The document discusses different networking models in OpenStack, including flat, VLAN-based, SDN fabric-based, and network virtualization models. The flat model provides basic networking but no isolation. The VLAN-based model uses VLAN tags for isolation. SDN fabric models use different tags for edge and fabric networking and a central controller. Network virtualization overlays tenant traffic using encapsulation tunnels to provide isolation across physical network infrastructure.
Open stack networking_101_update_2014-os-meetupsyfauser
This is the latest Update to my OpenStack Networking / Neutron 101 Slides with some more Information and caveats on the new DVR and Gateway HA Features
Overview of OpenStack nova-networking evolution towards Neutron. Architecture overview of OVS plugin, ML2, and MidoNet Overlay product. Overview and example of Heat templates, along with automation of physical switches using Cumulus
This presentation was shown at the OpenStack Online Meetup session on August 28, 2014. It is an update to the 2013 sessions, and adds content on Services Plugin, Modular plugins, as well as an Outlook to some Juno features like DVR, HA and IPv6 Support
This is my latest OpenStack Networking presentation. I presented it at OSDC 2014. It includes a lot of backup slides with CLI outputs that show how ML2 with the OVS agent creates GRE based overlay networks and logical routers
This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.
Open stack networking_101_update_2014-os-meetupsyfauser
This is the latest Update to my OpenStack Networking / Neutron 101 Slides with some more Information and caveats on the new DVR and Gateway HA Features
Overview of OpenStack nova-networking evolution towards Neutron. Architecture overview of OVS plugin, ML2, and MidoNet Overlay product. Overview and example of Heat templates, along with automation of physical switches using Cumulus
This presentation was shown at the OpenStack Online Meetup session on August 28, 2014. It is an update to the 2013 sessions, and adds content on Services Plugin, Modular plugins, as well as an Outlook to some Juno features like DVR, HA and IPv6 Support
This is my latest OpenStack Networking presentation. I presented it at OSDC 2014. It includes a lot of backup slides with CLI outputs that show how ML2 with the OVS agent creates GRE based overlay networks and logical routers
This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.
Quantum (OpenStack Meetup Feb 9th, 2012)Dan Wendlandt
This is a talk I gave on Quantum at the Bay Area OpenStack Meetup on Feb 9th, 2012.
I added a few slides to try and address some of questions people had during the talk.
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
Presentation titled 'Migrating production workloads from OVS to LinuxBridge'. Presented at the Fall 2014 OpenStack summit in Paris, this slide deck introduced the possibility of migrating live workloads from Open vSwitch to LinuxBridge with minimal downtime.
These are the slides from the webinar "OpenStack networking (Neutron)", which covered the topics:
- OpenStack Networking: the Neutron project (NaaS);
- Main features of Neutron;
- Advanced networking functionalities in OpenStack.
While every new release of OpenStack offers improvements in functionality and the user experience, one thing’s for certain: troubleshooting is hard if you don’t know where to start.
Join us as we cover some common and not-so-common issues with Nova and Neutron that lead to some of our favorite error messages, including “No valid host was found”. Participants will learn basic troubleshooting procedures, including tips, tricks, and processes of elimination, to get their cloud back on track.
Software Defined networking - An overview
OpenStack Neutron Overview
OpenVswitch - Overview
Neutron-VXLAN-GRE-OVS : behind the scenes
neutron Packet flow to external network
neutron Packet flow from VM to VM
Quantum - Virtual networks for Openstacksalv_orlando
An overview of Quantum, the soon-to-be default Openstack network service.
These slides introduce Quantum, its design goals, and discusses the API. It also tries to address how quantum relates to Software Defined Networking (SDN)
DevOops - Lessons Learned from an OpenStack Network ArchitectJames Denton
Join as we discuss various OpenStack Neutron network configuration options and issues experienced with VLAN, VXLAN, L2population, multicast, Neutron routers, Open vSwitch and more.
[ lightning talk done during the OpenStack Summit, Sydney Nov. 2018 ]
Provide network interconnections between Openstack clouds ? between regions ? DC pods ?
Neutron today offers floating IPs and IPSec VPNaaS. However these are not always good enough: sometimes private addressing and network isolation is needed, but avoiding the overhead of IPSec encryption would be preferable.
