From patchwork Mon Apr 16 19:16:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 898868 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40PymQ5GfRz9s0b for ; Tue, 17 Apr 2018 05:16:37 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 23C7BE2C; Mon, 16 Apr 2018 19:16:35 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 10EE1DA8 for ; Mon, 16 Apr 2018 19:16:34 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DC1D5355 for ; Mon, 16 Apr 2018 19:16:32 +0000 (UTC) X-Originating-IP: 208.91.3.26 Received: from sigabrt.benpfaff.org (unknown [208.91.3.26]) (Authenticated sender: blp@ovn.org) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 8684C40004; Mon, 16 Apr 2018 21:16:30 +0200 (CEST) From: Ben Pfaff To: dev@openvswitch.org Date: Mon, 16 Apr 2018 12:16:24 -0700 Message-Id: <20180416191624.25602-1-blp@ovn.org> X-Mailer: git-send-email 2.16.1 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Ben Pfaff Subject: [ovs-dev] [PATCH] faq: Start an OVN FAQ by giving a rationale for how it uses tunnels. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Signed-off-by: Ben Pfaff Acked-by: Aaron Conole --- Documentation/automake.mk | 1 + Documentation/faq/index.rst | 1 + Documentation/faq/ovn.rst | 89 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 Documentation/faq/ovn.rst diff --git a/Documentation/automake.mk b/Documentation/automake.mk index c05a2313a5b8..e8a43455d91f 100644 --- a/Documentation/automake.mk +++ b/Documentation/automake.mk @@ -76,6 +76,7 @@ DOC_SOURCE = \ Documentation/faq/general.rst \ Documentation/faq/issues.rst \ Documentation/faq/openflow.rst \ + Documentation/faq/ovn.rst \ Documentation/faq/qos.rst \ Documentation/faq/releases.rst \ Documentation/faq/terminology.rst \ diff --git a/Documentation/faq/index.rst b/Documentation/faq/index.rst index 334b828b2229..ad3cc2b6fafe 100644 --- a/Documentation/faq/index.rst +++ b/Documentation/faq/index.rst @@ -41,3 +41,4 @@ Open vSwitch FAQ terminology vlan vxlan + ovn diff --git a/Documentation/faq/ovn.rst b/Documentation/faq/ovn.rst new file mode 100644 index 000000000000..2e2fe0502dc1 --- /dev/null +++ b/Documentation/faq/ovn.rst @@ -0,0 +1,89 @@ +.. + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + + Convention for heading levels in Open vSwitch documentation: + + ======= Heading 0 (reserved for the title in a document) + ------- Heading 1 + ~~~~~~~ Heading 2 + +++++++ Heading 3 + ''''''' Heading 4 + + Avoid deeper levels because they do not render well. + +=== +OVN +=== + +Q: Why does OVN use STT and Geneve instead of VLANs or VXLAN (or GRE)? + + A: OVN implements a fairly sophisticated packet processing pipeline in + "logical datapaths" that can implement switching or routing functionality. + A logical datapath has an ingress pipeline and an egress pipeline, and each + of these pipelines can include logic based on packet fields as well as + packet metadata such as the logical ingress and egress ports (the latter + only in the egress pipeline). + + The processing for a logical datapath can be split across hypervisors. In + particular, when a logical ingress pipeline executes an "output" action, + OVN passes the packet to the egress pipeline on the hypervisor (or, in the + case of output to a logical multicast group, hypervisors) on which the + logical egress port is located. If this hypervisor is not the same as the + ingress hypervisor, then the packet has to be transmitted across a physical + network. + + This situation is where tunneling comes in. To send the packet to another + hypervisor, OVN encapsulates it with a tunnel protocol and sends the + encapsulated packet across the physical network. When the remote + hypervisor receives the tunnel packet, it decapsulates it and passes it + through the logical egress pipeline. To do so, it also needs the metadata, + that is, the logical ingress and egress ports. + + Thus, to implement OVN logical packet processing, at least the following + metadata must pass across the physical network: + + * Logical datapath ID, a 24-bit identifier. In Geneve, OVN uses the VNI to + hold the logical datapath ID; in STT, OVN uses 24 bits of STT's 64-bit + context ID. + + * Logical ingress port, a 15-bit identifier. In Geneve, OVN uses an option + to hold the logical ingress port; in STT, 15 bits of the context ID. + + * Logical egress port, a 16-bit identifier. In Geneve, OVN uses an option + to hold the logical egress port; in STT, 16 bits of the context ID. + + See ``ovn-architecture(7)``, under "Tunnel Encapsulations", for details. + + Together, these metadata require 24 + 15 + 16 = 55 bits. GRE provides 32 + bits, VXLAN provides 24, and VLAN only provides 12. Most notably, if + logical egress pipelines do not match on the logical ingress port, thereby + restricting the class of ACLs available to users, then this eliminates 15 + bits, bringing the requirement down to 40 bits. At this point, one can + choose to limit the size of the OVN logical network in various ways, e.g.: + + * 16 bits of logical datapaths + 16 bits of logical egress ports. This + combination fits within a 32-bit GRE tunnel key. + + * 12 bits of logical datapaths + 12 bits of logical egress ports. This + combination fits within a 24-bit VXLAN VNI. + + * It's difficult to identify an acceptable compromise for a VLAN-based + deployment. + + These compromises wouldn't suit every site, since some might want to + allocate more bits to the datapath, some to the egress port. + + As a side note, OVN does support VXLAN for use with ASIC-based top of rack + switches, using ``ovn-controller-vtep(8)`` and the OVSDB VTEP schema + described in ``vtep(5)``, but this limits the features available from OVN + to the subset available from the VTEP schema.