OVS and OVN in K8s

Posted by Manish Panchmatia on Wednesday, September 16, 2020 Labels:

OVS Networking at K8s

kbr0 bridge created on each node with brctl command with 10.244.x.0/24. obr0 bridge is also created and added as port to kbr0 . All obr0 bridges accross nodes are connected with GRE. For large scale isolation VxLAN is used. It may not be complete mesh of all nodes with obr0. STP mode in obr0 bridges prevents loop. Routing rules makes target reachable in 10.244.0.0/16

Ref: https://unofficial-kubernetes.readthedocs.io/en/latest/admin/ovs-networking/

CNIs:
1. Kube-OVN

Kube-OVN is an OVN-based kubernetes network fabric for enterprises. With the help of OVN/OVS, it provides some advanced overlay network features like subnet, QoS, static IP allocation, traffic mirroring, gateway, openflow-based network policy and service proxy.
Kube-OVN implements a subnet-per-namespace network topology. That means a cidr can spread the entire cluster nodes, and the ip allocation is fulfilled by kube-ovn-controller at a central place. kube-ovn can apply lots of network configurations at subnet level, like cidr, gw, exclude_ips, nat 
Calico use no encapsulation or lightweight IPIP encapsulation and Kube-OVN uses geneve to encapsulate packets. No encapsulation can achieve better network performance for both throughput and latency. However, as this method will expose pod network directly to the underlay network with it comes with the burden on deploy and maintain. In some managed network environment where BGP and IPIP is not allowed, encapsulation is a must.
Kube-OVN can also work in non-encapsulation mode, that take use of underlay switches to switch the packets or use hardware offload to achieve better performance than kernel datapath.
https://github.com/alauda/kube-ovn

3. OVN4NFV-K8s-Plugin (OVN based CNI controller & plugin)

OVN4NFV-K8S-Plugin is OVN based CNI controller plugin to provide cloud native based Service function chaining(SFC), Multiple OVN overlay networking, dynamic subnet creation, dynamic creation of virtual networks, VLAN Provider network, Direct provider network and pluggable with other Multi-network plugins, ideal for edge based cloud native workloads in Multi-cluster networking
https://github.com/opnfv/ovn4nfv-k8s-plugin

4. OVN (Open Virtual Networking)
OVN is an opensource network virtualization solution developed by the Open vSwitch community. It lets one create logical switches, logical routers, stateful ACLs, load-balancers etc to build different virtual networking topologies. The project has a specific Kubernetes plugin and documentation at ovn-kubernetes.
ovn-kubernetes implements a subnet-per-node network topology. That means each node will have a fixed cidr range,
https://github.com/ovn-org/ovn-kubernetes

5. Open vSwitch CNI plugin
This plugin allows user to define Kubernetes networks on top of Open vSwitch bridges available on nodes. Note that ovs-cni does not configure bridges, it's up to a user to create them and connect them to L2, L3 or an overlay network. This project also delivers OVS marker, which exposes available bridges as Node resources, that can be used to schedule pods on the right node via intel/network-resources-injector. Finally please note that Open vSwitch must be installed and running on the host.

In order to use this plugin, Multus must be installed on all hosts and NetworkAttachmentDefinition CRD created. First create network attachment definition. This object specifies to which Open vSwitch bridge should the pod be attached and what VLAN ID should be set on the port.
https://github.com/kubevirt/ovs-cni

6. OVS
§ CNI binary attaching PODs to and OVS bridge
§ POD-to-POD and POD-to-Service communication with OpenFlow rules
§ Enhanced monitoring using Prometheus and OVS-exporter
§ Speed and latency is comparable with leading plugins (Flannel, Calico, Weave)
§ DPDK integration possibility

0 comments:

Post a Comment