Fawad Khaliq, profile picture
Uploaded byFawad Khaliq
PDF, PPTX954 views

Networking For Nested Containers: Magnum, Kuryr, Neutron Integration

The document discusses the integration of Magnum, Kuryr, and Neutron for networking in nested container environments within OpenStack. It highlights the challenges of current nested container networking and proposes solutions that leverage existing OpenStack services for improved policy enforcement and connectivity. The current status and next steps for implementation are also outlined, focusing on enhancing container networking capabilities.

Embed presentation

Download as PDF, PPTX
Magnum, Kuryr, Neutron Integration Networking for Nested Containers Fawad Khaliq - @fawadkhaliq Antoni Segura – @celebdor Gal Sagie - @GalSagie
Copyright © PLUMgrid, Inc. 2011-2016 Introduction Speakers Sr. Software Engineer PLUMgrid Khaliq Fawad 2 Senior Engineer Midokura Segura Antoni Architect Huawei Sagie Gal
Copyright © PLUMgrid, Inc. 2011-2016 • Magnum, Neutron • Kuryr • Nested Containers and Networking Problem • Nested Containers Networking – Solution/Design • Capabilities and considerations • Current Status • Next Steps • Q&A Agenda 3
Magnum Container-as-a-service in OpenStack 4
Copyright © PLUMgrid, Inc. 2011-2016 Magnum Container-as-a-service in OpenStack 5 Docker Swarm (Bay) Nova Instance Container Container Container Nova Instance Container Container Container
Copyright © PLUMgrid, Inc. 2011-2016 Magnum Container-as-a-service in OpenStack 6 Kubernetes (Bay) Nova Instance Pod Container Container Nova Instance Pod Container Container
Copyright © PLUMgrid, Inc. 2011-20167
Neutron Networking in OpenStack 8
Copyright © PLUMgrid, Inc. 2011-2016 • Provides “network as a service” • Provides rich network topologies • Technology agnostic; pluggable networking backends • Extensible • Offers advanced services like LBaas, VPNaas, FWaas etc Neutron 9
Kuryr Container Networking in OpenStack 10
Copyright © PLUMgrid, Inc. 2011-2016 Kuryr 11 Neutron as the 
 production-ready 
 networking abstraction
 containers need
Copyright © PLUMgrid, Inc. 2011-2016 VM/Container Networking: Similar Concepts 12 Docker C1 Docker C2 Docker C3 libNetwork Endpoint Endpoint EndpointEndpoint Frontend Network Backend Network Network Sandbox Network Sandbox Network Sandbox VM2 192.168.1.7 192.168.5.2 VM1 Tenant A Net1 192.168.1.0/0 Tenant A Net2 192.168.5.0/0 192.168.1.5 Neutron
Copyright © PLUMgrid, Inc. 2011-2016 • Open source • Part of OpenStack Big-Tent • Brings the Neutron networking model to containers • Aims to support different Container Runtimes (docker, rkt, etc) • E.g. Kubernetes, Mesos, Docker Swarm • Weekly IRC meetings • Working together with OpenStack community • Neutron, Magnum, Kolla Kuryr Project Overview 13
Copyright © PLUMgrid, Inc. 2011-2016 Kuryr Components 14 Configuration ManagementKuryr libNetwork Network Plugin K8S CNI Driver Keystone Authentication & Neutron Client Interface Generic VIF Binding Kuryr libNetwork IPAM Plugin
Problems with current Nested Containers Why do we need to consider this as a special scenario? 15
