SlideShare une entreprise Scribd logo

Whats new in neutron for open stack havana

Kamesh Pemmaraju
Kamesh Pemmaraju

The Havana release of OpenStack, came out in October 2013, contains several significant changes and new features in the networking component. OpenStack Networking has changed name from 'quantum' to 'neutron'. It lays the foundation for supporting heterogeneous network components with the introduction of the ML2 (modular layer 2) plugin. The first implementations of FireWall as a Service (FWaaS) and VPN as a Service (VPNaaS) are now included. These features were demonstrated by Cisco developers at the OpenStack meetup in Boston in Oct 2013.

Technologie
1  sur  49
Télécharger pour lire hors ligne
What’s new in Neutron for Havana Neutron developers at Cisco Systems Boxborough office Brian Bowen, Henry Gessau, Dane LeBlanc, Paul Michali, Abishek Subramanian, et. al.
Agenda • • • • • • • • Modular Layer 2 plugin (ML2) ML2 demo with Cisco Nexus driver FireWall as a Service (FWaaS) FWaaS demo VPN as a Service (VPNaaS) VPNaaS demo Cisco plugin with N1000V Demo of Dashboard to control N1000V
Modular Layer 2 in OpenStack Neutron Robert Kukura, Red Hat Kyle Mestery, Cisco
Motivations For a Modular Layer 2 Plugin
Before Modular Layer 2 ... Neutron Server Neutron Server OR Open vSwitch Plugin OR ... Linuxbridge Plugin
Before Modular Layer 2 ... Neutron Server Compute node Cisco Plugin Open vSwitch agent Open vSwitch Sub-Plugin Nexus Sub-Plugin Cisco Nexus switch
ML2 Architecture Diagram Neutron Server API Extensions ML2 Plugin Mechanism Manager Type Manager Tail-F NCS Open vSwitch Linuxbridge L2 Population Hyper-V Cisco Nexus Arista VXLAN TypeDriver VLAN TypeDriver GRE TypeDriver
TypeDrivers in Havana The following are supported segmentation types in ML2 for the Havana release: ● local ● flat ● VLAN ● GRE ● VXLAN
MechanismDrivers in Havana The following ML2 MechanismDrivers exist in Havana: ● ● ● ● ● ● ● Arista Cisco Nexus Hyper-V L2 Population Linuxbridge Open vSwitch Tail-f NCS
ML2 Futures: Deprecation Items • The future of the Open vSwitch and Linuxbridge plugins o o o These are planned for deprecation in Icehouse ML2 supports all their functionality ML2 works with the existing OVS and Linuxbrige agents
ML2 With Current Agents ● ML2 Plugin works with existing agents Neutron Server ML2 Plugin ● Separate agents for Linuxbridge and Open vSwitch ● Can also use physical switches from different vendors API Network Host A Linuxbridge Agent Host B Linuxbridge Agent Host C Open vSwitch Agent Host D Open vSwitch Agent
ML2 demo, showing ... ● ML2 running with multiple MechanismDrivers ○ ○ openvswitch cisco_nexus ● Booting multiple VMs on multiple compute hosts ● Configuration of VLANs across both virtual and physical infrastructure
Cisco Nexus ML2 Mechanism Driver Demonstration
Cisco Nexus ML2 Mechanism Driver • Manages VLAN creation/removal on Cisco Nexus 3K/5K/7K switches as instances are launched, migrated, or terminated • Works with Open vSwitch (OVS) mechanism driver  OVS: virtual switching  Cisco Nexus: physical switching • Ported from original Cisco Nexus OpenStack Plugin • Available in Havana release
Topology Management Network Controller / Network Node Compute Host 1 VM 1 VM 2 Compute Host 2 VM 3 VM 4 External Network eth1/1 eth1/2 eth1/3 VLAN 810 mgmt VLAN 812 Nexus 3K Data Network
DevStack Configuration Add to localrc File: Q_PLUGIN=ml2 Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch, cisco_nexus Q_ML2_PLUGIN_TYPE_DRIVERS=vlan Q_PLUGIN_EXTRA_CONF_PATH=(/home/leblancd/devstack) Q_PLUGIN_EXTRA_CONF_FILES=(ml2_conf_cisco.ini) ML2_VLAN_RANGES=physnet1:810:819 ENABLE_TENANT_VLANS=True PHYSICAL_NETWORK=physnet1 OVS_PHYSICAL_BRIDGE=br-eth1
Cisco Mechanism Driver Config • Create a file, e.g. “ml2_conf_cisco.ini”: • o[ml2_mech_cisco_nexus:10.86.1.118] oComputeHost-1=1/2 oComputeHost-2=1/3 ossh_port=22 ousername=admin opassword=MyPassword File name and path are arbitrary, but these configs in localrc must point to it:  Q_PLUGIN_EXTRA_CONF_PATH Q_PLUGIN_EXTRA_CONF_FILES • Template in Neutron branch: o
Neutron Server Startup Command cd /opt/stack/neutron && pyth /usr/local/bin/neutronserver --config-file /etc/neutron/neutron.conf --configfile /etc/neutron/plugins/ml2/ml2_conf.ini --config-file //home/leblancd/devstack/ml2_conf_cisco.ini || echo "q-svc failed to start" | tee "/opt/stack/status/stack/qsvc.failure"
Demo
Resources • README files: o /opt/stack/neutron/neutron/plugins/ml2/README • o /opt/stack/neutron/neutron/plugins/ml2/drivers/cisco/README Template .ini Files: o /opt/stack/neutron/etc/neutron/plugins/ml2/ml2_conf.ini • o /opt/stack/neutron/etc/neutron/plugins/ml2/ml2_conf_cisco.ini Wiki Pages: o https://wiki.openstack.org/wiki/Neutron/ML2 • o https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus Google Doc: o https://docs.google.com/document/d/1FXo0Hlc5c0myvBk99Bw51yOdHmEXHS aFKUhEGNEuDo4
Virtual Private Networking as a Service Havana Release Paul Michali MAIL pcm@cisco.com IRC pcm_ (irc.freenode.net) TW @pmichali
Virtual Private Network as a Service • Initial Release Goals • • • • Site to site VPN (~AWS). Considered “experimental” w/limited functionality. Only Pre-Shared Keys, no certificates. Future releases to address other use cases. • • • SSL-VPN, MPLS/BGP Certificate support Service insertion/chaining
OpenSwan Driver • OpenSwan: open source VPN process • • • Supports several encryption/auth algorithms, modes of operation (Remote Access, Site2Site, Host2Host). Designed to support a single connection. Uses configuration files to control operation • /opt/stack/data/neutron/ipsec/<router-UUID>/…
