From patchwork Tue Jan 28 02:55:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1230144 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 486B9Q2Xztz9sQp for ; Tue, 28 Jan 2020 13:57:14 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id B687784D2E; Tue, 28 Jan 2020 02:57:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0Y0ctatOsKZ; Tue, 28 Jan 2020 02:57:09 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 593E285A56; Tue, 28 Jan 2020 02:56:33 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 4F5B3C1D8A; Tue, 28 Jan 2020 02:56:33 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 386E7C0177 for ; Tue, 28 Jan 2020 02:56:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 266418663C for ; Tue, 28 Jan 2020 02:56:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iqq6uqG+qJUP for ; Tue, 28 Jan 2020 02:56:25 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by whitealder.osuosl.org (Postfix) with ESMTPS id 52C26867AC for ; Tue, 28 Jan 2020 02:56:12 +0000 (UTC) X-Originating-IP: 216.113.160.77 Received: from localhost.localdomain.localdomain (unknown [216.113.160.77]) (Authenticated sender: hzhou@ovn.org) by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id DEA071BF203; Tue, 28 Jan 2020 02:56:09 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Mon, 27 Jan 2020 18:55:38 -0800 Message-Id: <1580180138-82118-14-git-send-email-hzhou@ovn.org> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1580180138-82118-1-git-send-email-hzhou@ovn.org> References: <1580180138-82118-1-git-send-email-hzhou@ovn.org> Cc: Han Zhou Subject: [ovs-dev] [PATCH ovn v3 13/13] tutorial: Add tutorial for OVN Interconnection. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Added tutorial, and also updated NEWS and TODO. Tested-by: Aliasgar Ginwala Signed-off-by: Han Zhou --- Documentation/automake.mk | 1 + Documentation/tutorials/index.rst | 1 + Documentation/tutorials/ovn-interconnection.rst | 188 ++++++++++++++++++++++++ NEWS | 5 + TODO.rst | 6 + 5 files changed, 201 insertions(+) create mode 100644 Documentation/tutorials/ovn-interconnection.rst diff --git a/Documentation/automake.mk b/Documentation/automake.mk index bf21663..2f33753 100644 --- a/Documentation/automake.mk +++ b/Documentation/automake.mk @@ -20,6 +20,7 @@ DOC_SOURCE = \ Documentation/tutorials/ovn-sandbox.rst \ Documentation/tutorials/ovn-ipsec.rst \ Documentation/tutorials/ovn-rbac.rst \ + Documentation/tutorials/ovn-interconnection.rst \ Documentation/topics/index.rst \ Documentation/topics/testing.rst \ Documentation/topics/high-availability.rst \ diff --git a/Documentation/tutorials/index.rst b/Documentation/tutorials/index.rst index 1cf083e..4ff6e16 100644 --- a/Documentation/tutorials/index.rst +++ b/Documentation/tutorials/index.rst @@ -43,3 +43,4 @@ vSwitch. ovn-openstack ovn-rbac ovn-ipsec + ovn-interconnection diff --git a/Documentation/tutorials/ovn-interconnection.rst b/Documentation/tutorials/ovn-interconnection.rst new file mode 100644 index 0000000..2f9d6d7 --- /dev/null +++ b/Documentation/tutorials/ovn-interconnection.rst @@ -0,0 +1,188 @@ +.. + Licensed under the Apache License, Version 2.0 (the "License"); you may + not use this file except in compliance with the License. You may obtain + a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations + under the License. + + Convention for heading levels in OVN documentation: + + ======= Heading 0 (reserved for the title in a document) + ------- Heading 1 + ~~~~~~~ Heading 2 + +++++++ Heading 3 + ''''''' Heading 4 + + Avoid deeper levels because they do not render well. + +=================== +OVN Interconnection +=================== + +This document provides a guide for interconnecting multiple OVN deployements +with OVN managed tunneling. More details about the OVN Interconnectiong design +can be found in ``ovn-architecture``\(7) manpage. + +This document assumes two or more OVN deployments are setup and runs normally, +possibly at different data-centers, and the gateway chassises of each OVN +are with IP addresses that are reachable between each other. + +Setup Interconnection Databases +------------------------------- + +To interconnect different OVNs, you need to create global OVSDB databases that +store interconnection data. The databases can be setup on any nodes that are +accessible from all the central nodes of each OVN deployment. It is +recommended that the global databases are setup with HA, with nodes in +different avaialbility zones, to avoid single point of failure. + +1. Install OVN packages on each global database node. + +2. Start OVN IC-NB and IC-SB databases. + + On each global database node :: + + $ ovn-ctl [options] start_ic_ovsdb + + Options depends on the HA mode you use. To start standalone mode with TCP + connections, use :: + + $ ovn-ctl --db-ic-nb-create-insecure-remote=yes \ + --db-ic-sb-create-insecure-remote=yes start_ic_ovsdb + + This command starts IC database servers that accept both unix socket and + TCP connections. For other modes, see more details with :: + + $ ovn-ctl --help + +Register OVN to Interconnection Databases +----------------------------------------- + +For each OVN deployment, set an availability zone name :: + + $ ovn-nbctl set NB_Global . name= + +The name should be unique across all OVN deployments, e.g. ovn-east, +ovn-west, etc. + +For each OVN deployment, start the ``ovn-ic`` daemon on central nodes :: + + $ ovn-ctl --ovn-ic-nb-db= --ovn-ic-sb-db= \ + --ovn-northd-nb-db= --ovn-northd-sb-db= [more options] start_ic + +An example of ```` is ``tcp::6645``, or for +clustered DB: ``tcp::6645,tcp::6645,tcp::6645``. +```` is similar, but usually with a different port number, typically, +6646. + +For ```` and ````, use same connection methods as for starting +``northd``. + +Verify each OVN registration from global IC-SB database, using +``ovn-ic-sbctl``, either on a global DB node or other nodes but with property +DB connection method specified in options :: + + $ ovn-ic-sbctl show + +Configure Gateways +------------------ + +For each OVN deployment, specify some chassises as interconnection gateways. +The number of gateways you need depends on the scale and bandwidth you need for +the traffic between the OVN deployments. + +For a node to work as an interconnection gateway, it must firstly be installed +and configured as a regular OVN chassis, with OVS and ``ovn-controller`` +running. To make a chassis as an interconnection gateway, simply run the +command on the chassis :: + + $ ovs-vsctl set open_vswitch . external_ids:ovn-is-interconn=true + +After configuring gateways, verify from the global IC-SB database :: + + $ ovn-ic-sbctl show + +Create Transit Logical Switches +------------------------------- + +Transit Logical Switches, or Transit Switches, are virtual switches for +connecting logical routers in different OVN setups. :: + + $ ovn-ic-nbctl ts-add + +After creating a transit switch, it can be seen from each OVN deployment's +Northbound database, which can be seen using :: + + $ ovn-nbctl find logical_switch other_config:interconn-ts= + +You will also see it with simply ``ovn-nbctl ls-list``. + +If there are multiple tenants that require traffic being isolated from each +other, then multiple transit switches can be created accordingly. + +Connect Logical Routers to Transit Switches +------------------------------------------- + +Connect logical routers from each OVN deployment to the desired transit +switches just as if they are regular logical switches, which includes below +steps (from each OVN, for each logical router you want to connect). + +Assume a transit switch named ``ts1`` is already created in ``IC-NB`` and a +logical router ``lr1`` created in current OVN deployment. + +1. Create a logical router port. :: + + $ ovn-nbctl lrp-add lr1 lrp-lr1-ts1 aa:aa:aa:aa:aa:01 169.254.100.1/24 + + (The mac and IP are examples.) + +2. Create a logical switch port on the transit switch and peer with the logical + router port. :: + + $ ovn-nbctl lsp-add ts1 lsp-ts1-lr1 -- \ + lsp-set-addresses lsp-ts1-lr1 router -- \ + lsp-set-type lsp-ts1-lr1 router -- \ + lsp-set-options lsp-ts1-lr1 router-port=lrp-lr1-ts1 + +3. Assign gateway(s) for the logical router port. :: + + $ ovn-nbctl lrp-set-gateway-chassis lrp-lr1-ts1 [priority] + + Optionally, you can assign more gateways and specify priorities, to achieve + HA, just as usual for a distributed gateway port. + +Similarly in another OVN deployment, you can connect a logical router (e.g. +lr2) to the same transit switch the same way, with a different IP (e.g. +169.254.100.2) on the same subnet. + +The ports connected to transit switches will be automatically populated to +``IC-SB`` database, which can be verified by :: + + $ ovn-ic-sbctl show + +Create Static Routes +-------------------- + +Now that you have all the physical and logical topologies ready, simply create +static routes between the OVN deployments so that packets can be forwarded by +the logical routers through transit switches to the remote OVN. + +For example, in ovn-east, there are workloads using 10.0.1.0/24 under lr1, and +in ovn-west, there are workloads using 10.0.2.0/24 under lr2. + +In ovn-east, add below route :: + + $ ovn-nbctl lr-route-add lr1 10.0.2.0/24 169.254.100.2 + +In ovs-west, add below route :: + + $ ovn-nbctl lr-route-add lr2 10.0.1.0/24 169.254.100.1 + +Now the traffic should be able to go through between the workloads through +tunnels crossing gateway nodes of ovn-east and ovn-west. diff --git a/NEWS b/NEWS index 9e7d601..d8a1526 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,11 @@ Post-OVS-v2.12.0 - Added Stateless Floating IP support in OVN. - Added Forwarding Group support in OVN. + - OVN Interconnection: + * Support for L3 interconnection of multiple OVN deployments with tunnels + managed by OVN. See instructions in + Documentation/tutorials/ovn-interconnection.rst. + v2.12.0 - 03 Sep 2019 --------------------- - DPDK: diff --git a/TODO.rst b/TODO.rst index 943d9bf..fbab508 100644 --- a/TODO.rst +++ b/TODO.rst @@ -145,3 +145,9 @@ OVN To-do List * Support FTP ALGs. * Support reject action. + +* OVN Interconnection + + * Packaging for RHEL, Debian, etc. + + * Route advertisement between edge routers.