Dragonflow is an implementation of a fully distributed virtual router for OpenStack® Neutron™ that is based on a light weight SDN controller blog.gampel.net

1. Eran Gampel
Chief Architect, Huawei European Research Center
Eshed Gal-Or
Sr Research Architect, Huawei European Research
Center
DragonFlow
Solution Overview

2. Page 2
The Problem
Network Node Bottleneck
 All inter-subnet traffic goes through the network controller
 In a typical cloud deployment scenario, most East-West
application traffic is between subnets (e.g. the popular
Web→App→DB pattern)
 Current model is mimicking physical world (router) network
elements using virtual software components
 Using the Linux network namespace
 Pre-configured (regardless of actual need)

3. Page 3
Host 4
The Problem – continued (single tenant)
Host 1
VM1
WWW
Neutron
Network
Node
Host 2
VM2
App
Host 3
VM3
DB Overlay network
Logical Connection
Physical Switch
Physical network

4. Page 4
The Problem – at scale (16 tenants)
Host 4
Neutron
Controller
Host 4
Neutron
Controller
Physical Switch(es)
Host 4
Neutron
Controller
Host 4Host 1
VM1
WWW
Network
Node
Host 2
VM2
App
Host 3
VM3
DB
VM1
WWW
VM2
App
VM3
DB
VM1
WWW
VM2
App
VM3
DB
VM1
WWW
VM2
App
VM3
DB
Host 7
VM1
WWW
Host 6
VM2
App
Host 5
VM3
DB
VM1
WWW
VM2
App
VM3
DB
VM1
WWW
VM2
App
VM3
DB
VM1
WWW
VM2
App
VM3
DB
Host 11
VM1
WWW
Host 12
VM2
App
Host 13
VM3
DB
VM1
WWW
VM2
App
VM3
DB
VM1
WWW
VM2
App
VM3
DB
VM1
WWW
VM2
App
VM3
DB
Host 17
VM1
WWW
Host 16
VM2
App
Host 15
VM3
DB
VM1
WWW
VM2
App
VM3
DB
VM1
WWW
VM2
App
VM3
DB
VM1
WWW
VM2
App
VM3
DB
Overlay network
Logical Connection
Physical network

5. Page 5
State of the art (DVR)
(Openstack Juno)
 Proactive approach (pre-configuring
100% of possible flows)
 Distribute L3 services on compute
nodes
 Linux namespace is cloned to all
compute nodes that participate in a
tenant network
 Keeps all namespace in all compute
nodes synchronized

6. Page 6
Introduction
 Dragonflow is an implementation of a fully distributed virtual
router for OpenStack® Neutron™ that is based on a light
weight SDN controller
 The main purpose of DragonFlow is to simplify management
of the virtual router, while improving performance and scale
and eliminating the single point of failure, as well as the
notorious Network Node Bottleneck
 As opposed to using big running software entities to
represent virtual network elements (e.g. router), Dragonflow
compiles the virtual router into standard forwarding element
flows

7. Page 7
Architecture

8. Page 8
DragonFlow Advantages (vs. Juno DVR)
 Simple and nimble architecture
 Very small change impact on Neutron (vs. very big change impact)
 Higher performance (+20% from initial benchmarks)
 Simpler management (Only actual flows are distributed to
forwarding elements instead of all possibilities)
 Higher scalability and flexibility
 Elastic architecture allows scaling in and out as the managed
instance network grows/shrinks
 Utilize the power of SDN (vs. legacy hard-wired opaque software)

9. Page 9
Control Node
Neutron
Service Plugins
Network Node
Bootstrap
L3
Service
L3 Controller
Agent
L3 App
Message Queue (AMQP)
Compute Node
Neutron
Agent
OVS
qbrXXX
VM
br-tun
br-int
vxlan
qvoXXX
patch-tun
patch-int
IPTables
Core
Plugins
ML2
IPTables
Namespace
DHCP
Agent
DHCP
Service OpenFlow
Install L3
pipline
(L3 Agent)
Legacy
SNAT/FIP

10. Page 10
OpenFlow pipeline And the NORMAL pipeline
Hybrid OpenFlow Switch
OVS
OpenFlow processing pipeline
Normal L2 Switch
Input Output
Packet In Packet Out
Forward to
controller
(ofp PACKET_IN)
NORMAL
Drop
OpenFlow
Controller
 Introduced in OpenFlow/1.1. Hybrid switches support concurrent
operation of both OpenFlow pipeline and normal (legacy) Ethernet
switching functionality.
The hybrid switch allows forwarding of packets from the OpenFlow
pipeline to the normal pipeline through the NORMAL and
FLOOD reserved ports.
Act as two completely separated switches