Copyright © PLUMgrid, Inc. 2011-2016 • Two Separate networking infrastructures • Hard to enforce network policy (N-tier applications) • Security and Isolation • Performance and unneeded overhead Problems with Current Nested Containers Networking 16
Copyright © PLUMgrid, Inc. 2011-2016 Problems with Current Nested Containers Networking 17 Docker 0 OVS VXLAN Overlay VM Docker 0 Neutron Plugin VXLAN Overlay VM SDN Overlay Neutron Overlay
Copyright © PLUMgrid, Inc. 2011-2016 Problems with Current Nested Containers Networking 18 Neutron Networks VMVM VM Tenant A Net1 192.168.1.0/0
Copyright © PLUMgrid, Inc. 2011-2016 Problems with Current Nested Containers Networking 19 Container Networks VMVM VM Backend Network 10.2.0.0/24 Endpoint Endpoint Endpoint Endpoint Endpoint Endpoint Endpoint Frontend Network 10.1.0.0/24
Nested Container Networking Solution Design for the nested container networking in OpenStack 20
Copyright © PLUMgrid, Inc. 2011-2016 • Nested/baremetal container to nested/baremetal container same/ different hosts • Nested/baremetal container to virtual machine communication • Nested/baremetal container to baremetal communication • Container networking as a first class entity in Neutron • Consistent policy enforcement across containers, VMs, bare metal • Enable advanced networking services like FWaas, LBaas, VPNaas etc Nested Container Networking Use Cases 21
Copyright © PLUMgrid, Inc. 2011-2016 Nested Container Networking Design Magnum, Kuryr, Neutron Integration 22 VLAN:100 VLAN:200 VLAN:400 VLAN:100
Copyright © PLUMgrid, Inc. 2011-2016 Neutron Trunk Ports 23 Nova Instance port-1 port-0 port-2 network-1 network-0 network-2 Port combined into one vif by turning port-0 into trunk and other ports into supports of the trunk
Copyright © PLUMgrid, Inc. 2011-201624
Capabilities and Considerations 25
Copyright © PLUMgrid, Inc. 2011-2016 • Neutron resources spec approved and patches under review • Trunk • Subport • Subports bring isolation to container-in-VM use cases • Port forwarding can take us further • Vendors can implement new segmentation types • Tagged traffic that does not match a sub port, is considered of the trunk port Capabilities and Considerations 26
Copyright © PLUMgrid, Inc. 2011-2016 • Limitations • Policy is applied at the Host level • Initial only VLAN tags for segmentation type • Tags are unique per “trunk port” scope • VM users can alter subport traffic • Logging of VM actions is dependent on integration • Can't work with current OVS Capabilities and Considerations 27
Current Status 28
Copyright © PLUMgrid, Inc. 2011-2016 • Trunk Port Extension spec approved and code in progress • Binding profile workaround to proceed in parallel • Nested Container networking spec approved in Kuryr • Docker Swarm Integration completed • Kubernetes in progress • Mesos in design stages Current Status 29
Next Steps 30
Copyright © PLUMgrid, Inc. 2011-2016 • Follow up on the Neutron Trunk port implementation • Finish COE baremetal integration • Policy translation • Make Neutron resources available through native APIs • Magnum deployment prototype of worker VM with Kuryr agent • Magnum administrator VM that communicates with Neutron Next Steps 31
Questions 32
Join us at #openstack-kuryr THANK YOU! irc: #openstack-kuryr @ freenode

