OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr....
25
OpenStack Orchestrated Service Chaining Su-Hun YUN, Hideyuki Tai, Masashi Kudo NEC #ODSummit
Transcript of OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr....
OpenStack Orchestrated Service ChainingSu-Hun YUN, Hideyuki Tai, Masashi Kudo
NEC
#ODSummit
Agenda
• Virtual Tenant Network (VTN) in ODL• VTN models
• Service Chaining
• OpenStack integration
• Demo
#ODSummit
Service Chaining with Virtual Tenant Network
#ODSummit
OpenDaylight Virtual Tenant Network (VTN) Project
#ODSummit
VTN
Coordinator
VTN
Manager
・Provides VTN API (Northbound)
・Builds VTN models using
OpenDaylight API
・Controls multiple SDN controllers
VTN Coordinator:
・Enables multi tenant
・End-to-end dynamic path control
VTN Manager:
Service Abstraction Layer/Core
Base Network Functions
- Lithium
OpenFlow Enabled Devices
DLUX VTN Coordinator
OpenStackNeutron
SDNI Wrapper
Network Applications Orchestrations & Services
Open vSwitchesAdditional Virtual &
Physical DevicesData Plane Elements
(Virtual Switches, Physical Device Interfaces)
Controller Platform Services/Applications
OpenFlow Stats Manager
OVSDB NETCONF PCMM/COPS
SNBILISP
BGP PCEP SNMPSXP Southbound Interfaces &
Protocol Plugins
OpenFlow
OpenFlow Switch Manager
USCCAPWAP OPFLEX CoAPHTTP
OpenFlow Forwarding Rules Mgr
L2 Switch
Host Tracker
Topology Processing
AAA AuthN Filter
OpenDaylight APIs REST/RESTCONF/NETCONF
Data Store (Config & Operational) Messaging (Notifications / RPCs)
LACP
Network ServicesService Function Chaining
Reservation
Virtual Private Network
Virtual Tenant Network Mgr.
Unified Secure Channel Mgr
OVSDB Neutron
Device Discovery, Identification & Driver Management
LISP Service
DOCSIS Abstraction
SNMP4SDN
Network Abstractions (Policy/Intent)
ALTO Protocol Manager
Network Intent Composition
Group Based Policy Service
Platform Services
Authentication, Authorization & Accounting
Neutron Northbound
Persistence
SDN Integration Aggregator
Time Series Data RepositoryLink Aggregation Ctl Protocol
• Network virtualization for multi tenant, traffic isolation, abstraction of physical network
VTN (Virtual Tenant Network)
#ODSummit
DDoS
Server-D
LB
OFS
WAN Optimizer
Virtual
Physical
Server-B
Server-BServer-A
WAN Optimizer FW
VTN #1
Server-C
Server-A
FW
Server-DServer-C
DDoSVTN #2
FW
OFS
LB
ODL Controller
Policy Target Description
VTN logical representation of virtual network
Virtual node
(vNode)
vBridge logical representation of L2 switch function
vRouter logical representation of L3 router function
vTerminalLogical representation of virtual node that is connected to an interface mapped to a physical port
vTunnellogical representation of Tunnel (consists of vTEPs and vBypass(es))
vTEP logical representation of Tunnel End Point (TEP)
vBypasslogical representation of connectivity between controlled networks
Virtual Interface
Interfacerepresentation of end point on the virtual node (VM, servers, appliance, vBridge, vRouter, etc)
VTN Models
#ODSummit
Intent based actions
#ODSummit
VTN
•Define matching conditions (12 tuples) •Apply intent and actions
Traffic
Redirect(Eg. Service Chaining)
Forward(Eg. To destination Port)
Mark(Eg. QoS)
Drop(Eg. ACL)
Traffic redirection
#ODSummit
Intent
Redirect traffic
Server-BServer-A
Tenant1vBridge1
vtn Tenant1{vbridge vBridge1{
flow-filter in{
sequence-number 1{match flow-list match-list-aaction redirectredirect-destination vTerminal1 interface if1
}(snip)
}
Server-C
vTerminal1
192.168.10.3
VTN Model
Service Chaining on VTN
#ODSummit
DDoS
Server-D
LB
OFS
WAN Optimizer
Virtual
Physical
Server-B
Server-BServer-A
WAN Optimizer FW LB
Server-C
Server-A
FW
Server-DServer-C
DDoS FW
OFS
VTN #1
VTN #2
ODL Controller
OpenStack and VTN
#ODSummit
OpenStack and VTN
#ODSummit
Neutron
Neutron Interface
ML2 Plug-inGUI
VTN Coordinator
OVSDB
VTN Manager
OpenStack
ODL
App
MD-SAL
OpenFlow
OVS Switch OVS
Applications
Service
Chain Policy
Switch
REST API
OpenStack and VTN : Automatic mapping
#ODSummit
Neutron
Neutron Interface
ML2 Plug-inGUI
VTN Coordinator
OVSDB
VTN Manager
OpenStack
ODL
App
MD-SAL
OpenFlow
OVS Switch OVS
Applications
Service
Chain Policy
Switch
REST API
FWVM
network -> VTNsubnet -> vBridgeport -> interfaceport mapping
Create FW as VM
Ready for service!
OpenStack and VTN: service chaining
#ODSummit
Neutron
Neutron Interface
ML2 Plug-inGUI
VTN Coordinator
OVSDB
VTN Manager
OpenStack
ODL
App
MD-SAL
OpenFlow
OVS Switch OVS
Applications
Service
Chain Policy
Switch
REST API
FWVM
match condition: filter = xyzaction: redirect to FW
Match condition & action
Flow xyz needs to go through FW
Demo
#ODSummit
Demo Features
• Seamless integration with OpenStack
• Ability to insert service functions dynamically
• Not require NSH capability, work with OpenFlow switches
• Ability to visualize end-to-end flows
#ODSummit
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2
host1 to host3
ODL Controller
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
Virtual terminals
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2Creating virtual terminals
ODL Controller
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
Virtual terminals
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2
[Match Condition]SRC IP: host1DST IP: host3
[Action]Redirect to “service function1”
ODL Controller
Configure Traffic Redirection
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
Virtual terminals
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2
Configure Traffic Redirection
ODL Controller
OpenFlow
[Match Condition]SRC IP: host1DST IP: host3
[Action]Redirect to “service function1”
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
Virtual terminals
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2
ODL Controller
OpenFlow
Configure Traffic Redirection [Match Condition]SRC IP: host1DST IP: host3
[Action]Redirect to “service function1”
Demo Software Components
• OpenDaylight Lithium• odl-vtn-manager-rest enabled
• odl-vtn-manager-neutron enabled
• VTN Coordinator
• GUI for VTN Coordinator
• OpenStack Juno
#ODSummit
OVS
host3
Deployment
OpenStack (Control Node)
OVS
OpenStack (Compute Node)OpenDaylight
GUI Service Chain PolicyDemo Operation
VTN Manager
Applications
OVSMD-SAL
Neutron InterfaceNeutron
ML2 Plug-in
VTN Coordinator
OVSDB OpenFlow
OpenFlow switches
host1 host2
Service-function1
Service-function2
What to expect from VTN in Beryllium?
• Integration with the SFC project
• Provide VTN visualization and configuration support in DLUX
#ODSummit
Thank You
#ODSummit
