Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OVNのご紹介

Avatar for orimanabu orimanabu
November 01, 2019
Technology
4
1.1k

 OVNのご紹介

Avatar for orimanabu

orimanabu

November 01, 2019
Tweet

More Decks by orimanabu

See All by orimanabu
podman_update_2024-12
Avatar for orimanabu orimanabu
2
440
KubeVirt Networking ONIC 2024
Avatar for orimanabu orimanabu
7
1.6k
OpenShift.Run-2024-Medik8s
Avatar for orimanabu orimanabu
2
1.4k
Podman_CRI-O_update_2024-02
Avatar for orimanabu orimanabu
5
1.6k
Podman_update_2023-11
Avatar for orimanabu orimanabu
2
820
OVN-Kubernetes-Introduction-ja-2023-01-27.pdf
Avatar for orimanabu orimanabu
3
3.1k
Podman_CRI-O_update_2022-08
Avatar for orimanabu orimanabu
2
1.1k
skupper-introduction
Avatar for orimanabu orimanabu
0
810
OpenShift.Run-2022-makaizo
Avatar for orimanabu orimanabu
2
1.2k

Other Decks in Technology

See All in Technology
君だけのオリジナル async / await を作ろう / TSKaigi 2025
Avatar for Susisu susisu
17
13k
プロジェクトマネジメント実践論|現役エンジニアが語る!~チームでモノづくりをする時のコツとは?~
Avatar for MIXI ENGINEERS mixi_engineers
PRO
3
100
Oracle Database オプティマイザ・ヒントの活用
Avatar for oracle4engineer oracle4engineer
PRO
1
130
研究開発部メンバーの働き⽅ / Sansan R&D Profile
Avatar for Sansan, Inc. sansan33
PRO
3
17k
RDRA3.0を知ろう
Avatar for 神崎 kanzaki
2
370
会社紹介資料 / Sansan Company Profile
Avatar for Sansan, Inc. sansan33
PRO
6
360k
toittaにOpenTelemetryを導入した話 / Mackerel APM リリースパーティ
Avatar for cohalz cohalz
1
230
MCP で繋ぐ Figma とデザインシステム〜LLM を使った UI 実装のリアル〜
Avatar for きむそん kimuson
1
1k
新卒から4年間、20年もののWebサービスと向き合って学んだソフトウェア考古学 - PHPカンファレンス新潟2025 / new graduate 4year software archeology
Avatar for guri oguri
2
320
Eight Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
3.1k
ロール・ツール群の開発 / Development of Roles and Tools
Avatar for Kenji Saito ks91
PRO
0
130
アプリケーションの中身が見える!Mackerel APMの全貌と展望 / Mackerel APMリリースパーティ
Avatar for mackerelio mackerelio
0
180

Featured

See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
19
1.2k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
30
960
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
172
14k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.7k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
25
2.8k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
137
34k
It's Worth the Effort
Avatar for 3n 3n
184
28k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
12k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.4k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
329
39k
Code Review Best Practice
Avatar for Trisha Gee trishagee
68
18k

Transcript

  1. 1 v1.0 OVNのご紹介 2019-11-01 Manabu Ori @orimanabu RED HAT CLOUD

    PLATFORMS BUSINESS UNIT

  2. 注意 2 • この資料は2019年11月1日時点の情報を元に作成しました

  3. OVNとは

  4. OVN (Open Virtual Network) とは 4 • 複数ハイパーバイザ上のOVSにまたがった仮想ネットワークを作る仕組み • OVS

    (Open vSwitch) のサブプロジェクトとして、2015年に始動 ◦ 最初のリリース: 27 Sep 2016 (OVS v2.6) ◦ OpenStack Neutron Plugin (networking-ovn) の最初のリリース: 06 Oct 2016 (Newton) ◦ OVS v2.11からリポジトリが分離 https://github.com/ovn-org • オーバーレイネットワークを論理ネットワークとして抽象化 HV1 HV2 VM-1 VM-2 VM-A VM-3 VM-4 VM-B Logical Switch VM-A VM-B Logical Switch Logical Router Logical Switch VM-3 VM-4 VM-1 VM-2 物理ネットワーク 論理ネットワーク

