Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
ここから細かくなります
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
ここからさらに細かくなります
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without n...
Prochain SlideShare
Chargement dans…5
×

第20回 OpenStack勉強会 Neutron Deep Dive - DVR

第20回 OpenStack勉強会 Neutron Deep Dive
Distributed Virtual Router技術概要

  • Soyez le premier à commenter

第20回 OpenStack勉強会 Neutron Deep Dive - DVR

  1. 1. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Title slide Subtitle Speaker’s Name / Month day, 2014 OpenStackNeutronDistributed Virtual Router 技術概要 Hewlett-Packard Company クラウドチーフテクノロジスト 真壁徹 日本OpenStackユーザー会第20回勉強会
  2. 2. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. はじめに •自己紹介 –真壁徹(まかべとおる) –HP所属クラウドチーフテクノロジスト •当セッションを担当する背景 –HPがJunoサイクルでNeutron開発をがんばったので •セッションのすすめかた –腕におぼえのある方向けのDeep Diveですが、 概要からお話します –開発の背景、できること、なにがうれしいか、を 全員に持ち帰っていただきたい –細かな実装の説明は、最後に http://stackalytics.com/ (Juno, Neutron, Commit) HP
  3. 3. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 当セッションのテーマ “DVR” Distributed Virtual Router 分散 仮想 ルーター
  4. 4. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 以上、ご清聴ありがとうございました
  5. 5. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 分散? 何を? 何で?
  6. 6. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. なぜ分散したいのか? ~Neutron ML2 Plugin+ Open vSwitch~ •Network Nodeが単一障害点になるから •Network Nodeがボトルネックになるから (特にEast/Westトラフィック) Compute Node Compute Node Network Node VM VM Router 外部 Non-DVR 集中 すべての、 •サブネットまたぎの通信 •外部ネットワークとの通信 がNetwork Nodeに集中している
  7. 7. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 無駄無駄無駄無駄無駄無駄無駄無駄無駄無駄無駄無駄無駄無駄無駄 Compute Node Network Node VM VM Router Non-DVR たとえば同じCompute Node上にあるVM、サブネットが違うだけで
  8. 8. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  9. 9. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 無理無理無理無理無理無理無理無理無理無理無理無理無理無理無理 Compute Node Network Node VM VM Router Non-DVR サブネットまたぎの通信、すべてがNetwork Nodeへ Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM Compute Node VM VM
  10. 10. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  11. 11. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. DVRを3行で説明 •Neutronの仮想ルーター機能を、 •Network Node1か所への集中配置から、 •各Compute Nodeへ分散配置できるようにした Compute Node Compute Node Network Node VM VM Router 外部 Compute Node Compute Node Network Node VM VM 外部 Router Router Router Non-DVR DVR 破線については後述 集中
  12. 12. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. みんな、分散できる 商用SDN製品 使ってるのでは?
  13. 13. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. オープンソース/リファレンス実装への期待は高い http://superuser.openstack.org/articles/openstack-user- survey-insights-november-2014 •オープンソースPluginの利用率 が高い •まだ根強いnova-network人気 •非集中モデル •リファレンス実装であるML2 + OVSの底上げには価値がある •もちろん商用製品、あれは、 いいものだ •”Choice”は重要
  14. 14. ここから細かくなります
  15. 15. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. DVR一問一答 •どのバージョンから使える? –Juno •対象Pluginは? –ML2Plugin + Open vSwitch •どのような通信で活きる機能? –サブネットをまたぐ通信すべて •トンネリングの選択肢は? –VXLAN or GRE •DVR使いたくないんだけど? –DVR/Non-DVR(Legacy Mode)を選択可能
