SlideShare a Scribd company logo

How Quantum configures Virtual Networks under the Hood?

1 of 35
Download to read offline
Quantum Under the Hood
                         Open Cloud Campus



           How Quantum Configures Virtual Networks
                         Under the Hood?




                              2012/12/10 ver1.2
                         E.Nakai (Twitter @enakai00)
Quantum Under the Hood




                  Physical and Logical Configuration




                                                       Open Cloud Campus
2
Quantum Under the Hood

    Physical Network Connection and Agent Placement


                 Public Network
                                               Management Network


                                                           Instances are launched
                                                               インスタンスが
      Virtual Routers                                          on these nodes
                                                               起動するノード
    are configured here
                          eth0          eth2        eth0                            eth0
                          Network Node
                          Quantum Service      Compute Node                Compute Node
                             L2 Agent                                          L2 Agent
                                                 L2 Agent
                            DHCP Agent
                             L3 Agent
    Quantum Service can be       eth1               eth1                            eth1
     placed on anther node




                                               Private Network
                                                                                     Open Cloud Campus
3
Quantum Under the Hood

    Logical Configuration of the Virtual Network - Case1


        Some network can be
    dedicated to a specific tenant



                                              Each instance can choose
                                             connected private network.
Connections from/to Public Network           (Multiple choice is allowed.)
         are NAT-ed here

                                                        NAT Router and Firewall
                   Public
                  Network                                           Packets from different subnet are
                                                                    filtered with the “Security Group.”

                                     net01                     net02
              Private Network                                           Private Network
                   (Subnet01)                                           (Subnet02)


                                                                             Packets between same subnet
                                                                                   are not filtered.

                                                                                             Open Cloud Campus
4
Quantum Under the Hood

    Logical Configuration of the Virtual Network - Case2

     By assigning a dedicated router for each tenant, each tenant can create its own private
      networks freely, even overlapping subnets can be used by multiple tenants.




                                               Public
                                              Network

          Connections from/to other Tenants
          or Public Network are NAT-ed here

              Router for                                                Router for
               TenantA                                                   TenantB


              Subnet01             Subnet02              Subnet03          Subnet04
         192.168.1.0/24            192.168.2.0/24   192.168.1.0/24         192.168.2.0/24



                  net01         net02                        net03     net04



                                                                                   Open Cloud Campus
5
Quantum Under the Hood

    Notes on the Configuration

     There are various plugin's for L2 Agent. In this document, we describe “LinuxBridge
      plugin” and “Open vSwitch plugin” which provides basic bridge functionality using
      Linux bridge / Open vSwitch.

     The single Network Node could be a potential bottle neck and a single point of failure.
      There is a lot of design discussion about it in the upstream.

     Currently dnsmasq is used by DHCP agent as in the following charts, but different
      DHCP options are possible by design. Other options may be added in the future.

     Network Namespace support is _not_ mandatory for Case1 configuration. If you want
      to use multiple routers (and optionally the overlapping IP address feature), however,
      you have to use Case2 design and Network Namespace support is required there.

     It depends on Linux distributions whether you can use the Network Namespace feature.
      For example, RHEL6.3/6.4 doesn't support it. Fedora17/18 supports it.



                                                                                   Open Cloud Campus
6
Ad

Recommended

CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るsamemoon
 
Ubuntu Cloud Juju
Ubuntu Cloud JujuUbuntu Cloud Juju
Ubuntu Cloud JujueNovance
 
CloudStack Performance Testing
CloudStack Performance TestingCloudStack Performance Testing
CloudStack Performance Testingbuildacloud
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Etsuji Nakai
 

More Related Content

What's hot

Playing BBR with a userspace network stack
Playing BBR with a userspace network stackPlaying BBR with a userspace network stack
Playing BBR with a userspace network stackHajime Tazaki
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)Boden Russell
 
[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programming[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programmingnpinto
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?Jérôme Petazzoni
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud   intro (cloudexpo)Lxc – next gen virtualization for cloud   intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
 
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)npinto
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleMajor Hayden
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroupsKernel TLV
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespacesLocaweb
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Boden Russell
 
Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012EneaSoftware
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Jérôme Petazzoni
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyBoden Russell
 

What's hot (20)

Playing BBR with a userspace network stack
Playing BBR with a userspace network stackPlaying BBR with a userspace network stack
Playing BBR with a userspace network stack
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
 
[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programming[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programming
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
 
Virtual net performance
Virtual net performanceVirtual net performance
Virtual net performance
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud   intro (cloudexpo)Lxc – next gen virtualization for cloud   intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
 
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
 
Docker vs kvm
Docker vs kvmDocker vs kvm
Docker vs kvm
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with Ansible
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroups
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...
 
Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!
 
Hack the whale
Hack the whaleHack the whale
Hack the whale
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
 

Viewers also liked

Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksStephen Hemminger
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelKernel TLV
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 

Viewers also liked (6)

Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricks
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface Manager
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux Kernel
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 

Similar to How Quantum configures Virtual Networks under the Hood?

CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るsamemoon
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum openstackindia
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantumMiguel Lavalle
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes CoreOS
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignRandy Bias
 
OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012Dan Wendlandt
 
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deploymentsNeutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deploymentsThomas Morin
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first partlilliput12
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Affan Syed
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
3.5 SDN CloudStack Developer Day
3.5  SDN CloudStack Developer Day3.5  SDN CloudStack Developer Day
3.5 SDN CloudStack Developer DayKimihiko Kitase
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
 
Dynamic composition of virtual network functions in a cloud environment
Dynamic composition of virtual network functions in a cloud environmentDynamic composition of virtual network functions in a cloud environment
Dynamic composition of virtual network functions in a cloud environmentFrancesco Foresta
 

Similar to How Quantum configures Virtual Networks under the Hood? (20)

CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫る
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012  SP1 - VMM Network Management in System Center 2012  SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 
Openstack Networking and ML2
Openstack Networking and ML2Openstack Networking and ML2
Openstack Networking and ML2
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network Design
 
OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012
 
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deploymentsNeutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
 
Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first part
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron)
 
3.5 SDN CloudStack Developer Day
3.5  SDN CloudStack Developer Day3.5  SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
Dynamic composition of virtual network functions in a cloud environment
Dynamic composition of virtual network functions in a cloud environmentDynamic composition of virtual network functions in a cloud environment
Dynamic composition of virtual network functions in a cloud environment
 

More from Etsuji Nakai

「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考えるEtsuji Nakai
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Etsuji Nakai
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowEtsuji Nakai
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスEtsuji Nakai
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモEtsuji Nakai
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsEtsuji Nakai
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English LearningEtsuji Nakai
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎Etsuji Nakai
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門Etsuji Nakai
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineEtsuji Nakai
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2Etsuji Nakai
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersEtsuji Nakai
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterEtsuji Nakai
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginnersEtsuji Nakai
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQNEtsuji Nakai
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかEtsuji Nakai
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜Etsuji Nakai
 

More from Etsuji Nakai (20)

PRML11.2-11.3
PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3
 
「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービス
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモ
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOps
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English Learning
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container Engine
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application Developers
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with Jupyter
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginners
 
Life with jupyter
Life with jupyterLife with jupyter
Life with jupyter
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQN
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきか
 
PRML7.2
PRML7.2PRML7.2
PRML7.2
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
 

Recently uploaded

Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxVotarikari Shravan
 
AI Act & Standardization: UNINFO involvement
AI Act & Standardization: UNINFO involvementAI Act & Standardization: UNINFO involvement
AI Act & Standardization: UNINFO involvementMimmo Squillace
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...UiPathCommunity
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceSusan Ibach
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?MENGSAYLOEM1
 
H3 Platform CXL Solution_Memory Fabric Forum.pptx
H3 Platform CXL Solution_Memory Fabric Forum.pptxH3 Platform CXL Solution_Memory Fabric Forum.pptx
H3 Platform CXL Solution_Memory Fabric Forum.pptxMemory Fabric Forum
 
Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education pptsafnarafeek2002
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...MarcovanHurne2
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...ISPMAIndia
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!KivenRaySarsaba
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Product School
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxInfosec
 
Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxMaarten Balliauw
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stackSummit
 
Curtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfCurtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfDomotica daVinci
 
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Umar Saif
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringMassimo Talia
 

Recently uploaded (20)

Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docxLeveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
Leveraging SLF4j for Effective Logging in IBM App Connect Enterprise.docx
 
AI Act & Standardization: UNINFO involvement
AI Act & Standardization: UNINFO involvementAI Act & Standardization: UNINFO involvement
AI Act & Standardization: UNINFO involvement
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data science
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?
 
