Open Source Backends for OpenStack Neutron


Published on

An overview of the Open Source Backends for the OpenStack Neutron API. This was presented at the OpenStack Juno Summit in Atlanta, May 2014.

Published in: Technology, Education

Open Source Backends for OpenStack Neutron

  1. 1. An overview of Open Source Backends for Openstack Neutron
  2. 2. Summary ● Neutron plugins recap ● Neutron’s built-in solution ● Open source alternatives ○ Open DayLight ○ Ryu Network OS ○ Open Contrail
  3. 3. What this talk is NOT about ● Competitive analysis of open source backends ● Telling you which backend would be right for your deployment ● The holy grail of the infinitely scalable open source backend
  4. 4. What this talk is about ● Enumerating open source alternative for Neutron backend ● Providing an overview of such backends and how they integrated with Openstack Neutron ● Proving that Neutron’s “agents” are not the only alternative to commercial backends
  5. 5. Neutron plugins recap ● Modular (ML2) Plugin ○ A common layer for DB management and resource allocation; transport/technology specific drivers ● Standalone Core Plugin ○ Implementation of one or more interfaces to serve a particular backend technology or platform ● Both ML2 drivers or standalone plugins can either be commercial or open-source ● Both commercial and open source plugin/drivers are required to pass integration testing
  6. 6. Neutron’s built-in solution ● L2/L3 connectivity ● IPAM ● East/West routing ● External gateway & floating IPs ● Implemented by: ○ ML2 plugin with OVS agent mech driver ○ OVS Layer-2 agent ○ Layer-3 agent + DHCP agent ● Load Balancing, VPN, and firewall served by distinct “service plugins”
  7. 7. Neutron’s built-in solution Neutron Server ML2 with Open vSwitch Mechanism Driver and GRE transport ML2 L3 base plugin OVS Mech Driver AMQP bus RPC RPC REST OVS Agent OVS Agent OVS Agent LB Agent L3 Agent L3 Agent LB Agent
  8. 8. Neutron’s built-in solution Installation via devstack local.conf ○ enable_service neutron q-l3 q-agt q-svc q-dhcp q-meta ./
  9. 9. Neutron’s built-in solution: limits Careful messaging needed here. ● Point to scalability limits of the L2 agent ● Point to limit of the L3 agents only if the OSS backends discussed here have viable alternatives ● Neutron’s developer community is a mix of web app developers, distributed systems experts and network programmers. ○ Focus is not exclusively on networking
  10. 10. L2Population ML2 Driver ● An overlay MechanismDriver for ML2 ○ Optimized by pre-populating forwarding tables of both OVS and Linuxbridge forwarding planes to decrease broadcast traffic ○ Utilizes both VXLAN and GRE tunnels ● Two main implementation details ○ Local ARP responder on each host ■ Linuxbridge support in Havana, OVS support in Juno ○ Forwarding table population on each host ● More information: ○
  11. 11. Before ML2 L2 Population MechanismDriver Host 1 Host 2 Host 3Host 4 Host 1 VM A VM G VM E VM D VM B VM C VM F VM H VM I “VM A” wants to talk to “VM G.” “VM A” sends a broadcast packet, which is replicated to the entire tunnel mesh.
  12. 12. With ML2 L2 Population MechanismDriver Host 1 Host 2 Host 3Host 4 Host 1 VM A VM G VM E VM D VM B VM C VM F VM H VM I The ARP request from “VM A” for “VM G” is intercepted and answered using a pre-populated neighbor entry. Proxy Arp Traffic from “VM A” to “VM G” is encapsulated and sent to “Host 4” according to the bridge forwarding table entry.
  13. 13. Try L2Population with devstack ● Setup your local.conf to use L2Population with LB Q_PLUGIN=ml2 Q_AGENT=linuxbridge Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,l2population Q_ML2_TENANT_NETWORK_TYPE=vxlan,gre ... [[post-config|/$Q_PLUGIN_CONF_FILE]] [vxlan] enable_vxlan=true local_ip=$HOST_IP l2_population=True ● More information (including OVS setup with L2Population) ○
