OpenStack Neutron Havana Overview - Oct 2013

14,478 views
14,108 views

Published on

Presentation about OpenStack Neutron Overview presented during three meet-ups in NYC, Connecticut and Philadelphia during October 2013 by Edgar Magana from PLUMgrid

Published in: Technology
0 Comments
25 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
14,478
On SlideShare
0
From Embeds
0
Number of Embeds
105
Actions
Shares
0
Downloads
1,166
Comments
0
Likes
25
Embeds 0
No embeds

No notes for slide

OpenStack Neutron Havana Overview - Oct 2013

  1. 1. OpenStack Overview Havana October 2013 Edgar Magana, PhD OpenStack Core Developer (Neutron)
  2. 2. Session Agenda NO! © 2013 PLUMgrid. All rights reserved.
  3. 3. Acknowledgments Big Thanks to Great Developers in OpenStack Community & OpenStack Foundation Information presented here are sourced from my own experience as OpenStack developer/user and from OpenStack Foundation Documents & Community Views and Technical points expressed here are solely presenter’s and doesn’t reflect his employer views/ positions or OpenStack Foundation in anyway.
  4. 4. What is OpenStack? §  OpenStack is a cloud management system that controls large pools of compute, storage, and networking resources throughout a datacenter, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface. © 2013 PLUMgrid. All rights reserved.
  5. 5. OpenStack: A Brief History NASA Launches Nebula One of the first cloud computing platforms built for Federal Government Private Cloud March 2010: Rackspace Open Sources Cloud Files software, aka Swift May 2010: NASA open sources compute software, aka “Nova” June 2010: OpenStack is formed July 2010: The inaugural Design Summit April 2012: OpenStack Foundation April 2013: Grizzly Release Nov 2013: Havana Release Quantum à Neutron April 2014: Icehouse Release © 2013 PLUMgrid. All rights reserved. nebula.nasa.gov
  6. 6. OpenStack Community © 2013 PLUMgrid. All rights reserved.
  7. 7. OpenStack Core Services Compute ("Nova") provides virtual servers upon demand. Compute resources are accessible via APIs for developers building cloud applications and via web interfaces for administrators and users. The compute architecture is designed to scale horizontally on standard hardware, enabling the cloud economics companies have come to expect. Network (”Neutron") is a pluggable, scalable and API-driven system for managing networks and IP addresses. Like other aspects of the cloud operating system, it can be used by administrators and users to increase the value of existing datacenter assets. Block Storage ("Cinder") provides persistent block storage to guest VMs. This project was born from code originally in Nova (the nova-volume service described below). Dashboard ("Horizon") provides a modular web-based user interface for all the OpenStack services. © 2013 PLUMgrid. All rights reserved.
  8. 8. OpenStack Core Services Object Store ("Swift") provides object storage. It allows you to store or retrieve files (but not mount directories like a fileserver) Image ("Glance") provides a catalog and repository for virtual disk images. These disk images are mostly commonly used in OpenStack Compute. Identity ("Keystone") provides authentication and authorization for all the OpenStack services Orchestration (“Heat”) orchestrates multiple cloud applications using the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API Metering (“Ceilometer”) monitoring and metering framework using an agentless from 3rd party systems, all is natively implemented in OpenStack Documentation (“What’s up doc?) How many in total? 21 https://wiki.openstack.org/wiki/Programs © 2013 PLUMgrid. All rights reserved.
  9. 9. OpenStack Core Services - Conceptual docs.openstack.org © 2013 PLUMgrid. All rights reserved.
  10. 10. OpenStack Core Services - Conceptual docs.openstack.org © 2013 PLUMgrid. All rights reserved.
  11. 11. Level three and she thinks she is rich! What a noob! docs.openstack.org © 2013 PLUMgrid. All rights reserved.
  12. 12. OpenStack Core Services - Logical docs.openstack.org © 2013 PLUMgrid. All rights reserved.
  13. 13. Neutron
  14. 14. www.cafepress.com © 2013 PLUMgrid. All rights reserved.