H3 Platform CXL Solution_Memory Fabric Forum.pptx
H3 Platform CXL Solution_Memory Fabric Forum.pptxH3 Platform CXL Solution_Memory Fabric Forum.pptx
H3 Platform CXL Solution_Memory Fabric Forum.pptx
 
Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education ppt
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptx
 
Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptx
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stack
 
Curtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdfCurtain Module Manual Zigbee Neo CS01-1C.pdf
Curtain Module Manual Zigbee Neo CS01-1C.pdf
 
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineering
 

How Quantum configures Virtual Networks under the Hood?

  • 1. Quantum Under the Hood Open Cloud Campus How Quantum Configures Virtual Networks Under the Hood? 2012/12/10 ver1.2 E.Nakai (Twitter @enakai00)
  • 2. Quantum Under the Hood Physical and Logical Configuration Open Cloud Campus 2
  • 3. Quantum Under the Hood Physical Network Connection and Agent Placement Public Network Management Network Instances are launched インスタンスが Virtual Routers on these nodes 起動するノード are configured here eth0 eth2 eth0 eth0 Network Node Quantum Service Compute Node Compute Node L2 Agent L2 Agent L2 Agent DHCP Agent L3 Agent Quantum Service can be eth1 eth1 eth1 placed on anther node Private Network Open Cloud Campus 3
  • 4. Quantum Under the Hood Logical Configuration of the Virtual Network - Case1 Some network can be dedicated to a specific tenant Each instance can choose connected private network. Connections from/to Public Network (Multiple choice is allowed.) are NAT-ed here NAT Router and Firewall Public Network Packets from different subnet are filtered with the “Security Group.” net01 net02 Private Network Private Network (Subnet01) (Subnet02) Packets between same subnet are not filtered. Open Cloud Campus 4
  • 5. Quantum Under the Hood Logical Configuration of the Virtual Network - Case2  By assigning a dedicated router for each tenant, each tenant can create its own private networks freely, even overlapping subnets can be used by multiple tenants. Public Network Connections from/to other Tenants or Public Network are NAT-ed here Router for Router for TenantA TenantB Subnet01 Subnet02 Subnet03 Subnet04 192.168.1.0/24 192.168.2.0/24 192.168.1.0/24 192.168.2.0/24 net01 net02 net03 net04 Open Cloud Campus 5
  • 6. Quantum Under the Hood Notes on the Configuration  There are various plugin's for L2 Agent. In this document, we describe “LinuxBridge plugin” and “Open vSwitch plugin” which provides basic bridge functionality using Linux bridge / Open vSwitch.  The single Network Node could be a potential bottle neck and a single point of failure. There is a lot of design discussion about it in the upstream.  Currently dnsmasq is used by DHCP agent as in the following charts, but different DHCP options are possible by design. Other options may be added in the future.  Network Namespace support is _not_ mandatory for Case1 configuration. If you want to use multiple routers (and optionally the overlapping IP address feature), however, you have to use Case2 design and Network Namespace support is required there.  It depends on Linux distributions whether you can use the Network Namespace feature. For example, RHEL6.3/6.4 doesn't support it. Fedora17/18 supports it. Open Cloud Campus 6
  • 7. Quantum Under the Hood Network Components configured by LinuxBridge Plugin using VLAN separation - Case1 Configuration - NAT Router and Firewall Public Network net01 net02 Private Network Private Network (Subnet01) (Subnet02) Model Network of this Section vm01 vm02 vm03 Open Cloud Campus 7
  • 8. Quantum Under the Hood Network Components on Compute Nodes TAP device Configured by Nova Compute VLAN device vm01 vm02 vm03 Linux Bridge IP IP IP IP eth0 eth0 eth1 eth0 IP is assigned via dnsmasq running on Network Node tap01 tap02 tap03 tap04 brqXXXX brqYYYY net01 net02 VLAN device is created for eth1.101 eth1.102 each private network Configured by L2 Agent eth1 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 8
  • 9. Quantum Under the Hood Network Components on Network Nodes To Public Network Configured by L3 Agent eth0 veth pair Linux Bridge tapVVV brqxxxx VLAN device NAT with iptables IP qg-VVV dnsmasq dnsmasq dnsmasq is assigned to each subnet IP IP IP IP ns-XXX qr-YYY qr-ZZZ ns-WWW tapXXX tapYYY tapZZZ tapWWW Configured by DHCP Agent brqxxxx brqxxxx Suffix “xxxx” is derived from net01 net02 the head of network UUID. eth1.101 eth1.102 Configured by L2 Agent eth1 To Private Network Open Cloud Campus 9
  • 10. Quantum Under the Hood Network Namespace Separation To Public Network eth0 Suffix “bbbb” corresponds Network to router UUID. Namespace tapVVV brqxxxx qrouter-bbbb IP qdhcp-cccc qdhcp-aaaa qg-VVV Suffix “aaaa” corresponds to network UUID. dnsmasq dnsmasq IP IP IP IP ns-XXX qr-YYY qr-ZZZ ns-WWW tapXXX tapYYY tapZZZ tapWWW brqxxxx brqxxxx net01 net02 eth1.101 eth1.102 eth1 To Private Network Open Cloud Campus 10
  • 11. Quantum Under the Hood Network Components configured by LinuxBridge Plugin Plugin using VLAN separation - Case2 Configuration - Public Network Router for Router for TenantA TenantB Model Network of this Section vm01 vm02 vm03 vm04 Open Cloud Campus 11
  • 12. Quantum Under the Hood Network Components on Compute Nodes TAP device Configured by Nova Compute VLAN device vm01 vm02 vm02 vm03 Linux Bridge IP IP IP IP eth0 eth0 eth0 eth0 IP is assigned via dnsmasq running on Network Node tap01 tap02 tap03 tap04 brqXXXX brqYYYY net01 net02 VLAN device is created for eth1.101 eth1.102 each private network Configured by L2 Agent eth1 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 12
  • 13. Quantum Under the Hood Network Components on Network Nodes To Public Network Configured by L3 Agent brqxxxx eth0 veth pair Linux Bridge tapZZZ tapCCC NAT with iptables VLAN device IP IP qg-ZZZ qg-CCC dnsmasq dnsmasq dnsmasq is assigned to each subnet IP IP IP IP ns-XXX qr-YYY qr-BBB ns-AAA tapXXX tapYYY tapBBB tapAAA Configured by DHCP Agent brqxxxx brqxxxx Suffix “xxxx” is derived from net01 net02 the head of network UUID. eth1.101 eth1.102 Configured by L2 Agent eth1 To Private Network Open Cloud Campus 13
  • 14. Quantum Under the Hood Network Components on Network Nodes To Public Network brqxxxx eth0 Network Suffix “bbbb” corresponds Namespace to router UUID. tapZZZ tapCCC IP qrouter-bbbb IP qrouter-cccc qdhcp-aaaa qg-ZZZ qg-CCC qdhcp-dddd Suffix “aaaa” corresponds to network UUID. dnsmasq dnsmasq IP IP IP IP ns-XXX qr-YYY qr-BBB ns-AAA tapXXX tapYYY tapBBB tapAAA brqxxxx brqxxxx net01 net02 eth1.101 eth1.102 eth1 To Private Network Open Cloud Campus 14
  • 15. Quantum Under the Hood Network Components configured by Open vSwitch Plugin using VLAN separation - Case1 Configuration - NAT Router and Firewall Public Network net01 net02 Private Network Private Network (Subnet01) (Subnet02) Model Network of this Section vm01 vm02 vm03 Open Cloud Campus 15
  • 16. Quantum Under the Hood Network Components on Compute Nodes Configured by Nova Compute TAP device vm01 vm02 vm03 IP IP IP IP eth0 eth0 eth1 eth0 veth pair Linux Bridge vnet0 vnet1 vnet2 vnet3 qbrXXX qbrYYY qbrZZZ qbrWWW Open vSwitch qvbXXX qvbYYY qvbZZZ qvbWWW qvoXXX qvoYYY qvoZZZ qvoWWW Port VLAN tag:1 Port VLAN tag:2 Tenant flows are separated br-int by internally assigned VLAN ID int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 phy-br-eth1 dl_vlan=102 ⇒ mod_vlan_vid:2 br-eth1 Tenant flows are separated by user defined VLAN ID eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 dl_vlan=2 ⇒ mod_vlan_vid:102 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 16
  • 17. Quantum Under the Hood Network Components on Network Node To Public Network Internal port eth1 veth pair br-ex phy-br-ex NAT with iptables qg-VVV Open vSwitch IP dnsmasq Configured by L3 Agent dnsmasq dnsmasq is assigned to each subnet IP IP IP IP tapXXX qr-YYY qr-ZZZ tapWWW Configured by DHCP Agent Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 dl_vlan=102 ⇒ mod_vlan_vid:2 phy-br-eth1 br-eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 eth1 dl_vlan=2 ⇒ mod_vlan_vid:102 To Private Network Open Cloud Campus 17
