A 5 minutes intro to Openstack(and a few more minutes on Openstack Networking)

Salvatore Orlando3rd OSUG Italy Meetup

Rome, May 9th 2013

EcosystemReleated/Unofficial Projects

Incubating Projects

Openstack is the code

For more info: https://wiki.openstack.org/wiki/Projects

Integrated Projects

Openstack is even more code!

Client librariesDocumentation

(api, admin, …)

InfrastructureGating(tempest,

devstack, …)

Openstack is the community

• May 8th 2013: 9,342 people from 87 countries• Interact via:– Mailing lists: general, development, documentation,

operators …– Ask Openstack (ask.openstack.org)– Launchpad

• Home to all openstack integrated projects

– IRC (#openstack-101, #openstack, #openstack-dev, …)– Local User Groups (like today!)– Summit & Conference (twice a year)

See Openstack evolving, everyday

• http://status.openstack.org– Release status– Active Reviews

• https://github.com/openstack– Grab the code

(Virtual) Networking in Openstack• Nova-network

– L2/L3 networking with IP address management– Security Groups– Floating Ips and external gateway (SNAT)– Network redundancy with ‘multi-host’– 3 Network Managers:

• Flat, FlatDHCP: L3 isolation via security groups• VLAN Manager: L2 isolation

• The project formerly known as Quantum*– L2 networking with choice of segmentation/virtualization techniques– Shared L2 networks– “Provider mappings” for L2 networks– IPAM with overlapping IPs and built-in, scalable DHCP– Security Groups– L3 east-west traffic (inter-subnet routing)– Static route configuration– Floating Ips and external gateway (SNAT)– Load Balancing– Nova metadata integration– Wide choice of pluggable backends

Openstack Network quick intro

Quantum is an Openstack project to provide “networking as a service” between interface

devices (e.g., vNICs) managed by other Openstack services (e.g., nova)

• Manages network virtualization – just like compute (nova) manages server virtualisation

• Advocates multi-tenancy• Technology-agnostic

Openstack Network:basic architecture

• Simple technology agnostic API• Plugin translates API request

into concrete, technologyspecific implementation

• API guarantees isolation ofresources from management perspective

• Plugin ensures isolation at data plane

API Server

Plugin

Authentication

API Requests

Plugin classification

• Built-in– Solution (management, control, and data plane)

entirely contained in the Quantum source tree• 3rd party– Plugin proxies request to an external “controller”– Can use one or more built-in components (e.g.:

DHCP Agent, L3 agent)– 3rd party plugins can either be Open Source or

Commercial

Quick plugin referenceBuilt-in Hyper-V

Linux Bridge

Open vSwitch

3rd party - Opensource Big Switch

NEC

Ryu

3rd Party - Commercial Big Switch (?)

Brocade

Cisco

Midonet

Nicira NVP

Plumgrid

Openstack Network ArchitectureOpen vSwitch plugin

Quantum Server

OVS Plugin

DHCP Agent

L3 Agent

Metadata Agent

L2 Agent

L2 Agent L2 Agent L2 Agent

AMPQ

Load Balancing AgentAPI Node

Network Services Node

Compute Node Compute Node Compute Node

Logical View

Net-A1 Net-A2 Net-B1

Rtr-A Rtr-B

External Network

Tenant “A” Tenant “B”

DHCP DHCP DHCPA11

A12

A21

B11

B12

InternalGateway

InternalGateway

InternalGateway

ExternalGateway

ExternalGateway

Physical realizationOVS Plugin – GRE Overlays

Compute Node C2 Compute Node C3

Network NodeCompute Node C1

Br-tun

Br-int

Br-t

un

Br-in

t

Br-t

un

Br-in

tBr-tun

Br-int

A12

B11

B12

A21

A11

Local VLAN tags converted into GRE keys

(and vice versa)

DHCP

L3

Br-e

x

Network node - DetailsBr

-tun

Br-in

t

DH

CPL3 Br

-ex

NS-Net-A1

NS-Net-A2

NS-Net-B1 Dnsmasq10.0.0.0/24

Dnsmasq10.0.0.0/24

Dnsmasq10.0.1.0/24

NS-Rtr-B

NS-Rtr-A

IptablesSNAT/DNAT

IptablesSNAT/DNAT

L3Fwd

L3Fwd