More Related Content

PPTX
Tap as a service: What you need to know now
byFawad Khaliq
 
PDF
Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
byFawad Khaliq
 
PPTX
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
byCloud Native Day Tel Aviv
 
PDF
Container Networking Deep Dive
byOpen Networking Summit
 
PPTX
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
byCloud Native Day Tel Aviv
 
PDF
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
byCloud Native Day Tel Aviv
 
PPTX
Navigating OpenStack Networking
byPLUMgrid
 
PDF
Introduction to MidoNet
byTaku Fukushima
 
Tap as a service: What you need to know now
byFawad Khaliq
 
Microservices Architectures with Docker Swarm, etcd, Kuryr and Neutron
byFawad Khaliq
 
OpenStack Israel Meetup - Project Kuryr: Bringing Container Networking to Neu...
byCloud Native Day Tel Aviv
 
Container Networking Deep Dive
byOpen Networking Summit
 
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
byCloud Native Day Tel Aviv
 
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
byCloud Native Day Tel Aviv
 
Navigating OpenStack Networking
byPLUMgrid
 
Introduction to MidoNet
byTaku Fukushima
 

What's hot

PPTX
OpenStack Neutron behind the Scenes
byAnil Bidari ( CEO , Cloud Enabled)
 
PDF
Kubernetes networking in AWS
byZvika Gazit
 
PPTX
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
byCloud Native Day Tel Aviv
 
PPTX
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...
byCloud Native Day Tel Aviv
 
PDF
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
byVietnam Open Infrastructure User Group
 
PPTX
OpenStack and the Transformation of the Data Center - Lew Tucker
byLew Tucker
 
PPTX
OpenStack & OpenContrail in Production
byEdgar Magana
 
PPTX
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
byCloud Native Day Tel Aviv
 
PPTX
Role of sdn controllers in open stack
byopenstackindia
 
PDF
Overlay/Underlay - Betting on Container Networking
byLee Calcote
 
PPTX
Network Monitoring and Analytics
byPLUMgrid
 
PDF
OpenStack Neutron Havana Overview - Oct 2013
byEdgar Magana
 
PPTX
Simple, Scalable and Secure Networking for Data Centers with Project Calico
byEmma Gordon
 
PPTX
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
byCloud Native Day Tel Aviv
 
PDF
Deploying OpenDaylight and OpenStack at Ease
byMichelle Holley
 
PDF
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
byKarthik Prabhakar
 
PPTX
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
bymestery
 
PDF
Docker Networking with Project Calico
byAndrew Kennedy
 
PDF
Deploying vn fs with kubernetes pods and vms
byLibbySchulze1
 
PDF
Unified Underlay and Overlay SDNs for OpenStack Clouds
byPLUMgrid
 
OpenStack Neutron behind the Scenes
byAnil Bidari ( CEO , Cloud Enabled)
 
Kubernetes networking in AWS
byZvika Gazit
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
byCloud Native Day Tel Aviv
 
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...
byCloud Native Day Tel Aviv
 
VOID19 Cloud Transformation at Viettel accelerate faster with open infrastru...
byVietnam Open Infrastructure User Group
 
OpenStack and the Transformation of the Data Center - Lew Tucker
byLew Tucker
 
OpenStack & OpenContrail in Production
byEdgar Magana
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
byCloud Native Day Tel Aviv
 
Role of sdn controllers in open stack
byopenstackindia
 
Overlay/Underlay - Betting on Container Networking
byLee Calcote
 
Network Monitoring and Analytics
byPLUMgrid
 
OpenStack Neutron Havana Overview - Oct 2013
byEdgar Magana
 
Simple, Scalable and Secure Networking for Data Centers with Project Calico
byEmma Gordon
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
byCloud Native Day Tel Aviv
 
Deploying OpenDaylight and OpenStack at Ease
byMichelle Holley
 
Container Networking - State of the Ecosystem [ContainerConf, Mannheim, Nov 2...
byKarthik Prabhakar
 
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
bymestery
 
Docker Networking with Project Calico
byAndrew Kennedy
 
Deploying vn fs with kubernetes pods and vms
byLibbySchulze1
 
Unified Underlay and Overlay SDNs for OpenStack Clouds
byPLUMgrid
 

Viewers also liked

PPTX
Enhancing OpenStack FWaaS for real world application
byopenstackindia
 
PPTX
Openstack Quantum Security Groups Session
byDavid Lapsley
 
PDF
OpenStack: Security Beyond Firewalls
byGiuseppe Paterno'
 
PDF
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
byThomas Graf
 
PPTX
Docker Networking with New Ipvlan and Macvlan Drivers
byBrent Salisbury
 
PPTX
Docker networking Tutorial 101
byLorisPack Project
 
Enhancing OpenStack FWaaS for real world application
byopenstackindia
 
Openstack Quantum Security Groups Session
byDavid Lapsley
 
OpenStack: Security Beyond Firewalls
byGiuseppe Paterno'
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
byThomas Graf
 