Current Status • • • • Reference implementation released Horizon dashboard access released CLI and REST APIs available API reference documentation published • http://docs.openstack.org/api/openstack-network/2.0/content/vpnaas_ext.html • Feature documentation in progress • Ongoing: bug fixes & enhancements (Icehouse)
Site to Site VPN VM VM VM 10.1.0.4 Router 10.1.0.5 10.2.0.4 10.1.0.1 Router 172.24.4.21 172.24.4.11 East Private: 10.1.0.0/24 Br-ex: 172.24.4.11 10.2.0.1 VPN 172.24.4.0/24 West Private: 10.2.0.0/24 Br-ex: 172.24.4.21
Site to Site VPN (physical) Host Private: 10.2.0.0/24 Private: 10.1.0.0/24 Ubuntu 12.04 (VM) Ubuntu 12.04 (VM) Br-ex: 172.24.4.10 eth1 Br-ex: 172.24.4.20 eth0 eth0 NAT/host Admin Network Internal Network Public Network (172.24.4.222/28) eth1
Reference Info • How To: https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall • Main page (API is in OS doc wiki): http://docs.openstack.org/api/openstack-network/2.0/content/vpnaas_ext.html https://wiki.openstack.org/wiki/Neutron/VPNaaS • OpenSwan & StrongSwan: https://github.com/xelerance/Openswan/wiki http://www.strongswan.org/ and http://wiki.strongswan.org/projects/strongswan
Backup Slides
Site to Site VPN (physical) Private: 10.1.0.0/24 Private: 10.2.0.0/24 Devstack-32 (UCS) Devstack-33 (UCS) Br-ex: 172.24.4.225 eth1 Br-ex: 172.24.4.232 eth2 14.0.3.32 14.0.3.33 Switch Admin Network (14.0.3.0/24) C6500 Public Network (172.24.4.222/28) eth4 eth3 172.24.4.225
Multi-node DevStack • To do site-to-site VPN, needed to share the public net. • Solution: Config DevStack (localrc) GW IP to be specified. Also added naming for easier config. devstack-32 enable_service q-vpn PUBLIC_SUBNET_NAME=yoursubnet PRIVATE_SUBNET_NAME=mysubnet PUBLIC_NETWORK_GATEWAY=172.24.4.225 Q_FLOATING_ALLOCATION_POOL=“start=172.24.4.226, end=172.24.4.231” Q_USE_SECGROUP=False devstack-33 enable_service q-vpn PUBLIC_SUBNET_NAME=yoursubnet PRIVATE_SUBNET_NAME=mysubnet PUBLIC_NETWORK_GATEWAY=172.24.4.232 Q_FLOATING_ALLOCATION_POOL="start=172.24.4.233, end=172.24.4.238” Q_USE_SECGROUP=False FIXED_RANGE=10.1.0.0/24 NETWORK_GATEWAY=10.1.0.1 FIXED_RANGE=10.2.0.0/24 NETWORK_GATEWAY=10.2.0.1
Modifications for VPNaaS • • • • Make localrc modifications as shown on previous page. Connect two systems with a switch (L2) for public net. Manually bring up eth# used for public network link. Add br-ex and add eth# to br-ex.
Object Diagram IPSec Policy IKE Policy 1 1 used by used by N N 1 Service IPSec Site Connection N establishes 1 1 is associated with is associated with 1 Subnet 1 Router Note: all of these are associated with a single tenant
VPN Archtecture IPSec Rest API VPN Extension Common API IPSec VPN Adv Srv Plugin Core DB Schedulers (not implemented) NameSpaceDevice IPSec VPN Agent BP2 strong-swan driver VMDevice HardWareDevice
RPC API (Create VPN Service1/2) User Neutron IpSecDriver create vpn service Select driver using type Set status BUILDING Ensure Add interface to the router create vpn service create Ike policy Noop (do nothing) Store policy create ipsec policy Store policy create vpn connection create vpn connection Agent StrongSwan DeviceDriver Namespace Device
RPC API (Create VPN Service 2/2) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Namespace Device fetch router host of associated router vpn-service-updated sync this sync will be done pediolically, and boot time also sync sync vpn connection info with related infos compair local state ensure_conf_file ensure_process_running
RPC API (Update VPN Service) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Update VPN or Update Serivce/IKE policy/IPSec or CUD of vpn connections Select driver using type vpn-service-updated vpn-service-updated sync sync Namespace Device
RPC API (Update VPN Service) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Update or DeleteVPN Serivce/IKE policy/IPSec or CRUD of vpn connections Select driver using type Remove interface vpn-service-updated vpn-service-updated sync sync Namespace Device
RPC API (Update VPN Service) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Update VPN or Update Serivce/IKE policy/IPSec or CUD of vpn connections Select driver using type vpn-service-updated vpn-service-updated sync sync Namespace Device
RPC API (Update VPN Service) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Update or DeleteVPN Serivce/IKE policy/IPSec or CRUD of vpn connections Select driver using type Remove interface vpn-service-updated vpn-service-updated sync sync Namespace Device
Proposed IP Sec Object Model
Amazon Object Model
Cisco Object Model
FWaaS in OpenStack Havana
Contributors • BigSwitch Sumit N, KC Wang • Cisco Sridar K • Dell Rajesh M • PayPal Ravi C
Initial reference implementation How: Service Plugin + Agent + Driver Where: L3 only -- iptables rules on routers Why: Complements security groups What next? Vendor drivers
Entity Relationships Firewall Rules Firewall A Firewall B Tenant B Firewall C Allow ICMP Tenant A Tenant C Firewall Policy X ... Allow TCP 80 ... Firewall Policy Y ... Ordered (Routers)
Command Line Interface Rules Policies firewall-rule-create (CRUD) firewall-policy-create firewall-rule-list firewall-rule-show firewall-rule-update firewall-rule-delete firewall-policy-list firewall-policy-show firewall-policy-update firewall-policy-insert-rule firewall-policy-remove-rule firewall-policy-delete Firewalls firewall-create firewall-list firewall-show firewall-update firewall-delete
Demo Dashboard Interface and CLI

Recommandé

Introduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronIntroduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronSana Khan
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack NetworkingIlya Shakhat
 
OpenStack Neutron Liberty Updates
OpenStack Neutron Liberty UpdatesOpenStack Neutron Liberty Updates
OpenStack Neutron Liberty Updatesmestery
 
OpenStack Neutron 201 1hr
OpenStack Neutron 201 1hr OpenStack Neutron 201 1hr
OpenStack Neutron 201 1hr David Lenwell
 
OpenStack Neutron new developers on boarding
OpenStack Neutron new developers on boardingOpenStack Neutron new developers on boarding
OpenStack Neutron new developers on boardingMiguel Lavalle
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridKamesh Pemmaraju
 
Open Source Backends for OpenStack Neutron
Open Source Backends for OpenStack NeutronOpen Source Backends for OpenStack Neutron
Open Source Backends for OpenStack Neutronmestery
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenesinbroker
 

Recommandé

Introduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronIntroduction to Software Defined Networking and OpenStack Neutron
Introduction to Software Defined Networking and OpenStack NeutronSana Khan
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack NetworkingIlya Shakhat
 
OpenStack Neutron Liberty Updates
OpenStack Neutron Liberty UpdatesOpenStack Neutron Liberty Updates
OpenStack Neutron Liberty Updatesmestery
 
OpenStack Neutron 201 1hr
OpenStack Neutron 201 1hr OpenStack Neutron 201 1hr
OpenStack Neutron 201 1hr David Lenwell
 
OpenStack Neutron new developers on boarding
OpenStack Neutron new developers on boardingOpenStack Neutron new developers on boarding
OpenStack Neutron new developers on boardingMiguel Lavalle
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridKamesh Pemmaraju
 
Open Source Backends for OpenStack Neutron
Open Source Backends for OpenStack NeutronOpen Source Backends for OpenStack Neutron
Open Source Backends for OpenStack Neutronmestery
 
Neutron behind the scenes
Neutron behind the scenesNeutron behind the scenes
Neutron behind the scenesinbroker
 
OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013Edgar Magana
 
Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutronmestery
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
OpenStack Meetup - SDN
OpenStack Meetup - SDNOpenStack Meetup - SDN
OpenStack Meetup - SDNSzilvia Racz
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Dave Neary
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesAnil Bidari ( CEO , Cloud Enabled)
 
How to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need toHow to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need tosalv_orlando
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantumMiguel Lavalle
 
OpenStack sdn
OpenStack sdnOpenStack sdn
OpenStack sdnAdrián Norte Fernández
 
Openstack Networking and ML2
Openstack Networking and ML2Openstack Networking and ML2
Openstack Networking and ML2Szlovencsak Attila
 
Training open stack networking -neutron
Training open stack networking -neutronTraining open stack networking -neutron
Training open stack networking -neutronHaifeng Yan (颜海峰)
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
 
Inside neutron 2
Inside neutron 2Inside neutron 2
Inside neutron 2Robin Gong
 
Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Dan Wendlandt
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Routercarlbaldwin
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack NetworkingPLUMgrid
 
OPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV
 
Openstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTOpenstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTToshikazu Ichikawa
 

Contenu connexe

Tendances

OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013Edgar Magana
 
Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutronmestery
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
OpenStack Meetup - SDN
OpenStack Meetup - SDNOpenStack Meetup - SDN
OpenStack Meetup - SDNSzilvia Racz
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Dave Neary
 
How to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need toHow to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need tosalv_orlando
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantumMiguel Lavalle
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
 