How to avoid the overhead of adding an orchestrator ?
Solutions also exists to create interconnections in ways specific to each overlay technology or SDN backends, but they will require central coordination via an orchestrator (not always possible), and sometimes also the provisioing of network devices (not always simple).
"Neutron talking to Neutron"
This talk exposes and showcases a solution where Openstack projects define their network interconnection needs across regions or clouds, and Neutron endpoints in the different regions coordinate together in a simple way to setup these private isolated interconnections. Without orchestration nor network device configuration.
David Lenwell from Akanda will briefly recap basic Neutron topics around network architecture and common features such as security groups, plugins and agents, then dive in deeper, focusing on advanced services such as Routing and Load Balancing. We will then drill down into typical service provider network designs and the specific technologies in use such as Linuxbridge. We will discuss the Neutron Advanced Services driver model and how it can be useful to Service Providers (and Enterprises) based on our team's experience powering DreamCompute’s networking capabilities using Akanda. We will review Akanda, an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack that builds on top of Linux and OpenStack Neutron. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services. Finally, we will provide an update on the latest discussions heading into Tokyo such as the status of LBaaS, FWaaS as well as the newer Neutron projects such as L2 Gateway, the Neutron Stadium effort and the new Lieutenant system.
Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
Quantum (OpenStack Meetup Feb 9th, 2012)Dan Wendlandt
This is a talk I gave on Quantum at the Bay Area OpenStack Meetup on Feb 9th, 2012.
I added a few slides to try and address some of questions people had during the talk.
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
Presentation titled 'Migrating production workloads from OVS to LinuxBridge'. Presented at the Fall 2014 OpenStack summit in Paris, this slide deck introduced the possibility of migrating live workloads from Open vSwitch to LinuxBridge with minimal downtime.
These are the slides from the webinar "OpenStack networking (Neutron)", which covered the topics:
- OpenStack Networking: the Neutron project (NaaS);
- Main features of Neutron;
- Advanced networking functionalities in OpenStack.
While every new release of OpenStack offers improvements in functionality and the user experience, one thing’s for certain: troubleshooting is hard if you don’t know where to start.
Join us as we cover some common and not-so-common issues with Nova and Neutron that lead to some of our favorite error messages, including “No valid host was found”. Participants will learn basic troubleshooting procedures, including tips, tricks, and processes of elimination, to get their cloud back on track.
Software Defined networking - An overview
OpenStack Neutron Overview
OpenVswitch - Overview
Neutron-VXLAN-GRE-OVS : behind the scenes
neutron Packet flow to external network
neutron Packet flow from VM to VM
Quantum - Virtual networks for Openstacksalv_orlando
An overview of Quantum, the soon-to-be default Openstack network service.
These slides introduce Quantum, its design goals, and discusses the API. It also tries to address how quantum relates to Software Defined Networking (SDN)
DevOops - Lessons Learned from an OpenStack Network ArchitectJames Denton
Join as we discuss various OpenStack Neutron network configuration options and issues experienced with VLAN, VXLAN, L2population, multicast, Neutron routers, Open vSwitch and more.
[ lightning talk done during the OpenStack Summit, Sydney Nov. 2018 ]
Provide network interconnections between Openstack clouds ? between regions ? DC pods ?
Neutron today offers floating IPs and IPSec VPNaaS. However these are not always good enough: sometimes private addressing and network isolation is needed, but avoiding the overhead of IPSec encryption would be preferable.
How to avoid the overhead of adding an orchestrator ?
Solutions also exists to create interconnections in ways specific to each overlay technology or SDN backends, but they will require central coordination via an orchestrator (not always possible), and sometimes also the provisioing of network devices (not always simple).
"Neutron talking to Neutron"
This talk exposes and showcases a solution where Openstack projects define their network interconnection needs across regions or clouds, and Neutron endpoints in the different regions coordinate together in a simple way to setup these private isolated interconnections. Without orchestration nor network device configuration.
