Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-31679: localnet, multi-homing: introduce localnet alias #4320

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

OCPBUGS-31679: localnet, multi-homing: introduce localnet alias #4320

wants to merge 2 commits into from

Conversation

maiqueb
Copy link
Contributor

@maiqueb maiqueb commented Apr 30, 2024
edited
Loading

- What this PR does and why is it needed

This PR introduces a network name alias to use when configuring the localnet networks.

By using this alias, the user can create multiple networks - on different vlans - without having to reconfigure the node's OVN bridge mappings. Essentially, the use can provide a single mapping and piggy-back multiple physical configurations in it.

Users in OpenShift use kubernetes-nmstate to configure these mappings; this way, they get to skip provisioning multiple policies.

- Special notes for reviewers

In this PR we are adding an alias to the network name attribute in the localnet logical switch port mandatory options.

By doing that, we can create multiple networks pointing at the same OVS bridge without having to provision additional bridge mappings, which provides a leaner and more focuses user workflow since any time the admin wants to define a new VLAN, all they need to do is to create a NetworkAttachmentDefinition (and re-use the existing binding).

This would be the new secondary networks definitions:

---
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: tenantblue123
spec:
  config: |2
    {
            "cniVersion": "0.4.0",
            "name": "tenantblue123",
            "type": "ovn-k8s-cni-overlay",
            "topology":"localnet",
            "vlanID": 123,
            "alias": "tenantblue",
            "subnets": "192.100.200.0/24",
            "excludeSubnets": "192.100.200.1/32",
            "netAttachDefName": "default/tenantblue123"
    }
---
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: tenantblue321
spec:
  config: |2
    {
            "cniVersion": "0.4.0",
            "name": "tenantblue321",
            "type": "ovn-k8s-cni-overlay",
            "topology":"localnet",
            "vlanID": 321,
            "alias": "tenantblue",
            "subnets": "192.150.250.0/24",
            "excludeSubnets": "192.150.250.1/32",
            "netAttachDefName": "default/tenantblue321"
    }

- How to verify it

Provision workloads ataching to those networks, and check the OVS databases contents:

# logical switch ports (localnet)
_uuid               : 014037c2-e34a-4ae1-b798-23133dbba72b
addresses           : [unknown]
dhcpv4_options      : []
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : []
external_ids        : {}
ha_chassis_group    : []
mirror_rules        : []
name                : tenantblue321_ovn_localnet_port
options             : {network_name=tenantblue}
parent_name         : []
port_security       : []
tag                 : 321
tag_request         : 321
type                : localnet
up                  : false


_uuid               : f9092ca2-a876-47c1-9897-1b12be6d573f
addresses           : [unknown]
dhcpv4_options      : []
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : []
external_ids        : {}
ha_chassis_group    : []
mirror_rules        : []
name                : tenantblue123_ovn_localnet_port
options             : {network_name=tenantblue}
parent_name         : []
port_security       : []
tag                 : 123
tag_request         : 123
type                : localnet
up                  : false

# OVS bridges port configuration
kubectl exec ovs-node-m6ch6 -novn-kubernetes -- ovs-vsctl show  
27800d09-e777-4798-86c6-45a5adfc5079
    Bridge breth0
        fail_mode: standalone
        Port patch-tenantblue123_ovn_localnet_port-to-br-int
            Interface patch-tenantblue123_ovn_localnet_port-to-br-int
                type: patch
                options: {peer=patch-br-int-to-tenantblue123_ovn_localnet_port}
        Port breth0
            Interface breth0
                type: internal
        Port patch-breth0_ovn-worker-to-br-int
            Interface patch-breth0_ovn-worker-to-br-int
                type: patch
                options: {peer=patch-br-int-to-breth0_ovn-worker}
        Port patch-tenantblue321_ovn_localnet_port-to-br-int
            Interface patch-tenantblue321_ovn_localnet_port-to-br-int
                type: patch
                options: {peer=patch-br-int-to-tenantblue321_ovn_localnet_port}
        Port eth0
            Interface eth0
    Bridge br-int
        fail_mode: secure
        datapath_type: system
...
        Port patch-br-int-to-breth0_ovn-worker
            Interface patch-br-int-to-breth0_ovn-worker
                type: patch
                options: {peer=patch-breth0_ovn-worker-to-br-int}
        Port patch-br-int-to-tenantblue321_ovn_localnet_port
            Interface patch-br-int-to-tenantblue321_ovn_localnet_port
                type: patch
                options: {peer=patch-tenantblue321_ovn_localnet_port-to-br-int}
        Port patch-br-int-to-tenantblue123_ovn_localnet_port
            Interface patch-br-int-to-tenantblue123_ovn_localnet_port
                type: patch
                options: {peer=patch-tenantblue123_ovn_localnet_port-to-br-int}
        Port "43bd51029b658_3"
            Interface "43bd51029b658_3"
    ovs_version: "3.2.2"

