SlideShare a Scribd company logo
1 of 34
Download to read offline
OpenStack
Networking
Giuseppe Cossu
Research Engineer
Webinar on October 5th, 2015 - 15:00 CET
Hello!
I am Giuseppe Cossu
I am an enthusiastic OpenStack user.
I work at Create-Net as Research
Engineer. Mainly involved on Cloud
Computing and Networking.
Contacts:
gcossu@create-net.org
http://it.linkedin.com/in/giuseppecossu/en
Agenda
■ Introduction
OpenStack Overview
■ Neutron
Overview
Main features with Live Demo
■ Networking Architecture
Main Components
Neutron server and agents
Modular Layer 2 (ML2) plugin
Type Driver, Mechanism Driver
DVR (Distributed Virtual Router)
L3 services on Compute Nodes
Advanced Services: FWaaS, LBaaS, VPNaaS
Introduction
OpenStack is a free and open-source cloud-computing
software platform
OpenStack Logical Architecture
Network as a Service
Openstack Networking Architecture
Management network
■ Used for internal OpenStack
communications
■ Connects all OpenStack
Components
Data network
■ Used for VMs data communication
External network
■ Used to provide VMs with Internet
access in some deployment
scenarios
■ The IP addresses on this network
should be reachable by anyone on
the Internet
API network
■ Exposes all OpenStack APIs to
tenants
■ The IP addresses on this network
should be reachable by anyone on
the Internet
What is Neutron?
“Neutron is an OpenStack project to provide Networking
as a Service (NaaS) between interface devices managed by
other Openstack services”
History: from nova-network to Neutron
■ nova-network is the original OpenStack networking
implementation
still available (but is going to be deprecated)
managed by administrator
Tenant can not create/manage networks
Limitations:
lack of API for networking services
basic model of performing isolation through Linux VLANs
and IP tables
limited networking technology (e.g. no L2-in-L3 tunneling,
no OpenFlow)
■ The OpenStack Neutron was called “Quantum”
renamed to “Neutron” for trademark issues
Neutron
■ Provides REST APIs to create and manage virtual
networks and network resources
■ Allows tenants having multiple private networks and
to choose their own IP addressing scheme
■ Enables advanced cloud networking use cases
e.g., multi-tiered web applications
■ Pluggable Architecture
a plugin is a back-end implementation of the Networking API
flexibility to choose different network virtualization
technologies (e.g. VLAN, GRE, VxLAN)
■ Plugins available (ML2 Mechanism Drivers):
Open vSwitch, Cisco (UCS/Nexus), Juniper (Opencontrail),
VMware NSX, OpenDaylight, Midonet, PLUMgrid, etc.
Live Demo
■ Live Demo using the
OpenStack Dashboard
graphical interface to
access, provision and
automate cloud-based
resources
■ The demo provides an
overview on the main
Neutron features
Neutron: networking resources & L2 functionalities (I)
■ Each tenant can create L2 private networks
Network: an isolated virtual layer-2 broadcast domain
It is reserved for the tenant who created it
■ ...and associate a sub-network to each network
Subnet: an IP address block (CIDR) that can be used to assign IP
addresses to virtual instances
It is possible to configure DNS, gateway and enable DHCP
Neutron: networking resources & L2 functionalities (II)
Virtual instances attach their VIF (Virtual network
InterFace) into ports:
■ Port: a virtual switch port on a logical network switch
Defines the MAC&IP addresses to be assigned to the interfaces
plugged into them
Typically a virtual network interface belonging to a VM
■ Each instance receive a Fixed IP on creation
Stay the same until the instance is explicitly terminated
Neutron: networking resources & L2 functionalities (III)
■ Each tenant can configure rich network topologies by
creating and configuring networks and subnets
having multiple private networks
choosing their own IP addressing scheme (even if those IP
addresses overlap with those used by other tenants)
■ Admin can create shared networks
The network resources can be accessed by any tenant
Neutron: networking resources & L3 functionalities (I)
In order to provide inbound/outbound Internet connectivity to VMs,
Neutron provides L3 functionality by means of:
■ External Network: a “virtual” network, that typically maps public
IP ranges available in the DC network
managed by admin
can be used as external gateway for internal tenant network or
create floating IPs and associate them with ports
■ Router: a logical entity used to:
interconnect subnets and forward traffic among them
NATing tenant network traffic to external networks
■ Floating IPs: IP addresses on an external network, typically
public, that can be dynamically associated with an instance
A Floating IP allows access to an instance on a private network
from an external network
Neutron: networking resources & L3 functionalities (II)
Scenario 1: Create an External Network and a Router
■ The router connects the private to the external network, offering
NAT functionality
■ Associate a floating IP to an internal port (e.g. access instances
from Internet)
Neutron: networking resources & L3 functionalities (III)
Scenario 2: Connect two private networks
■ The router connects private networks forwarding traffic among
them
Networking
Architecture
Neutron under the hood
Neutron Server and agents
■ Neutron-Server exposes the
Networking API and enable
administration of the
configured plug-in
The agents interact with the
main neutron process
through RPC or API
Neutron agents:
Neutron features
■ Modular Layer 2 (ML2) plugin
Core Plugin: it is bundled with OpenStack
allows to simultaneously utilize the variety of
layer 2 networking technologies
■ DVR (Distributed Virtual Router)
L3 forwarding and NAT are distributed to the