Docker Networking with New Ipvlan and Macvlan Drivers
byBrent Salisbury
 
Docker networking Tutorial 101
byLorisPack Project
 

Similar to Networking For Nested Containers: Magnum, Kuryr, Neutron Integration

PDF
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...
bynvirters
 
PPTX
Docker Networking in OpenStack: What you need to know now
byPLUMgrid
 
PDF
OpenStack networking - Neutron deep dive with PLUMgrid
byKamesh Pemmaraju
 
PPTX
Hands-on Lab: Test Drive Your OpenStack Network
byPLUMgrid
 
PDF
Conatiner Networking with MidoNet
byMidokuraUSA
 
PPTX
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
byCynthia Thomas
 
PDF
Container Orchestration Integration: OpenStack Kuryr & Apache Mesos
byMidoNet
 
PDF
Container Orchestration Integration: OpenStack Kuryr
byTaku Fukushima
 
PDF
Project kuryr returns: Docker delivered, Kubernetes Next
byAntoni Segura Puimedon
 
PPTX
Monitoring Security Policies for Container and OpenStack Clouds
byPLUMgrid
 
PPTX
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
byPLUMgrid
 
PDF
Containers, OCI, CNCF, Magnum, Kuryr, and You!
byDaniel Krook
 
PDF
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
byDaniel Krook
 
PDF
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
byAntoni Segura Puimedon
 
PDF
ContainerDayVietnam2016: Containers with OpenStack
byDocker-Hanoi
 
PDF
OpenStack Tokyo 2015: Connecting the Dots with Neutron
byPhil Estes
 
PDF
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
byDebra Robertson
 
PDF
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
byPLUMgrid
 
PPTX
You Can Build Your OpenStack and Consume it Too
byPLUMgrid
 
PPTX
Design and Deploy Secure Clouds for Financial Services Use Cases
byPLUMgrid
 
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...
bynvirters
 
Docker Networking in OpenStack: What you need to know now
byPLUMgrid
 
OpenStack networking - Neutron deep dive with PLUMgrid
byKamesh Pemmaraju
 
Hands-on Lab: Test Drive Your OpenStack Network
byPLUMgrid
 
Conatiner Networking with MidoNet
byMidokuraUSA
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
byCynthia Thomas
 
Container Orchestration Integration: OpenStack Kuryr & Apache Mesos
byMidoNet
 
Container Orchestration Integration: OpenStack Kuryr
byTaku Fukushima
 
Project kuryr returns: Docker delivered, Kubernetes Next
byAntoni Segura Puimedon
 
Monitoring Security Policies for Container and OpenStack Clouds
byPLUMgrid
 
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
byPLUMgrid
 
Containers, OCI, CNCF, Magnum, Kuryr, and You!
byDaniel Krook
 
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...
byDaniel Krook
 
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
byAntoni Segura Puimedon
 
ContainerDayVietnam2016: Containers with OpenStack
byDocker-Hanoi
 
OpenStack Tokyo 2015: Connecting the Dots with Neutron
byPhil Estes
 
Docker Networking with Container Orchestration Engines [Docker Meetup Santa C...
byDebra Robertson
 
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
byPLUMgrid
 
You Can Build Your OpenStack and Consume it Too
byPLUMgrid
 
Design and Deploy Secure Clouds for Financial Services Use Cases
byPLUMgrid
 

Recently uploaded

PDF
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PPTX
Device Repair and Maintenance Management
byAxisTechnolabs
 
PDF
Image and video processing: From Mars to Hollywood with a stop at the hospita...
byHarinath Palavalli
 
PDF
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
PPTX
GraphQL Day Paris 2025 | Bringing DevOps to GraphQL with the Apollo GraphOS O...
byapidays
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PDF
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
PDF
Project Tracking in Software Project Management
bySahanaBarveen1
 
PPTX
HR Software for Construction: Smarter Workforce & Payroll Management
byhelixtahr
 
PPTX
HackYourBrain_JFokusConference_03022026.pptx
bySimonedeGijt
 
PDF
Track Phone Location on iPhone (2026)_ What Actually Works, What’s a Scam, an...
byOlive Dimitrescu
 
PPTX
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
PDF
apidays Australia 2025 | Orchestrator vs. Choreography
byapidays
 
PPTX
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
PDF
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PPTX
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
Device Repair and Maintenance Management
byAxisTechnolabs
 
Image and video processing: From Mars to Hollywood with a stop at the hospita...
byHarinath Palavalli
 
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
GraphQL Day Paris 2025 | Bringing DevOps to GraphQL with the Apollo GraphOS O...
byapidays
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
Project Tracking in Software Project Management
bySahanaBarveen1
 
HR Software for Construction: Smarter Workforce & Payroll Management
byhelixtahr
 
HackYourBrain_JFokusConference_03022026.pptx
bySimonedeGijt
 
Track Phone Location on iPhone (2026)_ What Actually Works, What’s a Scam, an...
byOlive Dimitrescu
 
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
Azure DevOps Services: Complete Guide to DevOps Tools, Automation & End-to-En...
byjohncarterjn
 
apidays Australia 2025 | Orchestrator vs. Choreography
byapidays
 
Edison MuleSoft Meetup : Vibe Coding | MuleSoft Meetups
bySravan Lingam
 
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 

Networking For Nested Containers: Magnum, Kuryr, Neutron Integration

  • 1.
    Magnum, Kuryr, NeutronIntegration Networking for Nested Containers Fawad Khaliq - @fawadkhaliq Antoni Segura – @celebdor Gal Sagie - @GalSagie
  • 2.
    Copyright © PLUMgrid,Inc. 2011-2016 Introduction Speakers Sr. Software Engineer PLUMgrid Khaliq Fawad 2 Senior Engineer Midokura Segura Antoni Architect Huawei Sagie Gal
  • 3.
    Copyright © PLUMgrid,Inc. 2011-2016 • Magnum, Neutron • Kuryr • Nested Containers and Networking Problem • Nested Containers Networking – Solution/Design • Capabilities and considerations • Current Status • Next Steps • Q&A Agenda 3
  • 4.
  • 5.
    Copyright © PLUMgrid,Inc. 2011-2016 Magnum Container-as-a-service in OpenStack 5 Docker Swarm (Bay) Nova Instance Container Container Container Nova Instance Container Container Container
  • 6.
    Copyright © PLUMgrid,Inc. 2011-2016 Magnum Container-as-a-service in OpenStack 6 Kubernetes (Bay) Nova Instance Pod Container Container Nova Instance Pod Container Container
  • 7.
    Copyright © PLUMgrid,Inc. 2011-20167
  • 8.
  • 9.
    Copyright © PLUMgrid,Inc. 2011-2016 • Provides “network as a service” • Provides rich network topologies • Technology agnostic; pluggable networking backends • Extensible • Offers advanced services like LBaas, VPNaas, FWaas etc Neutron 9
  • 10.
  • 11.
    Copyright © PLUMgrid,Inc. 2011-2016 Kuryr 11 Neutron as the 
 production-ready 
 networking abstraction
 containers need
  • 12.
    Copyright © PLUMgrid,Inc. 2011-2016 VM/Container Networking: Similar Concepts 12 Docker C1 Docker C2 Docker C3 libNetwork Endpoint Endpoint EndpointEndpoint Frontend Network Backend Network Network Sandbox Network Sandbox Network Sandbox VM2 192.168.1.7 192.168.5.2 VM1 Tenant A Net1 192.168.1.0/0 Tenant A Net2 192.168.5.0/0 192.168.1.5 Neutron
  • 13.
    Copyright © PLUMgrid,Inc. 2011-2016 • Open source • Part of OpenStack Big-Tent • Brings the Neutron networking model to containers • Aims to support different Container Runtimes (docker, rkt, etc) • E.g. Kubernetes, Mesos, Docker Swarm • Weekly IRC meetings • Working together with OpenStack community • Neutron, Magnum, Kolla Kuryr Project Overview 13
  • 14.
