These are the slides from the webinar "OpenStack networking (Neutron)", which covered the topics:
- OpenStack Networking: the Neutron project (NaaS);
- Main features of Neutron;
- Advanced networking functionalities in OpenStack.
This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi
OpenStack Ceph & Neutron에 대한 설명을 담고 있습니다.
1. OpenStack
2. How to create instance
3. Ceph
- Ceph
- OpenStack with Ceph
4. Neutron
- Neutron
- How neutron works
5. OpenStack HA- controller- l3 agent
6. OpenStack multi-region
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingJoe Huang
The slides used in the speech "Building multi-site and multi-openstack cloud with OpenStack cascading" in OpenStack Paris summit 2014. The slides cover the requirement and driving forces, case study of VDF, technologies eloboration and demo of OpenStack cascading.
These are the slides from the webinar "OpenStack networking (Neutron)", which covered the topics:
- OpenStack Networking: the Neutron project (NaaS);
- Main features of Neutron;
- Advanced networking functionalities in OpenStack.
This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi
OpenStack Ceph & Neutron에 대한 설명을 담고 있습니다.
1. OpenStack
2. How to create instance
3. Ceph
- Ceph
- OpenStack with Ceph
4. Neutron
- Neutron
- How neutron works
5. OpenStack HA- controller- l3 agent
6. OpenStack multi-region
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingJoe Huang
The slides used in the speech "Building multi-site and multi-openstack cloud with OpenStack cascading" in OpenStack Paris summit 2014. The slides cover the requirement and driving forces, case study of VDF, technologies eloboration and demo of OpenStack cascading.
OpenStack 운영을 통해 얻은 교훈을 공유합니다.
목차
1. TOAST 클라우드 지금의 모습
2. OpenStack 선택의 이유
3. 구성의 어려움과 극복 사례
4. 활용 사례
5. 풀어야 할 문제들
대상
- TOAST 클라우드를 사용하고 싶은 분
- WMI를 처음 들어보시는 분
Deploy an Elastic, Resilient, Load-Balanced Cluster in 5 Minutes with SenlinQiming Teng
This is a talk from the Austin OpenStack summit. It demonstrates how a resilient, elastic and load-balanced cluster can be deployed using senlin, heat, ceilometer, lbaas v2, nova.
Do you think of cheetahs not RabbitMQ when you hear the word Swift? Think a Nova is just a giant exploding star, not a cloud compute engine. This deck (presented at the OpenStack Boston meetup) provides introduction will answer your many questions. It covers the basic components including: Nova, Swift, Cinder, Keystone, Horizon and Glance.
Service Function Chaining in Openstack NeutronMichelle Holley
Service Function Chaining (SFC) uses software-defined networking (SDN) capabilities to create a service chain of connected network services (such as L4-7 like firewalls,
network address translation [NAT], intrusion protection) and connect them in a virtual chain. This capability can be used by network operators to set up suites or catalogs
of connected services that enable the use of a single network connection for many services, with different characteristics.
networking-sfc is a service plugin of Openstack neutron. The talk will go over the architecture, implementation, use-cases and latest enhancements to networking-sfc (the APIs and implementation to support service function chaining in neutron).
About the speaker: Farhad Sunavala is currently a principal architect/engineer working on Network Virtualization, Cloud service, and SDN technologies at Huawei Technology USA. He has led several wireless projects in Huawei including virtual EPC, service function chaining, etc. Prior to Huawei, he worked 17 years at Cisco. Farhad received his MS in Electrical and Computer Engineering from University of New Hampshire. His expertise includes L2/L3/L4 networking, Network Virtualization, SDN, Cloud Computing, and
mobile wireless networks. He holds several patents in platforms, virtualization, wireless, service-chaining and cloud computing. Farhad was a core member of networking-sfc.
In this talk, Vladi looks at the new Volume encryption option (due in CloudStack 4.18). He presents the new ability to use encrypted root and data volumes on different storage types, the benefits and the current limitations of the implementation.
Vladimir Petrov is a QA engineer with more than 20 years of experience in the IT field. He is using and testing Apache CloudStack for almost 3 years now. Currently working as a QA Engineer in ShapeBlue.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
- What is NOVA ?
