Jump to: navigation, search

Networking-ovn

Revision as of 14:39, 1 November 2019 by Lucas Alvares Gomes (talk | contribs) (List of features required in ML2/OVN to achieve feature parity with ML2/OVS)

OVN provides virtual networking for Open vSwitch and is a component of the Open vSwitch project. This project provides integration between OpenStack Neutron and OVN.

List of features required in ML2/OVN to achieve feature parity with ML2/OVS

Feature Blueprint/Bug link Code patch Other
Support FIP QoS https://review.openstack.org/#/c/539826/
Port Forwarding https://blueprints.launchpad.net/neutron/+spec/security-group-logging Have a log file where security groups events are logged to be consumed by security department. Customer wants to have a way to check if an instance is trying to execute restricted operations or accessing restricted ports in remote servers.
Multicast support Right now, multicast traffic is pretty much as broadcast when using ML2/OVN as the integration bridge is in FLOW mode so IGMP snooping is not available. In order to support this, core OVN must support IGMP snooping itself. This feature is on the roadmap but we don’t have a clear deadline, likely missing OVS 2.12 upstream release timeframe (mid Aug ‘19).
Baremetal Provisioning Needs support for the "external ports" in core OVN. For iPXE the OVN DHCP server will need to be enhanced to be able to send different DHCP options based on the DHCP option 175
Per port DHCP Options
Serving DHCP to a provider network The OVN built-in DHCP server currently can not be used to provision baremetal nodes. As a workaround Neutron DHCP Agent could be deployed. The goal is to include support in OVN to get rid of Neutron DHCP agent in the future.
API extensions Missing extensions are: dhcp_agent_scheduler, empty-string-filtering, fip-port-details, flavors, ip-substring-filtering, l3-flavors, logging, metering, net-mtu-writable, qos, qos-fip, port-security-groups-filtering, segment, service-type, standard-attr-segment, trunk-details
Security group logging https://blueprints.launchpad.net/neutron/+spec/security-group-logging
SRIOV A limitation exists for this scenario where OVN needs to support VLAN tenant networks and Neutron DHCP Agent has to be deployed. The goal is to include support in OVN to get rid of Neutron DHCP agent.
Fragmentation support / MTU mismatch OVN does not yet support sending ICMP "fragmentation needed" packets so, larger ICMP/UDP packets that needs to be fragmented won't work as they would with the ML2/OVS driver implementation. TCP traffic should work due to the MSS mechanism however.