The #OpenStack team in #CERN IT is moving its network control plane from LinuxBridge to #OVN, and documents the journey in a series of technical deep-dive blog posts. Part 1 covers the background and preparation: https://techblog.web.cern.ch/techblog/post/linuxbridge-ovn-migration-part-1/ #networking

One more thing, that isn't mentionned in the above article: the recent versions of ovn-kubernetes have a new feature called UDN for User Defined Network, which is basically segmentation. More about that here: https://developers.redhat.com/articles/2025/05/01/native-network-segmentation-virtualization-workloads#requirements

#redhat #openshift #kubevirt #ovn #kubernetes

Как мы спроектировали и запустили собственную облачную платформу на 20К виртуальных машин — опыт Wildberries

Собственная облачная платформа помогает контролировать технологические процессы, обеспечивает безопасность и повышает эффективность продуктовых команд. Но спроектировать её — задача со звёздочкой. Привет, Хабр! Меня зовут Алексей Чуркин, я работаю в компании Wildberries, где строю приватное облако. В этой статье по мотивам моего доклада для Highload++ расскажу о том, как мы внутри компании построили облачную платформу, с какими сложностями столкнулись и как собираемся её развивать.

https://habr.com/ru/companies/oleg-bunin/articles/903552/

#cloud #wildberries #platform_engineering #облачная_платформа #ovn #kvm #виртуальные_машины #приватное_облако #openstack

От NSX к OVN: 4 года подготовки и успешная миграция облака «на лету»

Привет, Хабр! Меня зовут Владислав Одинцов, я — техлид в K2 Cloud (ex Облако КРОК) и работаю в облаке с 2013 года, администрирую Linux и сети в нём, коммичу в Open Source (Open vSwitch, OVN и другие проекты). С 2015 года занимаюсь облачными сетевыми сервисами. В этой статье по мотивам моего доклада для конференции Highload++ 2024 расскажу об истории смены SDN в публичном облаке с проприетарного VMware NSX на Open Source решение OVN. Ввиду того, что текст статьи, в отличие от выступления на конференции не ограничен по времени, я решил разобрать некоторые моменты более подробно. Таким образом, даже если вы присутствовали на конференции или смотрели доклад в записи, вы, вероятно, сможете найти для себя что-то новое.

https://habr.com/ru/companies/oleg-bunin/articles/885710/

#К2_Облако #highload++ #NSX #SDN #OVN #cloud #network_virtualization #open_vswitch #самописный_софт #K2_Cloud

Is there some #ebpf #linux #linuxkernel expert out there who can give advices on how it's possible to trace packets via TC hooks attached on all hosts interfaces, ie. being able to recognize that packet X seen on interface B was the same packet already seen on interface A previously?

I know there's the SKB "mark" field done in this purpose but unfortunately it's not reliable as it's too overloaded and sometimes erased (seen with #OVS/ #OVN)

Die Beschäftigten bei #Autokraft [auch Kielius und X85], DB Regio Bus Nord [SEV] und #Transdev [#Rendsburg] haben sich mit 98,6% für einen unbefristeten Streik ausgesprochen. Die Arbeitgeberseite hatte einen gültigen verhandelten Tarifvertrag einseitig gekündigt. Volle Solidarität mit den Streikenden! Den Streik hat die Arbeitgeberseite zu verantworten! Nicht betroffen vom Streik sind die KVG (Kiel) und die VKP (Plön [bei der allerdings am Donnerstag ein Warnstreik ansteht]). #Busstreik #SH #OVN

I have to say, ovn-trace is awesome! Helped me debug sdn issues more than once. The output may look terrible, but so does the Exim server log before you get used to it.

#ovn #sdn

Got incus-deploy to a state where it can now reliably deploy #Ceph, #OVN and #Incus in just a few minutes, taking care of all the clustering bits and resulting in a fully functional environment!
https://asciinema.org/a/654385

Why I didn't think of this before. I currently have a couple of #ovn networks that are not connected to my internal network at all, just nating outbound in the #homelab . Most of my connections with #NetBird ( my overlay network) were being relayed because it couldn't establish a direct connection. #NetBird has a router function where you can have one of it's endpoints act as a way into that network. I did that and my response times went from 150ms to 1ms! shieeet!

