Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Advanced network services insertions framework


Published on

WIP draft for Advanced network service insertion at San Diego OS summit

  • Be the first to comment

  • Be the first to like this

Advanced network services insertions framework

  1. 1. Openstack Grizzly SummitQuantum Advanced Services Insertion San Diego, California Tuesday, October 16th
  2. 2. What this session IS about• Insertion of advanced network services in the logical network model• We will try to address the following questions: – In which points a network services can be inserted – What are the ways for inserting a network service – How these services affect the logical network model
  3. 3. What this session IS NOT about• API definition for specific services• Discussion about the advanced services themselves• How plugins, agents and drivers should communicate each other• We have plenty of sessions to cover these topics!
  4. 4. Current logical model• Topologies implemented through routers, networks, and ports External Network Router Network Network Ports
  5. 5. Definition of an advanced service• The topology defines the logical model for connectivity at L2/L3• An “advanced network service” can be regarded as a “network application” running on top of this logical platform providing a particular L4 to L7 network service• Floating IPs are an example
  6. 6. Advanced services and Quantum• Three modes of interaction: 1. Ignore what lies beneath Service just assumes something provides the required connectivity 2. Use Quantum Service runs independently of Quantum, but uses its API to configure its own resources 3. Be a part of Quantum The service runs within the Quantum process spaces and is part of its logical model
  7. 7. Insertion points (in the logical model) Network service Uses L3 connectivity provided to all VMs in a to provide a given L2 broadcast network service to External Network domain all VMs reachableNetwork-level insertion via a router Router-level insertion Router Network Network Service either provided to single port or distributed across ports Port-level insertion
  8. 8. Advanced services and Quantum’s logical model• TENANT PERSPECTIVE – Insertion in “Routed” mode • The service is “attached” to a Quantum router • E.g.: Edge router providing integrated network services • From an API perspective each service is always individually configured – Insertion in “Floating” mode • The service is configured as a “rule” or “policy” on entities of Quantum logical mode E.g.: Load Balancing in one-arm mode • Can probably still be reduced to the Routed mode – Advanced services might also be specified as “properties” of logical elements • E.g.: security groups, port isolation, QoS
  9. 9. Advanced services and Quantum’s logical model• ADMIN/PROVIDER PERSPECTIVE – A “service type” specification defines which services can be enabled for a given router – A physical appliance (or a pool of them) – A virtual appliance – A set of services and configurations (e.g.: the OSS Quantum Router implementation) • Each router might have a different set of enabled services • Floating mode insertion: – A service device could be implicitly created or associated to the service being configured
  10. 10. API tasters• POST /servicetypes { “name”: “platinum”, “services”: [ {“service”: “loadbalancer”, “provider”: “”}, {“service”: “floatingip”, “provider”: “quantum.plugins.fip.barfip”} ] }• POST /routers { “name”: “servicerouter”, “service_type_id”: “<some_id>” }• POST /loadbalancers { … Various lb stuff … “router_id”: “<some_id>” … More lb stuff … }
  11. 11. How advanced services are provided• Keep using Quantum’s plugin approach• The back end implementation of a routers could be capable of providing a range of services – For instance, a virtual appliance providing L3 fwd, Ext GW, VPN access, Load Balancing, Firewall, etc.• The same kind of service could even be provided by different drivers
  12. 12. The notion of “service type”• A concept not very different from the “flavor” for compute• Naming is provisional (alternative proposals welcome)• Specifies what services are allowed on a logical router• Defines the backend provider – not necessarily exposing it• Reflects the concept of “Integrated Network Services Device”
  13. 13. Sample logical models with advanced services The following is a discussion of sampleapplications of the previously introduced service insertion model
  14. 14. Scenario 1Integrated Services Edge Router LB Virtual Floating Ext VPN Server IP GW Endpoint External Network VP LB FW DNAT N Router Network Network
  15. 15. Scenario 2 One-arm Load Balancing External Network VP FW DNAT N Router Network Network Virtual ServiceService Type “Purple” Server Pool LBService Type “Light Blue”
  16. 16. Scenario 2.bOne-arm Load Balancing via Router External Network VP FW DNAT LB N Router Router Network Network Virtual Service Service Type “Purple” Server Pool Service Type “Light Blue”
  17. 17. Scenario 4 Multiple routers with different inserted services External Network VP LB FW DNAT DNAT FW N Router RouterNetwork Network Network Service Type “Purple” Service Type “Light Blue”
  18. 18. Thoughts about a roadmap for advanced service insertion• Agree on general model• Analyze use case scenarios – Identify a relatively small subset to be implemented in 1st release • Pretty much as we did for Quantum• Define and implement: – “Provider APIs” for managing service insertion – “Tenant APIs” for handling service types