[ovs-dev] weekly OVN report

Mon Mar 7 04:40:15 UTC 2016

I'd argue for the approach of keeping the OVSDB protocol in place, because
the SB schema is already there, well understood, and making the central DB
a fault tolerant cluster would have little or no impact on the
ovs-controller implementation. It would also allow the current single OVSDB
to continue to function while the cluster is developed.

That said, if the current OVSDB doesn't have an ACL model, I have some
security and robustness concerns, once it's run at scale. Has it been
considered to add an ACL model to OVSDB?

On Mon, Mar 7, 2016 at 11:35 AM, Ben Pfaff <blp at ovn.org> wrote:

> It hadn't honestly occurred to me that it was an option to retain the
> protocol but change the database.  I was assuming that, if OVN switches
> to a different database, it would adopt the database's own protocol for
> communication to the cluster.  Of course, now that you mention it, there
> is a degree of freedom there, if we were for example to write a proxy
> that runs in the cluster.
>
> Do you want to argue for or against this approach?
>
> On Sun, Mar 06, 2016 at 02:13:58PM +0900, Dan Mihai Dumitriu wrote:
> > Understood Ben.
> >
> > If the central (NB and/or SB) OVSDB were to be replaced, do you think it
> > would still be preferable to keep the OVSDB protocol between the local
> > ovn-controller and the central control cluster? Or would it be reasonable
> > to consider something like XMPP?
> >
> > Assuming the OVSDB protocol is kept, has there been some consideration of
> > the security model, e.g. something like ACLs on various parts of the SB
> DB,
> > so that agents have access only to what they need.
> >
> > Cheers,
> > Dan
> >
> >
> > On Sun, Mar 6, 2016 at 5:45 AM, Ben Pfaff <blp at ovn.org> wrote:
> >
> > > There are basically two possible paths here.  One path is to enhance
> > > OVSDB.  The other is to switch to a different distributed database.  Of
> > > course, in the latter case the question is "which one?"  Until
> recently,
> > > we weren't seeing much performance or availability pressure on OVSDB,
> so
> > > it made sense to stick with what already worked.  Now, we're starting
> to
> > > understand the requirements and the bottlenecks better, so it may be
> > > time to consider what distributed database is right for OVN.  Opinions
> > > are welcome!
> > >
> > > On Fri, Mar 04, 2016 at 12:39:54PM -0500, Russell Bryant wrote:
> > > > There's a lot of work happening to improve ovsdb performance (both
> on the
> > > > client and server sides).  There's testing happening in multiple
> > > > environments (physical and simulated) in the hundreds-of-hypervisors
> > > > range.  Interestingly, most of the bottlenecks we're exposing are on
> the
> > > > client side.
> > > >
> > > > We have some docs about the current HA story with OpenStack here:
> > > >
> > > > http://docs.openstack.org/developer/networking-ovn/faq.html
> > > >
> > > > Ben has mentioned that he might pick up the distributed ovsdb-server
> > > work,
> > > > which is important to get a much better HA story (or I suspect we'll
> have
> > > > to replace ovsdb).  I'll let him comment further on intentions and
> > > status,
> > > > though.
> > > >
> > > > On Fri, Mar 4, 2016 at 10:14 AM, Dan Mihai Dumitriu <
> dmd17 at cornell.edu>
> > > > wrote:
> > > >
> > > > > Hi Ben,
> > > > >
> > > > > What's the current thinking around the OVSDB HA and scale solution?
> > > > > Needless to say, the single SB DB to which all ovn-controllers
> connect
> > > > > could be a liability in various production scenarios.
> > > > >
> > > > > Cheers,
> > > > > Dan
> > > > > On Mar 4, 2016 00:48, "Ben Pfaff" <blp at ovn.org> wrote:
> > > > >
> > > > > > Here's my OVN report for the week, since I'll be in a meeting
> during
> > > the
> > > > > > IRC session today.
> > > > > >
> > > > > > The "continuation" feature needed as a basis for others is in.
> > > Justin
> > > > > > is reviewing the ARP support patches.
> > > > > >
> > > > > > I've spent most of the week in meetings, so there's been minimal
> > > > > > progress.  I'm currently working on some debugging support
> patches.
> > > > > > After that, I'm going to work on OVSDB.  I'm also interested in
> > > > > > improving ovn-controller performance.
> > > > > > _______________________________________________
> > > > > > dev mailing list
> > > > > > dev at openvswitch.org
> > > > > > http://openvswitch.org/mailman/listinfo/dev
> > > > > >
> > > > > _______________________________________________
> > > > > dev mailing list
> > > > > dev at openvswitch.org
> > > > > http://openvswitch.org/mailman/listinfo/dev
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Russell Bryant
> > >
>