OpenStack Quantum

11,400 views

Published on

Slides presented at "OpenStack Quantum & Network Services" Meetup, Silicon Valley Cloud Center on Monday, March 26, 2012.

Published in: Technology, Education

OpenStack Quantum

  1. OpenStack Quantum (almost)1 Year Old!!Sumit Naiksatam, Cisco Cloud CTO’s OfficeMarch 26th, 2012© 2012 Cisco and/or its affiliates. All rights reserved. 1
  2. Highlights • Quantum Model, API, and Extension Framework • Multi-technology L2 Network Plugin • 802.1Qbh/UCS and Nexus Plugins • Manages both virtual & physical switching • Reusable Component Framework • Linux Bridge Plugin • Extensions (QoS, PortProfile, etc.) • Quantum-aware VM placement • Horizon/Quantum • L3 Abstractions, API and Services© 2012 Cisco and/or its affiliates. All rights reserved. 2
  3. Quantum Network Service  Nova supported three basic network models  Flat, FlatDHCP, VLAN  Single big IP address space for all tenants  Restricted to IPTables and Linux Bridge  Limited semantics  Quantum Network Service to extend basic models with a developer-friendly network abstraction© 2012 Cisco and/or its affiliates. All rights reserved. 3
  4. Quantum Plug-in Architecture Quantum Service API API Extensions Quantum API & Extensions Framework Quantum Plug-in Framework Cisco Network Plug-Ins Cisco Device Managers (e.g. UCS Manager) Cisco Compute & Networking Infra • Switching portfolio (Nexus 3k/5k/7k) • Unified Computing System (via UCS Manager) • Routing portfolio (e.g. ASR, CRS)© 2012 Cisco and/or its affiliates. All rights reserved. 4
  5. Deployment Example© 2012 Cisco and/or its affiliates. All rights reserved. 5
  6. Deployment Example Open Cloud Controller Host A Host B Host C Nova (Compute) T1 VM1 T1 VM2 T1 VM3 Quantum (Network) Swift (Storage) T2 VM1 T2 VM2 Glance (Image) Keystone (Identity) T3 VM 1 T3 VM 2 Scheduler L2 Network UCS Blade UCS Blade Palo UCS Blade Palo Palo Palo UCS Blade Palo Palo vNIC Palo UCS Blade vNIC Palo vNIC Palo vNIC Palo UCS Blade vNIC vNIC Palo Palo vNIC Palo vNIC Palo vNIC Palo vNIC Palo vNIC Palo vNIC Palo vNIC vNIC vNIC vNIC vNIC vNIC© 2012 Cisco and/or its affiliates. All rights reserved. 6
  7. 802.1qbh on Cisco UCS-Palo/UCSM Eliminates the vSwitch within the hypervisor by providing individual virtual machine virtual ports on the physical network switchLibvirt Network Interface Configuration:<interface type=direct> <mac address=${nic.mac_address}/> <source dev=${nic.device_name} mode=private/> <virtualport type=802.1Qbh> <parameters profileid=${nic.profile_name}/> </virtualport> <model type=virtio/></interface> Quantum UCS Palo Plugin  Configures via UCSM http://www.cisco.com/en/US/netsol/ns1 Now IEEE 802.1BR Bridge 124/index.html Port Extension © 2012 Cisco and/or its affiliates. All rights reserved. 7
  8. Nexus Switches (in hardware)  Unified fabric data center switches http://www.cisco.com/en/US/products/ps9402/index.html  Communication with the XML API is accomplished in XML over the Network Configuration Protocol (NETCONF)  Configuration of ports and VLANs via Quantum Nexus Plugin E.g.: Create VLAN ID <vlan> <vlan-id-create-delete> <__XML__PARAM_value>%s</__XML__PARAM_value> <__XML__MODE_vlan> <name> <vlan-name>%s</vlan-name> </name> <state> <vstate>active</vstate> </state> <no> <shutdown/> </no> </__XML__MODE_vlan> </vlan-id-create-delete></vlan>© 2012 Cisco and/or its affiliates. All rights reserved. 8
  9. Multi-switch/technology Plugin Framework Quantum Logical Abstractions VLAN Realization of logical Manager model, generic + L2 Network Plugin Segmentation ID extensions Manager Mapping of logical model Static to underlying physical L2 Device Configuration topology and network Inventory technology; global Discovered network view L2 Network Model Configuration Technology-specific; Per device type, acts on one device UCS Plugin Nexus Plugin e.g. per call; UCS Inventory local view Device-specific Plugins Nexus Inventory Device-interaction- UCSM Driver Nexus Driver transport-specific; Pluggable modules via e.g. sending Device-specific Drivers configuration files NETCONF commands Modules external to Quantum© 2012 Cisco and/or its affiliates. All rights reserved. 9
  10. Sequence of OperationsProposedgeneral L2-Network-Pluginframework 8 Core & Extended API: create_network() 1 create_port() create_portprofile() … Core & Extended API: create_network() create_port() L2-Device Inventory create_portprofile() 2 L2-Device Inventory … L2-Network-Model L2-Device Inventory Return: 3 Device IP + Context 7 Core & Extended API: 4 create_network(device_ip, context) create_port(device_ip, context) create_portprofile(device_ip, context) … 5 Device- L2-Device-Plugin Device- Return: L2-Device-Plugin Driver Device- Success/failure, other L2-Device-Plugin 6 Driver information relevant to that plugin Driver Device drivers: XML-API based UCSM driver, and NetConf based Nexus Driver © 2012 Cisco and/or its affiliates. All rights reserved. 10
