Integration with OVS/OVN

[rpcomaite]

Hello everyone,

I am working on integrating OVN into Proxmox.
To enable this integration, the OVS integration must follow the integration guide available here.
https://docs.openvswitch.org/en/stable/topics/integration/

While testing the OVS integration in version 7.4-14, I found that some options are missing when creating the VM tap interface. It is missing the filling of the "external_ids" section with these four pieces of information:
- attached-mac
- iface-id
- iface-status
- vm-id

Is it planned to develop the automatic addition of this information when creating the "tap" interface in future versions of proxmox?

 

[spirit]

Hi,
it could be possible to add support to ovn as sdn plugin.

Currently it's generate only the config in /etc/network/interfaces, I don't think (I need to verify), that tap creation hook already implemented.
(but technically it could be possible).

If you are able to generate a working config in /etc/network/interfaces, and tap creation (with manual hacking in /usr/share/perl5/PVE/Network.pm),

I could look to create a plugin for it.

(can you create a request in bugzilla.proxmox.com ?)

 

[rpcomaite]

Hello @spirit,
Glad to be able to work together again on this essential subject of the SDN .
I understand the logic of embedding OVN as a plugin in the SDN. But I don't really know how to match it for the management part of routers, logical switches and logical ports of OVN.
For example, I don't yet know what zones and VNETs would correspond to in OVN.
Currently, the SDN is rather adapted to the functioning of frr by generating a configuration file for it.
But to communicate with OVN, you must either go through OVN binaries or through python libraries to be able to configure the integration.

 

[rpcomaite]

@spirit do you know which file I have to modify to manage the possibility from the web interface to link an interface to an openvswitch bridge which does not exist in /etc/network/interfaces?
I seem to have seen in the code that the list of bridges is created by reading the file /etc/network/interfaces.

 

[spirit]

Hello @spirit,
Glad to be able to work together again on this essential subject of the SDN .
I understand the logic of embedding OVN as a plugin in the SDN. But I don't really know how to match it for the management part of routers, logical switches and logical ports of OVN.
For example, I don't yet know what zones and VNETs would correspond to in OVN.
Currently, the SDN is rather adapted to the functioning of frr by generating a configuration file for it.
But to communicate with OVN, you must either go through OVN binaries or through python libraries to be able to configure the integration.

Well, the zone plugin have all the logic of the kind of sdn you want to implement. (we have vlan , vxlan, evpn kind of zone).
So, it need to create a ovn zone plugin.
/usr/share/perl5/PVE/Network/SDN/Zones/

Vnet is the final bridge (linux bridge currently) at the end of the construct, where the vm is plugged. (but it could be an ovs switch with your specific params).

routers can be implemented in Controllers plugin (they are already routers plugin for evpn && bgp for frr)
/usr/share/perl5/PVE/Network/SDN/Controllers/


if you have a working manual config + some commands list, I could look to see how to implement that.

 

[spirit]

@spirit do you know which file I have to modify to manage the possibility from the web interface to link an interface to an openvswitch bridge which does not exist in /etc/network/interfaces?
I seem to have seen in the code that the list of bridges is created by reading the file /etc/network/interfaces.

do you mean a vm interface ? Currently it's looking only in /etc/network/interfaces for vmbr or if you use sdn, it's look for vnets generated in /etc/network/interfaces.d/sdn.

 

[rpcomaite]

do you mean a vm interface ? Currently it's looking only in /etc/network/interfaces for vmbr or if you use sdn, it's look for vnets generated in /etc/network/interfaces.d/sdn.

No i'm talking about an OVS bridge interface managed by OVN called "br-int".
This bridge is not managed by ifupdown but by the OVN controller.

 

[spirit]

No i'm talking about an OVS bridge interface managed by OVN called "br-int".
This bridge is not managed by ifupdown but by the OVN controller.

could be done with sdn, the vnets defined in /etc/pve/sdn/vnets.cfg are displayed in the nic bridge list.


but if you need to test without the gui, I think that editing the vm config file allow to choose any bridge name. (/etc/pve/qemu-server/<vmid>.conf)

 

[rpcomaite]

could be done with sdn, the vnets defined in /etc/pve/sdn/vnets.cfg are displayed in the nic bridge list.


but if you need to test without the gui, I think that editing the vm config file allow to choose any bridge name. (/etc/pve/qemu-server/<vmid>.conf)

I already tried and it works.

 

[rpcomaite]

If it can help you understand, I rely on this documentation:
https://www.ovn.org/support/dist-docs/ovn-architecture.7.html

 

[rpcomaite]

@spirit I started coding a new SDN plugin. Do you think the installation of the OVN controller should be handled by Proxmox?
I also wonder how the "Gateway" type chassis would be managed to go out on the internet.
I defined the following associations between the SDN plugin and OVN:
Zone = Logical Router
VNET = Logical Switch
Networks = Networks created in logical router.

 

[spirit]

@spirit I started coding a new SDN plugin. Do you think the installation of the OVN controller should be handled by Proxmox?

Hi, I really don't known how is done the install. (I was super busy theses last week with pve8 release, didn't have time to read the doc).
but like frr, the user should many deploy the ovn package (apt install ...ovn), and the config should be done by the controller plugin.

I also wonder how the "Gateway" type chassis would be managed to go out on the internet.

Well, for evpn, I'm able to use directly some proxmox nodes (called exit-node), routing between the vrf of the zone, and the main vrf.
(But it can also be done on external routers or servers, without proxmox management).

I have plan in the future , to add some kind of "gateway" vms, to manage central services (dhcp, nat, loadbalancing), and manage them through some kind of api.
But don't expected to have it soon.

I'm not sure with ovn, if you need to automate some api call to theses gateway chassis dynamically when you create new vms/ips ? or if you can do the config at installaiton manually only once ?

I defined the following associations between the SDN plugin and OVN:
Zone = Logical Router
VNET = Logical Switch
Networks = Networks created in logical router.

yep, seem great like this.


BTW, I'm going on holiday next week for 1 month, so I'll not have time to help until that. (but if you have something almost working, I can help to improve).

 

[rpcomaite]

@spirit I hope you had a good vacation. I developed the first step for OVN: adding the necessary information about tap interfaces.
How should I send the code?
Would you like to check it out?

 

[spirit]

@spirit I hope you had a good vacation. I developed the first step for OVN: adding the necessary information about tap interfaces.
How should I send the code?
Would you like to check it out?

yes, I can try to look at it. (I'll have time next week)
you can sent it to my work email : alexandre.derumier@groupe-cyllene.com


If you want to submit it to proxmox dev teams directly, you need to follow theses rules:
https://pve.proxmox.com/wiki/Developer_Documentation