress Table 2: Ingress Port Security - Neighbor discovery
Ingress Table 3: from-lport Pre-ACLs
Ingress Table 4: Pre-LB
Ingress Table 5: Pre-stateful
Ingress table 6: from-lport ACLs
Ingress Table 7: from-lport QoS Marking
Ingress Table 8: from-lport QoS Meter
Ingress Table 9: LB
Ingress Table 10: Stateful
Ingress Table 11: ARP/ND responder
Ingress Table 12: DHCP option processing
Ingress Table 13: DHCP responses
Ingress Table 14 DNS Lookup
Ingress Table 15 DNS Responses
Ingress Table 16 Destination Lookup
Egress Table 0: Pre-LB
Egress Table 1: to-lport Pre-ACLs
Egress Table 2: Pre-stateful
Egress Table 3: LB
Egress Table 4: to-lport ACLs
Egress Table 5: to-lport QoS Marking
Egress Table 6: to-lport QoS Meter
Egress Table 7: Stateful
Egress Table 8: Egress Port Security - IP
Egress Table 9: Egress Port Security - L2
Logical Router Datapaths
Ingress Table 0: L2 Admission Control
Ingress Table 1: IP Input
Ingress Table 2: DEFRAG
Ingress Table 3: UNSNAT
Ingress Table 4: DNAT(Gateway Routers or Distributed Routers)
Ingress Table 5: IPv6 ND RA option processing
Ingress Table 6: IPv6 ND RA responder
Ingress Table 7: IP Routing
Ingress Table 8: ARP/ND Resolution
Ingress Table 9: Gateway Redirect
Ingress Table 10: ARP Request
Egress Table 0: UNDNAT
Egress Table 1: SNAT(Gateway Routers or Distributed Routers)
Egress Table 2: Egress Loopback
Egress Table 3: Delivery
每个hypervisor上运行一个,连接到ovn south DB,然后把ovn south DB中获取的信息写到本地ovs DB中
然后作为ovs-vswitchd的controller,把logical flow转换成ovs flow
hypervisor之间流量用geneve封装,和物理VTEP之间才用vxlan,geneve相比vxlan头部有TLV扩展,
可以跨hypervisor之间携带更多信息,如(logical datapath field, input port, output port, conntrack zone等)
ovn-controller在每一个hypervisor上创建一个br-int桥,VM直接连接到br-int桥上,ovn-controller还会在br-int
上添加tunnel口,用于和其它hypervisor和gateway互通
如果要和物理网络打通,还需要类似于neutron中的bridge mapping,单独创建一个bridge,bridge中绑定一个host
上的物理口,这个物理口和物理网络通着,最后br-int bridge和这个bridge用patch port互连,neutron中创建网络时
provider physical network指定这个物理口。
免责声明:本文系网络转载或改编,未找到原创作者,版权归原作者所有。如涉及版权,请联系删
155-2731-8020
