OVNのご紹介

Transcript

1. 1 v1.0 OVNのご紹介 2019-11-01 Manabu Ori @orimanabu RED HAT CLOUD

   PLATFORMS BUSINESS UNIT

2. 注意 2 • この資料は2019年11月1日時点の情報を元に作成しました

3. OVNとは

4. OVN (Open Virtual Network) とは 4 • 複数ハイパーバイザ上のOVSにまたがった仮想ネットワークを作る仕組み • OVS

   (Open vSwitch) のサブプロジェクトとして、2015年に始動 ◦ 最初のリリース: 27 Sep 2016 (OVS v2.6) ◦ OpenStack Neutron Plugin (networking-ovn) の最初のリリース: 06 Oct 2016 (Newton) ◦ OVS v2.11からリポジトリが分離 https://github.com/ovn-org • オーバーレイネットワークを論理ネットワークとして抽象化 HV1 HV2 VM-1 VM-2 VM-A VM-3 VM-4 VM-B Logical Switch VM-A VM-B Logical Switch Logical Router Logical Switch VM-3 VM-4 VM-1 VM-2 物理ネットワーク 論理ネットワーク

5. OVNの特徴 5 • データベース操作によるコンフィギュレーション • Logical Flowによる設定 ◦ 物理ネットワーク(OVS)と仮想ネットワークを分離 ◦

   だいたいOpenFlowと同じ気分 ▪ フローテーブルのパイプライン、フローのmatchとaction • ハイパーバイザ間のカプセリングはGeneve,STT • 分散L2, L3処理 • NAT、DHCP、ロードバランサのネイティブ実装 • L2, L3ゲートウェイ • 他のCMS (Cloud Management System) と連携することを想定したデザイン ◦ OpenStack, Kubernetes, Docker, Mesos, oVirt, ... OVS OVN 対象 1台のホスト内の仮想スイッチ 複数のホストにまたがる仮想ネットワーク 設定 OpenFlow + OVSDB Logical Flow + OVSDB

6. Open vSwitch (OVS) の課題 6 • OVSは超強力、だけどOpenFlowでSDN環境を構築するのは大変 ◦ 「現時点では、低レベルのフローロジックを直接作り込む必要があるなど、導入の敷居はあまり低くあ りません」

   ▪ 技術文書 OpenFlowの概要, VA Linux Systems Japan ◦ 「プログラミング言語に例えるとアセンブラ、もしくは標準ライブラリがないC言語」 ▪ マスタリングTCP/IP OpenFlow編, オーム社 • OVSは超強力、だから ◦ OVSネイティブな機能を活用するとより効率的に処理できるはず ◦ 現状はOVS, Network Namespace, iptables, etcを組み合わせて様々な機能を実現している • 仮想化/コンテナ基盤のソフトウェア製品それぞれでOpenFlowの作り込みをするのはつらい ◦ OpenStack ◦ Kubernetes ◦ oVirt, ...

7. OVNのコンポーネント 7 • Northbound DB • Southbound DB • ovn-northd

   • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow

8. OVNのコンポーネント 8 • Northbound DB • Southbound DB • ovn-northd

   • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow Northbound DB • CMS (Cloud Management System) との連携をする部分 • 論理ネットワークの構成、あるべき姿 (desired state) を格納 するデータベース ◦ Logical Port, Logical Switch, Logical Router, ...

9. OVNのコンポーネント 9 • Northbound DB • Southbound DB • ovn-northd

   • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow Southbound DB • 現在の状態 (runtime state) を格納するデータベース • 論理ポート・スイッチ・ルータと、物理要素とのマッピング • runtime stateと論理ネットワークを元にしたLogical Flowのパイ プライン

10. OVNのコンポーネント 10 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow ovn-northd • Northbound DBの論理構成をSouthbound DBの runtime stateに変換するデーモン • 論理ネットワークの構成を元にLogical flowを生成

11. OVNのコンポーネント 11 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow ovn-controller • 各ハイパーバイザノードで稼働 • Logical flowからPhysical flowを生成 ◦ e.g. VIF UUID → OpenFlow port • Physical flowをハイパーバイザ上のOVSに注入