compute nodes
solves single points of failures and scalability
problems of the Network Node
■ Advanced Services, implemented as
service plugins
Load Balancer as a Service (LBaaS)
Virtual Private Network as a Service (VPNaaS)
Firewall as a Service (FWaaS)
L2
Connectivity
L3
Connectivity
L4-L7
Services
Neutron features
L2
Connectivity
Modular Layer 2 (ML2)
■ ML2 plugin is a framework allowing OpenStack Networking to
simultaneously utilize the variety of layer 2 networking technologies
The Type Driver maintains any needed type-specific network state, and
perform provider network validation and tenant network allocation
The Mechanism Driver is responsible for taking the information established by
the Type Driver and ensuring that it is properly applied given the specific
networking mechanisms that have been enabled
Network Segments (Type Driver)
■ Flat
all instances reside on the same network, which can also be shared
with the hosts
■ VLAN
allows users to create multiple networks using VLAN IDs (802.1Q) that
correspond to VLANs present in the physical network
■ VxLAN or GRE
network overlays to support private communication between
instances
each network receives a unique tunnel ID (up to 16 million logical
networks)
ML2 with Open vSwitch (OVS) Mechanism Driver
■ Open vSwitch (L2) agent:
communicates with the Neutron server over RPC
communicates directly with the local Open vSwitch instance to
configure flows to implement the logical data model
gathers the configuration and mappings from the database
applies Security Group rules
GRE Tunnels
Neutron features
L2
Connectivity
L3
Connectivity
Legacy Routing in Neutron
■ Network node IP forwarding:
Inter-subnet (east-west) traffic between VMs
Floating IP (north-south) traffic between VM and external network
Default SNAT (north-south) traffic from VM to external network
■ Issues:
Performance bottleneck
Scalability limitations
Single Point of Failure
Network Node Compute Node Compute Node
Internet
External Network
Data Network
VM1 VM2
Tenant Network
Distributed Virtual Router (DVR)
■ IP forwarding provided (also) by Compute nodes for local VMs
Inter-subnet (east-west) traffic between VMs
Floating IP (north-south) traffic between external and VM
■ Advantages:
Bypass network node improves performance
Scales with size of compute farm
Limited failure domain (per compute node)
■ Limitations:
Default SNAT function is still centralized
Network Node Compute Node Compute Node
Internet
External Network
Data Network
VM1 VM2
Tenant Network
Neutron features
L2
Connectivity
L3
Connectivity
L4-L7
Services
Load-Balancer-as-a-Service (LBaaS)
■ The LBaaS enable tenants to manage load balancers for their VMs
load-balance incoming traffic by distributing workloads to application
services running on VMs
LBaaS V2 API is experimental (stable on Liberty Release)
■ Load balancing methods to distribute incoming requests:
Round robin: rotates requests evenly between multiple instances
Source IP: requests from a unique source IP address are consistently
directed to the same instance
Least connections: allocates requests to the instance with the least
number of active connections
Firewall-as-a-Service (FWaaS)
■ FWaaS adds firewall management to Networking
operates at the perimeter to filter traffic at the neutron router
uses iptables to apply firewall policy to all routers within a project
supports one firewall policy and logical firewall instance per project
■ NOTE: Security Groups operate at the instance-level
Virtual-Private-Network-as-a-Service (VPNaaS)
■ The VPNaaS extension enables OpenStack tenants to extend
private networks across the internet:
Relates the VPN with a specific subnet and router for a tenant
Multiple VPN connections per tenant
Site-to-site VPN that connects two private networks
■ Configuration:
An IKE Policy is used for phase one and phase two negotiation of the
VPN connection
support with 3des, aes-128, aes-256, or aes-192 encryption
An IPsec Policy is used to specify the encryption algorithm, transform
protocol, and mode (tunnel/transport) for the VPN connection
support with 3des, aes-128, aes-192, or aes-256 encryption, sha1
authentication, ESP, AH, or AH-ESP transform protocol, and tunnel or
transport mode encapsulation
OpenStack Bootcamp
The main topics covered are:
Overview on OpenStack and its
architecture,
OpenStack networking;
Swift;
Ceilometer and its architecture,
Heat Overview;
OpenStack deployment.
At the end of the Bootcamp each
student will be able to:
Describe the architecture of an
OpenStack deployment;
Discuss the main functionalities of
OpenStack;
Deploy, configure and use the
Openstack services;
Create and manage VMs and
Virtual Networks;
Create and manage, suers, roles,
and quotas;
Use the OpenStack CLI and
Dashboard.
In partnership with Mirantis
For further information:
http://openstack.create-net.org
openstack@create-net.org
■ OpenStack Cloud Administrator Guide http://docs.openstack.org/admin-guide-
cloud/content/index.html
■ OpenStack Networking API v2.0 Reference
http://docs.openstack.org/api/openstack-network/2.0/content/index.html
■ OpenStack Training Guides http://docs.openstack.org/training-
guides/content/index.html
■ OpenStackHowto: Quantum https://wiki.debian.org/OpenStackHowto/Quantum
■ Mirantis Reference Architectures http://docs.mirantis.com/openstack/fuel/fuel-
6.0/reference-architecture.html
■ OpenStack Networking Introduction - Yves Fauser, VMware NSBU
■ http://www.slideshare.net/vivekkonnect/openstack-
kilosummitdvrarchitecture20140506mastergroup
References
Thanks!
Any questions?
You can find me at: gcossu@create-net.org
Follow-up email will include the link to slides and recording.

