SlideShare a Scribd company logo

Akanda: Open Source, Production-Ready Network Virtualization for OpenStack

Jonathan LaCour
Jonathan LaCour

DreamHost has been working on our OpenStack Public Cloud, DreamCompute, for several years. At the onset of the project, we set out with an aggressive set of requirements for our networking functionality, including L2 tenant isolation, IPv6 support from the ground up, and complete support for the then emerging OpenStack Neutron APIs. Our search ended with the realization that there was a gap in OpenStack SDN for L3+ services. Thus, the Akanda project was born. Akanda is an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack. It builds on top of Linux, iptables, and OpenStack Neutron, and is used in production to power DreamCompute's networking capabilities. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services, including routing, port forwarding, firewalling, and more. This talk will give an introduction to the Akanda project, review the DreamCompute use case, and illustrate how Akanda works under the hood. In addition, we'll discuss future capabilities, operational challenges and tips, and more. Watch the talk video - https://www.openstack.org/summit/openstack-paris-summit-2014/session-videos/presentation/akanda-layer-3-virtual-networking-services-for-openstack

Technology
1 of 34
Download to read offline
Production-ready, open source network virtualization Jonathan LaCour - jonathan@dreamhost.com Ryan Petrello - ryan.petrello@dreamhost.com
HELLO My name is Jonathan VP of Cloud at DreamHost @cleverdevil on twitter
HELLO My name is Ryan Senior Cloud Developer at DreamHost @ryanpetrello on twitter
AGENDA • The birth and evolution of Akanda • Akanda technology overview • Akanda in practice • Retrospective • The future
 AKANDA’S BIRTH
DREAMCOMPUTE IS OPEN Elastic Compute • Virtual machines via KVM hypervisor and OpenStack Block Storage • OpenStack Cinder and Ceph • Massively scalable, distributed, and self-healing • Lightning fast boot-from-volume Virtual Networking • L2 isolation for all tenants • IPv4 and IPv6 via SDN
AKANDA’S BIRTH  • DreamCompute’s design and development necessitated Akanda • Required L2 isolation and IPv6 • No Open Source solution and vendors were lacking • Didn’t understand cloud • Missing features and OpenStack integration
INITIAL DESIGN • OpenBSD service VMs • Routing, firewall, and services via OpenBSD Packet Filter (PF) • Akanda Appliance API in Python • Integration with OpenStack via Nova and Neutron • Rug Orchestration platform for creating, updating, and monitoring service VMs
EVOLUTION 
EVOLUTION  • OpenBSD not well-suited for the task • Community resistance to virtualization • Poor network throughput and network driver issues • Slow boot times (3-5 minutes) • No hot-plugging support, requiring service VM reboots
THE SWITCH TO LINUX • Moved to Linux • From PF to iptables, with a larger community • Significantly improved performance • Service VM boots and reboots in 45 seconds or less • Hot-plugging support
AKANDA ARCHITECTURE Akanda RUG Orchestration Akanda Virtual Services Routing Load Balancing Firewall Etc. OpenStack APIs – Neutron, Nova, etc. Akanda Pluggable L2 Backends NSX Linux Bridge OpenDaylight More! Physical Network (L2)
❤️ • No vendor magic – open source and transparent • IPv6 support – customer VMs get IPv6 • Performance – beat the competition • Its just Linux – service VMs can run anything • Stability – routes traffic for thousands of VMs daily
IN DEPTH
THE AKANDA APPLIANCE • Linux virtual machine, built with veewee, and stored in Glance. • iptables – tenant NAT, floating IPs, etc. • dnsmasq – DHCP, DNS, etc. • bird – upstream connectivity (BGP, RADV) • Python proxy for Nova metadata service
APPLIANCE REST API • Not exposed to user, instead used by The Rug for configuration, monitoring, and reporting. • Primary endpoints: • Alive Check - are you alive? • Configuration Push - reconfigure / reload router services
{ "networks": [{ "subnets": [{ "gateway_ip": "208.113.176.1", "cidr": "208.113.176.0/23", ... }], "network_id": "b1234135-a0fc-4a1a-bea3-1232341235", "interface": { "ifname": "ge1", "addresses": [“208.113.176.249/23", “2607:f298:5:110d:f816:3eff:fe7d:e274/64"] }, }], "default_v4_gateway": "208.113.176.1", "floating_ips": [{ "floating_ip": "208.113.176.249", "fixed_ip": "10.10.10.3" }], ... }
THE RUG • “Really ties the room together.” • Orchestration and monitoring of service VMs
RUG ARCHITECTURE Event Processing State Machine Notifications Neutron Health Monitoring Service VM Service VM Service VM Service VM
STATE MACHINE • Sophisticated state management • Ten possible states • Rug automates transitions between states
EXAMPLE – SERVICE VM BOOT CALC_ACTION CREATE_VM CONFIG CHECK_BOOT
EXAMPLE – HEALTH MONITORING CALC_ACTION ALIVE CHECK_BOOT STOP_VM CREATE_VM
INTERESTING FEATURES • Network hot-plugging • Upon addition or removal of a network • nova <interface-attach | interface-detach>
INTERESTING FEATURES • Advanced failure tracking • Configurable cool down threshold • Reporting for service VMs stuck in ERROR state
IN PRACTICE
AKANDA OPERATIONS • Build your service VM image and store in Glance • Tell the Rug which service VM image to use • The Rug actively monitors tenants missing service VMs and creates, configures, and keeps them alive
RUG-CTL COMMAND LINE TOOL • rug-ctl browse • Lists all service VMs and basic details • rug-ctl router debug • Forces The Rug to temporarily stop managing a service VM • rug-ctl router rebuild [—router_image_uuid] • Destroys / recreates a service VM, optionally with a different VM image
RETROSPECTIVE
RETROSPECTIVE • Neutron wasn’t ready for IPv6. Getting there now! • State machines and distributed processing are hard. Very hard. • Best way to stabilize is continuous automated testing. • As a small team, keeping pace with upstream projects is almost a full-time job.
THE FUTURE
LAUNCHING TODAY http://akanda.io
AKANDA’S FUTURE • Launch of Akanda, Inc. - http://akanda.io • Roadmap • Additional services – Load Balancing and Firewall • More L2 backends – physical bridge, OpenDaylight, etc. • Enterprise Rug - HA and scale-out
GET THE CODE, JOIN THE TEAM http://akanda.io

Recommended

Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
Chiradeep Vittal
 
How DreamHost builds a Public Cloud with OpenStack
How DreamHost builds a Public Cloud with OpenStackHow DreamHost builds a Public Cloud with OpenStack
How DreamHost builds a Public Cloud with OpenStack
Carl Perry
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStack
Chiradeep Vittal
 
Networking in the cloud: An SDN primer
Networking in the cloud: An SDN primerNetworking in the cloud: An SDN primer
Networking in the cloud: An SDN primer
Midokura
 
Creating pools of Virtual Machines - ApacheCon NA 2013
Creating pools of Virtual Machines - ApacheCon NA 2013Creating pools of Virtual Machines - ApacheCon NA 2013
Creating pools of Virtual Machines - ApacheCon NA 2013
Andrei Savu
 
Icinga 2011 at Chemnitzer Linuxtage
Icinga 2011 at Chemnitzer LinuxtageIcinga 2011 at Chemnitzer Linuxtage
Icinga 2011 at Chemnitzer Linuxtage
Icinga
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13
Chiradeep Vittal
 
OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise
Cisco Canada
 

Recommended

Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
Chiradeep Vittal
 
How DreamHost builds a Public Cloud with OpenStack
How DreamHost builds a Public Cloud with OpenStackHow DreamHost builds a Public Cloud with OpenStack
How DreamHost builds a Public Cloud with OpenStack
Carl Perry
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStack
Chiradeep Vittal
 
Networking in the cloud: An SDN primer
Networking in the cloud: An SDN primerNetworking in the cloud: An SDN primer
Networking in the cloud: An SDN primer
Midokura
 
Creating pools of Virtual Machines - ApacheCon NA 2013
Creating pools of Virtual Machines - ApacheCon NA 2013Creating pools of Virtual Machines - ApacheCon NA 2013
Creating pools of Virtual Machines - ApacheCon NA 2013
Andrei Savu
 