    Copyright © PLUMgrid,Inc. 2011-2016 Kuryr Components 14 Configuration ManagementKuryr libNetwork Network Plugin K8S CNI Driver Keystone Authentication & Neutron Client Interface Generic VIF Binding Kuryr libNetwork IPAM Plugin
  • 15.
    Problems with currentNested Containers Why do we need to consider this as a special scenario? 15
  • 16.
    Copyright © PLUMgrid,Inc. 2011-2016 • Two Separate networking infrastructures • Hard to enforce network policy (N-tier applications) • Security and Isolation • Performance and unneeded overhead Problems with Current Nested Containers Networking 16
  • 17.
    Copyright © PLUMgrid,Inc. 2011-2016 Problems with Current Nested Containers Networking 17 Docker 0 OVS VXLAN Overlay VM Docker 0 Neutron Plugin VXLAN Overlay VM SDN Overlay Neutron Overlay
  • 18.
    Copyright © PLUMgrid,Inc. 2011-2016 Problems with Current Nested Containers Networking 18 Neutron Networks VMVM VM Tenant A Net1 192.168.1.0/0
  • 19.
    Copyright © PLUMgrid,Inc. 2011-2016 Problems with Current Nested Containers Networking 19 Container Networks VMVM VM Backend Network 10.2.0.0/24 Endpoint Endpoint Endpoint Endpoint Endpoint Endpoint Endpoint Frontend Network 10.1.0.0/24
  • 20.
    Nested Container NetworkingSolution Design for the nested container networking in OpenStack 20
  • 21.
    Copyright © PLUMgrid,Inc. 2011-2016 • Nested/baremetal container to nested/baremetal container same/ different hosts • Nested/baremetal container to virtual machine communication • Nested/baremetal container to baremetal communication • Container networking as a first class entity in Neutron • Consistent policy enforcement across containers, VMs, bare metal • Enable advanced networking services like FWaas, LBaas, VPNaas etc Nested Container Networking Use Cases 21
  • 22.
    Copyright © PLUMgrid,Inc. 2011-2016 Nested Container Networking Design Magnum, Kuryr, Neutron Integration 22 VLAN:100 VLAN:200 VLAN:400 VLAN:100
  • 23.
    Copyright © PLUMgrid,Inc. 2011-2016 Neutron Trunk Ports 23 Nova Instance port-1 port-0 port-2 network-1 network-0 network-2 Port combined into one vif by turning port-0 into trunk and other ports into supports of the trunk
  • 24.
    Copyright © PLUMgrid,Inc. 2011-201624
  • 25.
  • 26.
    Copyright © PLUMgrid,Inc. 2011-2016 • Neutron resources spec approved and patches under review • Trunk • Subport • Subports bring isolation to container-in-VM use cases • Port forwarding can take us further • Vendors can implement new segmentation types • Tagged traffic that does not match a sub port, is considered of the trunk port Capabilities and Considerations 26
  • 27.
    Copyright © PLUMgrid,Inc. 2011-2016 • Limitations • Policy is applied at the Host level • Initial only VLAN tags for segmentation type • Tags are unique per “trunk port” scope • VM users can alter subport traffic • Logging of VM actions is dependent on integration • Can't work with current OVS Capabilities and Considerations 27
  • 28.
  • 29.
    Copyright © PLUMgrid,Inc. 2011-2016 • Trunk Port Extension spec approved and code in progress • Binding profile workaround to proceed in parallel • Nested Container networking spec approved in Kuryr • Docker Swarm Integration completed • Kubernetes in progress • Mesos in design stages Current Status 29
  • 30.
  • 31.
    Copyright © PLUMgrid,Inc. 2011-2016 • Follow up on the Neutron Trunk port implementation • Finish COE baremetal integration • Policy translation • Make Neutron resources available through native APIs • Magnum deployment prototype of worker VM with Kuryr agent • Magnum administrator VM that communicates with Neutron Next Steps 31
  • 32.
  • 33.
    Join us at#openstack-kuryr THANK YOU! irc: #openstack-kuryr @ freenode