Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OVNのご紹介

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for orimanabu orimanabu
November 01, 2019
Technology
1.3k
4

 OVNのご紹介

Avatar for orimanabu

orimanabu

November 01, 2019

More Decks by orimanabu

See All by orimanabu
OpenShiftのBGPサポート - MetalLB+FRR-k8s編
Avatar for orimanabu orimanabu
0
540
OpenShiftのBGPサポート - OVN-Kubernetes編
Avatar for orimanabu orimanabu
0
720
Whats_new_in_Podman_and_CRI-O_2025-06
Avatar for orimanabu orimanabu
3
300
podman_update_2024-12
Avatar for orimanabu orimanabu
2
610
KubeVirt Networking ONIC 2024
Avatar for orimanabu orimanabu
6
2.3k
OpenShift.Run-2024-Medik8s
Avatar for orimanabu orimanabu
2
1.9k
Podman_CRI-O_update_2024-02
Avatar for orimanabu orimanabu
5
1.8k
Podman_update_2023-11
Avatar for orimanabu orimanabu
2
970
OVN-Kubernetes-Introduction-ja-2023-01-27.pdf
Avatar for orimanabu orimanabu
3
3.9k

Other Decks in Technology

See All in Technology
AIネイティブな開発のサプライチェーンリスク対策 〜激動の開発現場でリスクに立ち向かう〜【ZennFes】
Avatar for サイバーセキュリティクラウド cscengineer
PRO
2
140
FPGAの開発コンペでZephyrを使ってみた
Avatar for misoji engineer iotengineer22
0
140
Chainlitで作るお手軽チャットUI
Avatar for tomo ynt0485
0
280
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
Avatar for Eric Deandrea edeandrea
PRO
1
170
AWS Security Hub CSPMの成功・失敗体験
Avatar for cm-usuda-keisuke cmusudakeisuke
0
260
アンオフィシャルな、オフィシャルからのお願い
Avatar for wataru yamazaki (DevRel) wyamazak_devrel
0
140
2026TECHFRESH畢業分享會 - Lightning Talk - 資料也要 CI/CD? 用 Airbyte 自動化資料同步
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
1.3k
新しいUbuntu/GNOMEが使いたいからXからWaylandへ移行頑張ってるの巻 2026-06-20
Avatar for Nobuto Murata nobutomurata
0
150
不要なレビューをAIにまかせて AIコーディングの環境改善を加速した
Avatar for shoota shoota
1
230
10年間のブログ発信を振り返って見えたWebアプリケーションエンジニアとしての軌跡
Avatar for すてにゃん stefafafan
0
170
2026TECHFRESH畢業分享會 - 原生還是跨平台? App 開發踩坑實錄
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
1.3k
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
1.3k

Featured

See All Featured
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
270
Redefining SEO in the New Era of Traffic Generation
Avatar for Szymon Słowik szymonslowik
1
340
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
320
Between Models and Reality
Avatar for mayunak mayunak
4
340
What does AI have to do with Human Rights?
Avatar for Per Axbom axbom
PRO
1
2.2k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
Avatar for Sara Fernández Carmona sarafernandez
0
210
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
360
30k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
356
21k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
Avatar for Szymon Słowik szymonslowik
1
1.1k
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
Avatar for Sara Fernández Carmona sarafernandez
2
1.5k
Exploring anti-patterns in Rails
Avatar for Elle Meredith aemeredith
3
410
Believing is Seeing
Avatar for Spiro Bolos oripsolob
1
150

Transcript

  1. 1 v1.0 OVNのご紹介 2019-11-01 Manabu Ori @orimanabu RED HAT CLOUD

    PLATFORMS BUSINESS UNIT

  2. 注意 2 • この資料は2019年11月1日時点の情報を元に作成しました

  3. OVNとは

  4. OVN (Open Virtual Network) とは 4 • 複数ハイパーバイザ上のOVSにまたがった仮想ネットワークを作る仕組み • OVS

    (Open vSwitch) のサブプロジェクトとして、2015年に始動 ◦ 最初のリリース: 27 Sep 2016 (OVS v2.6) ◦ OpenStack Neutron Plugin (networking-ovn) の最初のリリース: 06 Oct 2016 (Newton) ◦ OVS v2.11からリポジトリが分離 https://github.com/ovn-org • オーバーレイネットワークを論理ネットワークとして抽象化 HV1 HV2 VM-1 VM-2 VM-A VM-3 VM-4 VM-B Logical Switch VM-A VM-B Logical Switch Logical Router Logical Switch VM-3 VM-4 VM-1 VM-2 物理ネットワーク 論理ネットワーク

