SlideShare a Scribd company logo

Open stack networking_101_update_2014-os-meetups

Y
yfauser

This is the latest Update to my OpenStack Networking / Neutron 101 Slides with some more Information and caveats on the new DVR and Gateway HA Features

Technology
1 of 29
Download to read offline
© 2014 VMware Inc. All rights reserved.© 2014 VMware Inc. All rights reserved. 12/11/2014 OpenStack Networking Neutron 101 + Updates of 2014 Yves Fauser Solution Architect @ VMware
Agenda •  Network Models •  Nova-Networking vs. Neutron refresher –  Nova-Networking quick overview –  Nova-Networking Multi-Host mode –  Nova-Networking vs. Neutron at a glance •  Neutron plugin concept refresher •  Service plugins •  ML2 plugin vs. monolithic Plugins •  New in Juno –  Distributed Virtual Router for OVS mechanism driver –  Neutron L3 High-Availability for virtual routers –  Neutron IPv6 Support
OpenStack Networking – Flat •  In the simple ‘flat’ networking model, all instances (VMs) are bridged to a physical adapter •  L3 first-hop routing is either provided by the physical networking devices (flat model), or by OpenStack L3 Service (flat-DHCP model) •  Sufficient in single tenant or ‘full trust’ use cases were no segmentation is needed (beside iptables/ebtables between VM interfaces and bridge) •  Doesn’t provide multi-tenancy, L2 isolation and overlapping IP address support •  Available in Neutron and in Nova-Networking VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM L3 L2 L3 L2 Access port (no VLAN tag)
OpenStack Networking – VLAN based •  The VLAN based model uses VLANs per tenant network (with Neutron) to provide multi-tenancy, L2 isolation and support for overlapping IP address spaces •  The VLANs can either be pre-configured manually on the physical switches, or a neutron vendor plugin can communicate with the physical switches to provision the VLAN •  Examples of vendor plugins that are creating VLANs on Switches are the Arista and Cisco Nexus/UCS ML2 mechanism driver •  L3 first-hop routing can be done either; •  On the physical switches/routers, or VM VM VM VM VM VM VM VM VM VM VM VM L3 L2 L3 L2 VLAN trunk port (VLAN tags used) VM VM VM VM Neutron vendor plugin can create VLANs through vendor API
OpenStack Networking – VLAN based VM VM VM VM VM VM VM VM VM VM VM VM L3 L2 L3 L2 VLAN trunk port (VLAN tags used) Logical routers are handling the first- hop gateway function on Neutron Network-Node •  The VLAN based model uses VLANs per tenant network (with Neutron) to provide multi-tenancy, L2 isolation and support for overlapping IP address spaces •  The VLANs can either be pre-configured manually on the physical switches, or a neutron vendor plugin can communicate with the physical switches to provision the VLAN •  Examples of vendor plugins that are creating VLANs on Switches are the Arista and Cisco Nexus/UCS ML2 mechanism driver •  L3 first-hop routing can be done either; •  On the physical switches/routers, or •  As logical routers in Neutron Neutron vendor plugin can create VLANs through vendor API L3 for tenant networks
VM VM VM VM OpenStack Networking Models – ‘SDN Fabric’ based •  In this model multi-tenancy is achieved using different ‘edge’ and ‘fabric’ tags. E.g. VLANs can be used to address the tenant between the hypervisor vSwitch and the Top-of-Rack switch, and some other tag is used inside of the vendors fabric to isolate the tenants VM VM VM VM VM VM VM VM Vendor Fabric uses some form of ‘Fabric Tag’ to address the tenant VM VM VM VM VM VM VM VM VM VM VM VM Hypervisor to Top of Rack Switch uses some form of ‘edge tag’ (e.g. VLAN, VXLAN header, etc.) Central controller controls the vSwitches and physical Switches Controller •  Usually a single controller controls both the vSwitches and the physical switches •  L3 first-hop routing and L2 bridging to physical usually done in the physical switch fabric •  Single vendor design for physical and virtual networking •  Examples; BigSwitch, NEC, Cisco ACI, Brocade, Avaya, … Neutron vendor plugin talks to controller through vendor API Fabric Tag Edge Tag Edge Tag
OpenStack Networking Models – Network Virtualization •  With network virtualization (aka overlay) model, multi-tenancy is achieved by overlaying MAC-in-IP ‘tunnels’ onto the physical switching fabric (aka transport network) •  An ID field is used in the encapsulation header (e.g. VXLAN, GRE, STT) to address the tenant network. A full L2 isolation and overlapping IP space support is achieved •  Controller controls only the vSwitches and the Gateways •  L3 first-hop routing and L2 bridging to physical done either by software or hardware gateways (or both) •  Examples; VMware NSX, Midokura, Plumgrid, Contrail, Nuage, … OpenStack DACH Day 2014 @ Linux Tag Berlin, 0 VM VM VM VMVM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Physical network fabric uses L3 routing protocols (e.g. OSPF or BGP) to build a stable Layer 3 Fabric SDN controller cluster controls the vSwitches in the Hypervisors MAC-in-IP ‘Tunnel’ is used to address and isolate the tenants (e.g. using VXLAN) L3 Gateway L3 L2 L3 L2 L3L3 L3 L2 Neutron plugin talks to controller through vendor API
Why I think the ‘Network virtualization’ (aka overlay) approach is the best model •  It achieves multi-tenancy, L2 isolation and overlapping IP address support without the need to re- configure physical network devices •  Logical Network for Instances (VMs) is location independent – It spans over L2/L3 boundaries, and therefore doesn’t force bad (flat) network design •  Very big ID space for tenant addressing compared to the usual VLAN id space (max. 4094) •  Network virtualization runs as a software construct on top of any physical network topology, vendor, etc. •  Physical network and logical network can evolve independently from each other, each one can be procured, exchanged, upgraded and serviced independently •  Large number of commercial and open source implementations are available today •  Proven in production in some of the largest OpenStack deployments out there
Nova-Networking quick Overview nova-api (OS,EC2,Admin) nova-console (vnc/vmrc) nova-compute Nova DB nova-scheduler nova- consoleauth Hypervisor (KVM, Xen, etc.) Queue nova-cert Libvirt, XenAPI, etc. nova-metadata nova- network nova-volume Network-Providers (Linux-Bridge or OVS with brcompat, dnsmasq, IPTables) Volume-Provider (iSCSI, LVM, etc.) Inspired by Ken Pepple •  Nova-Networking was OpenStack’s first network implementation •  Nova-network is still present today, and can be used instead of Neutron •  No new features are added since Folsom, but bug- fixing is done frequently •  Nova-network only knows 3 basic Network-Models; –  Flat & Flat DHCP: direct bridging of Instance to external ethernet Interface with and without DHCP –  VLAN based: Every tenant gets a VLAN, DHCP enabled •  Watch this online meetup Session for more details: https://www.youtube.com/watch?v=ascEICz_WUY