- NOVA architecture
- How instance are spawned in Openstack ?
- Interaction of nova with other openstack projects like neutron, glance and cinder.
There are some issues for OpenStack multi-region mode, for example, lack of global view quotas control, resource utilization, metering data, replication of image / keypair / security group / volume , L2/L3 networking across OpenStack, ... etc. OpenStack cascading is the best-matched solution to solve these issues in multi-site multi-region cloud
This Video Contains VXLAN Frame format and explanation of each field, as described in RFC7348.
Video link: https://www.youtube.com/watch?v=rXhLB7FMIBI&feature=youtu.be
OpenStack 운영을 통해 얻은 교훈을 공유합니다.
목차
1. TOAST 클라우드 지금의 모습
2. OpenStack 선택의 이유
3. 구성의 어려움과 극복 사례
4. 활용 사례
5. 풀어야 할 문제들
대상
- TOAST 클라우드를 사용하고 싶은 분
- WMI를 처음 들어보시는 분
Deploy an Elastic, Resilient, Load-Balanced Cluster in 5 Minutes with SenlinQiming Teng
This is a talk from the Austin OpenStack summit. It demonstrates how a resilient, elastic and load-balanced cluster can be deployed using senlin, heat, ceilometer, lbaas v2, nova.
Do you think of cheetahs not RabbitMQ when you hear the word Swift? Think a Nova is just a giant exploding star, not a cloud compute engine. This deck (presented at the OpenStack Boston meetup) provides introduction will answer your many questions. It covers the basic components including: Nova, Swift, Cinder, Keystone, Horizon and Glance.
Service Function Chaining in Openstack NeutronMichelle Holley
Service Function Chaining (SFC) uses software-defined networking (SDN) capabilities to create a service chain of connected network services (such as L4-7 like firewalls,
network address translation [NAT], intrusion protection) and connect them in a virtual chain. This capability can be used by network operators to set up suites or catalogs
of connected services that enable the use of a single network connection for many services, with different characteristics.
networking-sfc is a service plugin of Openstack neutron. The talk will go over the architecture, implementation, use-cases and latest enhancements to networking-sfc (the APIs and implementation to support service function chaining in neutron).
About the speaker: Farhad Sunavala is currently a principal architect/engineer working on Network Virtualization, Cloud service, and SDN technologies at Huawei Technology USA. He has led several wireless projects in Huawei including virtual EPC, service function chaining, etc. Prior to Huawei, he worked 17 years at Cisco. Farhad received his MS in Electrical and Computer Engineering from University of New Hampshire. His expertise includes L2/L3/L4 networking, Network Virtualization, SDN, Cloud Computing, and
mobile wireless networks. He holds several patents in platforms, virtualization, wireless, service-chaining and cloud computing. Farhad was a core member of networking-sfc.
In this talk, Vladi looks at the new Volume encryption option (due in CloudStack 4.18). He presents the new ability to use encrypted root and data volumes on different storage types, the benefits and the current limitations of the implementation.
Vladimir Petrov is a QA engineer with more than 20 years of experience in the IT field. He is using and testing Apache CloudStack for almost 3 years now. Currently working as a QA Engineer in ShapeBlue.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
- What is NOVA ?
- NOVA architecture
- How instance are spawned in Openstack ?
- Interaction of nova with other openstack projects like neutron, glance and cinder.
There are some issues for OpenStack multi-region mode, for example, lack of global view quotas control, resource utilization, metering data, replication of image / keypair / security group / volume , L2/L3 networking across OpenStack, ... etc. OpenStack cascading is the best-matched solution to solve these issues in multi-site multi-region cloud
This Video Contains VXLAN Frame format and explanation of each field, as described in RFC7348.
Video link: https://www.youtube.com/watch?v=rXhLB7FMIBI&feature=youtu.be
This presentation describes the term firewall and it's concepts and provides basic information about it's unix-based software implementations: ebtables, arptables and iptables. This document is a part of a powerpoint presentation which I also uploaded. Made as a project for university course
A detailed description of how Cloudscaling's Open Cloud System (OCS) has solved the network scalability problems in OpenStack. We'll cover how and why we designed a Layer-3 (L3) scale-out network, how we plugin and extend OpenStack, and talk about why we did it this way.
