SlideShare une entreprise Scribd logo

OpenStack Neutron's Distributed Virtual Router

Télécharger en tant que PPTX, PDF
C
carlbaldwin

These are the slides that I used in a presentation given to the Colorado OpenStack meetup group on Wednesday, September 17, 2014.

Technologie
1  sur  24
Distributed Virtual Router Introduced in the Juno Release of OpenStack Neutron Carl Baldwin DVR Illustrations courtesy of Jack McCann © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
DVR Architecture © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Neutron deployment architecture without DVR neutron-server API auth ML2 plug-in database Network Service Node(s) © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 3 to change without notice. Compute hosts DHCP agent L3 agent message queue Metadata agent ovs agent Nova metadata ovs agent Open vSwitch Open vSwitch
Neutron deployment architecture with DVR neutron-server API auth ML2 plug-in database Metadata agent L3 agent message queue Network Service Node(s) Compute hosts DHCP agent Metadata agent Nova metadata L3 agent agent_mode = dvr ovs agent w/dvr agent Nova metadata ovs agent Open vSwitch Open vSwitch © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 4 to change without notice. enable_distibuted_routing = True programs DVR flow handling external network compute nodes on external network
API extension Adds ‘distributed’ attribute to ‘router’ object • Can be set by admin user through the API • Global default is set as “router_distributed” in neutron.conf • Default is False • The attribute is only visible to admin tenant in GET • Cannot be updated • Work in progress to allow update from False to True © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 5 to change without notice.
DVR – East-West (subnet-to-subnet) “VM1-1 QRouter-X S1.1 S2.1 br-int patch-tun eth0 ARP for gw kept local © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 6 to change without notice. “VM2-1 br-int patch-tun eth0 QRouter-X S1.1 S2.1 same gw IP/MAC on each node no remote bcast in to routers
DVR – North-South (floating IP) “VM1-1 “VM2-1 br-int QRouter-Y qr rfp-y floating IP namespace br-ex external-vlan eth0 QRouter-X qr rfp-x © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 7 to change without notice. floating IP NAT in router ns default route via FIP-NS local addressing connects QR to FIP-NS floating IP host routes pointing to QR proxy-arp for floating IPs on br-ex (future option: BGP route injection) fpr-x fpr-y fg-u
DVR – North-South (default SNAT) br-int snat-Y qr qg-x br-ex external-vlan eth0 snat-X qr qg-x © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 8 to change without notice. default SNAT in snat namespace default route via br-ex
Database router_extra_attributes router_id string uuid distributed boolean dvr_host_macs host string 255 mac_address string 32 ml2_dvr_port_bindings - port binding for all the ports associated to a DVR identified by router_id port_id string uuid host string router_id string uuid vif_type string vif_details string vnic_type string profile string cap_port_filter boolean driver string segment string status string csnat_l3_agent_bindings router_id string uuid l3_agent_id string uuid host_id string csnat_gw_port_id string uuid © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 9 to change without notice.
config file options neutron.conf [DEFAULT] router_distributed = False dvr_base_mac = fa:16:3f:00:00:00 ovs_neutron_plugin.ini [agent] enable_distributed_routing = False # Make the l2 agent run in dvr mode l3_agent.ini [DEFAULT] agent_mode = legacy # legacy, dvr, or dvr_snat © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 10 to change without notice.
OVS Flow Handling How to Distribute the Router’s Internal Port • ARP Requests to Router Port are Blocked from the Tunnel • These ARP requests should only be seen by the local port • Source Mac is Mapped to Host Mac on Overlay Network • All traffic generated by the • A mac address is allocated for each compute host • Mapping must be done on both ends of the tunnel • Destination Mac Blocked from Overlay • These should go to the local port • They would create mac ambiguity in the overly • L2 Pre-Population is Required • “Prevent(s) multiple unicast of routed packets destined to remove VMs.” © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 11 to change without notice.
DVR Limitations © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Default SNAT still centralized snat-Y qr qg-x br-ex external-vlan eth1 “VM1-1 qrouter-X S1.1 S2.1 br-int patch-tun eth0 br-int patch-tun eth0 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 13 to change without notice.
Floating IP Namespace • Pros • Eliminates Need for Public Address/IR • Keeps IR Macs Off External Net • Cons • Extra Complexity in L3 Agent • Still Consumes a Public Address / CN © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 14 to change without notice. QRouter-Y qr rfp-y fpr-x fpr-y floating IP namespace fg-u eth0 QRouter-X qr rfp-x br-ex external-vlan
Heavy L2 Integration • Led to Initial Dependence on OVS and Tunnel Protocols • Mitigate Scope Creep • Distributed Port Concept Needs to be Abstracted © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 15 to change without notice.
Firewall as a Service (FWaaS) Complexity • External Net Connects to Hypervisors • FWaaS is Needed There Too. • Asymmetric Routing Problem • E/W Routing “VM1-1 QRouter-X S1.1 S2.1 br-int patch-tun eth0 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 16 to change without notice. “VM2-1 br-int patch-tun eth0 QRouter-X S1.1 S2.1
Contributing DVR © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Initial Development on Havana Pros and Cons • Stable Code Base • No Risk of External Regression • Very Large Effort to Integrate • Upstream Moves Quickly • Subject to Regression • Comm. Standard Enforcment • Code Style • No Demand for Unit or Functional Tests © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 18 to change without notice.
Initial Development on Havana If We had to do it Over Again… • Contribute Smaller, More Focused Patches to Trunk • Start with Pure Refactoring Needed to Ease Development • Develop Unit Tests for Code that will be Modified • Move Gradually Beyond Refactoring to Other Improvements • Divide Implementation According to Themes • Develop Unit Tests (TDD) and Functional Tests to Prevent Regression © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 19 to change without notice.
Divided in to 7 Patches • Division According to Component • Patches Added Unused Code for Later Patches • Indicates there are themes that cross patch boundaries • Each Patch Had Multiple Active Authors • Indicates possibly more than one theme in the patch © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 20 to change without notice.
Handling Multiple Changes • Dependency Order Not Linear • Should it be? © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 21 to change without notice.
Handling Multiple Changes It is Never Linear!!! © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 22 to change without notice.
Handling Multiple Changes Enemy Number One! • Automatic Rebase Feature • Default behavior of “git review” • Most of the Time it is Disruptive • Sometimes it is Destructive © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 23 to change without notice.
Handling Multiple Changes Enemy Number One! • Clobbered API Extension!! • Happened More than Once • Use --no-rebase Always • Rebase on Merge Conflict • Work from the bottom up • Merge Faster • Smaller, more focused patches • Continuous community involvement © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 24 to change without notice.

