1、OVN是什么
OVN(Open Virtual Network)開放虛擬網絡,是OVS提供的原生虛擬化網絡方案。OVN在OVS現有功能的基礎上原生支持虛擬網絡抽象,例如虛擬L2,L3覆蓋網絡以及完全組,諸如DHCP,DNS的服務也是其關注的內容。就像OVS一樣,OVN的設計目標是可以大規模運行的高質量生產級實施方案。
OVN由以下組件構成:
- CMS (Cloud Management System):雲管理系統。
- OVN/CMS Plugin:OVN/CMS插件是CMS的組件OVN的接口。在OpenStack中,這是一個Neutron插件。這個插件的主要目的是翻譯CMS邏輯網絡配置的概念,存儲在CMS的配置數據庫是使用特定的CMS格式,轉化為一個被OVN理解的中間表示。
- OVN Northbound DB:OVN北向數據庫,接收來之OVN/CMS Plugin的邏輯配置信息,主要包括邏輯交換機,邏輯路由器,ACL等。
- ovn-northd: 連接OVN北向數據庫和OVN南向數據庫,主要功能是將北向的邏輯配置信息轉換為南向的物理配置信息。
- OVN SouthBound DB:OVN南向數據庫,主要保存來自ovn-northd翻譯的網絡配置信息。
- ovn-controller:是OVN在每個節點上的本地SDN控制器。
- ovs-vswitchd和ovsdb-server:節點上的OVS進程。
OVN架構如下所示:
CMS | | +-----------|-----------+ | | | | OVN/CMS Plugin | | | | | | | | OVN Northbound DB | | | | | | | | ovn-northd | | | | +-----------|-----------+ | | +-------------------+ | OVN Southbound DB | +-------------------+ | | +------------------+------------------+ | | | HV 1 | | HV n | +---------------|---------------+ . +---------------|---------------+ | | | . | | | | ovn-controller | . | ovn-controller | | | | | . | | | | | | | | | | | | | ovs-vswitchd ovsdb-server | | ovs-vswitchd ovsdb-server | | | | | +-------------------------------+ +-------------------------------+
2、OVN如何安裝
2.1 通過源碼安裝
2.1.1 安裝OVS
# 1、預裝環境依賴 yum -y install systemd-units openssl groff graphviz desktop-file-utils python-twisted python-zope-interface procps-ng checkpolicy libcap-ng libcap-ng-devel unbound unbound-devel yum -y install python-six selinux-policy-devel python-sphinx yum -y install make gcc openssl-devel autoconf automake rpm-build redhat-rpm-config perl yum -y install python-devel kernel-devel kernel-debug-devel libtool wget git python3 # 2、下載項目源碼 git clone https://github.com/openvswitch/ovs.git # 3、Bootstrapping ./boot.sh # 4、Configuring ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc # 5、Build make
make install
make modules_install
2.1.2 安裝OVN
# 1、下載項目源碼
git clone https://github.com/ovn-org/ovn.git # 2、Bootstrapping ./boot.sh # 3、Configuring ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --with-ovs-source=/root/ovs # 4、Build make
make install
2.1.3 啟動OVS/OVN
# 啟動OVS
[root@localhost ovs]# /usr/share/openvswitch/scripts/ovs-ctl start --system-id=random
/etc/openvswitch/conf.db does not exist ... (warning).
Creating empty database /etc/openvswitch/conf.db [ OK ]
Starting ovsdb-server [ OK ]
Configuring Open vSwitch system IDs [ OK ]
Inserting openvswitch module [ OK ]
Starting ovs-vswitchd [ OK ]
Enabling remote OVSDB managers [ OK ]
# 啟動OVN
[root@localhost ovn]# /usr/share/ovn/scripts/ovn-ctl start_northd
/etc/ovn/ovnnb_db.db does not exist ... (warning).
Creating empty database /etc/ovn/ovnnb_db.db [ OK ]
Starting ovsdb-nb [ OK ]
/etc/ovn/ovnsb_db.db does not exist ... (warning).