OpenStack Neutron Havana Overview - Oct 2013Edgar Magana
Presentation about OpenStack Neutron Overview presented during three meet-ups in NYC, Connecticut and Philadelphia during October 2013 by Edgar Magana from PLUMgrid
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
Presentation titled 'Migrating production workloads from OVS to LinuxBridge'. Presented at the Fall 2014 OpenStack summit in Paris, this slide deck introduced the possibility of migrating live workloads from Open vSwitch to LinuxBridge with minimal downtime.
The technologies and people we are designing experiences for are constantly changing, in most cases they are changing at a rate that is difficult keep up with. When we think about how our teams are structured and the design processes we use in light of this challenge, a new design problem (or problem space) emerges, one that requires us to focus inward. How do we structure our teams and processes to be resilient? What would happen if we looked at our teams and design process as IA’s, Designers, Researchers? What strategies would we put in place to help them be successful? This talk will look at challenges we face leading, supporting, or simply being a part of design teams creating experiences for user groups with changing technological needs.
Quantum - Virtual networks for Openstacksalv_orlando
An overview of Quantum, the soon-to-be default Openstack network service.
These slides introduce Quantum, its design goals, and discusses the API. It also tries to address how quantum relates to Software Defined Networking (SDN)
Presentation written by Sean Cohen and Steve Gordon at Red Hat covering the highlights of the OpenStack Liberty release.
Presented to the Atlanta OpenStack Meetup on October 15th.
June Boston openStack Summit: Preparing quantum for the data centerKamesh Pemmaraju
Quantum, OpenStack's virtual networking service, is slated to replace Nova's networking service in the upcoming Folsom release. Initial Quantum development has focused on the basic requirements of a green-field Nova cloud deployment. Additional requirements will be discussed that enable Quantum to support private Nova cloud deployments within existing data centers, as well as enterprise virtualization with the oVirt project. Initial work is underway for Folsom, and additional work will follow.
Presentation given at the 2017 LinuxCon China
With the booming of Container technology, it brings obvious advantages for cloud: simple and faster deployment, portability and lightweight cost. But the networking challenges are significant. Users need to restructure their network and support container deployment with current cloud framework, like container and VMs.
In this presentation, we will introduce new container networking solution, which provides one management framework to work with different network componenets through Open/friendly modelling mechnism. iCAN can simplify network deployment and management with most orchestration systems and a variety of data plane components, and design extendsible architect to define and validate Service Level Agreement(SLA) for cloud native applications, which is important factor for enterprise to deliver successful and stable service via containers.
Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
Slides presented to OpenStack developer summit during the "Quantum Overview" session (note: these are not the slides presented during the conference, these slides are more technical, and less polished)
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
This presentation was shown at the OpenStack Online Meetup session on August 28, 2014. It is an update to the 2013 sessions, and adds content on Services Plugin, Modular plugins, as well as an Outlook to some Juno features like DVR, HA and IPv6 Support
Overview of OpenStack nova-networking evolution towards Neutron. Architecture overview of OVS plugin, ML2, and MidoNet Overlay product. Overview and example of Heat templates, along with automation of physical switches using Cumulus
Stackalytics is a service for analyzing contribution statistics in OpenStack community. This presentation was held at OpenStack summit in Paris on Nov 5th
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
2. ● What is OpenStack
● Nova network
● (Quantum) OpenStack Networking
● Open vSwitch
● Load balancing as a service
Agenda
3. ● Open source system for building scalable private and public
clouds
● Launched in 2010 by NASA and Rackspace, now 150+
companies, >9000 people, 87 countries
● A collection of “cloud services”
● Each service includes:
○ A tenant-facing API that exposes logical abstractions for
consuming the service.
○ One or more backend implementations of that API
What is OpenStack?
4. ● What is OpenStack
● Nova network
● (Quantum) OpenStack Networking
● Open vSwitch
● Load balancing as a service
Agenda
5. Very easy to configure
Different managers (network providers):
● FlatManager
● FlatDHCPManager
● VlanManager
Nova Network
6. ● Network bridge
● 'dnsmasq' DHCP server
● Bridge as default gw
Limitations:
● Single L2 domain and ARP space,
no tenant isolation
● Single IP pool
Flat Network
8. ● Network bridge
● Vlan interface over physical
interface
Limitations:
● Scaling limit in 4k vlan tags
● Vlans are configured manually
on switch by admin
● May have issues with overlapping MACs
Vlan Network
10. ● Networking is too tied to Nova
● Two Key Problems:
1: Limited technology
2: Tenants want to replicate rich
enterprise network topologies
Why new module?