  16. 16. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. DVRを有効にするには? •neutron.conf(controller node) router_distributed= True •l3_agent.ini (all nodes) –agent_mode= dvr(compute node) –agent_mode= dvr_snat(network node) •ml2_conf.ini (all nodes) [ml2] mechanism_drivers=openvswitch,l2population •ovs_neutron_plugin.ini (all nodes) [agent] l2_population = True enable_distributed_routing= True ON!!
  17. 17. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Non-DVR/DVRVM間の通信パターン比較 サブネット ノード(ハイパーバイザー) Non-DVR DVR 同じ 同じ 仮想スイッチ 仮想スイッチ 同じ 違う トンネル トンネル 違う 同じ NetworkNode経由 DVR on Compute Node 違う 違う NetworkNode経由 DVR on Compute Node Floating IP NetworkNode経由 DVR on Compute Node Source NAT NetworkNode経由 NetworkNode経由 Compute Node Compute Node Network Node VM VM Router 外部 Compute Node Compute Node Network Node VM VM 外部 DVR_SNAT DVR DVR Non-DVR DVR 破線: SNAT East/West 通信増大 傾向の中、 特に うれしい
  18. 18. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. なぜSNAT通信だけがNetwork Nodeに残ったのか? [openstack-dev] [Neutron] DVR SNAT shortcut http://lists.openstack.org/pipermail/openstack-dev/2014-July/039288.html •技術的には個々のCompute NodeでSNATするオプションも実装できる •ただし議論があったため、実装は今後 –否定派の意見 •Compute NodeごとにSNAT用外部向けIPアドレスを消費する –でもFloating IPをそれなりに用意できるような環境であれば、問題ではないかも… •セキュリティや監査、文化の問題で、外部通信はCompute Nodeに分散させたくない –でもFloating IPを使った外部向け通信はDVRで分散しているので、矛盾してるかも…
  19. 19. ここからさらに細かくなります
  20. 20. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Neutronの主要登場人物(Non-DVR) Network Node Compute Node Neutron Server API ML2 Plugin MetadataAgent Nova Metadata DHCPAgent OVSAgent OVS OVSAgent OVS DB L3Agent Message Queue
  21. 21. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Neutronの主要登場人物(DVR) Network Node Compute Node Neutron Server API ML2 Plugin MetadataAgent Nova Metadata DHCPAgent OVSAgent OVS OVS Agent(DVR) OVS DB L3Agent Message Queue Nova Metadata L3 Agent (DVR) MetadataAgent DVRの ポイント
  22. 22. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Compute Node DVRの正体 •L3 –Linux namespaceとLinux iptablesの組み合わせ –namespaceがテナント分離を実現 •テナント(プロジェクト)毎にnamespaceができる •ノード毎にFloating IP namespaceができる –iptablesがフォワーディング、NATを行う •L2 –Open vSwitch –Integration bridge(br-int)とTunnel Bridge(br-tun)へ DVR関連ルールを書き込む –DVR-MACアドレスを活用してフロー制御 –L2 Populationがarpテーブルへ他ノードVMのmacアドレスを登録 br-int br-tun VM InternalRouter 他ノード br-ex 外部 ネットワーク Floating IPNamespace Tenant Namespaces Rules Rules DVR-MAC DVR-MAC
  23. 23. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. IR Compute Node1 VM1 br-int-cn1 br-tun-cn1 Compute Node 2 VM2 br-int-cn2 br-tun-cn2 DVRで最も熱いパターン: サブネットまたぎのノード間通信 IR VXLANor GRE Tunnel Subnet P(Purple) Subnet B(Blue)
  24. 24. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. IR IR Compute Node1 VM1 br-int-cn1 br-tun-cn1 Compute Node 2 VM2 br-int-cn2 br-tun-cn2 VM1からVM2への通信は、このような経路をたどる Subnet P(Purple) Subnet B(Blue) 送信側ノードは IRを通る 受信側ノードは IRを通らない VXLANor GRE Tunnel でも、ローカル IRから受信した ように認識する
