Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Under the Trenchcoat:
Neutron Agent
Extensions
Margaret Frances (Comcast)
Nate Johnston (Comcast)
David Shaughnessy (Intel...
Under the Trenchcoat: Neutron Agent Extensions3
• David Shaughnessy
- Co-author, DSCP implementation of the QoS agent exte...
Section 1: History of Neutron Agent Extensions
History of Agent Extensions
Under the Trenchcoat: Neutron Agent Extensions5
Neutron agent extensions have their origins in...
Problems with Extending the Neutron Agent
Agent extensions were originally intended to solve the following problems:
1. An...
The Origin of Agent Extensions
Neutron agent extensions arose to meet these challenges.
1. The extension manager (subclass...
The First Implementation: Quality of Service
• Network Quality of Service (QoS) is an L2 concept that extends the idea of ...
Getting Information There: Notification Drivers
• A facility needed to be created to synthesize port updates necessary onl...
DSCP: Origin of the L2 Agent Extension API
• DSCP: QoS feature that modifies egress traffic using the integration bridge’s...
Making Agent Extensions Generic
The Neutron L3 agent had the same challenges as the Neutron L2 agent.
• A generic extensio...
The Second Implementation: FireWall-as-a-Service
• FWaaS was incompatible with the L3 agent at the start of Newton.
• Requ...
Section 2: Agent Extensions Deep Dive
Under the Trenchcoat: Neutron Agent Extensions14
• We want to run an indefinite number of agent extensions
simultaneously
...
Under the Trenchcoat: Neutron Agent Extensions15
Oslo’s stevedore
package
Neutron’s
agent_api
Under the Trenchcoat: Neutron Agent Extensions16
Oslo’s stevedore
package
Under the Trenchcoat: Neutron Agent Extensions17
The framework:
1. The agent…
• instantiates the extensions manager
• send...
Under the Trenchcoat: Neutron Agent Extensions18
Neutron’s
agent_api
Neutron’s agent_api: A Window
Under the Trenchcoat: Neutron Agent Extensions19
Under the Trenchcoat: Neutron Agent Extensions20
The framework:
1. The agent_api…
• is initialized with agent data that th...
Under the Trenchcoat: Neutron Agent Extensions21
Your extension must:
1. Derive from the abstract base class
2. Implement ...
Under the Trenchcoat: Neutron Agent Extensions22
L 3
L3 Agent Extensions: The Players
Under the Trenchcoat: Neutron Agent Extensions23
The framework:
An agent extension (FWaaS...
L3: The Agent Extension API
Under the Trenchcoat: Neutron Agent Extensions24
L3: The Agent
Under the Trenchcoat: Neutron Agent Extensions25
L3: The Agent Extensions Manager
Under the Trenchcoat: Neutron Agent Extensions26
L3: The Extensions’ Abstract Base Classes
Under the Trenchcoat: Neutron Agent Extensions27
L3: The FWaaS Agent Extension
Under the Trenchcoat: Neutron Agent Extensions28
Under the Trenchcoat: Neutron Agent Extensions29
Each extension creates an entry point and registers it with the agent:
L3...