VLANs are Great!
- Stone Age Man
11. Issues:
● VLANs is the only way of doing multi-tenancy
● Only Linux bridge supported (no ACLs, QoS, monitoring)
● Network controller is single point of failure
Solution:
● Software-defined Networking (SDN) / OpenFlow
● Overlay tunneling: VXLAN, NVGRE, STT
● Fabric solutions: FabricPath, Qfabric, etc.
● Pluggable mechanism via common API to enable different
vendor technologies
Limited technologies
12. Issues:
● No way to control topology nor create “multi-tier” networks
● No control over IP addressing
● No way to insert own services (e.g. firewall, IPS)
Solution:
● API for managing multiple private networks, IP addressing
● API extensions to control: security policies, quality-of-service,
monitoring
● Service plugins such as firewall, intrusion detection, VPN
Tenants want control
13. OpenStack Modules .. before
Compute
Storage
Network
Nova
Swift (Objects)
Glance (Images)
*-as-a-Service Capability OpenStack Service
Cinder (Block)
Identity Keystone
14. OpenStack Modules .. now
Compute
Storage
Network
Nova
Swift (Objects)
Glance (Images)
*-as-a-Service Capability OpenStack Service
Quantum
Cinder (Block)
Identity Keystone
15. ● What is OpenStack
● Nova network
● (Quantum) OpenStack Networking
● Open vSwitch
● Load balancing as a service
Agenda
16. ● API to build rich networking topologies
● Extensible via plugins (may support virtual
networks, hardware or mixed)
● More capabilities (QoS, security groups)
● Platform for services (LBaaS, FWaaS, etc)
Welcome Quantum*!
* urgently renamed to OpenStack Networking due to trademark violation
17. Quantum Architecture
Core REST API Extension REST API Extension REST API
AuthN/AuthZ
Core Plugin (vendor-specific)
DB agent
Service Plugin
DB agent
Core Plugin Interface
Service Plugin
Interface
19. Core API objects
● Port - a point of attachment to network
● Network - isolated L2 network segment
● Subnet - associates a block of IP addresses with network
L3 extension objects
● Router - gateway between networks
● Floating IP - static mapping from public IP in external network
to private IP in local
Quantum Objects
21. ● Big Switch Networks
● Brocade
● Cisco
● Hyper-V
● Linux Bridge
● Meta Plugin
Core Plugins
● Midokura Midonet
● NEC OpenFlow
● Nicira NVP
● Open vSwitch
● PLUMgrid
● Ryu OpenFlow
22. ● Programmable packet forwarding and network
topology configuration
● An external ‘controller’ component sets up flows
and/or topologies for network traffic
● Particularly suitable for virtual networking in
massively scalable environments
Software Defined Networks
23. ● What is OpenStack
● Nova network
● (Quantum) OpenStack Networking
● Open vSwitch
● Load balancing as a service
Agenda
24. ● Open source programmable virtual switch
● Supports OpenFlow, 802.1Q VLANs, LACP, STP
● Supports KVM and Xen
● OVS is the basis for different SDN/network virtualization
platforms
● Flexible controller in user-space
● Fast datapath in kernel
Open vSwitch
25. ● Port may have more than one interface
● IEEE 802.1Q support attaching VLAN tags to interfaces
● Packets are forwarded by flow
● Fine-grained ACLs and QoS (L2-L4 matching, actions)