Nova-Networking Multi-Host mode 1/2 nova-compute hypervisor VM VM Bridge 30IP Stack Compute Node + Networking nova-compute hypervisor VM VM Br 30IP Stack Compute Node nova-compute hypervisor VM VM IP Stack Compute Node External Network (or VLAN) Internal VLANs WAN/ Internet dnsmasq iptables/ routing Bridge 40 VLAN30 VLAN40 Br 40 VLAN30 VLAN40 Br 30 Br 40 VLAN30 VLAN40 VLAN Trunk VLAN Trunk dnsmasq NAT & floating -IPs nova-netw. •  In Nova-Networking the node that is holding the nova-networking role is; –  A single point of failure –  A choke point for both east-west and north-south traffic (traffic staying in the DC between nodes and traffic leaving/entering the DC at the perimeter) –  Nova-Networking has a “multi-host mode” to address this
Nova-Networking Multi-Host mode 2/2 nova-compute hypervisor VM VM Bridge 30IP Stack Compute Node + Networking External Network (or VLAN) Internal VLANs WAN/ Internet dnsmasq iptables/ routing Bridge 40 VLAN30 VLAN40 VLAN Trunk VLAN Trunk dnsmasq NAT & floating -IPs nova-netw. •  With nova-networking “Multi-Host” each compute node runs nova-networking, and provides routing, SNAT and floating-ip’s (DNAT) for its local Instances –  Pros; Inherently highly-available; scales out routing and NAT to all compute-nodes –  Cons; IP address sprawl: each compute-node needs one external IP for SNAT, and one internal IP in each project Network nova-compute hypervisor VM VM Bridge 30IP Stack Compute Node + Networking dnsmasq iptables/ routing Bridge 40 VLAN30 VLAN40 dnsmasq NAT & floating -IPs nova-netw. nova-compute hypervisor VM VM Bridge 30IP Stack Compute Node + Networking dnsmasq iptables/ routing Bridge 40 VLAN30 VLAN40 dnsmasq NAT & floating -IPs nova-netw. External network
Nova-Networking vs. Neutron at a glance •  Watch this online meetup Session for more details: https://www.youtube.com/watch?v=ascEICz_WUY •  Neutron pros –  More network implementation options –  Dynamic network, virtual router, load balancer, VPN creation under the tenants control instead of fixed per project allocation –  Pluggable architecture allows vendors to integrate their network solution into OpenStack and innovate independently (e.g. using network virtualization, SDN concepts, etc.) –  Well defined tenant accessible API for consuming network services •  Nova-Networking pros –  Simple models with less moving parts –  “Compute centric” networking model; easier to understand than the complex options and “networking speech” in Neutron –  Code-Base is in “bug-fixing” mode since long time now; less friction –  HA and scale-out trough “multi-host” option (starting to be addressed in Neutron by DVR and HA)
OpenStack Neutron – Plugin Concept refresher Neutron 
 Core API" Neutron Service (Server)" " •  L2 network abstraction definition and management, IP address management •  Device and service attachment framework •  Does NOT do any actual implementation of abstraction " Plugin API" " Vendor/User Plugin" •  Maps abstraction to implementation on the Network (Overlay e.g. NSX or physical Network) •  Makes all decisions about *how* a network is to be implemented •  Can provide additional features through API extensions. •  Extensions can either be generic (e.g. L3 Router / NAT), or Vendor Specific " Neutron
 API Extension" Extension API implementation is optional
Core and service plugins •  Core plugin implement the “core” Neutron API functions (l2 Networking, IPAM, …) •  Service plugins implements additional network services (l3 routing, Load Balancing, Firewall, VPN) •  Implementations might choose to implement relevant extensions in the Core plugin itself Neutron 
 Core API" Function" Core " L3 " FW " Core " L3 " FW " Core " L3 " FW " Plugin" Core Plugin " Core Plugin " FW plugin " Core Plugin " FW plugin " L3 plugin "
OpenStack Neutron – Plugin locations ! # cat /etc/neutron/neutron.conf | grep "core_plugin"! core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin! ! # cat /etc/neutron/neutron.conf | grep "service_plugins”! service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin! ! ! # ls /usr/share/pyshared/neutron/plugins/! bigswitch cisco embrane __init__.py metaplugin ml2 nec openvswitch ryu! brocade common hyperv linuxbridge midonet mlnx nicira plumgrid! ! # ls /usr/share/pyshared/neutron/services/! firewall __init__.py l3_router loadbalancer metering provider_configuration.py service_base.py vpn" "
OpenStack Neutron – Modular Plugin •  Before the modular plugin (ML2), every team or vendor had to implement a complete plugin including IPAM, DB Access, etc. •  The ML2 Plugin separates core functions like IPAM, virtual network id management, etc. from vendor/implementation specific functions, and therefore makes it easier for vendors not to reinvent to wheel with regards to ID Management, DB access … •  Existing and future non-modular plugins are called “monolithic” plugins •  ML2 calls the management of network types “type drivers”, and the implementation specific part “mechanism drivers” Arista CiscoLinux Bridge OVS etc. Mechanism Drivers" GRE VLAN VXLAN etc. Type Drivers" Type Manager" Mechanism Manager " ML2 Plugin & API Extensions"
OpenStack Neutron ML2 – locations ! # cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep type_drivers! # the neutron.ml2.type_drivers namespace.! # Example: type_drivers = flat,vlan,gre,vxlan! type_drivers = gre! ! # cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep mechanism_drivers! # to be loaded from the neutron.ml2.mechanism_drivers namespace.! # Example: mechanism_drivers = arista! # Example: mechanism_drivers = cisco,logger! mechanism_drivers = openvswitch,linuxbridge! ! ! # ls /usr/share/pyshared/neutron/plugins/ml2/drivers/! cisco l2pop mechanism_ncs.py mech_hyperv.py mech_openvswitch.py type_gre.py type_tunnel.py type_vxlan.py __init__.py mech_agent.py mech_arista mech_linuxbridge.py type_flat.py type_local.py type_vlan.py! "
OpenStack Neutron – Modular Plugin vs. Monolithic Plugins •  A vendor is free to choose between the development of an monolithic plugin or an ML2 mechanism driver –  A vendor might want use its own integrated IPAM / DB access, or already has a stable and proven code base for it –  Timing: Development of a monolithic plugin might have started long before ML2 emerged •  Contrary to a common misunderstanding monolithic plugins are not deprecated, only the existing OVS-Plugin and Linux Bridge plugins have been deprecated in IceHouse in favor of the OVS / Linux Bridge mechanism drivers •  ML2 re-uses the monolithic OVS and Linux Bridge code for its mechanism driver and agents (e.g L3 Agent, DHCP Agent, OVS Agent, etc.)
Juno – Distributed Virtual Router for OVS – 1/5 •  There is was equivalent of nova-network “multi-host” mode in Neutron before Juno •  In the OVS and Linux Bridge implementations, the L3 Agent node is a single point of failure. •  Scaling out is done by deploying multiple network nodes, but even then east-west traffic needs to go through the L3 Agent Node, and can potentially be a choke point •  Some vendor implementation already have distributed routing an HA today in their solutions IP Stack Neutron- Network-Node nova-compute hypervisor VM VM IP Stack Compute Node nova-compute hypervisor VM VM Compute Node External Network (or VLAN) WAN/ Internet iptables/ routing Layer 3 Transport Network dnsmasqNAT & floating -IPs iptables/ routing N.-L3-Agent N.-DHCP-Agent N.-OVS-Agent ovsdb/ ovsvsd Neutron-Server + OVS-Plugin N.-OVS-Agent N.-OVS-Agent ovsdb/ ovsvsd ovsdb/ ovsvsd Layer 3 Transport Net. IP Stack br-int br-int br-tun br-int br-tun br-tun L2 in L3 Tunnel dnsmasq br-ex
