|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// IPI |
| 4 | +// * installing/installing_bare_metal/ipi/ipi-install-installation-workflow.adoc |
| 5 | +// * installing/installing_bare_metal/ipi/ipi-install-post-installation-configuration.adoc |
| 6 | +// UPI |
| 7 | +// * installing/installing_bare_metal/upi/installing-bare-metal-network-customizations.adoc |
| 8 | +// * installing/installing_bare_metal/upi/installing-restricted-networks-bare-metal.adoc |
| 9 | +// * installing/installing_bare_metal/upi/installing-bare-metal.adoc |
| 10 | + |
| 11 | +ifeval::["{context}" == "ipi-install-post-installation-configuration"] |
| 12 | +:postinstall-bare-metal-ipi: |
| 13 | +endif::[] |
| 14 | +ifeval::["{context}" == "post-install-bare-metal-configuration"] |
| 15 | +:postinstall-bare-metal-upi: |
| 16 | +endif::[] |
| 17 | + |
| 18 | +:_mod-docs-content-type: PROCEDURE |
| 19 | +[id="enabling-OVS-balance-slb-mode_{context}"] |
| 20 | += Enabling OVS balance-slb mode for your cluster |
| 21 | + |
| 22 | +You can enable the Open vSwitch (OVS) `balance-slb` mode for the infrastructure for your cluster so that two or more physical interfaces can share their network traffic. A `balance-slb` mode interface provides source load balancing (SLB) capabilities for your cluster, where the interface can act independently without needing to communicate with a network switch. Source load balancing works by assigning a Media Access Control (MAC) address and a virtual local area network (vLAN), if required, to a physical interface, such as `br-phy`. The physcial interface connects to a bridge uplink switch that operates as a port to receive packets from a physical interface and then transmit the package to the `br-ex` interface that are on the same network. |
| 23 | + |
| 24 | +You can integrate the `balance-slb` mode interface into the following network types: |
| 25 | + |
| 26 | +* Primary networks: Supported during cluster installation time only. OVN-Kubernetes serves as the Container Network Interface (CNI) and physical interfaces connect to a customized `br-ex` bridge. You define the SLB configuration in a `MachinConfig` file. |
| 27 | +* Secondary networks: Supported as a post-installation task only. A third-party plugin servers as the CNI and physical interfaces connect to a customized `br-ex` bridge by use of a vLAN. You define the SLB configuration in a `NodeNetworkConfigurationPolicy` (NNCP) file. |
| 28 | +* Localnet topology networks: Supported as a post-installation task only. A localnet topology froms part of a secondary network. A localnet topology allows connections to the physical network, but requires additional configuration of the underlying OVS bridge on cluster nodes. You define the SLB configuration in either a `NetworkAttachmentDefinition` (NAD) or a `NodeNetworkConfigurationPolicy` file. |
| 29 | +
|
| 30 | +You can use either kernel bonding or OVS bonding to enable the `balance-slb` mode on your chosen network type. The following list details the differences between the kernel bonding and the OVS bonding methods: |
| 31 | + |
| 32 | +* Kernel bonding: Useful for third-party CNI environments but requires additional network configurations, such as condifuring an additional Linux bridge, to support `balance-slb` mode. You can use this method external to your {product-title} cluster, such as communicating to a {op-system-base-full} server. Performance issues notable when compared to the OVS bonding method. |
| 33 | +* OVS bonding: Useful for the OVN-Kubernetes CNI plugin. Natively supports `balance-slb` mode and integrates . All node traffic diverts to a single `balance-slb` mode interface. You cannot use the method external to your {product-title} cluster. This method performs better than the Kernel bonding method. |
| 34 | +
|
| 35 | +ifndef::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] |
| 36 | +[IMPORTANT] |
| 37 | +==== |
| 38 | +If you use the kernel bonding method to enable `balance-slb` mode for your cluster, Network Manager might experience Gratuitous Address Resolution Protocol (GARP) handling issues. These issues occur when the Network Manager cannot retrieve source MAC addresses from the OVS bridge interface because of a broken link to a port disables the port. |
| 39 | + |
| 40 | + that in turn impacts GARP from updating the cache information for the primary network. |
| 41 | +==== |
| 42 | +endf::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] |
| 43 | +
|
| 44 | +.Prerequisites |
| 45 | +
|
| 46 | +* You have logged in to the {product-title} web console. |
| 47 | +* You have installed the {oc-first}. |
| 48 | +* You have logged into {product-title} as a cluster administrator. |
| 49 | +ifndef::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] |
