OpenStack networking - Neutron deep dive with PLUMgrid
-
Upload
kamesh-pemmaraju -
Category
Technology
-
view
415 -
download
1
Transcript of OpenStack networking - Neutron deep dive with PLUMgrid
2011-2014 © PLUMgrid - Confidential Information
Fernando Sanchez – Principal Systems Engineer @ PLUMgrid [email protected] @fernandosanchez
OpenStack Networking & PLUMgrid Open Networking Suite for OpenStack
2011-2014 © PLUMgrid - Confidential Information
OpenStack: Open Source Cloud OS
• Open source software for compute, storage, networking
• Distributions simplify installation
and maintenance
• Several commercial and “free” OpenStack distributions available
2011-2014 © PLUMgrid - Confidential Information 3
Conceptual communication among services
2011-2014 © PLUMgrid - Confidential Information
At the junction of any Cloud
ISOLATION
CONNECTIVITY
COMPUTE
STORAGE
Network
2011-2014 © PLUMgrid - Confidential Information
Physical & Virtual Network Infrastructure PH
YSIC
AL
INFR
AST
RU
CTU
RE
VI
EW
VIR
TUA
L IN
FRA
STR
UC
TUR
E
VIEW
• QoS, Bandwidth • Latency • Multicast • Capacity • Connectivity
• On-Demand • Multi Tenant • Automated • Self Service • Secure • Distributed
Overlay Network
TENANT NETWORKS
2011-2014 © PLUMgrid - Confidential Information
OpenStack Networking (Neutron)
6
2011-2014 © PLUMgrid - Confidential Information
Why Neutron?
• Started with the Folsom release
• Provide Network as a Service
• Provide Operator & Tenants ability to create and offer rich network topologies and configure advanced policies
• Offer a technology agnostic layer while enabling vendor extensions
• Support for advanced services
Compute Storage Network
2011-2014 © PLUMgrid - Confidential Information
What is Neutron?
§ Provides REST APIs to manage network connections for the resources managed by other OpenStack Services (e.g. Nova)
§ Technology Agnostic (framework based on “plug-ins”) § Multi-tenancy: Isolation, Abstraction, full control over virtual
networks § Modular Design: API specifies service, vendor provides its
implementation. Extensions for vendor-specific features. § Exposes vendor-specific network virtualization and SDN
technologies
8
2011-2014 © PLUMgrid - Confidential Information
What Neutron is NOT
• Neutron does NOT implement the networks, but rather is the front-end to the component that does create and implement the rich network functionalities • When integrated with an SDN solution, it will “pass through”
OpenStack Networking API calls to the SDN Controller. The SDN solution will then “build the actual networks”.
• When integrated with OVS and a Network node solution*…. *this is what many people call “running Neutron” (inaccurately)
• It can be very THIN or very THICK depending on functionalities available in the underlying solution
9
2011-2014 © PLUMgrid - Confidential Information
Why Neutron Plugins?
10
• The initial Openstack networking implementation based on nova (nova-network) only implemented a basic model of isolation through Linux VLANs and IP tables
• Neutron was always architected as a pluggable architecture to provide choice
• back-end hardware and software agnostic
• use a variety of technologies to implement the API requests
• supports a broad spectrum of choices – from basic Linux VLANs and IP tables to more advanced technologies such as network overlays
2011-2014 © PLUMgrid - Confidential Information
Neutron Architecture
11
Neutron API
Neutron Service
Neutron Plug-in API
API Extensions
Service API (VPN, FW & LBaaS)
VNI & PNI Virtual & Physical Networking Infrastructure
Plug-In Extensions Plug-In Implementation
2011-2014 © PLUMgrid - Confidential Information
Two Types of Neutron Plugins
12
• Implements Neutron Core API
• Layer 2 (Switch)
• Optionally implements Service plugin functionality by using extensions
Core Service
• Implements Neutron API extensions
• Layer 3 (Router)
• Firewall
• Load Balancer
• VPN
2011-2014 © PLUMgrid - Confidential Information
Vendor to Plugin Type Mapping
13
PLUMgrid, VMware NSX, Midokura, Nuage, OpenContrail
Arista, Big Switch, Brocade, Cisco, Embrane, Extreme, Huawei, Juniper, Microsoft
(HyperV), IBM, Mellanox, NEC, One Convergence, ODL
Core Service
Router: Cisco
LBaaS: A10 Networks, Embrane, Citrix (Netscaler), F5, Radware,
vArmour
FWaaS: Cisco, Freescale
VPNaaS: Cisco
List is a sample and is incomplete Source: OpenStack Marketplace/Drivers
2011-2014 © PLUMgrid - Confidential Information
Architecture Challenges: Neutron & OVS
Neutron
ML2/OVS plugin
VM
Network Nodes
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VM VM VM
Nova
Glance
Swift
Cinder L3 Agent
FWaaS Agent LBaaS Agent
Agent
Agent
Agent
Agent
Agent
Agent
DHCP Agent
Services Neutron
Framework
Placement of these components is critical; They are in data path
and become bottlenecks
Advanced Services run on dedicated nodes.
Limited HA.
Creation of new tenants requires careful sizing of components to maintain
performance level
VM traffic flow can be handled in kernel, in local user space or in
network nodes with different performance level
2011-2014 © PLUMgrid - Confidential Information
OpenStack Networking & PLUMgrid
15
2011-2014 © PLUMgrid - Confidential Information
Last Mile to Agility: Virtual Networks
16
PHYSICAL INFRASTRUCTURE
VIRTUAL INFRASTRUCTURE
Virtual Compute
Compute Storage
Virtual Storage
CRM VDI ERP IaaS SaaS PaaS
Network
Virtual Networks
Self Service Portal/Catalog
Cloud Management Platform
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Open Networking Suite
17
PHYSICAL NETWORK INFRASTRUCTURE
VIRTUAL DOMAIN Tenant A
PLUMGRID NETWORK LIBRARY
Bridge
Router
LB
Security Policies
Bridge
Security Policies
Bridge
DHCP
FW
VIRTUAL DOMAIN Tenant B
Scalable Architecture Non-Stop Forwarding Service Insertion
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Open Networking Suite
18
ü No single point of failure ü Highly resilient & self-healing ü Terabits of distributed scale out performance
Internet
PLUMgrid IO Visor Edge
PLUMgrid Directors
PLUMgrid IO Visor Gateway
Virtual Domain A Virtual Domain B
Overlay Network
2011-2014 © PLUMgrid - Confidential Information
Understanding Virtual Domains PH
YSIC
AL
INFR
AST
RU
CTU
RE
VI
EW
VIR
TUA
L IN
FRA
STR
UC
TUR
E
VIEW
Custom or Template based Virtual Network Domains per Tenant
Tenant 1 Tenant 2 Tenant 3
VM VM VM VM
Internet
VM VM
VM
VM PLUMgrid Zone
2011-2014 © PLUMgrid - Confidential Information
Architecture Solution: Neutron & PLUMgrid
Neutron PLUMgrid
Plugin
VM
Virtual Domains Tenant Networks
iO Visor Kernel Module -- Distributed Data Plane
PLUMgrid Director
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VM VM VM
Nova
Glance
Swift
Cinder
3rd party Virtual Network Functions Control Plane
VM to VM optimized packet flow due to distributed VNFs –
Eliminating bottlenecks
Virtual Domains automatically scale out
as more servers are deployed
All VNF control planes are fully redundant
Director Cluster is deployed in
management rack
Virtual Domain A Virtual Domain B Virtual Domain C
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Platform Architecture
21
2011-2014 © PLUMgrid - Confidential Information
Data Plane
Controller
Closed Network Functions
Orchestration layers
South Bound API
North Bound API
Management API
Physical Network Infrastructure Vendors
SDN
Vendors
Commodity Switch or Software Virtual Switch
From PNI to SDN vendors?
Data Plane
Controller
Closed Network Functions
From one Vertically Integrated Environment to the Next?
2011-2014 © PLUMgrid - Confidential Information
Data Plane ‘
Controller ‘
Closed Network Functions
Orchestration layers
South Bound API + Extensions
North Bound API
Management API
3rd party Network Function
North Bound AP Extensions
3rd party new Network Functions
Required Platform changes (unfunded)
Data Plane
Controller
Closed Network Functions
Architecture Gridlock
Networking: Extending the Data Plane?
2011-2014 © PLUMgrid - Confidential Information
Data Plane
Controller
Closed Network Functions
South Bound API
North Bound API
Management API
DP DP DP
CP CP CP
Network FunctionCP-DP APIs
Management API
DEVELO
PERS
OPERATORS
PG-S
DK
OPERATORS
IO-VISOR™
Director
Old SDN architecture PLUMgrid Platform
IO-visor™ based Architecture
Platform Ecosystem: Get the Controller Out of the Way Platform Ecosystem: Get the Controller out of the way
2011-2014 © PLUMgrid - Confidential Information
BR
IDG
E
RO
UTE
R
NAT
IO VISOR™
DP DP DP
IO Visor™ : Internals
PLUMgrid Director CP CP CP
Director APIs API BRG API RTR API NAT
API BRG API RTR API NAT
Ports
REST APIs
Port Mgr. (PEM)
IO Visor
• Stiches multiple ‘PLUMlet DPs’ as directed by NOS
• Allows different NF CPs to manage their ‘PLUMlets’
• The Director controls the IO Visor™
2011-2014 © PLUMgrid - Confidential Information
IO VISOR™
BR
IDG
E
RO
UTE
R
NAT
DP DP DP
OPERATORS
PLUMgrid IOVisor Ecosystem – SDK & APIs
SD
K
PLUMgrid Director
REST APIs
CP CP CP
CMS GUI
Network Services
Hypervisor
Infrastructure
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Ignition
27
Immersive PLUMgrid Technology Experience
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Ignition
28
Go to: www.plumgrid.com/plumgrid-ignition/
2011-2014 © PLUMgrid - Confidential Information 29
Next Steps
Stay Connect at www.plumgrid.com/events/
Sign Up for PLUMgrid Ignition at www.plumgrid.com
Follow Us @PLUMgrid
2011-2014 © PLUMgrid - Confidential Information
Our Vision
30
THANK YOU!