Creating empty database /etc/ovn/ovnsb_db.db [ OK ]
Starting ovsdb-sb [ OK ]
Starting ovn-northd [ OK ]
# 啟動ovn-controller
[root@localhost ovn]# /usr/share/ovn/scripts/ovn-ctl start_controller
Starting ovn-controller [ OK ]
# 設置南北向數據庫的監聽端口
ovn-nbctl set-connection ptcp:6641:127.0.0.1
ovn-sbctl set-connection ptcp:6642:0.0.0.0
# 設置chassis連接到ovn(IP地址根據實際節點的IP信息設置)
ovs-vsctl set open_vswitch . external-ids:ovn-remote=tcp:172.28.110.172:6642
ovs-vsctl set open_vswitch . external-ids:ovn-encap-type=geneve
ovs-vsctl set open_vswitch . external-ids:ovn-encap-ip=172.28.110.172
2.1.4 檢查是否安裝成功
# 檢查OVS是否安裝成功
[root@localhost ovn-branch-20.09]# ovs-vsctl -V
ovs-vsctl (Open vSwitch) 2.14.0
DB Schema 8.2.0
# 檢查OVN是否安裝成功
[root@localhost ovn-branch-20.09]# ovn-nbctl -V
ovn-nbctl 20.09.1
Open vSwitch Library 2.14.0
DB Schema 5.27.0
3、OVN初體驗
搭建一個最簡拓撲,實際使用下OVN,該最簡拓撲包括一台邏輯交換機和兩台虛機(虛機使用linux的namespace模擬),拓撲如下:
# 創建邏輯交換機ls
ovn-nbctl ls-add ls
# 創建邏輯交換機端口ls-p1
ovn-nbctl lsp-add ls ls-p1
ovn-nbctl lsp-set-addresses ls-p1 00:00:00:00:00:11
# 創建邏輯交換機端口ls-p1
ovn-nbctl lsp-add ls ls-p2
ovn-nbctl lsp-set-addresses ls-p2 00:00:00:00:00:22
# 添加vm1
ip netns add vm1
ip link add vm1 type veth peer name vm1-peer
ovs-vsctl add-port br-int vm1-peer
ip link set vm1 netns vm1
ip netns exec vm1 ip link set vm1 address 00:00:00:00:00:11
ip netns exec vm1 ip addr add 192.168.1.2/24 dev vm1
ip netns exec vm1 ip link set vm1 up
ovs-vsctl set Interface vm1-peer external_ids:iface-id=ls-p1
ip netns exec vm1 ip r add default via 192.168.1.1
ip link set vm1-peer up
# 添加vm2
ip netns add vm2
ip link add vm2 type veth peer name vm2-peer
ovs-vsctl add-port br-int vm2-peer
ip link set vm2 netns vm2
ip netns exec vm2 ip link set vm2 address 00:00:00:00:00:22
ip netns exec vm2 ip addr add 192.168.1.3/24 dev vm2
ip netns exec vm2 ip link set vm2 up
ovs-vsctl set Interface vm2-peer external_ids:iface-id=ls-p2
ip netns exec vm2 ip r add default via 192.168.1.1
ip link set vm2-peer up
驗證虛機之間的連通性
# 通過ovn-nbctl查看邏輯網絡
[root@localhost ~]# ovn-nbctl show
switch e9f2556c-7824-46f9-a450-42136522ed91 (ls)
port ls-p2
addresses: ["00:00:00:00:00:22"]
port ls-p1
addresses: ["00:00:00:00:00:11"]
# 通過ovs-vsctl查看
[root@localhost ~]# ovs-vsctl show
dbb195c6-abc3-497f-acc0-9932d7095800
Bridge br-int
fail_mode: secure
datapath_type: system
Port vm2-peer
Interface vm2-peer
Port vm1-peer
Interface vm1-peer
ovs_version: "2.14.0"
# 驗證vm1與vm2之間的通信
# vm1 ping vm2
[root@localhost ovn-branch-20.09]# ip netns exec vm1 ping 192.168.1.3
PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=1.07 ms
64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.176 ms
64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.078 ms
64 bytes from 192.168.1.3: icmp_seq=4 ttl=64 time=0.084 ms
64 bytes from 192.168.1.3: icmp_seq=5 ttl=64 time=0.079 ms
^C
--- 192.168.1.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.078/0.298/1.075/0.390 ms
# vm2 ping vm1
[root@localhost ovn-branch-20.09]# ip netns exec vm2 ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.644 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.100 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.100 ms
64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.087 ms
64 bytes from 192.168.1.2: icmp_seq=5 ttl=64 time=0.065 ms
^C
--- 192.168.1.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.065/0.199/0.644/0.222 ms