[ovs-dev] [PATCH ovn v2 13/13] tutorial: Add tutorial for OVN Interconnection.
Han Zhou
hzhou at ovn.org
Tue Nov 12 15:44:34 UTC 2019
On Wed, Oct 30, 2019 at 2:13 PM Han Zhou <hzhou at ovn.org> wrote:
>
> Added tutorial, and also updated NEWS and TODO.
>
> Tested-by: Aliasgar Ginwala <aginwala at ebay.com>
> Signed-off-by: Han Zhou <hzhou at ovn.org>
> ---
> Documentation/automake.mk | 1 +
> Documentation/tutorials/index.rst | 1 +
> Documentation/tutorials/ovn-interconnection.rst | 188
++++++++++++++++++++++++
> NEWS | 5 +
> TODO.rst | 10 ++
> 5 files changed, 205 insertions(+)
> create mode 100644 Documentation/tutorials/ovn-interconnection.rst
>
> diff --git a/Documentation/automake.mk b/Documentation/automake.mk
> index 5968d69..15d261d 100644
> --- a/Documentation/automake.mk
> +++ b/Documentation/automake.mk
> @@ -20,6 +20,7 @@ DOC_SOURCE = \
> Documentation/tutorials/ovn-sandbox.rst \
> Documentation/tutorials/ovn-ipsec.rst \
> Documentation/tutorials/ovn-rbac.rst \
> + Documentation/tutorials/ovn-interconnection.rst \
> Documentation/topics/index.rst \
> Documentation/topics/testing.rst \
> Documentation/topics/high-availability.rst \
> diff --git a/Documentation/tutorials/index.rst
b/Documentation/tutorials/index.rst
> index 1cf083e..4ff6e16 100644
> --- a/Documentation/tutorials/index.rst
> +++ b/Documentation/tutorials/index.rst
> @@ -43,3 +43,4 @@ vSwitch.
> ovn-openstack
> ovn-rbac
> ovn-ipsec
> + ovn-interconnection
> diff --git a/Documentation/tutorials/ovn-interconnection.rst
b/Documentation/tutorials/ovn-interconnection.rst
> new file mode 100644
> index 0000000..681a6d6
> --- /dev/null
> +++ b/Documentation/tutorials/ovn-interconnection.rst
> @@ -0,0 +1,188 @@
> +..
> + Licensed under the Apache License, Version 2.0 (the "License");
you may
> + not use this file except in compliance with the License. You may
obtain
> + a copy of the License at
> +
> + http://www.apache.org/licenses/LICENSE-2.0
> +
> + Unless required by applicable law or agreed to in writing, software
> + distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT
> + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the
> + License for the specific language governing permissions and
limitations
> + under the License.
> +
> + Convention for heading levels in OVN documentation:
> +
> + ======= Heading 0 (reserved for the title in a document)
> + ------- Heading 1
> + ~~~~~~~ Heading 2
> + +++++++ Heading 3
> + ''''''' Heading 4
> +
> + Avoid deeper levels because they do not render well.
> +
> +===================
> +OVN Interconnection
> +===================
> +
> +This document provides a guide for interconnecting multiple OVN
deployements
> +with OVN managed tunneling. More details about the OVN Interconnectiong
design
> +can be found in ``ovn-architecture``\(7) manpage.
> +
> +This document assumes two or more OVN deployments are setup and runs
normally,
> +possibly at different data-centers, and the gateway chassises of each OVN
> +are with IP addresses that are reachable between each other.
> +
> +Setup Interconnection Databases
> +-------------------------------
> +
> +To interconnect different OVNs, you need to create global OVSDB
databases that
> +store interconnection data. The databases can be setup on any nodes
that are
> +accessible from all the central nodes of each OVN deployment. It is
> +recommended that the global databases are setup with HA, with nodes in
> +different avaialbility zones, to avoid single point of failure.
> +
> +1. Install OVN packages on each global database node.
> +
> +2. Start OVN IC-NB and IC-SB databases.
> +
> + On each global database node ::
> +
> + $ ovn-ctl [options] start_ic_ovsdb
> +
> + Options depends on the HA mode you use. To start standalone mode
with TCP
> + connections, use ::
> +
> + $ ovn-ctl --db-inb-create-insecure-remote=yes \
> + --db-isb-create-insecure-remote=yes start_ic_ovsdb
> +
> + This command starts IC database servers that accept both unix socket
and
> + TCP connections. For other modes, see more details with ::
> +
> + $ ovn-ctl --help.