  15. 15. Neutron - Overview §  Incubation project in April 2011 §  Promoted to Core Project at Folsom Summit (April 2012) §  Neutron Solves two main issues in Nova – Network: Limited networking technology 1.  Ÿ  Basic linux bridging-based implementation Ÿ  Limited features (missing ACL, QoS, …) Ÿ  Limited multi-tenancy isolation – 802.1q VLAN tags. Limited User/Tenant control over the network 2.  Ÿ  Tenant can not create their own network topologies Ÿ  Tenant can not leverage different network virtualization technologies 15   © 2013 PLUMgrid. All rights reserved.
  16. 16. OpenStack Networking - Neutron Network as a Service (NaaS) §  Provides REST APIs to manage network connections for the resources managed by other OpenStack Services (e.g. Nova) §  Technology Agnostic (framework based on “plug-ins”) §  Multi-tenancy: Isolation, Abstraction, full control over virtual networks §  Modular Design: API specifies service, vendor provides its implementation. Extensions for vendor-specific features. §  Standalone Service : It is not exclusive to OpenStack. Neutron is an autonomous service §  Exposes vendor-specific network virtualization and SDN technologies © 2013 PLUMgrid. All rights reserved.
  17. 17. What does Neutron do? §  Complete control over the following network resources in OpenStack §  Networks, Ports and Subnets §  §  Build complex network topologies based on user/tenant input Assigns its own network segmentation process Limited L3 functionality (IP tables rules at host level) §  Just one plugin at the time §  §  Modular Layer 2 (ML2) §  Cisco Plugin supports OVS + NXOS + N1Kv Meta-plugin (based on zones-flavors) Focused on VNI (Virtual Networking Infrastructure) §  Basic VLAN configuration on the Physical Switch (NXOS, Arista, Brocade, etc…) §  §  © 2013 PLUMgrid. All rights reserved.
  18. 18. What doesn’t Neutron do? §  §  §  §  Discovery of the network physical infrastructure Any L3 real configuration (router plugin is in progress) Synch mechanisms with other network management systems §  Note: Neutron Plugins could delegate this work Any configuration at the aggregation layer and/or edge layer §  Basic configuration at the access layer © 2013 PLUMgrid. All rights reserved.
  19. 19. Neutron Architecture Neutron API API Extensions Neutron Service Neutron Plug-in API Service API (VPN, FW & LBaaS) Plug-In Implementation Plug-In Extensions VNI & PNI Virtual & Physical Networking Infrastructure © 2013 PLUMgrid. All rights reserved.
  20. 20. Neutron Plug-Ins Neutron Plugins - Havana §  Modular Layer 2 (ML2): §  §  ML2 can concurrently use multiple layer 2 networking technologies that are found in real-world data centers. §  §  New in Havana It currently works with the existing Open vSwitch, Linux Bridge, and Hyper-v L2 agents Linux Bridge (deprecated): §  §  §  Build isolated networks with VLAN interfaces and Linux Bridge Works with every Linux distro Open vSwitch (deprecated): §  §  §  Builds isolated networks with OVS and L2-in-L3 tunnels. Supports GRE and VXLAN tunnels PLUMgrid: §  §  Cisco: §  §  NXOS and N1Kv NTT-Data Ryu: §  §  Acts as a proxy for the PLUMgrid Director and IOVisor technology Acts as a proxy for the NTT Ryu platform NEC, Hyper-V, Brocade, … © 2013 PLUMgrid. All rights reserved.
  21. 21. Neutron Services - Havana Neutron Services §  Load Balancer as a Service (LBaaS): §  §  HA Proxy support §  §  Stable release Vendor specific framework in place Virtual Private Network as a Service (VPNaaS): §  §  Site-to-Site configuration §  §  IPsec support Single-site-to-Multi-site configuration Firewall as a Service (FWaaS): §  Separate FW service §  IP tables support §  Vendor specific service can be included source: wiki.Openstack.org © 2013 PLUMgrid. All rights reserved.
  22. 22. OpenStack Network Deployment Architecture © 2013 PLUMgrid. All rights reserved.
  23. 23. VM booting workflow between nova and neutron 1.  nova boot will get into compute driver, which will call neutron api to create port 2.  neutron-server creates the port object and allocates it with ip address from subnets 3.  neutron-server notifies neutron-dhcp agent with the created port object 4.  neutron-dhcp agent configs the dhcp server with the port object, such as IP, Mac, gateway and routes 5.  compute-driver gets the network information, and then create port on br-int soft-switch, and then starts the VM with a tap device attached on the soft-switch port. 6.  soft-neutron-agent detects and gets to know there is a new soft-switch port created 7.  soft-neutron-agent asks information from neutron-server 8.  soft-neutron-agent set up the port, such as the flows and vlan id of the soft-switch port. After this step, the VM's network is connected. 9.  VM gets the IP address with the dhcp client. © 2013 PLUMgrid. All rights reserved. 2