Recommandé

Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep dive
Trinath Somanchi
 
OVN operationalization at scale at eBay
OVN operationalization at scale at eBayOVN operationalization at scale at eBay
OVN operationalization at scale at eBay
Aliasgar Ginwala
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstack
Achhar Kalia
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
Yoshikazu Nojima
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Thomas Graf
 

Recommandé

Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep dive
Trinath Somanchi
 
OVN operationalization at scale at eBay
OVN operationalization at scale at eBayOVN operationalization at scale at eBay
OVN operationalization at scale at eBay
Aliasgar Ginwala
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstack
Achhar Kalia
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
Yoshikazu Nojima
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Thomas Graf
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
rajdeep
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the Scenes
Anil Bidari ( CEO , Cloud Enabled)
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydney
Miguel Lavalle
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
Issues of OpenStack multi-region mode
Issues of OpenStack multi-region modeIssues of OpenStack multi-region mode
Issues of OpenStack multi-region mode
Joe Huang
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
ShapeBlue
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Vietnam Open Infrastructure User Group
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
Vietnam Open Infrastructure User Group
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
YongKi Kim
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
CloudStack - Open Source Cloud Computing Project
 
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
Toru Makabe
 
OVN DBs HA with scale test
OVN DBs HA with scale testOVN DBs HA with scale test
OVN DBs HA with scale test
Aliasgar Ginwala
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutron
rktidwell
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Open stack networking vlan, gre
Open stack networking vlan, greOpen stack networking vlan, gre
Open stack networking vlan, gre
Sim Janghoon
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
Daniel T. Lee
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNs
Thomas Morin
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack Networking
Ilya Shakhat
 
OpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute NodesOpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute Nodes
clayton_oneill
 
Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutron
mestery
 

Contenu connexe

Tendances

Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
Sim Janghoon
 
Open stack networking vlan, gre
Open stack networking vlan, greOpen stack networking vlan, gre
Open stack networking vlan, gre
Sim Janghoon
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
Daniel T. Lee
 

Tendances (20)

Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the Scenes
 
Routed networks sydney
Routed networks sydneyRouted networks sydney
Routed networks sydney
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
 
