SlideShare a Scribd company logo
1 of 63
Download to read offline
Giuliano Santandrea – CIRI ICT University of Bologna
● OpenStack description 
● Openstack components and allocation 
● Neutron abstractions 
● The virtual network infrastructure
 vif: virtual network interface 
 VR: virtual router 
 VNI: virtual network infrastructure 
 OVS: Open vSwitch© virtual bridge 
 LB: Linux bridge
Openstack Networking Internals - first part
● OpenStack is a cloud platform management software 
● A cloud platform is a cluster of machines that host 
some servers (instances): the servers are offered to the 
users as as a “service”. The user is able to create a 
“virtual infrastructure” composed of servers and 
network appliances (firewalls, routers, ...) 
● The servers can be implemented as: 
– VM (KVM,VMWare,..) 
– light container (LXC-Docker,..) 
– bare metal (PXE boot,…)
OS is composed of the following components: 
● Web dashboard (Horizon) 
● Compute (Nova): it manages instances lifecycle 
● Keystone: credentials, service catalog of all the OS services (list of REST service 
endpoints) 
● Glance: image management. An image is a blob file containing a file system with a 
“pre-cooked” VM: it can be used by hypervisors to boot a new instance! 
● Networking(Neutron): network management 
● Block storage (Cinder): persistent storage (volumes) 
● Other services: 
– Object storage (Swift): distributed storage for non-structured data
External net 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Management net 
Data net (flat) 
Internet
● Data net 
● Mgmt net 
● External/API net 
These networks are implemented as physical 
separated networks. 
Cesena cluster: I configured a switch with “port-based, 
access mode” VLANs
External net 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Management net 
Data net (flat) 
Internet 
Allows the admin to access the cluster nodes and 
it is used for inter-service communication 
EVERY NODE IS ON THIS NET
External net 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Management net 
Data net (flat) 
Internet 
Used for inter-VM communication. 
Depending on the chosen network virtualization 
mechanism, the packets will be 
VLAN tagged packets, or 
encapsulated packets (VXLAN, GRE)
External net 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Management net 
Data net (flat) 
Internet 
It allows the VMs to access the Internet, 
the user to access the VMs
Openstack Networking Internals - first part
External net 
●Keystone 
●Nova 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Management net 
Data net (flat) 
Internet 
●API: REST endpoint, receives user requests 
●Scheduler: chooses a compute node 
●Glance: 
●API 
●Registry 
●Neutron 
●Server: REST API endpoint 
●plugin: implements the VNI 
●Cinder: 
●API,… 
●message queue: middleware for inter-service 
communication
External net 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Management net 
Data net (flat) 
Internet 
Neutron 
• plugin: implements the VNI 
• L3: virtual routers creation 
• dhcp 
• metadata
External net 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Management net 
Data net (flat) 
Internet 
In each Compute node: 
●Neutron 
●plugin: implements VNI 
●Nova 
●compute: manages the hypervisor
● User send REST API calls to the service enpoints, 
using: 
– the web dashboard 
– CLI clients 
● OS components communicate between each other 
using: 
– Message passing (an AMQP server resides in the 
controller node) 
– rest API calls 
● Some components (neutron-server, keystone, etc.) 
access directly to a DB to save/modify their state
 Sometimes the external network is not 
directly connected the internet, but there is a 
datacenter gateway allowing the access to the 
internet 
Public net 
gateway 
Internet 
REST API 
External net 
Private 
cloud
Public net 
gateway 
External net 
Controller CPU node 1 CPU node 2 CPU node 3 
Mgmt net 
data net 
nova api 
Network node 
REST API 
User 
port forwarding 
Internet 
REST protocol
Public net 
gateway 
External net 
Internet 
REST API 
User 
port forwarding 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Horizon 
(Web server 
apache2) 
HTTP request 
Mgmt net 
data net
Openstack Networking Internals - first part
Public net 
gateway 
External net 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
rete dati (flat) 
REST API 
User 
port forwarding 
Internet 
xvncproxy 
VNC protocol 
Port forwarding on 6080 port!! 
hypervisor 
The hypervisor pipes the VM 
video output through the network 
sudo iptables -t nat -I PREROUTING 
-i eth1 -p tcp --dport 80 -j DNAT 
--to-destination 10.250.0.1:80 
VM 
Mgmt net
Openstack Networking Internals - first part
Public net 
gateway 
External net 
Internet 
REST API 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
nova 
compute 
nova api 
message 
queue server 
Mgmt net 