More Related Content

What's hot

Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차Nalee Jang
 
20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)rootfs32
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
ACRN Kata Container on ACRN
ACRN Kata Container on ACRNACRN Kata Container on ACRN
ACRN Kata Container on ACRNProject ACRN
 
오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기영우 김
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch IntroductionHungWei Chiu
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutronrktidwell
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installationRobert Bohne
 
Webinar "Introduction to OpenStack"
Webinar "Introduction to OpenStack"Webinar "Introduction to OpenStack"
Webinar "Introduction to OpenStack"CREATE-NET
 
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차Nalee Jang
 
Openstack zun,virtual kubelet
Openstack zun,virtual kubeletOpenstack zun,virtual kubelet
Openstack zun,virtual kubeletChanyeol yoon
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsThomas Morin
 
[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기
[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기
[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기Ian Choi
 
Introduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronIntroduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronSana Khan
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27Kentaro Ebisawa
 
[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트
[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트
[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트OpenStack Korea Community
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 

What's hot (20)

Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
 
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
 
20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
ACRN Kata Container on ACRN
ACRN Kata Container on ACRNACRN Kata Container on ACRN
ACRN Kata Container on ACRN
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
 
오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutron
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
 
Webinar "Introduction to OpenStack"
Webinar "Introduction to OpenStack"Webinar "Introduction to OpenStack"
Webinar "Introduction to OpenStack"
 
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
 
Openstack zun,virtual kubelet
Openstack zun,virtual kubeletOpenstack zun,virtual kubelet
Openstack zun,virtual kubelet
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
 
[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기
[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기
[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기
 
Introduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronIntroduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack Neutron
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27
 
[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트
[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트
[OpenStack Days Korea 2016] Track3 - 오픈스택 환경에서 공유 파일 시스템 구현하기: 마닐라(Manila) 프로젝트
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
 

Viewers also liked

Using OpenStack Swift for Extreme Data Durability
 Using OpenStack Swift for Extreme Data Durability Using OpenStack Swift for Extreme Data Durability
Using OpenStack Swift for Extreme Data DurabilityChristian Schwede
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Cloud Computing OpenStack Compute Node
Cloud Computing OpenStack Compute NodeCloud Computing OpenStack Compute Node
Cloud Computing OpenStack Compute NodeNamita Arora
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingDan Morrill
 
Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetupScott Edwards
 
An introduction to cloud computing
An introduction to cloud computingAn introduction to cloud computing
An introduction to cloud computingJagan Mohan Bishoyi
 
OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015Scott Sneddon
 
Introduction to Openstack Network
Introduction to Openstack NetworkIntroduction to Openstack Network
Introduction to Openstack Networksalv_orlando
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack NetworkingPLUMgrid
 
Optimized NFV placement in Openstack Clouds
Optimized NFV placement in Openstack CloudsOptimized NFV placement in Openstack Clouds
Optimized NFV placement in Openstack CloudsYathiraj Udupi, Ph.D.
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networkingSim Janghoon
 
Cloud computing Brief
Cloud computing BriefCloud computing Brief
Cloud computing BriefJustin Lee
 
Introduction au Cloud Computing
Introduction au Cloud Computing Introduction au Cloud Computing
Introduction au Cloud Computing FICEL Hemza
 

Viewers also liked (20)

Using OpenStack Swift for Extreme Data Durability
 Using OpenStack Swift for Extreme Data Durability Using OpenStack Swift for Extreme Data Durability
Using OpenStack Swift for Extreme Data Durability
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the Scenes
 
Cloud Computing OpenStack Compute Node
Cloud Computing OpenStack Compute NodeCloud Computing OpenStack Compute Node
Cloud Computing OpenStack Compute Node
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetup
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
An introduction to cloud computing
An introduction to cloud computingAn introduction to cloud computing
An introduction to cloud computing
 
OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015
 
Introduction to Openstack Network
Introduction to Openstack NetworkIntroduction to Openstack Network
Introduction to Openstack Network
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack Networking
 
Optimized NFV placement in Openstack Clouds
Optimized NFV placement in Openstack CloudsOptimized NFV placement in Openstack Clouds
Optimized NFV placement in Openstack Clouds
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networking
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud computing Brief
Cloud computing BriefCloud computing Brief
Cloud computing Brief
 
Introduction au Cloud Computing
Introduction au Cloud Computing Introduction au Cloud Computing
Introduction au Cloud Computing
 
Présentation cloud computing
Présentation cloud computingPrésentation cloud computing
Présentation cloud computing
 

Similar to OpenStack networking (Neutron)

neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_updateAkihiro Motoki
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Affan Syed
 
Neutron behind the scenes
Neutron   behind the scenesNeutron   behind the scenes
Neutron behind the scenesinbroker
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first partlilliput12
 
Openstack Neutron Insights
Openstack Neutron InsightsOpenstack Neutron Insights
Openstack Neutron InsightsAtul Pandey
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
 
Network Virtualization & Software-defined Networking
Network Virtualization & Software-defined NetworkingNetwork Virtualization & Software-defined Networking
Network Virtualization & Software-defined NetworkingDigicomp Academy AG
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
MidoNet gives OpenStack Neutron a Boost
MidoNet gives OpenStack Neutron a BoostMidoNet gives OpenStack Neutron a Boost
MidoNet gives OpenStack Neutron a BoostOpenStack_Online
 
Mastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple ArchitecturesMastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple ArchitecturesRoozbeh Shafiee
 
OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013Edgar Magana
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsyfauser
 