11. Page 11
L3 Installed pipeline
Virtual Router using flows- All L2 is offloaded to the normal path

12. Page 12
L3 Controller Agent
L3 SDN Application Logic
Compute Node
Controller
L3 App
OVS
qbrZZZ
VMzzz
br-tun
br-int
vxlan
qvoZZZ
patch-tun
patch-int
qbrWWW
VMwww
qvoWWW
Port VLAN TAG: 2
qbrXXX
VMxxx
qvoXXX
qbrYYY
VMyyy
qvoYYY
Port VLAN TAG: 1
Neutron
DB
OpenFlowOpenFlow
VMwww first TCP
connection with
VMyyy
Tenant A, Subnet 2
Tenant A, Subnet 1
1
1st TCP_SYN
DST: VMyyy
Packet is sent to
controller
Matched as VM to VM inter
Subnet Traffic in the L3
forwarding table
2
If route
(www to yyy)
possible, install
flow and
reverse_flow
PACKET_OUT
1st TCP_SYN
DST: VMyyy
3

13. Page 13
L3 Controller Agent
L3 SDN Application Logic same compute Node
Compute Node
Controller
L3 App
OVS
qbrZZZ
VMzzz
br-tun
br-int
vxlan
qvoZZZ
patch-tun
patch-int
qbrWWW
VMwww
qvoWWW
Port VLAN TAG: 2
qbrXXX
VMxxx
qvoXXX
qbrYYY
VMyyy
qvoYYY
Port VLAN TAG: 1
Neutron
DB
OpenFlow
FLOW_MOD
match:
vid
src_mac
src_ip
dst_mac
dst_ip
action:
pop_vlan
change src_mac
change dst_mac
output:
port qvoYYY
Tenant A, Subnet 2
Tenant A, Subnet 1
FLOW_MOD
match:
vid
src_mac
src_ip
dst_mac
dst_ip
action:
pop_vlan
change src_mac
change dst_mac
output:
port qvoWWW
4
5
Install Flow and
Reverse Flow For
Inter Subnet L3
Traffic

14. Page 14
L3 Controller Agent
L3 SDN Application Logic cross compute Node
Controller
L3 App
Compute Node
OVS
qbrZZZ
VMzzz
br-tun
br-int
vxlan
qvoZZZ
patch-tun
patch-int
Port VLAN TAG: 2
qbrYYY
VMyyy
qvoYYY
Port VLAN TAG: 1
Neutron
DB
OpenFlow
Compute Node
OVS
br-tun
br-int
vxlan
patch-tun
patch-int
qbrWWW
VMwww
qvoWWW
Port VLAN TAG: 2
qbrXXX
VMxxx
qvoXXX
Port VLAN TAG: 1
OpenFlow
VMwww first TCP
connection with
VMyyy
1st TCP_SYN
DST: VMyyy
If route
(www to yyy)
possible, install
flow and
reverse_flow
FLOW_MOD
match:
vid
src_mac
src_ip
dst_mac
dst_ip
action:
pop_vlan
change src_mac
change dst_mac
output:
port qvoYYY
FLOW_MOD
match:
vid
src_mac
src_ip
dst_mac
dst_ip
action:
pop_vlan
change src_mac
change dst_mac
output:
port qvoWWW
PACKET_OUT
1st TCP_SYN
DST: VMyyy
1
2
3
4
5

15. Page 15
DragonFlow Feature List
 Current Release (Kilo)
 APIs for routing IPv4 East-West traffic
 Performance improvement for inter-subnet network by removing the amount of kernel layers (namespaces and their
TCP stack overhead)
 Scalability improvement for inter-subnet network by offloading L3 East-West routing from the Network Node to all
Compute Nodes
 Reliability improvement for inter-subnet network by removal of Network Node from the East-West traffic
 Simplified virtual routing management
 Supports all type drivers GRE/Vxlan/VLAN
 Centralized North-South traffic
 Support for HA, in case the connection to the Controller is lost, fall back to the legacy L3 implementation until
recovery. Reused all the legacy L3 HA. (Controller HA will be supported in the next release).
 Supports Centralized IPv6
 Next Release Plan ( discussion for liberty )
 Add support for North-South L3 IPv4 distribution (SNAT and DNAT)
 Multi Controller Support ( Equal and Master Slave)
 Add support for IPv6
 For the complete list go to the Blueprints on the project Homepage

16. Page 16
External Links
 Homepage: http://launchpad.net/dragonflow
 Documentation: http://goo.gl/rq4uJC
 Source: http://git.openstack.org/cgit/stackforge/dragonflow
 Bugs: http://bugs.launchpad.net/dragonflow
 Blogs: blog.gampel.net, http://galsagie.github.io
 IRC : #openstack-dragonflow