  5. OVNの特徴 5 • データベース操作によるコンフィギュレーション • Logical Flowによる設定 ◦ 物理ネットワーク(OVS)と仮想ネットワークを分離 ◦

    だいたいOpenFlowと同じ気分 ▪ フローテーブルのパイプライン、フローのmatchとaction • ハイパーバイザ間のカプセリングはGeneve,STT • 分散L2, L3処理 • NAT、DHCP、ロードバランサのネイティブ実装 • L2, L3ゲートウェイ • 他のCMS (Cloud Management System) と連携することを想定したデザイン ◦ OpenStack, Kubernetes, Docker, Mesos, oVirt, ... OVS OVN 対象 1台のホスト内の仮想スイッチ 複数のホストにまたがる仮想ネットワーク 設定 OpenFlow + OVSDB Logical Flow + OVSDB

  6. Open vSwitch (OVS) の課題 6 • OVSは超強力、だけどOpenFlowでSDN環境を構築するのは大変 ◦ 「現時点では、低レベルのフローロジックを直接作り込む必要があるなど、導入の敷居はあまり低くあ りません」

    ▪ 技術文書 OpenFlowの概要, VA Linux Systems Japan ◦ 「プログラミング言語に例えるとアセンブラ、もしくは標準ライブラリがないC言語」 ▪ マスタリングTCP/IP OpenFlow編, オーム社 • OVSは超強力、だから ◦ OVSネイティブな機能を活用するとより効率的に処理できるはず ◦ 現状はOVS, Network Namespace, iptables, etcを組み合わせて様々な機能を実現している • 仮想化/コンテナ基盤のソフトウェア製品それぞれでOpenFlowの作り込みをするのはつらい ◦ OpenStack ◦ Kubernetes ◦ oVirt, ...

  7. OVNのコンポーネント 7 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow

  8. OVNのコンポーネント 8 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow Northbound DB • CMS (Cloud Management System) との連携をする部分 • 論理ネットワークの構成、あるべき姿 (desired state) を格納 するデータベース ◦ Logical Port, Logical Switch, Logical Router, ...

  9. OVNのコンポーネント 9 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow Southbound DB • 現在の状態 (runtime state) を格納するデータベース • 論理ポート・スイッチ・ルータと、物理要素とのマッピング • runtime stateと論理ネットワークを元にしたLogical Flowのパイ プライン

  10. OVNのコンポーネント 10 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow ovn-northd • Northbound DBの論理構成をSouthbound DBの runtime stateに変換するデーモン • 論理ネットワークの構成を元にLogical flowを生成

  11. OVNのコンポーネント 11 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow ovn-controller • 各ハイパーバイザノードで稼働 • Logical flowからPhysical flowを生成 ◦ e.g. VIF UUID → OpenFlow port • Physical flowをハイパーバイザ上のOVSに注入

  12. OVNのコンポーネント 12 • Northbound DB ◦ CMS (Cloud Management System)

    との連携をする部分 ◦ 論理ネットワークの構成、あるべき姿 (desired state) を格納するデータベース ▪ Logical Port, Logical Switch, Logical Router, ... • Southbound DB ◦ 現在の状態 (runtime state) を格納するデータベース ◦ 論理ポート・スイッチ・ルータと、物理要素とのマッピング ◦ runtime stateと論理ネットワークを元にしたLogical Flowのパイプライン • ovn-northd ◦ Northbound DBの論理構成をSouthbound DBのruntime stateに変換するデーモン ◦ 論理ネットワークの構成を元にLogical flowを生成 • ovn-controller ◦ 各ハイパーバイザノードで稼働 ◦ Logical flowからPhysical flowを生成 ▪ e.g. VIF UUID → OpenFlow port ◦ Physical flowをハイパーバイザ上のOVSに注入