Under the Trenchcoat: Neutron Agent Extensions30
• We want to run an indefinite number of agent extensions
simultaneously
...
Under the Trenchcoat: Neutron Agent Extensions31
L 2
L2 Agent Extensions: The OVS Agent Players
Under the Trenchcoat: Neutron Agent Extensions32
The OVS framework:
The QoS age...
L2: The OVS Agent Extension API
Under the Trenchcoat: Neutron Agent Extensions33
L2: The OVS Agent
Under the Trenchcoat: Neutron Agent Extensions34
L2: The Agent Extensions Manager
Under the Trenchcoat: Neutron Agent Extensions35
L2: The Extensions’ Abstract Base Classes
Under the Trenchcoat: Neutron Agent Extensions36
L2: The QoS Agent Extension
Under the Trenchcoat: Neutron Agent Extensions37
L2: The OvS QoS Driver
Under the Trenchcoat: Neutron Agent Extensions38
Section 3: Use Cases for Agent Extensions
L2 extension Use Cases
The use cases for L2 Extensions include:
- Quality of service, limiting or modifying traffic on an ...
L3 extension Use Cases
The use cases for L3 Extensions include:
- Firewalls, Enforcing Access Control Lists at network gat...
Future work
Work planned that impacts Neutron Agent Extensions:
- L2 OvS Flow Manager:
- Manage the use of Open vSwitch's ...
Addendum: Making Your Own Agent Extension
How do you make an agent extension?
• Extension Descriptor
- Designing a Resource Attribute map
• Service plugin
• Agent p...
Extension Descriptor
• Describes the Extension to the Neutron Agent it will extend.
Under the Trenchcoat: Neutron Agent Ex...
Resource Attribute Map
• Describes the custom data types to the agent that this extension will use.
Under the Trenchcoat: ...
Service Plugin
• Extends the Neutron REST API.
• Posts updates to the database.
Under the Trenchcoat: Neutron Agent Extens...
L3 Agent Plugin
• Is loaded into a Neutron L3 agent’s (q-l3) extension manager.
Under the Trenchcoat: Neutron Agent Extens...
L2 Agent Plugin
• Is loaded into the Neutron agent’s (q-agt) extension manager.
Under the Trenchcoat: Neutron Agent Extens...
L2 Agent Drivers
• When an extension is loaded a driver_type is passed into the agent plugin.
Under the Trenchcoat: Neutro...
Extending the Neutron Command Line Interface
• Extending the Neutron CLI can be done the same way as the Neutron Agents.
U...
Devstack plugin
• Allows your project to be built by the devstack deployment tool.
Under the Trenchcoat: Neutron Agent Ext...
Resources
Under the Trenchcoat: Neutron Agent Extensions53
• Agent extensions devref:
http://docs.openstack.org/developer/...
Legal Notices and Disclaimers
Intel technologies’ features and benefits depend on system configuration and may require ena...
QR Codes
A Neutron extension project that
provides the skeleton of an out-
of-tree Neutron extension:
Under the Trenchcoat...
Any Questions?
Nate Johnston nate_johnston@comcast.com
Margaret Frances margaret_frances@comcast.com
David Shaughnessy dav...
Under the Trenchcoat: Neutron Agent Extensions
Upcoming SlideShare
Loading in …5
×

