What's new in virtual
OpenStack networking
from eNovance import Neutron
Founded
2008

Sylvain Afchain

•  Senior Developer
•  Neutron contributor

Emilien Macchi

• ...
Neutron

“Pluggable, scalable, APIdriven network and IP
management”
New features in Havana
Before ML2...
Neutron server
with
Open-vSwitch
plugin

OR

Neutron server
with
Linux Bridge
plugin

OR...
ML2 (Modular Layer 2)

•  New reference plugin
•  Handles numerous of L2 technologies: Flat, VLAN,
• 
• 

VXLAN, GRE
Works...
Before L2 population...

Full mesh
With L2 population
Partial mesh
FWaaS
Without...
VM

Layer 2
Layer 3

VM

BR-INT
VROUTER
BR-EX

SECURITY
GROUPS
FWaaS
With...
VM

Layer 2
Layer 3

VM

VM

BR-INT

SECURITY
GROUPS

VM

BR-INT

VROUTER

VROUTER

BR-EX

BR-EX

SECURITY
G...
FWaaS (Firewall as a Service)

•  Service plugin + Agent + Drivers
•  Concept: IPtables rules on virtual routers
•  Driver...
VPNaaS (virtual private network)

•  Scope: Layer 3 Site-to-site (IPsec)
•  Experimental in Havana
•  Only preshared keys,...
VPNaaS
VM

VM

10.0.0.4

VM

10.0.0.5

10.1.0.5

10.1.0.1

10.0.0.1

Router

Router

172.24.1.21

172.24.1.22

VPN
172.24....
Metering

•  Service plugin + Agent + Drivers
•  Concept: IPtables rules on virtual routers
•  Drivers: IPtables
•  Collec...
Roadmap to Icehouse
L3 high availability

•  Bring high availability on virtual routers
•  Delete SPOF in L3 Agent
•  Allow routers to be sche...
L3 high availability
Without...
VM

L2 Agent
L3 Agent

VM

BR-INT
VROUTER
BR-EX

Internet

VM lost
connectivity
L3 high availability
With...

Without...
VM

L2 Agent
L3 Agent

VM

VM

BR-INT

BR-INT
VROUTER

VROUTER
BR-EX

Internet

V...
L3 on edge? (proposal)

•  Move floating IP on compute nodes
•  Improve North-South traffic
•  VMs without floating IP con...
Havana follow-up

•  VPNaaS: SSL support with OpenVPN driver
•  VPNaaS: Layer 2 private networks (L2TP, MPLS)
•  LBaaS: ne...
Icehouse: new puppies

•  L2 driver for OpenDaylight
•  Framework for Advanced Services in Virtual Machines
•  Neutron ser...
Questions ?
sylvain@enovance.com

emilien@enovance.com
@eNovance
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutron ?
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutron ?
Upcoming SlideShare
Loading in...5
×

OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutron ?

1,224

Published on

Paris, 5th December 2013 : OpenStack in Action 4! organized by eNovance, brings together members of the OpenStack community.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,224
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
76
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutron ?"

  1. 1. What's new in virtual OpenStack networking
  2. 2. from eNovance import Neutron Founded 2008 Sylvain Afchain •  Senior Developer •  Neutron contributor Emilien Macchi •  OpenStack Engineer •  Automation, deployments Team 90+ Growth 200% Clients 200+
  3. 3. Neutron “Pluggable, scalable, APIdriven network and IP management”
  4. 4. New features in Havana
  5. 5. Before ML2... Neutron server with Open-vSwitch plugin OR Neutron server with Linux Bridge plugin OR...
  6. 6. ML2 (Modular Layer 2) •  New reference plugin •  Handles numerous of L2 technologies: Flat, VLAN, •  •  VXLAN, GRE Works with existing drivers: Linux Bridge, Open-vSwitch, Arista, Cisco, Hyper-V New mechanism: L2 population (partial-mesh and forwarding table population)
  7. 7. Before L2 population... Full mesh
  8. 8. With L2 population Partial mesh
  9. 9. FWaaS Without... VM Layer 2 Layer 3 VM BR-INT VROUTER BR-EX SECURITY GROUPS
  10. 10. FWaaS With... VM Layer 2 Layer 3 VM VM BR-INT SECURITY GROUPS VM BR-INT VROUTER VROUTER BR-EX BR-EX SECURITY GROUPS FIREWALL
  11. 11. FWaaS (Firewall as a Service) •  Service plugin + Agent + Drivers •  Concept: IPtables rules on virtual routers •  Drivers: IPtables or vArmour •  Complements Security Groups
  12. 12. VPNaaS (virtual private network) •  Scope: Layer 3 Site-to-site (IPsec) •  Experimental in Havana •  Only preshared keys, no certificates •  OpenSwan as default driver
  13. 13. VPNaaS VM VM 10.0.0.4 VM 10.0.0.5 10.1.0.5 10.1.0.1 10.0.0.1 Router Router 172.24.1.21 172.24.1.22 VPN 172.24.1.0/24
  14. 14. Metering •  Service plugin + Agent + Drivers •  Concept: IPtables rules on virtual routers •  Drivers: IPtables •  Collects traffic counters with labels and sends to Ceilometer •  Next steps: use metering for Layer 3 scheduling
  15. 15. Roadmap to Icehouse
  16. 16. L3 high availability •  Bring high availability on virtual routers •  Delete SPOF in L3 Agent •  Allow routers to be scheduled on two L3 Agents •  Master / Slave model •  VIP managed by Keepalived •  TCP sessions managed by conntrackd •  Add new L3 schedulers
  17. 17. L3 high availability Without... VM L2 Agent L3 Agent VM BR-INT VROUTER BR-EX Internet VM lost connectivity
  18. 18. L3 high availability With... Without... VM L2 Agent L3 Agent VM VM BR-INT BR-INT VROUTER VROUTER BR-EX Internet VM VM lost connectivity VROUTER BR-EX Internet 2 L3 Agents External connectivity is backuped
  19. 19. L3 on edge? (proposal) •  Move floating IP on compute nodes •  Improve North-South traffic •  VMs without floating IP continue to use L3 agent to •  reach external networks VMs with floating IP reach external network on the compute edge.
  20. 20. Havana follow-up •  VPNaaS: SSL support with OpenVPN driver •  VPNaaS: Layer 2 private networks (L2TP, MPLS) •  LBaaS: new drivers (vendors) •  Metering: improve API to get traffic counters
  21. 21. Icehouse: new puppies •  L2 driver for OpenDaylight •  Framework for Advanced Services in Virtual Machines •  Neutron server is multi-workers •  More Tempest coverage (QA) •  L3 scheduling improvements
  22. 22. Questions ? sylvain@enovance.com emilien@enovance.com @eNovance
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×