Juno – Distributed Virtual Router for OVS – 2/5 •  Similar to “multi-host” mode in nova-network, each compute node now has its own routing and NAT service (internal router namespaces - ‘IR’ ) •  In contrast to nova-network “multi-host” mode : –  SNAT will be done on a centralized network-node to avoid IP address sprawl on the external network (introducing a single point of failure that needs to be addressed through virtual routers HA later) –  All IRs use a single logical internal IP in the tenant networks, but have separate MAC addresses IP Stack Neutron- Network-Node nova-compute hypervisor VM VM Compute Node External Network (or VLAN) WAN/ Internet iptables/ routing Layer 3 Transport Network dnsmasqSNAT -IPs iptables/ routing N.-L3-Agent N.-DHCP-Agent N.-OVS-Agent ovsdb/ ovsvsd Neutron-Server + OVS-Plugin N.-OVS-Agent IP Stack br-intbr-int br-tun br-tun L2 in L3 Tunnel dnsmasq br-ex N.-L3-(DVR)-Agent iptables/ routing NAT for floating -IPs iptables/ routing br-ex ovsdb/ ovsvsd nova-compute hypervisor VM VM Compute Node N.-OVS-Agent IP Stack br-int br-tun iptables/ routing NAT for floating -IPs iptables/ routing br-ex ovsdb/ ovsvsd Layer 3 Transport Net. External Network (or VLAN) External Network (or VLAN) N.-L3-(DVR)-Agent
br-int br-int Juno – Distributed Virtual Router for OVS – 3/5 •  For east-west traffic which is routed within a tenants distributed virtual router, traffic is send directly between compute-nodes on the transport network (Using the overlay technology) •  Traffic can also stay within a compute-node, if the source and destination are on the same compute node •  For more details see the DRV blueprint: https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr east-west north-south ComputeNode VM VM VM VM IR2 IR1 WAN/ Internet ComputeNode External Network Transport Network (e.g. used for tunnels) NetworkNode IR2 IR1 VM VM VM VM br-tun br-tun br-tun br-ex br-ex br-ex br-int R2 / SNAT R1 / SNAT
br-int Juno – Distributed Virtual Router for OVS – 4/5 •  For SNAT from the tenant instances to the internet/WAN (north/south) traffic is routed through a centralized network-node •  This avoids IP address sprawl on the external network •  For more details see the DRV blueprint: https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr east-west north-south ComputeNode VM VM VM VM IR2 IR1 WAN/ Internet ComputeNode External Network Transport Network (e.g. used for tunnels) NetworkNode R2 / SNAT R1 / SNAT IR2 IR1 VM VM VM VM SNAT Router -IP br-tun br-tun br-tun br-ex br-ex br-ex br-int br-int
br-int Juno – Distributed Virtual Router for OVS – 5/5 •  For floating-ip’s to and from the tenant instances to the internet/WAN (north/ south) traffic is routed and nat’ed directly at the compute nodes (IR Namespace) •  For more details see the DRV blueprint: https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr east-west north-south ComputeNode VM VM VM VM IR2 IR1 WAN/ Internet ComputeNode External Network Transport Network (e.g. used for tunnels) NetworkNode R2 / SNAT R1 / SNAT IR2 IR1 VM VM VM VM floating -IP br-tun br-tun br-tun br-ex br-ex br-ex br-int br-int
Juno – Current caveats for Distributed Virtual Router •  Currently there is no support for HA in the centralized SNAT Node (north/south). Although there is L3 Agent HA in Juno today, you need to choose between DVR mode or L3 HA today. The plan is to address this in Kilo, or even later, as the Neutron team has other technical debt to work on •  No IPv6 Support •  DVR is only supported with OVS Plugin with VXLAN based overlays, no support for VLAN modes and/or for Linux Bridge Plugin •  No support for VPNaaS •  Longer term plans –  Distributed SNAT –  Distributed DHCP (nova-network has this today) –  Full migration support from virtual routers to DVR
Juno – HA for Virtual Routers •  Juno added native HA support using ‘keepalived’ for the centralized L3 agent nodes •  If configured for HA, one active and one standby router will be deployed on two different neutron L3 GW network nodes. Both will share Virtual IPs internally •  For more details see the HA for virtual routers blueprint: https://github.com/openstack/neutron-specs/blob/master/specs/juno/l3-high-availability.rst          +----+                          +----+!         |    |                          |    |! +-------+ QG +------+           +-------+ QG +------+! |       |    |      |           |       |    |      |! |       +-+--+      |           |       +-+--+      |! |     VIPs|         |           |         |VIPs     |! |         |      +--+-+      +--+-+       |         |! |         +      |    |      |    |       +         |! |  KEEPALIVED+---+ HA +------+ HA +----+KEEPALIVED  |! |         +      |    |      |    |       +         |! |         |      +--+-+      +--+-+       |         |! |     VIPs|         |           |         |VIPs     |! |       +-+--+      |           |       +-+--+      |! |       |    |      |           |       |    |      |! +-------+ QR +------+           +-------+ QR +------+!         |    |                          |    |!         +----+                          +----+!
Juno – Current caveats for L3 Agent HA •  Currently there is no state synch for NAT tables and FWaaS states, planed to be address in Kilo or later using Conntrackd •  No support for HA when using the DVR functionality (also goes with the first bullet) •  No logging for state transitions, no CLI to see where the active router is and no CLI to move it between nodes •  Currently no automatic migration of existing routers to HA routers •  Max. 255 router pairs per HA network, and therefore per tenant
Juno – IPv6 support •  IPv6 was dysfunctional at multiple implementation points in Neutron before Jun0 –  No support for Stateless Auto Configuration (SLAAC) in OpenStack security model / IPAM, so even when one uses an external IPv6 router, security groups and port security will prevent the Instance from working correctly –  Dnsmasq support for DHCPv6 was problematic and “broken” –  No IPv6 Routing support on L3 Agent, Metadata, etc. •  A new IPv6 Neutron Subteam was founded to address the multiple IPv6 requirements •  Expected critical IPv6 Features in Juno Timeframe –  Provider Networking - upstream SLAAC Support –  Support DHCPv6 stateless and stateful mode in Dnsmasq –  Support Router Advertisement Daemon (radvd) for IPv6 •  See more details here: https://wiki.openstack.org/wiki/Neutron/IPv6
Juno – More Information •  A big number of new vendor plugins, enhancements to existing plugins and mechanism drivers, service plugins etc. are being developed for the Juno timeframe right now •  See here for a list of Juno Specs (linking to the Blueprints): https://github.com/openstack/neutron-specs/tree/master/specs/juno •  See here for a list of Blueprints: https://blueprints.launchpad.net/neutron/juno
Questions?