● Centralized control via OpenFlow
● Works on Xen, KVM, VirtualBox
Open vSwitch Concepts
26. Open vSwitch Tools
ovs-vswitchd - daemon that implements a switch with help of
kernel module
ovsdb-server - database server
ovs-vsctl - utility for working with the configuration
ovs-appctl - tool for controlling Open vSwitch daemon
ovs-dpctl - datapath management utility
ovs-controller - simple OpenFlow controller
ovs-ofctl - OpenFlow switch management utility
ovs-pki - utility for managing public-key infrastructure
29. Let's Start (with example)!
We have:
● tenant A and network (10.0.0.0/24)
● router that wires private network with external
● DCHP enabled (quantum port is create)
Commands we need:
● brctl show - to show all bridges
● ovs-vsctl show - to show all interfaces
● ip netns exec - to show contents of namespace
● quantum port-list, quantum net-list
30. ovs-vsctl show
Bridge br-int
Port "qr-9b80a882-55"
tag: 1
Interface "qr-9b80a882-55"
type: internal
Port "tap66a249f1-bf"
tag: 1
Interface "tap66a249f1-bf"
type: internal
Port br-int
Interface br-int
type: internal
Bridge br-ex
Port "qg-e41c368d-a8"
Interface "qg-e41c368d-a8"
type: internal
Port br-ex
Interface br-ex
type: internal
internal interface
of router
port of DHCP
server
external interface
of router
31. brctl show
bridge name bridge id STP enabled interfaces
br-ex 0000.6eed69b21a4b no qg-e41c368d-a8
br-int 0000.f68d58076046 no qr-9b80a882-55
tap66a249f1-bf
32. Let's Rock!
Expand the configuration:
● Launch VM in tenant A (10.0.0.3)
● Create network for tenant B (12.0.0.0/24)
with DHCP enabled (12.0.0.2)
but without router
● Launch VM in tenant B (12.0.0.3)
34. ovs-vsctl show
Bridge br-int
Port "qvo8b0b577a-2c"
tag: 1
Interface "qvo8b0b577a-2c"
Port "qr-9b80a882-55"
tag: 1
Interface "qr-9b80a882-55"
type: internal
Port "tap66a249f1-bf"
tag: 1
Interface "tap66a249f1-bf"
type: internal
Port "qvo4a744a65-92"
tag: 2
Interface "qvo4a744a65-92"
Port "tap3aa4a560-d2"
tag: 2
Interface "tap3aa4a560-d2"
type: internal
Port br-int
Interface br-int
type: internal
interface for VM
in tenant A
interface for VM
in tenant B
interface of
DHCP server
in tenant B
36. brctl show
bridge name bridge id STP enabled interfaces
br-ex 0000.6eed69b21a4b no qg-e41c368d-a8
br-int 0000.f68d58076046 no qr-9b80a882-55
qvo4a744a65-92
qvo8b0b577a-2c
tap3aa4a560-d2
tap66a249f1-bf
qbr4a744a65-92 8000.7a95a8a2b9bd no qvb4a744a65-92
tap4a744a65-92
qbr8b0b577a-2c 8000.de84d986f61e no qvb8b0b577a-2c
tap8b0b577a-2c
one bridge for VM
(created by VIF driver in Nova)
37. ip netns
List of namespaces. There's one namespace per DHCP port and
per router port
qdhcp-9a7e9331-2508-4615-889b-b99a6f260eef
qdhcp-1b2101e0-cefa-4347-a581-e1f1f02215a1
qrouter-0e0e2e6e-a60b-4808-b914-8f45cae02b2e
qdhcp-9a7e... qdhcp-1b21... qrouter-0e0e...
12.0.0.2 10.0.0.2 10.0.0.1 172.18.7.3
39. ● What is OpenStack
● Nova network
● (Quantum) OpenStack Networking
● Open vSwitch
● Load balancing as a service
Agenda
40. ● Unified API for load balancing
● Features:
○ LB between services on VMs
○ configurable LB methods (e.g. round-robin)
○ session persistence
○ health monitoring (TCP, HTTP)
● Reference implementation based on HAProxy
Load Balancing as a Service
43. LBaaS Wiring
VM A Load Balancer
Router
10.0.0.1010.0.0.4
VM B
10.0.0.5
External Traffic
Internal Trafficfloating ip
172.0.0.10
44. 1. Create pool
2. Create members (1 per VM / service)
3. Create vip for the pool
4. (opt.) Create health monitor and
associate with Pool
LBaaS Workflow
46. Havana Release:
● More services: firewall-as-a-service, vpn-as-a-
service
● Multi-host DHCP agent (analog to Nova)
● IPv6 support for L3 services
Provide API for every service in the network!
Future of OpenStack Networking