OVN

  1. Open vSwitch (OVS)
    1. OVS dataplane
  2. Open Virtual Network (OVN)
    1. Northbound DB
    2. OVN-Northd
    3. Southbound DB
    4. OVN controller
    5. OVN dataplane

Open vSwitch (OVS)

  • L2 switch with OpenFlow support
  • requires L3 agent on a separate mode for L3 forwarding ⇒ bottleneck
  • OVSDB: configuration protocol
    • JSON RPC
    • create bridge, attach interface
    • ovsdb-server
  • OpenFlow: data plane configuration
    • ovs-vswitchd
  • packet handle
    • no flow entry: kernel sends packet to ovs-vswitchd who then caches flow in kernel
    • flow entry available: fast path in kernel
  • OVS agent:
    • Python

OVS dataplane

Open Virtual Network (OVN)

  • written in C
  • ARP suppress + ARP spoofing and imposing destination
  • functions
    • distributed L2/L3 for IPv4/IPv6
    • overlay support
    • ACL
    • NAT
    • DHCP
    • load-balancing
  • hypervisors: KVM, Xen, Hyper-V, containers, DPDK

Northbound DB

  • logical network, no info about physical network
  • logical switches, routers, ports, ACL

OVN-Northd

  • translates contents of Northbound DB into OpenFlow in Southbound DB
  • operates logical entities

Southbound DB

  • logical OpenFlow data from OVN-Northd
  • data from hypervisors

OVN controller

  • translates logical OpenFlow into physical entities (e.g., reference to other hypervisor → tunnel to hypervisor)

OVN dataplane

  • Kernel Connection tracking (conntrack) for stateful FW is more performant than bridge with iptables