Icinga 2011 at Chemnitzer Linuxtage
Icinga 2011 at Chemnitzer LinuxtageIcinga 2011 at Chemnitzer Linuxtage
Icinga 2011 at Chemnitzer Linuxtage
Icinga
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13
Chiradeep Vittal
 
OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise
Cisco Canada
 
dodai_grizzly.pdf
dodai_grizzly.pdfdodai_grizzly.pdf
dodai_grizzly.pdf
OpenStack Foundation
 
Riverbed @ VMworld 2012
Riverbed @ VMworld 2012Riverbed @ VMworld 2012
Riverbed @ VMworld 2012
Riverbed Technology
 
Icinga 2 @ SIG-NOC Meeting
Icinga 2 @ SIG-NOC MeetingIcinga 2 @ SIG-NOC Meeting
Icinga 2 @ SIG-NOC Meeting
Icinga
 
Open Source Monitoring with Icinga at Fossasia 2015
Open Source Monitoring with Icinga at Fossasia 2015Open Source Monitoring with Icinga at Fossasia 2015
Open Source Monitoring with Icinga at Fossasia 2015
Icinga
 
Windows Azure: Scaling SDN in the Public Cloud
Windows Azure: Scaling SDN in the Public CloudWindows Azure: Scaling SDN in the Public Cloud
Windows Azure: Scaling SDN in the Public Cloud
Open Networking Summits
 
SDN in the Public Cloud: Windows Azure
SDN in the Public Cloud: Windows AzureSDN in the Public Cloud: Windows Azure
SDN in the Public Cloud: Windows Azure
Open Networking Summits
 
Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015
Icinga
 
SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]
SKALI Group
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
buildacloud
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribi
buildacloud
 
Kube ovn-sandbox-proposal
Kube ovn-sandbox-proposalKube ovn-sandbox-proposal
Kube ovn-sandbox-proposal
梦馨 刘
 
Monitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaMonitoring Open Source Databases with Icinga
Monitoring Open Source Databases with Icinga
Icinga
 
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
StreamNative
 
Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15
Icinga
 
Monitoring with Icinga2 at Adobe
Monitoring with Icinga2 at AdobeMonitoring with Icinga2 at Adobe
Monitoring with Icinga2 at Adobe
Icinga
 
Mutating Admission Webhook creation
Mutating Admission Webhook creationMutating Admission Webhook creation
Mutating Admission Webhook creation
Victor Morales
 
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San Francisco
Icinga
 
Icinga Camp Antwerp - Current State of Icinga
Icinga Camp Antwerp - Current State of IcingaIcinga Camp Antwerp - Current State of Icinga
Icinga Camp Antwerp - Current State of Icinga
Icinga
 
VMWare NSX Components
VMWare NSX ComponentsVMWare NSX Components
VMWare NSX Components
Muhammad Yasir Nawaz
 
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Công TÔ
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
Chiradeep Vittal
 

More Related Content

What's hot

dodai_grizzly.pdf
dodai_grizzly.pdfdodai_grizzly.pdf
dodai_grizzly.pdf
OpenStack Foundation
 
Riverbed @ VMworld 2012
Riverbed @ VMworld 2012Riverbed @ VMworld 2012
Riverbed @ VMworld 2012
Riverbed Technology
 
Icinga 2 @ SIG-NOC Meeting
Icinga 2 @ SIG-NOC MeetingIcinga 2 @ SIG-NOC Meeting
Icinga 2 @ SIG-NOC Meeting
Icinga
 
Open Source Monitoring with Icinga at Fossasia 2015
Open Source Monitoring with Icinga at Fossasia 2015Open Source Monitoring with Icinga at Fossasia 2015
Open Source Monitoring with Icinga at Fossasia 2015
Icinga
 
Windows Azure: Scaling SDN in the Public Cloud
Windows Azure: Scaling SDN in the Public CloudWindows Azure: Scaling SDN in the Public Cloud
Windows Azure: Scaling SDN in the Public Cloud
Open Networking Summits
 
SDN in the Public Cloud: Windows Azure
SDN in the Public Cloud: Windows AzureSDN in the Public Cloud: Windows Azure
SDN in the Public Cloud: Windows Azure
Open Networking Summits
 
Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015
Icinga
 
SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]
SKALI Group
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
buildacloud
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribi
buildacloud
 
Kube ovn-sandbox-proposal
Kube ovn-sandbox-proposalKube ovn-sandbox-proposal
Kube ovn-sandbox-proposal
梦馨 刘
 
Monitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaMonitoring Open Source Databases with Icinga
Monitoring Open Source Databases with Icinga
Icinga
 
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
StreamNative
 
Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15
Icinga
 
Monitoring with Icinga2 at Adobe
Monitoring with Icinga2 at AdobeMonitoring with Icinga2 at Adobe
Monitoring with Icinga2 at Adobe
Icinga
 
Mutating Admission Webhook creation
Mutating Admission Webhook creationMutating Admission Webhook creation
Mutating Admission Webhook creation
Victor Morales
 
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San Francisco
Icinga
 
Icinga Camp Antwerp - Current State of Icinga
Icinga Camp Antwerp - Current State of IcingaIcinga Camp Antwerp - Current State of Icinga
Icinga Camp Antwerp - Current State of Icinga
Icinga
 
VMWare NSX Components
VMWare NSX ComponentsVMWare NSX Components
VMWare NSX Components
Muhammad Yasir Nawaz
 

What's hot (20)

dodai_grizzly.pdf
dodai_grizzly.pdfdodai_grizzly.pdf
dodai_grizzly.pdf
 
Riverbed @ VMworld 2012
Riverbed @ VMworld 2012Riverbed @ VMworld 2012
Riverbed @ VMworld 2012
 
Icinga 2 @ SIG-NOC Meeting
Icinga 2 @ SIG-NOC MeetingIcinga 2 @ SIG-NOC Meeting
Icinga 2 @ SIG-NOC Meeting
 
Open Source Monitoring with Icinga at Fossasia 2015
Open Source Monitoring with Icinga at Fossasia 2015Open Source Monitoring with Icinga at Fossasia 2015
Open Source Monitoring with Icinga at Fossasia 2015
 
Windows Azure: Scaling SDN in the Public Cloud
Windows Azure: Scaling SDN in the Public CloudWindows Azure: Scaling SDN in the Public Cloud
Windows Azure: Scaling SDN in the Public Cloud
 
SDN in the Public Cloud: Windows Azure
SDN in the Public Cloud: Windows AzureSDN in the Public Cloud: Windows Azure
SDN in the Public Cloud: Windows Azure
 
Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015
 
SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribi
 
Kube ovn-sandbox-proposal
Kube ovn-sandbox-proposalKube ovn-sandbox-proposal
Kube ovn-sandbox-proposal
 
Monitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaMonitoring Open Source Databases with Icinga
Monitoring Open Source Databases with Icinga
 
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
Manage Pulsar Cluster Lifecycles with Kubernetes Operators - Pulsar Summit NA...
 
Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15
 
Monitoring with Icinga2 at Adobe
Monitoring with Icinga2 at AdobeMonitoring with Icinga2 at Adobe
Monitoring with Icinga2 at Adobe
 
Mutating Admission Webhook creation
Mutating Admission Webhook creationMutating Admission Webhook creation
Mutating Admission Webhook creation
 
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
VMworld 2015: Closing the Loop: Towards a World of Software Defined Decision ...
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San Francisco
 
Icinga Camp Antwerp - Current State of Icinga
Icinga Camp Antwerp - Current State of IcingaIcinga Camp Antwerp - Current State of Icinga
Icinga Camp Antwerp - Current State of Icinga
 
VMWare NSX Components
VMWare NSX ComponentsVMWare NSX Components
VMWare NSX Components
 

Similar to Akanda: Open Source, Production-Ready Network Virtualization for OpenStack

Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Công TÔ
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
Chiradeep Vittal
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStack
Chiradeep Vittal
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld
 
Openstack Overview
Openstack OverviewOpenstack Overview
Openstack Overview
rajdeep
 
Cloud computing OpenStack_discussion_2014-05
Cloud computing OpenStack_discussion_2014-05Cloud computing OpenStack_discussion_2014-05
Cloud computing OpenStack_discussion_2014-05
Le Cuong
 
