Open Virtual Network (OVN)¶
Open Virtual Network (OVN) is an SDN platform. When used with OpenStack the overall solution is known as “Neutron ML2+OVN”. OVN extends the existing capabilities of a solution based solely on Open vSwitch, which is known as “Neutron ML2+OVS”.
OVN is implemented via a suite of charms:
ovn-chassis (or ovn-dedicated-chassis)
The OpenStack Charms project supports OVN starting with OpenStack Train, and uses it by default starting with OpenStack Ussuri.
Instructions for migrating non-OVN clouds to OVN are found on the Migration to OVN page.
Due to feature gaps with ML2+OVS, the OpenStack Charms project continues to support ML2+OVS.
OVN is typically deployed alongside other core components via a comprehensive cloud bundle. For example, see the openstack-base bundle.
The below overlay bundle encapsulates what is needed in terms of the deployment.
An overlay’s parameters should be adjusted as per the local environment (e.g. the machine mappings). In particular, the following placeholders must be replaced with actual values:
$SERIES with the Ubuntu release running on the cloud nodes (e.g.
$OPENSTACK_ORIGIN see the corresponding charm options.
For channel information see the Charm delivery page.
series: $SERIES machines: '0': '1': '2': relations: - - neutron-api-plugin-ovn:certificates - vault:certificates - - neutron-api-plugin-ovn:neutron-plugin - neutron-api:neutron-plugin-api-subordinate - - neutron-api-plugin-ovn:ovsdb-cms - ovn-central:ovsdb-cms - - ovn-central:certificates - vault:certificates - - ovn-chassis:ovsdb - ovn-central:ovsdb - - ovn-chassis:certificates - vault:certificates - - ovn-chassis:nova-compute - nova-compute:neutron-plugin applications: neutron-api: options: manage-neutron-plugin-legacy-mode=false neutron-api-plugin-ovn charm: ch:neutron-api-plugin-ovn channel: $CHANNEL_OVN ovn-central charm: ch:ovn-central channel: $CHANNEL_OVN num_units: 3 options: source: $OPENSTACK_ORIGIN to: - '0' - '1' - '2' ovn-chassis charm: ch:ovn-chassis channel: $CHANNEL_OVN
TLS and Vault¶
With the OpenStack charms, OVN requires Vault, which is the chosen software for
managing the TLS certificates that secure control plane communication. This is
achieved via the
ovn-chassis:certificates vault:certificates relation (as
shown in the overlay).
For certificate management information see the Managing TLS certificates page.
See the vault charm for details on Vault itself.
The OVN components used for the data plane are deployed by the ovn-chassis
subordinate charm, in conjunction with the nova-compute principal charm. This
is achieved via the
relation (as shown in the overlay).
To obtain a dedicated software gateway, the data plane components should be deployed with the principal ovn-dedicated-chassis charm.
OVN is natively HA. See the OVN section of the Infrastructure high availability page.
OVN integrates with OpenStack through the OVN ML2 driver. On OpenStack Ussuri and onwards the OVN ML2 driver is maintained as an in-tree driver in Neutron. On OpenStack Train it is maintained separately as per the networking-ovn plugin.
Create networks, routers, and subnets through the OpenStack API or CLI as you normally would.
The OVN ML2 driver will translate the OpenStack network constructs into high level logical rules in the OVN Northbound database.
ovn-northd daemon in turn translates this into data in the Southbound
ovn-controller daemon on each chassis consumes these rules and
programs flows in the local Open vSwitch database.
Specific topics on OVN usage are given below: