Upload
edgar-magana
View
9.431
Download
1
Embed Size (px)
DESCRIPTION
Presentation about OpenStack Neutron Overview presented during three meet-ups in NYC, Connecticut and Philadelphia during October 2013 by Edgar Magana from PLUMgrid
Citation preview
OpenStack Overview Havana October 2013
Edgar Magana, PhD
OpenStack Core Developer (Neutron)
© 2013 PLUMgrid. All rights reserved.
Session Agenda
NO!
Acknowledgments
Big Thanks to Great Developers in OpenStack Community & OpenStack Foundation Information presented here are sourced from my own experience as OpenStack developer/user and from OpenStack Foundation Documents & Community Views and Technical points expressed here are solely presenter’s and doesn’t reflect his employer views/positions or OpenStack Foundation in anyway.
© 2013 PLUMgrid. All rights reserved.
What is OpenStack?
§ OpenStack is a cloud management system that controls large
pools of compute, storage, and networking resources
throughout a datacenter, all managed through a dashboard that
gives administrators control while empowering their users to
provision resources through a web interface.
© 2013 PLUMgrid. All rights reserved.
OpenStack: A Brief History
NASA Launches Nebula One of the first cloud computing platforms built for Federal Government Private Cloud
March 2010: Rackspace Open Sources Cloud Files software, aka Swift
May 2010: NASA open sources compute software, aka “Nova”
June 2010: OpenStack is formed
July 2010: The inaugural Design Summit
April 2012: OpenStack Foundation
April 2013: Grizzly Release
Nov 2013: Havana Release
Quantum à Neutron
April 2014: Icehouse Release
nebula.nasa.gov
© 2013 PLUMgrid. All rights reserved.
OpenStack Community
© 2013 PLUMgrid. All rights reserved.
OpenStack Core Services
Compute ("Nova") provides virtual servers upon demand. Compute resources are accessible via APIs for developers building cloud applications and via web interfaces for administrators and users. The compute architecture is designed to scale horizontally on standard hardware, enabling the cloud economics companies have come to expect.
Network (”Neutron") is a pluggable, scalable and API-driven system for managing networks and IP addresses. Like other aspects of the cloud operating system, it can be used by administrators and users to increase the value of existing datacenter assets.
Block Storage ("Cinder") provides persistent block storage to guest VMs. This project was born from code originally in Nova (the nova-volume service described below).
Dashboard ("Horizon") provides a modular web-based user interface for all the OpenStack services.
© 2013 PLUMgrid. All rights reserved.
OpenStack Core Services Object Store ("Swift") provides object storage. It allows you to store or retrieve files (but not mount directories like a fileserver)
Image ("Glance") provides a catalog and repository for virtual disk images. These disk images are mostly commonly used in OpenStack Compute.
Identity ("Keystone") provides authentication and authorization for all the OpenStack services
Orchestration (“Heat”) orchestrates multiple cloud applications using the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API
Metering (“Ceilometer”) monitoring and metering framework using an agentless from 3rd party systems, all is natively implemented in OpenStack
Documentation (“What’s up doc?)
How many in total?
21
https://wiki.openstack.org/wiki/Programs
© 2013 PLUMgrid. All rights reserved.
OpenStack Core Services - Conceptual
docs.openstack.org
© 2013 PLUMgrid. All rights reserved.
OpenStack Core Services - Conceptual
docs.openstack.org
© 2013 PLUMgrid. All rights reserved.
docs.openstack.org
Level three and she thinks she is rich! What a noob!
© 2013 PLUMgrid. All rights reserved.
OpenStack Core Services - Logical
docs.openstack.org
Neutron
© 2013 PLUMgrid. All rights reserved.
www.cafepress.com
© 2013 PLUMgrid. All rights reserved.
§ Incubation project in April 2011
§ Promoted to Core Project at Folsom Summit (April 2012)
§ Neutron Solves two main issues in Nova – Network: 1. Limited networking technology
� Basic linux bridging-based implementation
� Limited features (missing ACL, QoS, …)
� Limited multi-tenancy isolation – 802.1q VLAN tags.
2. Limited User/Tenant control over the network � Tenant can not create their own network topologies
� Tenant can not leverage different network virtualization technologies
Neutron - Overview
15
© 2013 PLUMgrid. All rights reserved.
