X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=ovn%2Fovn-architecture.7.xml;h=e0ab6502e681bc69e7bc2289996444cc120ac2ae;hb=c391558c30d7d7eb5c20da3ba0cd4700b6890962;hp=b4e6d106a9d3593b20ec42c06bba75873a1ac95c;hpb=c02819293d52f7ea7b714242d871b2b01f57f905;p=cascardo%2Fovs.git diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml index b4e6d106a..e0ab6502e 100644 --- a/ovn/ovn-architecture.7.xml +++ b/ovn/ovn-architecture.7.xml @@ -596,7 +596,7 @@ -

Life Cycle of a Packet

+

Architectural Physical Life Cycle of a Packet

This section describes how a packet travels from one virtual machine or @@ -626,7 +626,7 @@ A field that denotes the logical datapath through which a packet is being processed. + ovn/lib/logical-fields.h. --> OVN uses the field that OpenFlow 1.1+ simply (and confusingly) calls ``metadata'' to store the logical datapath. (This field is passed across tunnels as part of the tunnel key.) @@ -634,24 +634,47 @@

logical input port field
- A field that denotes the logical port from which the packet - entered the logical datapath. - - OVN stores this in Nicira extension register number 6. (This field is - passed across tunnels as part of the tunnel key.) +

+ A field that denotes the logical port from which the packet + entered the logical datapath. + + OVN stores this in Nicira extension register number 6. +

+ +

+ Geneve and STT tunnels pass this field as part of the tunnel key. + Although VXLAN tunnels do not explicitly carry a logical input port, + OVN only uses VXLAN to communicate with gateways that from OVN's + perspective consist of only a single logical port, so that OVN can set + the logical input port field to this one on ingress to the OVN logical + pipeline. +

logical output port field
- A field that denotes the logical port from which the packet will - leave the logical datapath. This is initialized to 0 at the - beginning of the logical ingress pipeline. - - OVN stores this in - Nicira extension register number 7. (This field is passed across - tunnels as part of the tunnel key.) +

+ A field that denotes the logical port from which the packet will + leave the logical datapath. This is initialized to 0 at the + beginning of the logical ingress pipeline. + + OVN stores this in Nicira extension register number 7. +

+ +

+ Geneve and STT tunnels pass this field as part of the tunnel key. + VXLAN tunnels do not transmit the logical output port field. +

+
+ +
conntrack zone field
+
+ A field that denotes the connection tracking zone. The value only + has local significance and is not meaningful between chassis. + This is initialized to 0 at the beginning of the logical ingress + pipeline. OVN stores this in Nicira extension register number 5.
VLAN ID
@@ -678,13 +701,6 @@ to enter the logical ingress pipeline.

-

- It's possible that a single ingress physical port maps to multiple - logical ports with a type of localnet. The logical datapath - and logical input port fields will be reset and the packet will be - resubmitted to table 16 multiple times. -

-

Packets that originate from a container nested within a VM are treated in a slightly different way. The originating container can be @@ -754,6 +770,18 @@ egress port are the same.

+

+ Logical patch ports are a special case. Logical patch ports do not + have a physical location and effectively reside on every hypervisor. + Thus, flow table 33, for output to ports on the local hypervisor, + naturally implements output to unicast logical patch ports too. + However, applying the same logic to a logical patch port that is part + of a logical multicast group yields packet duplication, because each + hypervisor that contains a logical port in the multicast group will + also output the packet to the logical patch port. Thus, multicast + groups implement output to logical patch ports in table 32. +

+

Each flow in table 32 matches on a logical output port for unicast or multicast logical ports that include a logical port on a remote @@ -781,6 +809,15 @@ 34.

+

+ A special case is that when a localnet port exists on the datapath, + remote port is connected by switching to the localnet port. In this + case, instead of adding a flow in table 32 to reach the remote port, a + flow is added in table 33 to switch the logical outport to the localnet + port, and resubmit to table 33 as if it were unicasted to a logical + port on the local hypervisor. +

+

Table 34 matches and drops packets for which the logical input and output ports are the same. It resubmits other packets to table 48. @@ -814,6 +851,109 @@ is a container nested with a VM, then before sending the packet the actions push on a VLAN header with an appropriate VLAN ID.