David Lenwell from Akanda will briefly recap basic Neutron topics around network architecture and common features such as security groups, plugins and agents, then dive in deeper, focusing on advanced services such as Routing and Load Balancing. We will then drill down into typical service provider network designs and the specific technologies in use such as Linuxbridge. We will discuss the Neutron Advanced Services driver model and how it can be useful to Service Providers (and Enterprises) based on our team's experience powering DreamCompute’s networking capabilities using Akanda. We will review Akanda, an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack that builds on top of Linux and OpenStack Neutron. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services. Finally, we will provide an update on the latest discussions heading into Tokyo such as the status of LBaaS, FWaaS as well as the newer Neutron projects such as L2 Gateway, the Neutron Stadium effort and the new Lieutenant system.
Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
Nicolai van der Smagt has been in the business of designing, implementing and running SP networks for over 15 years. He has worked with DOCSIS, DSL and FTTH operators. Nowadays, Nicolai is helping Infradata’s pan-European customers build better access, aggregation and core networks, but his focus is on the data center, SDN, NFV and the whitebox switching revolution. His motto: “Simplicity is sophistication”.
Topic of Presentation: SDN
Language: English
Abstract:
Open source SDN that actually works -today
OpenContrail is an open source (Apache 2.0 licensed) project that provides network virtualization in the data center, using tried and tested open standards. It provides northbound APIs, integrates in Openstack or Cloudstack and is available today!
In this slot we’ll show you the architecture and ideas behind the technology and how OpenContrail enables you to avoid the pitfalls that other (closed) SDN solutions bring. If time permits we’ll also demo the technology.
Cloudstack is an open source Infrastructure-as-a-Service (IaaS) software platform available under the GPLv3 license, which enables users to build, manage and deploy compute cloud environments. The community edition is based on the latest, leading edge features and bits that the Cloud.com team of engineers are working on and is supported by our open source community.
Using CloudStack a free and open source cloud computing software to build a private cloud. During the training attendees will be instructed on how to install Cloudstack to manage virtual infrastructure in a private cloud computing configuration. At the conclusion of the Build a Private Cloud section users will have the knowledge needed to create a simple private cloud computing environment.
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
In this workshop VMware will provide a quick reminder of the main contributions of the NSX network virtualization platform: consistent network and security management, increased application resiliency, rapid migration of workloads to and from the cloud.
VMware and OVH will then move on to practical cases with implementation of micro-segmentation, dynamic routing, automatic deployment of an application, load balancing in the OVH Hosted Private Cloud. This workshop is aimed at a technical audience.
Nuage Arista Hardware VTEP. Demoing the integration of Arista switch into Nuage VSP and automatic way of building Vxlan tunnels from virtual to bare metal infrastructure.
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...nvirters
These are slides from the Tech Talk at http://www.meetup.com/openvswitch/events/226518209/
Synopsis
Kuryr is a new project under Neutron's big tent that makes Neutron networking available to Docker containers by means of a Docker plugin.
In this session Gal will introduce Kuryr and show how it provides networking for containers in plain Docker environments and in mixed Docker, OpenStack environments. He will also present Kuryr's roadmap and integration with networking models in other orchestration engines like Kubernetes and Docker
About Gal Sagie
Gal Sagie is an open source software architect at Huawei European Research Centre, focusing work on OpenStack networking and containers networking. Working on various projects in the community like Dragonflow, OVN, Kuryr, and Multisite/Hybrid clouds in OpenStack. Blogging for anything SDN/NFV/OpenStack related at http://galsagie.github.io
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.Semihalf
Z prezentacji dowiesz się:
Co to są sieci programowalne i wirtualizowane (SDN / NFV)?
Jaką nową jakość wprowadzają one dla operatorów chmur obliczeniowych i centrów danych?
W jaki sposób technologia OpenContrail realizuje sieci nowej generacji?
Flexible NFV WAN interconnections with Neutron BGP VPNThomas Morin
[talk given during the OpenStack Summit, May 2018 in Vancouver, BC]
Telcos use OpenStack to deploy virtualized network functions, and have specific requirements to interconnect these OpenStack deployments to their backbones and mobile backhaul networks. These interconnections, in particular, need to involve dynamic routing and interconnections with operators internal VPNs.
This talk will explain the role that the networking-bgpvpn Neutron Stadium project plays to address this need, from the basics of the BGPVPN Interconnection API, to more advanced uses made possible by evolutions of this API delivered in Queens.
