These are slides from the OpenSTack Meeting in Boston on Marck 18, 2015. The session led by Fernando Sanchez - Principal Systems Engineer, at PLUMgrid. In this talk, Fernando discussed OpenStack architecture with a particular focus on networking. We’ll cover some important considerations for networking in your OpenStack cloud, provide a look at common terminology, and discuss how Open Networking Suite works with OpenStack to alleviate networking challenges.

1. 2011-2014 © PLUMgrid - Confidential Information
Fernando Sanchez – Principal Systems Engineer @ PLUMgrid
fernando@plumgrid.com
@fernandosanchez
OpenStack Networking &
PLUMgrid Open Networking Suite for OpenStack

2. 2011-2014 © PLUMgrid - Confidential Information
OpenStack: Open Source Cloud OS
• Open source software for
compute, storage, networking
• Distributions simplify installation
and maintenance
• Several commercial and “free”
OpenStack distributions
available

3. 2011-2014 © PLUMgrid - Confidential Information 3
Conceptual communication among services

4. 2011-2014 © PLUMgrid - Confidential Information
At the junction of any Cloud
ISOLATION
CONNECTIVITY
COMPUTE
STORAGE
Network

5. 2011-2014 © PLUMgrid - Confidential Information
Physical & Virtual Network Infrastructure
PHYSICAL
INFRASTRUCTURE
VIEW
VIRTUAL
INFRASTRUCTURE
VIEW
• QoS, Bandwidth
• Latency
• Multicast
• Capacity
• Connectivity
• On-Demand
• Multi Tenant
• Automated
• Self Service
• Secure
• Distributed
Overlay Network
TENANT
NETWORKS

6. 2011-2014 © PLUMgrid - Confidential Information
OpenStack Networking (Neutron)
6

7. 2011-2014 © PLUMgrid - Confidential Information
Why Neutron?
• Started with the Folsom release
• Provide Network as a Service
• Provide Operator & Tenants ability to
create and offer rich network topologies
and configure advanced policies
• Offer a technology agnostic layer while
enabling vendor extensions
• Support for advanced services
Compute Storage
Network

8. 2011-2014 © PLUMgrid - Confidential Information
What is Neutron?
§ Provides REST APIs to manage network connections for the
resources managed by other OpenStack Services (e.g. Nova)
§ Technology Agnostic (framework based on “plug-ins”)
§ Multi-tenancy: Isolation, Abstraction, full control over virtual
networks
§ Modular Design: API specifies service, vendor provides its
implementation. Extensions for vendor-specific features.
§ Exposes vendor-specific network virtualization and SDN
technologies
8

9. 2011-2014 © PLUMgrid - Confidential Information
What Neutron is NOT
• Neutron does NOT implement the networks, but rather
is the front-end to the component that does create and
implement the rich network functionalities
• When integrated with an SDN solution, it will “pass through”
OpenStack Networking API calls to the SDN Controller. The SDN
solution will then “build the actual networks”.
• When integrated with OVS and a Network node solution*….
*this is what many people call “running Neutron” (inaccurately)
• It can be very THIN or very THICK depending on
functionalities available in the underlying solution
9

10. 2011-2014 © PLUMgrid - Confidential Information
Why Neutron Plugins?
10
• The initial Openstack networking implementation based on nova (nova-
network) only implemented a basic model of isolation through Linux
VLANs and IP tables
• Neutron was always architected as a pluggable architecture to provide
choice
• back-end hardware and software agnostic
• use a variety of technologies to implement the API requests
• supports a broad spectrum of choices – from basic Linux VLANs and
IP tables to more advanced technologies such as network overlays

11. 2011-2014 © PLUMgrid - Confidential Information
Neutron Architecture
11
Neutron API
Neutron Service
Neutron Plug-in API
API Extensions
Service API
(VPN, FW & LBaaS)
VNI & PNI
Virtual & Physical Networking Infrastructure
Plug-In ExtensionsPlug-In
Implementation

12. 2011-2014 © PLUMgrid - Confidential Information
Two Types of Neutron Plugins
12
• Implements Neutron Core API
• Layer 2 (Switch)
• Optionally implements Service
plugin functionality by using
extensions
Core Service
• Implements Neutron API extensions
• Layer 3 (Router)
• Firewall
• Load Balancer
• VPN

13. 2011-2014 © PLUMgrid - Confidential Information
Vendor to Plugin Type Mapping
13
PLUMgrid, VMware NSX,
Midokura, Nuage, OpenContrail
Arista, Big Switch, Brocade,
Cisco, Embrane, Extreme,
Huawei, Juniper, Microsoft
(HyperV), IBM, Mellanox, NEC,
One Convergence, ODL
Core Service
Router: Cisco
LBaaS: A10 Networks, Embrane,
Citrix (Netscaler), F5, Radware,
vArmour
FWaaS: Cisco, Freescale
VPNaaS: Cisco
List is a sample and is incompleteSource: OpenStack Marketplace/Drivers

14. 2011-2014 © PLUMgrid - Confidential Information
Architecture Challenges: Neutron & OVS
Neutron
ML2/OVS
plugin
VM
Network Nodes
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VMVM VM
Nova Glance Swift Cinder
L3 Agent
FWaaS
Agent
LBaaS
Agent
Agent
Agent
Agent
Agent
Agent
Agent
DHCP
Agent
Services
Neutron
Framework
Placement of these
components is critical;
They are in data path
and become bottlenecks
Advanced Services run
on dedicated nodes.
Limited HA.
Creation of new tenants
requires careful sizing of
components to maintain
performance level
VM traffic flow can be handled in
kernel, in local user space or in
network nodes with different
performance level