12. OVNのコンポーネント 12 • Northbound DB ◦ CMS (Cloud Management System)

    との連携をする部分 ◦ 論理ネットワークの構成、あるべき姿 (desired state) を格納するデータベース ▪ Logical Port, Logical Switch, Logical Router, ... • Southbound DB ◦ 現在の状態 (runtime state) を格納するデータベース ◦ 論理ポート・スイッチ・ルータと、物理要素とのマッピング ◦ runtime stateと論理ネットワークを元にしたLogical Flowのパイプライン • ovn-northd ◦ Northbound DBの論理構成をSouthbound DBのruntime stateに変換するデーモン ◦ 論理ネットワークの構成を元にLogical flowを生成 • ovn-controller ◦ 各ハイパーバイザノードで稼働 ◦ Logical flowからPhysical flowを生成 ▪ e.g. VIF UUID → OpenFlow port ◦ Physical flowをハイパーバイザ上のOVSに注入

13. Logical Table Flow Structure - Logical Switch Datapaths 13 Table

    Flow category 0 Admission Control and Ingress Port Security - L2 1 Ingress Port Security - IP 2 Ingress Port Security - Neighbor discovery 3 from-lport Pre-ACLs 4 Pre-LB 5 Pre-stateful 6 from-lport ACLs 7 from-lport QoS marking 8 from-lport QoS meter 9 LB 10 Stateful 11 ARP/ND responder Ingress Egress Table Flow category 12 DHCP option processing 13 DHCP responses 14 DNS Lookup 15 DNS Responses 16 Destination Lookup Table Flow category 0 Pre-LB 1 to-lport Pre-ACLs 2 Pre-stateful 3 LB 4 to-lport ACLs 5 to-lport QoS marking 6 to-lport QoS meter 7 Stateful 8 Egress Port Security - IP 9 Egress Port Security - L2

14. Logical Table Flow Structure - Logical Router Datapaths 14 Table

    Flow category 0 L2 Admission Control 1 IP Input 2 DEFRAG 3 UNSNAT 4 DNAT 5 IPv6 ND RA option processing 6 IPv6 ND RA responder 7 IP Routing 8 ARP/ND Resolution 9 Gateway Redirect 10 ARP Request Ingress Egress Table Flow category 0 UNDNAT 1 SNAT 2 Egress Loopback 3 Delivery

15. OVNの手動構成 15 • OVSDBの操作 ◦ ovsdb-tool ◦ ovsdb-client • Logical

    Switchの作成 ◦ ovn-nbctl lswitch-add SWITCH_NAME • Logical Portの作成 ◦ ovn-nbctl lport-add SWITCH_NAME PORT_NAME • Logical PortにMACアドレスを設定 ◦ ovn-nbctl lport-set-address PORT_NAME MAC_ADDRESS • Logical PortとPhysical Portの紐付け ◦ ovs-vsctl add-port BRIDGE INTERFACE -- set Interface INTERFACE external_ids:iface-id=PORT_NAME ↓ • OpenStack, Kubernetes等と連携するときは、この辺りはNeutron ML2 driver/CNI Pluginがやってくれます

16. OpenStack Integration

17. OpenStackとの連携 17 • Neutron ML2 driver: networking-ovn ML2/OVS ML2/OVN

18. NeutronとOVNの構成要素のマッピング 18 NEUTRON OVN router logical router + gateway_chassis (scheduling)

    network logical switch + dhcp_options port logical switch port ( + logical router port) security group Port_Group + ACL + Address_Set floating ip NAT (dnat_snat entry type) (in octavia WIP!) Load_Balancer

19. networking-ovnの特徴 19 • L2 ◦ ARP responderの機能 • L3 ◦

    OVNでIPv4/IPv6ルーティングのネイティブサポート ▪ L3 agentは必要ない ◦ 分散ルータ ◦ namespaceを渡る必要がないので効率的 • Security Group ◦ カーネルのconntrackモジュールをOVSから直接利用 ◦ Neutronの firewall_driver = openvswitch と同じ動き • DHCP ◦ ovn-controllerがDHCPの機能を持つ ▪ dhcp agentは必要ない ▪ dnsmasqがたくさん地獄にならない ◦ シンプルなユースケースのみ想定