+ +

+ If the logical egress port is a logical patch port, then table 64 + outputs to an OVS patch port that represents the logical patch port. + The packet re-enters the OpenFlow flow table from the OVS patch port's + peer in table 0, which identifies the logical datapath and logical + input port based on the OVS patch port's OpenFlow port number. +

+ + + +

Life Cycle of a VTEP gateway

+ +

+ A gateway is a chassis that forwards traffic between the OVN-managed + part of a logical network and a physical VLAN, extending a + tunnel-based logical network into a physical network. +

+ +

+ The steps below refer often to details of the OVN and VTEP database + schemas. Please see ovn-sb(5), ovn-nb(5) + and vtep(5), respectively, for the full story on these + databases. +

+ +
    +
  1. + A VTEP gateway's life cycle begins with the administrator registering + the VTEP gateway as a Physical_Switch table entry in the + VTEP database. The ovn-controller-vtep + connected to this VTEP database, will recognize the new VTEP gateway + and create a new Chassis table entry for it in the + OVN_Southbound database. +
    2. + +
  2. + The administrator can then create a new Logical_Switch + table entry, and bind a particular vlan on a VTEP gateway's port to + any VTEP logical switch. Once a VTEP logical switch is bound to + a VTEP gateway, the ovn-controller-vtep will detect + it and add its name to the vtep_logical_switches + column of the Chassis table in the + OVN_Southbound database. Note, the tunnel_key + column of VTEP logical switch is not filled at creation. The + ovn-controller-vtep will set the column when the + correponding vtep logical switch is bound to an OVN logical network. +
    3. + +
  3. + Now, the administrator can use the CMS to add a VTEP logical switch + to the OVN logical network. To do that, the CMS must first create a + new Logical_Port table entry in the + OVN_Northbound database. Then, the type column + of this entry must be set to "vtep". Next, the + vtep-logical-switch and vtep-physical-switch keys + in the options column must also be specified, since + multiple VTEP gateways can attach to the same VTEP logical switch. +
    4. + +
  4. + The newly created logical port in the OVN_Northbound + database and its configuration will be passed down to the + OVN_Southbound database as a new Port_Binding + table entry. The ovn-controller-vtep will recognize the + change and bind the logical port to the corresponding VTEP gateway + chassis. Configuration of binding the same VTEP logical switch to + a different OVN logical networks is not allowed and a warning will be + generated in the log. +
    5. + +
  5. + Beside binding to the VTEP gateway chassis, the + ovn-controller-vtep will update the tunnel_key + column of the VTEP logical switch to the corresponding + Datapath_Binding table entry's tunnel_key for the + bound OVN logical network. +
    6. + +
  6. + Next, the ovn-controller-vtep will keep reacting to the + configuration change in the Port_Binding in the + OVN_Northbound database, and updating the + Ucast_Macs_Remote table in the VTEP database. + This allows the VTEP gateway to understand where to forward the unicast + traffic coming from the extended external network. +
    7. + +
  7. + Eventually, the VTEP gateway's life cycle ends when the administrator + unregisters the VTEP gateway from the VTEP database. + The ovn-controller-vtep will recognize the event and + remove all related configurations (Chassis table entry + and port bindings) in the OVN_Southbound database. +
    8. + +
  8. + When the ovn-controller-vtep is terminated, all related + configurations in the OVN_Southbound database and + the VTEP database will be cleaned, including + Chassis table entries for all registered VTEP gateways + and their port bindings, and all Ucast_Macs_Remote table + entries and the Logical_Switch tunnel keys.
@@ -879,7 +1019,7 @@ OVN transmits the logical ingress and logical egress ports in a TLV with - class 0xffff, type 0, and a 32-bit value encoded as follows, from MSB to + class 0x0102, type 0, and a 32-bit value encoded as follows, from MSB to LSB: