Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM...

38
Architektura systemu OpenContrail Michał Dubiel Kraków 2014

Transcript of Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM...

Page 1: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Architektura  systemu  OpenContrail  

Michał  Dubiel  Kraków  2014  

Page 2: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Plan  

•  Cloud  operaBng  system  – Why?  

•  Network  virtualizaBon  – Why  it  is  important    – OpenContrail  soluBon  

•  OpenContrail  architecture  – Goals,  assumpBons  – FuncBonal  parBBoning  – Components  

Page 3: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

CLOUD  OPERATING  SYSTEM  

•  Compute  power  •  Storage  •  Networking  

Page 4: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Machines  in  a  datacenter  

VM  VM  VM  VM  

hypervisor  

VM  VM  VM  VM  

hypervisor  

MIGRATIONS  

VM  VM  VM  VM  

hypervisor  

VM  VM  VM  VM  

hypervisor  

Storage  appliance  

Page 5: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

OperaBng  System  analogy  

•  Resources  in  a  typical  server  – CPU  cores  – Memory  – Storage  – Networking  

•  Resources  in  a  datacenter  – Hardware  machines  – Storage  appliances  – Networking  equipment  

Page 6: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

OpenStack  

source:  openstack.org  

Page 7: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Up  to  now  quite  missing  

source:  openstack.org  

Page 8: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

NETWORK  VIRTUALIZATION  

•  Virtual  endpoints  dominaBon  •  SoluBons  

Page 9: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Rack,  servers,  VMs  

VM  VM  VM  VM  

hypervisor  

VM  VM  VM  VM  

hypervisor  

VM  VM  VM  VM  

hypervisor  

Server  rack  

To  spine  switch  

Page 10: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

A  wider  view  Clos  network  

Page 11: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

ObservaBons  

•  Majority  of  network  endpoints  are  virtual  

•  Virtual  networks  dominate  

•  IsolaBon  between  them  has  to  be  provided  

• While  using  the  same  physical  network  

•  AutomaBcally  

Page 12: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

SoluBons  

•  Vlans  – Default  OpenStack  approach  – Limited,  not  flexible  

•  Overlay  networking  – OpenContrail  as  a  Neutron  plugin  – Flexible  – Scalable  

Page 13: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

VLANs  

•  VM’s  interfaces  placed  on  bridges  – Each  bridge  for  a  virtual  network  

•  Difficult  to  manage  •  4096  VLAN  tags  limit  – Can  be  extended  using  Shortest  Path  Bridging  

•  Physical  switches  have  to  contain  the  VN  state  

Page 14: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

VM  migraBon  example  

VM1   VM2  

Server  1  

VM3  

VM4   VM5  

Server  2  

VM6  

VM7   VM8  

Server  3  

VM9  

Physical  switch  

Virtual  networks:  

1   2  

3  

Page 15: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

VM  migraBon  example  

VM1   VM2  

Server  1  

VM3  

VM4   VM5  

Server  2  

VM6  

VM7   VM8  

Server  3  

VM9  

Physical  switch  

Virtual  networks:  

1   2  

3  

VM9   Payload  

Eth  +  VLAN  tag  +  IP  

Page 16: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

VM  migraBon  example  

VM1   VM2  

Server  1  

VM3  

VM4   VM5  

Server  2  

VM6  

VM7   VM8  

Server  3  

VM9  Physical  switch  

Virtual  networks:  

1   2  

3  

VM9   Payload  

Eth  +  VLAN  tag  +  IP  

Page 17: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Overlay  networking  

•  “Old”  technology,  new  for  data-­‐centers  •  Physical  underlay  network  –  IP  fabric  – No  state  of  the  virtual  networks  

•  Virtual  overlay  network  – Holds  state  of  the  virtual  networks  – Dynamic  tunnels  (MPLSoGRE,  VXLAN,  etc.)  

Page 18: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

VM  migraBon  example  

VM1   VM2  

Server  1  

VM3  

VM4   VM5  

Server  2  

VM6  

VM7   VM8  

Server  3  

VM9  

Physical  switch  

Virtual  networks:  

1   2  

3  

S3   VM9   Payload   Physical  network:  

Page 19: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

VM  migraBon  example  

VM1   VM2  

Server  1  

VM3  

VM4   VM5  

Server  2  

VM6  

VM7   VM8  

Server  3  

VM9  Physical  switch  

Virtual  networks:  

1   2  

3  

S2   VM9   Payload   Physical  network:  

Page 20: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Overlay  networks  advantages  

•  “Knowledge”  about  network  only  in  the  solware  (vRouter)  

•  Any  switch  works  for  IP  fabric  network  – No  configuraBon  – Only  speed  maners  – Low  price  

•  OpenContrail  implementaBon  is  standards-­‐based  (MPLS,  BGP,  VXLAN,  etc.)  

Page 21: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

OPENCONTRAIL  ARCHITECTURE  

•  Goals  •  Nodes  •  Components  

Page 22: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Architecture  goals  

•  Scalability  •  CompaBbility  •  Extensibility  •  Fault  tolerance  •  Performance  

Page 23: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

“Think  globally,  act  locally”  

•  The  system  is  physically  distributed  – No  single  point  of  failure  – Scalability  – Performance  

•  Logically  centralized  control  and  management  – Simplicity  – Ease  of  use  

Page 24: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Architecture  overview  

Source:  www.opencontrail.org  

Page 25: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

ConfiguraBon  node  

Source:  www.opencontrail.org  

Page 26: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

ConfiguraBon  node  components  

•  ConfiguraBon  API  Server  – AcBve/AcBve  mode  –  Receives  REST  API  calls  –  Publishes  configuraBon  to  the  IF-­‐MAP  Server  –  Receives  configuraBon  from  other  API  Servers  

•  Discovery  Service  – AcBve/AcBve  mode  – A  Registry  of  all  OpenContrail  services  –  Provides  REST  API  for  publishing  and  querying  of  services  

Page 27: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

ConfiguraBon  node  components  (2)  

•  Schema  Transformer  – AcBve/Backup  mode  –  Receives  high-­‐level  configuraBon  from  IF-­‐MAP  Server  –  Transforms  high-­‐level  constructs  (eg.  virtual  network)  to  low-­‐level  (eg.  rouBng  instance)  

•  IF-­‐MAP  Server  – AcBve/AcBve  mode  –  Publishes  system  configuraBon  to  Control  nodes,  Schema  Transformer    

– All  configuraBon  comes  from  API  Server  (both  high  and  low  level)  

Page 28: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

ConfiguraBon  node  components  (3)  

•  Service  Monitor  – AcBve/Backup  mode  – Monitors  service  virtual  machines  (firewall,  analyzer,  etc.)  

–  Calls  nova  API  to  control  VMs  •  AMPQ  Server  (RabbitMQ)  –  CommunicaBon  between  system  components  

•  Persistent  storage  (Cassandra)  –  Receives  and  stores  system  configuraBon  from  the  ConfiguraBon  API  Server  

Page 29: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

ConfiguraBon  flow  (user)  

1.  User  Request    2.  Original  API  Server    3.  RabbitMQ  4.  All  API  Servers  5.  Local  IF-­‐MAP  Server  6.  Schema  Transformer  

Page 30: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

ConfiguraBon  flow  (transformed)  

1.  Schema  Transformer  2.  ConfiguraBon  API  Server  3.  RabbitMQ  4.  All  API  Servers  5.  Local  IF-­‐MAP  Server  6.  Control  nodes  and  DNS  

Page 31: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Controller  node  

Source:  www.opencontrail.org  

Page 32: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Control  node  components  •  Controller  – AcBve/AcBve  mode  –  Receives  configuraBon  from  IF-­‐MAP  Server  –  Exchanges  XMPP  messages  with  vRouter  Agent  –  Federate  with  other  nodes  and  physical  switches  via  BGP/Netconf    

•  DNS  Service  – AcBve/AcBve  –  Receives  configuraBon  from  IF-­‐MAP  Server  –  Exchanges  XMPP  messages  with  vRouter  Agent  –  Front-­‐end  only,  backend  using  host  naBve  ‘named’  

Page 33: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Compute  node  Nova  

Scheduler  Contrail  Control  

node  

Nova  vif  driver  

KVM  

VM   VM   VM  

Contrail  Agent  

Contrail  vRouter  

Kernel  space  

Nova  compute  

Libvirt  

NetLink  /dev/flow  pkt  

TCP  

QEMU  

TUN/TAP  

Page 34: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Compute  node  components  

•  vRouter  Agent  – CommunicaBon  via  XMPP  with  the  Control  node  –  InstallaBon  of  forwarding  state  into  vRouter  – ARP,  DHCP,  DNS  proxy  

•  vRouter  – Packet  forwarding  – Applying  flow  policies  – EncapsulaBon,  decapsulaBon  

Page 35: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

Agent  <-­‐>  vRouter  communicaBon  

•  NetLink  – RouBng  entry,  next-­‐hop,  flow,  etc.  synchronizaBon  

– Uses  RCU  •  /dev/flow  – Shared  memory  for  flow  hash  tables  

•  pkt  tap  device  – Flow  discovery  (first  packet  of  a  flow)  – ARP,  DHCP,  DNS  proxy  

Page 36: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

AnalyBcs  node  

Source:  www.opencontrail.org  

Page 37: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

AnalyBcs  node  components  

•  API  Server  –  REST  API  for  querying  analyBcs  

•  Collector  –  Collects  analyBcs  informaBon  from  all  system  nodes  

•  Query  Engine  – Map-­‐reduce  over  collected  analyBcs  –  Executes  queries  

•  Rules  Engine  –  Controls  which  events  are  collected  by  the  Collector  

Page 38: Architektura+systemu+ OpenContrail+ - Semihalf · Rack,+servers,+VMs+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ VM VM VM VM hypervisor+ Server+rack+ To+spine+switch+

     

Any  quesBons?