data net
Public net 
gateway 
External net 
Internet 
REST API 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
nova 
compute 
Glance API 
REST endpoint 
REST API call 
Mgmt net 
data net
Public net 
gateway 
External net 
Internet 
REST API 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Mgmt net 
data net 
VM VM
Public net 
gateway 
External net 
Internet 
REST API 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Mgmt net 
data net 
Virtual router VM VM
Public net 
gateway 
External net 
Internet 
REST API 
NAT/ 
port forwarding 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Mgmt net 
data net 
Virtual router VM 
User
Public net 
gateway 
External net 
Internet 
REST API 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
Mgmt net 
data net 
VM 
Virtual router 
(NAT/ 
Floating IP) 
NAT/ 
port forwarding 
User 
The VM has: 
• a fixed private IP on a 
private tenant net 
• an optional floating IP on 
the external network 
The VR does: 
• The NAT for 
private IPs 
• DNAT of the 
floating IPs
Public net 
gateway 
External net 
Internet 
REST API 
Controller Network node CPU node 1 CPU node 2 CPU node 3 
data net 
Mgmt net 
VM 
hypervisor 
storage 
The VM sees the 
disk (block device) 
as a local device! 
Network file system protocol (NFS, iSCSI, …) 
Storage node
Openstack Networking Internals - first part
Neutron defines these network abstractions: 
 Network – an isolated L2 network segment 
 Subnet – an IP address block on a certain network 
 Router – a gateway between subnets 
 Fixed IP – an IP on a tenant network 
 Floating IP – a mapping between IP of external 
networks and a private fixed IP 
 Port – an attachment point to a network. 
Users only see these abstractions!!! 
 Neutron implements these abstraction inside the VNI 
in the cluster nodes (i.e. at the host level) so that VMs 
(guest level) can see the virtual networks
 Tenant network: a network created by a cloud 
user. The VM takes a fixed IP from this net (not 
modifiable after the VM creation) 
◦ implementation detail: the VM receives the IP from a 
DHCP server configured to give always the same fixed IP 
to that VM! 
 Provider network: network external to the cluster, 
allows outside connectivity, passing through the 
network node. A VM can allocate a floating IP to 
gain external visibility (OpenStack maps each 
floating IP to the related fixed IP). Floating Ips are 
deallocable.
VIRTUAL NETWORK 
Managed by Neutron 
Physical 
interface of the 
network node
 They are “leaky abstractions”! For example: 
◦ Net creation is limited to the effective VLAN ID 
availability for the physical network! 
◦ During the network creation you could specify low 
level implementation details ( such as the VLAN ID) 
or leave OpenStack decide them for you
 server (REST API endpoint): receives API requests, saves all 
the network info in a database, instructs the agents 
 plugin agent: implements the VNI inside the cluster node, 
using the technology specified (GRE tunnel, VLAN, VXLAN, …). 
 dhcp: implements the dhcp servers 
 L3: implements the virtual routers 
 Metadata: the VMs contact the metadata service at the 
creation
Openstack Networking Internals - first part
● Create a L2 network 
– neutron net-create net1 
● Associate a L3 subnet to the network 
– neutron subnet-create net1 10.0.0.0/24 --name subnet1 
● Boot a VM on that subnet 
– nova boot --image img --flavor flv --nic net-id=uuid vm_name
A user that wants to create a VM: 
1. Sends a REST API (via CLI client or web dashboartd) to the Keystone REST 
endpoint (request+auth) and Nova endpoint 
2. “nova-scheduler”, internally, chooses the best suitable compute (CPU) node that 
will host the VM 
3. In that CPU node, the “nova-compute” component does the following things: 
1. prepares the hypervisor 
2. asks Glance the VM image 
3. asks Neutron components to allocate the VNI 
4. asks Cinder to allocate the persistent block storage (volumes) for the VM
source: http://goo.gl/n3Bb5s
 Network namespaces is a technology that allows 
to separate/isolate multiple network domains inside a single 
host by replicating the network software stack 
 A process executed in a namespace sees only specific: 
◦ physical/virtual network interfaces 
◦ routing/arp tables 
◦ firewall/NAT rules 
 You can: 
◦ Create a netns 
◦ Create a process/virtual network component inside that netns
Network 
namespace 1 
process 
process 
Linux kernel 
global namespace 
(PID 1) 
Hardware 
Network 
namespace N 
Network 
namespace 2 
... 
A global namespace created 
at boot time. Processes 
usually reside here 
You can: 
• Create a netns 
• create a vif inside the netns 
• start a linux process 
VIF 
process process
VIF VIF 
Network 
namespace 1 
Linux kernel 
global namespace 
(PID 1) 
Hardware 
Network 
namespace N 
Network 
namespace 2 
... 
Namespaces guarantee L3 
isolation, so the interfaces can 
have overlapping IP addresses!
 The virtual bridges can be connected to (physical or virtual) interfaces that 
reside in different namespaces: the virtual bridges act as bridges between 
the namespaces 
Physical host 
Network 
namespace 1 
Network 
namespace 2 
VIF packet 
PIF 
Virtual bridge 
process
Physical host 
process process 
process process 
They are 
completely 
isolated!
Openstack Networking Internals - first part
 In each node there is: 
◦ An integration bridge 
◦ A bridge for each physical network, connected to 
 The integration bridge 
 The physical network interface (pif)
public net 
gateway 
External net 
Mgmt net 
Controller Network node CPU node 1 
Data net 
br-int 
br-data 
VM 
linux 
bridge 
br-int 
br-data 
br-ex 
br-int 
br-data 
br-data: connected to 
the data net 
Internet
Internet 
gateway 
External net 
Controller Network node CPU node 1 
br-int 
br-data 
VM 
linux 
bridge 
br-int 
br-data 
br-ex 
br-int 
br-data 
br-int: intermediate 
bridge, act as a hub of a 
star network 
Mgmt net 
Data net 
public net
Internet 
gateway 
Controller Network node CPU node 1 
br-int 
br-data 
VM 
linux 
bridge 
br-int 
br-data 
br-ex 
br-int 
br-data 
br-ex: connected to the 
external network (only 
present only in the 
network node!!) 
External net 
Mgmt net 
Data net 
public net
 Advantages: namespaces allow to manage multiple L3 
functions at the host level in the same node. 
 This is a key enabler is implementing VNIs with advanced 
functionalities: the cloud users to create overlapping virtual 
L3 networks!!! 
◦ Two tenants can create isolated L3 networks with the same IP addresses 
 The namespaces are used only in the network node (because L3 
functionalities at the host level are present only inside the network node) 
 A new network namespace is created by OpenStack when you create… 
◦ … a new virtual L2 network 
◦ … a new virtual router
 In the compute node: 
◦ nova-compute makes a REST API call to neutron-server 
asking for a port allocation (and a fixed IP for 
the VM) 
◦ neutron-agent configures the virtual bridges (br-data, 
br-int) via OpenFlow protocol 
◦ nova-compute boots the VM
 In the network node: 
◦ neutron-dhcp 
 creates a netns ("qdhcp-…") 
 creates a vif inside that netns 
 spawns a dnsmasq process (DHCP server) using that vif 
◦ neutron-l3 
 creates a netns for the virtual router ("qrouter-…") 
 creates a vif inside that netns 
 configure the routing tables inside that netns
 In the configuration files Neutron associates 
each “physical network” to a virtual bridge. 
For example: 
◦ Physnet1: br-data 
◦ Extphysnet: br-ex 
 The admin, during the creation of a provider 
network, must specify the associated physical 
network
 Use case: a user 
◦ creates a private user network 
( 10.0.0.0/24) 
◦ boots a VM on this network 
source ~/devstack/openrc demo demo pass && nova 
boot --key-name hc01 --image cirros-0.3.1-x86_64- 
disk --flavor 2 --nic net-id=61821a27-69b8- 
43c2-afa8-633304d8be50,v4-fixed-ip=10.0.0.66 
myserver
 The admin can even specify the VLAN Id used on the physical data 
network (even outside the VLAN ID pool specified in the configuration 
file) 
 The user cloud is not allowed to do this (OpenStack autonomously picks 
a VLAN from the VLAN pool available in the data network) 
source ~/devstack/openrc admin admin pass && neutron net-create net2 --provider:network_type 
vlan --provider:physical_network physnet1 --provider:segmentation_id 1000 
+---------------------------+--------------------------------------+ 
| Field | Value | 
+---------------------------+--------------------------------------+ 
| admin_state_up | True | 
| id | 61821a27-69b8-43c2-afa8-633304d8be50 | 
| name | private | 
| provider:network_type | vlan | 
| provider:physical_network | physnet1 | 
| provider:segmentation_id | 1000 | 
| router:external | False | 
| shared | False | 
| status | ACTIVE | 
| subnets | bbc97757-f297-4c7b-b032-e70768fe8485 | 
| tenant_id | a370af83e43a432abb3adfbf976d1cf8 | 
+---------------------------+--------------------------------------+ 
NB this VLAN is that used on the 
physical network!
PIF on the data 
network 
Veth pair: a pair of 
vif that act as a 
pipe (everything 
entering from one 
exits from the 
other)
VM 
eth0 
LB managment interface 
Tap interface (host-level 
view of the VM 
interface) 
Veth pair che 
collega br-int al 
linux bridge 
interfaces 
connecting the 
bridges
Openstack Networking Internals - first part
specific 
routing 
tables 
dhcp server 
dhcp server 
Network 
namespaces 
No traffic here
VM 
eth0 eth0
Provider network (external) 
NB it’s the physical external network of 
the cluster 
User network (internal) 
The VMs will receive a fixed IP on this 
net.
Openstack Networking Internals - first part
Openstack Networking Internals - first part