Recommended

Open stack networking_101_part-1
Open stack networking_101_part-1Open stack networking_101_part-1
Open stack networking_101_part-1yfauser
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networkingyfauser
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauseryfauser
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantumMiguel Lavalle
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveyfauser
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 

Recommended

Open stack networking_101_part-1
Open stack networking_101_part-1Open stack networking_101_part-1
Open stack networking_101_part-1yfauser
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networkingyfauser
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauseryfauser
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantumMiguel Lavalle
 
Open stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveOpen stack networking_101_part-2_tech_deep_dive
Open stack networking_101_part-2_tech_deep_diveyfauser
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Training open stack networking -neutron
Training open stack networking -neutronTraining open stack networking -neutron
Training open stack networking -neutronHaifeng Yan (颜海峰)
 
Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Dan Wendlandt
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenesinbroker
 
neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_updateAkihiro Motoki
 
Open Source Backends for OpenStack Neutron
Open Source Backends for OpenStack NeutronOpen Source Backends for OpenStack Neutron
Open Source Backends for OpenStack Neutronmestery
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesAnil Bidari ( CEO , Cloud Enabled)
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
From Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
From Nova-Network to Neutron and Beyond: A Look at OpenStack NetworkingFrom Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
From Nova-Network to Neutron and Beyond: A Look at OpenStack NetworkingCynthia Thomas
 
An Introduction to OpenStack Networking
An Introduction to OpenStack NetworkingAn Introduction to OpenStack Networking
An Introduction to OpenStack NetworkingScott Lowe
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
Introduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronIntroduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronSana Khan
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Nova net-or-neutron-atlanta2014.pptx
Nova net-or-neutron-atlanta2014.pptxNova net-or-neutron-atlanta2014.pptx
Nova net-or-neutron-atlanta2014.pptxSomik Behera
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack NetworkingPLUMgrid
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Dave Neary
 
OpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsOpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsThomas Morin
 
Openstack Neutron Insights
Openstack Neutron InsightsOpenstack Neutron Insights
Openstack Neutron InsightsAtul Pandey
 
Whats new in neutron for open stack havana
Whats new in neutron for open stack havanaWhats new in neutron for open stack havana
Whats new in neutron for open stack havanaKamesh Pemmaraju
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Nati Shalom
 
Open stack korea_uni2u_pdf
Open stack korea_uni2u_pdfOpen stack korea_uni2u_pdf
Open stack korea_uni2u_pdfYongyoon Shin
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysCumulus Networks
 

More Related Content

What's hot

Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Dan Wendlandt
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenesinbroker
 
neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_updateAkihiro Motoki
 
Open Source Backends for OpenStack Neutron
Open Source Backends for OpenStack NeutronOpen Source Backends for OpenStack Neutron
Open Source Backends for OpenStack Neutronmestery
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
From Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
From Nova-Network to Neutron and Beyond: A Look at OpenStack NetworkingFrom Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
From Nova-Network to Neutron and Beyond: A Look at OpenStack NetworkingCynthia Thomas
 
An Introduction to OpenStack Networking
An Introduction to OpenStack NetworkingAn Introduction to OpenStack Networking
An Introduction to OpenStack NetworkingScott Lowe
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
Introduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronIntroduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronSana Khan
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Nova net-or-neutron-atlanta2014.pptx
Nova net-or-neutron-atlanta2014.pptxNova net-or-neutron-atlanta2014.pptx
Nova net-or-neutron-atlanta2014.pptxSomik Behera
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack NetworkingPLUMgrid
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Dave Neary
 
OpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsOpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsThomas Morin
 
Openstack Neutron Insights
Openstack Neutron InsightsOpenstack Neutron Insights
Openstack Neutron InsightsAtul Pandey
 
Whats new in neutron for open stack havana
Whats new in neutron for open stack havanaWhats new in neutron for open stack havana
Whats new in neutron for open stack havanaKamesh Pemmaraju
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Nati Shalom
 

What's hot (20)

Training open stack networking -neutron
Training open stack networking -neutronTraining open stack networking -neutron
Training open stack networking -neutron
 
Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenes
 
neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_update
 
Open Source Backends for OpenStack Neutron
Open Source Backends for OpenStack NeutronOpen Source Backends for OpenStack Neutron
Open Source Backends for OpenStack Neutron
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with Neutron
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the Scenes
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron)
 
From Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
From Nova-Network to Neutron and Beyond: A Look at OpenStack NetworkingFrom Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
From Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
 
An Introduction to OpenStack Networking
An Introduction to OpenStack NetworkingAn Introduction to OpenStack Networking
An Introduction to OpenStack Networking
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
Introduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronIntroduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack Neutron
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
 
Nova net-or-neutron-atlanta2014.pptx
Nova net-or-neutron-atlanta2014.pptxNova net-or-neutron-atlanta2014.pptx
Nova net-or-neutron-atlanta2014.pptx
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack Networking
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
 
OpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnectionsOpenStack Neutron-Neutron interconnections
OpenStack Neutron-Neutron interconnections
 
Openstack Neutron Insights
Openstack Neutron InsightsOpenstack Neutron Insights
Openstack Neutron Insights
 
Whats new in neutron for open stack havana
Whats new in neutron for open stack havanaWhats new in neutron for open stack havana
Whats new in neutron for open stack havana
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
 