Under the Trenchcoat: Neutron Agent Extensions

172 views

Published on

Neutron agents are a critical part of the Openstack networking infrastructure. The Quality of Service (QoS) effort leading up to Liberty prompted the creation of an L2 agent extension mechanism in order to provide a defined ability for agent extensions to be added to the neutron-openvswitch-agent. Other Neutron L2 agents, such as neutron-linuxbridge-agent and neutron-sriov-agent, have since been modified to utilize this extension mechanism. In the Newton cycle, this framework was generalized and implemented in Neutron's L3 base agent, with FWaaS' v2 implementation as the initial subscriber.

This talk will discuss:

The history of agent extensions in Neutron.
A deep dive into how they function.
Various use cases that take advantage of them.

We will review a selection of the current use cases for agent extensions. Finally we will examine future use cases and development trends for Neutron agent extensions.


What can I expect to learn?
The target audience for this talk is developers who are creating or supporting functionality that requires Neutron agent-side code. This talk will discuss why this code exists, how it was implemented, and how future progress in Neutron agent extensions is likely to go.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Under the Trenchcoat: Neutron Agent Extensions

  1. 1. Under the Trenchcoat: Neutron Agent Extensions Margaret Frances (Comcast) Nate Johnston (Comcast) David Shaughnessy (Intel) October 27, 2016
  2. 2. Under the Trenchcoat: Neutron Agent Extensions3 • David Shaughnessy - Co-author, DSCP implementation of the QoS agent extension - Currently developing the OvS flow manager • Nate Johnston - Core contributor for neutron-fwaas - Co-author, DSCP implementation of the QoS agent extension - Co-author, L2 and L3 agent extension generalization, L3 extensions interface, L3 agent extension API - Co-author, FWaaS L3 agent extension • Margaret Frances - Co-author, L2 and L3 agent extension generalization - Co-author, L2 and L3 agent extension generalization, L3 agent extension API - Co-author, FWaaS L3 agent extension, FWAAS v2 L3 agent extension - Co-author, QoS plugin refactor - Helped design the OvS flow entry mechanism to allow multiple agent extensions access without contention Who we are
  3. 3. Section 1: History of Neutron Agent Extensions
  4. 4. History of Agent Extensions Under the Trenchcoat: Neutron Agent Extensions5 Neutron agent extensions have their origins in the Quality of Service (QoS) effort during the Kilo and Liberty cycles. They were implemented in the ”feature/qos” branch of Neutron by: • Moshe Levi (moshele) • Irena Berezovsky (irenab) • Miguel Angel Ajo Pelayo (ajo) • Ihar Hrachyshka (ihrachys)
  5. 5. Problems with Extending the Neutron Agent Agent extensions were originally intended to solve the following problems: 1. Any new feature that required an agent-side implementation was getting crammed into the agent code without any good structure. 2. External projects, like advanced services, were unable to extend agent functionality without overriding the agent. This was seen in the L3 agent especially. 3. Even with inheritance-based extending the agent, using more than one external service was very difficult. Under the Trenchcoat: Neutron Agent Extensions6
  6. 6. The Origin of Agent Extensions Neutron agent extensions arose to meet these challenges. 1. The extension manager (subclassed from stevedore's NamedExtensionManager) loads agent extensions at run-time 2. The agent sends messages to the extensions manager, which forwards them to the extensions Under the Trenchcoat: Neutron Agent Extensions7
  7. 7. The First Implementation: Quality of Service • Network Quality of Service (QoS) is an L2 concept that extends the idea of the network port by adding regulation of data flows. • A new object was created, the QoSPolicy object, to specify the QoS configuration for a given port. • QoSPolicy was made an attribute of the port, so that updates to port data would include the relevant QoS information. Under the Trenchcoat: Neutron Agent Extensions8
  8. 8. Getting Information There: Notification Drivers • A facility needed to be created to synthesize port updates necessary only to transmit the QoSPolicy to the agent. • QoS Notification Driver is notified anytime a change occurs to a QoSPolicy object. • When that occurs, a new RPC event is synthesized that contains only the QoSPolicy changes, and is distributed to the agents. Under the Trenchcoat: Neutron Agent Extensions9
  9. 9. DSCP: Origin of the L2 Agent Extension API • DSCP: QoS feature that modifies egress traffic using the integration bridge’s flow table. • Neutron Agent generates a random cookie_id to identify stale flows. • The cookie_id values can be requested from the integration bridge object. • Neutron’s integration bridge is exposed through the Agent Extensions API. Under the Trenchcoat: Neutron Agent Extensions10
