Course: OVN – Open Virtual Network for Open vSwitch, v1.0

Duration: 4 days

Course description:  OVN course covers OVN – Open Virtual Network for Open vSwitch. Open vSwitch allows “network programming” on servers (typically hypervisors). Application can push flows into Open vSwitch bridges and they behave acording to these rules (comparing to traditional L2 bridges). Using flows, it is possible to implement switching, routing , ACL etc. Appllication that pushes flows can be simple application or complex distributed application which can e.g. implement logical network ( switches, routers) on multiple hypervisors. OVN is one such application. It is making progress and it is used more and more instead of some other approaches – e.g. it can replace default network implementation in Openstack neutron.

In this course, we will first give brief Open vSwitch overview with some labs. Next, OVN concepts are described. OVN features and underlying implementation is analyzed in theory and in number of labs. Logical switches are created, distributed routing is configured and explained, connection to external networks is analyzed, as well as e.g. NAT, ACL, DHCP and other features. This is done in number of steps so attendes should be familliar with OVN concepts at the end of this part which take most of time. Next, Openstack neutron implementation with OVN is described. Here, instead of mannualy creating switches, routers, ACL in OVN, Openstack plugin will create these objects as they correspond to Openstack objects. Using knowledge in previous part, attendees will analyze Openstack generated OVN  configuration and will be ready to troubleshoot possible issues. Also, they will be ready to optimaly configure Openstack  – e.g. configuring distributed  FIP or  schedulling routers on particular hosts.

Prerequisites: In short, this course assumes that atendees are operators (not end users of Openstack) on existing linux/openstack implementations with OVS but without OVN or they have similar knowledge. OVN can be used in other implementations, e.g.  with  containers. In this case, this course is also applicable as it provides detail overview of OVN networking in Part2.

Course content:

OVS intro

OVN intro

Part1- OVS and OpenFlow (short review from SDN course)

Openflow protocol

OVSDB protocol

OVS lab intro

Openvswitch

Introduction

Non openflow usage of openvswitch, labs

Linux veth pair, network namespaces

Using veth pair vs patches

Openflow usage of openvswitch, labs

Default behavior

Example with vlan tag manipulation

Using remote controller

OVSDB protocol

Overlay tunneling: VXLAN

Part2- Manual OVN configuration and details of operation

Lab intro

OVN chassis configuration

OVN L2 and principles of operation

OVN logical switching

Geneve tunneling in logical switching

Southbound flows

OVN trace

OVS flows generated by controller

Flooding

L2 port security

Tables in northbound and southbound databases

OVN internal L3

OVN distributed logical routing

OVN trace of routed packet

OVS flows with distributed routing

OVS flows trace

OVN external L3 connectivity

External connectivity to the flat network

Schedulling gateway router port – nonredundant mode – Option1

Schedulling gateway router port – nonredundant mode – Option2

Schedulling gateway router port – redundant mode

External connectivity to VLAN

Other features

NAT

SNAT

1-1 NAT

ACL

ACL – intro

ACL – statefull

ACL – statefull ovn-trace

ACL – allow incomming traffic

Portgroup

detrace

DHCP

DHCP trace

Localport

Container tagging and Openstack trunk ports

Part3- Openstack with OVN

Openstack lab intro

Remove openvswitch implementation components and neutron objects

Install OVN components

Configure OVN

Use Openstack with OVN

Self-service networks logical bridging

Create network and verify underlying implementation

Attach instance and verify underlying implementation and metadata implementation

Security groups implementation

Attach annother instance on other hypervisor

Test switching and verify tunneling

Self-service networks logical routing

DHCP implementation

Provider networking and logical routing

FIP implementation

Centralized FIP

Distributed FIP

Trunk ports in OVN