  13. Logical Table Flow Structure - Logical Switch Datapaths 13 Table

    Flow category 0 Admission Control and Ingress Port Security - L2 1 Ingress Port Security - IP 2 Ingress Port Security - Neighbor discovery 3 from-lport Pre-ACLs 4 Pre-LB 5 Pre-stateful 6 from-lport ACLs 7 from-lport QoS marking 8 from-lport QoS meter 9 LB 10 Stateful 11 ARP/ND responder Ingress Egress Table Flow category 12 DHCP option processing 13 DHCP responses 14 DNS Lookup 15 DNS Responses 16 Destination Lookup Table Flow category 0 Pre-LB 1 to-lport Pre-ACLs 2 Pre-stateful 3 LB 4 to-lport ACLs 5 to-lport QoS marking 6 to-lport QoS meter 7 Stateful 8 Egress Port Security - IP 9 Egress Port Security - L2

  14. Logical Table Flow Structure - Logical Router Datapaths 14 Table

    Flow category 0 L2 Admission Control 1 IP Input 2 DEFRAG 3 UNSNAT 4 DNAT 5 IPv6 ND RA option processing 6 IPv6 ND RA responder 7 IP Routing 8 ARP/ND Resolution 9 Gateway Redirect 10 ARP Request Ingress Egress Table Flow category 0 UNDNAT 1 SNAT 2 Egress Loopback 3 Delivery

  15. OVNの手動構成 15 • OVSDBの操作 ◦ ovsdb-tool ◦ ovsdb-client • Logical

    Switchの作成 ◦ ovn-nbctl lswitch-add SWITCH_NAME • Logical Portの作成 ◦ ovn-nbctl lport-add SWITCH_NAME PORT_NAME • Logical PortにMACアドレスを設定 ◦ ovn-nbctl lport-set-address PORT_NAME MAC_ADDRESS • Logical PortとPhysical Portの紐付け ◦ ovs-vsctl add-port BRIDGE INTERFACE -- set Interface INTERFACE external_ids:iface-id=PORT_NAME ↓ • OpenStack, Kubernetes等と連携するときは、この辺りはNeutron ML2 driver/CNI Pluginがやってくれます

  16. OpenStack Integration

  17. OpenStackとの連携 17 • Neutron ML2 driver: networking-ovn ML2/OVS ML2/OVN

  18. NeutronとOVNの構成要素のマッピング 18 NEUTRON OVN router logical router + gateway_chassis (scheduling)

    network logical switch + dhcp_options port logical switch port ( + logical router port) security group Port_Group + ACL + Address_Set floating ip NAT (dnat_snat entry type) (in octavia WIP!) Load_Balancer

  19. networking-ovnの特徴 19 • L2 ◦ ARP responderの機能 • L3 ◦

    OVNでIPv4/IPv6ルーティングのネイティブサポート ▪ L3 agentは必要ない ◦ 分散ルータ ◦ namespaceを渡る必要がないので効率的 • Security Group ◦ カーネルのconntrackモジュールをOVSから直接利用 ◦ Neutronの firewall_driver = openvswitch と同じ動き • DHCP ◦ ovn-controllerがDHCPの機能を持つ ▪ dhcp agentは必要ない ▪ dnsmasqがたくさん地獄にならない ◦ シンプルなユースケースのみ想定

  20. networking-ovnの特徴 20 • Metadata ◦ 今の実装では namespace + haproxy ◦

    metadata-agentとneutron-serverとの 通信は不要 • Octavia ◦ OVNのOctavia driver開発中 ◦ Amphora VMが必要なくなる VM1 VM3 VM2 localport A localport B br-int VM4 nsB haproxy nsA haproxy ovn-metadata-agent UNIX socket Chassis 1