Viewers also liked

Open stack korea_uni2u_pdf
Open stack korea_uni2u_pdfOpen stack korea_uni2u_pdf
Open stack korea_uni2u_pdfYongyoon Shin
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysCumulus Networks
 
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementationTech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementationnvirters
 
OpenStack summit austin 2016
OpenStack summit austin 2016OpenStack summit austin 2016
OpenStack summit austin 2016Yongyoon Shin
 
Running OpenStack in Production
Running OpenStack in Production Running OpenStack in Production
Running OpenStack in Production Nati Shalom
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석Yongyoon Shin
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleMarketingArrowECS_CZ
 
Open stack ocata summit enabling aws lambda-like functionality with openstac...
Open stack ocata summit enabling aws lambda-like functionality with openstac...Open stack ocata summit enabling aws lambda-like functionality with openstac...
Open stack ocata summit enabling aws lambda-like functionality with openstac...Shaun Murakami
 
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)Dan Wendlandt
 
Open stack summit_barcelona_보고서
Open stack summit_barcelona_보고서Open stack summit_barcelona_보고서
Open stack summit_barcelona_보고서Yongyoon Shin
 

Viewers also liked (11)

Open stack korea_uni2u_pdf
Open stack korea_uni2u_pdfOpen stack korea_uni2u_pdf
Open stack korea_uni2u_pdf
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
 
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementationTech Talk by Louis Fourie: SFC: technology, trend and implementation
Tech Talk by Louis Fourie: SFC: technology, trend and implementation
 
OpenStack summit austin 2016
OpenStack summit austin 2016OpenStack summit austin 2016
OpenStack summit austin 2016
 
Running OpenStack in Production
Running OpenStack in Production Running OpenStack in Production
Running OpenStack in Production
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at Scale
 
Open stack ocata summit enabling aws lambda-like functionality with openstac...
Open stack ocata summit enabling aws lambda-like functionality with openstac...Open stack ocata summit enabling aws lambda-like functionality with openstac...
Open stack ocata summit enabling aws lambda-like functionality with openstac...
 
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)OpenStack + VMware: Everything You Need to Know (Kilo-edition)
OpenStack + VMware: Everything You Need to Know (Kilo-edition)
 
Open stack summit_barcelona_보고서
Open stack summit_barcelona_보고서Open stack summit_barcelona_보고서
Open stack summit_barcelona_보고서
 
What's new in openstack ocata
What's new in openstack ocata What's new in openstack ocata
What's new in openstack ocata
 

Similar to Open stack networking_101_update_2014-os-meetups

OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
 
Quantum for Cloud Operators - Folsom Conference
Quantum for Cloud Operators - Folsom Conference Quantum for Cloud Operators - Folsom Conference
Quantum for Cloud Operators - Folsom Conference Dan Wendlandt
 
Nvp deep dive_session_cee-day
Nvp deep dive_session_cee-dayNvp deep dive_session_cee-day
Nvp deep dive_session_cee-dayyfauser
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittalbuildacloud
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNTe-Yen Liu
 
Supporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackSupporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackBruce Davie
 
OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012Dan Wendlandt
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
Quantum grizzly summit
Quantum grizzly summitQuantum grizzly summit
Quantum grizzly summitDan Wendlandt
 
Quantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptxQuantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptxOpenStack Foundation
 
Midokura OpenStack Meetup Taipei
Midokura OpenStack Meetup TaipeiMidokura OpenStack Meetup Taipei
Midokura OpenStack Meetup TaipeiDan Mihai Dumitriu
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...Jim St. Leger
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...nvirters
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksOperators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksJakub Pavlik
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...OpenStack Korea Community
 
Quantum - The Network Mechanics
Quantum - The Network MechanicsQuantum - The Network Mechanics
Quantum - The Network MechanicsKiran Murari
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
 

Similar to Open stack networking_101_update_2014-os-meetups (20)

OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
 
Quantum for Cloud Operators - Folsom Conference
Quantum for Cloud Operators - Folsom Conference Quantum for Cloud Operators - Folsom Conference
Quantum for Cloud Operators - Folsom Conference
 
Nvp deep dive_session_cee-day
Nvp deep dive_session_cee-dayNvp deep dive_session_cee-day
Nvp deep dive_session_cee-day
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 
OpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDNOpenStack 2012 fall summit observation - Quantum/SDN
OpenStack 2012 fall summit observation - Quantum/SDN
 
Supporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStackSupporting Virtualized Telco Applications with OpenStack
Supporting Virtualized Telco Applications with OpenStack
 
OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
Quantum grizzly summit
Quantum grizzly summitQuantum grizzly summit
Quantum grizzly summit
 
Quantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptxQuantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptx
 
Midokura OpenStack Meetup Taipei
Midokura OpenStack Meetup TaipeiMidokura OpenStack Meetup Taipei
Midokura OpenStack Meetup Taipei
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
 
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksOperators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 Networks
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
 
Quantum - The Network Mechanics
Quantum - The Network MechanicsQuantum - The Network Mechanics
Quantum - The Network Mechanics
 
OpenStack Quantum
OpenStack QuantumOpenStack Quantum
OpenStack Quantum
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Open stack networking_101_update_2014-os-meetups