> +
> +Register OVN to Interconnection Databases
> +-----------------------------------------
> +
> +For each OVN deployment, set an availability zone name ::
> +
> + $ ovn-nbctl set NB_Global . name=<availability zone name>
> +
> +The name should be unique across all OVN deployments, e.g. ovn-east,
> +ovn-west, etc.
> +
> +For each OVN deployment, start the ``ovn-ic`` daemon on central nodes ::
> +
> + $ ovn-ctl --ovn-ic-inb-db=<IC-NB> --ovn-ic-isb-db=<IC-SB> \
> + --ovn-northd-nb-db=<NB> --ovn-northd-sb-db=<SB> [more
options] start_ic
> +
> +An example of ``<IC-NB>`` is ``tcp:<global db hostname>:6645``, or for
> +clustered DB: ``tcp:<node1>:6645,tcp:<node2>:6645,tcp:<node3>:6645``.
> +``<IC-SB>`` is similar, but usually with a different port number,
typically,
> +6646.
> +
> +For ``<NB>`` and ``<SB>``, use same connection methods as for starting
> +``northd``.
> +
> +Verify each OVN registration from global IC-SB database, using
> +``ovn-isbctl``, either on a global DB node or other nodes but with
property
> +DB connection method specified in options ::
> +
> + $ ovn-isbctl show
> +
> +Configure Gateways
> +------------------
> +
> +For each OVN deployment, specify some chassises as interconnection
gateways.
> +The number of gateways you need depends on the scale and bandwidth you
need for
> +the traffic between the OVN deployments.
> +
> +For a node to work as an interconnection gateway, it must firstly be
installed
> +and configured as a regular OVN chassis, with OVS and ``ovn-controller``
> +running. To make a chassis as an interconnection gateway, simply run the
> +command on the chassis ::
> +
> + $ ovs-vsctl set open_vswitch . external_ids:is-interconn=true
> +
> +After configuring gateways, verify from the global IC-SB database ::
> +
> + $ ovn-isbctl show
> +
> +Create Transit Logical Switches
> +-------------------------------
> +
> +Transit Logical Switches, or Transit Switches, are virtual switches for
> +connecting logical routers in different OVN setups. ::
> +
> + $ ovn-inbctl ts-add <name>
> +
> +After creating a transit switch, it can be seen from each OVN
deployment's
> +Northbound database, which can be seen using ::
> +
> + $ ovn-nbctl find logical_switch other_config:interconn-ts=<name>
> +
> +You will also see it with simply ``ovn-nbctl ls-list``.
> +
> +If there are multiple tenants that require traffic being isolated from
each
> +other, then multiple transit switches can be created accordingly.
> +
> +Connect Logical Routers to Transit Switches
> +-------------------------------------------
> +
> +Connect logical routers from each OVN deployment to the desired transit
> +switches just as if they are regular logical switches, which includes
below
> +steps (from each OVN, for each logical router you want to connect).
> +
> +Assume a transit switch named ``ts1`` is already created in ``IC-NB``
and a
> +logical router ``lr1`` created in current OVN deployment.
> +
> +1. Create a logical router port. ::
> +
> + $ ovn-nbctl lrp-add lr1 lrp-lr1-ts1 aa:aa:aa:aa:aa:01
169.254.100.1/24
> +
> + (The mac and IP are examples.)
> +
> +2. Create a logical switch port on the transit switch and peer with the
logical
> + router port. ::
> +
> + $ ovn-nbctl lsp-add ts1 lsp-ts1-lr1 -- \
> + ovn-nbctl lsp-set-addresses lsp-ts1-lr1 router -- \
> + ovn-nbctl lsp-set-type lsp-ts1-lr1 router -- \
> + ovn-nbctl lsp-set-options lsp-ts1-lr1
> +
Sorry this is another typo here. The command should be:
$ ovn-nbctl lsp-add ts1 lsp-ts1-lr1 -- \
lsp-set-addresses lsp-ts1-lr1 router -- \
lsp-set-type lsp-ts1-lr1 router -- \
lsp-set-options lsp-ts1-lr1 router-port=lrp-lr1-ts1
I will fix in next revision.
More information about the dev
mailing list