#selfhosted #selfhosting

One pretty shitty con to moving into SDN networks that are not routed and using a wiregaurd overlay. Because you physical network can not reach the SDN networks. All of the connections are relayed on the wiregaurd network. Between me and my services, not service to service as those have access to each other as they are networks can connect to each other in software. It all works just fine but instead of 1ms round trip, i'm looking at over 170ms.

#homelab #wireguard #OVN

I really am amazed at using a wiregaurd type service as an overlay network been so easy to move stuff around. I just moved my instances over to an software defined network with #ovn that is not routable at all. As long as you are on the wiregaurd network the things just keep on ticking. Before I would have to configure BGP for the network, make sure the router has all the config. Now, I just make sure things can get outbound and shits awesome.

#homelab #networking #NetBird

Spent a good chunk of my day today trying to figure out why #incus cluster and #OVN weren't playing together just to find out there was a fucking typo in one of my configs. Yea.. fuck. I was able to successfully #zfs send/receive to incus and then incus recover all the instances. It is a bit cumbersome with all of the zfs commands you gotta .. but it does work. Don't think it's any better than just export and import into incus. Might be slower, but strait forward.

#selfhosted

Spend some of my #homelab Saturday setting up an #incus cluster atop of using incus standalone instances. I want hook #ovn back up and do my network acling in software... Well why didn't you do that initially with the stand alone instances.... Stop asking questions!! shiiiiieeeeet! :)

#selfhosted

Been at it with the #homelab again! Was inspired by @technotim and stood up #hompage and it's pretty dope and highly customizable. I still need to attack this two legs in separate network thing. I have pretty locked up on #NetBird , but not on my physical network. Thinking of maybe going back to #OVN but then I need bgp to advertise shit. I wanted to keep all the acl in software.

Any Yall know how to firewall linux bridges?

Going to be streaming some #Incus work this afternoon, working on improving our #OVN TLS support!
https://www.youtube.com/watch?v=1dTOb4XrSNs

#Canonical intros #Microcloud: Simple, free, #onpremises #Linux clustering
As #Ubuntu approaches its 20th anniversary, some more of its pieces may be Snapping together It uses its own #LXD containervisor to manage nodes and workloads, #Ceph for distributed storage, #OpenZFS for local storage, and #OVN to virtualize the cluster interconnect. All the tools are packaged as snaps. It supports both x86-64 and Arm64 nodes, including #RaspberryPi, and you can mix architectures! https://www.theregister.com/2023/11/16/canonical_microcloud/

I'm on a mission to get rid of shit in the #homelab #networking

I'm currently using #OVN with an #LXD cluster a great thing about this integration is I can create arbitrary networks in the cluster and they automatically nat out. Even cooler I can create peer connections within the cluster so they can route to each other in the #OVN data plan and never reach the physical networking stack ( for routing)!

I had some slowness with my #netbird network, peered networks in #OVN 💥 It speed.

I was able to make most of the #networking changes in the #homelab and now everything ( I think ) is running off of #NetBird.

I was able to get rid of 3 old routed networks, an intermediate dns service that transferred zones from #LXD to my primary dns server, the BGP that ran some of this, the virtual #VyOS router, and 3 dns zones that managed all of my #LXD instances.

I just have #OVN ( which I want to try to get rid of too) and my lxd cluster!
All the dns is handled within #nebird.

I think I got the #dns part of switching to this #NetBird #WireGaurd implementation thing down in the #homelab . I do feel like it takes up a bit of headspace as this is not a very traditional way of doing #networking . I'm sure it will click at some point but right now it's still a bit magical!

I still need to move #LXD networks as it would seem that the gateway value only takes when you create a network using the #OVN integrations . I changed gateways, so yea thats a thing!

#selfhosting

I'm really starting to not like the #ovn and #lxd integration. I'm trying to change out a gateway and the damn cluster just won't take and now I have this Asymmetric routing thing going on. However, with #netbrid ( wireguard thingy) I can actually get to things!!

I'm about to burn the whole #homelab down and start over! Baby and bath water shit people keep saying :)