Network as a Service (NaaS)
§ Provides REST APIs to manage network connections for the resources managed by other OpenStack Services (e.g. Nova)
§ Technology Agnostic (framework based on “plug-ins”)
§ Multi-tenancy: Isolation, Abstraction, full control over virtual networks
§ Modular Design: API specifies service, vendor provides its implementation. Extensions for vendor-specific features.
§ Standalone Service : It is not exclusive to OpenStack. Neutron is an autonomous service
§ Exposes vendor-specific network virtualization and SDN technologies
OpenStack Networking - Neutron
© 2013 PLUMgrid. All rights reserved.
What does Neutron do?
§ Complete control over the following network resources in OpenStack § Networks, Ports and Subnets
§ Build complex network topologies based on user/tenant input § Assigns its own network segmentation process § Limited L3 functionality (IP tables rules at host level) § Just one plugin at the time
§ Modular Layer 2 (ML2) § Cisco Plugin supports OVS + NXOS + N1Kv § Meta-plugin (based on zones-flavors)
§ Focused on VNI (Virtual Networking Infrastructure) § Basic VLAN configuration on the Physical Switch (NXOS, Arista,
Brocade, etc…)
© 2013 PLUMgrid. All rights reserved.
What doesn’t Neutron do?
§ Discovery of the network physical infrastructure § Any L3 real configuration (router plugin is in progress) § Synch mechanisms with other network management systems
§ Note: Neutron Plugins could delegate this work § Any configuration at the aggregation layer and/or edge layer
§ Basic configuration at the access layer
© 2013 PLUMgrid. All rights reserved.
Neutron Architecture
Neutron API
Neutron Service
Neutron Plug-in API
API Extensions
Service API (VPN, FW & LBaaS)
VNI & PNI Virtual & Physical Networking Infrastructure
Plug-In Extensions
Plug-In Implementation
© 2013 PLUMgrid. All rights reserved.
§ Modular Layer 2 (ML2): § New in Havana § ML2 can concurrently use multiple layer 2 networking technologies that are found in real-world
data centers. § It currently works with the existing Open vSwitch, Linux Bridge, and Hyper-v L2 agents
§ Linux Bridge (deprecated): § Build isolated networks with VLAN interfaces and Linux Bridge § Works with every Linux distro
§ Open vSwitch (deprecated): § Builds isolated networks with OVS and L2-in-L3 tunnels. § Supports GRE and VXLAN tunnels
§ PLUMgrid: § Acts as a proxy for the PLUMgrid Director and IOVisor technology
§ Cisco: § NXOS and N1Kv
§ NTT-Data Ryu: § Acts as a proxy for the NTT Ryu platform
§ NEC, Hyper-V, Brocade, …
Neutron Plugins - Havana Neutron Plug-Ins
© 2013 PLUMgrid. All rights reserved.
§ Load Balancer as a Service (LBaaS): § Stable release
§ HA Proxy support
§ Vendor specific framework in place
§ Virtual Private Network as a Service (VPNaaS): § IPsec support
§ Site-to-Site configuration
§ Single-site-to-Multi-site configuration
§ Firewall as a Service (FWaaS): § Separate FW service
§ IP tables support
§ Vendor specific service can be included
Neutron Services - Havana
source: wiki.Openstack.org
Neutron Services
© 2013 PLUMgrid. All rights reserved.
OpenStack Network Deployment Architecture
© 2013 PLUMgrid. All rights reserved.
VM booting workflow between nova and neutron
1. nova boot will get into compute driver, which will call neutron api to create port
2. neutron-server creates the port object and allocates it with ip address from subnets
3. neutron-server notifies neutron-dhcp agent with the created port object
4. neutron-dhcp agent configs the dhcp server with the port object, such as IP, Mac, gateway and routes
5. compute-driver gets the network information, and then create port on br-int soft-switch, and then starts the VM with a tap device attached on the soft-switch port.
6. soft-neutron-agent detects and gets to know there is a new soft-switch port created
7. soft-neutron-agent asks information from neutron-server
8. soft-neutron-agent set up the port, such as the flows and vlan id of the soft-switch port. After this step, the VM's network is connected.
9. VM gets the IP address with the dhcp client.
23
© 2013 PLUMgrid. All rights reserved.
Neutron Network Internals
© 2013 PLUMgrid. All rights reserved.
OpenStack Network ML2
source: openstack.docs
© 2013 PLUMgrid. All rights reserved.
OpenStack Network ML2
© 2013 PLUMgrid. All rights reserved.