  25. 25. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. IR IR Compute Node1 VM1 br-int-cn1 br-tun-cn1 Compute Node 2 VM2 br-int-cn2 br-tun-cn2 パケットの旅① ① ①VM1からInternal RouterのPインターフェイスへ srcMAC= VM1, destMAC= IR-P, srcIP= VM1, dstIP= VM2 Subnet P(Purple) Subnet B(Blue) VXLAN Tunnel とりあえず Default GWへ IR-P
  26. 26. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. IR IR Compute Node1 VM1 br-int-cn1 br-tun-cn1 Compute Node 2 VM2 br-int-cn2 br-tun-cn2 パケットの旅② ② ②Internal RouterのBインターフェイスからbr-int-cn1, br-tun-cn1へ srcMAC= IR-B, destMAC= VM2, srcIP= VM1, dstIP= VM2 Subnet P(Purple) Subnet B(Blue) VXLAN Tunnel ARPテーブルを見て、 dstMACをセット IR-B
  27. 27. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. IR IR Compute Node1 VM1 br-int-cn1 br-tun-cn1 Compute Node 2 VM2 br-int-cn2 br-tun-cn2 パケットの旅③ ③ ③br-tun-cn1でVNI付与、srcMACをDVR-MACへ変換 VNI = B, srcMAC= DVR-MAC-CN1, destMAC= VM2, srcIP= VM1, dstIP= VM2 VXLAN Tunnel Subnet P(Purple) Subnet B(Blue) VXLANの旅支度と DVR-MACの指定
  28. 28. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. IR IR Compute Node1 VM1 br-int-cn1 br-tun-cn1 Compute Node 2 VM2 br-int-cn2 br-tun-cn2 パケットの旅④ ④ ④br-tun-cn2でVNI削除、ローカルVLANタグを付与 VLAN = B, srcMAC= DVR-MAC-CN1, destMAC= VM2, srcIP= VM1, dstIP= VM2 VXLAN Tunnel Subnet P(Purple) Subnet B(Blue) br-intでフロー制御 できるように準備
  29. 29. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. IR IR Compute Node1 vm1 br-int-cn1 br-tun-cn1 Compute Node 2 vm2 br-int-cn2 br-tun-cn2 パケットの旅⑤ ⑤ ⑤br-int-cn2でローカルVLANタグを削除、srcMACをIR-Bへ srcMAC= IR-B, destMAC= VM2, srcIP= VM1, dstIP= VM2 VXLAN Tunnel Subnet P(Purple) Subnet B(Blue) srcのDVR-MACを変換し IR-Bが送信したように見せる IR-B
  30. 30. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 再掲: Non-DVR/DVRVM間の通信パターン比較 サブネット ノード(ハイパーバイザー) Non-DVR DVR 同じ 同じ 仮想スイッチ 仮想スイッチ 同じ 違う トンネル トンネル 違う 同じ NetworkNode経由 DVR on Compute Node 違う 違う NetworkNode経由 DVR on Compute Node Floating IP NetworkNode経由 DVR on Compute Node Source NAT NetworkNode経由 NetworkNode経由 Compute Node Compute Node Network Node VM VM Router 外部 Compute Node Compute Node Network Node VM VM 外部 DVR_SNAT DVR DVR Non-DVR DVR 破線: SNAT East/West 通信増大 傾向の中、 特に うれしい
  31. 31. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 制約と展望 •DHCP AgentはNetwork Nodeに残る –可用性を高めるには、Network Nodeで複数起動する –neutron.confのdhcp_agents_per_network= X •今後DVR RouterとHA Routerは統合される予定 –L3 リファクタリングとも関連 •L3の“Technical debt(技術的負債)”を返済しつつ、機能統合を進めたい •リファクタリングの議論 –https://review.openstack.org/#/c/131535/4/specs/kilo/restructure-l3-agent.rst
  32. 32. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 参考資料 •Neutron/DVR –https://wiki.openstack.org/wiki/Neutron/DVR •Neutron/DVR L2 Agent(フロー制御を見たい人へおすすめ) –https://wiki.openstack.org/wiki/Neutron/DVR_L2_Agent •Introduced in the Juno Release of OpenStackNeutron –http://www.slideshare.net/carlbaldwin/dvr-slides •DVR Demo –https://www.youtube.com/watch?v=p4BwAjLHd0M
  33. 33. © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thank you Twitter: tmak_tw

×