The more interesting use cases will be the opportunity for a step by step demo.
We'll give a status of where the project stands today in terms of feature coverage, look at the set of SDN controllers providing an implementation for this API beyond the implementation in reference drivers, and last, look at the future of the project.
Interop Tokyo 2014 SDI (Software Defined Infrustructure) ShowCase Seminoar Presentation. The presentation covers Neutron API models (L2/L3 and Advanced Network services), Neutron Icehouse Update and Juno topics.
OpenStack Neutron Havana Overview - Oct 2013Edgar Magana
Presentation about OpenStack Neutron Overview presented during three meet-ups in NYC, Connecticut and Philadelphia during October 2013 by Edgar Magana from PLUMgrid
Similar to Linux Tag 2014 OpenStack Networking (20)
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
1. OpenStack Networking
So#ware-‐Defined
Networking
for
OpenStack
using
Open
Source
Plugins
and
VMware
NSX
Yves
Fauser
Network
Virtualiza3on
Pla6orm
System
Engineer
@
VMware
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
2. OpenStack Networking – Flat
§ In
the
simple
‘flat’
networking
model,
all
instances
(VMs)
are
bridged
to
a
physical
adapter
§ L3
first-‐hop
rou3ng
is
either
provided
by
the
physical
networking
devices
(flat
model),
or
by
OpenStack
L3
Service
(flat-‐DHCP
model)
§ Sufficient
in
single
tenant
or
‘full
trust’
use
cases
were
no
segmenta3on
is
needed
(beside
iptables/ebtables
between
VM
interfaces
and
bridge)
§ Doesn’t
provide
mul3-‐tenancy,
L2
isola3on
and
overlapping
IP
address
support
§ Available
in
Neutron
and
in
Nova-‐Networking
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
L3
L2
L3
L2
Access
port
(no
VLAN
tag)
3. OpenStack Networking – VLAN based
§ The
VLAN
based
model
uses
VLANs
per
tenant
network
(with
Neutron)
to
provide
mul3-‐tenancy,
L2
isola3on
and
support
for
overlapping
IP
address
spaces
§ The
VLANs
can
either
be
pre-‐configured
manually
on
the
physical
switches,
or
a
neutron
vendor
plugin
can
communicate
with
the
physical
switches
to
provision
the
VLAN
§ Examples
of
vendor
plugins
that
are
crea3ng
VLANs
on
Switches
are
the
Arista
and
Cisco
Nexus/UCS
ML2
mechanism
driver
§ L3
first-‐hop
rou3ng
can
be
done
either;
§ On
the
physical
switches/routers,
or
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
L3
L2
L3
L2
VLAN
trunk
port
(VLAN
tags
used)
VM
VM
VM
VM
Neutron
vendor
plugin
can
create
VLANs
through
vendor
API
4. OpenStack Networking – VLAN based
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
L3
L2
L3
L2
VLAN
trunk
port
(VLAN
tags
used)
Logical
routers
are
handling
the
first-‐hop
gateway
func3on
on
Neutron
Network-‐Node
§ The
VLAN
based
model
uses
VLANs
per
tenant
network
(with
Neutron)
to
provide
mul3-‐tenancy,
L2
isola3on
and
support
for
overlapping
IP
address
spaces
§ The
VLANs
can
either
be
pre-‐configured
manually
on
the
physical
switches,
or
a
neutron
vendor
plugin
can
communicate
with
the
physical
switches
to
provision
the
VLAN
§ Examples
of
vendor
plugins
that
are
crea3ng
VLANs
on
Switches
are
the
Arista
and
Cisco
Nexus/UCS
ML2
mechanism
driver
§ L3
first-‐hop
rou3ng
can
be
done
either;
§ On
the
physical
switches/routers,
or
§ As
logical
routers
in
Neutron
Neutron
vendor
plugin
can
create
VLANs
through
vendor
API
L3
for
tenant
networks
5. VM
VM
VM
VM
OpenStack Networking Models – ‘SDN Fabric’ based
§ In
this
model
mul3-‐tenancy
is
achieved
using
different
‘edge’
and
‘fabric’
tags.
E.g.