  5. OVNの特徴 5 • データベース操作によるコンフィギュレーション • Logical Flowによる設定 ◦ 物理ネットワーク(OVS)と仮想ネットワークを分離 ◦

    だいたいOpenFlowと同じ気分 ▪ フローテーブルのパイプライン、フローのmatchとaction • ハイパーバイザ間のカプセリングはGeneve,STT • 分散L2, L3処理 • NAT、DHCP、ロードバランサのネイティブ実装 • L2, L3ゲートウェイ • 他のCMS (Cloud Management System) と連携することを想定したデザイン ◦ OpenStack, Kubernetes, Docker, Mesos, oVirt, ... OVS OVN 対象 1台のホスト内の仮想スイッチ 複数のホストにまたがる仮想ネットワーク 設定 OpenFlow + OVSDB Logical Flow + OVSDB

  6. Open vSwitch (OVS) の課題 6 • OVSは超強力、だけどOpenFlowでSDN環境を構築するのは大変 ◦ 「現時点では、低レベルのフローロジックを直接作り込む必要があるなど、導入の敷居はあまり低くあ りません」

    ▪ 技術文書 OpenFlowの概要, VA Linux Systems Japan ◦ 「プログラミング言語に例えるとアセンブラ、もしくは標準ライブラリがないC言語」 ▪ マスタリングTCP/IP OpenFlow編, オーム社 • OVSは超強力、だから ◦ OVSネイティブな機能を活用するとより効率的に処理できるはず ◦ 現状はOVS, Network Namespace, iptables, etcを組み合わせて様々な機能を実現している • 仮想化/コンテナ基盤のソフトウェア製品それぞれでOpenFlowの作り込みをするのはつらい ◦ OpenStack ◦ Kubernetes ◦ oVirt, ...

  7. OVNのコンポーネント 7 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow

  8. OVNのコンポーネント 8 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow Northbound DB • CMS (Cloud Management System) との連携をする部分 • 論理ネットワークの構成、あるべき姿 (desired state) を格納 するデータベース ◦ Logical Port, Logical Switch, Logical Router, ...

  9. OVNのコンポーネント 9 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow Southbound DB • 現在の状態 (runtime state) を格納するデータベース • 論理ポート・スイッチ・ルータと、物理要素とのマッピング • runtime stateと論理ネットワークを元にしたLogical Flowのパイ プライン

  10. OVNのコンポーネント 10 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow ovn-northd • Northbound DBの論理構成をSouthbound DBの runtime stateに変換するデーモン • 論理ネットワークの構成を元にLogical flowを生成

  11. OVNのコンポーネント 11 • Northbound DB • Southbound DB • ovn-northd

    • ovn-controller Clouc Management System (OpenStack, Kubernetes, etc) networking-ovn ovn-kubernetes Northbound DB Southbound DB ovn-northd ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko ovn-controller OVSDB ovs-vswitchd openvswitch.ko 管理サーバ ハイパーバイザ ノード OVSDB Management Protocol OpenFlow ovn-controller • 各ハイパーバイザノードで稼働 • Logical flowからPhysical flowを生成 ◦ e.g. VIF UUID → OpenFlow port • Physical flowをハイパーバイザ上のOVSに注入

  12. OVNのコンポーネント 12 • Northbound DB ◦ CMS (Cloud Management System)

    との連携をする部分 ◦ 論理ネットワークの構成、あるべき姿 (desired state) を格納するデータベース ▪ Logical Port, Logical Switch, Logical Router, ... • Southbound DB ◦ 現在の状態 (runtime state) を格納するデータベース ◦ 論理ポート・スイッチ・ルータと、物理要素とのマッピング ◦ runtime stateと論理ネットワークを元にしたLogical Flowのパイプライン • ovn-northd ◦ Northbound DBの論理構成をSouthbound DBのruntime stateに変換するデーモン ◦ 論理ネットワークの構成を元にLogical flowを生成 • ovn-controller ◦ 各ハイパーバイザノードで稼働 ◦ Logical flowからPhysical flowを生成 ▪ e.g. VIF UUID → OpenFlow port ◦ Physical flowをハイパーバイザ上のOVSに注入

  13. Logical Table Flow Structure - Logical Switch Datapaths 13 Table

    Flow category 0 Admission Control and Ingress Port Security - L2 1 Ingress Port Security - IP 2 Ingress Port Security - Neighbor discovery 3 from-lport Pre-ACLs 4 Pre-LB 5 Pre-stateful 6 from-lport ACLs 7 from-lport QoS marking 8 from-lport QoS meter 9 LB 10 Stateful 11 ARP/ND responder Ingress Egress Table Flow category 12 DHCP option processing 13 DHCP responses 14 DNS Lookup 15 DNS Responses 16 Destination Lookup Table Flow category 0 Pre-LB 1 to-lport Pre-ACLs 2 Pre-stateful 3 LB 4 to-lport ACLs 5 to-lport QoS marking 6 to-lport QoS meter 7 Stateful 8 Egress Port Security - IP 9 Egress Port Security - L2

  14. Logical Table Flow Structure - Logical Router Datapaths 14 Table

    Flow category 0 L2 Admission Control 1 IP Input 2 DEFRAG 3 UNSNAT 4 DNAT 5 IPv6 ND RA option processing 6 IPv6 ND RA responder 7 IP Routing 8 ARP/ND Resolution 9 Gateway Redirect 10 ARP Request Ingress Egress Table Flow category 0 UNDNAT 1 SNAT 2 Egress Loopback 3 Delivery

  15. OVNの手動構成 15 • OVSDBの操作 ◦ ovsdb-tool ◦ ovsdb-client • Logical

    Switchの作成 ◦ ovn-nbctl lswitch-add SWITCH_NAME • Logical Portの作成 ◦ ovn-nbctl lport-add SWITCH_NAME PORT_NAME • Logical PortにMACアドレスを設定 ◦ ovn-nbctl lport-set-address PORT_NAME MAC_ADDRESS • Logical PortとPhysical Portの紐付け ◦ ovs-vsctl add-port BRIDGE INTERFACE -- set Interface INTERFACE external_ids:iface-id=PORT_NAME ↓ • OpenStack, Kubernetes等と連携するときは、この辺りはNeutron ML2 driver/CNI Pluginがやってくれます

  16. OpenStack Integration

  17. OpenStackとの連携 17 • Neutron ML2 driver: networking-ovn ML2/OVS ML2/OVN

  18. NeutronとOVNの構成要素のマッピング 18 NEUTRON OVN router logical router + gateway_chassis (scheduling)

    network logical switch + dhcp_options port logical switch port ( + logical router port) security group Port_Group + ACL + Address_Set floating ip NAT (dnat_snat entry type) (in octavia WIP!) Load_Balancer

  19. networking-ovnの特徴 19 • L2 ◦ ARP responderの機能 • L3 ◦

    OVNでIPv4/IPv6ルーティングのネイティブサポート ▪ L3 agentは必要ない ◦ 分散ルータ ◦ namespaceを渡る必要がないので効率的 • Security Group ◦ カーネルのconntrackモジュールをOVSから直接利用 ◦ Neutronの firewall_driver = openvswitch と同じ動き • DHCP ◦ ovn-controllerがDHCPの機能を持つ ▪ dhcp agentは必要ない ▪ dnsmasqがたくさん地獄にならない ◦ シンプルなユースケースのみ想定

  20. networking-ovnの特徴 20 • Metadata ◦ 今の実装では namespace + haproxy ◦

    metadata-agentとneutron-serverとの 通信は不要 • Octavia ◦ OVNのOctavia driver開発中 ◦ Amphora VMが必要なくなる VM1 VM3 VM2 localport A localport B br-int VM4 nsB haproxy nsA haproxy ovn-metadata-agent UNIX socket Chassis 1

  21. Kubernetes Integration

  22. Kubernetesとの連携 22 • OVN用のCNIプラグイン: ovn-kubernetes https://github.com/ovn-org/ovn-kubernetes • 他のCNIプラグインとの主な違い ◦ Serviceオブジェクトは基本的にOVSの機能で実現している

    ▪ Service → PodのDNAT ▪ Service → 複数Podのロードバランス ◦ Network Policyの制御はOVSで実現 ◦ その他はだいたい従来のCNIプラグインと同じ ▪ 内部DNSは今のところCoreDNSを使う前提になっている...ように見える

  23. ovn-kubernetes 物理構成 23 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.11 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 k8s-k8smaster 192.168.0.2 k8s-k8smaster 6f9a7a6c8ffd405 192.168.1.2

  24. ovn-kubernetes 論理ネットワーク 24 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 100.64.0.1 100.64.0.2 100.64.0.3 100.64.0.4 169.254.33.2 169.254.33.2 169.254.33.2

  25. ovn-kubernetes 論理ネットワーク 25 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 コンテナが直接接続するLogical Switch Service→PodのロードバランスやDNATはここで処理する

  26. ovn-kubernetes 論理ネットワーク 26 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 default via 10.0.2.2 dev enp0s3 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 10.10.0.0/24 dev enp0s8 proto kernel scope link src 10.10.0.11 169.254.33.0/24 dev br-nexthop proto kernel scope link src 169.254.33.1 172.16.1.0/24 via 192.168.0.1 dev k8s-k8smaster 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.0.0/24 dev k8s-k8smaster proto kernel scope link src 192.168.0.2 192.168.0.0/16 via 192.168.0.1 dev k8s-k8smaster

