Neutron 201

About Me

• Senior Developer at Akanda inc

• Former RefStack PTL

• Past Engineer at BlueBox, Piston, and HP

Where are we headed today?

• OpenStack Neutron Networking Basics

• Advanced Services: LBaaS, VPNaaS, FWaaS

• Neutron: Liberty and Beyond

OpenStack Neutron Networking Basics

OSI Model

Physical Layer

Data Link Layer

Network Layer

Transport Layer

Session Layer

Presentation Layer

Application Layer

1

2

3

4

5

6

7

TCP, UDP

IPv4,IPv6, ICMP

HTTP, DNS, etc

ARP, Ethernet, VLAN

OpenStack

Neutron

Reference Neutron

neutron-server

Database

L3 AgentL3 AgentL3 Agent

Advanced ServiceAdvanced

ServiceAdvanced Services

Message Queue

DHCP AgentDHCP AgentDHCP Agent

L2 AgentL2 AgentL2 AgentL2 AgentL2 Agents

neutron-server

REST API SERVICE

RPC SERVICE

PLUGIN

Plugin Extensions

• Add logical resources to the REST API

• Discovered by server at startup

• REST: /v2.0/extensions

• Common Extensions

• Binding, DHCP, L3, Provider, Quota, Security Group

2 types of plugins..

MonolithicPlugin

Mech Mgr

Modular Plugin

Type Mgr

Monolithic Plugin

Typical among sdn vendorsThey come in two varieties;

• Proxy

• Direct control

PLUGIN

Modular Plugin

Delegates calls to proper drivers

• Two kinds of drivers

• Type Driver

• Mechanism Driver Mech Mgr

PLUGIN

Type Mgr

Flat vs Not..

IsolationVLAN

• 802.1Q

• limited

• underlay must support

GRE/VXLAN

• L2 encapsulated in L3

• routable

• overlay independence

Tunneling

A

D

CB

Neutron Advanced Services

ReferenceImplementation

Load Balancer V2

HAProxyOctavia Projecthttp://octavia.io

VPN as a Service

OpenSwan

Router

Metadata Proxy

VPN Driver

● Reference implementation uses OpenSwan

● Details can be found at: https://wiki.openstack.org/wiki/Neutron/VPNaaS

Firewall as a Service

• Reference Implementation is Currently Experimental and not production ready

• Whats next?

L3 Agent

Router

Metadata Proxy

Firewall Driver

Akanda

What is Akanda● Akanda is a multi-process, multi-

threaded Neutron advanced services orchestration service

● It currently supports routers and in the future, load balancers, VPNs and firewalls

Core Akanda Principles● Simple ● Compatible● Open Development (Apache v2)

The Rug really tied the room together

Reference Neutron

neutron-server

Database

L3 AgentL3 AgentL3 Agent

Advanced ServiceAdvanced

ServiceAdvanced Service

Message Queue

DHCP AgentDHCP AgentDHCP Agent

L2 AgentL2 AgentL2 AgentL2 AgentL2 Agents

Neutron + the Rug

L2 AgentL2 AgentL2 AgentL2 AgentL2 Agent

Message Queue

L3 AgentL3 AgentService Instance

neutron-server

Database

Akanda (the rug)

Router Instance Lifecycle● Router per tenant distributed throughout

the cluster

● The router controls the data flow at layer 3 level of the TCP/IP network stack

Akanda Project Details● Get the source: https://github.

com/stackforge/akanda

● Project status and tarballs: https://launchpad.net/akanda

● Documentation: http://docs.akanda.io

● IRC - #akanda on freenode.net

Neutron: Liberty and Beyond

OpenStack’s Big Tent

• Open Design

• Open Development

• Open Community

• Open Source

The Neutron Stadium

• Common Forum

• Improved Consistency

• Shared Governance

Neutron: Liberty• IPAM

• BGP Speaker

• NFV Enhancements

• Service Function Chaining

• Enhanced Security Groups

• Paying Down Technical Debt Canadian2006 - Liberty, Saskatchewan (CC-by-sa-3.0)

commons.wikimedia.org/w/index.php?title=User:Canadian2006&action=edit&redlink=1

Questions