  24. 24. Neutron Network Internals © 2013 PLUMgrid. All rights reserved.
  25. 25. OpenStack Network ML2 © 2013 PLUMgrid. All rights reserved. source:  openstack.docs      
  26. 26. OpenStack Network ML2 © 2013 PLUMgrid. All rights reserved.
  27. 27. Neutron Deployment Components – ML2 Components L3-Agent (FW & NAT) Neutron server & plug-in Plugin Agent (soft-switch) Queue DB DHCP Agent Service-LBaaS Agent Service-VPNaaS Agent Neutron Server Implement REST APIs and its extensions Enforce network model Network, subnet, and port IP addressing to each port (IPAM) Soft-switch Plugin agent Run on each compute node Connect instances to network port DHCP Agent In multi-host mode, run on each compute node (deferred) Start/stop dhcp server Maintain dhcp configuration L3 Agent To implement floating Ips and other L3 features, such as NAT One per network Queue Enhance communication between each components of neutron DB Persistent network model © 2013 PLUMgrid. All rights reserved.
  28. 28. Neutron - Summary §  Neutron community is growing – Support is guaranteed §  Pluggable Architecture – All vendors are welcome §  Testing is always our first priority §  Code quality is one of the top ones §  Features are always coming in but testing is a must §  All works with opensource technologies §  §  Analytics are minimal §  §  Performance is always a concern Debugging is challenging Neutron offers migration paths are available from release to release 28   © 2013 PLUMgrid. All rights reserved.
  29. 29. © 2013 PLUMgrid. All rights reserved.
  30. 30. © 2013 PLUMgrid. All rights reserved.
  31. 31. PLUMgrid © 2013 PLUMgrid. All rights reserved.
  32. 32. © 2013 PLUMgrid. All rights reserved.
  33. 33. PLUMgrid in OpenStack PLUMgrid Neutron Plugin Adds: •  Increased Control •  Virtual Domains •  Simplified Isolation •  Advanced Functionality •  Complete Network Services •  No OVS or Flat Networks Nova Neutron Compute Network Glance Swift Cinder •  Increased Scale •  No VLANs, no agents, no OpenFlow •  Open Platform •  Add 3rd Party Network Functions •  Network Visibility •  Storage PLUMgrid Analytics and Monitoring Proven OpenStack Neutron Plugin © 2013 PLUMgrid. All rights reserved. 33
  34. 34. Neutron Deployment Components – ML2 Components L3-Agent (FW & NAT) Neutron server & plug-in Plugin Agent (soft-switch) Queue DB DHCP Agent Service-LBaaS Agent Service-VPNaaS Agent Neutron Server Implement REST APIs and its extensions Enforce network model Network, subnet, and port IP addressing to each port (IPAM) Soft-switch Plugin agent Run on each compute node Connect instances to network port DHCP Agent In multi-host mode, run on each compute node (deferred) Start/stop dhcp server Maintain dhcp configuration L3 Agent To implement floating Ips and other L3 features, such as NAT One per network Queue Enhance communication between each components of neutron DB Persistent network model © 2013 PLUMgrid. All rights reserved.
  35. 35. Neutron Deployment Components – ML2 Components Simplify Neutron Model PLUMgrid Director Network Services: quick & simple (no extra agents) Neutron server & plug-in easy reliable NOVA VIF Drivers Queue DB new driver is being integrated in Havana (IOVISOR Driver) Neutron Virtual Network Functions (VNF) easy integration and deployment for VNFs Neutron Extensions Provider networks DHCP L3 … © 2013 PLUMgrid. All rights reserved.
  36. 36. Neutron with PLUMgrid Included in Havana Release: https://wiki.openstack.org/wiki/PLUMgrid-Neutron Testing with Devstack: # git clone http://github.com/openstack-dev/devstack.git # vim localrc: –  Q_PLUGIN=plumgrid –  PLUMGRID_DIRECTOR_IP = –  PLUMGRID_DIRECTOR_PORT = 8080 –  disable_service n-net –  disable_service n-cpu (optional) –  enable_service q-svc –  enable_service neutron –  LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver © 2013 PLUMgrid. All rights reserved.