# OVS global configuration - check the external ids
kubectl exec ovs-node-m6ch6 -novn-kubernetes -- ovs-vsctl list open .
_uuid               : 27800d09-e777-4798-86c6-45a5adfc5079
bridges             : [580eae59-db86-4eb8-81f1-da44f4a0a23d, e65ed98f-bc0d-46d3-aef6-bf67aa67e517]
cur_cfg             : 45
datapath_types      : [netdev, system]
datapaths           : {system=a7910ab8-fe2d-4df8-83bd-b889d684fd7d}
db_version          : "8.4.0"
dpdk_initialized    : false
dpdk_version        : "DPDK 22.11.1"
external_ids        : {hostname=ovn-worker, ovn-bridge-mappings="physnet:breth0,tenantblue:breth0", ovn-enable-lflow-cache="true", ovn-encap-ip="10.89.0.5", ovn-encap-type=geneve, ovn-is-interconn="true", ovn-monitor-all="true", ovn-ofctrl-wait-before-clear="0", ovn-openflow-probe-interval="180", ovn-remote="unix:/var/run/ovn/ovnsb_db.sock", ovn-remote-probe-interval="100000", ovn-set-local-ip="true", rundir="/var/run/openvswitch", system-id="02e441c7-2c53-493e-94d1-9c0bc14359b0"}
iface_types         : [afxdp, afxdp-nonpmd, bareudp, erspan, geneve, gre, gtpu, internal, ip6erspan, ip6gre, lisp, patch, srv6, stt, system, tap, vxlan]
manager_options     : []
next_cfg            : 45
other_config        : {bundle-idle-timeout="180", ovn-chassis-idx-02e441c7-2c53-493e-94d1-9c0bc14359b0="", vlan-limit="0"}
ovs_version         : "3.2.2"
ssl                 : []
statistics          : {}
system_type         : fedora
system_version      : "39"

We'll still see multiple patch ports (one per network) while using a single mapping - localnet tenantblue to bridge breth0.

- Description for the changelog

Introduce a localnet network name alias, which allows OVN bridge mapping re-use.

@tssurya tssurya added kind/feature All issues/PRs that are new features feature/multi-networks Issues related to secondary networks, L3, L2, localnet labels Apr 30, 2024
@maiqueb maiqueb changed the title localnet, multi-homing: introduce localnet alias OCPBUGS-31679: localnet, multi-homing: introduce localnet alias Jul 16, 2024
@ormergi ormergi mentioned this pull request Aug 22, 2024
Open
@maiqueb
localnet, multi-homing: introduce localnet alias
8bf02f3 
Having a different parameter to use as the network_name option of the
localnet logical switch port allows the admin to create multiple
physical network attachment without having to reconfigure the physical
OVN bridge mappings.

This improves the admin's UX (less operations) and solution scalability
(since a single mapping can be re-used) and thus the size of the
ovn-bridge-mappings string can be kept low.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
@maiqueb
localnet, tests: add e2e tests to share bridge mappings
e9e0d8f 
Adds an e2e tests that asserts the same bridge mapping can be shared
between multiple networks.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcaamano jcaamano Awaiting requested review from jcaamano

@cathy-zhou cathy-zhou Awaiting requested review from cathy-zhou

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/e2e-testing feature/multi-networks Issues related to secondary networks, L3, L2, localnet kind/feature All issues/PRs that are new features
Projects
OVN Kubernetes Project
Status: Todo
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maiqueb @tssurya