  10. 10. Making Agent Extensions Generic The Neutron L3 agent had the same challenges as the Neutron L2 agent. • A generic extension framework was created. • The L2 extension framework was modified to derive from the generic framework. • The L2 Agent calls extensions on Port events. • The L3 Agent calls extensions on Router events. Under the Trenchcoat: Neutron Agent Extensions11
  11. 11. The Second Implementation: FireWall-as-a-Service • FWaaS was incompatible with the L3 agent at the start of Newton. • Required the development of an L3 extensions framework to integrate with the L3 agent. • FWaaS L3 agent extension establishes its own RPC topic for firewall updates. • Utilizes an Agent Extension API to retrieve the router_info variable to gain access to network namespace. Under the Trenchcoat: Neutron Agent Extensions12
  12. 12. Section 2: Agent Extensions Deep Dive
  13. 13. Under the Trenchcoat: Neutron Agent Extensions14 • We want to run an indefinite number of agent extensions simultaneously • We want to be able to implement a new extension without touching agent code • We want to be able to enable a new extension without touching agent code • Agent extensions should have access to agent resources Agent Extensions: Goals and Concerns
  14. 14. Under the Trenchcoat: Neutron Agent Extensions15 Oslo’s stevedore package Neutron’s agent_api
  15. 15. Under the Trenchcoat: Neutron Agent Extensions16 Oslo’s stevedore package
  16. 16. Under the Trenchcoat: Neutron Agent Extensions17 The framework: 1. The agent… • instantiates the extensions manager • sends the manager messages to forward to the extensions 2. The extensions manager… • subclasses stevedore’s NamedExtensionManager • loads agent extensions • broadcasts agent requests to all extensions 3. An abstract base class defines an interface for the extensions Your extension must: 1. Derive from the abstract base class 2. Implement any other required methods You must: 1. Create an entry point and register it with the caller 2. Define a unique namespace for the API Stevedore’s NamedExtensionManager: Load Extensions at Runtime
  17. 17. Under the Trenchcoat: Neutron Agent Extensions18 Neutron’s agent_api
  18. 18. Neutron’s agent_api: A Window Under the Trenchcoat: Neutron Agent Extensions19
  19. 19. Under the Trenchcoat: Neutron Agent Extensions20 The framework: 1. The agent_api… • is initialized with agent data that the extensions will need • defines methods that expose this data 2. The agent… • instantiates the extensions manager • instantiates the API with agent-specific data • sends this loaded agent_api to the extensions manager • sends the manager messages to forward to the extensions 3. The extensions manager… • subclasses stevedore’s NamedExtensionManager • defines a unique namespace for the API • loads agent extensions • forwards the agent_api to the extensions • broadcasts agent requests to all extensions 4. An abstract base class… • defines an interface for the extensions • defines consume_api() and initialize() methods for the extensions Neutron’s agent_api: Expose Agent Data to Agent Extensions
  20. 20. Under the Trenchcoat: Neutron Agent Extensions21 Your extension must: 1. Derive from the abstract base class 2. Implement consume_api() to accept the agent_api 3. Implement initialize() to do any initialization work, such as sending the agent_api to a driver, for example 4. Implement any other required methods 5. Create an entry point and register it with the caller Your extension may: 1. Utilize data and methods provided by the received agent_api 2. Access global resources in the agent (e.g., RabbitMQ connection, oslo log objects, oslo config objects.) Neutron’s agent_api: Expose Agent Data to Agent Extensions Part 2
  21. 21. Under the Trenchcoat: Neutron Agent Extensions22 L 3
  22. 22. L3 Agent Extensions: The Players Under the Trenchcoat: Neutron Agent Extensions23 The framework: An agent extension (FWaaS):
  23. 23. L3: The Agent Extension API Under the Trenchcoat: Neutron Agent Extensions24
  24. 24. L3: The Agent Under the Trenchcoat: Neutron Agent Extensions25
  25. 25. L3: The Agent Extensions Manager Under the Trenchcoat: Neutron Agent Extensions26
  26. 26. L3: The Extensions’ Abstract Base Classes Under the Trenchcoat: Neutron Agent Extensions27
  27. 27. L3: The FWaaS Agent Extension Under the Trenchcoat: Neutron Agent Extensions28
  28. 28. Under the Trenchcoat: Neutron Agent Extensions29 Each extension creates an entry point and registers it with the agent: L3: Entry Points
  29. 29. Under the Trenchcoat: Neutron Agent Extensions30 • We want to run an indefinite number of agent extensions simultaneously • We want to be able to implement a new extension without touching agent code • We want to be able to enable a new extension without touching agent code • Agent extensions should have access to agent resources Agent Extensions: Goals and Concerns