Neutron server & plug-in
Plugin Agent
(soft-switch)
DHCP Agent
DB
Queue
Neutron Server Implement REST APIs and its extensions Enforce network model
Network, subnet, and port IP addressing to each port (IPAM)
Soft-switch Plugin agent Run on each compute node Connect instances to network port
DHCP Agent In multi-host mode, run on each compute node (deferred) Start/stop dhcp server Maintain dhcp configuration
L3 Agent To implement floating Ips and other L3 features, such as NAT One per network
Queue Enhance communication between each components of neutron
DB Persistent network model
L3-Agent (FW & NAT)
Neutron Components
Service-LBaaS Agent
Service-VPNaaS Agent
Neutron Deployment Components – ML2
© 2013 PLUMgrid. All rights reserved.
§ Neutron community is growing – Support is guaranteed
§ Pluggable Architecture – All vendors are welcome
§ Testing is always our first priority
§ Code quality is one of the top ones
§ Features are always coming in but testing is a must
§ All works with opensource technologies § Performance is always a concern
§ Analytics are minimal
§ Debugging is challenging
§ Neutron offers migration paths are available from release to release
Neutron - Summary
28
© 2013 PLUMgrid. All rights reserved.
© 2013 PLUMgrid. All rights reserved.
© 2013 PLUMgrid. All rights reserved.
PLUMgrid
© 2013 PLUMgrid. All rights reserved.
© 2013 PLUMgrid. All rights reserved.
PLUMgrid in OpenStack
33
Nova
Neutron Glance
Swift
Cinder
Storage
Network
Compute
PLUMgrid Neutron Plugin Adds:
• Increased Control • Virtual Domains
• Simplified Isolation
• Advanced Functionality • Complete Network Services
• No OVS or Flat Networks
• Increased Scale • No VLANs, no agents, no OpenFlow
• Open Platform • Add 3rd Party Network Functions
• Network Visibility • PLUMgrid Analytics and Monitoring
Proven OpenStack Neutron Plugin
© 2013 PLUMgrid. All rights reserved.
Neutron server & plug-in
Plugin Agent
(soft-switch)
DHCP Agent
DB
Queue
Neutron Server Implement REST APIs and its extensions Enforce network model
Network, subnet, and port IP addressing to each port (IPAM)
Soft-switch Plugin agent Run on each compute node Connect instances to network port
DHCP Agent In multi-host mode, run on each compute node (deferred) Start/stop dhcp server Maintain dhcp configuration
L3 Agent To implement floating Ips and other L3 features, such as NAT One per network
Queue Enhance communication between each components of neutron
DB Persistent network model
L3-Agent (FW & NAT)
Neutron Components
Service-LBaaS Agent
Service-VPNaaS Agent
Neutron Deployment Components – ML2
© 2013 PLUMgrid. All rights reserved.
Neutron server & plug-in
DB
Queue
Neutron Components Neutron Deployment Components – ML2
PLUMgrid Director
Simplify Neutron Model
Network Services:
quick & simple (no extra agents)
easy
reliable
NOVA VIF Drivers
new driver is being integrated in Havana (IOVISOR Driver)
Neutron Virtual Network Functions (VNF)
easy integration and deployment for VNFs
Neutron Extensions
Provider networks
DHCP
L3
…
© 2013 PLUMgrid. All rights reserved.
Included in Havana Release: https://wiki.openstack.org/wiki/PLUMgrid-Neutron
Testing with Devstack: # git clone http://github.com/openstack-dev/devstack.git # vim localrc:
– Q_PLUGIN=plumgrid
– PLUMGRID_DIRECTOR_IP =
– PLUMGRID_DIRECTOR_PORT = 8080
– disable_service n-net
– disable_service n-cpu (optional)
– enable_service q-svc
– enable_service neutron
– LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
Neutron with PLUMgrid
© 2013 PLUMgrid. All rights reserved.
Most Common Use Cases
37
Overlapping IP Setup source ~/user_demo_one neutron net-create net1 neutron subnet-create net1 10.0.0.0/24 #use network_id nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm1-userone nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm2-userone source ~/user_demo_two neutron net-create net1 neutron subnet-create net1 10.0.0.0/24 nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm1-usertwo nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm2-usertwo Delete the vms: nova delete vm1-usertwo nova delete vm2-usertwo source ~/user_demo_one nova delete vm1-userone nova delete vm2-userone
© 2013 PLUMgrid. All rights reserved.
