Uploaded bymestery
1,923 views

OVN: Scaleable Virtual Networking for Open vSwitch

OVN is a network virtualization architecture that allows for scalable virtual networking on Open vSwitch. It abstracts virtual networking from physical networking and provides the same features as physical networks. OVN uses distributed logical flows and databases coordinated by local controllers to convert logical flows to physical flows. This allows for high performance, scalable virtual networking without depending on the physical topology.

Embed presentation

Downloaded 95 times
OVN: Scaleable Virtual Networking for Open vSwitch Kyle Mestery (@mestery) Justin Pettit (@Justin_D_Pettit)
The Case for Network Virtualization • Network provisioning needs to be self-service. • Virtual networking needs to be abstracted from physical. • Virtual networking needs same features as physical. Legacy Physical Network HV1 HV2 Cloud Physical Network
What is OVN? • ✓ ✓ ✓ ✓ ✓ ✓ ✓ • ✓ ✓ ✓ • ✓ ✓ ✓
• • • • The Particulars
Goals
How is OVN Different?
…
Architecture • Configuration coordinated through databases • Logical flows, don’t worry about physical topology • Local controller converts logical flow state into physical flow state • Desired state clearly separated from run-time state • Based on the architecture we wanted from seeing a number of others using OVS
Data Plane Scale
Common Approach to Security Groups • OpenFlow • Not truly stateful • Possibly bad performance • OpenStack • Required extra linux bridge and veth pair per VM • Uses iptables
OVN Security Groups Design ● Uses kernel conntrack module directly from OVS ● Design benefits ○ No complicated pipeline ○ Faster* -- Fewer hops and veth ports OVS bridge VM VM eth eth tap tap * http://blog.russellbryant.net/2015/10/22/openstack-security-groups-using-ovn-acls/
Security Group Throughput
Common Approach to L3 • Agent-based • Use the Linux IP stack and iptables • Forwarding • NAT • Overlapping IP address support using namespaces
Example OpenStack L3
OVN L3 Design • Native support for IPv4 and IPv6 • Distributed • ARP/ND suppression • Flow caching improves performance • Without OVN: multiple per-packet routing layers • With OVN: cache sets dest mac, decrements TTL • No CMS-specific L3 agent
Control Plane Scale
Scale Test Framework • • • • • • • • ☺ • … …
Current Scale (Pure OVN) • • • • • • •
Scale Improvements - Ongoing • • • • • • •
Deployment
Deployment made easy ● No additional daemons to install on hypervisors beyond what comes with OVS ● Minimal host-level configuration ● Rolling upgrades
• OVSDB schema is versioned • Changes to schema will be carefully managed to be backwards compatible • Allows rolling upgrades • Update databases first • Roll through upgrades to ovn-controller • Same strategy OVS itself has been using Rolling Upgrades
Continuously Delivering OVN
Why Continuous Delivery of OVN? ● 90+ active developers working on OVS/OVN ● Hundreds to thousands of lines of code added daily - travis-ci jobs running to test this ● At large scale, automated testing is a given ● Delivering upstream fast means developers can work upstream, reducing technical debt
Continuous Delivery of OVS/OVN
What About Delivering Releases?
One Way To Continuously Deliver ● Align with OpenStack CI/CD ○ Same tools upstream ■ Zuul (Pipeline management) ■ Nodepool (resource management) ■ Gerrit (code review) ○ Build our own packages ● Ability to carry local patches ○ Needed for security patches ○ Also for bugs and features not landed upstream yet
Status
Neutron Integration Status • •
OVN vs. OVS Python Agents
OpenStack Deployment Options ● Full devstack support ● Puppet OpenStack now supports OVN ● TripleO support posted for review ● Kolla support being planned
• Non-experimental for next OpenStack release (Newton) • Recently landed features: • L3 gateway with NAT and load-balancing support • IPv6 logical routing • Native DHCP service • Address Set for ACL/Security group • Kubernetes support Upcoming Release The “Microwave” Release
Future Work ● Better database clustering and HA ● Avoid complete recalculations with incremental computation ● Native DNS support ● Live migration support for ACLs ● Hitless upgrades
Resources • Architecture described in detail in ovn-architecture (5) • Available in the “master” and “branch-2.6” branches of the main OVS repo: – https://github.com/openvswitch/ovs – http://openvswitch.org/support/dist-docs/ • Neutron plugin: – https://git.openstack.org/openstack/networking-ovn.git • Neutron integration docs, including devstack instructions: – http://docs.openstack.org/developer/networking-ovn/ • Kubernetes plugin and documentation: – https://github.com/openvswitch/ovn-kubernetes • OVN scale test harness – https://github.com/openvswitch/ovn-scale-test.git
How you can help • Try it! Test it! Scale it! Report bugs! Write Code! • Core OVN is being developed on ovs-dev mailing list: – http://openvswitch.org/pipermail/dev/ – #openvswitch on Freenode • Neutron plugin for OVN is being developed here: – http://git.openstack.org/openstack/networking-ovn.git – openstack-dev mailing list – #openstack-neutron-ovn on Freenode
Thank you! Questions? Justin Pettit (@Justin_D_Pettit) Kyle Mestery (@mestery)
OVN: Scaleable Virtual Networking for Open vSwitch

