OpenStack Neutron Havana Overview - Oct 2013

OpenStack Overview Havana October 2013

Edgar Magana, PhD

OpenStack Core Developer (Neutron)

© 2013 PLUMgrid. All rights reserved.

Session Agenda

NO!

Acknowledgments

Big Thanks to Great Developers in OpenStack Community & OpenStack Foundation Information presented here are sourced from my own experience as OpenStack developer/user and from OpenStack Foundation Documents & Community Views and Technical points expressed here are solely presenter’s and doesn’t reflect his employer views/positions or OpenStack Foundation in anyway.


What is OpenStack?

§  OpenStack is a cloud management system that controls large

pools of compute, storage, and networking resources

throughout a datacenter, all managed through a dashboard that

gives administrators control while empowering their users to

provision resources through a web interface.


OpenStack: A Brief History

NASA Launches Nebula One of the first cloud computing platforms built for Federal Government Private Cloud

March 2010: Rackspace Open Sources Cloud Files software, aka Swift

May 2010: NASA open sources compute software, aka “Nova”

June 2010: OpenStack is formed

July 2010: The inaugural Design Summit

April 2012: OpenStack Foundation

April 2013: Grizzly Release

Nov 2013: Havana Release

Quantum à Neutron

April 2014: Icehouse Release

nebula.nasa.gov


OpenStack Community


OpenStack Core Services

Compute ("Nova") provides virtual servers upon demand. Compute resources are accessible via APIs for developers building cloud applications and via web interfaces for administrators and users. The compute architecture is designed to scale horizontally on standard hardware, enabling the cloud economics companies have come to expect.

Network (”Neutron") is a pluggable, scalable and API-driven system for managing networks and IP addresses. Like other aspects of the cloud operating system, it can be used by administrators and users to increase the value of existing datacenter assets.

Block Storage ("Cinder") provides persistent block storage to guest VMs. This project was born from code originally in Nova (the nova-volume service described below).

Dashboard ("Horizon") provides a modular web-based user interface for all the OpenStack services.


OpenStack Core Services Object Store ("Swift") provides object storage. It allows you to store or retrieve files (but not mount directories like a fileserver)

Image ("Glance") provides a catalog and repository for virtual disk images. These disk images are mostly commonly used in OpenStack Compute.

Identity ("Keystone") provides authentication and authorization for all the OpenStack services

Orchestration (“Heat”) orchestrates multiple cloud applications using the AWS CloudFormation template format, through both an OpenStack-native REST API and a CloudFormation-compatible Query API

Metering (“Ceilometer”) monitoring and metering framework using an agentless from 3rd party systems, all is natively implemented in OpenStack

Documentation (“What’s up doc?)

How many in total?

21

https://wiki.openstack.org/wiki/Programs


OpenStack Core Services - Conceptual

docs.openstack.org


docs.openstack.org

Level three and she thinks she is rich! What a noob!


OpenStack Core Services - Logical

docs.openstack.org

Neutron


www.cafepress.com


§  Incubation project in April 2011

§  Promoted to Core Project at Folsom Summit (April 2012)

§  Neutron Solves two main issues in Nova – Network: 1.  Limited networking technology

�  Basic linux bridging-based implementation

�  Limited features (missing ACL, QoS, …)

�  Limited multi-tenancy isolation – 802.1q VLAN tags.

2.  Limited User/Tenant control over the network �  Tenant can not create their own network topologies

�  Tenant can not leverage different network virtualization technologies

Neutron - Overview

15


Network as a Service (NaaS)

§  Provides REST APIs to manage network connections for the resources managed by other OpenStack Services (e.g. Nova)

§  Technology Agnostic (framework based on “plug-ins”)

§  Multi-tenancy: Isolation, Abstraction, full control over virtual networks

§  Modular Design: API specifies service, vendor provides its implementation. Extensions for vendor-specific features.