More Related Content

What's hot

Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Romana Project
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
「Neutronになって理解するOpenStack Network」~Neutron/Open vSwitchなどNeutronと周辺技術の解説~ - ...
「Neutronになって理解するOpenStack Network」~Neutron/Open vSwitchなどNeutronと周辺技術の解説~  - ...「Neutronになって理解するOpenStack Network」~Neutron/Open vSwitchなどNeutronと周辺技術の解説~  - ...
「Neutronになって理解するOpenStack Network」~Neutron/Open vSwitchなどNeutronと周辺技術の解説~ - ...VirtualTech Japan Inc.
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Portbenceromsics
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailPriti Desai
 
Open stack networking vlan, gre
Open stack networking   vlan, greOpen stack networking   vlan, gre
Open stack networking vlan, greSim Janghoon
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsThomas Morin
 
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabNSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabCisco Canada
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstackAchhar Kalia
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitchSim Janghoon
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27Kentaro Ebisawa
 
Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10Lợi Dương
 
Internet Week 2018 知っておくべきIPv6とセキュリティの話
Internet Week 2018 知っておくべきIPv6とセキュリティの話Internet Week 2018 知っておくべきIPv6とセキュリティの話
Internet Week 2018 知っておくべきIPv6とセキュリティの話Akira Nakagawa
 
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124  | Las Vegas 2017Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124  | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Bruno Teixeira
 
20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)rootfs32
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方Toru Makabe
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfssuser1490e8
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 

What's hot (20)

Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
「Neutronになって理解するOpenStack Network」~Neutron/Open vSwitchなどNeutronと周辺技術の解説~ - ...
「Neutronになって理解するOpenStack Network」~Neutron/Open vSwitchなどNeutronと周辺技術の解説~  - ...「Neutronになって理解するOpenStack Network」~Neutron/Open vSwitchなどNeutronと周辺技術の解説~  - ...
「Neutronになって理解するOpenStack Network」~Neutron/Open vSwitchなどNeutronと周辺技術の解説~ - ...
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Port
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
 
Open stack networking vlan, gre
Open stack networking   vlan, greOpen stack networking   vlan, gre
Open stack networking vlan, gre
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNs
 
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on LabNSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
NSO: Network Service Orchestrator enabled by Tail-f Hands-on Lab
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstack
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27
 
Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10Install a micro k8s single node cluster of kubernetes on windows 10
Install a micro k8s single node cluster of kubernetes on windows 10
 
Internet Week 2018 知っておくべきIPv6とセキュリティの話
Internet Week 2018 知っておくべきIPv6とセキュリティの話Internet Week 2018 知っておくべきIPv6とセキュリティの話
Internet Week 2018 知っておくべきIPv6とセキュリティの話
 
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124  | Las Vegas 2017Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124  | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
 
20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)20150511 jun lee_openstack neutron 분석 (최종)
20150511 jun lee_openstack neutron 분석 (최종)
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdf
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
 

Viewers also liked

Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_partlilliput12
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsrranjithrajaram
 
Cloud foundry integration-with-openstack-and-docker-bangalorecf-meetup
Cloud foundry integration-with-openstack-and-docker-bangalorecf-meetupCloud foundry integration-with-openstack-and-docker-bangalorecf-meetup
Cloud foundry integration-with-openstack-and-docker-bangalorecf-meetupKrishna-Kumar
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Seung-Hoon Baek
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...Giuseppe Paterno'
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 

Viewers also liked (7)

Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_part
 
Open VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needsOpen VSwitch .. Use it for your day to day needs
Open VSwitch .. Use it for your day to day needs
 
Cloud foundry integration-with-openstack-and-docker-bangalorecf-meetup
Cloud foundry integration-with-openstack-and-docker-bangalorecf-meetupCloud foundry integration-with-openstack-and-docker-bangalorecf-meetup
Cloud foundry integration-with-openstack-and-docker-bangalorecf-meetup
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 

Similar to Openstack Networking Internals - first part

neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_updateAkihiro Motoki
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Neutron behind the scenes
Neutron   behind the scenesNeutron   behind the scenes
Neutron behind the scenesinbroker
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Affan Syed
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
An Introduce of OPNFV (Open Platform for NFV)
An Introduce of OPNFV (Open Platform for NFV)An Introduce of OPNFV (Open Platform for NFV)
An Introduce of OPNFV (Open Platform for NFV)Mario Cho
 
Openstack Quantum yahoo meetup 1 23-13
Openstack Quantum yahoo meetup 1 23-13Openstack Quantum yahoo meetup 1 23-13
Openstack Quantum yahoo meetup 1 23-13Dan Wendlandt
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDNSungman Jang
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDNOpenStack Korea Community
 
Quantum grizzly summit
Quantum   grizzly summitQuantum   grizzly summit
Quantum grizzly summitDan Wendlandt
 
Quantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptxQuantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptxOpenStack Foundation
 
Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
 

Similar to Openstack Networking Internals - first part (20)

neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_update
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron)
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
Neutron behind the scenes
Neutron   behind the scenesNeutron   behind the scenes
Neutron behind the scenes
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
10 sdn-vir-6up
10 sdn-vir-6up10 sdn-vir-6up
10 sdn-vir-6up
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
An Introduce of OPNFV (Open Platform for NFV)
An Introduce of OPNFV (Open Platform for NFV)An Introduce of OPNFV (Open Platform for NFV)
An Introduce of OPNFV (Open Platform for NFV)
 
Openstack Quantum yahoo meetup 1 23-13
Openstack Quantum yahoo meetup 1 23-13Openstack Quantum yahoo meetup 1 23-13
Openstack Quantum yahoo meetup 1 23-13
 
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
20151222_Interoperability with ML2: LinuxBridge, OVS and SDN
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
 
Quantum grizzly summit
Quantum   grizzly summitQuantum   grizzly summit
Quantum grizzly summit
 
Quantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptxQuantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptx
 
OpenStack Quantum
OpenStack QuantumOpenStack Quantum
OpenStack Quantum
 
Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101
 
Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015
 

Recently uploaded

Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideHironori Washizaki
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 

Recently uploaded (20)

Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5UiPath Studio Web workshop series - Day 5
UiPath Studio Web workshop series - Day 5
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 