  • 1. © 2014 VMware Inc. All rights reserved.© 2014 VMware Inc. All rights reserved. 12/11/2014 OpenStack Networking Neutron 101 + Updates of 2014 Yves Fauser Solution Architect @ VMware
  • 2. Agenda •  Network Models •  Nova-Networking vs. Neutron refresher –  Nova-Networking quick overview –  Nova-Networking Multi-Host mode –  Nova-Networking vs. Neutron at a glance •  Neutron plugin concept refresher •  Service plugins •  ML2 plugin vs. monolithic Plugins •  New in Juno –  Distributed Virtual Router for OVS mechanism driver –  Neutron L3 High-Availability for virtual routers –  Neutron IPv6 Support
  • 3. OpenStack Networking – Flat •  In the simple ‘flat’ networking model, all instances (VMs) are bridged to a physical adapter •  L3 first-hop routing is either provided by the physical networking devices (flat model), or by OpenStack L3 Service (flat-DHCP model) •  Sufficient in single tenant or ‘full trust’ use cases were no segmentation is needed (beside iptables/ebtables between VM interfaces and bridge) •  Doesn’t provide multi-tenancy, L2 isolation and overlapping IP address support •  Available in Neutron and in Nova-Networking VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM L3 L2 L3 L2 Access port (no VLAN tag)
  • 4. OpenStack Networking – VLAN based •  The VLAN based model uses VLANs per tenant network (with Neutron) to provide multi-tenancy, L2 isolation and support for overlapping IP address spaces •  The VLANs can either be pre-configured manually on the physical switches, or a neutron vendor plugin can communicate with the physical switches to provision the VLAN •  Examples of vendor plugins that are creating VLANs on Switches are the Arista and Cisco Nexus/UCS ML2 mechanism driver •  L3 first-hop routing can be done either; •  On the physical switches/routers, or VM VM VM VM VM VM VM VM VM VM VM VM L3 L2 L3 L2 VLAN trunk port (VLAN tags used) VM VM VM VM Neutron vendor plugin can create VLANs through vendor API
  • 5. OpenStack Networking – VLAN based VM VM VM VM VM VM VM VM VM VM VM VM L3 L2 L3 L2 VLAN trunk port (VLAN tags used) Logical routers are handling the first- hop gateway function on Neutron Network-Node •  The VLAN based model uses VLANs per tenant network (with Neutron) to provide multi-tenancy, L2 isolation and support for overlapping IP address spaces •  The VLANs can either be pre-configured manually on the physical switches, or a neutron vendor plugin can communicate with the physical switches to provision the VLAN •  Examples of vendor plugins that are creating VLANs on Switches are the Arista and Cisco Nexus/UCS ML2 mechanism driver •  L3 first-hop routing can be done either; •  On the physical switches/routers, or •  As logical routers in Neutron Neutron vendor plugin can create VLANs through vendor API L3 for tenant networks
  • 6. VM VM VM VM OpenStack Networking Models – ‘SDN Fabric’ based •  In this model multi-tenancy is achieved using different ‘edge’ and ‘fabric’ tags. E.g. VLANs can be used to address the tenant between the hypervisor vSwitch and the Top-of-Rack switch, and some other tag is used inside of the vendors fabric to isolate the tenants VM VM VM VM VM VM VM VM Vendor Fabric uses some form of ‘Fabric Tag’ to address the tenant VM VM VM VM VM VM VM VM VM VM VM VM Hypervisor to Top of Rack Switch uses some form of ‘edge tag’ (e.g. VLAN, VXLAN header, etc.) Central controller controls the vSwitches and physical Switches Controller •  Usually a single controller controls both the vSwitches and the physical switches •  L3 first-hop routing and L2 bridging to physical usually done in the physical switch fabric •  Single vendor design for physical and virtual networking •  Examples; BigSwitch, NEC, Cisco ACI, Brocade, Avaya, … Neutron vendor plugin talks to controller through vendor API Fabric Tag Edge Tag Edge Tag
  • 7. OpenStack Networking Models – Network Virtualization •  With network virtualization (aka overlay) model, multi-tenancy is achieved by overlaying MAC-in-IP ‘tunnels’ onto the physical switching fabric (aka transport network) •  An ID field is used in the encapsulation header (e.g. VXLAN, GRE, STT) to address the tenant network. A full L2 isolation and overlapping IP space support is achieved •  Controller controls only the vSwitches and the Gateways •  L3 first-hop routing and L2 bridging to physical done either by software or hardware gateways (or both) •  Examples; VMware NSX, Midokura, Plumgrid, Contrail, Nuage, … OpenStack DACH Day 2014 @ Linux Tag Berlin, 0 VM VM VM VMVM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Physical network fabric uses L3 routing protocols (e.g. OSPF or BGP) to build a stable Layer 3 Fabric SDN controller cluster controls the vSwitches in the Hypervisors MAC-in-IP ‘Tunnel’ is used to address and isolate the tenants (e.g. using VXLAN) L3 Gateway L3 L2 L3 L2 L3L3 L3 L2 Neutron plugin talks to controller through vendor API
  • 8. Why I think the ‘Network virtualization’ (aka overlay) approach is the best model •  It achieves multi-tenancy, L2 isolation and overlapping IP address support without the need to re- configure physical network devices •  Logical Network for Instances (VMs) is location independent – It spans over L2/L3 boundaries, and therefore doesn’t force bad (flat) network design •  Very big ID space for tenant addressing compared to the usual VLAN id space (max. 4094) •  Network virtualization runs as a software construct on top of any physical network topology, vendor, etc. •  Physical network and logical network can evolve independently from each other, each one can be procured, exchanged, upgraded and serviced independently •  Large number of commercial and open source implementations are available today •  Proven in production in some of the largest OpenStack deployments out there
  • 9. Nova-Networking quick Overview nova-api (OS,EC2,Admin) nova-console (vnc/vmrc) nova-compute Nova DB nova-scheduler nova- consoleauth Hypervisor (KVM, Xen, etc.) Queue nova-cert Libvirt, XenAPI, etc. nova-metadata nova- network nova-volume Network-Providers (Linux-Bridge or OVS with brcompat, dnsmasq, IPTables) Volume-Provider (iSCSI, LVM, etc.) Inspired by Ken Pepple •  Nova-Networking was OpenStack’s first network implementation •  Nova-network is still present today, and can be used instead of Neutron •  No new features are added since Folsom, but bug- fixing is done frequently •  Nova-network only knows 3 basic Network-Models; –  Flat & Flat DHCP: direct bridging of Instance to external ethernet Interface with and without DHCP –  VLAN based: Every tenant gets a VLAN, DHCP enabled •  Watch this online meetup Session for more details: https://www.youtube.com/watch?v=ascEICz_WUY
  • 10. Nova-Networking Multi-Host mode 1/2 nova-compute hypervisor VM VM Bridge 30IP Stack Compute Node + Networking nova-compute hypervisor VM VM Br 30IP Stack Compute Node nova-compute hypervisor VM VM IP Stack Compute Node External Network (or VLAN) Internal VLANs WAN/ Internet dnsmasq iptables/ routing Bridge 40 VLAN30 VLAN40 Br 40 VLAN30 VLAN40 Br 30 Br 40 VLAN30 VLAN40 VLAN Trunk VLAN Trunk dnsmasq NAT & floating -IPs nova-netw. •  In Nova-Networking the node that is holding the nova-networking role is; –  A single point of failure –  A choke point for both east-west and north-south traffic (traffic staying in the DC between nodes and traffic leaving/entering the DC at the perimeter) –  Nova-Networking has a “multi-host mode” to address this