VLANs
can
be
used
to
address
the
tenant
between
the
hypervisor
vSwitch
and
the
Top-‐of-‐
Rack
switch,
and
some
other
tag
is
used
inside
of
the
vendors
fabric
to
isolate
the
tenants
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
VM
VM
VM
VM
VM
VM
VM
VM
Vendor
Fabric
uses
some
form
of
‘Fabric
Tag’
to
address
the
tenant
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Hypervisor
to
Top
of
Rack
Switch
uses
some
form
of
‘edge
tag’
(e.g.
VLAN,
VXLAN
header,
etc.)
Central
controller
controls
the
vSwitches
and
physical
Switches
Controller
§ Usually
a
single
controller
controls
both
the
vSwitches
and
the
physical
switches
§ L3
first-‐hop
rou3ng
and
L2
bridging
to
physical
usually
done
in
the
physical
switch
fabric
§ Single
vendor
design
for
physical
and
virtual
networking
§ Examples;
BigSwitch,
NEC,
Cisco
ACI,
…
Neutron
vendor
plugin
talks
to
controller
through
vendor
API
Fabric
Tag
Edge
Tag
Edge
Tag
6. OpenStack Networking Models – Network VirtualizaAon
§ With
network
virtualiza3on
(aka
overlay)
model,
mul3-‐tenancy
is
achieved
by
overlaying
MAC-‐in-‐IP
‘tunnels’
onto
the
physical
switching
fabric
(aka
transport
network)
§ An
ID
field
is
used
in
the
encapsula3on
header
(e.g.
VXLAN,
GRE,
STT)
to
address
the
tenant
network.
A
full
L2
isola3on
and
overlapping
IP
space
support
is
achieved
§ Controller
controls
only
the
vSwitches
and
the
Gateways
§ L3
first-‐hop
rou3ng
and
L2
bridging
to
physical
done
either
by
sohware
or
hardware
gateways
(or
both)
§ Examples;
VMware
NSX,
Midokura,
Plumgrid,
Contrail,
Nuage,
…
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Physical
network
fabric
uses
L3
rou3ng
protocols
(e.g.
OSPF
or
BGP)
to
build
a
stable
Layer
3
Fabric
SDN
controller
cluster
controls
the
vSwitches
in
the
Hypervisors
MAC-‐in-‐IP
‘Tunnel’
is
used
to
address
and
isolate
the
tenants
(e.g.
using
VXLAN)
L3
Gateway
L3
L2
L3
L2
L3
L3
L3
L2
Neutron
plugin
talks
to
controller
through
vendor
API
7. Why I think the ‘Network virtualizaAon’
(aka overlay) approach is the best model
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
§ It
achieves
mul3-‐tenancy,
L2
isola3on
and
overlapping
IP
address
support
without
the
need
to
re-‐configure
physical
network
devices
§ Logical
Network
for
Instances
(VMs)
is
loca3on
independent
–
It
spans
over
L2/L3
boundaries,
and
therefore
doesn’t
force
bad
(flat)
network
design
§ Very
big
ID
space
for
tenant
addressing
compared
to
the
usual
VLAN
id
space
(max.
4094)
§ Network
virtualiza3on
runs
as
a
sohware
construct
on
top
of
any
physical
network
topology,
vendor,
etc.
§ Physical
network
and
logical
network
can
evolve
independently
from
each
other,
each
one
can
be
procured,
exchanged,
upgraded
and
serviced
independently
§ Large
number
of
commercial
and
open
source
implementa3ons
are
available
today
§ Proven
in
produc3on
in
some
of
the
largest
OpenStack
deployments
out
there
8. OpenStack Neutron – Plugin Concept
Neutron
Core API"
Neutron Service (Server)"
"
• L2
network
abstrac3on
defini3on
and
management,
IP
address
management
• Device
and
service
ajachment
framework
• Does
NOT
do
any
actual
implementa3on
of
abstrac3on
"
Plugin API"
"
Vendor/User Plugin"
• Maps
abstrac3on
to
implementa3on
on
the
Network
(Overlay
e.g.
NSX
or
physical
Network)
• Makes
all
decisions
about
*how*
a
network
is
to
be
implemented
• Can
provide
addi3onal
features
through
API
extensions.