Issues of OpenStack multi-region mode
Issues of OpenStack multi-region modeIssues of OpenStack multi-region mode
Issues of OpenStack multi-region mode
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
 
Meetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStackMeetup 23 - 02 - OVN - The future of networking in OpenStack
Meetup 23 - 02 - OVN - The future of networking in OpenStack
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
OpenStack超入門シリーズ いまさら聞けないNeutronの使い方
 
OVN DBs HA with scale test
OVN DBs HA with scale testOVN DBs HA with scale test
OVN DBs HA with scale test
 
BGP Dynamic Routing and Neutron
BGP Dynamic Routing and NeutronBGP Dynamic Routing and Neutron
BGP Dynamic Routing and Neutron
 
Virtualized network with openvswitch
Virtualized network with openvswitchVirtualized network with openvswitch
Virtualized network with openvswitch
 
Open stack networking vlan, gre
Open stack networking vlan, greOpen stack networking vlan, gre
Open stack networking vlan, gre
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
 
Interconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNsInterconnecting Neutron and Network Operators' BGP VPNs
Interconnecting Neutron and Network Operators' BGP VPNs
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack Networking
 

En vedette

Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Dave Neary
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6
Shixiong Shang
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)
Netwax Lab
 
Openstack glance
Openstack glanceOpenstack glance
Openstack glance
SHAMEEM F
 

En vedette (20)

OpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute NodesOpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute Nodes
 
Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutron
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)
 
Openstack glance
Openstack glanceOpenstack glance
Openstack glance
 
Neutron DVR
Neutron DVRNeutron DVR
Neutron DVR
 
Planification urbaine SNAT et SRAT
Planification urbaine SNAT et SRATPlanification urbaine SNAT et SRAT
Planification urbaine SNAT et SRAT
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew Tucker
 
20150818 jun lee_openstack kilo release 내용 분석
20150818 jun lee_openstack kilo release 내용 분석20150818 jun lee_openstack kilo release 내용 분석
20150818 jun lee_openstack kilo release 내용 분석
 
20150818 jun lee_openstack juno release 내용 분석
20150818 jun lee_openstack juno release 내용 분석20150818 jun lee_openstack juno release 내용 분석
20150818 jun lee_openstack juno release 내용 분석
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)
 
Inside Architecture of Neutron
Inside Architecture of NeutronInside Architecture of Neutron
Inside Architecture of Neutron
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep Dive
 
第20回 OpenStack勉強会 Neutron Deep Dive - DVR
第20回 OpenStack勉強会 Neutron Deep Dive - DVR第20回 OpenStack勉強会 Neutron Deep Dive - DVR
第20回 OpenStack勉強会 Neutron Deep Dive - DVR
 
Designing digital strategies a practitioners approach - Vinay Krishna - Jigse...
Designing digital strategies a practitioners approach - Vinay Krishna - Jigse...Designing digital strategies a practitioners approach - Vinay Krishna - Jigse...
Designing digital strategies a practitioners approach - Vinay Krishna - Jigse...
 
Dawn of the DevOps - TJ Randall - EMC World 2015
Dawn of the DevOps - TJ Randall - EMC World 2015Dawn of the DevOps - TJ Randall - EMC World 2015
Dawn of the DevOps - TJ Randall - EMC World 2015
 
The Urban Resilience Summit: Executive Summary (2014)
The Urban Resilience Summit: Executive Summary (2014)The Urban Resilience Summit: Executive Summary (2014)
The Urban Resilience Summit: Executive Summary (2014)
 
Liliana mendes aula vhc GENOTIPO 3 share
Liliana mendes aula vhc GENOTIPO 3 shareLiliana mendes aula vhc GENOTIPO 3 share
Liliana mendes aula vhc GENOTIPO 3 share
 

Similaire à OpenStack Neutron's Distributed Virtual Router

SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad HedlundSDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
Chef Software, Inc.
 
Highavailability designs-for-juniper-netscreen-firewalls3740
Highavailability designs-for-juniper-netscreen-firewalls3740Highavailability designs-for-juniper-netscreen-firewalls3740
Highavailability designs-for-juniper-netscreen-firewalls3740
Saurav Aich
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
LinuxCon ContainerCon CloudOpen China
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
Thomas Graf
 

Similaire à OpenStack Neutron's Distributed Virtual Router (20)

L2 and L3 agent restructure
L2 and L3 agent restructureL2 and L3 agent restructure
L2 and L3 agent restructure
 
Hp helion meetup_networking_sdn
Hp helion meetup_networking_sdnHp helion meetup_networking_sdn
Hp helion meetup_networking_sdn
 
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.ioWhen DevOps and Networking Intersect by Brent Salisbury of socketplane.io
When DevOps and Networking Intersect by Brent Salisbury of socketplane.io
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Virtualization & Network Connectivity
Virtualization & Network Connectivity Virtualization & Network Connectivity
Virtualization & Network Connectivity
 
DPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al SandersDPDK Summit 2015 - HP - Al Sanders
DPDK Summit 2015 - HP - Al Sanders
 
Open stackbrief happylearning
Open stackbrief happylearningOpen stackbrief happylearning
Open stackbrief happylearning
 
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad HedlundSDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
 
Online spanish meetup #2
Online spanish meetup #2Online spanish meetup #2
Online spanish meetup #2
 
Überwachung virtueller Umgebungen
Überwachung virtueller UmgebungenÜberwachung virtueller Umgebungen
Überwachung virtueller Umgebungen
 
Highavailability designs-for-juniper-netscreen-firewalls3740
Highavailability designs-for-juniper-netscreen-firewalls3740Highavailability designs-for-juniper-netscreen-firewalls3740
Highavailability designs-for-juniper-netscreen-firewalls3740
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfv
 
Openstack meetup: NFV and Openstack
Openstack meetup: NFV and OpenstackOpenstack meetup: NFV and Openstack
Openstack meetup: NFV and Openstack
 
Approaching hyperconvergedopenstack
Approaching hyperconvergedopenstackApproaching hyperconvergedopenstack
Approaching hyperconvergedopenstack
 
Juniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionJuniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introduction
 
Building managedprivatecloud kvh_vancouversummit
Building managedprivatecloud kvh_vancouversummitBuilding managedprivatecloud kvh_vancouversummit
Building managedprivatecloud kvh_vancouversummit
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
 
Network Virtualization & Software-defined Networking
Network Virtualization & Software-defined NetworkingNetwork Virtualization & Software-defined Networking
Network Virtualization & Software-defined Networking
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Dernier (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

