You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/microshift-cni.adoc
+39-9Lines changed: 39 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,12 +10,48 @@ OVN-Kubernetes is the default networking solution for {product-title} deployment
10
10
11
11
[id="microshift-network-topology_{context}"]
12
12
== Network topology
13
-
OVN-Kubernetes provides an overlay-based networking implementation. This overlay includes an OVS-based implementation of Service and NetworkPolicy. The overlay network uses the geneve tunnel, so the pod maximum transmission unit (MTU) is set to smaller than that of the physical interface on the host to remove the tunnel header.
13
+
OVN-Kubernetes provides an overlay-based networking implementation. This overlay includes an OVS-based implementation of Service and NetworkPolicy. The overlay network uses the Geneve (Generic Network Virtualization Encapsulation) tunnel protocol. The pod maximum transmission unit (MTU) for the Geneve tunnel is set to a smaller value than the MTU of the physical interface on the host. This smaller MTU makes room for the required information that is added to the tunnel header before it is transmitted.
14
14
15
15
OVS runs as a systemd service on the {product-title} node. The OVS RPM package is installed as a dependency to the `microshift-networking` RPM package. OVS is started immediately when the `microshift-networking` RPM is installed.
16
16
17
+
.{product-title} network topology
18
+
image:317_RHbM_OVN_topology_0323.png[title="{product-title} uses an overlay-based networking implementation, details follow."]
=== Description of the connections in the network topology figure
41
+
* The north-south traffic between the network service device `enp1s0` and the OVN external switch `ext_microshift-dev`, is provided through the OVS patch port by the gateway bridge `br-ex`.
42
+
* The OVN gateway router `GR_microshift-dev` is connected to the external network switch `ext_microshift-dev` through the logical router port 4. Port 4 is attached with the node IP address 192.168.122.14.
43
+
* The join switch `join` connects the OVN gateway router `GR_microshift-dev` to the OVN cluster router `ovn_cluster_router`. The IP address range is 100.62.0.0/16.
44
+
** The OVN gateway router `GR_microshift-dev` connects to the OVN join switch `join` through the logical router port 3. Port 3 attaches with the internal IP address 100.64.0.2.
45
+
** The OVN cluster router `ovn_cluster_router` connects to the join switch `join` through the logical router port 2. Port 2 attaches with the internal IP address 100.64.0.1.
46
+
* The OVN cluster router `ovn_cluster_router` connects to the node switch `microshift-dev` through the logical router port 1. Port 1 is attached with the OVN cluster network IP address 10.42.0.1.
47
+
* The east-west traffic between the pods and the network service is provided by the OVN cluster router `ovn_cluster_router` and the node switch `microshift-dev`. The IP address range is 10.42.0.0/24.
48
+
* The east-west traffic between pods is provided by the node switch `microshift-dev` without network address translation (NAT).
49
+
* The north-south traffic between the pods and the external network is provided by the OVN cluster router `ovn_cluster_router` and the host network. This router is connected through the `ovn-kubernetes` management port `ovn-k8s-mp0`, with the IP address 10.42.0.2.
50
+
* All the pods are connected to the OVN node switch through their interfaces.
51
+
** In this example, Pod 1 and Pod 2 are connected to the node switch through `Interface 1` and `Interface 2`.
52
+
17
53
[id="microshift-ip-forward_{context}"]
18
-
=== IP forward
54
+
== IP forward
19
55
The host network `sysctl net.ipv4.ip_forward` kernel parameter is automatically enabled by the `ovnkube-master` container when started. This is required to forward incoming traffic to the CNI. For example, accessing the NodePort service from outside of a cluster fails if `ip_forward` is disabled.
20
56
21
57
[id="microshift-network-performance_{context}"]
@@ -43,8 +79,6 @@ Networking features not available with {product-title} {product-version}:
43
79
* IPsec: not supported
44
80
* Hardware offload: not supported
45
81
46
-
//watch USHIFT-640 for updates to architectural docs that will clarify features
47
-
48
82
//Q: are there immutable network settings we should tell users about?
49
83
[id="microshift-network-comps-svcs_{context}"]
50
84
== {product-title} networking components and services
@@ -92,17 +126,13 @@ You can set up one additional host interface for cluster ingress and egress in t
92
126
Either two or three OVS bridges are created based on the CNI configuration:
93
127
94
128
Default deployment::
95
-
* The `externalGatewayInterface` in not specified in the `ovn.yaml` config file.
129
+
* The `externalGatewayInterface` is not specified in the `ovn.yaml` config file.
96
130
* Two OVS bridges, `br-ex` and `br-int`, are created.
97
131
98
132
Customized deployment::
99
133
* The `externalGatewayInterface` is user-specified in the `ovn.yaml` config file.
100
134
* Three OVS bridges are created: `br-ex`, `br-ex1` and `br-int`.
101
135
102
-
//Q: We need to include the third bridge if we want to include this level of detail.
103
136
The br-ex bridge is created by `microshift-ovs-init.service` or manually. The br-ex bridge contains statically programmed openflow rules which distinguish traffic to and from the host network (underlay) and the OVN network (overlay).
104
137
105
138
The `br-int` bridge is created by the `ovnkube-master` container. The `br-int` bridge contains dynamically programmed openflow rules which handle cluster network traffic.
0 commit comments