  27. ovn-kubernetes 論理ネットワーク 27 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 ノード間通信を制御するLogical Router

  28. ovn-kubernetes 論理ネットワーク 28 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 コンテナが外部と通信するときのゲートウェイとなるLogical Router

  29. ovn-kubernetes 論理ネットワーク 29 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.13 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 192.168.1.2 k8s-k8smaster 192.168.2.2 k8s-k8smaster 6f9a7a6c8ffd405 eth0 eth0 eth0 eth0 eth0 k8smaster k8sminion1 k8sminion2 ovn_cluster_router join GR_k8sminion1 GR_k8sminion2 GR_k8smaster ext_k8smaster ext_k8sminion1 ext_k8sminion2 br-local_k8smaster br-local_k8sminion1 br-local_k8sminion2 etor-GR_k8smaster etor-GR_k8sminion1 etor-GR_k8sminion2 rtoe-GR_k8smaster rtoe-GR_k8sminion1 rtoe-GR_k8sminion2 rtoj-GR_k8smaster rtoj-GR_k8sminion1 rtoj-GR_k8sminion2 jtor-GR_k8s minion1 jtor-GR_k8sminion2 jtor-GR_k8smaster jtor-ovn_cluster_router rtoj-ovn_cluster_router stor-k8smaster stor-k8sminion1 stor-k8sminion2 k8s-k8smaster k8s-k8sminion1 k8s-k8s minion2 rtos-k8smaster rtos-k8sminion2 rtos-k8sminion1 192.168.0.1 192.168.1.1 192.168.2.1 192.168.0.2 192.168.1.2 192.168.2.2 100.64.0.1 100.64.0.2 100.64.0.3 100.64.0.4 169.254.33.2 169.254.33.2 169.254.33.2 -A POSTROUTING -s 169.254.33.0/24 -j MASQUERADE

  30. ovn-kubernetes 物理構成 30 br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.11 909e63bb427f0d0

    coredns-5644d 7b6d9-5bg9r coredns eth0 k8s-master br-local br-int br-nexthop 169.254.33.1 enp0s8 10.10.0.12 28e34468c2012b0 hello-php-85f4f 89698-99ts4 hello-php eth0 hello-php-85f4f 89698-t7cg9 hello-php eth0 k8s-minion1 192.168.1.4 192.168.2.7 br-local br-int br-nexthop 169.254.33.1 192.168.2.2 k8s-k8smaster enp0s8 10.10.0.13 909e63bb427f0d0 hello-client-6ffb d44b44-86r8j client eth0 k8s-minion2 192.168.2.7 192.168.1.3 ovn-44ef7b-0 ovn-28baae-0 Geneve to k8s-master Geneve to k8s-minion1 ovn-44ef7b-0 ovn-22a195-0 Geneve to k8s-master Geneve to k8s-minion2 ovn-28baae-0 ovn-22a195-0 Geneve to k8s-minion1 Geneve to k8s-minion2 k8s-k8smaster 192.168.0.2 k8s-k8smaster 6f9a7a6c8ffd405 192.168.1.2 -A POSTROUTING -s 169.254.33.0/24 -j MASQUERADE

  31. OVNの今後 31 • Multi master OVSDB Server Clustring • スケーラビリティ改善

    (特にOVSDB) • BPF/DPDK Datapath • Service Function Chaining • Red Hatの製品 ◦ Red Hat OpenStack Platform 15 (Stain) ▪ OpenStackの製品版 ▪ OVNがデフォルトのNeutron ML2 ドライバ ◦ Red Hat OpenShift Container Platform 4.2 ▪ Kubernetesの製品版 ▪ 4.2でTech Preview、次かその次くらいで正式サポート→デフォルトのCNIプラグイン ◦ Red Hat Virtualization ▪ 4.2以降でOVNサポート

  32. 参考文献 32 • ovn-architecture(7) http://www.openvswitch.org/support/dist-docs/ovn-architecture.7.txt • ovn-nb(5) http://www.openvswitch.org/support/dist-docs/ovn-nb.5.txt • ovn-sb(5)

    http://www.openvswitch.org/support/dist-docs/ovn-sb.5.txt • ovn-northd(8) http://www.openvswitch.org/support/dist-docs/ovn-northd.8.txt • ovn-controller(8) http://www.openvswitch.org/support/dist-docs/ovn-controller.8.txt • OVSConの資料 http://www.openvswitch.org/support/ovscon2019/

  33. linkedin.com/company/Red-Hat youtube.com/user/RedHatAPAC facebook.com/RedHatAPAC twitter.com/Red_Hat_APAC Red Hat is the world’s leading

    provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you 33