Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

LF_OVS_17_OVN and Containers - An update.


Published on

Open vSwitch Fall Conference 2017

Published in: Technology
  • Be the first to comment

LF_OVS_17_OVN and Containers - An update.

  1. 1. OVN and Containers Guru Shetty <> November 16-17, 2017 | San Jose, CA
  2. 2. Integration with OVS br-int 1. ovs-vsctl add-br br-int 2. ip netns add ns1 ns1 3. ip link add p0_l type veth peer name p0_c 4. ip link set p0_c netns ns1 5. ip netns exec p0_c ip link set dev p0_c name eth0 6. ovs-vsctl add-port br-int p0_l eth0 ns2 eth0
  3. 3. Integration with OVN br-int ns1 eth0 ovs-vsctl add-port br-int p0_l p0_l ovs-vsctl set interface p0_l external- ids:iface-id=“port0” ovn-nbctl ls-add ls0 ovn-nbctl lsp-add ls0 port0 -- lsp-set-addresses port0 “$MAC $IP” host1 br-int ns2 eth0 p0_l host2 ovs-vsctl add-port br-int p0_l -- set interface p0_l external-ids:iface- id=“port1” ovn-nbctl lsp-add ls0 port1 -- lsp-set- addresses port1 “$MAC $IP”
  4. 4. Integration with container orchestrators br-int pod1 eth0 p0_l host kubectl create -f pod1.yaml kubeletplugin ovs-vsctl add-port br-int p0_l ovs-vsctl set interface p0_l external-ids:iface- id=“port0” ovn-nbctl lsp-add ls0 port0 -- lsp-set-addresses port0 “$MAC $IP” kubectl delete -f pod1.yaml
  5. 5. OVN objects • Logical Switch Port • Logical Switch • Logical Router • ACL • Load-balancers • DHCP and DNS • Gateways and NAT
  6. 6. Popular Orchestrators • Docker • Docker Swarm • Kubernetes • Mesos and DC/OS
  7. 7. Kubernetes • A pod is a group of containers that share the same network namespace. • Containers inside a pod speak via localhost with each other. • A host can have multiple pods. • pods speak to each other via their pod IP. • All pods in a cluster should be able to talk to each other via their own IP. • A pod should also be able to speak to Kubernetes central daemons. • Pods are fungible. They can be destroyed and re-created in a different host with a different IP.
  8. 8. OVN networking for kubernetes P1 OVS master 1. kubernetes central daemons 2. OVN database and daemons OVS P2 P3 P4 P5 P6 minion2minion1 ovn-controller ovn-controller cni cni healt h check healt h check
  9. 9. OVN networking for kubernetes S R P1 P2 P3 P4 P5 P6 S Master Logical Space S healthhealth
  10. 10. OVN Kubernetes north/south networking R S S S GR1 GR2 GR3 join
  11. 11. Kubernetes Services • A Service is a front end to a Pod (or group of pods) • Pods discover each other via the Service IP or service name. • The service IP is constant (a VIP), but the pods backing it can change. • Service discovery by application happens either via DNS or via Environmental variables. • Each service has a set of endpoint objects (pods) that can be queried. 11
  12. 12. OVN Kubernetes Watcher • Continuously watches K8s API server. • Creates a logical port when a pod gets created. • Creates load-balancer entries in OVN when services are created. • Creates ACLs in OVN when kubernetes network policy is created.
  13. 13. Multi-tenancy in Kubernetes • OVN and Network Virtualization shines. • Kubernetes seen as an application deployment tool. • Preference for multiple kubernetes clusters.
  14. 14. Service mesh in Kubernetes • Each pod has an Envoy container to act as a proxy • iptables rules inside the pods • Envoy can do the load-balancing
  15. 15. Questions •