15. 2011-2014 © PLUMgrid - Confidential Information
OpenStack Networking & PLUMgrid
15

16. 2011-2014 © PLUMgrid - Confidential Information
Last Mile to Agility: Virtual Networks
16
PHYSICAL
INFRASTRUCTURE
VIRTUAL
INFRASTRUCTURE
Virtual Compute
Compute Storage
Virtual Storage
CRM VDI ERP IaaSSaaS PaaS
Network
Virtual Networks
Self Service Portal/Catalog
Cloud Management Platform

17. 2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Open Networking Suite
17
PHYSICAL NETWORK INFRASTRUCTURE
VIRTUAL DOMAIN
Tenant A
PLUMGRID
NETWORK
LIBRARY
Bridge
Router
LB
Security
Policies
Bridge
Security
Policies
Bridge
DHCP
FW
VIRTUAL DOMAIN
Tenant B
Scalable Architecture Non-Stop Forwarding Service Insertion

18. 2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Open Networking Suite
18
ü No single point of failure
ü Highly resilient & self-healing
ü Terabits of distributed scale out performance
Internet
PLUMgrid
IO Visor Edge
PLUMgrid
Directors
PLUMgrid
IO Visor Gateway
Virtual Domain A Virtual Domain B
Overlay Network

19. 2011-2014 © PLUMgrid - Confidential Information
Understanding Virtual Domains
PHYSICAL
INFRASTRUCTURE
VIEW
VIRTUAL
INFRASTRUCTURE
VIEW
Custom or Template based Virtual Network Domains per Tenant
Tenant 1 Tenant 2 Tenant 3
VM VM VM VM
Internet
VM VM
VM
VM PLUMgrid Zone

20. 2011-2014 © PLUMgrid - Confidential Information
Architecture Solution: Neutron & PLUMgrid
Neutron
PLUMgrid
Plugin
VM
Virtual Domains
Tenant Networks
iO Visor Kernel Module -- Distributed Data Plane
PLUMgrid Director
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VMVM VM
Nova Glance Swift Cinder
3rd party
Virtual Network Functions
Control Plane
VM to VM optimized
packet flow due to
distributed VNFs –
Eliminating bottlenecks
Virtual Domains
automatically scale out
as more servers are
deployed
All VNF control planes
are fully redundant
Director Cluster is
deployed in
management rack
Virtual Domain A Virtual Domain B Virtual Domain C

21. 2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Platform Architecture
21

22. 2011-2014 © PLUMgrid - Confidential Information
Data
Plane
Controller
Closed
Network
Functions
Orchestration
layers
South
Bound
API
North
Bound
API
Management
API
Physical
Network
Infrastructure
Vendors
SDN
Vendors
Commodity Switch or
Software Virtual Switch
From PNI to SDN vendors?
Data Plane
Controller
Closed Network
Functions
From one Vertically Integrated Environment to the Next?

23. 2011-2014 © PLUMgrid - Confidential Information
Data
Plane
‘
Controller
‘
Closed
Network
Functions
Orchestration
layers
South
Bound
API
+
Extensions
North
Bound
API
Management
API
3rd party Network
Function
North
Bound
AP
Extensions
3rd party new Network Functions
Required Platform changes
(unfunded)
Data Plane
Controller
Closed Network
Functions
Architecture Gridlock
Networking: Extending the Data Plane?

24. 2011-2014 © PLUMgrid - Confidential Information
Data Plane
Controller
Closed Network
Functions
South Bound API
North Bound API
Management API
DP DP DP
CP CP CP
Network Function
CP-DP APIs
Management API
DEVELOPERS
OPERATORS
PG-SDK
OPERATORS
IO-VISOR™
Director
Old SDN architecture PLUMgrid Platform
IO-visor™ based Architecture
Platform Ecosystem: Get the Controller Out of the Way
Platform Ecosystem: Get the Controller out of the way

25. 2011-2014 © PLUMgrid - Confidential Information
BRIDGE
ROUTER
NAT
IO VISOR™
DP DP DP
IO Visor™ : Internals
PLUMgrid Director CP CP CP
Director APIs
API
BRG
API RTR API NAT
API BRG API RTR API NAT
Ports
REST APIs
Port Mgr. (PEM)
IO Visor
• Stiches multiple ‘PLUMlet DPs’
as directed by NOS
• Allows different NF CPs to
manage their ‘PLUMlets’
• The Director controls the
IO Visor™

26. 2011-2014 © PLUMgrid - Confidential Information
IO VISOR™
BRIDGE
ROUTER
NAT
DP DP DP
OPERATORS
PLUMgrid IOVisor Ecosystem – SDK & APIs
SDK
PLUMgrid Director
REST APIs
CP CP CP
CMS
GUI
Network Services
Hypervisor
Infrastructure

27. 2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Ignition
27
Immersive PLUMgrid Technology Experience

28. 2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Ignition
28
Go to: www.plumgrid.com/plumgrid-ignition/

29. 2011-2014 © PLUMgrid - Confidential Information 29
Next Steps
Stay Connect at www.plumgrid.com/events/
Sign Up for PLUMgrid Ignition at www.plumgrid.com
Follow Us @PLUMgrid

30. 2011-2014 © PLUMgrid - Confidential Information
Our Vision
30
THANK YOU!