  30. 30. Under the Trenchcoat: Neutron Agent Extensions31 L 2
  31. 31. L2 Agent Extensions: The OVS Agent Players Under the Trenchcoat: Neutron Agent Extensions32 The OVS framework: The QoS agent extension with an OVS driver:
  32. 32. L2: The OVS Agent Extension API Under the Trenchcoat: Neutron Agent Extensions33
  33. 33. L2: The OVS Agent Under the Trenchcoat: Neutron Agent Extensions34
  34. 34. L2: The Agent Extensions Manager Under the Trenchcoat: Neutron Agent Extensions35
  35. 35. L2: The Extensions’ Abstract Base Classes Under the Trenchcoat: Neutron Agent Extensions36
  36. 36. L2: The QoS Agent Extension Under the Trenchcoat: Neutron Agent Extensions37
  37. 37. L2: The OvS QoS Driver Under the Trenchcoat: Neutron Agent Extensions38
  38. 38. Section 3: Use Cases for Agent Extensions
  39. 39. L2 extension Use Cases The use cases for L2 Extensions include: - Quality of service, limiting or modifying traffic on an individual Neutron port. - Tap-aas, mirroring traffic from a Neutron port to another port for debug purposes. - Firewalls, filtering traffic at the Neutron Port. Under the Trenchcoat: Neutron Agent Extensions40
  40. 40. L3 extension Use Cases The use cases for L3 Extensions include: - Firewalls, Enforcing Access Control Lists at network gateways. - Load balancing, Redirecting incoming traffic to other Neutron ports from the network gateway. - Virtual private networks. Under the Trenchcoat: Neutron Agent Extensions41
  41. 41. Future work Work planned that impacts Neutron Agent Extensions: - L2 OvS Flow Manager: - Manage the use of Open vSwitch's flow table between extensions to facilitate extension interoperability. - Spec: https://review.openstack.org/#/c/320439/ - Implementation: https://review.openstack.org/#/c/323963/ - Neutron Common Classification Framework: - Provide a common and consistent API for Neutron and its extensions to classify traffic. - Spec: https://review.openstack.org/#/c/333993/ - Implementation: https://github.com/openstack/neutron-classifier Under the Trenchcoat: Neutron Agent Extensions42
  42. 42. Addendum: Making Your Own Agent Extension
  43. 43. How do you make an agent extension? • Extension Descriptor - Designing a Resource Attribute map • Service plugin • Agent plugins - L3 agent extensions - L2 agent extensions - Agent Drivers • Extending the Neutron Client • Creating the Devstack plugin Under the Trenchcoat: Neutron Agent Extensions44
  44. 44. Extension Descriptor • Describes the Extension to the Neutron Agent it will extend. Under the Trenchcoat: Neutron Agent Extensions45
  45. 45. Resource Attribute Map • Describes the custom data types to the agent that this extension will use. Under the Trenchcoat: Neutron Agent Extensions46
  46. 46. Service Plugin • Extends the Neutron REST API. • Posts updates to the database. Under the Trenchcoat: Neutron Agent Extensions47
  47. 47. L3 Agent Plugin • Is loaded into a Neutron L3 agent’s (q-l3) extension manager. Under the Trenchcoat: Neutron Agent Extensions48
  48. 48. L2 Agent Plugin • Is loaded into the Neutron agent’s (q-agt) extension manager. Under the Trenchcoat: Neutron Agent Extensions49
  49. 49. L2 Agent Drivers • When an extension is loaded a driver_type is passed into the agent plugin. Under the Trenchcoat: Neutron Agent Extensions50
  50. 50. Extending the Neutron Command Line Interface • Extending the Neutron CLI can be done the same way as the Neutron Agents. Under the Trenchcoat: Neutron Agent Extensions51
  51. 51. Devstack plugin • Allows your project to be built by the devstack deployment tool. Under the Trenchcoat: Neutron Agent Extensions52
  52. 52. Resources Under the Trenchcoat: Neutron Agent Extensions53 • Agent extensions devref: http://docs.openstack.org/developer/neutron/devref/agent_extensions.html# • Plugins, extensions, and entry points: http://docs.openstack.org/developer/stevedore/tutorial/creating_plugins.html • Stevedore’s extension manager classes: http://docs.openstack.org/developer/stevedore/managers.html#stevedore.extension.Ext ensionManager • DSCP summit talk (Austin, 2016): https://www.openstack.org/videos/video/neutron- dscp-policing-your-network • QoS summit talk (Tokyo, 2015): https://www.openstack.org/videos/video/tokyo-3166
  53. 53. Legal Notices and Disclaimers Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer. No computer system can be absolutely secure. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. © 2016 Intel Corporation © 2016 Comcast Corporation Under the Trenchcoat: Neutron Agent Extensions54
  54. 54. QR Codes A Neutron extension project that provides the skeleton of an out- of-tree Neutron extension: Under the Trenchcoat: Neutron Agent Extensions56 Slides for this talk:
  55. 55. Any Questions? Nate Johnston nate_johnston@comcast.com Margaret Frances margaret_frances@comcast.com David Shaughnessy david.shaughnessy@intel.com Under the Trenchcoat: Neutron Agent Extensions57

×