Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OVN-IC documentation #1033

Merged
merged 2 commits into from
Nov 14, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@
title: "Network Plugin Syncer"
---

{{% notice info %}}
The information provided in the following section regarding network-plugin-syncer
is relevant only for Submariner releases prior to version 0.16. Starting from
Submariner 0.16, this functionality has been incorporated into
the [route-agent](../route-agent/).
{{% /notice %}}

The Network Plugin Syncer provides a framework for components to interface
with the configured Kubernetes Container Network Interface (CNI) plugin to
perform any API/database tasks necessary to facilitate routing cross-cluster
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,50 @@ the new active Gateway Engine node.

## OVN Kubernetes

For the OVN Kubernetes CNI plugin, host network routing is configured on all nodes and,
on the active Gateway node, IP forwarding is configured between the `ovn-k8s-gw0`
and cable interfaces.
With OVN Kubernetes we reuse the GENEVE tunnels created by OVNKubernetes CNI to reach the
gateway nodes from non-gateway nodes and a separate VXLAN tunnel is not created.

{{% notice info %}}
For Submariner 0.15 and below refer [network plugin syncer](../networkplugin-syncer/)
{{% /notice %}}

With OVN we can have two deployment models,

{{% notice info %}}
Submariner automatically discovers the OVN mode and uses the appropriate implementation and this is
not a configuration option in Submariner
{{% /notice %}}

### Single Zone

A single-zone deployment involves a single OVN database and a set of master nodes that
program it.

Here, Submariner configures the `ovn_cluster_router` to route traffic to other clusters through the
`ovn-k8s-mp0` interface of the gateway node, effectively bridging it to the host networking
stack of the gateway node. Since `ovn_cluster_router` is distributed, this route also ensures
that traffic from non-gateway node is directed to local gateway node.

The traffic that comes through Submariner tunnel from remote cluster to gateway node will be
directed to `ovn-k8s-mp0` interface through host routes and will be handled by `ovn_cluster_router`.

![Single Zone](/images/ovn-kubernetes/ovn-without-ic.svg)

### Multiple Zone

In a multi-zone configuration, each zone operates with its dedicated OVN database and OVN master pod.
These zones are interconnected via transit switches, and OVN-Kubernetes orchestrates the essential
routing for enabling pod and service communication across nodes situated in different zones.

Within this framework, the Submariner route agent plays a pivotal role. It ensures that the same
routing configurations employed in a single zone are replicated in the OVN cluster router and the
host stack of the gateway node. For nodes outside the zone where the gateway node is located,
Submariner takes action by adding a route that directs traffic to remote clusters, channeling
it through the transit switch IP of the gateway node.

The host networking rules remain consistent across all nodes. They guide traffic towards the
`ovn_cluster_router` specific to that zone, leveraging `ovn-k8s-mp0`. The `ovn_cluster_router`, in
turn, guarantees that the traffic is directed through the Submariner tunnel via the gateway
node.

![Multiple Zone](/images/ovn-kubernetes/ovn-with-ic.svg)
1 change: 1 addition & 0 deletions src/static/images/ovn-kubernetes/ovn-with-ic.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions src/static/images/ovn-kubernetes/ovn-without-ic.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading