Contenu connexe Similaire à OpenStack Neutron Havana Overview - Oct 2013 (20) OpenStack Neutron Havana Overview - Oct 20133. Acknowledgments
Big Thanks to Great Developers in OpenStack
Community & OpenStack Foundation
Information presented here are sourced from my own
experience as OpenStack developer/user and from
OpenStack Foundation Documents & Community
Views and Technical points expressed here are solely
presenter’s and doesn’t reflect his employer views/
positions or OpenStack Foundation in anyway.
4. What is OpenStack?
§
OpenStack is a cloud management system that controls large
pools of compute, storage, and networking resources
throughout a datacenter, all managed through a dashboard that
gives administrators control while empowering their users to
provision resources through a web interface.
© 2013 PLUMgrid. All rights reserved.
5. OpenStack: A Brief History
NASA Launches Nebula
One of the first cloud computing platforms built for
Federal Government Private Cloud
March 2010: Rackspace Open Sources Cloud Files
software, aka Swift
May 2010: NASA open sources compute software, aka
“Nova”
June 2010: OpenStack is formed
July 2010: The inaugural Design Summit
April 2012: OpenStack Foundation
April 2013: Grizzly Release
Nov 2013: Havana Release
Quantum à Neutron
April 2014: Icehouse Release
© 2013 PLUMgrid. All rights reserved.
nebula.nasa.gov
7. OpenStack Core Services
Compute ("Nova") provides virtual servers upon demand. Compute
resources are accessible via APIs for developers building cloud applications
and via web interfaces for administrators and users. The compute architecture
is designed to scale horizontally on standard hardware, enabling the cloud
economics companies have come to expect.
Network (”Neutron") is a pluggable, scalable and API-driven system for
managing networks and IP addresses. Like other aspects of the cloud
operating system, it can be used by administrators and users to increase the
value of existing datacenter assets.
Block Storage ("Cinder") provides persistent block storage to guest VMs.
This project was born from code originally in Nova (the nova-volume service
described below).
Dashboard ("Horizon") provides a modular web-based user interface for all
the OpenStack services.
© 2013 PLUMgrid. All rights reserved.
8. OpenStack Core Services
Object Store ("Swift") provides object storage. It allows you to store or
retrieve files (but not mount directories like a fileserver)
Image ("Glance") provides a catalog and repository for virtual disk images.
These disk images are mostly commonly used in OpenStack Compute.
Identity ("Keystone") provides authentication and authorization for all the
OpenStack services
Orchestration (“Heat”) orchestrates multiple cloud applications using the
AWS CloudFormation template format, through both an OpenStack-native
REST API and a CloudFormation-compatible Query API
Metering (“Ceilometer”) monitoring and metering framework using an
agentless from 3rd party systems, all is natively implemented in OpenStack
Documentation (“What’s up doc?)
How many in total?
21
https://wiki.openstack.org/wiki/Programs
© 2013 PLUMgrid. All rights reserved.
11. Level three and she thinks she is rich!
What a noob!
docs.openstack.org
© 2013 PLUMgrid. All rights reserved.
15. Neutron - Overview
§
Incubation project in April 2011
§
Promoted to Core Project at Folsom Summit (April 2012)
§
Neutron Solves two main issues in Nova – Network:
Limited networking technology
1.
Ÿ
Basic linux bridging-based implementation
Ÿ
Limited features (missing ACL, QoS, …)
Ÿ
Limited multi-tenancy isolation – 802.1q VLAN tags.
Limited User/Tenant control over the network
2.
Ÿ
Tenant can not create their own network topologies
Ÿ
Tenant can not leverage different network virtualization technologies
15
© 2013 PLUMgrid. All rights reserved.
16. OpenStack Networking - Neutron
Network as a Service (NaaS)
§
Provides REST APIs to manage network connections for the
resources managed by other OpenStack Services (e.g. Nova)
§
Technology Agnostic (framework based on “plug-ins”)
§
Multi-tenancy: Isolation, Abstraction, full control over virtual
networks
§
Modular Design: API specifies service, vendor provides its
implementation. Extensions for vendor-specific features.
§
Standalone Service : It is not exclusive to OpenStack. Neutron
is an autonomous service
§
Exposes vendor-specific network virtualization and SDN
technologies
© 2013 PLUMgrid. All rights reserved.
17. What does Neutron do?
§
Complete control over the following network resources in OpenStack
§ Networks, Ports and Subnets
§
§
Build complex network topologies based on user/tenant input
Assigns its own network segmentation process
Limited L3 functionality (IP tables rules at host level)
§
Just one plugin at the time
§
§
Modular Layer 2 (ML2)
§
Cisco Plugin supports OVS + NXOS + N1Kv
Meta-plugin (based on zones-flavors)
Focused on VNI (Virtual Networking Infrastructure)
§ Basic VLAN configuration on the Physical Switch (NXOS, Arista,
Brocade, etc…)
§
§
© 2013 PLUMgrid. All rights reserved.
18. What doesn’t Neutron do?
§
§
§
§
Discovery of the network physical infrastructure
Any L3 real configuration (router plugin is in progress)
Synch mechanisms with other network management systems
§ Note: Neutron Plugins could delegate this work
Any configuration at the aggregation layer and/or edge layer
§
Basic configuration at the access layer
© 2013 PLUMgrid. All rights reserved.
19. Neutron Architecture
Neutron API
API Extensions
Neutron Service
Neutron Plug-in API
Service API
(VPN, FW & LBaaS)
Plug-In
Implementation
Plug-In
Extensions
VNI & PNI
Virtual & Physical Networking Infrastructure
© 2013 PLUMgrid. All rights reserved.
20. Neutron Plug-Ins
Neutron Plugins - Havana
§
Modular Layer 2 (ML2):
§
§
ML2 can concurrently use multiple layer 2 networking technologies that are found in real-world
data centers.
§
§
New in Havana
It currently works with the existing Open vSwitch, Linux Bridge, and Hyper-v L2 agents
Linux Bridge (deprecated):
§
§
§
Build isolated networks with VLAN interfaces and Linux Bridge
Works with every Linux distro
Open vSwitch (deprecated):
§
§
§
Builds isolated networks with OVS and L2-in-L3 tunnels.
Supports GRE and VXLAN tunnels
PLUMgrid:
§
§
Cisco:
§
§
NXOS and N1Kv
NTT-Data Ryu:
§
§
Acts as a proxy for the PLUMgrid Director and IOVisor technology
Acts as a proxy for the NTT Ryu platform
NEC, Hyper-V, Brocade, …
© 2013 PLUMgrid. All rights reserved.
21. Neutron Services - Havana
Neutron Services
§
Load Balancer as a Service (LBaaS):
§
§
HA Proxy support
§
§
Stable release
Vendor specific framework in place
Virtual Private Network as a Service (VPNaaS):
§
§
Site-to-Site configuration
§
§
IPsec support
Single-site-to-Multi-site configuration
Firewall as a Service (FWaaS):
§
Separate FW service
§
IP tables support
§
Vendor specific service can be included
source: wiki.Openstack.org
© 2013 PLUMgrid. All rights reserved.
23. VM booting workflow between nova and neutron
1.
nova boot will get into compute driver, which will call neutron api to create port
2.
neutron-server creates the port object and allocates it with ip address from subnets
3.
neutron-server notifies neutron-dhcp agent with the created port object
4.
neutron-dhcp agent configs the dhcp server with the port object, such as IP, Mac,
gateway and routes
5.
compute-driver gets the network information, and then create port on br-int soft-switch,
and then starts the VM with a tap device attached on the soft-switch port.
6.
soft-neutron-agent detects and gets to know there is a new soft-switch port created
7.
soft-neutron-agent asks information from neutron-server
8.
soft-neutron-agent set up the port, such as the flows and vlan id of the soft-switch port.
After this step, the VM's network is connected.
9.
VM gets the IP address with the dhcp client.
© 2013 PLUMgrid. All rights reserved.
2
27. Neutron Deployment Components – ML2
Components
L3-Agent
(FW & NAT)
Neutron
server & plug-in
Plugin
Agent
(soft-switch)
Queue
DB
DHCP Agent
Service-LBaaS
Agent
Service-VPNaaS
Agent
Neutron Server
Implement REST APIs and its extensions
Enforce network model
Network, subnet, and port
IP addressing to each port (IPAM)
Soft-switch Plugin agent
Run on each compute node
Connect instances to network port
DHCP Agent
In multi-host mode, run on each compute node
(deferred)
Start/stop dhcp server
Maintain dhcp configuration
L3 Agent
To implement floating Ips and other L3 features,
such as NAT
One per network
Queue
Enhance communication between each
components of neutron
DB
Persistent network model
© 2013 PLUMgrid. All rights reserved.
