By Justin Pettit and Ben Pfaff
OVN [pronounced “oven”] is an open source network virtualization platform built on top of Open vSwitch. It lets you build logical topologies on top of physical topologies so that you can create logical switches and routers and define policies to manage them that are disconnected from the physical layout. You can then create logical gateways that allow you to move from the logical space to the physical space and vice versa.
We announced the OVN project three and a half years ago and designed it from the start to have a straight-forward design that both scales well and is fairly easy to reason about. It’s now starting to pick up momentum among users. Red Hat, for example, is using OVN as their SDN solution in projects such as OpenShift, RHV and OpenStack. At VMware, the first product that will use it is VMware Kubernetes Engine (VKE), which performs Kubernetes hosting. We are also aware of companies, such as eBay, using it internally, whose contributions have helped advance the project over time.
OVN was started by a few core Open vSwitch developers as a true open source community project. We began with just an idea and a mailing list, and quickly brought in collaborators from other companies and communities. Before we wrote a line of code, we discussed the design on the mailing list, hashed it out with everyone who was interested and proceeded from there.
The motivation behind OVN was simple: at the time, none of the available open source network virtualization solutions were as complete and stable as we felt they could be. Additionally, there seemed to be a misunderstanding that Open vSwitch provided advanced functionality, such as network virtualization, already. In fact, Open vSwitch is primarily intended to be a compiler for network programs, so it doesn’t provide those features itself—you need a controller to tell it what you’d like to do—and we didn’t think the existing systems addressed those concerns.
Thanks to our experience with Open vSwitch, though, we also had a sense of what a successful approach to open source network virtualization would look like. OVN, we hoped, could be a good example of how Open vSwitch can be leveraged to solve networking problems while benefitting both projects.
A note here: As we designed OVN, we wanted to be careful not to add features in Open vSwitch specifically for OVN. We did this because Open vSwitch is widely used to build networking applications and we didn’t want it to favor OVN by tying the two projects together. We did recognize some limitations in Open vSwitch as we built OVN, and improved Open vSwitch to resolve those issues in generic ways that also benefit other OVS controllers. However, we deliberately refrained from adding specific features to Open vSwitch that only benefitted OVN. While we plan to break OVN out into a separate project (it currently sits in a directory within the Open vSwitch repo), Open vSwitch does not expose any OVN functionality itself.
Looking ahead, we’re constantly trying to improve OVN. At the moment, we’re working on adding IPsec to secure tunnel endpoints, ensuring that all communication is encrypted. As OVN’s first large deployments appear, we’re also starting to discover scale bottlenecks, as one would expect in any large-scale distributed system. Due to the straight-forward design, we’re able to address those within the community and the work seems to be going well.
The other major challenge we face is dealing with something that was barely on the horizon when we started out: the massive increase in the popularity of containers. We think it’s pretty well agreed upon that OVN is a good network virtualization solution for virtual workloads. But it’s a little less clear about what networking for containers should look like. So, we’re thinking hard about what features are needed by, and are unique to, containers and making sure that OVN can address them. In the process, we’re hoping to offer solutions that some of the existing networking backends being used for containers are missing.
Now that Red Hat, VMware, eBay and other companies are starting to build products around OVN, we would love other companies to look at it, too. And we, of course, welcome contributors from anywhere to work on the project. If you’d like to know more about OVN, you can check out this overview blog or this presentation from the OpenStack Summit. If you are interested in contributing, check out the GitHub repo or attend our weekly IRC meeting at #openvswitch on Thursdays at 10:15 a.m. PST.