This document provides an overview of running OpenStack and OpenContrail on the FreeBSD platform. It first discusses OpenStack components like Nova compute and network services. It then covers using OpenContrail for network virtualization, which provides overlay networking as an alternative to VLANs. This allows migration of virtual machines between physical servers while maintaining network isolation. The status of FreeBSD support for OpenStack compute and networking services is also summarized.

1. OpenStack
and
OpenContrail
on
FreeBSD
pla4orm
Michał
Dubiel
EuroBSDCon
2014,
Sofia,
Bulgaria

2. Outline
• OpenStack
– IntroducDon
– Nova
Compute
driver
– Nova
Network
driver
• OpenContrail
– Why?
– Overlay
networks
vs
vlans
– SoLware
architecture
• Status,
next
steps

3. Machines
in
a
datacenter
VM
VM
VM
VM
hypervisor
VM
VM
VM
VM
hypervisor
MIGRATIONS
VM
VM
VM
VM
hypervisor
VM
VM
VM
VM
hypervisor
Storage
appliance

4. Cloud
operaDng
system
source:
openstack.org

5. OpenStack
introducDon
• “Massively
scalable
cloud
operaDng
system”
• Aims
to
manage
– Compute
– Storage
– Network
• Major
components
– Compute
(Nova)
– Storage
(SwiL,
Cinder)
– Networking
(Neutron)

6. OpenStack
components
• There
is
a
lot
of
soLware
components
– Nova
(compute
manager,
networking
manager,
scheduler,
etc.)
– Neutron
(controller,
agents)
– Glance
(image
service)
– API
servers
– Message
queues
– Etc.
• FreeBSD
support
is
about
the
compute
node
– Depended
on
underlying
OS
pla4orm
– Another
hypervisor
(bhyve)

7. Networking
service
-­‐
OpenContrail
source:
openstack.org

8. Compute
node
Nova
Scheduler
Nova
network
server
Nova
network
bhyve
VM
VM
VM
Bridge
Kernel
space
Nova
compute
Libvirt

9. OpenStack
compute
node
• nova-compute:
manages
compuDng
instances
on
host
machines
– Run/terminate/reboot
instances
– Aaach/detach
volumes
– Console
output
• nova-network:
manages
networking
resources!
– Responsible
for
sebng
up
networking
between
VMs
– Simple
soluDons
(bridges,
vlans,
etc.)

10. Spawning
a
VM
• Nova
scheduler
choses
a
compute
node
for
a
VM
• The
nova-­‐compute
fetches
the
VM
image
from
glance
service
• The
nova-­‐compute
builds
a
libvirt
XML
definiDon
for
the
VM
• The
nova-­‐network
configures
bridge
for
VM
networking
• The
nova-­‐compute
invokes
libvirt
and
spawns
the
VM
– Libvirt
adds
tap
device
to
the
bridge
connecDng
that
way
the
VM
to
the
virtual
network

11. FreeBSD
Development
• Libvirt
support
for
bhyve
– Work
of
Roman
Bogorodskiy
– Few
new
features
and
fixes!
• nova-compute
adjustments
for
new
hypervisor
type
–
bhyve
• nova-­‐network
support
for
FreeBSD
– ifconfig
vs.
brctl,
ip
tool
– dnsmasq
• Devstack
support
for
FreeBSD

12. Networking
service
-­‐
OpenContrail
source:
openstack.org

13. Rack,
servers,
VMs
VM
VM
VM
VM
hypervisor
VM
VM
VM
VM
hypervisor
VM
VM
VM
VM
hypervisor
Server
rack
To
spine
switch

14. Datacenter
architecture
Clos
network

15. ObservaDons
• Majority
of
network
endpoints
are
virtual
• Network
isolaDon
between
them
has
to
be
available
• While
using
the
same
physical
network
• Endpoint
may
migrate
from
one
physical
host
to
another

16. SoluDons
• Bridges
+
vlans
– What
nova-­‐network
provides
– Limited,
not
flexible
• Overlay
networking
(OpenContrail)
– Available
as
a
Neutron
plugin
– Flexible
– Scalable

17. VLANs
• VM’s
interfaces
placed
on
bridges
– Each
bridge
for
a
virtual
network
• 4096
VLAN
tags
limit
– Can
be
extended
using
Shortest
Path
Bridging
• Difficult
to
manage
• Physical
switches
has
to
contain
the
VN
state

18. VM
migraDon
example
VM1
VM2
Server
1
VM3
VM4
VM5
Server
2
VM6
VM7
VM8
Server
3
VM9
Physical
switch
Virtual
networks:
1
2
3

19. VM
migraDon
example
VM1
VM2
Server
1
VM3
VM4
VM5
Server
2
VM6
VM7
VM8
Server
3
VM9
Physical
switch
Virtual
networks:
1
2
3
VM9
Payload
Eth
+
VLAN
tag
+
IP

20. VM
migraDon
example
VM1
VM2
Server
1
VM3
VM4
VM5
Server
2
VM6
VM7
VM8
Server
3
VM9
Physical
switch
Virtual
networks:
1
2
3
VM9
Payload
Eth
+
VLAN
tag
+
IP

21. Overlay
networking
• “Old”
technology,
relaDvely
new
for
data-­‐
centers
• Physical
underlay
network
– IP
fabric
– No
tenant
state
• Virtual
overlay
network
– Tenant
state
– Dynamic
tunnels
(MPLSoGRE,
VXLAN,
etc.)

22. VM
migraDon
example
VM1
VM2
Server
1
VM3
VM4
VM5
Server
2
VM6
VM7
VM8
Server
3
VM9
Physical
switch
Virtual
networks:
1
2
3
S3
VM9
Payload
Physical
network:
Eth
+
IP

23. VM
migraDon
example
VM1
VM2
Server
1
VM3
VM4
VM5
Server
2
VM6
VM7
VM8
Server
3
VM9
Physical
switch
Virtual
networks:
1
2
3
S2
VM9
Payload
Physical
network:
Eth
+
IP

24. Advantages
• “Knowledge”
about
network
only
in
the
soLware
(Controllers,
compute
nodes)
• Any
switch
works
for
IP
fabric
network
– No
configuraDon
– Only
speed
maaers
– Lower
price
• In
case
of
OpenContrail
standards-­‐based
(MPLS,
BGP,
VXLAN,
etc.)

25. SDN
in
cloud
orchestraDon
Source:
www.opencontrail.org

26. Architecture
overview
Source:
www.opencontrail.org

27. ConfiguraDon
node
Source:
www.opencontrail.org

28. Controller
node
Source:
www.opencontrail.org

29. Compute
node
Nova
Scheduler
Contrail
Control
node
Nova
vif
driver
bhyve
VM
VM
VM
Contrail
Agent
Contrail
vRouter
Kernel
space
Nova
compute
Libvirt
NetLink
/dev/flow
pkt
TCP

30. vRouter
forwarding
plane
Source:
www.opencontrail.org

31. MPLSoGRE
example
Source:
www.opencontrail.org

32. OpenContrail
summary
• High-­‐level
descripDon
of
networks
– allow
any
src-­‐vn
-­‐>
dst-­‐vn
svc-­‐1,
svc-­‐2
• Horizontally
scalable
• Fault
tolerant
• Works
with
exisDng
equipment
• Open
sourced
(FreeBSD
support
included
in
official
repos)

33. AnalyDcs
node
Source:
www.opencontrail.org

34. FreeBSD
development
• vRouter
kernel
module
– New
module
– Common
parts
OS
agnosDc
(/dp-core)
– FreeBSD
related
code
(/freebsd)
• Agent
support
for
FreeBSD
– Ioctls,
tap
devices
– Shared
memory
(/dev/flow)
– Listener
– Lots
of
refactoring
done

35. TODOs
• Libvirt
improvements
• OpenStack
improvements
– Support
limited
by
libvirt
capabiliDes
on
FreeBSD
– Firewal
(pf,
ipfw,
ipfilter)
– Currently
a
fork
of
nova
is
required
• Different
OpenContrail
operaDon
modes
– MPLSoUDP,
VXLAN,
etc.
• AutomaDc
provisioning
– Contrail-­‐installer
scripts
– Devstack

36.
Any
quesDons?