OVN and Containers

Explore the seamless integration of Open vSwitch (OVS) and Open Virtual Network (OVN) for Kubernetes networking, enabling efficient communication between pods and central daemons. Learn about logical switches, routers, ACLs, load balancers, DHCP, DNS gateways, and more to enhance your cluster's networking capabilities.

• OVS Integration
• OVN Networking
• Kubernetes Pods
• Container Orchestration
• Network Virtualization

guliannab Follow

Uploaded on Mar 01, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. November 16-17, 2017 | San Jose, CA OVN and Containers Guru Shetty <guru@ovn.org>

2. Integration with OVS 1. ovs-vsctl add-br br-int 2. ip netns add ns1 br-int 3. ip link add p0_l type veth peer name p0_c 4. ip link set p0_c netns ns1 5. ip netns exec p0_c ip link set dev p0_c name eth0 6. ovs-vsctl add-port br-int p0_l eth0 eth0 ns1 ns2

3. Integration with OVN ovs-vsctl add-port br-int p0_l ovs-vsctl set interface p0_l external- ids:iface-id= port0 br-int br-int p0_l ovn-nbctl ls-add ls0 ovn-nbctl lsp-add ls0 port0 -- lsp-set-addresses port0 $MAC $IP p0_l eth0 eth0 ns1 ns2 ovs-vsctl add-port br-int p0_l -- set interface p0_l external-ids:iface- id= port1 ovn-nbctl lsp-add ls0 port1 -- lsp-set- addresses port1 $MAC $IP host2 host1

4. Integration with container orchestrators kubectl create -f pod1.yaml ovs-vsctl add-port br-int p0_l br-int ovs-vsctl set interface p0_l external-ids:iface- id= port0 p0_l eth0 ovn-nbctl lsp-add ls0 port0 -- lsp-set-addresses port0 $MAC $IP pod1 host plugin kubelet kubectl delete -f pod1.yaml

5. OVN objects Logical Switch Port Logical Switch Logical Router ACL Load-balancers DHCP and DNS Gateways and NAT

6. Popular Orchestrators Docker Docker Swarm Kubernetes Mesos and DC/OS

7. Kubernetes A pod is a group of containers that share the same network namespace. Containers inside a pod speak via localhost with each other. A host can have multiple pods. pods speak to each other via their pod IP. All pods in a cluster should be able to talk to each other via their own IP. A pod should also be able to speak to Kubernetes central daemons. Pods are fungible. They can be destroyed and re-created in a different host with a different IP.

8. OVN networking for kubernetes minion1 minion2 master 1. kubernetes central daemons P1 P2 P3 P4 P5 P6 2. OVN database and daemons healt h check OVS OVS healt h check ovn-controller cni ovn-controller cni

9. OVN networking for kubernetes Logical Space P1 P4 R S S P2 P5 S P3 P6 health health Master

10. OVN Kubernetes north/south networking 10.0.2.2/24 10.0.2.3/24 10.0.2.4/24 GR1 GR2 GR3 20.0.0.0/24 join R 192.168.1.0/24 S 192.168.2.0/24 S 192.168.3.0/24 S

11. OVN Kubernetes Watcher Continuously watches K8s API server. Creates a logical port when a pod gets created. Creates load-balancer entries in OVN when services are created. Creates ACLs in OVN when kubernetes network policy is created.

12. Multi-tenancy in Kubernetes OVN and Network Virtualization shines. Kubernetes seen as an application deployment tool. Preference for multiple kubernetes clusters.

13. Service mesh in Kubernetes Each pod has an Envoy container to act as a proxy iptables rules inside the pods Envoy can do the load-balancing

14. Questions https://github.com/openvswitch/ovn-kubernetes/