Openstack Networking Internals - first part

  • 1. Giuliano Santandrea – CIRI ICT University of Bologna
  • 2. ● OpenStack description ● Openstack components and allocation ● Neutron abstractions ● The virtual network infrastructure
  • 3.  vif: virtual network interface  VR: virtual router  VNI: virtual network infrastructure  OVS: Open vSwitch© virtual bridge  LB: Linux bridge
  • 5. ● OpenStack is a cloud platform management software ● A cloud platform is a cluster of machines that host some servers (instances): the servers are offered to the users as as a “service”. The user is able to create a “virtual infrastructure” composed of servers and network appliances (firewalls, routers, ...) ● The servers can be implemented as: – VM (KVM,VMWare,..) – light container (LXC-Docker,..) – bare metal (PXE boot,…)
  • 6. OS is composed of the following components: ● Web dashboard (Horizon) ● Compute (Nova): it manages instances lifecycle ● Keystone: credentials, service catalog of all the OS services (list of REST service endpoints) ● Glance: image management. An image is a blob file containing a file system with a “pre-cooked” VM: it can be used by hypervisors to boot a new instance! ● Networking(Neutron): network management ● Block storage (Cinder): persistent storage (volumes) ● Other services: – Object storage (Swift): distributed storage for non-structured data
  • 7. External net Controller Network node CPU node 1 CPU node 2 CPU node 3 Management net Data net (flat) Internet
  • 8. ● Data net ● Mgmt net ● External/API net These networks are implemented as physical separated networks. Cesena cluster: I configured a switch with “port-based, access mode” VLANs
  • 9. External net Controller Network node CPU node 1 CPU node 2 CPU node 3 Management net Data net (flat) Internet Allows the admin to access the cluster nodes and it is used for inter-service communication EVERY NODE IS ON THIS NET
  • 10. External net Controller Network node CPU node 1 CPU node 2 CPU node 3 Management net Data net (flat) Internet Used for inter-VM communication. Depending on the chosen network virtualization mechanism, the packets will be VLAN tagged packets, or encapsulated packets (VXLAN, GRE)
  • 11. External net Controller Network node CPU node 1 CPU node 2 CPU node 3 Management net Data net (flat) Internet It allows the VMs to access the Internet, the user to access the VMs
  • 13. External net ●Keystone ●Nova Controller Network node CPU node 1 CPU node 2 CPU node 3 Management net Data net (flat) Internet ●API: REST endpoint, receives user requests ●Scheduler: chooses a compute node ●Glance: ●API ●Registry ●Neutron ●Server: REST API endpoint ●plugin: implements the VNI ●Cinder: ●API,… ●message queue: middleware for inter-service communication
  • 14. External net Controller Network node CPU node 1 CPU node 2 CPU node 3 Management net Data net (flat) Internet Neutron • plugin: implements the VNI • L3: virtual routers creation • dhcp • metadata
  • 15. External net Controller Network node CPU node 1 CPU node 2 CPU node 3 Management net Data net (flat) Internet In each Compute node: ●Neutron ●plugin: implements VNI ●Nova ●compute: manages the hypervisor
  • 16. ● User send REST API calls to the service enpoints, using: – the web dashboard – CLI clients ● OS components communicate between each other using: – Message passing (an AMQP server resides in the controller node) – rest API calls ● Some components (neutron-server, keystone, etc.) access directly to a DB to save/modify their state
  • 17.  Sometimes the external network is not directly connected the internet, but there is a datacenter gateway allowing the access to the internet Public net gateway Internet REST API External net Private cloud
  • 18. Public net gateway External net Controller CPU node 1 CPU node 2 CPU node 3 Mgmt net data net nova api Network node REST API User port forwarding Internet REST protocol
  • 19. Public net gateway External net Internet REST API User port forwarding Controller Network node CPU node 1 CPU node 2 CPU node 3 Horizon (Web server apache2) HTTP request Mgmt net data net
  • 21. Public net gateway External net Controller Network node CPU node 1 CPU node 2 CPU node 3 rete dati (flat) REST API User port forwarding Internet xvncproxy VNC protocol Port forwarding on 6080 port!! hypervisor The hypervisor pipes the VM video output through the network sudo iptables -t nat -I PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 10.250.0.1:80 VM Mgmt net
