Advanced network services insertions framework
18
Openstack Grizzly Summit Quantum Advanced Services Insertion San Diego, California Tuesday, October 16 th
-
Upload
salvorlando -
Category
Documents
-
view
1.654 -
download
1
description
WIP draft for Advanced network service insertion at San Diego OS summit
Transcript of Advanced network services insertions framework
Openstack Grizzly Summit
Quantum AdvancedServices Insertion
San Diego, California
Tuesday, October 16th
What this session IS about
• Insertion of advanced network services in the logical network model
• We will try to address the following questions:
– In which points a network services can be inserted
– What are the ways for inserting a network service
– How these services affect the logical network model
What this session IS NOT about
• API definition for specific services
• Discussion about the advanced services themselves
• How plugins, agents and drivers should communicate each other
• We have plenty of sessions to cover these topics!
Current logical model
• Topologies implemented through routers, networks, and ports
Network Network
Router
External Network
Ports
Definition of an advanced service
• The topology defines the logical model for connectivity at L2/L3
• An “advanced network service” can be regarded as a “network application” running on top of this logical platform providing a particular L4 to L7 network service
• Floating IPs are an example
Advanced services and Quantum
• Three modes of interaction:
1. Ignore what lies beneathService just assumes something provides the required connectivity
2. Use QuantumService runs independently of Quantum, but uses its API to configure its own resources
3. Be a part of QuantumThe service runs within the Quantum process spaces and is part of its logical model
Insertion points (in the logical model)
Network Network
Router
External Network
Uses L3 connectivity to provide a network service to all VMs reachable via a router
Router-levelinsertion
Network service provided to all VMs in a given L2 broadcast domain
Network-level insertion
Service either provided to single port or distributed across ports
Port-level insertion
Advanced services and Quantum’s logical model
• TENANT PERSPECTIVE
– Insertion in “Routed” mode• The service is “attached” to a Quantum router• E.g.: Edge router providing integrated network services• From an API perspective each service is always individually configured
– Insertion in “Floating” mode• The service is configured as a “rule” or “policy” on entities of Quantum logical
modeE.g.: Load Balancing in one-arm mode
• Can probably still be reduced to the Routed mode
– Advanced services might also be specified as “properties” of logical elements• E.g.: security groups, port isolation, QoS
Advanced services and Quantum’s logical model
• ADMIN/PROVIDER PERSPECTIVE– A “service type” specification defines which
services can be enabled for a given router– A physical appliance (or a pool of them)
– A virtual appliance
– A set of services and configurations (e.g.: the OSS Quantum Router implementation)
• Each router might have a different set of enabled services
• Floating mode insertion:– A service device could be implicitly created or associated to
the service being configured
API tasters• POST /servicetypes
{“name”: “platinum”,“services”: [{“service”: “loadbalancer”,“provider”: “quantum.plugins.lb.foolb”},{“service”: “floatingip”,“provider”: “quantum.plugins.fip.barfip”}
]}
• POST /routers{“name”: “servicerouter”,“service_type_id”: “<some_id>”}
• POST /loadbalancers{ … Various lb stuff …“router_id”: “<some_id>”… More lb stuff …
}
How advanced services are provided
• Keep using Quantum’s plugin approach
• The back end implementation of a routers could be capable of providing a range of services
– For instance, a virtual appliance providing L3 fwd, Ext GW, VPN access, Load Balancing, Firewall, etc.
• The same kind of service could even be provided by different drivers
The notion of “service type”
• A concept not very different from the “flavor” for compute
• Naming is provisional (alternative proposals welcome)
• Specifies what services are allowed on a logical router
• Defines the backend provider– not necessarily exposing it
• Reflects the concept of “Integrated Network Services Device”
Sample logical modelswith advanced services
The following is a discussion of sample applications of the previously introduced service
insertion model
Scenario 1Integrated Services Edge Router
Network Network
Router
External Network
LB FWVPN
DNAT
LB VirtualServer
VPN Endpoint
ExtGW
FloatingIP
Scenario 2One-arm Load Balancing
Network Network
Router
External Network
LB
FWVPN
DNAT
VirtualServer
ServicePoolService Type “Purple”
Service Type “Light Blue”
Scenario 2.bOne-arm Load Balancing via Router
Network Network
Router
External Network
FWVPN
DNAT
VirtualServer
ServicePoolService Type “Purple”
Service Type “Light Blue”
Router
LB
Scenario 4Multiple routers with different
inserted services
Network Network
Router
External Network
LB FWVPN
DNAT
Network
Router
DNAT FW
Service Type “Purple”
Service Type “Light Blue”
Thoughts about a roadmap for advanced service insertion
• Agree on general model
• Analyze use case scenarios
– Identify a relatively small subset to be implemented in 1st release
• Pretty much as we did for Quantum
• Define and implement:
– “Provider APIs” for managing service insertion
– “Tenant APIs” for handling service types
