OpenStack Neutron Service Chaining and Insertion

2,960 views

Published on

This is the service insertion and chaining proposal which was presented during the OpenStack Icehouse Design Summit (Hong Kong, Nov 2013).

Published in: Technology

OpenStack Neutron Service Chaining and Insertion

  1. 1. OpenStack Neutron Service Insertion and Chaining Icehouse Summit Nov 2013 Sumit Naiksatam, Kanzhe Jiang
  2. 2. Resource Model
  3. 3. Service Insertion Context and different insertion modes
  4. 4. Service Insertion Context
  5. 5. L3 insertion
  6. 6. L3 Insertion
  7. 7. L3 Insertion
  8. 8. L3 Insertion
  9. 9. L2 Insertion
  10. 10. Bump in the Wire
  11. 11. Tap
  12. 12. Service Chain Resource
  13. 13. Create and insert individual service
  14. 14. Chooses Service Provider Name from list of available service providers. $ neutron service-provider-list ----------------------------------------------------| Service Type | Name | Default | |---------------------------------------------------| FIREWALL | IPTables | True | | FIREWALL | VendorA | False | | VPN | OpenSwan | True | | VPN | VendorB | False | -----------------------------------------------------
  15. 15. Create service instance (firewall in this case) $ neutron firewall-create <firewall_policy_id> OR $ neutron firewall-create <firewall_policy_id> --provider VendorA OR $ neutron firewall-create <firewall_policy_id> --provider VendorA --insertion-context router_id=<router_id>
  16. 16. Create a Service Chain
  17. 17. Chooses Service Provider Name from list of available service providers. $ neutron service-provider-list ----------------------------------------------------| Service Type | Name | Default | |---------------------------------------------------| FIREWALL | IPTables | True | | FIREWALL | VendorA | False | | VPN | OpenSwan | True | | VPN | VendorB | False | ----------------------------------------------------$ neutron service-chain-provider-list ----------------------------------------------| Chain Name | Services | |---------------------------------------------|Firewall-VPN-Ref-Chain| [IPTables,OpenSwan] | -----------------------------------------------
  18. 18. Create each service in the eventual chain $ neutron firewall-create <firewall_policy_id> --provider IPTables –-in-chain True … … … $ neutron vpn-service-create --provider OpenSwan –-in-chain True … … …
  19. 19. Create chain $ neutron service-chain-create --provider Firewall-VPN-Ref-Chain --services <firewall_instance_id, vpn_instance_id> --name my_fw_vpn_chain --source-insertion-context --router_id=<router_id> … … …

×