  14. 14. OpenContrail ● OpenContrail is an extensible networking system covering two primary use cases: ○ Cloud Networking ○ Network Function Virtualization ● Consists of two components: ○ OpenContrail Controller ■ Configuration, Control, and Analytics nodes ○ OpenContrail vRouter ●
  15. 15. Open Contrail: Openstack integration ● VM bringup with OpenContrail: ○ Nova instructs the Nova Agent on the compute node to create the VM ○ Nova Agent gets network attributes from OpenContrail Plugin ○ Once VM is created, Nova Agent communicates to vRouter ○ vRouter configures the virtual network for the VM
  16. 16. Neutron with Open Contrail diagram OpenStack Nova Contrail Neutron Plugin Compute Node OpenStack Nova Agent vRouter Agent (user space) Configuration Node Contrail Node
  17. 17. Try OpenContrail with devstack ● Pull the devstack with OpenContrail support ○ git clone ● Setup your local.conf ○ ENABLE_CONTRAIL=yes ○ Q_PLUGIN=contrail ○ PHYSICAL_INTERFACE=eth0 ● This will enable a single node OpenContrail setup with devstack ● For more information: ○ devstack-plus-opencontrail/
  18. 18. OpenDaylight ● OpenDaylight is an Open Source Software Project under the Linux Foundation with the goal of furthering the adoption of SDN ○ Three pillars: Code, Acceptance, and Community ● OpenDaylight is building an evolvable SDN platform capable of handling a diverse set of use cases ○ IaaS network orchestration is an important use case ● Releases: ○ Hydrogen: February 2014 ○ Helium: Tentatively slated for September 2014 ○ Three release types: ■ Base, Virtualization, and Service Provider ● Eclipse Public License – v 1.0 (EPL) ●
  19. 19. Open DayLight Openstack integration ● OpenStack Neutron ML2 MechanismDriver upstreamed in Icehouse ● REST proxy, passes API calls into OpenDaylight ● Utilized by any provider’s southbound in ODL ○ Examples: VTN, OVSDB Plugin, OpenDove ● Solution still requires Neutron DHCP and L3 agents ○ Support for this planned for Helium release
  20. 20. Neutron with Open DayLight diagram Neutron Node Neutron Server ML2 Plugin w/ ODL Driver Network Node L3 Agent OVS DHCP Agent Compute Node OVS OpenDaylight Node ODL Server REST API RPCs OpenFlow and OVSDB Neutron API Service OVSDB Plugin
  21. 21. Try OpenDaylight With devstack ● Setup your local.conf ○ Q_ML2_PLUGIN_MECHANISM_DRIVERS=opendaylight ○ enable_service odl-server odl-compute ● This will enable a single-node OpenDaylight devstack setup ○ Additional compute nodes only need “enable_service odl-compute” set ● Checkout lib/opendaylight for more configuration options
  22. 22. Ryu Network OS ● Ryu is a component-based SDN framework ○ Supports OpenFlow 1.0, 1.2, 1.3, 1.4, and Nicira extensions ○ Apache 2.0 license ○ Written in Python ● Supports a variety of protocols for managing network devices ○ OpenFlow, Netconf, OF-config, SNMP ●
  23. 23. Ryu Openstack integration ● Ryu is integrated into OpenStack in two ways: ○ A standalone plugin ○ An ML2 MechanismDriver (ofagent) ● Multi tenant network support ○ Mac address based ○ VLAN ○ GRE tunnel ● Ryu supports port-binding ○ Ryu agent or ofagent must be running on the host ●
  24. 24. Neutron with Ryu diagram Neutron Node Neutron DB (network ID, key) Neutron Server RYU Plugin Ryu Node Ryu Server Network Node L3 Agent Ryu Agent Compute Node Ryu Agent OVS OVS
  25. 25. Try Ryu with devstack ● Setup your local.conf ○ Q_ML2_PLUGIN_MECHANISM_DRIVERS=ofagent,l2population ○ Q_AGENT=ofagent ○ ENABLE_TENANT_TUNNELS=True ○ Q_ML2_TENANT_NETWORK_TYPE=gre ○ [[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]] ○ [agent] ○ l2_population=True ● This enables a single-node ofagent setup with Ryu ● More information: ○ IceHouse-environment-HOWTO
  26. 26. Summary ● Many options in the Open Source Arena for Neutron Plugins ○ Innovation is ongoing in this area ● No “one size fits all”