  • 23. Public net gateway External net Internet REST API Controller Network node CPU node 1 CPU node 2 CPU node 3 nova compute nova api message queue server Mgmt net data net
  • 24. Public net gateway External net Internet REST API Controller Network node CPU node 1 CPU node 2 CPU node 3 nova compute Glance API REST endpoint REST API call Mgmt net data net
  • 25. Public net gateway External net Internet REST API Controller Network node CPU node 1 CPU node 2 CPU node 3 Mgmt net data net VM VM
  • 26. Public net gateway External net Internet REST API Controller Network node CPU node 1 CPU node 2 CPU node 3 Mgmt net data net Virtual router VM VM
  • 27. Public net gateway External net Internet REST API NAT/ port forwarding Controller Network node CPU node 1 CPU node 2 CPU node 3 Mgmt net data net Virtual router VM User
  • 28. Public net gateway External net Internet REST API Controller Network node CPU node 1 CPU node 2 CPU node 3 Mgmt net data net VM Virtual router (NAT/ Floating IP) NAT/ port forwarding User The VM has: • a fixed private IP on a private tenant net • an optional floating IP on the external network The VR does: • The NAT for private IPs • DNAT of the floating IPs
  • 29. Public net gateway External net Internet REST API Controller Network node CPU node 1 CPU node 2 CPU node 3 data net Mgmt net VM hypervisor storage The VM sees the disk (block device) as a local device! Network file system protocol (NFS, iSCSI, …) Storage node
  • 31. Neutron defines these network abstractions:  Network – an isolated L2 network segment  Subnet – an IP address block on a certain network  Router – a gateway between subnets  Fixed IP – an IP on a tenant network  Floating IP – a mapping between IP of external networks and a private fixed IP  Port – an attachment point to a network. Users only see these abstractions!!!  Neutron implements these abstraction inside the VNI in the cluster nodes (i.e. at the host level) so that VMs (guest level) can see the virtual networks
  • 32.  Tenant network: a network created by a cloud user. The VM takes a fixed IP from this net (not modifiable after the VM creation) ◦ implementation detail: the VM receives the IP from a DHCP server configured to give always the same fixed IP to that VM!  Provider network: network external to the cluster, allows outside connectivity, passing through the network node. A VM can allocate a floating IP to gain external visibility (OpenStack maps each floating IP to the related fixed IP). Floating Ips are deallocable.
  • 33. VIRTUAL NETWORK Managed by Neutron Physical interface of the network node
  • 34.  They are “leaky abstractions”! For example: ◦ Net creation is limited to the effective VLAN ID availability for the physical network! ◦ During the network creation you could specify low level implementation details ( such as the VLAN ID) or leave OpenStack decide them for you
  • 35.  server (REST API endpoint): receives API requests, saves all the network info in a database, instructs the agents  plugin agent: implements the VNI inside the cluster node, using the technology specified (GRE tunnel, VLAN, VXLAN, …).  dhcp: implements the dhcp servers  L3: implements the virtual routers  Metadata: the VMs contact the metadata service at the creation
  • 37. ● Create a L2 network – neutron net-create net1 ● Associate a L3 subnet to the network – neutron subnet-create net1 10.0.0.0/24 --name subnet1 ● Boot a VM on that subnet – nova boot --image img --flavor flv --nic net-id=uuid vm_name
  • 38. A user that wants to create a VM: 1. Sends a REST API (via CLI client or web dashboartd) to the Keystone REST endpoint (request+auth) and Nova endpoint 2. “nova-scheduler”, internally, chooses the best suitable compute (CPU) node that will host the VM 3. In that CPU node, the “nova-compute” component does the following things: 1. prepares the hypervisor 2. asks Glance the VM image 3. asks Neutron components to allocate the VNI 4. asks Cinder to allocate the persistent block storage (volumes) for the VM
  • 40.  Network namespaces is a technology that allows to separate/isolate multiple network domains inside a single host by replicating the network software stack  A process executed in a namespace sees only specific: ◦ physical/virtual network interfaces ◦ routing/arp tables ◦ firewall/NAT rules  You can: ◦ Create a netns ◦ Create a process/virtual network component inside that netns
  • 41. Network namespace 1 process process Linux kernel global namespace (PID 1) Hardware Network namespace N Network namespace 2 ... A global namespace created at boot time. Processes usually reside here You can: • Create a netns • create a vif inside the netns • start a linux process VIF process process