Network Virtualization for Cloud Services Infrastructure
Network Virtualization for Cloud Services InfrastructureNetwork Virtualization for Cloud Services Infrastructure
Network Virtualization for Cloud Services InfrastructureShahryar Ali
 
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
OpenStack and OpenDaylight Workshop: ONUG Spring 2014OpenStack and OpenDaylight Workshop: ONUG Spring 2014
OpenStack and OpenDaylight Workshop: ONUG Spring 2014mestery
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 

Similar to OpenStack networking (Neutron) (20)

neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_update
 
Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)
 
Neutron behind the scenes
Neutron   behind the scenesNeutron   behind the scenes
Neutron behind the scenes
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first part
 
Openstack Neutron Insights
Openstack Neutron InsightsOpenstack Neutron Insights
Openstack Neutron Insights
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
 
Network Virtualization & Software-defined Networking
Network Virtualization & Software-defined NetworkingNetwork Virtualization & Software-defined Networking
Network Virtualization & Software-defined Networking
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with Neutron
 
MidoNet gives OpenStack Neutron a Boost
MidoNet gives OpenStack Neutron a BoostMidoNet gives OpenStack Neutron a Boost
MidoNet gives OpenStack Neutron a Boost
 
Mastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple ArchitecturesMastering OpenStack - Episode 02 - Simple Architectures
Mastering OpenStack - Episode 02 - Simple Architectures
 
OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
Opencontrail network virtualization
Opencontrail network virtualizationOpencontrail network virtualization
Opencontrail network virtualization
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetups
 
Network Virtualization for Cloud Services Infrastructure
Network Virtualization for Cloud Services InfrastructureNetwork Virtualization for Cloud Services Infrastructure
Network Virtualization for Cloud Services Infrastructure
 
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
OpenStack and OpenDaylight Workshop: ONUG Spring 2014OpenStack and OpenDaylight Workshop: ONUG Spring 2014
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
OpenStack sdn
OpenStack sdnOpenStack sdn
OpenStack sdn
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfEasyPrinterHelp
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Buy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdfBuy Epson EcoTank L3210 Colour Printer Online.pdf
Buy Epson EcoTank L3210 Colour Printer Online.pdf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 

OpenStack networking (Neutron)