28. Neutron - Summary
§
Neutron community is growing – Support is guaranteed
§
Pluggable Architecture – All vendors are welcome
§
Testing is always our first priority
§
Code quality is one of the top ones
§
Features are always coming in but testing is a must
§
All works with opensource technologies
§
§
Analytics are minimal
§
§
Performance is always a concern
Debugging is challenging
Neutron offers migration paths are available from release to release
28
© 2013 PLUMgrid. All rights reserved.
33. PLUMgrid in OpenStack
PLUMgrid Neutron Plugin Adds:
• Increased Control
•
Virtual Domains
•
Simplified Isolation
• Advanced Functionality
•
Complete Network Services
•
No OVS or Flat Networks
Nova
Neutron
Compute
Network
Glance
Swift
Cinder
• Increased Scale
•
No VLANs, no agents, no OpenFlow
• Open Platform
•
Add 3rd Party Network Functions
• Network Visibility
•
Storage
PLUMgrid Analytics and Monitoring
Proven OpenStack Neutron Plugin
© 2013 PLUMgrid. All rights reserved.
33
34. Neutron Deployment Components – ML2
Components
L3-Agent
(FW & NAT)
Neutron
server & plug-in
Plugin
Agent
(soft-switch)
Queue
DB
DHCP Agent
Service-LBaaS
Agent
Service-VPNaaS
Agent
Neutron Server
Implement REST APIs and its extensions
Enforce network model
Network, subnet, and port
IP addressing to each port (IPAM)
Soft-switch Plugin agent
Run on each compute node
Connect instances to network port
DHCP Agent
In multi-host mode, run on each compute node
(deferred)
Start/stop dhcp server
Maintain dhcp configuration
L3 Agent
To implement floating Ips and other L3 features,
such as NAT
One per network
Queue
Enhance communication between each
components of neutron
DB
Persistent network model
© 2013 PLUMgrid. All rights reserved.
35. Neutron Deployment Components – ML2
Components
Simplify Neutron Model
PLUMgrid Director
Network Services:
quick & simple (no extra agents)
Neutron
server & plug-in
easy
reliable
NOVA VIF Drivers
Queue
DB
new driver is being integrated in Havana
(IOVISOR Driver)
Neutron Virtual Network Functions (VNF)
easy integration and deployment for VNFs
Neutron Extensions
Provider networks
DHCP
L3
…
© 2013 PLUMgrid. All rights reserved.
36. Neutron with PLUMgrid
Included in Havana Release:
https://wiki.openstack.org/wiki/PLUMgrid-Neutron
Testing with Devstack:
# git clone http://github.com/openstack-dev/devstack.git
# vim localrc:
– Q_PLUGIN=plumgrid
– PLUMGRID_DIRECTOR_IP =
– PLUMGRID_DIRECTOR_PORT = 8080
– disable_service n-net
– disable_service n-cpu (optional)
– enable_service q-svc
– enable_service neutron
– LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
© 2013 PLUMgrid. All rights reserved.
37. Most Common Use Cases
Overlapping IP Setup
source ~/user_demo_one
neutron net-create net1
neutron subnet-create net1 10.0.0.0/24
#use network_id
nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm1-userone
nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm2-userone
source ~/user_demo_two
neutron net-create net1
neutron subnet-create net1 10.0.0.0/24
nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm1-usertwo
nova boot --image cirros --flavor 1 --nic net-id=<net1-id> vm2-usertwo
Delete the vms:
nova delete vm1-usertwo
nova delete vm2-usertwo
source ~/user_demo_one
nova delete vm1-userone
nova delete vm2-userone
© 2013 PLUMgrid. All rights reserved.