OpenStack Neutron's Distributed Virtual Router

  • 1. Distributed Virtual Router Introduced in the Juno Release of OpenStack Neutron Carl Baldwin DVR Illustrations courtesy of Jack McCann © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. DVR Architecture © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 3. Neutron deployment architecture without DVR neutron-server API auth ML2 plug-in database Network Service Node(s) © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 3 to change without notice. Compute hosts DHCP agent L3 agent message queue Metadata agent ovs agent Nova metadata ovs agent Open vSwitch Open vSwitch
  • 4. Neutron deployment architecture with DVR neutron-server API auth ML2 plug-in database Metadata agent L3 agent message queue Network Service Node(s) Compute hosts DHCP agent Metadata agent Nova metadata L3 agent agent_mode = dvr ovs agent w/dvr agent Nova metadata ovs agent Open vSwitch Open vSwitch © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 4 to change without notice. enable_distibuted_routing = True programs DVR flow handling external network compute nodes on external network
  • 5. API extension Adds ‘distributed’ attribute to ‘router’ object • Can be set by admin user through the API • Global default is set as “router_distributed” in neutron.conf • Default is False • The attribute is only visible to admin tenant in GET • Cannot be updated • Work in progress to allow update from False to True © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 5 to change without notice.
  • 6. DVR – East-West (subnet-to-subnet) “VM1-1 QRouter-X S1.1 S2.1 br-int patch-tun eth0 ARP for gw kept local © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 6 to change without notice. “VM2-1 br-int patch-tun eth0 QRouter-X S1.1 S2.1 same gw IP/MAC on each node no remote bcast in to routers
  • 7. DVR – North-South (floating IP) “VM1-1 “VM2-1 br-int QRouter-Y qr rfp-y floating IP namespace br-ex external-vlan eth0 QRouter-X qr rfp-x © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 7 to change without notice. floating IP NAT in router ns default route via FIP-NS local addressing connects QR to FIP-NS floating IP host routes pointing to QR proxy-arp for floating IPs on br-ex (future option: BGP route injection) fpr-x fpr-y fg-u
  • 8. DVR – North-South (default SNAT) br-int snat-Y qr qg-x br-ex external-vlan eth0 snat-X qr qg-x © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 8 to change without notice. default SNAT in snat namespace default route via br-ex
  • 9. Database router_extra_attributes router_id string uuid distributed boolean dvr_host_macs host string 255 mac_address string 32 ml2_dvr_port_bindings - port binding for all the ports associated to a DVR identified by router_id port_id string uuid host string router_id string uuid vif_type string vif_details string vnic_type string profile string cap_port_filter boolean driver string segment string status string csnat_l3_agent_bindings router_id string uuid l3_agent_id string uuid host_id string csnat_gw_port_id string uuid © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 9 to change without notice.
  • 10. config file options neutron.conf [DEFAULT] router_distributed = False dvr_base_mac = fa:16:3f:00:00:00 ovs_neutron_plugin.ini [agent] enable_distributed_routing = False # Make the l2 agent run in dvr mode l3_agent.ini [DEFAULT] agent_mode = legacy # legacy, dvr, or dvr_snat © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 10 to change without notice.
  • 11. OVS Flow Handling How to Distribute the Router’s Internal Port • ARP Requests to Router Port are Blocked from the Tunnel • These ARP requests should only be seen by the local port • Source Mac is Mapped to Host Mac on Overlay Network • All traffic generated by the • A mac address is allocated for each compute host • Mapping must be done on both ends of the tunnel • Destination Mac Blocked from Overlay • These should go to the local port • They would create mac ambiguity in the overly • L2 Pre-Population is Required • “Prevent(s) multiple unicast of routed packets destined to remove VMs.” © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 11 to change without notice.
  • 12. DVR Limitations © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 13. Default SNAT still centralized snat-Y qr qg-x br-ex external-vlan eth1 “VM1-1 qrouter-X S1.1 S2.1 br-int patch-tun eth0 br-int patch-tun eth0 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 13 to change without notice.
  • 14. Floating IP Namespace • Pros • Eliminates Need for Public Address/IR • Keeps IR Macs Off External Net • Cons • Extra Complexity in L3 Agent • Still Consumes a Public Address / CN © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 14 to change without notice. QRouter-Y qr rfp-y fpr-x fpr-y floating IP namespace fg-u eth0 QRouter-X qr rfp-x br-ex external-vlan
  • 15. Heavy L2 Integration • Led to Initial Dependence on OVS and Tunnel Protocols • Mitigate Scope Creep • Distributed Port Concept Needs to be Abstracted © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 15 to change without notice.
  • 16. Firewall as a Service (FWaaS) Complexity • External Net Connects to Hypervisors • FWaaS is Needed There Too. • Asymmetric Routing Problem • E/W Routing “VM1-1 QRouter-X S1.1 S2.1 br-int patch-tun eth0 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 16 to change without notice. “VM2-1 br-int patch-tun eth0 QRouter-X S1.1 S2.1
  • 17. Contributing DVR © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 18. Initial Development on Havana Pros and Cons • Stable Code Base • No Risk of External Regression • Very Large Effort to Integrate • Upstream Moves Quickly • Subject to Regression • Comm. Standard Enforcment • Code Style • No Demand for Unit or Functional Tests © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 18 to change without notice.
  • 19. Initial Development on Havana If We had to do it Over Again… • Contribute Smaller, More Focused Patches to Trunk • Start with Pure Refactoring Needed to Ease Development • Develop Unit Tests for Code that will be Modified • Move Gradually Beyond Refactoring to Other Improvements • Divide Implementation According to Themes • Develop Unit Tests (TDD) and Functional Tests to Prevent Regression © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 19 to change without notice.
  • 20. Divided in to 7 Patches • Division According to Component • Patches Added Unused Code for Later Patches • Indicates there are themes that cross patch boundaries • Each Patch Had Multiple Active Authors • Indicates possibly more than one theme in the patch © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 20 to change without notice.
  • 21. Handling Multiple Changes • Dependency Order Not Linear • Should it be? © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 21 to change without notice.
  • 22. Handling Multiple Changes It is Never Linear!!! © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 22 to change without notice.
  • 23. Handling Multiple Changes Enemy Number One! • Automatic Rebase Feature • Default behavior of “git review” • Most of the Time it is Disruptive • Sometimes it is Destructive © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 23 to change without notice.
  • 24. Handling Multiple Changes Enemy Number One! • Clobbered API Extension!! • Happened More than Once • Use --no-rebase Always • Rebase on Merge Conflict • Work from the bottom up • Merge Faster • Smaller, more focused patches • Continuous community involvement © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject 24 to change without notice.