  • 11. Nova-Networking Multi-Host mode 2/2 nova-compute hypervisor VM VM Bridge 30IP Stack Compute Node + Networking External Network (or VLAN) Internal VLANs WAN/ Internet dnsmasq iptables/ routing Bridge 40 VLAN30 VLAN40 VLAN Trunk VLAN Trunk dnsmasq NAT & floating -IPs nova-netw. •  With nova-networking “Multi-Host” each compute node runs nova-networking, and provides routing, SNAT and floating-ip’s (DNAT) for its local Instances –  Pros; Inherently highly-available; scales out routing and NAT to all compute-nodes –  Cons; IP address sprawl: each compute-node needs one external IP for SNAT, and one internal IP in each project Network nova-compute hypervisor VM VM Bridge 30IP Stack Compute Node + Networking dnsmasq iptables/ routing Bridge 40 VLAN30 VLAN40 dnsmasq NAT & floating -IPs nova-netw. nova-compute hypervisor VM VM Bridge 30IP Stack Compute Node + Networking dnsmasq iptables/ routing Bridge 40 VLAN30 VLAN40 dnsmasq NAT & floating -IPs nova-netw. External network
  • 12. Nova-Networking vs. Neutron at a glance •  Watch this online meetup Session for more details: https://www.youtube.com/watch?v=ascEICz_WUY •  Neutron pros –  More network implementation options –  Dynamic network, virtual router, load balancer, VPN creation under the tenants control instead of fixed per project allocation –  Pluggable architecture allows vendors to integrate their network solution into OpenStack and innovate independently (e.g. using network virtualization, SDN concepts, etc.) –  Well defined tenant accessible API for consuming network services •  Nova-Networking pros –  Simple models with less moving parts –  “Compute centric” networking model; easier to understand than the complex options and “networking speech” in Neutron –  Code-Base is in “bug-fixing” mode since long time now; less friction –  HA and scale-out trough “multi-host” option (starting to be addressed in Neutron by DVR and HA)
  • 13. OpenStack Neutron – Plugin Concept refresher Neutron 
 Core API" Neutron Service (Server)" " •  L2 network abstraction definition and management, IP address management •  Device and service attachment framework •  Does NOT do any actual implementation of abstraction " Plugin API" " Vendor/User Plugin" •  Maps abstraction to implementation on the Network (Overlay e.g. NSX or physical Network) •  Makes all decisions about *how* a network is to be implemented •  Can provide additional features through API extensions. •  Extensions can either be generic (e.g. L3 Router / NAT), or Vendor Specific " Neutron
 API Extension" Extension API implementation is optional
  • 14. Core and service plugins •  Core plugin implement the “core” Neutron API functions (l2 Networking, IPAM, …) •  Service plugins implements additional network services (l3 routing, Load Balancing, Firewall, VPN) •  Implementations might choose to implement relevant extensions in the Core plugin itself Neutron 
 Core API" Function" Core " L3 " FW " Core " L3 " FW " Core " L3 " FW " Plugin" Core Plugin " Core Plugin " FW plugin " Core Plugin " FW plugin " L3 plugin "
  • 15. OpenStack Neutron – Plugin locations ! # cat /etc/neutron/neutron.conf | grep "core_plugin"! core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin! ! # cat /etc/neutron/neutron.conf | grep "service_plugins”! service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin! ! ! # ls /usr/share/pyshared/neutron/plugins/! bigswitch cisco embrane __init__.py metaplugin ml2 nec openvswitch ryu! brocade common hyperv linuxbridge midonet mlnx nicira plumgrid! ! # ls /usr/share/pyshared/neutron/services/! firewall __init__.py l3_router loadbalancer metering provider_configuration.py service_base.py vpn" "
  • 16. OpenStack Neutron – Modular Plugin •  Before the modular plugin (ML2), every team or vendor had to implement a complete plugin including IPAM, DB Access, etc. •  The ML2 Plugin separates core functions like IPAM, virtual network id management, etc. from vendor/implementation specific functions, and therefore makes it easier for vendors not to reinvent to wheel with regards to ID Management, DB access … •  Existing and future non-modular plugins are called “monolithic” plugins •  ML2 calls the management of network types “type drivers”, and the implementation specific part “mechanism drivers” Arista CiscoLinux Bridge OVS etc. Mechanism Drivers" GRE VLAN VXLAN etc. Type Drivers" Type Manager" Mechanism Manager " ML2 Plugin & API Extensions"
  • 17. OpenStack Neutron ML2 – locations ! # cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep type_drivers! # the neutron.ml2.type_drivers namespace.! # Example: type_drivers = flat,vlan,gre,vxlan! type_drivers = gre! ! # cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep mechanism_drivers! # to be loaded from the neutron.ml2.mechanism_drivers namespace.! # Example: mechanism_drivers = arista! # Example: mechanism_drivers = cisco,logger! mechanism_drivers = openvswitch,linuxbridge! ! ! # ls /usr/share/pyshared/neutron/plugins/ml2/drivers/! cisco l2pop mechanism_ncs.py mech_hyperv.py mech_openvswitch.py type_gre.py type_tunnel.py type_vxlan.py __init__.py mech_agent.py mech_arista mech_linuxbridge.py type_flat.py type_local.py type_vlan.py! "
  • 18. OpenStack Neutron – Modular Plugin vs. Monolithic Plugins •  A vendor is free to choose between the development of an monolithic plugin or an ML2 mechanism driver –  A vendor might want use its own integrated IPAM / DB access, or already has a stable and proven code base for it –  Timing: Development of a monolithic plugin might have started long before ML2 emerged •  Contrary to a common misunderstanding monolithic plugins are not deprecated, only the existing OVS-Plugin and Linux Bridge plugins have been deprecated in IceHouse in favor of the OVS / Linux Bridge mechanism drivers •  ML2 re-uses the monolithic OVS and Linux Bridge code for its mechanism driver and agents (e.g L3 Agent, DHCP Agent, OVS Agent, etc.)
  • 19. Juno – Distributed Virtual Router for OVS – 1/5 •  There is was equivalent of nova-network “multi-host” mode in Neutron before Juno •  In the OVS and Linux Bridge implementations, the L3 Agent node is a single point of failure. •  Scaling out is done by deploying multiple network nodes, but even then east-west traffic needs to go through the L3 Agent Node, and can potentially be a choke point •  Some vendor implementation already have distributed routing an HA today in their solutions IP Stack Neutron- Network-Node nova-compute hypervisor VM VM IP Stack Compute Node nova-compute hypervisor VM VM Compute Node External Network (or VLAN) WAN/ Internet iptables/ routing Layer 3 Transport Network dnsmasqNAT & floating -IPs iptables/ routing N.-L3-Agent N.-DHCP-Agent N.-OVS-Agent ovsdb/ ovsvsd Neutron-Server + OVS-Plugin N.-OVS-Agent N.-OVS-Agent ovsdb/ ovsvsd ovsdb/ ovsvsd Layer 3 Transport Net. IP Stack br-int br-int br-tun br-int br-tun br-tun L2 in L3 Tunnel dnsmasq br-ex
