Open Virtual Networking Inspection with OpenShift

November 19, 2024

Accessing the details of the software defined networking features of OpenShift can be helpful for deeper troubleshooting or enhanced understanding. You’ll not find a full explanation of Open Virtual Network or OVN-Kubernetes here, but you will learn how to quickly peer inside and investigate their inner workings.

Open Virtual Network

Open Virtual Switch has been used to power the software defined network on OpenShift within the defunct openshift-sdn CNI for quite some time. Now Open Virtual Network provides a higher level abstraction and orchestration of network features including virtual switches, routers, load balancers, and more via the ovn-kubernetes CNI.

Demo: Access OVN Northbound Database

📺 ASCII Screencast

Demo showing how to talk to OVN nbdb from CLI.

Here is the ovncli script used above:

📓 Script

Visualizing The Network

We won’t go any deeper here, but here is vizualization of the network resources at a host level which hints at how nodes are connected via geneve tunnels accessbile via the transit switch. More on all this in another post.

📝 Node Logical Network
graph LR; subgraph Node[Node Logical Open Virtual Network] subgraph ext_hub-tq2sk-cnv-xcxw2["External Switch"] sw-ext[["fa:fa-network-wired ext_$HOST"]] end subgraph join["Join Switch"] sw-join[["fa:fa-network-wired join"]] end subgraph GR_$HOST["Gateway Router"] rt-gw{"fa:fa-table GR_$HOST"} rt-gw -- fa:fa-ethernet lrp:rtoj-GR_$HOST --> sw-join rt-gw -- lrp:rtoe-GR_$HOST --> sw-ext end subgraph transit["Transit Switch"] sw-transit[["fa:fa-network-wired transit_switch"]] sw-transit -. tunnels .- master1 sw-transit -.- master2["fa:fa-computer master2"] sw-transit -.- master3 sw-transit -.- worker1 end subgraph sw-rtos-$HOST["Local Switch "] sw-local[["fa:fa-network-wired sw-rtos-$HOST\n10.130.6.1/23"]] sw-local --> pod1 sw-local --> pod2 sw-local --> pod3 end subgraph ovn_cluster_router["Cluster Router"] rt-cluster{"fa:fa-table ovn_cluster_router"} rt-cluster -- lrp:rtos-$HOST\n 10.64.0.1/16 --> sw-local rt-cluster -- lrp:rtots-$HOST\n 100.88.0.16/16 --> sw-transit rt-cluster -- lrp:rtoj-ovn_cluster_router --> sw-join end end sw-ext ==> ToR classDef key fill:#ddd, color:black, stroke:black, stroke-width:2 class hostname key classDef nodes fill:#fefefe, stroke:black, stroke-width:4 class Node nodes classDef switch fill:#eff class sw-join,sw-transit,sw-local,sw-ext switch classDef router fill:#fef class rt-gw,rt-cluster router classDef routers fill:#fde class ovn_cluster_router,GR_$HOST routers style ext_hub-tq2sk-cnv-xcxw2 fill:#eef style transit fill:#efe style join fill:#fde style sw-rtos-$HOST fill:#fee classDef key fill:#ddd, color:black, stroke:black, stroke-width:2 class hostname key classDef switch fill:#eff class sw-join,sw-transit,sw-local,sw-ext switch linkStyle default stroke:purple linkStyle 1,12 stroke:blue linkStyle 0,11 stroke:red linkStyle 2,3,4,5,10 stroke:green linkStyle 6,7,8,9 stroke:orange

Summary

OpenShift uses OVN-Kuberenets as the CNI which enables a very flexible if not complex network architecture. It can be helpful to peer inside at times, and this post gave you a cheat sheet to do just that.

References

comments powered by Disqus

Search

Tagged

TOC

Tags