More Related Content

PDF
Ovn vancouver
byMason Mei
 
PPTX
Neutron behind the scenes
byinbroker
 
PDF
The Open vSwitch and OVN Projects
byLinuxCon ContainerCon CloudOpen China
 
PDF
Open Source Backends for OpenStack Neutron
bymestery
 
ODP
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
byDave Neary
 
PPTX
OpenStack Networking and Automation
byAdam Johnson
 
PDF
OpenStack Neutron: What's New In Kilo and a Look Toward Liberty
bymestery
 
PDF
Introduction to Software Defined Networking and OpenStack Neutron
bySana Khan
 
Ovn vancouver
byMason Mei
 
Neutron behind the scenes
byinbroker
 
The Open vSwitch and OVN Projects
byLinuxCon ContainerCon CloudOpen China
 
Open Source Backends for OpenStack Neutron
bymestery
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
byDave Neary
 
OpenStack Networking and Automation
byAdam Johnson
 
OpenStack Neutron: What's New In Kilo and a Look Toward Liberty
bymestery
 
Introduction to Software Defined Networking and OpenStack Neutron
bySana Khan
 

What's hot

PPTX
Openstack Basic with Neutron
byKwonSun Bae
 
PPTX
Meetup 23 - 02 - OVN - The future of networking in OpenStack
byVietnam Open Infrastructure User Group
 
PPTX
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
byJames Denton
 
PDF
Inside Architecture of Neutron
bymarkmcclain
 
PDF
OpenStack networking (Neutron)
byCREATE-NET
 
PPTX
How to write a Neutron Plugin - if you really need to
bysalv_orlando
 
PDF
Linux Tag 2014 OpenStack Networking
byyfauser
 
PPTX
OpenStack Neutron behind the Scenes
byAnil Bidari ( CEO , Cloud Enabled)
 
PDF
OpenDaylight OpenStack Integration
byLinuxCon ContainerCon CloudOpen China
 
PDF
Improving Network Application Performance using Load Aware Libeventdev
byMichelle Holley
 
PDF
Open daylight and Openstack
byDave Neary
 
PDF
Open stack networking_101_update_2014
byyfauser
 
PDF
Quantum - Virtual networks for Openstack
bysalv_orlando
 
PDF
OpenStack Neutron Liberty Updates
bymestery
 
PDF
OpenStack Neutron 201 1hr
byDavid Lenwell
 
PDF
OpenStack Neutron Advanced Services by Akanda
bySean Roberts
 
PDF
Neutron high availability open stack architecture openstack israel event 2015
byArthur Berezin
 
PPTX
Introduction to Openstack Network
bysalv_orlando
 
PDF
Whats new in neutron for open stack havana
byKamesh Pemmaraju
 
PDF
OpenStack Tokyo Summit Keynote Slides
bymestery
 
Openstack Basic with Neutron
byKwonSun Bae
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
byVietnam Open Infrastructure User Group
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
byJames Denton
 
Inside Architecture of Neutron
bymarkmcclain
 
OpenStack networking (Neutron)
byCREATE-NET
 
How to write a Neutron Plugin - if you really need to
bysalv_orlando
 
Linux Tag 2014 OpenStack Networking
byyfauser
 
OpenStack Neutron behind the Scenes
byAnil Bidari ( CEO , Cloud Enabled)
 
OpenDaylight OpenStack Integration
byLinuxCon ContainerCon CloudOpen China
 
Improving Network Application Performance using Load Aware Libeventdev
byMichelle Holley
 
Open daylight and Openstack
byDave Neary
 
Open stack networking_101_update_2014
byyfauser
 
Quantum - Virtual networks for Openstack
bysalv_orlando
 
OpenStack Neutron Liberty Updates
bymestery
 
OpenStack Neutron 201 1hr
byDavid Lenwell
 
OpenStack Neutron Advanced Services by Akanda
bySean Roberts
 
Neutron high availability open stack architecture openstack israel event 2015
byArthur Berezin
 
Introduction to Openstack Network
bysalv_orlando
 
Whats new in neutron for open stack havana
byKamesh Pemmaraju
 
OpenStack Tokyo Summit Keynote Slides
bymestery
 

Similar to OVN: Scaleable Virtual Networking for Open vSwitch

PDF
Introduction to open virtual network Dawid Deja
byOpenInfra Days Poland 2019
 
PDF
What's the deal with Neutron?
byCynthia Thomas
 
PDF
SDN & NFV Introduction - Open Source Data Center Networking
byThomas Graf
 
PDF
LF_OVS_17_State of the OVN
byLF_OpenvSwitch
 
PDF
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
byOPNFV
 
PPTX
OVN - Basics and deep dive
byTrinath Somanchi
 
PDF
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
byOpenStack Korea Community
 
PPTX
Midokura OpenStack Meetup Taipei
byDan Mihai Dumitriu
 
PDF
Open stack foundation-nfv-report
byAmanda Espíndola Raymundi
 
PDF
Midokura @ OpenStack Seattle
byCynthia Thomas
 
PPTX
Neutron scaling
byVinay Bannai
 
PDF
OpenStack: Networking Roadmap, Collaboration and Contribution
byOpen Networking Summit
 
PDF
CloudKC: Evolution of Network Virtualization
byCynthia Thomas
 
PDF
Network Virtualization & Software-defined Networking
byDigicomp Academy AG
 
PPTX
Supporting Virtualized Telco Applications with OpenStack
byBruce Davie
 
PDF
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
byシスコシステムズ合同会社
 
PPTX
OPNFV: Upstream Headwaters to Full Deployment
byOPNFV
 
PDF
Intro: OPFNV Mini Summit at 2015 NFV World Congress
byOPNFV
 
PPTX
Opnfv vision, community and projects
byOPNFV
 
PDF
OpenStack OPNFV joint efforts on interop challenge nfv testing
byZhipeng Huang
 
Introduction to open virtual network Dawid Deja
byOpenInfra Days Poland 2019
 
What's the deal with Neutron?
byCynthia Thomas
 
SDN & NFV Introduction - Open Source Data Center Networking
byThomas Graf
 
LF_OVS_17_State of the OVN
byLF_OpenvSwitch
 
Summit 16: ARM Mini-Summit - NXP QorIQ NFV Solutions - NXP Semiconductors
byOPNFV
 
OVN - Basics and deep dive
byTrinath Somanchi
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
byOpenStack Korea Community
 
Midokura OpenStack Meetup Taipei
byDan Mihai Dumitriu
 
Open stack foundation-nfv-report
byAmanda Espíndola Raymundi
 
Midokura @ OpenStack Seattle
byCynthia Thomas
 
Neutron scaling
byVinay Bannai
 
OpenStack: Networking Roadmap, Collaboration and Contribution
byOpen Networking Summit
 
CloudKC: Evolution of Network Virtualization
byCynthia Thomas
 
Network Virtualization & Software-defined Networking
byDigicomp Academy AG
 
Supporting Virtualized Telco Applications with OpenStack
byBruce Davie
 
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
byシスコシステムズ合同会社
 
OPNFV: Upstream Headwaters to Full Deployment
byOPNFV
 
Intro: OPFNV Mini Summit at 2015 NFV World Congress
byOPNFV
 
Opnfv vision, community and projects
byOPNFV
 
OpenStack OPNFV joint efforts on interop challenge nfv testing
byZhipeng Huang
 

More from mestery

PDF
OpenStack Neutron Tutorial
bymestery
 
PPTX
OpenStack: Why Is It Gaining So Much Traction?
bymestery
 
PPT
OpenDaylight Integration with OpenStack Neutron: A Tutorial
bymestery
 
PPTX
LISP and NSH in Open vSwitch
bymestery
 
PPTX
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
bymestery
 
PPTX
Modular Layer 2 In OpenStack Neutron
bymestery
 
PPTX
OpenStack Development Using devstack
bymestery
 
PPTX
Next Generation Network Developer Skills
bymestery
 
PDF
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
bymestery
 
PPTX
Open Source Cloud, Virtualization and Deployment Technologies
bymestery
 
PPTX
vBrownBag OpenStack Networking Talk
bymestery
 
PPTX
Triangle OpenStack Meetup
bymestery
 
OpenStack Neutron Tutorial
bymestery
 
OpenStack: Why Is It Gaining So Much Traction?
bymestery
 
OpenDaylight Integration with OpenStack Neutron: A Tutorial
bymestery
 
LISP and NSH in Open vSwitch
bymestery
 
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
bymestery
 
Modular Layer 2 In OpenStack Neutron
bymestery
 
OpenStack Development Using devstack
bymestery
 
Next Generation Network Developer Skills
bymestery
 
Group Based Policy: Open Source Policy in OpenDaylight and OpenStack Neutron
bymestery
 
Open Source Cloud, Virtualization and Deployment Technologies
bymestery
 
vBrownBag OpenStack Networking Talk
bymestery
 
Triangle OpenStack Meetup
bymestery
 

Recently uploaded

PDF
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
PDF
Running Non-Cloud-Native Databases in Cloud-Native Environments_ Challenges a...
byAlkin Tezuysal
 
PDF
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
PDF
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
PPTX
Streamlining Business Processes with UiPath Apps
byTracy Dixon
 
PPTX
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
PDF
SELinux Policy Management in RHEL - RHCSA+.pdf
byLinuxCert Guru
 
PDF
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
PDF
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
PDF
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
PDF
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
PPTX
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
PPTX
oop pillor polymorphism Code Presentation
byhifzamahmood8
 
PDF
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
PDF
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PDF
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
PDF
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
PDF
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
PDF
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
Running Non-Cloud-Native Databases in Cloud-Native Environments_ Challenges a...
byAlkin Tezuysal
 
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
Streamlining Business Processes with UiPath Apps
byTracy Dixon
 
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
SELinux Policy Management in RHEL - RHCSA+.pdf
byLinuxCert Guru
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
Opening Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
oop pillor polymorphism Code Presentation
byhifzamahmood8
 
