SDN using OVN and OVS (Part 3)

In part three of this series, we'll cover the integration of OVS and libvirt. As I mentioned in part one, I initially started working with LXD and Canonical microovn (via microcloud). However, I soon realized there was a lot happening under the hood that I didn't understand, which posed a challenge for me in operationalizing my design.

It's difficult to support what you don't understand, so relying on these projects isn't really viable for me. But please don't take this as a criticism of the excellent work the teams have done on these projects. They significantly simplify a lot of the configuration, and whether you're exploring or looking for a production platform, they're a great place to start.

Integrating Libvirt and OVS

Integrating Libvirt (KVM/QEMU) essentially involves connecting guest VMs to an OVS bridge, specifically br-int in an OVN implementation.

Libvirt supports various bridge drivers, including the Linux Native Bridge. Networks in Libvirt can be defined using tools like the virsh command line, KVM guest tools packages with a GUI, or web-based tools like Cockpit.

Below is a comparison from my lab showing a basic Linux Native Bridge network defined in Libvirt and an updated version switched to OVS. Note that the <bridge> element has been updated to br-int (the OVS bridge created by ovn-controller), and the new <virtualport> element identifies this as an OVS bridge network.

Unless you are working with OVN, I would recommend sticking with the Linux Native Bridge since it doesn't require any additional packages to be installed. This makes it a simpler and more straightforward option for most use cases.

Libvirt 'front-end' network to an OVS bridge

Using a 'front-end' network to connect a VM to an OVS bridge is simpler, in my opinion, than configuring the required settings on the NIC directly. A front-end network is simply a Libvirt network definition containing an OVS bridge, which prompts Libvirt to configure the necessary settings. Below is an example of a VM just started when connected by a front-end network to an OVS bridge.

The <source> element has been added, identifying the correct network, port, and OVS bridge (br-int). Critically, the <virtualport> provides the 'interfaceid' that links to the configuration written to the OVN database.

As a quick side note, the <target> element is what appears in OVS registered on br-int. So, consider how to set that to ensure the naming is simple to understand, as the default naming scheme isn't very intuitive.

At this stage, assuming we're working with an OVN implementation, the rest of the configuration shifts to ovn-northd. Here, we create our desired network configuration, which will be applied through OpenFlow rules in OVS.

Wrapping up

With the VM connected to OVS's br-int, diving into OVN will indeed be crucial. Grasping these foundational elements will definitely help in comprehending the more intricate configurations enabled through OVN's northd and the integration with Libvirt.