  • 18. Quantum Under the Hood Network Namespace Separation To Public Network Network eth1 Namespace br-ex phy-br-ex qg-VVV qrouter-bbbb IP Suffix “bbbb” corresponds to router UUID. dnsmasq dnsmasq qdhcp-aaaa qdhcp-cccc IP IP IP IP Suffix “aaaa” corresponds tapXXX qr-YYY qr-ZZZ tapWWW to network UUID. Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 phy-br-eth1 br-eth1 eth1 To Private Network Open Cloud Campus 18
  • 19. Quantum Under the Hood Network Components configured by Open vSwitch Plugin using VLAN separation - Case2 Configuration - Public Network Router for Router for TenantA TenantB Model Network of this Section vm01 vm02 vm03 vm04 Open Cloud Campus 19
  • 20. Quantum Under the Hood Network Components on Compute Nodes Configured by Nova Compute vm01 vm02 vm03 vm04 TAP device IP IP IP IP eth0 eth0 eth0 eth0 veth pair Linux Bridge vnet0 vnet1 vnet2 vnet3 qbrXXX qbrYYY qbrZZZ qbrWWW Open vSwitch qvbXXX qvbYYY qvbZZZ qvbWWW qvoXXX qvoYYY qvoZZZ qvoWWW Port VLAN tag:1 Port VLAN tag:2 Tenant flows are separated br-int by internally assigned VLAN ID int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 phy-br-eth1 dl_vlan=102 ⇒ mod_vlan_vid:2 br-eth1 Tenant flows are separated by user defined VLAN ID eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 dl_vlan=2 ⇒ mod_vlan_vid:102 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 20
  • 21. Quantum Under the Hood Network Components on Network Node To Public Network Internal port eth1 veth pair br-ex phy-br-ex NAT with iptables qg-ZZZ qg-CCC Open vSwitch IP IP dnsmasq Configured by L3 Agent dnsmasq dnsmasq is assigned to each subnet IP IP IP IP tapXXX qr-YYY qr-BBB tapAAA Configured by DHCP Agent Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 dl_vlan=102 ⇒ mod_vlan_vid:2 phy-br-eth1 br-eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 eth1 dl_vlan=2 ⇒ mod_vlan_vid:102 To Private Network Open Cloud Campus 21
  • 22. Quantum Under the Hood Network Namespace Separation To Public Network Network eth1 Namespace br-ex phy-br-ex qg-ZZZ qg-CCC qrouter-bbbb qrouter-cccc Suffix “bbbb” corresponds IP IP to router UUID. dnsmasq dnsmasq qdhcp-aaaa qdhcp-dddd IP IP IP IP Suffix “aaaa” corresponds tapXXX qr-YYY qr-BBB tapAAA to network UUID. Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 phy-br-eth1 br-eth1 eth1 To Private Network Open Cloud Campus 22
  • 23. Quantum Under the Hood Notes on the Configuration  On Compute Nodes, the use of Linux Bridge between the integration switch (br-int) and VM tap devices may look redundant. But It's required for Nova's security group feature to work. They are configured with Nova's “LibvirtHybridOVSBridgeDriver”.  You can choose another driver if you don't need the security group functionality. Then, the configuration will be different.  The security group feature will be integrated with Quantum in the future, and this would be more simplified. Open Cloud Campus 23
  • 24. Quantum Under the Hood Example of Configuration Steps Open Cloud Campus 24
  • 25. Quantum Under the Hood Example Configuration Steps for Case1 (1/2)  Under the “service” tenant, create the shared router, define the public network, and set it as a default gateway of the router. # tenant=$(keystone tenant-list | awk '/service/ {print $2}') # quantum router-create router01 # quantum net-create --tenant-id $tenant public01 --provider:network_type flat --provider:physical_network physnet1 --router:external=True # quantum subnet-create --tenant-id $tenant --name public01_subnet01 --gateway 10.64.201.254 public01 10.64.201.0/24 --enable_dhcp False # quantum router-gateway-set router01 public01  Under the user tenant “redhat”, create the private network “net01” and its subnet, and connect it to the router. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum net-create --tenant-id $tenant net01 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 101 # quantum subnet-create --tenant-id $tenant --name net01_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router01 net01_subnet01 Open Cloud Campus 25
