Quantum diablo summary
Upcoming SlideShare
Loading in...5

Quantum diablo summary



Slides from OpenStack Design Summit presentation on the Quantum, a virtual network service.

Slides from OpenStack Design Summit presentation on the Quantum, a virtual network service.



Total Views
Views on SlideShare
Embed Views



26 Embeds 42,845

http://openvswitch.org 42457
http://www.ibenit.com 151
http://www.hillos.org 48
http://translate.googleusercontent.com 36
http://localhost:8888 35
http://webcache.googleusercontent.com 25
http://openvswitch.com 24
http://rm-fr.kr 20 14
http://www.openvswitch.org 7
http://paper.li 4
http://twitter.com 3
http://honyaku.yahoofs.jp 3
http://joearnold.com 2
http://localhost 2 2
url_unknown 2
http://openvswitch.org.sixxs.org 2
http://posterous.com 1
http://translate.yandex.net 1
http://cache.baiducontent.com 1 1
https://twitter.com 1
https://www.google.com 1
http://baidu.proxywhy.com 1
http://xianguo.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Quantum diablo summary Quantum diablo summary Presentation Transcript

  • Openstack Quantum:Virtual Networks for OpenStack
    Dan Wendlandt – dan@nicira.com
  • Outline
  • What is Quantum?
    Astandalone Openstackservice
    Provides network connectivity between a set of network “interfaces” from other service (e.g., vNICs from compute service, interfaces on a load-balancer service).
    Exposes API of logical abstractions for describing network connectivity + policy between interfaces.
    Uses a “plug-in” architecture, so multiple technologies can implement the logical abstractions.
    Provides a “building block” for sophisticated cloud network topologies.
  • What is Quantum NOT?
    Something that provides all network-related processing behavior.
    Initial focus is on connectivity.
    Other advanced services like load-balancers, firewalls, etc can “plug” into a network offered by Quantum.
    IP address management (see next talk on IPAM)
    Orchestration of multiple network-related building blocks to provide higher-level abstractions to tenants (see talk on Donabe)
  • Example Architecture: Single Service
    Openstack Dashboard
    Tenant API
    Tenant API
    Quantum Service
    Nova Service
    Admin API
    Quantum Plugin
    Internal nova
    XenServer #1
    Internal Plugin
  • Example Architecture: Two Services
    Tenant API
    Quantum Service
    Network Edge:
    Point at which a service “plugs” into the network.
    Quantum Plugin
    Internal Plugin
    Firewall Service
    Compute Service
    Tenant API
    Tenant API
  • Virtual Network Abstractions (1)
    Services (e.g., nova, atlas) expose interface-IDs via their own tenant APIs to represent any device from that service that can be “plugged” into a virtual network.
    Example: nova.foo.com/<tenant-id>/server/<server-id>/eth0
    Tenants use Quantum API to create networks, get back UUID:
    Example: quantum.foo.com/<tenant-id>/network/<network-id>
    Tenants can create ports on a network, get a UUID, and associate config with those ports (APIs for advanced port config are TBD, initially ports give L2 connectivity):
    Example: quantum.foo.com/<tenant-id>/network/<network-id>/port/<port-id>
    Tenants can “plug” an interface into a port by setting the attachment of a port to be the appropriate interface-id.
    Example: set quantum.foo.com/<tenant-id>/network/<network-id>/port/<port-id>/attach to value “nova.foo.com/<tenant-id>/server/<server-id>/eth0” .
  • Virtual Network Abstractions (2)
    Note: At no time does the customer see details of how a network is implemented (e.g., VLANs).
    Association of interfaces with network is an explicit step.
    Plugins can expose API extensions to introduce more complex functionality (e.g., QoS). Extension support is queriable, so a customer can “discover” capabilities.
    API extensions that represent common functionality across many plug-ins can become part of the core API.
    Core API for diablo is simple, focused on connectivity. Core API will evolve.
  • Example Scenario:
    Nova i-24
    Nova i-26
    Nova i-22
    Nova i-23
    GW Instance-1
    Private Net #2
    Private Net #1
    Provider View
    Nova i-24
    Nova i-26
    Nova i-26
    Data Center
    GW Instance-1
    Nova i-24
    NAT Gateway Service
    Compute Service
  • Live Demo…
  • Why Quantum?
    API gives ability to create interesting network topologies.
    Example: create multi-tier applications
    Provide way to connect interconnect multiple Openstack services (*-aaS).
    Example: Nova VM + Atlas LB on same private network.
    Open the floodgates to let anyone build services (open or closed) that plug into Openstack networks.
    Examples: VPN-aaS, firewall-aaS, IDS-aaS.
    Allows innovation plugins that overcomes common cloud networking problems
    Example: avoid VLAN limits, provide strong QoS
  • How? Quantum Design Goals
    Decoupled from nova and other services
    Communication between quantum and another service should happen via well-defined Rest API (not direct python calls, no nova RPC, not shared understanding of database schemas)
    Be able to run without nova.
    Flexible enough to support plugins for many different “network edges”:
    Bridge / Open vSwitch on Linux
    Vmware DVS / Nexus 1000V
    Physical switches
    Physical switches with VEPA / VNtag
  • How? Inside Quantum
    Plugin interface maps to “core” tenant API + admin API.
    “Network agents” running on nova hypervisor fit within this model.
    Plugin might manage just the network edge (e.g., a vswitch), or all network devices.
    Tenant API
    Admin API
    Auth (talk to Keystone)
    API Limits
    Communicate with external devices in a plugin-specific way to implement logical abstractions from the tenant API.
  • Edge Bindings
    Services that expose interface-IDs must tell quantum where that interface is currently “plugged” into the network.
    We call this an “edge binding”
    Impl still fuzzy: Quantum may support an admin API that allows other services to register <interface-id, interface-location> pairs with Quantum.
    Many different “types” of interface-location data:
    XenServer: VIF-UUID
    Cisco 1000v: veth0 device
    Physical Hosting: physical switch ID + port number
    Openstackdeployers must make sure all services able to “speak” a interface-location type supported by the switch.
    There will be a “default” type supported by an open source plugin (VLAN based, like nova today?)
  • Simple Plug-in Example with VLANs
    Similar to what Nova does for private networks:
    One VLAN per “network”.
    Hypervisor NIC is VLAN trunk, all switches are trunked.
    When an interface-ID is associated is associated with a network, plugin uses the edge binding to find the interface-location (a port on a vswitch) and puts that port on the correct VLAN.
  • Plans for Diablo timeframe
    “experimental” Quantum plug-in
    Plug-in Agnostic:
    Create API, including way for plugin to register extensions.
    Store “ownership” + integrate with keystone for auth.
    Implement “edge bindings” database + API.
    At least one (hopefully more!) open-source plugin that anyone can use to experiment with Quantum.
    Perform “edge bindings” integration with nova and at least one other service.
  • This is Just the Beginning….
    Our goals within Diablo time frame are well scoped.
    Quantum is a building block, not the entire solution for all networking problems.
    Goal is to make sure Quantum design for Diablo does not preclude doing things we will likely consider important in the future.
  • Many important questions remain:
    How should knowledge of the network topology and resources/capacity be used to influence workload placement decisions by the scheduler?
    What should be included in a broader set of core APIs (QoS, packet stats, ACLs, etc) in future iterations?
    Is L2 VPN (e.g., to customer site) a part of this core API, ok something the “plugs” into a virtual network?
    How to expose attributes of the physical network (e.g., redundant NICs) via the logical model?
    <Insert your question here…>