  • 2. Hello! I am Giuseppe Cossu I am an enthusiastic OpenStack user. I work at Create-Net as Research Engineer. Mainly involved on Cloud Computing and Networking. Contacts: gcossu@create-net.org http://it.linkedin.com/in/giuseppecossu/en
  • 3. Agenda ■ Introduction OpenStack Overview ■ Neutron Overview Main features with Live Demo ■ Networking Architecture Main Components Neutron server and agents Modular Layer 2 (ML2) plugin Type Driver, Mechanism Driver DVR (Distributed Virtual Router) L3 services on Compute Nodes Advanced Services: FWaaS, LBaaS, VPNaaS
  • 4. Introduction OpenStack is a free and open-source cloud-computing software platform
  • 6. Network as a Service
  • 7. Openstack Networking Architecture Management network ■ Used for internal OpenStack communications ■ Connects all OpenStack Components Data network ■ Used for VMs data communication External network ■ Used to provide VMs with Internet access in some deployment scenarios ■ The IP addresses on this network should be reachable by anyone on the Internet API network ■ Exposes all OpenStack APIs to tenants ■ The IP addresses on this network should be reachable by anyone on the Internet
  • 8. What is Neutron? “Neutron is an OpenStack project to provide Networking as a Service (NaaS) between interface devices managed by other Openstack services”
  • 9. History: from nova-network to Neutron ■ nova-network is the original OpenStack networking implementation still available (but is going to be deprecated) managed by administrator Tenant can not create/manage networks Limitations: lack of API for networking services basic model of performing isolation through Linux VLANs and IP tables limited networking technology (e.g. no L2-in-L3 tunneling, no OpenFlow) ■ The OpenStack Neutron was called “Quantum” renamed to “Neutron” for trademark issues
  • 10. Neutron ■ Provides REST APIs to create and manage virtual networks and network resources ■ Allows tenants having multiple private networks and to choose their own IP addressing scheme ■ Enables advanced cloud networking use cases e.g., multi-tiered web applications ■ Pluggable Architecture a plugin is a back-end implementation of the Networking API flexibility to choose different network virtualization technologies (e.g. VLAN, GRE, VxLAN) ■ Plugins available (ML2 Mechanism Drivers): Open vSwitch, Cisco (UCS/Nexus), Juniper (Opencontrail), VMware NSX, OpenDaylight, Midonet, PLUMgrid, etc.
  • 11. Live Demo ■ Live Demo using the OpenStack Dashboard graphical interface to access, provision and automate cloud-based resources ■ The demo provides an overview on the main Neutron features
  • 12. Neutron: networking resources & L2 functionalities (I) ■ Each tenant can create L2 private networks Network: an isolated virtual layer-2 broadcast domain It is reserved for the tenant who created it ■ ...and associate a sub-network to each network Subnet: an IP address block (CIDR) that can be used to assign IP addresses to virtual instances It is possible to configure DNS, gateway and enable DHCP
  • 13. Neutron: networking resources & L2 functionalities (II) Virtual instances attach their VIF (Virtual network InterFace) into ports: ■ Port: a virtual switch port on a logical network switch Defines the MAC&IP addresses to be assigned to the interfaces plugged into them Typically a virtual network interface belonging to a VM ■ Each instance receive a Fixed IP on creation Stay the same until the instance is explicitly terminated
  • 14. Neutron: networking resources & L2 functionalities (III) ■ Each tenant can configure rich network topologies by creating and configuring networks and subnets having multiple private networks choosing their own IP addressing scheme (even if those IP addresses overlap with those used by other tenants) ■ Admin can create shared networks The network resources can be accessed by any tenant
  • 15. Neutron: networking resources & L3 functionalities (I) In order to provide inbound/outbound Internet connectivity to VMs, Neutron provides L3 functionality by means of: ■ External Network: a “virtual” network, that typically maps public IP ranges available in the DC network managed by admin can be used as external gateway for internal tenant network or create floating IPs and associate them with ports ■ Router: a logical entity used to: interconnect subnets and forward traffic among them NATing tenant network traffic to external networks ■ Floating IPs: IP addresses on an external network, typically public, that can be dynamically associated with an instance A Floating IP allows access to an instance on a private network from an external network
  • 16. Neutron: networking resources & L3 functionalities (II) Scenario 1: Create an External Network and a Router ■ The router connects the private to the external network, offering NAT functionality ■ Associate a floating IP to an internal port (e.g. access instances from Internet)
  • 17. Neutron: networking resources & L3 functionalities (III) Scenario 2: Connect two private networks ■ The router connects private networks forwarding traffic among them
  • 19. Neutron Server and agents ■ Neutron-Server exposes the Networking API and enable administration of the configured plug-in The agents interact with the main neutron process through RPC or API Neutron agents:
