April 30, 2019

Metal³ - Metal Kubed, Bare Metal Provisioning for Kubernetes

Project Introduction There are a number of great open source tools for bare metal host provisioning, including Ironic. Metal³ aims to build on these technologies to provide a Kubernetes native API for managing bare metal hosts via a provisioning stack that is also running on Kubernetes. We believe that Kubernetes Native Infrastructure, or managing your infrastructure just like your applications, is a powerful next step in the evolution of infrastructure management.

May 30, 2017

OVN - Geneve vs VXLAN, Does it Matter?

One of the early design decisions made in OVN was to only support tunnel encapsulation protocols that provided the ability to include additional metadata beyond what fits in the VNI field of a VXLAN header. OVN mostly uses the Geneve protocol and only uses VXLAN for integration with TOR switches that support the hardware_vtep OVSDB schema to use as L2 gateways between logical and physical networks. Many people wonder when they first learn of this design decision, “why not VXLAN?

December 19, 2016

Comparing OpenStack Neutron ML2+OVS and OVN - Control Plane

We have done a lot of performance testing of OVN over time, but one major thing missing has been an apples-to-apples comparison with the current OVS-based OpenStack Neutron backend (ML2+OVS). I’ve been working with a group of people to compare the two OpenStack Neutron backends. This is the first piece of those results: the control plane. Later posts will discuss data plane performance. Control Plane Differences The ML2+OVS control plane is based on a pattern seen throughout OpenStack.

November 11, 2016

OVN Logical Flows and ovn-trace

One of the most satisfying feelings when working on new software is when you settle on a really great abstraction. When this goes well, things just fall into place. The design is easy to understand and modifying the system is an easy, pleasant experience. This is how I’ve felt as I learned about the original proposed design for OVN and then contributed to OVN development over the last year and a half.

September 29, 2016

OVS 2.6 and The First Release of OVN

In January of 2015, the Open vSwitch team announced that they planned to start a new project within OVS called OVN (Open Virtual Network). The timing could not have been better for me as I was looking around for a new project. I dove in with a goal of figuring out whether OVN could be a promising next generation of Open vSwitch integration for OpenStack and have been contributing to it ever since.

October 22, 2015

OpenStack Security Groups using OVN ACLs

OpenStack Security Groups give you a way to define packet filtering policy that is implemented by the cloud infrastructure. OVN and its OpenStack Neutron integration now includes support for security groups and this post discusses how it works. Existing OVS Support in OpenStack It’s worth looking at how this has been implemented with OVS in the past for OpenStack. OpenStack’s existing OVS integration (ML2+OVS) makes use of iptables to implement security groups.

October 15, 2015

Bridging Asterisk RTP streams with OVS

I’m at the AstriCon conference this week, which is a conference built around the Asterisk open source project. I worked on the Asterisk project for about 7 years before joining Red Hat to hack on cloud infrastructure. I also helped write a book about it. While I’m not working on Asterisk directly anymore, I still find it a very interesting project. The community is full of great people. Another reason I still pay attention is that communications infrastructure in general is an incredibly important use case for cloud infrastructure.

May 14, 2015

An EZ Bake OVN for OpenStack

When Ben Pfaff pushed the last of the changes needed to make OVN functional to the ovn branch, he dubbed it the “EZ Bake milestone”. The analogy is both humorous and somewhat accurate. We’ve reached the first functional milestone, which is quite exciting. In previous posts I have gone through and shown components of the system as it has been built. Now that it’s functional, I will go through a working demonstration of OpenStack using OVN.

April 21, 2015

OVN and OpenStack Status - 2015-04-21

It has been a couple weeks since the last OVN status update. Here is a review of what has happened since that time. ovn-nbd is now ovn-northd Someone pointed out that the acronym “nbd” is used for “Network Block Device” and may exist in the same deployment as OVN. To avoid any possible confusion, we renamed ovn-nbd to ovn-northd. ovn-controller now exists ovn-controller is the daemon that runs on every hypervisor or gateway.

April 8, 2015

Implementation of Pacemaker Managed OpenStack VM Recovery

I’ve discussed the use of Pacemaker as a method to detect compute node failures and recover the VMs that were running there. The implementation of this is ready for testing. Details can be found in this post to rdo-list. The post mentions one pending enhancement to Nova that would improve things further: Currently fence_compute loops, waiting for nova to recognise that the failed host is down, before we make a host-evacuate call which triggers nova to restart the VMs on another host.