Sep 24, 2021Kube-OVN 1.8

With contributions from the community, the Kube-OVN team is excited to announce the release of Kube-OVN 1.8.

Within this release cycle, we focus on the underlay network enhancement, datapath latency optimization ,and further improvement on VPC functions. With 10+ function improvements and 50+ security and stability improvements, the overall stability of Kube-OVN has been testified. Thanks for the support and contribution from the coummunity!

Underlay Network Enhancement

In Kube-OVN 1.8, the underlay network implementation has been refactored to achieve more flexible network setups. A new CRD ProviderNetwork is provided to map the underlay network into container network and provide options for complex real networks requirements, including:

  • Host with a single network interface to achieve both manage network and underlay container network
  • Host with multiple network interfaces which mapping into different VLANs
  • Hosts in a cluster with different network interface names
  • Some VLANs only exist for part of hosts in the cluster
  • Multicast in the network
  • Overlay and underlay networks co-exist

For more information, please read Vlan Support

Datapath Latency Optimization

Performance has long been a challenage topic. In v1.8 we dive into the OVN flow tables and kernel internals to profile the datapath and find the bottlenecks. With the help of profile results, some aggressive optimization methods have been found. With these methods, 45% latency can be reduced under the 1byte packet latency benchmark. These methods include:

  • OVN logical flow re-organized to avoid some CPU consuming operation
  • FastPath kernel module to reduce netfilter cost
  • Replace veth device with ovs internal port to reduce IRQ
  • Re-compile ovs kernel module with ISA related optimization

For more information, please read Performance Tunning

The 1-byte packet benchmark result for origin and optimized version: loading placeholder

The 1-byte packet benchmark comparison for Kube-OVN overlay/underlay mode, Calico IPIP and noEncap mode: loading placeholder

VPC Enhancement

As more and more users are trying to manage data center infrastructures with Kubernetes, VPC network functions in Kube-OVN are under rapid iteration. In this release, a new CRD SecurityGroup is provided to support VPC security management in VPC view. loading placeholder

Service support in custom VPC is also supported in this release, more L4 and L7 load balncer function is in the way.

For more information, please read VPC Usage

What's more

  • Kubernetes and Openstack share the same OVN deployment
  • Pod level mirror control
  • Manual route for multiple network interface
  • Dynamically modify tunnel IP
  • New OVN 21.03

Getting Started

New to Kube-OVN? Follow the Installation Guide.