OpenNebula provides a central point to define, consume, and set up virtual networks for virtual machines. It uses an XML-RPC API and drivers to abstractly manage logical network attributes like IP addresses, security groups, and tags. The northbound interface defines virtual networks while the southbound interface uses specialized drivers to interface with network elements and set up networking during VM lifecycles. OpenNebula also supports network functions virtualization through virtual routers that can link different virtual networks across sites using GRE tunnels and IPSec.

1. OpenNebula Networking
Ruben S. Montero
OpenNebula Chief Architect
Techday Madrid
11 March 2016

2. OpenNebula Network Model: View
Hyper. Hyper. Hyper. Hyper.
Virtual Network
VM VM VM VM
Datacenter Network
● Leaf-Spine switched or routed backbone
● Not controlled by OpenNebula
● Usually just few TOR switches
Virtual switches
Virtual Network

3. OpenNebula Network Model: “built-in SDN”
Provide a central point to define, consume and set up Virtual
Networks for Virtual Machines
XML-RPC API
OpenNebula daemon
Infrastructure Drivers
Northbound Interface
● Virtual Network abstract management
● Lease addresses to VMs
● Reserve addresses for users or groups
Network Stack
Southbound Interface
● Uniform interface to interface network elements
● Specialized for VM Networking

4. Northbound Interface
Logical Attributes
Addresses Space (multiple, disjoint ranges)
● IPv4
● IPv6 (Global & ULA)
● Ethernet - MAC addresses
Security Groups
● Managed as a separate entity
● Inbound & Outbound, TCP/UDP/ICMP
Custom Tags
Configuration & Physical Attributes
● Network specific (e.g. BRIDGE, VLAN_ID)
● VM Context (e.g. DNS, GATEWAY)
VirtualNetworkDefinition

5. Southbound Interface
Three-phase setup
● pre, post and clean right before, after VM boot and shutdown
● It considers live-migrations
OpenNebula Network Drivers
OpenvSwtich VMware DSwtich
Linux Bridge
802.1Q Flat
Security Group*
iptables rules
VXLAN ebtables Flat VLAN Flat Dynamic
NFV Virtual Router*
* [Virtual Router] New in 5.0!
* [Security Group] Propagate updates to running VMs

6. ● Approach: Virtualize some network functions by packaging
into an appliance
● Ease & flexible management of your network
○ Hugepages*,
○ NUMA scheduling*,
○ PCI PF/SR-IOV co-allocation*
* Supported only to some extent in 4.14
● As part of a Virtual Network to include more functionality
○ Virtual Router removed from 4.14 to re-architect it.
NFV Management

7. Virtual Routers: NFV Demonstration
Virtual
Router
Virtual
Router
Virtual
Router
VR cluster
Virtual NetworkVirtual Network
● Alpine Linux
● Link any VLAN network
● HA configuration
● Support for reconfiguration
● First class management entity
● Sunstone specialized views
● New CLI for vrouters
● Can be configured per VDC
*
* Future plans to expose an OpenFlow interface to be controlled by SDN

8. Virtual Router: Cross-site Networks
Virtual RouterVirtual Router
VM
Virtual Network (VLAN)Virtual Network (VLAN)
VM VM
Cross-site
Network
VM
Ethernet over IP (GRETAP) + IPSec
● Link multiple virtual networks (L3/L2)
● Support for hybrid configurations
● Support for L3 inter-DC

9. Virtual Router: SDN integration
SSH OpenFlow
ovswtich / Linux bridge
link
(to other switches)
VXLAN, VLAN, Ether
virtual
appliance
SDN for the Cross-site network
● Flow control (ReactiveFlow app)
● ARP optimizations
● Flow re-balancing
OpenNebula drivers

10. OpenNebula Network Model: View
Hyper. Hyper. Hyper. Hyper.
Virtual Network
VM VM VM VM
Virtual Network
Network backbone and Internet
VM VM
Compute Fabric
SDN for vSwitches
Two-level SDN
● Hypervisor for VLAN set up and management
● Interconnection and management of VLAN segments
Virtual switch (or routed)

11. ¡GRACIAS!
Techday Madrid
11 March 2016