Currently we had the following LAB generated:
- OVN-Central up & running
- kvmhost01 & 03 are connected as Chassis to OVN-Central
- Created an Logical Switch SERVER on OVN-Central
Before we go and create some VMs, we should discuss, how we want to interconnect them with the outside world. There are two major options L3 or L2. As the SERVER Network outside OVN is an VLAN based Network (VLAN 200) with many VMs on it, we focus on L2 Breakout, to had an easy migration path from non-ovn VMs to ovn VMs and to use all existing Network Functions (Gateway, DHCPv4 + v6 ...).
We want an L2 Breakout, which connects the Logical Switch SERVER with the existing OVS HOME on VLAN 200. And there are also 2 options:
- L2 localnet breakout
- L2 gateway breakout
What are the best to use? What are the differences?
FOr both L2 breakout's we need a Brige Mapping, which is a definition of a network_name:OVS_Bridge. For example, we want a network name physnet200 to be on OVS Bridge HOME we will use:
ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet200:HOME
This needs to be set on the Chassis/KVM Node where we need it (see below).
L2 localnet breakout
This L2 breakout is an direct breakout on every KVM Node. Means there is an "local" connection between the Logical Switch SERVER OVN Bridge and a OVS Bridge which connects to VLAN 200. If we generate an localnet port on OVN-Central, this localnet port gets predecence above other connection mechanisms (geneve tunnels for example).
What does it mean?
If we had two VMs running in the Logical Switch SERVER, one on kvmhost01 and the other on kvmhost03. Normally the communication between the two VMs will be forwarded over geneve tunnels between the hosts. If the Logical Switch has an localnet port configured, the communication is done via the VLAN 200 interconnection as with normal communication between KVM/OVS Nodes with an physical transport network connected.
An direct HA concept does not exists, as if one node looses the local L2 breakout, all VMs on this Node looses the connection to outside L2. NO reroute to an other Node will be occure.
How to configure ?
On every Chassis/KVM Node (in our LAB kvmhost01, kvmhost03):
ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet200:HOME
On OVN-Central (will be transferred to every OVN attached Chassis/KVM Node):
ovn-nbctl lsp-add SERVER server-localnet "" 200
ovn-nbctl lsp-set-addresses server-localnet unknown
ovn-nbctl lsp-set-type server-localnet localnet
ovn-nbctl lsp-set-options server-localnet network_name=physnet200
This will configure a localnet port with VLAN Tag 200 and Bridge Mapping physnet200 to HOME. Which will mean:
Send all unknown L2 traffic to this logical Port, switch it over to Bridge named HOME with VLAN Tag200.
L2 gateway breakout
This L2 breakout was only on one defined Chassis / KVM Node. The other participating Nodes use tunnel to use this L2 breakout.
What does it mean?
If we had two VMs runing in the Logical Switch SERVER, one on kvmhost01 and the other on kvmhost03 and kvmhost01 is the configured L2 gateway. The communication between this VMs will be done via Tunnel in the Overlay Network. If the VM on kvmhost01 will use the L2 breakout, this is done locally and if the other VM on kvmhost03 needs to breakout, the transport is first done via Tunnel to kvmhost01 and then to the configured breakout bridge/VLAN.
It seem an HA concept for this may exists, but on several sides you can read not to use L2HAGateway implementations as they are likely to create loops or other problems.
How to configure?
Only on Chassis/KVM Node which is the L2 Gateway Chassis (in our LAB kvmhost01):
ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet200:HOME
On OVN-Central (will be transferred to every OVN attached Chassis/KVM Node):
ovn-nbctl lsp-add SERVER server-l2gateway "" 200
ovn-nbctl lsp-set-addresses server-l2gateway unknown
ovn-nbctl lsp-set-type server-l2gateway l2gateway
ovn-nbctl lsp-set-options server-l2gateway network_name=physnet200 l2gateway-chassis=bffe235d-b222-49ce-9723-180ad5ba8b90
ATTENTION:
The lsp-set-options need to be on one Line with spaces as delimiter, no commata or breakup in more lines. This won't work, trust me i tried it serveral hours ...
This will configure a l2gateway port with VLAN Tag 200 and Bridge Mapping physnet200 to HOME only on Chassis with given ID (kvmhost01 in our LAB). Which will mean:
Send all unknown L2 traffic from other Chassis via geneve tunnel to Chassis with ID & Port and switch it over to Bridge named HOME with VLAN Tag200. Local Chassis Traffic will be send to this Port directly and switched to Bridge named HOME with VLAN TAG 200.
Conclusion for our LAB:
I will use the L2 Gateway breakout for the upcoming Lab Parts, as i see one advantage over the L2 localnet breakout: You can have participating hosts, which only needs a connection to the overlay network and an OVN integration and they can participate on the hole environment, they can even host Systems within VLAN 200, wihtout needing an Interface in this VLAN (as we will transform kvmhost02 in near future into such a system). Downside is the single point of failure but this is acceptable in this scenario.