3
38. Most Common Use Cases
Public network
source ./admin_user
# Create shared network
neutron net-create public --shared True
neutron subnet-create --no-gateway public 10.10.0.0/24
source ~/user_demo_one
nova boot --image <img_id> --flavor 1 --nic net-id=<net1-id> --nic net-id=<public-id> vm1-user1
source ~/user_demo_two
nova boot --image <img_id> --flavor 1 --nic net-id=<net1-id> --nic net-id=<public-id> vm1-user2
Floating IP
#create external network
neutron net-create ext_net -- --router:external=True
neutron subnet-create ext_net 1.1.1.0/24 -- --enable_dhcp=False
# connect router to the upstream external network
neutron router-gateway-set router1 ext_net
# create some floating ips out of this external network
neutron floatingip-create ext_net --port_id $VM2_PORT_IDil
neutron floatingip-disassociate <floating_ip_id>
© 2013 PLUMgrid. All rights reserved.
3
40. Neutron Release Cycle
• Grizzly Release (April 2013):
L3 extensions
API – XML
DB Migration
LBaaS (agent-based)
Security Groups
Quotas
New Plugins (PLUMgrid)
• Havana Release (Nov, 2013)
VPNaaS (agent-based)
FWaaS (agent-based)
Improve LBaaS
Performance Improvements
…
© 2013 PLUMgrid. All rights reserved.
42. OpenStack Contribution
• Join the foundation
§ https://wiki.openstack.org/wiki/HowToContribute
§ Corporate Contributor License Agreement
§ Individual Contributor License Agreement
• Blueprints and Bugs in Launchpad
§ https://blueprints.launchpad.net/neutron
§ https://bugs.launchpad.net/neutron/+bugs
• Code review in Gerrit
§ https://wiki.openstack.org/wiki/GerritWorkflow
§ https://review.openstack.org/#/q/status:open+project:openstack/neutron,n,z
§ pep8 enforcement
§ Python hacking rules:
§ https://github.com/openstack/neutron/blob/master/HACKING.rst
© 2013 PLUMgrid. All rights reserved.
45. Introduction
Network service / controller provides network related services to connect
compute instances (VM) to network
Nova has an embedded network component called Nova-Network that
provides network related services
Target network domain: L2 network connecting VMs to local (access) network
A separate network service / controller called Neutron is a separate (from
Nova) service on its own
Target network domain: L2, L3
© 2013 PLUMgrid. All rights reserved.
45
46. Nova-Network
§ Flat Mode
§ All Instances are attached to a single Linux bridge
§ IP addresses are injected into image on launch (from configuration file)
§ FlatDHCP Mode
§ Similar to Flat Mode with DHCP for IP addresses
§ VLAN Network Mode: Default Mode
§ A VLAN, Fixed IP Subnet, and Linux bridge per tenant
§ Switch must support 802.1Q VLAN tagging
§ Neutron Network Manager (code is being renaming in Havana release)
§ A client (resident in Nova) for communication with Neutron Service
© 2013 PLUMgrid. All rights reserved.
4
47. Flat Mode
Towards Cloud DC Net
or Public Net
Private
SW 11
SW 11
Controller Host
Nova Compute
Host 1
Hypervisor
Nova Compute
Host 2
Hypervisor
ETH0
ETH0
br100
ETH0
br100
br100
ETH1
Bridging, NAT, DHCP
TAP
1
TAP2
TAP3
TAP
4
TAP5
TAP6
vNIC
vNIC
vNIC
vNIC
vNIC
vNIC
OS
OS
OS
OS
OS
OS
WS1
App
WS2
WS1
App
WS2
VM1
VM2
VM3
VM4
VM5
Nova Controller with
Nova-Network or
Neutron Controller
VM6
§ Outside communication via the controller node (where Nova-network is
resident)
§ Nova network component (or controller) can run in each compute node
© 2013 PLUMgrid. All rights reserved.
47
48. VLAN Mode
Towards DC Net
or Public Net
Private
SW-Fab
Nova Compute
Host 1
Hypervisor
Nova Compute
ETH1
br0/ VLAN11
ETH1
br0 / VLAN11
br1 / VLAN 22
vNIC
br1 / VLAN 22
TAP3
TAP1
TAP
4
TAP5
TAP6
vNIC
vNIC
vNIC
vNIC
OS
OS
OS
OS
OS
OS
WS1
App
WS2
WS1
VM2
VM3
© 2013 PLUMgrid. All rights reserved.
VM4
App
VM5
ETH0
br0 / VLAN11
br0 / VLAN 22
vNIC
VM1
Host n
Hypervisor
ETH1
TAP
0
Host 2
SW-Ext
WS2
VM6
Nova with Nova-Network or
Neutron Controller