Inside neutron 2
Inside neutron 2Inside neutron 2
Inside neutron 2Robin Gong
 
Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Dan Wendlandt
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Routercarlbaldwin
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack NetworkingPLUMgrid
 

Tendances (20)

OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013
 
Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutron
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron)
 
OpenStack Meetup - SDN
OpenStack Meetup - SDNOpenStack Meetup - SDN
OpenStack Meetup - SDN
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the Scenes
 
How to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need toHow to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need to
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
 
OpenStack sdn
OpenStack sdnOpenStack sdn
OpenStack sdn
 
Openstack Networking and ML2
Openstack Networking and ML2Openstack Networking and ML2
Openstack Networking and ML2
 
Training open stack networking -neutron
Training open stack networking -neutronTraining open stack networking -neutron
Training open stack networking -neutron
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
 
Inside neutron 2
Inside neutron 2Inside neutron 2
Inside neutron 2
 
Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)Quantum (OpenStack Meetup Feb 9th, 2012)
Quantum (OpenStack Meetup Feb 9th, 2012)
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Router
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with Neutron
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack Networking
 

En vedette

OPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV
 
Openstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTOpenstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTToshikazu Ichikawa
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaLorenzo Carnevale
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Ajeet Singh
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...Adi Gazit Blecher
 
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesBest Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesAdi Gazit Blecher
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialSaju Madhavan
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
Open stack icehouse microsoftupdate
Open stack icehouse microsoftupdateOpen stack icehouse microsoftupdate
Open stack icehouse microsoftupdateKamesh Pemmaraju
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesKamesh Pemmaraju
 
vBrownBag OpenStack Networking Talk
vBrownBag OpenStack Networking TalkvBrownBag OpenStack Networking Talk
vBrownBag OpenStack Networking Talkmestery
 
Triangle OpenStack Meetup
Triangle OpenStack MeetupTriangle OpenStack Meetup
Triangle OpenStack Meetupmestery
 
Dell SUSE Cloud Solution, Powered by OpenStack
Dell SUSE Cloud Solution, Powered by OpenStackDell SUSE Cloud Solution, Powered by OpenStack
Dell SUSE Cloud Solution, Powered by OpenStackKamesh Pemmaraju
 
Dell openstack cloud with inktank ceph – large scale customer deployment
Dell openstack cloud with inktank ceph – large scale customer deploymentDell openstack cloud with inktank ceph – large scale customer deployment
Dell openstack cloud with inktank ceph – large scale customer deploymentKamesh Pemmaraju
 
Open Source Cloud, Virtualization and Deployment Technologies
Open Source Cloud, Virtualization and Deployment TechnologiesOpen Source Cloud, Virtualization and Deployment Technologies
Open Source Cloud, Virtualization and Deployment Technologiesmestery
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Novaclayton_oneill
 
Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Елена Ежова
 
Postgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStackPostgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStackKamesh Pemmaraju
 
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaSOpenstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaSSadique Puthen
 

En vedette (20)

OPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the CloudOPNFV Use Case: VPN in the Cloud
OPNFV Use Case: VPN in the Cloud
 
Openstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LTOpenstack Ops Meetup Palo Alto LT
Openstack Ops Meetup Palo Alto LT
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio TavillaOpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
 
Best Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change ProcessesBest Practics for Automating Next Generation Firewall Change Processes
Best Practics for Automating Next Generation Firewall Change Processes
 
OpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf TutorialOpenStack DevStack Configuration localrc local.conf Tutorial
OpenStack DevStack Configuration localrc local.conf Tutorial
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
kamesh Videos
kamesh Videoskamesh Videos
kamesh Videos
 
Open stack icehouse microsoftupdate
Open stack icehouse microsoftupdateOpen stack icehouse microsoftupdate
Open stack icehouse microsoftupdate
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack Architectures
 
vBrownBag OpenStack Networking Talk
vBrownBag OpenStack Networking TalkvBrownBag OpenStack Networking Talk
vBrownBag OpenStack Networking Talk
 
Triangle OpenStack Meetup
Triangle OpenStack MeetupTriangle OpenStack Meetup
Triangle OpenStack Meetup
 
Dell SUSE Cloud Solution, Powered by OpenStack
Dell SUSE Cloud Solution, Powered by OpenStackDell SUSE Cloud Solution, Powered by OpenStack
Dell SUSE Cloud Solution, Powered by OpenStack
 
Dell openstack cloud with inktank ceph – large scale customer deployment
Dell openstack cloud with inktank ceph – large scale customer deploymentDell openstack cloud with inktank ceph – large scale customer deployment
Dell openstack cloud with inktank ceph – large scale customer deployment
 
Open Source Cloud, Virtualization and Deployment Technologies
Open Source Cloud, Virtualization and Deployment TechnologiesOpen Source Cloud, Virtualization and Deployment Technologies
Open Source Cloud, Virtualization and Deployment Technologies
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Nova
 
Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?Is OpenStack Neutron production ready for large scale deployments?
Is OpenStack Neutron production ready for large scale deployments?
 
Postgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStackPostgres Plus Cloud Database on OpenStack
Postgres Plus Cloud Database on OpenStack
 
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaSOpenstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
 

Similaire à Whats new in neutron for open stack havana

[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVROpenStack Korea Community
 
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...Rohit Agarwalla
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728jieun kim
 
Cloudstack networking2
Cloudstack networking2Cloudstack networking2
Cloudstack networking2Hiroaki Kawai
 
Build your own private openstack cloud
Build your own private openstack cloudBuild your own private openstack cloud
Build your own private openstack cloudNUTC, imac
 
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnCouch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnTrevor Roberts Jr.
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Cloud Native Day Tel Aviv
 
OpenStack KOREA 정기 세미나_OpenStack meet iNaaS SDN Controller
OpenStack KOREA 정기 세미나_OpenStack meet iNaaS SDN ControllerOpenStack KOREA 정기 세미나_OpenStack meet iNaaS SDN Controller
OpenStack KOREA 정기 세미나_OpenStack meet iNaaS SDN ControllerYongyoon Shin
 
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)Odinot Stanislas
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...LinuxCon ContainerCon CloudOpen China
 
Seamless migration from nova network to neutron in e bay production
Seamless migration from nova network to neutron in e bay productionSeamless migration from nova network to neutron in e bay production
Seamless migration from nova network to neutron in e bay productionChengyuan Li
 
VMWare: Nova and NVP Support - Gary Kotton and Dimitri Desmidt
VMWare: Nova and NVP Support - Gary Kotton and Dimitri DesmidtVMWare: Nova and NVP Support - Gary Kotton and Dimitri Desmidt
VMWare: Nova and NVP Support - Gary Kotton and Dimitri DesmidtCloud Native Day Tel Aviv
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environmentsShapeBlue
 
SDNDS.TW Mininet
SDNDS.TW MininetSDNDS.TW Mininet
SDNDS.TW MininetNCTU
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 

Similaire à Whats new in neutron for open stack havana (20)

[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR
 
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
 
Cloudstack networking2
Cloudstack networking2Cloudstack networking2
Cloudstack networking2
 
Build your own private openstack cloud
Build your own private openstack cloudBuild your own private openstack cloud
Build your own private openstack cloud
 
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean WinnCouch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
 
OpenStack KOREA 정기 세미나_OpenStack meet iNaaS SDN Controller
OpenStack KOREA 정기 세미나_OpenStack meet iNaaS SDN ControllerOpenStack KOREA 정기 세미나_OpenStack meet iNaaS SDN Controller
OpenStack KOREA 정기 세미나_OpenStack meet iNaaS SDN Controller
 
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStack
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
 
Neutron DVR
Neutron DVRNeutron DVR
Neutron DVR
 
Seamless migration from nova network to neutron in e bay production
Seamless migration from nova network to neutron in e bay productionSeamless migration from nova network to neutron in e bay production
Seamless migration from nova network to neutron in e bay production
 
Setup guide nos-v3_5
Setup guide nos-v3_5Setup guide nos-v3_5
Setup guide nos-v3_5
 
VMWare: Nova and NVP Support - Gary Kotton and Dimitri Desmidt
VMWare: Nova and NVP Support - Gary Kotton and Dimitri DesmidtVMWare: Nova and NVP Support - Gary Kotton and Dimitri Desmidt
VMWare: Nova and NVP Support - Gary Kotton and Dimitri Desmidt
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environments
 
SDNDS.TW Mininet
SDNDS.TW MininetSDNDS.TW Mininet
SDNDS.TW Mininet
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 

Plus de Kamesh Pemmaraju

Mirantis OpenStack and Cumulus Linux Webinar
Mirantis OpenStack and Cumulus Linux WebinarMirantis OpenStack and Cumulus Linux Webinar
Mirantis OpenStack and Cumulus Linux WebinarKamesh Pemmaraju
 
New Ceph capabilities and Reference Architectures
New Ceph capabilities and Reference ArchitecturesNew Ceph capabilities and Reference Architectures
New Ceph capabilities and Reference ArchitecturesKamesh Pemmaraju
 
OpenStack and Ceph case study at the University of Alabama
OpenStack and Ceph case study at the University of AlabamaOpenStack and Ceph case study at the University of Alabama
OpenStack and Ceph case study at the University of AlabamaKamesh Pemmaraju
 
High Availability for OpenStack
High Availability for OpenStackHigh Availability for OpenStack
High Availability for OpenStackKamesh Pemmaraju
 
Massachusetts Open Cloud Initiative
Massachusetts Open Cloud InitiativeMassachusetts Open Cloud Initiative
Massachusetts Open Cloud InitiativeKamesh Pemmaraju
 
Docker and OpenStack Boston Meetup
Docker and OpenStack Boston MeetupDocker and OpenStack Boston Meetup
Docker and OpenStack Boston MeetupKamesh Pemmaraju
 
Ceph and openstack at the boston meetup
Ceph and openstack at the boston meetupCeph and openstack at the boston meetup
Ceph and openstack at the boston meetupKamesh Pemmaraju
 
Solving Business Challenges with OpenStack
Solving Business Challenges with OpenStackSolving Business Challenges with OpenStack
Solving Business Challenges with OpenStackKamesh Pemmaraju
 
Software Defined Networking
Software Defined Networking Software Defined Networking
Software Defined Networking Kamesh Pemmaraju
 
Wicked Easy Ceph Block Storage & OpenStack Deployment with Crowbar
Wicked Easy Ceph Block Storage & OpenStack Deployment with CrowbarWicked Easy Ceph Block Storage & OpenStack Deployment with Crowbar
Wicked Easy Ceph Block Storage & OpenStack Deployment with CrowbarKamesh Pemmaraju
 
Hyper-V support for OpenStack Grizzly
Hyper-V support for OpenStack GrizzlyHyper-V support for OpenStack Grizzly
Hyper-V support for OpenStack GrizzlyKamesh Pemmaraju
 
Open stack meetup_boston_ubuntu_cloud
Open stack meetup_boston_ubuntu_cloudOpen stack meetup_boston_ubuntu_cloud
Open stack meetup_boston_ubuntu_cloudKamesh Pemmaraju
 
Open stack swift_essex_meetup_2012_06_21_judd_maltin
Open stack swift_essex_meetup_2012_06_21_judd_maltinOpen stack swift_essex_meetup_2012_06_21_judd_maltin
Open stack swift_essex_meetup_2012_06_21_judd_maltinKamesh Pemmaraju
 
Open stack foundation update 6 21_2012
Open stack foundation update 6 21_2012Open stack foundation update 6 21_2012
Open stack foundation update 6 21_2012Kamesh Pemmaraju
 

Plus de Kamesh Pemmaraju (20)

Mirantis OpenStack and Cumulus Linux Webinar
Mirantis OpenStack and Cumulus Linux WebinarMirantis OpenStack and Cumulus Linux Webinar
Mirantis OpenStack and Cumulus Linux Webinar
 
New Ceph capabilities and Reference Architectures
New Ceph capabilities and Reference ArchitecturesNew Ceph capabilities and Reference Architectures
New Ceph capabilities and Reference Architectures
 
OpenStack and Ceph case study at the University of Alabama
OpenStack and Ceph case study at the University of AlabamaOpenStack and Ceph case study at the University of Alabama
OpenStack and Ceph case study at the University of Alabama
 
High Availability for OpenStack
High Availability for OpenStackHigh Availability for OpenStack
High Availability for OpenStack
 
OpenStack 101 update
OpenStack 101 updateOpenStack 101 update
OpenStack 101 update
 
Massachusetts Open Cloud Initiative
Massachusetts Open Cloud InitiativeMassachusetts Open Cloud Initiative
Massachusetts Open Cloud Initiative
 
Docker and OpenStack Boston Meetup
Docker and OpenStack Boston MeetupDocker and OpenStack Boston Meetup
Docker and OpenStack Boston Meetup
 
Ceph and openstack at the boston meetup
Ceph and openstack at the boston meetupCeph and openstack at the boston meetup
Ceph and openstack at the boston meetup
 
Solving Business Challenges with OpenStack
Solving Business Challenges with OpenStackSolving Business Challenges with OpenStack
Solving Business Challenges with OpenStack
 
Openstack 101
Openstack 101Openstack 101
Openstack 101
 
Software Defined Networking
Software Defined Networking Software Defined Networking
Software Defined Networking
 
Open stack qa and tempest
Open stack qa and tempestOpen stack qa and tempest
Open stack qa and tempest
 
Wicked Easy Ceph Block Storage & OpenStack Deployment with Crowbar
Wicked Easy Ceph Block Storage & OpenStack Deployment with CrowbarWicked Easy Ceph Block Storage & OpenStack Deployment with Crowbar
Wicked Easy Ceph Block Storage & OpenStack Deployment with Crowbar
 
Hyper-V support for OpenStack Grizzly
Hyper-V support for OpenStack GrizzlyHyper-V support for OpenStack Grizzly
Hyper-V support for OpenStack Grizzly
 
Pyrax talk
Pyrax talkPyrax talk
Pyrax talk
 
Private cloud in a box
Private cloud in a boxPrivate cloud in a box
Private cloud in a box
 
Open stack meetup_boston_ubuntu_cloud
Open stack meetup_boston_ubuntu_cloudOpen stack meetup_boston_ubuntu_cloud
Open stack meetup_boston_ubuntu_cloud
 
Openstack Keystone
Openstack Keystone Openstack Keystone
Openstack Keystone
 
Open stack swift_essex_meetup_2012_06_21_judd_maltin
Open stack swift_essex_meetup_2012_06_21_judd_maltinOpen stack swift_essex_meetup_2012_06_21_judd_maltin
Open stack swift_essex_meetup_2012_06_21_judd_maltin
 
Open stack foundation update 6 21_2012
Open stack foundation update 6 21_2012Open stack foundation update 6 21_2012
Open stack foundation update 6 21_2012
 

Dernier

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Dernier (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Whats new in neutron for open stack havana

  • 1. What’s new in Neutron for Havana Neutron developers at Cisco Systems Boxborough office Brian Bowen, Henry Gessau, Dane LeBlanc, Paul Michali, Abishek Subramanian, et. al.
  • 2. Agenda • • • • • • • • Modular Layer 2 plugin (ML2) ML2 demo with Cisco Nexus driver FireWall as a Service (FWaaS) FWaaS demo VPN as a Service (VPNaaS) VPNaaS demo Cisco plugin with N1000V Demo of Dashboard to control N1000V
  • 3. Modular Layer 2 in OpenStack Neutron Robert Kukura, Red Hat Kyle Mestery, Cisco
  • 4. Motivations For a Modular Layer 2 Plugin
  • 5. Before Modular Layer 2 ... Neutron Server Neutron Server OR Open vSwitch Plugin OR ... Linuxbridge Plugin
  • 6. Before Modular Layer 2 ... Neutron Server Compute node Cisco Plugin Open vSwitch agent Open vSwitch Sub-Plugin Nexus Sub-Plugin Cisco Nexus switch
  • 7. ML2 Architecture Diagram Neutron Server API Extensions ML2 Plugin Mechanism Manager Type Manager Tail-F NCS Open vSwitch Linuxbridge L2 Population Hyper-V Cisco Nexus Arista VXLAN TypeDriver VLAN TypeDriver GRE TypeDriver
  • 8. TypeDrivers in Havana The following are supported segmentation types in ML2 for the Havana release: ● local ● flat ● VLAN ● GRE ● VXLAN
  • 9. MechanismDrivers in Havana The following ML2 MechanismDrivers exist in Havana: ● ● ● ● ● ● ● Arista Cisco Nexus Hyper-V L2 Population Linuxbridge Open vSwitch Tail-f NCS
  • 10. ML2 Futures: Deprecation Items • The future of the Open vSwitch and Linuxbridge plugins o o o These are planned for deprecation in Icehouse ML2 supports all their functionality ML2 works with the existing OVS and Linuxbrige agents
  • 11. ML2 With Current Agents ● ML2 Plugin works with existing agents Neutron Server ML2 Plugin ● Separate agents for Linuxbridge and Open vSwitch ● Can also use physical switches from different vendors API Network Host A Linuxbridge Agent Host B Linuxbridge Agent Host C Open vSwitch Agent Host D Open vSwitch Agent
  • 12. ML2 demo, showing ... ● ML2 running with multiple MechanismDrivers ○ ○ openvswitch cisco_nexus ● Booting multiple VMs on multiple compute hosts ● Configuration of VLANs across both virtual and physical infrastructure
  • 13. Cisco Nexus ML2 Mechanism Driver Demonstration
  • 14. Cisco Nexus ML2 Mechanism Driver • Manages VLAN creation/removal on Cisco Nexus 3K/5K/7K switches as instances are launched, migrated, or terminated • Works with Open vSwitch (OVS) mechanism driver  OVS: virtual switching  Cisco Nexus: physical switching • Ported from original Cisco Nexus OpenStack Plugin • Available in Havana release
  • 15. Topology Management Network Controller / Network Node Compute Host 1 VM 1 VM 2 Compute Host 2 VM 3 VM 4 External Network eth1/1 eth1/2 eth1/3 VLAN 810 mgmt VLAN 812 Nexus 3K Data Network
  • 16. DevStack Configuration Add to localrc File: Q_PLUGIN=ml2 Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch, cisco_nexus Q_ML2_PLUGIN_TYPE_DRIVERS=vlan Q_PLUGIN_EXTRA_CONF_PATH=(/home/leblancd/devstack) Q_PLUGIN_EXTRA_CONF_FILES=(ml2_conf_cisco.ini) ML2_VLAN_RANGES=physnet1:810:819 ENABLE_TENANT_VLANS=True PHYSICAL_NETWORK=physnet1 OVS_PHYSICAL_BRIDGE=br-eth1
  • 17. Cisco Mechanism Driver Config • Create a file, e.g. “ml2_conf_cisco.ini”: • o[ml2_mech_cisco_nexus:10.86.1.118] oComputeHost-1=1/2 oComputeHost-2=1/3 ossh_port=22 ousername=admin opassword=MyPassword File name and path are arbitrary, but these configs in localrc must point to it:  Q_PLUGIN_EXTRA_CONF_PATH Q_PLUGIN_EXTRA_CONF_FILES • Template in Neutron branch: o
  • 18. Neutron Server Startup Command cd /opt/stack/neutron && pyth /usr/local/bin/neutronserver --config-file /etc/neutron/neutron.conf --configfile /etc/neutron/plugins/ml2/ml2_conf.ini --config-file //home/leblancd/devstack/ml2_conf_cisco.ini || echo "q-svc failed to start" | tee "/opt/stack/status/stack/qsvc.failure"
  • 19. Demo
  • 20. Resources • README files: o /opt/stack/neutron/neutron/plugins/ml2/README • o /opt/stack/neutron/neutron/plugins/ml2/drivers/cisco/README Template .ini Files: o /opt/stack/neutron/etc/neutron/plugins/ml2/ml2_conf.ini • o /opt/stack/neutron/etc/neutron/plugins/ml2/ml2_conf_cisco.ini Wiki Pages: o https://wiki.openstack.org/wiki/Neutron/ML2 • o https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus Google Doc: o https://docs.google.com/document/d/1FXo0Hlc5c0myvBk99Bw51yOdHmEXHS aFKUhEGNEuDo4
  • 21. Virtual Private Networking as a Service Havana Release Paul Michali MAIL pcm@cisco.com IRC pcm_ (irc.freenode.net) TW @pmichali
  • 22. Virtual Private Network as a Service • Initial Release Goals • • • • Site to site VPN (~AWS). Considered “experimental” w/limited functionality. Only Pre-Shared Keys, no certificates. Future releases to address other use cases. • • • SSL-VPN, MPLS/BGP Certificate support Service insertion/chaining
  • 23. OpenSwan Driver • OpenSwan: open source VPN process • • • Supports several encryption/auth algorithms, modes of operation (Remote Access, Site2Site, Host2Host). Designed to support a single connection. Uses configuration files to control operation • /opt/stack/data/neutron/ipsec/<router-UUID>/…
  • 24. Current Status • • • • Reference implementation released Horizon dashboard access released CLI and REST APIs available API reference documentation published • http://docs.openstack.org/api/openstack-network/2.0/content/vpnaas_ext.html • Feature documentation in progress • Ongoing: bug fixes & enhancements (Icehouse)
  • 25. Site to Site VPN VM VM VM 10.1.0.4 Router 10.1.0.5 10.2.0.4 10.1.0.1 Router 172.24.4.21 172.24.4.11 East Private: 10.1.0.0/24 Br-ex: 172.24.4.11 10.2.0.1 VPN 172.24.4.0/24 West Private: 10.2.0.0/24 Br-ex: 172.24.4.21
  • 26. Site to Site VPN (physical) Host Private: 10.2.0.0/24 Private: 10.1.0.0/24 Ubuntu 12.04 (VM) Ubuntu 12.04 (VM) Br-ex: 172.24.4.10 eth1 Br-ex: 172.24.4.20 eth0 eth0 NAT/host Admin Network Internal Network Public Network (172.24.4.222/28) eth1
  • 27. Reference Info • How To: https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall • Main page (API is in OS doc wiki): http://docs.openstack.org/api/openstack-network/2.0/content/vpnaas_ext.html https://wiki.openstack.org/wiki/Neutron/VPNaaS • OpenSwan & StrongSwan: https://github.com/xelerance/Openswan/wiki http://www.strongswan.org/ and http://wiki.strongswan.org/projects/strongswan
  • 29. Site to Site VPN (physical) Private: 10.1.0.0/24 Private: 10.2.0.0/24 Devstack-32 (UCS) Devstack-33 (UCS) Br-ex: 172.24.4.225 eth1 Br-ex: 172.24.4.232 eth2 14.0.3.32 14.0.3.33 Switch Admin Network (14.0.3.0/24) C6500 Public Network (172.24.4.222/28) eth4 eth3 172.24.4.225
  • 30. Multi-node DevStack • To do site-to-site VPN, needed to share the public net. • Solution: Config DevStack (localrc) GW IP to be specified. Also added naming for easier config. devstack-32 enable_service q-vpn PUBLIC_SUBNET_NAME=yoursubnet PRIVATE_SUBNET_NAME=mysubnet PUBLIC_NETWORK_GATEWAY=172.24.4.225 Q_FLOATING_ALLOCATION_POOL=“start=172.24.4.226, end=172.24.4.231” Q_USE_SECGROUP=False devstack-33 enable_service q-vpn PUBLIC_SUBNET_NAME=yoursubnet PRIVATE_SUBNET_NAME=mysubnet PUBLIC_NETWORK_GATEWAY=172.24.4.232 Q_FLOATING_ALLOCATION_POOL="start=172.24.4.233, end=172.24.4.238” Q_USE_SECGROUP=False FIXED_RANGE=10.1.0.0/24 NETWORK_GATEWAY=10.1.0.1 FIXED_RANGE=10.2.0.0/24 NETWORK_GATEWAY=10.2.0.1
  • 31. Modifications for VPNaaS • • • • Make localrc modifications as shown on previous page. Connect two systems with a switch (L2) for public net. Manually bring up eth# used for public network link. Add br-ex and add eth# to br-ex.
  • 32. Object Diagram IPSec Policy IKE Policy 1 1 used by used by N N 1 Service IPSec Site Connection N establishes 1 1 is associated with is associated with 1 Subnet 1 Router Note: all of these are associated with a single tenant
  • 33. VPN Archtecture IPSec Rest API VPN Extension Common API IPSec VPN Adv Srv Plugin Core DB Schedulers (not implemented) NameSpaceDevice IPSec VPN Agent BP2 strong-swan driver VMDevice HardWareDevice
  • 34. RPC API (Create VPN Service1/2) User Neutron IpSecDriver create vpn service Select driver using type Set status BUILDING Ensure Add interface to the router create vpn service create Ike policy Noop (do nothing) Store policy create ipsec policy Store policy create vpn connection create vpn connection Agent StrongSwan DeviceDriver Namespace Device
  • 35. RPC API (Create VPN Service 2/2) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Namespace Device fetch router host of associated router vpn-service-updated sync this sync will be done pediolically, and boot time also sync sync vpn connection info with related infos compair local state ensure_conf_file ensure_process_running
  • 36. RPC API (Update VPN Service) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Update VPN or Update Serivce/IKE policy/IPSec or CUD of vpn connections Select driver using type vpn-service-updated vpn-service-updated sync sync Namespace Device
  • 37. RPC API (Update VPN Service) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Update or DeleteVPN Serivce/IKE policy/IPSec or CRUD of vpn connections Select driver using type Remove interface vpn-service-updated vpn-service-updated sync sync Namespace Device
  • 38. RPC API (Update VPN Service) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Update VPN or Update Serivce/IKE policy/IPSec or CUD of vpn connections Select driver using type vpn-service-updated vpn-service-updated sync sync Namespace Device
  • 39. RPC API (Update VPN Service) User Neutron IpSecDriver Agent StrongSwan DeviceDriver Update or DeleteVPN Serivce/IKE policy/IPSec or CRUD of vpn connections Select driver using type Remove interface vpn-service-updated vpn-service-updated sync sync Namespace Device
  • 40. Proposed IP Sec Object Model
  • 44. Contributors • BigSwitch Sumit N, KC Wang • Cisco Sridar K • Dell Rajesh M • PayPal Ravi C
  • 45. Initial reference implementation How: Service Plugin + Agent + Driver Where: L3 only -- iptables rules on routers Why: Complements security groups What next? Vendor drivers
  • 46.
  • 47. Entity Relationships Firewall Rules Firewall A Firewall B Tenant B Firewall C Allow ICMP Tenant A Tenant C Firewall Policy X ... Allow TCP 80 ... Firewall Policy Y ... Ordered (Routers)