  • 20. Neutron features ■ Modular Layer 2 (ML2) plugin Core Plugin: it is bundled with OpenStack allows to simultaneously utilize the variety of layer 2 networking technologies ■ DVR (Distributed Virtual Router) L3 forwarding and NAT are distributed to the compute nodes solves single points of failures and scalability problems of the Network Node ■ Advanced Services, implemented as service plugins Load Balancer as a Service (LBaaS) Virtual Private Network as a Service (VPNaaS) Firewall as a Service (FWaaS) L2 Connectivity L3 Connectivity L4-L7 Services
  • 22. Modular Layer 2 (ML2) ■ ML2 plugin is a framework allowing OpenStack Networking to simultaneously utilize the variety of layer 2 networking technologies The Type Driver maintains any needed type-specific network state, and perform provider network validation and tenant network allocation The Mechanism Driver is responsible for taking the information established by the Type Driver and ensuring that it is properly applied given the specific networking mechanisms that have been enabled
  • 23. Network Segments (Type Driver) ■ Flat all instances reside on the same network, which can also be shared with the hosts ■ VLAN allows users to create multiple networks using VLAN IDs (802.1Q) that correspond to VLANs present in the physical network ■ VxLAN or GRE network overlays to support private communication between instances each network receives a unique tunnel ID (up to 16 million logical networks)
  • 24. ML2 with Open vSwitch (OVS) Mechanism Driver ■ Open vSwitch (L2) agent: communicates with the Neutron server over RPC communicates directly with the local Open vSwitch instance to configure flows to implement the logical data model gathers the configuration and mappings from the database applies Security Group rules GRE Tunnels
  • 26. Legacy Routing in Neutron ■ Network node IP forwarding: Inter-subnet (east-west) traffic between VMs Floating IP (north-south) traffic between VM and external network Default SNAT (north-south) traffic from VM to external network ■ Issues: Performance bottleneck Scalability limitations Single Point of Failure Network Node Compute Node Compute Node Internet External Network Data Network VM1 VM2 Tenant Network
  • 27. Distributed Virtual Router (DVR) ■ IP forwarding provided (also) by Compute nodes for local VMs Inter-subnet (east-west) traffic between VMs Floating IP (north-south) traffic between external and VM ■ Advantages: Bypass network node improves performance Scales with size of compute farm Limited failure domain (per compute node) ■ Limitations: Default SNAT function is still centralized Network Node Compute Node Compute Node Internet External Network Data Network VM1 VM2 Tenant Network
  • 29. Load-Balancer-as-a-Service (LBaaS) ■ The LBaaS enable tenants to manage load balancers for their VMs load-balance incoming traffic by distributing workloads to application services running on VMs LBaaS V2 API is experimental (stable on Liberty Release) ■ Load balancing methods to distribute incoming requests: Round robin: rotates requests evenly between multiple instances Source IP: requests from a unique source IP address are consistently directed to the same instance Least connections: allocates requests to the instance with the least number of active connections
  • 30. Firewall-as-a-Service (FWaaS) ■ FWaaS adds firewall management to Networking operates at the perimeter to filter traffic at the neutron router uses iptables to apply firewall policy to all routers within a project supports one firewall policy and logical firewall instance per project ■ NOTE: Security Groups operate at the instance-level
  • 31. Virtual-Private-Network-as-a-Service (VPNaaS) ■ The VPNaaS extension enables OpenStack tenants to extend private networks across the internet: Relates the VPN with a specific subnet and router for a tenant Multiple VPN connections per tenant Site-to-site VPN that connects two private networks ■ Configuration: An IKE Policy is used for phase one and phase two negotiation of the VPN connection support with 3des, aes-128, aes-256, or aes-192 encryption An IPsec Policy is used to specify the encryption algorithm, transform protocol, and mode (tunnel/transport) for the VPN connection support with 3des, aes-128, aes-192, or aes-256 encryption, sha1 authentication, ESP, AH, or AH-ESP transform protocol, and tunnel or transport mode encapsulation
  • 32. OpenStack Bootcamp The main topics covered are: Overview on OpenStack and its architecture, OpenStack networking; Swift; Ceilometer and its architecture, Heat Overview; OpenStack deployment. At the end of the Bootcamp each student will be able to: Describe the architecture of an OpenStack deployment; Discuss the main functionalities of OpenStack; Deploy, configure and use the Openstack services; Create and manage VMs and Virtual Networks; Create and manage, suers, roles, and quotas; Use the OpenStack CLI and Dashboard. In partnership with Mirantis For further information: http://openstack.create-net.org openstack@create-net.org
  • 33. ■ OpenStack Cloud Administrator Guide http://docs.openstack.org/admin-guide- cloud/content/index.html ■ OpenStack Networking API v2.0 Reference http://docs.openstack.org/api/openstack-network/2.0/content/index.html ■ OpenStack Training Guides http://docs.openstack.org/training- guides/content/index.html ■ OpenStackHowto: Quantum https://wiki.debian.org/OpenStackHowto/Quantum ■ Mirantis Reference Architectures http://docs.mirantis.com/openstack/fuel/fuel- 6.0/reference-architecture.html ■ OpenStack Networking Introduction - Yves Fauser, VMware NSBU ■ http://www.slideshare.net/vivekkonnect/openstack- kilosummitdvrarchitecture20140506mastergroup References
  • 34. Thanks! Any questions? You can find me at: gcossu@create-net.org Follow-up email will include the link to slides and recording.