• Extensions
can
either
be
generic
(e.g.
L3
Router
/
NAT),
or
Vendor
Specific
"
Neutron
API Extension"
Extension
API
implementa3on
is
op3onal
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
9. Core and service plugins
§ Core
plugin
implement
the
“core”
Neutron
API
func3ons
(l2
Networking,
IPAM,
…)
§ Service
plugins
implements
addi3onal
network
services
(l3
rou3ng,
Load
Balancing,
Firewall,
VPN)
§ Implementa3ons
might
choose
to
implement
relevant
extensions
in
the
Core
plugin
itself
Neutron
Core API"
Function"
Core
"
L3
"
FW
"
Core
"
L3
"
FW
"
Core
"
L3
"
FW
"
Plugin"
Core Plugin
"
Core
Plugin
"
FW
plugin
"
Core
Plugin
"
FW
plugin
"
L3
plugin
"
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
10. OpenStack Neutron – Modular Plugins
§ Before
the
modular
plugin
(ML2),
every
team
or
vendor
had
to
implement
a
complete
plugin
‘housekeeping’
(IPAM,
DB
Access,
etc.)
§ The
ML2
Plugin
separates
core
func3ons
like
IPAM,
virtual
network
id
management,
etc.
from
vendor/implementa3on
specific
func3ons,
and
therefore
makes
it
easier
for
vendors
not
to
reinvent
to
wheel
with
regards
to
ID
Management,
DB
access
…
§ Exis3ng
and
future
non-‐modular
plugins
are
called
“Standalone”
plugins
§ ML2
calls
the
management
of
network
types
“type
drivers”,
and
the
implementa3on
specific
part
“mechanism
drivers”
Arista
Cisco
Linux
Bridge
OVS
etc.
Mechanism
Drivers"
GRE
VLAN
VXLAN
etc.
Type
Drivers"
Type Manager" Mechanism Manager "
ML2 Plugin & API Extensions"
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
11. Some of the Plugins available in the market (1/2)
§ ML2
modular
Plugin
§ With
support
for
the
type
drivers:
local,
flat,
VLAN,
GRE,
VXLAN
§ And
the
following
mechanism
drivers:
Arista,
Cisco
Nexus,
Hyper-‐V
Agent,
L2
Popula3on,
Linuxbridge,
Open
vSwitch
Agent,
Tail-‐f
NCS
§ Open
vSwitch
Plugin
–
The
most
used
(Open
Source)
plugin
today
§ Supports
GRE
based
Overlays,
NAT/Security
groups,
etc.
§ Depreca3on
planned
for
Icehouse
release
in
favor
of
ML2
§ Linuxbridge
Plugin
§ Limited
to
L2
func3onality,
L3,
floa3ng
IPs
and
provider
networks.
No
support
for
Overlays
§ Depreca3on
planned
for
Icehouse
release
in
favor
of
ML2
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
12. Some of the Plugins available in the market (2/2)
§ VMware
NSX
(aka
Nicira
NVP)
Plugin
§ Network
Virtualiza3on
solu3on
with
centralized
controller
+
OpenVSwitch
§ Cisco
UCS
/
Nexus
5000
Plugin
§ Provisions
VLANs
on
Nexus
5000
switches
and
on
UCS
Fabric-‐Interconnect
as
well
as
UCS
B-‐Series
Servers
network
card
(palo
adapter)
§ NEC
and
Ryu
Plugin
§ “SDN
Fabric/OpenFlow”
based
implementa3ons
with
NEC
or
Ryu
controller
§ Other
plugins
include
Midokura,
Juniper
(OpenContrail),
Big
Switch,
Brocade,
Plumgrid,
Embrane,
Melanox
§ LBaaS
Service
Plugins
from;
A10
and
Citrix
§ This
List
can
only
be
incomplete,
please
check
the
latest
informa3on
on:
§ hjps://wiki.openstack.org/wiki/Neutron_Plugins_and_Drivers
