Gaps from ML2/OVS

This is a list of some of the currently known gaps between ML2/OVS and OVN. It is not a complete list, but is enough to be used as a starting point for implementors working on closing these gaps. A TODO list for OVN is located at 1.

  • QoS DSCP support

    Currently ML2/OVS supports QoS DSCP tagging and egress bandwidth limiting. Those are basic QoS features that while integrated in the OVS/OVN C core are not integrated (or fully tested) in the neutron OVN mechanism driver.

  • QoS for Layer 3 IPs

    Currently the Neutron L3-agent supports floating IP and gateway IP bandwidth limiting based on Linux TC. OVN L3 plugin supports floating IP bandwidth limiting based on the OVN’s QoS rules. Neutron OVN backend does not yet support bandwidth limiting for gateway IP.

  • QoS Minimum Bandwidth support

    Currently ML2/OVS supports QoS Minimum Bandwidth limiting, but it is not supported in OVN.

  • BGP support

    Neutron-dynamic-routing supports making a tenant subnet routable via BGP, and can announce host routes for both floating and fixed IP addresses. These functions are not supported in OVN.

  • Baremetal provisioning with iPXE

    The core OVN DHCP server implementation does not have support for sending different boot options based on the gpxe DHCP Option (no. 175). Also, Ironic uses dnsmasq syntax when configuring the DHCP options for Neutron 2 which is not understood by the OVN driver.

  • QoS minimum bandwidth allocation in Placement API

    ML2/OVN integration with the Nova placement API to provide guaranteed minimum bandwidth for ports 3.

  • IPv6 Prefix Delegation

    Currently ML2/OVN doesn’t implement IPv6 prefix delegation. OVN logical routers have this capability implemented in 4 and we have an open RFE to fill this gap 5.

  • East/West Fragmentation

    The core OVN implementation does not support east/west fragmentation. There is no known production use-case for this feature hence we don’t even have an RFE open for it and it’s not on the roadmap to be implemented.

  • DHCP service for instances

    ML2/OVS adds packet filtering rules to every instance that allow DHCP queries from instances to reach the DHCP agent. For OVN this traffic has to be explicitly allowed by security group rules attached to the instance. Note that the default security group does allow all outgoing traffic, so this only becomes relevant when using custom security groups 6.

  • DNS resolution for instances

    OVN cannot use the host’s networking for DNS resolution, so Case 2b in 7 can only be used when additional DHCP agents are deployed. For Case 2a a different configuration option has to be used in ml2_conf.ini:

    [ovn]
dns_servers = 203.0.113.8, 198.51.100.53

    Note that this option currently only works for IPv4 nameservers 8. In addition, with ML2/OVS setting the name-server option for a subnet to 0.0.0.0 or :: respectively has the effect that no nameservers are announced via DHCP for this subnet. This currently does not work with OVN 9.

References

1

https://github.com/ovn-org/ovn/blob/master/TODO.rst

2

https://github.com/openstack/ironic/blob/123cb22c731f93d0c608d791b41e05884fe18c04/ironic/common/pxe_utils.py#L447-L462>

3

https://specs.openstack.org/openstack/neutron-specs/specs/rocky/minimum-bandwidth-allocation-placement-api.html

4

https://patchwork.ozlabs.org/project/openvswitch/patch/6aec0fb280f610a2083fbb6c61e251b1d237b21f.1576840560.git.lorenzo.bianconi@redhat.com/

5

https://bugs.launchpad.net/neutron/+bug/1895972

6

https://bugs.launchpad.net/neutron/+bug/1926515

7

https://docs.openstack.org/neutron/latest/admin/config-dns-res.html

8

https://bugs.launchpad.net/neutron/+bug/1951816

9

https://bugs.launchpad.net/neutron/+bug/1950686