  • 20. Juno – Distributed Virtual Router for OVS – 2/5 •  Similar to “multi-host” mode in nova-network, each compute node now has its own routing and NAT service (internal router namespaces - ‘IR’ ) •  In contrast to nova-network “multi-host” mode : –  SNAT will be done on a centralized network-node to avoid IP address sprawl on the external network (introducing a single point of failure that needs to be addressed through virtual routers HA later) –  All IRs use a single logical internal IP in the tenant networks, but have separate MAC addresses IP Stack Neutron- Network-Node nova-compute hypervisor VM VM Compute Node External Network (or VLAN) WAN/ Internet iptables/ routing Layer 3 Transport Network dnsmasqSNAT -IPs iptables/ routing N.-L3-Agent N.-DHCP-Agent N.-OVS-Agent ovsdb/ ovsvsd Neutron-Server + OVS-Plugin N.-OVS-Agent IP Stack br-intbr-int br-tun br-tun L2 in L3 Tunnel dnsmasq br-ex N.-L3-(DVR)-Agent iptables/ routing NAT for floating -IPs iptables/ routing br-ex ovsdb/ ovsvsd nova-compute hypervisor VM VM Compute Node N.-OVS-Agent IP Stack br-int br-tun iptables/ routing NAT for floating -IPs iptables/ routing br-ex ovsdb/ ovsvsd Layer 3 Transport Net. External Network (or VLAN) External Network (or VLAN) N.-L3-(DVR)-Agent
  • 21. br-int br-int Juno – Distributed Virtual Router for OVS – 3/5 •  For east-west traffic which is routed within a tenants distributed virtual router, traffic is send directly between compute-nodes on the transport network (Using the overlay technology) •  Traffic can also stay within a compute-node, if the source and destination are on the same compute node •  For more details see the DRV blueprint: https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr east-west north-south ComputeNode VM VM VM VM IR2 IR1 WAN/ Internet ComputeNode External Network Transport Network (e.g. used for tunnels) NetworkNode IR2 IR1 VM VM VM VM br-tun br-tun br-tun br-ex br-ex br-ex br-int R2 / SNAT R1 / SNAT
  • 22. br-int Juno – Distributed Virtual Router for OVS – 4/5 •  For SNAT from the tenant instances to the internet/WAN (north/south) traffic is routed through a centralized network-node •  This avoids IP address sprawl on the external network •  For more details see the DRV blueprint: https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr east-west north-south ComputeNode VM VM VM VM IR2 IR1 WAN/ Internet ComputeNode External Network Transport Network (e.g. used for tunnels) NetworkNode R2 / SNAT R1 / SNAT IR2 IR1 VM VM VM VM SNAT Router -IP br-tun br-tun br-tun br-ex br-ex br-ex br-int br-int
  • 23. br-int Juno – Distributed Virtual Router for OVS – 5/5 •  For floating-ip’s to and from the tenant instances to the internet/WAN (north/ south) traffic is routed and nat’ed directly at the compute nodes (IR Namespace) •  For more details see the DRV blueprint: https://blueprints.launchpad.net/neutron/+spec/neutron-ovs-dvr east-west north-south ComputeNode VM VM VM VM IR2 IR1 WAN/ Internet ComputeNode External Network Transport Network (e.g. used for tunnels) NetworkNode R2 / SNAT R1 / SNAT IR2 IR1 VM VM VM VM floating -IP br-tun br-tun br-tun br-ex br-ex br-ex br-int br-int
  • 24. Juno – Current caveats for Distributed Virtual Router •  Currently there is no support for HA in the centralized SNAT Node (north/south). Although there is L3 Agent HA in Juno today, you need to choose between DVR mode or L3 HA today. The plan is to address this in Kilo, or even later, as the Neutron team has other technical debt to work on •  No IPv6 Support •  DVR is only supported with OVS Plugin with VXLAN based overlays, no support for VLAN modes and/or for Linux Bridge Plugin •  No support for VPNaaS •  Longer term plans –  Distributed SNAT –  Distributed DHCP (nova-network has this today) –  Full migration support from virtual routers to DVR
  • 25. Juno – HA for Virtual Routers •  Juno added native HA support using ‘keepalived’ for the centralized L3 agent nodes •  If configured for HA, one active and one standby router will be deployed on two different neutron L3 GW network nodes. Both will share Virtual IPs internally •  For more details see the HA for virtual routers blueprint: https://github.com/openstack/neutron-specs/blob/master/specs/juno/l3-high-availability.rst          +----+                          +----+!         |    |                          |    |! +-------+ QG +------+           +-------+ QG +------+! |       |    |      |           |       |    |      |! |       +-+--+      |           |       +-+--+      |! |     VIPs|         |           |         |VIPs     |! |         |      +--+-+      +--+-+       |         |! |         +      |    |      |    |       +         |! |  KEEPALIVED+---+ HA +------+ HA +----+KEEPALIVED  |! |         +      |    |      |    |       +         |! |         |      +--+-+      +--+-+       |         |! |     VIPs|         |           |         |VIPs     |! |       +-+--+      |           |       +-+--+      |! |       |    |      |           |       |    |      |! +-------+ QR +------+           +-------+ QR +------+!         |    |                          |    |!         +----+                          +----+!
  • 26. Juno – Current caveats for L3 Agent HA •  Currently there is no state synch for NAT tables and FWaaS states, planed to be address in Kilo or later using Conntrackd •  No support for HA when using the DVR functionality (also goes with the first bullet) •  No logging for state transitions, no CLI to see where the active router is and no CLI to move it between nodes •  Currently no automatic migration of existing routers to HA routers •  Max. 255 router pairs per HA network, and therefore per tenant
  • 27. Juno – IPv6 support •  IPv6 was dysfunctional at multiple implementation points in Neutron before Jun0 –  No support for Stateless Auto Configuration (SLAAC) in OpenStack security model / IPAM, so even when one uses an external IPv6 router, security groups and port security will prevent the Instance from working correctly –  Dnsmasq support for DHCPv6 was problematic and “broken” –  No IPv6 Routing support on L3 Agent, Metadata, etc. •  A new IPv6 Neutron Subteam was founded to address the multiple IPv6 requirements •  Expected critical IPv6 Features in Juno Timeframe –  Provider Networking - upstream SLAAC Support –  Support DHCPv6 stateless and stateful mode in Dnsmasq –  Support Router Advertisement Daemon (radvd) for IPv6 •  See more details here: https://wiki.openstack.org/wiki/Neutron/IPv6
  • 28. Juno – More Information •  A big number of new vendor plugins, enhancements to existing plugins and mechanism drivers, service plugins etc. are being developed for the Juno timeframe right now •  See here for a list of Juno Specs (linking to the Blueprints): https://github.com/openstack/neutron-specs/tree/master/specs/juno •  See here for a list of Blueprints: https://blueprints.launchpad.net/neutron/juno