  21. Kubernetes Integration

  22. Kubernetesとの連携 22 • OVN用のCNIプラグイン: ovn-kubernetes https://github.com/ovn-org/ovn-kubernetes • 他のCNIプラグインとの主な違い ◦ Serviceオブジェクトは基本的にOVSの機能で実現している

    ▪ Service → PodのDNAT ▪ Service → 複数Podのロードバランス ◦ Network Policyの制御はOVSで実現 ◦ その他はだいたい従来のCNIプラグインと同じ ▪ 内部DNSは今のところCoreDNSを使う前提になっている...ように見える

  23. ovn-kubernetes 物理構成 23 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.11 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 k8s-k8smaster 192.168.0.2 k8s-k8smaster 6f9a7a6c8ffd405 192.168.1.2

  24. ovn-kubernetes 論理ネットワーク 24 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 100.64.0.1 100.64.0.2 100.64.0.3 100.64.0.4 169.254.33.2 169.254.33.2 169.254.33.2

  25. ovn-kubernetes 論理ネットワーク 25 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 コンテナが直接接続するLogical Switch Service→PodのロードバランスやDNATはここで処理する

  26. ovn-kubernetes 論理ネットワーク 26 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 default via 10.0.2.2 dev enp0s3 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 10.10.0.0/24 dev enp0s8 proto kernel scope link src 10.10.0.11 169.254.33.0/24 dev br-nexthop proto kernel scope link src 169.254.33.1 172.16.1.0/24 via 192.168.0.1 dev k8s-k8smaster 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.0.0/24 dev k8s-k8smaster proto kernel scope link src 192.168.0.2 192.168.0.0/16 via 192.168.0.1 dev k8s-k8smaster

  27. ovn-kubernetes 論理ネットワーク 27 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 ノード間通信を制御するLogical Router

  28. ovn-kubernetes 論理ネットワーク 28 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 コンテナが外部と通信するときのゲートウェイとなるLogical Router

  29. ovn-kubernetes 論理ネットワーク 29 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 100.64.0.1 100.64.0.2 100.64.0.3 100.64.0.4 169.254.33.2 169.254.33.2 169.254.33.2 -A POSTROUTING -s 169.254.33.0/24 -j MASQUERADE

  30. ovn-kubernetes 物理構成 30 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.11 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 k8s-k8smaster 192.168.0.2 k8s-k8smaster 6f9a7a6c8ffd405 192.168.1.2 -A POSTROUTING -s 169.254.33.0/24 -j MASQUERADE

  31. OVNの今後 31 • Multi master OVSDB Server Clustring • スケーラビリティ改善

    (特にOVSDB) • BPF/DPDK Datapath • Service Function Chaining • Red Hatの製品 ◦ Red Hat OpenStack Platform 15 (Stain) ▪ OpenStackの製品版 ▪ OVNがデフォルトのNeutron ML2 ドライバ ◦ Red Hat OpenShift Container Platform 4.2 ▪ Kubernetesの製品版 ▪ 4.2でTech Preview、次かその次くらいで正式サポート→デフォルトのCNIプラグイン ◦ Red Hat Virtualization ▪ 4.2以降でOVNサポート

  32. 参考文献 32 • ovn-architecture(7) http://www.openvswitch.org/support/dist-docs/ovn-architecture.7.txt • ovn-nb(5) http://www.openvswitch.org/support/dist-docs/ovn-nb.5.txt • ovn-sb(5)

    http://www.openvswitch.org/support/dist-docs/ovn-sb.5.txt • ovn-northd(8) http://www.openvswitch.org/support/dist-docs/ovn-northd.8.txt • ovn-controller(8) http://www.openvswitch.org/support/dist-docs/ovn-controller.8.txt • OVSConの資料 http://www.openvswitch.org/support/ovscon2019/

  33. linkedin.com/company/Red-Hat youtube.com/user/RedHatAPAC facebook.com/RedHatAPAC twitter.com/Red_Hat_APAC Red Hat is the world’s leading

    provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you 33