  37. 37. Most Common Use Cases Overlapping IP Setup source ~/user_demo_one neutron net-create net1 neutron subnet-create net1 10.0.0.0/24 #use network_id nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm1-userone nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm2-userone source ~/user_demo_two neutron net-create net1 neutron subnet-create net1 10.0.0.0/24 nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm1-usertwo nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm2-usertwo Delete the vms: nova delete vm1-usertwo nova delete vm2-usertwo source ~/user_demo_one nova delete vm1-userone nova delete vm2-userone © 2013 PLUMgrid. All rights reserved. 3
  38. 38. Most Common Use Cases Public network source ./admin_user # Create shared network neutron net-create public --shared True neutron subnet-create --no-gateway public 10.10.0.0/24 source ~/user_demo_one nova boot --image <img_id> --flavor 1 --nic net-id=<net1-id> --nic net-id=<public-id> vm1-user1 source ~/user_demo_two nova boot --image <img_id> --flavor 1 --nic net-id=<net1-id> --nic net-id=<public-id> vm1-user2 Floating IP #create external network neutron net-create ext_net -- --router:external=True neutron subnet-create ext_net 1.1.1.0/24 -- --enable_dhcp=False # connect router to the upstream external network neutron router-gateway-set router1 ext_net # create some floating ips out of this external network neutron floatingip-create ext_net --port_id $VM2_PORT_IDil neutron floatingip-disassociate <floating_ip_id> © 2013 PLUMgrid. All rights reserved. 3
  39. 39. OpenStack Open Source Community
  40. 40. Neutron Release Cycle •  Grizzly Release (April 2013): L3 extensions API – XML DB Migration LBaaS (agent-based) Security Groups Quotas New Plugins (PLUMgrid) •  Havana Release (Nov, 2013) VPNaaS (agent-based) FWaaS (agent-based) Improve LBaaS Performance Improvements … © 2013 PLUMgrid. All rights reserved.
  41. 41. OpenStack Contribution •  Join the foundation §  https://wiki.openstack.org/wiki/HowToContribute §  Corporate Contributor License Agreement §  Individual Contributor License Agreement •  Blueprints and Bugs in Launchpad §  https://blueprints.launchpad.net/neutron §  https://bugs.launchpad.net/neutron/+bugs •  Code review in Gerrit §  https://wiki.openstack.org/wiki/GerritWorkflow §  https://review.openstack.org/#/q/status:open+project:openstack/neutron,n,z §  pep8 enforcement §  Python hacking rules: §  https://github.com/openstack/neutron/blob/master/HACKING.rst © 2013 PLUMgrid. All rights reserved.
  42. 42. Questions!
  43. 43. Network Service (Nova-Network) Overview
  44. 44. Introduction Network service / controller provides network related services to connect compute instances (VM) to network Nova has an embedded network component called Nova-Network that provides network related services Target network domain: L2 network connecting VMs to local (access) network A separate network service / controller called Neutron is a separate (from Nova) service on its own Target network domain: L2, L3 © 2013 PLUMgrid. All rights reserved. 45
  45. 45. Nova-Network §  Flat Mode §  All Instances are attached to a single Linux bridge §  IP addresses are injected into image on launch (from configuration file) §  FlatDHCP Mode §  Similar to Flat Mode with DHCP for IP addresses §  VLAN Network Mode: Default Mode §  A VLAN, Fixed IP Subnet, and Linux bridge per tenant §  Switch must support 802.1Q VLAN tagging §  Neutron Network Manager (code is being renaming in Havana release) §  A client (resident in Nova) for communication with Neutron Service © 2013 PLUMgrid. All rights reserved. 4
  46. 46. Flat Mode Towards Cloud DC Net or Public Net Private SW 11 SW 11 Controller Host Nova Compute Host 1 Hypervisor Nova Compute Host 2 Hypervisor ETH0 ETH0 br100 ETH0 br100 br100 ETH1 Bridging, NAT, DHCP TAP 1 TAP2 TAP3 TAP 4 TAP5 TAP6 vNIC vNIC vNIC vNIC vNIC vNIC OS OS OS OS OS OS WS1 App WS2 WS1 App WS2 VM1 VM2 VM3 VM4 VM5 Nova Controller with Nova-Network or Neutron Controller VM6 §  Outside communication via the controller node (where Nova-network is resident) §  Nova network component (or controller) can run in each compute node © 2013 PLUMgrid. All rights reserved. 47
  47. 47. VLAN Mode Towards DC Net or Public Net Private SW-Fab Nova Compute Host 1 Hypervisor Nova Compute ETH1 br0/ VLAN11 ETH1 br0 / VLAN11 br1 / VLAN 22 vNIC br1 / VLAN 22 TAP3 TAP1 TAP 4 TAP5 TAP6 vNIC vNIC vNIC vNIC OS OS OS OS OS OS WS1 App WS2 WS1 VM2 VM3 © 2013 PLUMgrid. All rights reserved. VM4 App VM5 ETH0 br0 / VLAN11 br0 / VLAN 22 vNIC VM1 Host n Hypervisor ETH1 TAP 0 Host 2 SW-Ext WS2 VM6 Nova with Nova-Network or Neutron Controller

×