Akanda: Open Source, Production-Ready Network Virtualization for OpenStack
-
Upload
jonathan-lacour -
Category
Technology
-
view
561 -
download
1
description
Transcript of Akanda: Open Source, Production-Ready Network Virtualization for OpenStack
![Page 1: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/1.jpg)
Production-ready, open source network virtualization
Jonathan LaCour - [email protected] Ryan Petrello - [email protected]
![Page 2: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/2.jpg)
HELLOMy name is Jonathan
VP of Cloud at DreamHost
@cleverdevil on twitter
![Page 3: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/3.jpg)
HELLOMy name is Ryan
Senior Cloud Developer at DreamHost
@ryanpetrello on twitter
![Page 4: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/4.jpg)
AGENDA• The birth and evolution of Akanda
• Akanda technology overview
• Akanda in practice
• Retrospective
• The future
![Page 5: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/5.jpg)
AKANDA’S BIRTH👶
![Page 6: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/6.jpg)
![Page 7: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/7.jpg)
DREAMCOMPUTE IS OPEN
Virtual Networking • L2 isolation for all tenants • IPv4 and IPv6 via SDN
Elastic Compute • Virtual machines via KVM hypervisor and OpenStack
Block Storage • OpenStack Cinder and Ceph • Massively scalable, distributed, and self-healing • Lightning fast boot-from-volume
![Page 8: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/8.jpg)
AKANDA’S BIRTH• DreamCompute’s design and development necessitated Akanda
• Required L2 isolation and IPv6
• No Open Source solution and vendors were lacking
• Didn’t understand cloud
• Missing features and OpenStack integration
👶
![Page 9: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/9.jpg)
INITIAL DESIGN• OpenBSD service VMs
• Routing, firewall, and services via OpenBSD Packet Filter (PF)
• Akanda Appliance API in Python
• Integration with OpenStack via Nova and Neutron
• Rug Orchestration platform for creating, updating, and monitoring service VMs
![Page 10: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/10.jpg)
EVOLUTION
🙈🙉🙊
![Page 11: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/11.jpg)
EVOLUTION• OpenBSD not well-suited for the task
• Community resistance to virtualization
• Poor network throughput and network driver issues
• Slow boot times (3-5 minutes)
• No hot-plugging support, requiring service VM reboots
🙈
![Page 12: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/12.jpg)
THE SWITCH TO LINUX• Moved to Linux
• From PF to iptables, with a larger community
• Significantly improved performance
• Service VM boots and reboots in 45 seconds or less
• Hot-plugging support
![Page 13: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/13.jpg)
AKANDA ARCHITECTUREA
kand
a RU
G O
rche
stra
tion
Akanda Virtual Services
OpenStack APIs – Neutron, Nova, etc.
Akanda Pluggable L2 Backends
Physical Network (L2)
Routing Load Balancing Firewall Etc.
NSX Linux Bridge OpenDaylight More!
![Page 14: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/14.jpg)
• No vendor magic – open source and transparent
• IPv6 support – customer VMs get IPv6
• Performance – beat the competition
• Its just Linux – service VMs can run anything
• Stability – routes traffic for thousands of VMs daily
❤️
![Page 15: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/15.jpg)
IN DEPTH
![Page 16: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/16.jpg)
THE AKANDA APPLIANCE• Linux virtual machine, built with veewee, and stored in Glance.
• iptables – tenant NAT, floating IPs, etc.
• dnsmasq – DHCP, DNS, etc.
• bird – upstream connectivity (BGP, RADV)
• Python proxy for Nova metadata service
![Page 17: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/17.jpg)
APPLIANCE REST API• Not exposed to user, instead used by The Rug for
configuration, monitoring, and reporting.
• Primary endpoints:
• Alive Check - are you alive?
• Configuration Push - reconfigure / reload router services
![Page 18: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/18.jpg)
{ "networks": [{ "subnets": [{ "gateway_ip": "208.113.176.1", "cidr": "208.113.176.0/23", ... }],
"network_id": "b1234135-a0fc-4a1a-bea3-1232341235", "interface": { "ifname": "ge1", "addresses": [“208.113.176.249/23", “2607:f298:5:110d:f816:3eff:fe7d:e274/64"] }, }], "default_v4_gateway": "208.113.176.1", "floating_ips": [{ "floating_ip": "208.113.176.249", "fixed_ip": "10.10.10.3" }], ...}
![Page 19: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/19.jpg)
THE RUG
• “Really ties the room together.”
• Orchestration and monitoring of service VMs
![Page 20: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/20.jpg)
RUG ARCHITECTURE
Event Processing State Machine
Neutron
Notifications
Health Monitoring
Service VM
Service VM
Service VM
Service VM
![Page 21: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/21.jpg)
STATE MACHINE
• Sophisticated state management
• Ten possible states
• Rug automates transitions between states
![Page 22: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/22.jpg)
EXAMPLE – SERVICE VM BOOT
CALC_ACTION
CHECK_BOOT
CREATE_VM CONFIG
![Page 23: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/23.jpg)
EXAMPLE – HEALTH MONITORING
CALC_ACTION
STOP_VM
ALIVE CHECK_BOOT
CREATE_VM
![Page 24: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/24.jpg)
INTERESTING FEATURES
• Network hot-plugging
• Upon addition or removal of a network
• nova <interface-attach | interface-detach>
![Page 25: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/25.jpg)
INTERESTING FEATURES
• Advanced failure tracking
• Configurable cool down threshold
• Reporting for service VMs stuck in ERROR state
![Page 26: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/26.jpg)
IN PRACTICE
![Page 27: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/27.jpg)
AKANDA OPERATIONS
• Build your service VM image and store in Glance
• Tell the Rug which service VM image to use
• The Rug actively monitors tenants missing service VMs and creates, configures, and keeps them alive
![Page 28: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/28.jpg)
RUG-CTL COMMAND LINE TOOL• rug-ctl browse
• Lists all service VMs and basic details
• rug-ctl router debug
• Forces The Rug to temporarily stop managing a service VM
• rug-ctl router rebuild [—router_image_uuid]
• Destroys / recreates a service VM, optionally with a different VM image
![Page 29: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/29.jpg)
RETROSPECTIVE
![Page 30: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/30.jpg)
RETROSPECTIVE
• Neutron wasn’t ready for IPv6. Getting there now!
• State machines and distributed processing are hard. Very hard.
• Best way to stabilize is continuous automated testing.
• As a small team, keeping pace with upstream projects is almost a full-time job.
![Page 31: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/31.jpg)
THE FUTURE
![Page 32: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/32.jpg)
LAUNCHING TODAYhttp://akanda.io
![Page 33: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/33.jpg)
AKANDA’S FUTURE• Launch of Akanda, Inc. - http://akanda.io
• Roadmap
• Additional services – Load Balancing and Firewall
• More L2 backends – physical bridge, OpenDaylight, etc.
• Enterprise Rug - HA and scale-out
![Page 34: Akanda: Open Source, Production-Ready Network Virtualization for OpenStack](https://reader033.fdocuments.us/reader033/viewer/2022052904/557d6012d8b42ae1438b4f76/html5/thumbnails/34.jpg)
GET THE CODE, JOIN THE TEAMhttp://akanda.io