VNG/IRD - Cloud computing & Openstack discussion 3/5/2014
VNG/IRD - Cloud computing & Openstack discussion 3/5/2014VNG/IRD - Cloud computing & Openstack discussion 3/5/2014
VNG/IRD - Cloud computing & Openstack discussion 3/5/2014
Tran Nhan
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
Priti Desai
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
nvirters
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Scott Carlson
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network Virtualization
SDN Hub
 
Neutron scaling
Neutron scalingNeutron scaling
Neutron scaling
Vinay Bannai
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
yfauser
 
Scalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage NetworksScalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage Networks
Scott Sneddon
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overview
rajdeep
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetups
yfauser
 
A Journey to CloudStack
A Journey to CloudStackA Journey to CloudStack
A Journey to CloudStack
CloudOps2005
 
Quantum for Cloud Operators - Folsom Conference
Quantum for Cloud Operators - Folsom Conference Quantum for Cloud Operators - Folsom Conference
Quantum for Cloud Operators - Folsom Conference
Dan Wendlandt
 
OpenStack and Windows
OpenStack and WindowsOpenStack and Windows
OpenStack and Windows
Alessandro Pilotti
 
Accelerated SDN in Azure
Accelerated SDN in AzureAccelerated SDN in Azure
Accelerated SDN in Azure
Open Networking Summit
 

Similar to Akanda: Open Source, Production-Ready Network Virtualization for OpenStack (20)

Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStack
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
Openstack Overview
Openstack OverviewOpenstack Overview
Openstack Overview
 
Cloud computing OpenStack_discussion_2014-05
Cloud computing OpenStack_discussion_2014-05Cloud computing OpenStack_discussion_2014-05
Cloud computing OpenStack_discussion_2014-05
 
VNG/IRD - Cloud computing & Openstack discussion 3/5/2014
VNG/IRD - Cloud computing & Openstack discussion 3/5/2014VNG/IRD - Cloud computing & Openstack discussion 3/5/2014
VNG/IRD - Cloud computing & Openstack discussion 3/5/2014
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
 
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
Marriage of ESX and OpenStack - PayPal - VMWorld US 2013
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network Virtualization
 
Neutron scaling
Neutron scalingNeutron scaling
Neutron scaling
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
Scalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage NetworksScalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage Networks
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overview
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetups
 
A Journey to CloudStack
A Journey to CloudStackA Journey to CloudStack
A Journey to CloudStack
 
Quantum for Cloud Operators - Folsom Conference
Quantum for Cloud Operators - Folsom Conference Quantum for Cloud Operators - Folsom Conference
Quantum for Cloud Operators - Folsom Conference
 
OpenStack and Windows
OpenStack and WindowsOpenStack and Windows
OpenStack and Windows
 
Accelerated SDN in Azure
Accelerated SDN in AzureAccelerated SDN in Azure
Accelerated SDN in Azure
 

Recently uploaded

Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 

Recently uploaded (20)

Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 

Akanda: Open Source, Production-Ready Network Virtualization for OpenStack

  • 1. Production-ready, open source network virtualization Jonathan LaCour - jonathan@dreamhost.com Ryan Petrello - ryan.petrello@dreamhost.com
  • 2. HELLO My name is Jonathan VP of Cloud at DreamHost @cleverdevil on twitter
  • 3. HELLO My name is Ryan Senior Cloud Developer at DreamHost @ryanpetrello on twitter
  • 4. AGENDA • The birth and evolution of Akanda • Akanda technology overview • Akanda in practice • Retrospective • The future
  • 6.
  • 7. DREAMCOMPUTE IS OPEN Elastic Compute • Virtual machines via KVM hypervisor and OpenStack Block Storage • OpenStack Cinder and Ceph • Massively scalable, distributed, and self-healing • Lightning fast boot-from-volume Virtual Networking • L2 isolation for all tenants • IPv4 and IPv6 via SDN
  • 8. AKANDA’S BIRTH  • DreamCompute’s design and development necessitated Akanda • Required L2 isolation and IPv6 • No Open Source solution and vendors were lacking • Didn’t understand cloud • Missing features and OpenStack integration
  • 9. INITIAL DESIGN • OpenBSD service VMs • Routing, firewall, and services via OpenBSD Packet Filter (PF) • Akanda Appliance API in Python • Integration with OpenStack via Nova and Neutron • Rug Orchestration platform for creating, updating, and monitoring service VMs
  • 11. EVOLUTION  • OpenBSD not well-suited for the task • Community resistance to virtualization • Poor network throughput and network driver issues • Slow boot times (3-5 minutes) • No hot-plugging support, requiring service VM reboots
  • 12. THE SWITCH TO LINUX • Moved to Linux • From PF to iptables, with a larger community • Significantly improved performance • Service VM boots and reboots in 45 seconds or less • Hot-plugging support
  • 13. AKANDA ARCHITECTURE Akanda RUG Orchestration Akanda Virtual Services Routing Load Balancing Firewall Etc. OpenStack APIs – Neutron, Nova, etc. Akanda Pluggable L2 Backends NSX Linux Bridge OpenDaylight More! Physical Network (L2)
  • 14. ❤️ • No vendor magic – open source and transparent • IPv6 support – customer VMs get IPv6 • Performance – beat the competition • Its just Linux – service VMs can run anything • Stability – routes traffic for thousands of VMs daily
  • 16. THE AKANDA APPLIANCE • Linux virtual machine, built with veewee, and stored in Glance. • iptables – tenant NAT, floating IPs, etc. • dnsmasq – DHCP, DNS, etc. • bird – upstream connectivity (BGP, RADV) • Python proxy for Nova metadata service
  • 17. APPLIANCE REST API • Not exposed to user, instead used by The Rug for configuration, monitoring, and reporting. • Primary endpoints: • Alive Check - are you alive? • Configuration Push - reconfigure / reload router services
  • 18. { "networks": [{ "subnets": [{ "gateway_ip": "208.113.176.1", "cidr": "208.113.176.0/23", ... }], "network_id": "b1234135-a0fc-4a1a-bea3-1232341235", "interface": { "ifname": "ge1", "addresses": [“208.113.176.249/23", “2607:f298:5:110d:f816:3eff:fe7d:e274/64"] }, }], "default_v4_gateway": "208.113.176.1", "floating_ips": [{ "floating_ip": "208.113.176.249", "fixed_ip": "10.10.10.3" }], ... }
  • 19. THE RUG • “Really ties the room together.” • Orchestration and monitoring of service VMs
  • 20. RUG ARCHITECTURE Event Processing State Machine Notifications Neutron Health Monitoring Service VM Service VM Service VM Service VM
  • 21. STATE MACHINE • Sophisticated state management • Ten possible states • Rug automates transitions between states
  • 22. EXAMPLE – SERVICE VM BOOT CALC_ACTION CREATE_VM CONFIG CHECK_BOOT
  • 23. EXAMPLE – HEALTH MONITORING CALC_ACTION ALIVE CHECK_BOOT STOP_VM CREATE_VM
  • 24. INTERESTING FEATURES • Network hot-plugging • Upon addition or removal of a network • nova <interface-attach | interface-detach>
  • 25. INTERESTING FEATURES • Advanced failure tracking • Configurable cool down threshold • Reporting for service VMs stuck in ERROR state
  • 27. AKANDA OPERATIONS • Build your service VM image and store in Glance • Tell the Rug which service VM image to use • The Rug actively monitors tenants missing service VMs and creates, configures, and keeps them alive
  • 28. RUG-CTL COMMAND LINE TOOL • rug-ctl browse • Lists all service VMs and basic details • rug-ctl router debug • Forces The Rug to temporarily stop managing a service VM • rug-ctl router rebuild [—router_image_uuid] • Destroys / recreates a service VM, optionally with a different VM image
  • 30. RETROSPECTIVE • Neutron wasn’t ready for IPv6. Getting there now! • State machines and distributed processing are hard. Very hard. • Best way to stabilize is continuous automated testing. • As a small team, keeping pace with upstream projects is almost a full-time job.
  • 33. AKANDA’S FUTURE • Launch of Akanda, Inc. - http://akanda.io • Roadmap • Additional services – Load Balancing and Firewall • More L2 backends – physical bridge, OpenDaylight, etc. • Enterprise Rug - HA and scale-out
  • 34. GET THE CODE, JOIN THE TEAM http://akanda.io