  11. Quantum-aware VM placement –Nova Scheduler Extension  Create port results in the reservation of physical/virtual resources on a UCS blade  VM has to be placed on that blade on which the Quantum port was created (one of the scheduling constraints)  So scheduler needs to be able to communicate with Quantum to associate a reserved port with a VM’s VIF  Scheduler uses a “novatenant” resource extension/actions to communicate between Nova & Quantum© 2012 Cisco and/or its affiliates. All rights reserved. 11
  12. Quantum Linux Bridge Plugin – A Basic VLAN Plugin CRUD Network/Port, Plug/ Unplug Interface Quantum Linux Nova Compute Bridge Plugin 4 Quantum Linux Bridge Plugin 2 Agent MySQL DB 1,3 VM VM 6 Quantum Server tap tap 5 Linux Linux Bridge Bridge ethX.VLA ethX.VLA N1 N2 KVM/Linux Host ethX To Physical Switch© 2012 Cisco and/or its affiliates. All rights reserved. 12
  13. Looking ahead – L3© 2012 Cisco and/or its affiliates. All rights reserved.© 2012 Cisco and/or its affiliates. All rights reserved. 13 13
  14. Quantum & L3  Quantum today  Only L2; QuantumManager in Nova handles L3 constructs  What do we need?  Extend Quantum to support L3 Constructs in addition to available L2 constructs  Introduce Subnets and Routing constructs  Why?  Enable: Intra-tenant routing (multi-tier topologies), Public-Private, Private-Public, VPN, L3 Services, Hybrid Cloud, Network Containers© 2012 Cisco and/or its affiliates. All rights reserved. 14
  15. Multitier Application Deployment Web Servers Public Subnet Database Servers Private Subnet Application Servers Private Subnet© 2012 Cisco and/or its affiliates. All rights reserved. 15
  16. Connectivity & Isolation with Routes Source Destination Target Subnet-A 10.0.20.0/24 Private Subnet-B 10.0.10.0/24 Private Public Subnet-B 10.0.30.0/24 Private Subnet (ID: Subnet-C 10.0.20.0/24 Private Subnet-A) Subnet-A 0.0.0.0 Public 10.0.10.0/24 Private Subnet (ID: Subnet-C) 10.0.30.0/24 Private Subnet (ID: Subnet-B) 10.0.20.0/24© 2012 Cisco and/or its affiliates. All rights reserved. 16
  17. Realization via Simple Operations/APIs create subnet create route-table get targets add route pointing to target© 2012 Cisco and/or its affiliates. All rights reserved. 17
  18. Service Provider API – Configuring Targets  SP has to be able to resolve targets to addressable endpoints  Targets could be  VPN, NAT, or  other services (Firewall, LB), or  other VMs  Targets made available by SP based on tenant context  Advantage – Support for services like Firewall, LB, etc. can be developed independently © 2012 Cisco and/or its affiliates. All rights reserved. 18
  19. OpenStack with Quantum: a multi-tenant network service for creating virtual data centers (application specific topologies + network services) Tenant “B” Tenant “A” App App Web Svr Web Svr Web Svr OS OS OS OS OS VM VM VM VM VM DataBase OS App Svr App Svr MemCach MemCach VM OS OS OS OS VM VM VM VM Tenant “C” DataBase DataBase App DataBase OS OS OS OS VM VM VM VM Internet Access, Management Network and Multi-tenant Services Internet VPN Gateway Service Provider Network Service© 2012 Cisco and/or its affiliates. All rights reserved. 19
  20. L3 API Blueprint & Implementation  What?  Kicked off in Essex Summit (Oct 2011)  A separate L3 API, same Quantum service  New Resources: Subnets, Route-tables*, Routes, Targets  How?  A separate L3 plugin, works with a L2 plugin  Plugins: Linux Gateway, physical routers,…  Where?  Blueprint: https://blueprints.launchpad.net/quantum/+spec/quantum-l3-api  Wiki: http://wiki.openstack.org/quantum-l3  Branch: https://github.com/CiscoSystems/quantum/tree/int/l3apiframework [* This is an abstracted construct to capture connectivity information, and should not be confused with the routing tables in a traditional router]© 2012 Cisco and/or its affiliates. All rights reserved. 20
  21. Wish List  Access Control  Richer features Mostly Keystone dependent IPAM capabilities  Support for scale Monitoring Extend segmentation ID Metering, Billing limits (e.g. VXLAN) Cleaner delineation of roles Multiple gateways (e.g. user versus provider) Agent communication  Ease of use (message bus?) Difficult to get a setup Single server/DB versus working Distributed Troubleshooting  Resource reservation Capabilities semantics E.g. End-to-end bandwidth QoS© 2012 Cisco and/or its affiliates. All rights reserved. 21
  22. Come, join us!© 2012 Cisco and/or its affiliates. All rights reserved. 22

×