Most Common Use Cases
38
Public network source ./admin_user # Create shared network neutron net-create public --shared True neutron subnet-create --no-gateway public 10.10.0.0/24 source ~/user_demo_one nova boot --image <img_id> --flavor 1 --nic net-id=<net1-id> --nic net-id=<public-id> vm1-user1 source ~/user_demo_two nova boot --image <img_id> --flavor 1 --nic net-id=<net1-id> --nic net-id=<public-id> vm1-user2 Floating IP #create external network neutron net-create ext_net -- --router:external=True neutron subnet-create ext_net 1.1.1.0/24 -- --enable_dhcp=False # connect router to the upstream external network neutron router-gateway-set router1 ext_net # create some floating ips out of this external network neutron floatingip-create ext_net --port_id $VM2_PORT_IDil neutron floatingip-disassociate <floating_ip_id>
OpenStack Open Source Community
© 2013 PLUMgrid. All rights reserved.
• Grizzly Release (April 2013): L3 extensions API – XML DB Migration LBaaS (agent-based) Security Groups Quotas New Plugins (PLUMgrid)
• Havana Release (Nov, 2013) VPNaaS (agent-based) FWaaS (agent-based) Improve LBaaS Performance Improvements …
Neutron Release Cycle
© 2013 PLUMgrid. All rights reserved.
• Join the foundation § https://wiki.openstack.org/wiki/HowToContribute § Corporate Contributor License Agreement § Individual Contributor License Agreement
• Blueprints and Bugs in Launchpad § https://blueprints.launchpad.net/neutron § https://bugs.launchpad.net/neutron/+bugs
• Code review in Gerrit § https://wiki.openstack.org/wiki/GerritWorkflow § https://review.openstack.org/#/q/status:open+project:openstack/neutron,n,z § pep8 enforcement § Python hacking rules: § https://github.com/openstack/neutron/blob/master/HACKING.rst
OpenStack Contribution
Questions!
Network Service (Nova-Network) Overview
© 2013 PLUMgrid. All rights reserved.
Introduction
Network service / controller provides network related services to connect compute instances (VM) to network
Nova has an embedded network component called Nova-Network that provides network related services Target network domain: L2 network connecting VMs to local (access) network
A separate network service / controller called Neutron is a separate (from Nova) service on its own Target network domain: L2, L3
45
© 2013 PLUMgrid. All rights reserved.
Nova-Network
46
§ Flat Mode § All Instances are attached to a single Linux bridge
§ IP addresses are injected into image on launch (from configuration file)
§ FlatDHCP Mode
§ Similar to Flat Mode with DHCP for IP addresses
§ VLAN Network Mode: Default Mode § A VLAN, Fixed IP Subnet, and Linux bridge per tenant
§ Switch must support 802.1Q VLAN tagging
§ Neutron Network Manager (code is being renaming in Havana release) § A client (resident in Nova) for communication with Neutron Service
© 2013 PLUMgrid. All rights reserved.
Flat Mode
47
VM1
WS1
OS
vNIC
TAP1
ETH0 Hypervisor
TAP2
VM2
App
OS
vNIC
TAP3
VM3
WS2
OS
vNIC
br100 ETH0
br100
SW 11
ETH1
SW 11 Private
Towards Cloud DC Net or Public Net
Nova Controller with Nova-Network or
Neutron Controller
Nova Compute Host 1
Controller Host
VM4
WS1
OS
vNIC
TAP4
ETH0 Hypervisor
TAP5
VM5
App
OS
vNIC
TAP6
VM6
WS2
OS
vNIC
br100
Nova Compute Host 2
Bridging, NAT, DHCP
§ Outside communication via the controller node (where Nova-network is resident)
§ Nova network component (or controller) can run in each compute node
© 2013 PLUMgrid. All rights reserved.
VLAN Mode
VM1
WS1
OS
vNIC
TAP0
ETH1 Hypervisor
TAP1
VM2
App
OS
vNIC
TAP3
VM3
WS2
OS
vNIC
br1 / VLAN 22
br0/ VLAN11
VM4
WS1
OS
vNIC
TAP4
ETH1 Hypervisor
TAP5
VM5
App
OS
vNIC
TAP6
VM6
WS2
OS
vNIC
br1 / VLAN 22
br0 / VLAN11 ETH1
br0 / VLAN11
br0 / VLAN 22
SW-Fab
ETH0
SW-Ext Private
Towards DC Net or Public Net
Nova with Nova-Network or Neutron Controller
Nova Compute Nova Compute Host 1 Host 2 Host n