| 50 | +* You have more than one physical interfaces attached to your primary network and you defined the interfaces in the `MachineConfig` file. |
| 51 | +* You created a manifest object and defined a customized `br-ex` bridge in the object configuration file. |
| 52 | +endf::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] |
| 53 | +ifdef::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] |
| 54 | +* You have more than one physical interfaces attached to your primary network and you defined the interfaces in the NNCP or NAD file. |
| 55 | +* You created a NNCP CR and defined a customized `br-ex` bridge network configuration in the object configuration file. |
| 56 | +endf::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] |
| 57 | +
|
| 58 | +.Procedure |
| 59 | +ifndef::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] |
| 60 | +. Choose one of the following methods: |
| 61 | ++ |
| 62 | +.. For OVS bonding, open your NMState configuration file in your editor and add the following configuration in the file: |
| 63 | ++ |
| 64 | +[source,yaml] |
| 65 | +---- |
| 66 | +# ... |
| 67 | +interfaces: |
| 68 | +# ... |
| 69 | +- name: br-phy <1> |
| 70 | + type: ovs-bridge |
| 71 | + state: up |
| 72 | + ipv4: |
| 73 | + enabled: false |
| 74 | + dhcp: false |
| 75 | + ipv6: |
| 76 | + enabled: false |
| 77 | + dhcp: false |
| 78 | + bridge: |
| 79 | + allow-extra-patch-ports: true |
| 80 | + port: |
| 81 | + - name: patch-phy-to-ex |
| 82 | + - name: ovs-bond |
| 83 | + link-aggregation: |
| 84 | + mode: balance-slb <2> |
| 85 | + port: |
| 86 | + - name: eno1 |
| 87 | + - name: eno2 |
| 88 | +- name: patch-ex-to-phy <3> |
| 89 | + type: ovs-interface |
| 90 | + state: up |
| 91 | + patch: |
| 92 | + peer: patch-phy-to-ex |
| 93 | +- name: patch-phy-to-ex <4> |
| 94 | + type: ovs-interface |
| 95 | + state: up |
| 96 | + patch: |
| 97 | + peer: patch-ex-to-phy |
| 98 | +- name: eno1 <5> |
| 99 | + type: ethernet |
| 100 | + state: up |
| 101 | + ipv4: |
| 102 | + enabled: false |
| 103 | + ipv6: |
| 104 | + enabled: false |
| 105 | +- name: eno2 <5> |
| 106 | + type: ethernet |
| 107 | + state: up |
| 108 | + ipv4: |
| 109 | + enabled: false |
| 110 | + ipv6: |
| 111 | + enabled: false |
| 112 | +# ... |
| 113 | +---- |
| 114 | +<1> Specify an additional bridge, such as `br-phy`, to manage custom network rules that the OVN-Kubernetes CNI adds to the network environments. |
| 115 | +<2> Enables `balance-slb` mode for the OVS bridge interface. |
| 116 | +<3> Specify the OVS virtual interface that uses an uplink switch to connect the additional bridge with the br-ex bridge. |
| 117 | +<4> Specify the OVS virtual interface that uses an uplink switch to connect the br-ex bridge with the additional bridge. |
| 118 | +<5> Specify the physical interfaces that exist on your primary network. |
| 119 | ++ |
| 120 | +.. For Kernel bonding, |
| 121 | +
|
| 122 | +. Use the `cat` command to base64-encode the contents of the NMState configuration: |
| 123 | ++ |
| 124 | +[source,terminal] |
| 125 | +---- |
| 126 | +$ cat <nmstate_configuration>.yaml | base64 <1> |
| 127 | +---- |
| 128 | +<1> Replace `<nmstate_configuration>` with the name of your NMState resource YAML file. |
| 129 | +
|
| 130 | +. For static IP address assignment, manually reboot each node that exists in your cluster. For DHCP address assignment, you can reboot all nodes in one reboot operation. |
| 131 | +
|
| 132 | +. Optional: If after the reboot operation and you waited a few minutes, a node or some nodes do not have the `READY` status, enter the following commands: |
| 133 | ++ |
| 134 | +.. Check the current state of an Open vSwitch (OVS) configuration, especially details about bridges, ports, and interfaces, by entering the following command: |
| 135 | ++ |
| 136 | +[source,terminal] |
| 137 | +---- |
| 138 | +$ ovs-vsctl show |
| 139 | +---- |
| 140 | ++ |
| 141 | +.. If you identify the `Bridge br-ex` entry in the output, delete the entry by running the following command: |
| 142 | ++ |
| 143 | +[source,terminal] |
| 144 | +---- |
| 145 | +$ ovs-vsctl del-br br-ex |
| 146 | +---- |
| 147 | +
|
| 148 | +. Use the `nmstate` utility tool to apply the NMState configuration to each node in your cluster: |
| 149 | ++ |
| 150 | +[source,terminal] |
| 151 | +---- |
| 152 | +$ nmstatectl apply node.yml |
| 153 | +---- |
| 154 | +endf::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] |
| 155 | +
|
| 156 | +ifeval::["{context}" == "ipi-install-post-installation-configuration"] |
| 157 | +:!postinstall-bare-metal: |
| 158 | +endif::[] |
| 159 | +ifeval::["{context}" == "bare-metal-configuration"] |
| 160 | +:!postinstall-bare-metal: |
| 161 | +endif::[] |
0 commit comments