§ hjp://www.sdncentral.com/openstack-‐neutron-‐quantum-‐plug-‐ins-‐
comprehensive-‐list/
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
13. New Plugins / ML2 Drivers in Icehouse Release
§ New
ML2
Mechanism
Drivers:
§ Mechanism
Driver
for
OpenDaylight
Controller
§ Brocade
ML2
Mechanism
Driver
for
VDX
Switch
Cluster
§ New
Neutron
Plugins
§ IBM
SDN-‐VE
Controller
Plugin
§ Nuage
Networks
Controller
Plugin
§ Service
Plugins
§ Embrane
and
Radware
LBaaS
driver
§ Cisco
VPNaaS
driver
§ Various
§ VMware
NSX
-‐
DHCP
and
Metadata
Service
§ This
list
is
incomplete,
please
see
here
for
more
details:
hjps://blueprints.launchpad.net/neutron/icehouse
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
14. Neutron –OVS Agent Architecture
§ The
following
components
play
a
role
in
OVS
Agent
Architecture
§ Neutron-‐OVS-‐Agent:
Receives
tunnel
&
flow
setup
informa3on
from
OVS-‐Plugin
and
programs
OVS
to
build
tunnels
and
to
steers
traffic
into
those
tunnels
§ Neutron-‐DHCP-‐Agent:
Sets
up
dnsmasq
in
a
namespace
per
configured
network/subnet,
and
enters
mac/ip
combina3on
in
dnsmasq
dhcp
lease
file
§ Neutron-‐L3-‐Agent:
Sets
up
iptables/rou3ng/NAT
Tables
(routers)
as
directed
by
OVS
Plugin
or
ML2
OVS
mech_driver
§ In
most
cases
GRE
or
VXLAN
overlay
tunnels
are
used,
but
flat
and
vlan
modes
are
also
possible
IP
Stack
Neutron-‐
Network-‐Node
nova-‐compute
hypervisor
VM
VM
IP
Stack
Compute
Node
nova-‐compute
hypervisor
VM
VM
Compute
Node
External
Network
(or
VLAN)
WAN/
Internet
iptables/
rouLng
Layer
3
Transport
Network
dnsmasq
NAT
&
floaLng
-‐IPs
iptables/
rouLng
N.-‐L3-‐Agent
N.-‐DHCP-‐Agent
N.-‐OVS-‐Agent
ovsdb/
ovsvsd
Neutron-‐Server
+
OVS-‐Plugin
N.-‐OVS-‐Agent
N.-‐OVS-‐Agent
ovsdb/
ovsvsd
ovsdb/
ovsvsd
Layer
3
Transport
Net.
IP
Stack
br-‐int
br-‐int
br-‐tun
br-‐int
br-‐tun
br-‐tun
L2
in
L3
(GRE)
Tunnel
dnsmasq
br-‐ex
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05
15. § Centralized
scale-‐out
controller
cluster
controls
all
Open
vSwitches
in
all
Compute-‐
and
Network
Nodes.
It
configures
the
tunnel
interfaces
and
programs
the
flow
tables
of
OVS
§ NSX
L3
Gateway
Service
(scale-‐out)
is
taking
over
the
L3
rou3ng
and
NAT
func3ons
§ NSX
Service-‐Node
relieves
the
Compute
Nodes
from
the
task
of
replica3ng
broadcast,
unknown
unicast
and
mul3cast
traffic
sourced
by
VMs
§ Security-‐Groups
are
implemented
na3vely
in
OVS,
instead
of
iptables/ebtables
IP
Stack
Neutron-‐
Network-‐Node
nova-‐compute
hypervisor
VM
VM
IP
Stack
Compute
Node
nova-‐compute
hypervisor
VM
VM
Compute
Node
Management
Network
WAN/
Internet
dnsmasq
N.-‐DHCP-‐Agent
ovsdb/
ovsvsd
Neutron-‐Server
+
NVP-‐Plugin
ovsdb/
ovsvsd
ovsdb/
ovsvsd
Layer
3
Transport
Net.
IP
Stack
br-‐int
br-‐int
br-‐0
br-‐int
br-‐0
br-‐0
L2
in
L3
(STT)
Tunnel
dnsmasq
Using “SDN controllers” -‐ VMware NSX Plugin example
NSX
L3GW
+
NAT
Layer
3
Transport
Network
NSX
Controller
Cluster
NSX
Service-‐Node
OpenStack
DACH
Day
2014
@
Linux
Tag
Berlin,
09.05