§  Standalone Service : It is not exclusive to OpenStack. Neutron is an autonomous service

§  Exposes vendor-specific network virtualization and SDN technologies

OpenStack Networking - Neutron


What does Neutron do?

§  Complete control over the following network resources in OpenStack §  Networks, Ports and Subnets

§  Build complex network topologies based on user/tenant input §  Assigns its own network segmentation process §  Limited L3 functionality (IP tables rules at host level) §  Just one plugin at the time

§  Modular Layer 2 (ML2) §  Cisco Plugin supports OVS + NXOS + N1Kv §  Meta-plugin (based on zones-flavors)

§  Focused on VNI (Virtual Networking Infrastructure) §  Basic VLAN configuration on the Physical Switch (NXOS, Arista,

Brocade, etc…)


What doesn’t Neutron do?

§  Discovery of the network physical infrastructure §  Any L3 real configuration (router plugin is in progress) §  Synch mechanisms with other network management systems

§  Note: Neutron Plugins could delegate this work §  Any configuration at the aggregation layer and/or edge layer

§  Basic configuration at the access layer


Neutron Architecture

Neutron API

Neutron Service

Neutron Plug-in API

API Extensions

Service API (VPN, FW & LBaaS)

VNI & PNI Virtual & Physical Networking Infrastructure

Plug-In Extensions

Plug-In Implementation


§  Modular Layer 2 (ML2): §  New in Havana §  ML2 can concurrently use multiple layer 2 networking technologies that are found in real-world

data centers. §  It currently works with the existing Open vSwitch, Linux Bridge, and Hyper-v L2 agents

§  Linux Bridge (deprecated): §  Build isolated networks with VLAN interfaces and Linux Bridge §  Works with every Linux distro

§  Open vSwitch (deprecated): §  Builds isolated networks with OVS and L2-in-L3 tunnels. §  Supports GRE and VXLAN tunnels

§  PLUMgrid: §  Acts as a proxy for the PLUMgrid Director and IOVisor technology

§  Cisco: §  NXOS and N1Kv

§  NTT-Data Ryu: §  Acts as a proxy for the NTT Ryu platform

§  NEC, Hyper-V, Brocade, …

Neutron Plugins - Havana Neutron Plug-Ins


§  Load Balancer as a Service (LBaaS): §  Stable release

§  HA Proxy support

§  Vendor specific framework in place

§  Virtual Private Network as a Service (VPNaaS): §  IPsec support

§  Site-to-Site configuration

§  Single-site-to-Multi-site configuration

§  Firewall as a Service (FWaaS): §  Separate FW service

§  IP tables support

§  Vendor specific service can be included

Neutron Services - Havana

source: wiki.Openstack.org

Neutron Services


OpenStack Network Deployment Architecture


VM booting workflow between nova and neutron

1.  nova boot will get into compute driver, which will call neutron api to create port

2.  neutron-server creates the port object and allocates it with ip address from subnets

3.  neutron-server notifies neutron-dhcp agent with the created port object

4.  neutron-dhcp agent configs the dhcp server with the port object, such as IP, Mac, gateway and routes

5.  compute-driver gets the network information, and then create port on br-int soft-switch, and then starts the VM with a tap device attached on the soft-switch port.

6.  soft-neutron-agent detects and gets to know there is a new soft-switch port created

7.  soft-neutron-agent asks information from neutron-server

8.  soft-neutron-agent set up the port, such as the flows and vlan id of the soft-switch port. After this step, the VM's network is connected.

9.  VM gets the IP address with the dhcp client.

23


Neutron Network Internals


OpenStack Network ML2

source: openstack.docs


OpenStack Network ML2


Neutron server & plug-in

Plugin Agent

(soft-switch)

DHCP Agent

DB

Queue

Neutron Server Implement REST APIs and its extensions Enforce network model

Network, subnet, and port IP addressing to each port (IPAM)

Soft-switch Plugin agent Run on each compute node Connect instances to network port

DHCP Agent In multi-host mode, run on each compute node (deferred) Start/stop dhcp server Maintain dhcp configuration

L3 Agent To implement floating Ips and other L3 features, such as NAT One per network

Queue Enhance communication between each components of neutron

DB Persistent network model

L3-Agent (FW & NAT)

Neutron Components

Service-LBaaS Agent

Service-VPNaaS Agent

Neutron Deployment Components – ML2


§  Neutron community is growing – Support is guaranteed

§  Pluggable Architecture – All vendors are welcome

§  Testing is always our first priority

§  Code quality is one of the top ones

§  Features are always coming in but testing is a must

§  All works with opensource technologies §  Performance is always a concern

§  Analytics are minimal

§  Debugging is challenging

§  Neutron offers migration paths are available from release to release

Neutron - Summary

28


PLUMgrid


PLUMgrid in OpenStack

33

Nova

Neutron Glance

Swift

Cinder

Storage

Network

Compute

PLUMgrid Neutron Plugin Adds:

•  Increased Control •  Virtual Domains

•  Simplified Isolation

•  Advanced Functionality •  Complete Network Services

•  No OVS or Flat Networks

•  Increased Scale •  No VLANs, no agents, no OpenFlow

•  Open Platform •  Add 3rd Party Network Functions

•  Network Visibility •  PLUMgrid Analytics and Monitoring

Proven OpenStack Neutron Plugin



Plugin Agent

(soft-switch)

DHCP Agent

DB

Queue

Neutron Server Implement REST APIs and its extensions Enforce network model

Network, subnet, and port IP addressing to each port (IPAM)

Soft-switch Plugin agent Run on each compute node Connect instances to network port

DHCP Agent In multi-host mode, run on each compute node (deferred) Start/stop dhcp server Maintain dhcp configuration

L3 Agent To implement floating Ips and other L3 features, such as NAT One per network

Queue Enhance communication between each components of neutron

DB Persistent network model

L3-Agent (FW & NAT)

Neutron Components

Service-LBaaS Agent

Service-VPNaaS Agent

Neutron Deployment Components – ML2



DB

Queue

Neutron Components Neutron Deployment Components – ML2

PLUMgrid Director

Simplify Neutron Model

Network Services:

quick & simple (no extra agents)

easy

reliable

NOVA VIF Drivers

new driver is being integrated in Havana (IOVISOR Driver)

Neutron Virtual Network Functions (VNF)

easy integration and deployment for VNFs

Neutron Extensions

Provider networks

DHCP

L3

…


Included in Havana Release: https://wiki.openstack.org/wiki/PLUMgrid-Neutron

Testing with Devstack: # git clone http://github.com/openstack-dev/devstack.git # vim localrc:

–  Q_PLUGIN=plumgrid

–  PLUMGRID_DIRECTOR_IP =

–  PLUMGRID_DIRECTOR_PORT = 8080

–  disable_service n-net

–  disable_service n-cpu (optional)

–  enable_service q-svc

–  enable_service neutron

–  LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver

Neutron with PLUMgrid


Most Common Use Cases

37

Overlapping IP Setup source ~/user_demo_one neutron net-create net1 neutron subnet-create net1 10.0.0.0/24 #use network_id nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm1-userone nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm2-userone source ~/user_demo_two neutron net-create net1 neutron subnet-create net1 10.0.0.0/24 nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm1-usertwo nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm2-usertwo Delete the vms: nova delete vm1-usertwo nova delete vm2-usertwo source ~/user_demo_one nova delete vm1-userone nova delete vm2-userone


Most Common Use Cases

38

Public network source ./admin_user # Create shared network neutron net-create public --shared True neutron subnet-create --no-gateway public 10.10.0.0/24 source ~/user_demo_one nova boot --image <img_id> --flavor 1 --nic net-id=<net1-id> --nic net-id=<public-id> vm1-user1 source ~/user_demo_two nova boot --image <img_id> --flavor 1 --nic net-id=<net1-id> --nic net-id=<public-id> vm1-user2 Floating IP #create external network neutron net-create ext_net -- --router:external=True neutron subnet-create ext_net 1.1.1.0/24 -- --enable_dhcp=False # connect router to the upstream external network neutron router-gateway-set router1 ext_net # create some floating ips out of this external network neutron floatingip-create ext_net --port_id $VM2_PORT_IDil neutron floatingip-disassociate <floating_ip_id>

OpenStack Open Source Community


•  Grizzly Release (April 2013): L3 extensions API – XML DB Migration LBaaS (agent-based) Security Groups Quotas New Plugins (PLUMgrid)

•  Havana Release (Nov, 2013) VPNaaS (agent-based) FWaaS (agent-based) Improve LBaaS Performance Improvements …

Neutron Release Cycle


•  Join the foundation §  https://wiki.openstack.org/wiki/HowToContribute §  Corporate Contributor License Agreement §  Individual Contributor License Agreement

•  Blueprints and Bugs in Launchpad §  https://blueprints.launchpad.net/neutron §  https://bugs.launchpad.net/neutron/+bugs

•  Code review in Gerrit §  https://wiki.openstack.org/wiki/GerritWorkflow §  https://review.openstack.org/#/q/status:open+project:openstack/neutron,n,z §  pep8 enforcement §  Python hacking rules: §  https://github.com/openstack/neutron/blob/master/HACKING.rst

OpenStack Contribution

Questions!

Network Service (Nova-Network) Overview


Introduction

Network service / controller provides network related services to connect compute instances (VM) to network

Nova has an embedded network component called Nova-Network that provides network related services Target network domain: L2 network connecting VMs to local (access) network

A separate network service / controller called Neutron is a separate (from Nova) service on its own Target network domain: L2, L3

45


Nova-Network

46

§  Flat Mode §  All Instances are attached to a single Linux bridge

§  IP addresses are injected into image on launch (from configuration file)

§  FlatDHCP Mode

§  Similar to Flat Mode with DHCP for IP addresses

§  VLAN Network Mode: Default Mode §  A VLAN, Fixed IP Subnet, and Linux bridge per tenant

§  Switch must support 802.1Q VLAN tagging

§  Neutron Network Manager (code is being renaming in Havana release) §  A client (resident in Nova) for communication with Neutron Service


Flat Mode

47

VM1

WS1

OS

vNIC

TAP1

ETH0 Hypervisor

TAP2

VM2

App

OS

vNIC

TAP3

VM3

WS2

OS

vNIC

br100 ETH0

br100

SW 11

ETH1

SW 11 Private

Towards Cloud DC Net or Public Net

Nova Controller with Nova-Network or

Neutron Controller

Nova Compute Host 1

Controller Host

VM4

WS1

OS

vNIC

TAP4

ETH0 Hypervisor

TAP5

VM5

App

OS

vNIC

TAP6

VM6

WS2

OS

vNIC

br100

Nova Compute Host 2

Bridging, NAT, DHCP

§  Outside communication via the controller node (where Nova-network is resident)

§  Nova network component (or controller) can run in each compute node


VLAN Mode

VM1

WS1

OS

vNIC

TAP0

ETH1 Hypervisor

TAP1

VM2

App

OS

vNIC

TAP3

VM3

WS2

OS

vNIC

br1 / VLAN 22

br0/ VLAN11

VM4

WS1

OS

vNIC

TAP4

ETH1 Hypervisor

TAP5

VM5

App

OS

vNIC

TAP6

VM6

WS2

OS

vNIC

br1 / VLAN 22

br0 / VLAN11 ETH1

br0 / VLAN11

br0 / VLAN 22

SW-Fab

ETH0

SW-Ext Private

Towards DC Net or Public Net

Nova with Nova-Network or Neutron Controller

Nova Compute Nova Compute Host 1 Host 2 Host n

OpenStack Neutron Havana Overview - Oct 2013

Technology

Transcript of OpenStack Neutron Havana Overview - Oct 2013