【kubernetes/k8s概念】OVN SouthBound DB 及 ovn-sbctl 命令
OVN 南向数据库(OVN Southbound DB),南向数据库是系统的中心,客户端是上层的 ovn-northd 和下层运行在每一个传输节点的 ovn-controller。南向数据库包括三类数据,物理网络表 PN 指定了怎么到达 hepervisor 和其他节点, 逻辑网络表 LN,表述了涉及逻辑数据流的逻辑网络,Binding 表连接逻辑网络组件到物理网络,hypervisor 填充 PN 和 Port_Binding 表,而 ovn-northd 填充 LN 表。
1. OVN Southbound DB table
OVN Southbound DB 包括如下表:
| Table | Purpose |
| SB_GLOBAL | Southbound configuration |
| Chassis | Physical Network Hypervisor and Gateway Information |
| Chassis_Private | Chassis Private |
| Encap | Encapsulation Types |
| Address_Set | Address Sets |
| Port_Group | Port Groups |
| Logical_Flow | Logical Network Flows |
| Logical_DP_Group | Logical Datapath Groups |
| Multicast_Group | Logical Port Multicast Groups |
| Datapath_Binding | Physical-Logical Datapath Bindings |
| Port_Binding | Physical-Logical Port Bindings |
| MAC_Binding | IP to MAC bindings |
| Gateway_Chassis | Gateway_Chassis configuration. |
| Load_Balancer | Load_Balancer configuration |
1.1 Csassis
在物理网络中每一行表示一个 hypervisor 或者网关,每一个 chassis 通过 ovn-controller/ovn-controller-vtep 添加和更新自己的行,并保留剩余行的拷贝来确定如何访问其他的 hppervisor。
# ovn-sbctl list Chassis
_uuid : 1acbcc6e-f903-428f-85f9-7a8805da8722
encaps : [f6cf28fe-296a-4bb9-b6a3-f175bc6a3c22]
external_ids : {datapath-type="", iface-types="bareudp,erspan,geneve,gre,gtpu,internal,ip6erspan,ip6gre,lisp,patch,stt,system,tap,vxlan", is-interconn="false", ovn-bridge-mappings="", ovn-chassis-mac-mappings="", ovn-cms-options="", ovn-enable-lflow-cache="true", ovn-monitor-all="false"}
hostname : master1
name : "e072d92a-7026-4a3b-9734-a0a8f9a0a9c8"
nb_cfg : 0
other_config : {datapath-type="", iface-types="bareudp,erspan,geneve,gre,gtpu,internal,ip6erspan,ip6gre,lisp,patch,stt,system,tap,vxlan", is-interconn="false", ovn-bridge-mappings="", ovn-chassis-mac-mappings="", ovn-cms-options="", ovn-enable-lflow-cache="true", ovn-monitor-all="false"}
1.2 Encap
保存着 tunnel 的类型和 tunnel endpoint IP 地址
# ovn-sbctl list Encap
_uuid : f6cf28fe-296a-4bb9-b6a3-f175bc6a3c22
chassis_name : "e072d92a-7026-4a3b-9734-a0a8f9a0a9c8"
ip : "192.168.122.66"
options : {csum="false"}
type : geneve
1.3 Logical_Flow
每一行代表一个逻辑流,ovn-northd 根据 OVN Northbound DB 中的 L2 和 L3 拓扑填充的翻译逻辑流,每一个 hypervisor 通过 ovn-controller 将逻辑流转换为特定于其 hypervisor 的 OpenFlow 流,并将它们应用到 Open vSwitch 中。
_uuid : 5abfd6b3-4d6f-49a0-a416-11e3d71045a5
actions : "eth.dst = eth.src; eth.src = xreg0[0..47]; arp.op = 2; /* ARP reply */ arp.tha = arp.sha; arp.sha = xreg0[0..47]; arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;"
external_ids : {source="ovn-northd.c:8580", stage-hint="39d6ff86", stage-name=lr_in_ip_input}
logical_datapath : 1922ff07-efaa-4519-9449-a694d5965a16
logical_dp_group : []
match : "inport == \"test-vpc-1-net1\" && arp.op == 1 && arp.tpa == 30.0.1.1 && arp.spa == 30.0.1.0/24"
pipeline : ingress
priority : 90
table_id : 3
hash : 0
1.4 Datapath_Binding
_uuid : 66685c84-f73a-493a-8027-75213ad45635
external_ids : {logical-switch="658a1f12-e95b-4503-87e8-df263c212c9e", name=ovn-default}
load_balancers : [2b56dfde-6859-45ee-b11a-d992726bdea9, 81f2f8ad-62b3-4461-b838-7afa763cfe16, 837a19e1-480d-412e-b1e0-df36eae7b221, a2836e36-9e26-42a3-998d-38fd31a54007]
tunnel_key : 3_uuid : c527f390-4329-4197-9e36-c1abc65179dc
external_ids : {logical-switch="3e3d9065-34af-4996-af01-8b76a6c7385b", name=join}
load_balancers : []
tunnel_key : 2
2. ovn-sbctl 命令
ovn-sbctl [options] -- [options] command [args] [-- [options] command [args]]...
2.1 OVN_Southbound 命令
ovn-sbctl init
ovn-sbctl show
2.2 Chassis 命令
ovn-sbctl [--may-exist] chassis-add chassis encap-type encap-ip
ovn-sbctl [--if-exists] chassis-del chassis
2.3 Port binding 命令
ovn-sbctl [--may-exist] lsp-bind logical-port chassis
ovn-sbctl [--if-exists] lsp-unbind logical-port
2.4 Logical Flow 命令
ovn-sbctl [--uuid] [--ovs[=remote]] [--stats] [--vflows] lflow-list [logical- datapath] [lflow...]
ovn-sbctl [--uuid] dump-flows [logical-datapath]
ovn-sbctl lflow-list 命令来查看完整的 logical flow
ovn-trace需要两个参数: ovn-trace DATAPATH MICROFLOW
DATAPATH 标识了sample packet 开始进入的 logical datapath(logical switch 或者 logical router)。MICROFLOW 描述了模拟的 sample packet。具体详见 ovn-trace(8) man page。
参考:
https://www.ovn.org/support/dist-docs/ovn-sb.5.txt
https://www.ovn.org/support/dist-docs/ovn-sbctl.8.txt