First i read that i need an “Integration Bridge” which will normally named “br-int”. As i normally name my Switches/Bridges in capital letters, i want to change the “Integration Bridge” to OVN.

But how does it work, and how does the “Controller” nows what he should configure and where?

I tried to show on Overview of the components and dependencies:

OVN_Overview

OVN consists of the following basic components:

  • ovn-central: ovn-northd + north & south db
  • ovn-controller: connects to south db and configures the “Integration Bridge”
  • ovs-vswitchd: Normal Open vSwitch daemon for Bridges

You don’t need all components on all systems. For example, the ovn-northd with the north & south DB can be run on an system without an “normal” Open vSwitch daemon. Only as an Central Instance. I will name this Instance (where ovn-northd is running) ovn-central from now on. It is the same name as the corresponding debian package to install ovn-northd.

The ovn-central System holds the configuration of Logical Switches and Ports, Logical Routers, Logical Loadbalancers and more “Logical Network Definition”. With ovn-nbctl you define your virtual network and with ovn-sbctl you can see the participating chassis and where the logical components reside in your network.

We will create/use this environment according this picture (create only the OVN specific parts):

OVN_LAB01

  • L3 Gateway is an Linux Debian Stretch System with interconnects my HOME Networks
  • kvmhost01-03 are my current KVM Hosts with around 10-15 VM Machines in one VLAN (200)
  • Overlay Network is the new Network between L3 Gateway, kvmhost01 and kvmhowst03 (kvmhost02 had no interface left g)

First we build the ovn-central System on the Gateway. I use therefore debian jessie with an backported sid openvswitch package, as my kvmhosts are Arch Linux and they had an OVS 2.8.X installed.

apt-get install ovn-central

The Debian Package ensure, that the needed Services are running (ovn-northd, ovsdb-server for nb & sb db). Since OVS 2.7 you need to start listening for OVN components:

ovn-sbctl set-connection ptcp:6642 
ovn-nbctl set-connection ptcp:6641

On the Gateway we can now use ovn-nbctl show to see our logical definitions, which should be empty.

Let us create the first logical Switch on the Gateway:

ovn-nbctl ls-add SERVER

That is it, ovn-nbctl show should now print something like:

switch d87948b3-c94e-4329-aa54-37a953b2aaa8 (SERVER)

Ok, now we had an Logical Switch on an Central Controll System, but nothing really usefull. Just let us attach the Chassis to the OVN Network. As my kvmhosts running on Arch Linux, they had installed the openvswitch binaries and scripts (pacman -S openvswitch). Make sure, that the ovs-vswitchd is running and the ovn-controller is stopped. The ovn-controller will be managed by an ovn-ctl script located in /usr/lib/openvswitch/scripts/.

/usr/share/openvswitch/scripts/ovn-ctl stop_controller

Let us create an Integration Bridge with the Name OVN on kvmhost01 ad kvmhost03:

ovs-vsctl add-br OVN -- set Bridge OVN fail-mode=secure

We now tell the Hosts, how the ovn-central system can be reached and which Integration Bridge should be used:

id_file=/etc/openvswitch/system-id.conf
test -e $id_file || uuidgen > $id_file

ovs-vsctl set open . external_ids:system-id=$(cat $id_file)
ovs-vsctl set open . external_ids:ovn-nb="tcp:172.18.31.1:6641"
ovs-vsctl set open . external-ids:ovn-remote="tcp:172.18.31.1:6642"
ovs-vsctl set open . external-ids:ovn-encap-type=geneve
ovs-vsctl set open . external-ids:ovn-encap-ip=172.18.31.10
ovs-vsctl set open . external_ids:ovn-bridge=OVN

On Arch Linux the Package doesn’t generate an system-id.conf file with an system wide uuid, so the first lines will create them if it isn’t already there. The above settings are made on kvmhost01, be sure to change the ovn-encap-ip to your Overlay IP of the Host. And start the ovn-controller after configure the settings above:

/usr/share/openvswitch/scripts/ovn-ctl start_controller

If all went well, you can see on your ovn-central system the new Chassis with ovn-sbctl show:

Chassis "bffe235d-b222-49ce-9723-180ad5ba8b90"
    hostname: "kvmhost01"
    Encap geneve
	ip: "172.18.31.10"
	options: {csum="true"}

Just repeat the settings on all of your participating hosts and ovn-sbctl show and with our lab setup, it should look like:

Chassis "bffe235d-b222-49ce-9723-180ad5ba8b90"
    hostname: "kvmhost01"
    Encap geneve
	ip: "172.18.31.10"
	options: {csum="true"}
Chassis "804c7da4-04c8-416e-9420-0345f7335284"
    hostname: "kvmhost03"
    Encap geneve
	ip: "172.18.31.30"
	options: {csum="true"}

What we now had is like our LAB Picture, and Central Controll System with two Chassis connected. Also we had created an Logical Switch (SERVER) it is not really used currently.

In the next article, we create an L2 Breakout to be used by VMs in the Logical Switch (SERVER) …