20. networking-ovnの特徴 20 • Metadata ◦ 今の実装では namespace + haproxy ◦

    metadata-agentとneutron-serverとの 通信は不要 • Octavia ◦ OVNのOctavia driver開発中 ◦ Amphora VMが必要なくなる VM1 VM3 VM2 localport A localport B br-int VM4 nsB haproxy nsA haproxy ovn-metadata-agent UNIX socket Chassis 1

21. Kubernetes Integration

22. Kubernetesとの連携 22 • OVN用のCNIプラグイン: ovn-kubernetes https://github.com/ovn-org/ovn-kubernetes • 他のCNIプラグインとの主な違い ◦ Serviceオブジェクトは基本的にOVSの機能で実現している

    ▪ Service → PodのDNAT ▪ Service → 複数Podのロードバランス ◦ Network Policyの制御はOVSで実現 ◦ その他はだいたい従来のCNIプラグインと同じ ▪ 内部DNSは今のところCoreDNSを使う前提になっている...ように見える

23. ovn-kubernetes 物理構成 23 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.11 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 k8s-k8smaster 192.168.0.2 k8s-k8smaster 6f9a7a6c8ffd405 192.168.1.2

24. ovn-kubernetes 論理ネットワーク 24 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 100.64.0.1 100.64.0.2 100.64.0.3 100.64.0.4 169.254.33.2 169.254.33.2 169.254.33.2

25. ovn-kubernetes 論理ネットワーク 25 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 コンテナが直接接続するLogical Switch Service→PodのロードバランスやDNATはここで処理する

26. ovn-kubernetes 論理ネットワーク 26 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 default via 10.0.2.2 dev enp0s3 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 10.10.0.0/24 dev enp0s8 proto kernel scope link src 10.10.0.11 169.254.33.0/24 dev br-nexthop proto kernel scope link src 169.254.33.1 172.16.1.0/24 via 192.168.0.1 dev k8s-k8smaster 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.0.0/24 dev k8s-k8smaster proto kernel scope link src 192.168.0.2 192.168.0.0/16 via 192.168.0.1 dev k8s-k8smaster

27. ovn-kubernetes 論理ネットワーク 27 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 ノード間通信を制御するLogical Router

28. ovn-kubernetes 論理ネットワーク 28 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 コンテナが外部と通信するときのゲートウェイとなるLogical Router

29. ovn-kubernetes 論理ネットワーク 29 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 100.64.0.1 100.64.0.2 100.64.0.3 100.64.0.4 169.254.33.2 169.254.33.2 169.254.33.2 -A POSTROUTING -s 169.254.33.0/24 -j MASQUERADE

30. ovn-kubernetes 物理構成 30 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.11 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 k8s-k8smaster 192.168.0.2 k8s-k8smaster 6f9a7a6c8ffd405 192.168.1.2 -A POSTROUTING -s 169.254.33.0/24 -j MASQUERADE

31. OVNの今後 31 • Multi master OVSDB Server Clustring • スケーラビリティ改善

    (特にOVSDB) • BPF/DPDK Datapath • Service Function Chaining • Red Hatの製品 ◦ Red Hat OpenStack Platform 15 (Stain) ▪ OpenStackの製品版 ▪ OVNがデフォルトのNeutron ML2 ドライバ ◦ Red Hat OpenShift Container Platform 4.2 ▪ Kubernetesの製品版 ▪ 4.2でTech Preview、次かその次くらいで正式サポート→デフォルトのCNIプラグイン ◦ Red Hat Virtualization ▪ 4.2以降でOVNサポート

32. 参考文献 32 • ovn-architecture(7) http://www.openvswitch.org/support/dist-docs/ovn-architecture.7.txt • ovn-nb(5) http://www.openvswitch.org/support/dist-docs/ovn-nb.5.txt • ovn-sb(5)

    http://www.openvswitch.org/support/dist-docs/ovn-sb.5.txt • ovn-northd(8) http://www.openvswitch.org/support/dist-docs/ovn-northd.8.txt • ovn-controller(8) http://www.openvswitch.org/support/dist-docs/ovn-controller.8.txt • OVSConの資料 http://www.openvswitch.org/support/ovscon2019/

33. linkedin.com/company/Red-Hat youtube.com/user/RedHatAPAC facebook.com/RedHatAPAC twitter.com/Red_Hat_APAC Red Hat is the world’s leading

    provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you 33