  • 42. VIF VIF Network namespace 1 Linux kernel global namespace (PID 1) Hardware Network namespace N Network namespace 2 ... Namespaces guarantee L3 isolation, so the interfaces can have overlapping IP addresses!
  • 43.  The virtual bridges can be connected to (physical or virtual) interfaces that reside in different namespaces: the virtual bridges act as bridges between the namespaces Physical host Network namespace 1 Network namespace 2 VIF packet PIF Virtual bridge process
  • 44. Physical host process process process process They are completely isolated!
  • 46.  In each node there is: ◦ An integration bridge ◦ A bridge for each physical network, connected to  The integration bridge  The physical network interface (pif)
  • 47. public net gateway External net Mgmt net Controller Network node CPU node 1 Data net br-int br-data VM linux bridge br-int br-data br-ex br-int br-data br-data: connected to the data net Internet
  • 48. Internet gateway External net Controller Network node CPU node 1 br-int br-data VM linux bridge br-int br-data br-ex br-int br-data br-int: intermediate bridge, act as a hub of a star network Mgmt net Data net public net
  • 49. Internet gateway Controller Network node CPU node 1 br-int br-data VM linux bridge br-int br-data br-ex br-int br-data br-ex: connected to the external network (only present only in the network node!!) External net Mgmt net Data net public net
  • 50.  Advantages: namespaces allow to manage multiple L3 functions at the host level in the same node.  This is a key enabler is implementing VNIs with advanced functionalities: the cloud users to create overlapping virtual L3 networks!!! ◦ Two tenants can create isolated L3 networks with the same IP addresses  The namespaces are used only in the network node (because L3 functionalities at the host level are present only inside the network node)  A new network namespace is created by OpenStack when you create… ◦ … a new virtual L2 network ◦ … a new virtual router
  • 51.  In the compute node: ◦ nova-compute makes a REST API call to neutron-server asking for a port allocation (and a fixed IP for the VM) ◦ neutron-agent configures the virtual bridges (br-data, br-int) via OpenFlow protocol ◦ nova-compute boots the VM
  • 52.  In the network node: ◦ neutron-dhcp  creates a netns ("qdhcp-…")  creates a vif inside that netns  spawns a dnsmasq process (DHCP server) using that vif ◦ neutron-l3  creates a netns for the virtual router ("qrouter-…")  creates a vif inside that netns  configure the routing tables inside that netns
  • 53.  In the configuration files Neutron associates each “physical network” to a virtual bridge. For example: ◦ Physnet1: br-data ◦ Extphysnet: br-ex  The admin, during the creation of a provider network, must specify the associated physical network
  • 54.  Use case: a user ◦ creates a private user network ( 10.0.0.0/24) ◦ boots a VM on this network source ~/devstack/openrc demo demo pass && nova boot --key-name hc01 --image cirros-0.3.1-x86_64- disk --flavor 2 --nic net-id=61821a27-69b8- 43c2-afa8-633304d8be50,v4-fixed-ip=10.0.0.66 myserver
  • 55.  The admin can even specify the VLAN Id used on the physical data network (even outside the VLAN ID pool specified in the configuration file)  The user cloud is not allowed to do this (OpenStack autonomously picks a VLAN from the VLAN pool available in the data network) source ~/devstack/openrc admin admin pass && neutron net-create net2 --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 1000 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 61821a27-69b8-43c2-afa8-633304d8be50 | | name | private | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 1000 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | bbc97757-f297-4c7b-b032-e70768fe8485 | | tenant_id | a370af83e43a432abb3adfbf976d1cf8 | +---------------------------+--------------------------------------+ NB this VLAN is that used on the physical network!
  • 56. PIF on the data network Veth pair: a pair of vif that act as a pipe (everything entering from one exits from the other)
  • 57. VM eth0 LB managment interface Tap interface (host-level view of the VM interface) Veth pair che collega br-int al linux bridge interfaces connecting the bridges
  • 59. specific routing tables dhcp server dhcp server Network namespaces No traffic here
  • 61. Provider network (external) NB it’s the physical external network of the cluster User network (internal) The VMs will receive a fixed IP on this net.