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 

OVN: Scaleable Virtual Networking for Open vSwitch

  • 1.
    OVN: Scaleable Virtual Networkingfor Open vSwitch Kyle Mestery (@mestery) Justin Pettit (@Justin_D_Pettit)
  • 2.
    The Case forNetwork Virtualization • Network provisioning needs to be self-service. • Virtual networking needs to be abstracted from physical. • Virtual networking needs same features as physical. Legacy Physical Network HV1 HV2 Cloud Physical Network
  • 3.
  • 4.
  • 5.
  • 6.
    How is OVNDifferent?
  • 7.
  • 8.
    Architecture • Configuration coordinatedthrough databases • Logical flows, don’t worry about physical topology • Local controller converts logical flow state into physical flow state • Desired state clearly separated from run-time state • Based on the architecture we wanted from seeing a number of others using OVS
  • 9.
  • 10.
    Common Approach toSecurity Groups • OpenFlow • Not truly stateful • Possibly bad performance • OpenStack • Required extra linux bridge and veth pair per VM • Uses iptables
  • 11.
    OVN Security GroupsDesign ● Uses kernel conntrack module directly from OVS ● Design benefits ○ No complicated pipeline ○ Faster* -- Fewer hops and veth ports OVS bridge VM VM eth eth tap tap * http://blog.russellbryant.net/2015/10/22/openstack-security-groups-using-ovn-acls/
  • 12.
  • 13.
    Common Approach toL3 • Agent-based • Use the Linux IP stack and iptables • Forwarding • NAT • Overlapping IP address support using namespaces
  • 14.
  • 15.
    OVN L3 Design •Native support for IPv4 and IPv6 • Distributed • ARP/ND suppression • Flow caching improves performance • Without OVN: multiple per-packet routing layers • With OVN: cache sets dest mac, decrements TTL • No CMS-specific L3 agent
  • 16.
  • 17.
  • 18.
    Current Scale (PureOVN) • • • • • • •
  • 19.
    Scale Improvements -Ongoing • • • • • • •
  • 20.
  • 21.
    Deployment made easy ●No additional daemons to install on hypervisors beyond what comes with OVS ● Minimal host-level configuration ● Rolling upgrades
  • 22.
    • OVSDB schemais versioned • Changes to schema will be carefully managed to be backwards compatible • Allows rolling upgrades • Update databases first • Roll through upgrades to ovn-controller • Same strategy OVS itself has been using Rolling Upgrades
  • 23.
  • 24.
    Why Continuous Deliveryof OVN? ● 90+ active developers working on OVS/OVN ● Hundreds to thousands of lines of code added daily - travis-ci jobs running to test this ● At large scale, automated testing is a given ● Delivering upstream fast means developers can work upstream, reducing technical debt
  • 25.
  • 26.
  • 27.
    One Way ToContinuously Deliver ● Align with OpenStack CI/CD ○ Same tools upstream ■ Zuul (Pipeline management) ■ Nodepool (resource management) ■ Gerrit (code review) ○ Build our own packages ● Ability to carry local patches ○ Needed for security patches ○ Also for bugs and features not landed upstream yet
  • 28.
  • 29.
  • 30.
    OVN vs. OVSPython Agents
  • 31.
    OpenStack Deployment Options ●Full devstack support ● Puppet OpenStack now supports OVN ● TripleO support posted for review ● Kolla support being planned
  • 32.
    • Non-experimental fornext OpenStack release (Newton) • Recently landed features: • L3 gateway with NAT and load-balancing support • IPv6 logical routing • Native DHCP service • Address Set for ACL/Security group • Kubernetes support Upcoming Release The “Microwave” Release
  • 33.
    Future Work ● Betterdatabase clustering and HA ● Avoid complete recalculations with incremental computation ● Native DNS support ● Live migration support for ACLs ● Hitless upgrades
  • 34.
    Resources • Architecture describedin detail in ovn-architecture (5) • Available in the “master” and “branch-2.6” branches of the main OVS repo: – https://github.com/openvswitch/ovs – http://openvswitch.org/support/dist-docs/ • Neutron plugin: – https://git.openstack.org/openstack/networking-ovn.git • Neutron integration docs, including devstack instructions: – http://docs.openstack.org/developer/networking-ovn/ • Kubernetes plugin and documentation: – https://github.com/openvswitch/ovn-kubernetes • OVN scale test harness – https://github.com/openvswitch/ovn-scale-test.git
  • 35.
    How you canhelp • Try it! Test it! Scale it! Report bugs! Write Code! • Core OVN is being developed on ovs-dev mailing list: – http://openvswitch.org/pipermail/dev/ – #openvswitch on Freenode • Neutron plugin for OVN is being developed here: – http://git.openstack.org/openstack/networking-ovn.git – openstack-dev mailing list – #openstack-neutron-ovn on Freenode
  • 36.
    Thank you! Questions? JustinPettit (@Justin_D_Pettit) Kyle Mestery (@mestery)