  • 26. Quantum Under the Hood Example Configuration Steps for Case1 (2/2)  Another network “net02” can be added in the same way. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum net-create --tenant-id $tenant net02 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 102 # quantum subnet-create --tenant-id $tenant --name net02_subnet01 net02 192.168.102.0/24 # quantum router-interface-add router01 net02_subnet01 Open Cloud Campus 26
  • 27. Quantum Under the Hood Example Configuration Steps for Case2 (1/2)  Under the “service” tenant, define the public network. # tenant=$(keystone tenant-list | awk '/service/ {print $2}') # quantum net-create --tenant-id $tenant public01 --provider:network_type flat --provider:physical_network physnet1 --router:external=True # quantum subnet-create --tenant-id $tenant --name public01_subnet01 --gateway 10.64.201.254 public01 10.64.201.0/24 --enable_dhcp False  Under the user tenant “redhat”, create the tenant router and set its gateway for the public network. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum router-create --tenant-id $tenant router01 # quantum router-gateway-set router01 public01  Then, define private network “net01” and its subnet, and connect it to the router. # quantum net-create --tenant-id $tenant net01 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 101 # quantum subnet-create --tenant-id $tenant --name net01_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router01 net01_subnet01 Open Cloud Campus 27
  • 28. Quantum Under the Hood Example Configuration Steps for Case2 (2/2)  Additonal router and private networks for another tenant “redhat2” can be added in the same way. # tenant=$(keystone tenant-list|awk '/redhat2/ {print $2}') # quantum router-create --tenant-id $tenant router02 # quantum router-gateway-set router02 public01 # quantum net-create --tenant-id $tenant net02 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 102 # quantum subnet-create --tenant-id $tenant --name net02_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router02 net02_subnet01 Open Cloud Campus 28
  • 29. Quantum Under the Hood iptable chains Open Cloud Campus 29
  • 30. Quantum Under the Hood Packet filtering chains on Compute Nodes filter table Packet filtering for instances are done on Compute Nodes FORWARD nova-filter-top Filtering chain is created for nova-compute-local each instance. nova-compute-inst-xx Packets from the same Subnet are not filtered. nova-compute-provider Security Group is Packets from the same subnet ACCEPT applied here Filtering by Security Group ACCEPT nova-compute-sg-fallback DROP nova-compute-FORWARD *These are configured by Nova Compute ACCEPT (“Security Group” is a part of Nova functions.) Open Cloud Campus 30
  • 31. Quantum Under the Hood NAT chains on Network Node (1/2) Packet filtering for instances nat table POSTROUTING are done on Compute Nodes quantum-l3-agent-POSTROUTING Packets _not_ on Public NW port ACCEPT quantum-postrouting-bottom NAT is applied only at the edge of Public Network quantum-l3-agent-snat SNAT from Private IP quantum-l3-agent-float-snat to the associated Floating IP Packets from Private IP SNAT associated with Floating IP Packets from Private IP SNAT nova-api-POSTROUTING SNAT from Private IP to Router's Public IP nova-api-postrouting-bottom *These are mainly configured by L3 Agent. ACCEPT Open Cloud Campus 31
  • 32. Quantum Under the Hood NAT chains on Network Node (2/2) nat table PREROUTING quantum-l3-agent-PREROUTING Packet to Floating IP DNAT nova-api-PREROUTING DNAT from Floating IP to the corresponding Private IP ACCEPT *These are mainly configured by L3 Agent. Open Cloud Campus 32
  • 33. Quantum Under the Hood References Open Cloud Campus 33
  • 34. Quantum Under the Hood References  OpenStack Network (Quantum) Administration Guide – http://docs.openstack.org/trunk/openstack-network/admin/content/index.html  Quantum L2 Linux Bridge Plugin – http://wiki.openstack.org/Quantum-Linux-Bridge-Plugin  QuickStart with RHOS(Red Hat OpenStack) Folsom Preview – http://d.hatena.ne.jp/enakai00/20121118/1353226066 Open Cloud Campus 34
  • 35. Quantum Under the Hood Open Cloud Campus Enjoy the Life with OpenStack! Etsuji Nakai Twitter @enakai00