SlideShare a Scribd company logo

OpenStack Networking

Ilya Shakhat
Ilya Shakhat

The document discusses OpenStack, an open-source cloud computing platform for building scalable private and public clouds. It covers networking components, including Nova Network and Quantum (now OpenStack Networking), various management solutions, and features like load balancing as a service. The document emphasizes the need for a more flexible and programmable networking architecture to support complex, multi-tenant environments.

Technology
1 of 47
Downloaded 1,115 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
OpenStack Networking Mirantis, 2013Ilya Shakhat
● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
● Open source system for building scalable private and public clouds ● Launched in 2010 by NASA and Rackspace, now 150+ companies, >9000 people, 87 countries ● A collection of “cloud services” ● Each service includes: ○ A tenant-facing API that exposes logical abstractions for consuming the service. ○ One or more backend implementations of that API What is OpenStack?
● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
Very easy to configure Different managers (network providers): ● FlatManager ● FlatDHCPManager ● VlanManager Nova Network
● Network bridge ● 'dnsmasq' DHCP server ● Bridge as default gw Limitations: ● Single L2 domain and ARP space, no tenant isolation ● Single IP pool Flat Network
Flat Network Deployment
● Network bridge ● Vlan interface over physical interface Limitations: ● Scaling limit in 4k vlan tags ● Vlans are configured manually on switch by admin ● May have issues with overlapping MACs Vlan Network
Vlan Network Deployment
● Networking is too tied to Nova ● Two Key Problems: 1: Limited technology 2: Tenants want to replicate rich enterprise network topologies Why new module? VLANs are Great! - Stone Age Man
Issues: ● VLANs is the only way of doing multi-tenancy ● Only Linux bridge supported (no ACLs, QoS, monitoring) ● Network controller is single point of failure Solution: ● Software-defined Networking (SDN) / OpenFlow ● Overlay tunneling: VXLAN, NVGRE, STT ● Fabric solutions: FabricPath, Qfabric, etc. ● Pluggable mechanism via common API to enable different vendor technologies Limited technologies
Issues: ● No way to control topology nor create “multi-tier” networks ● No control over IP addressing ● No way to insert own services (e.g. firewall, IPS) Solution: ● API for managing multiple private networks, IP addressing ● API extensions to control: security policies, quality-of-service, monitoring ● Service plugins such as firewall, intrusion detection, VPN Tenants want control
OpenStack Modules .. before Compute Storage Network Nova Swift (Objects) Glance (Images) *-as-a-Service Capability OpenStack Service Cinder (Block) Identity Keystone
OpenStack Modules .. now Compute Storage Network Nova Swift (Objects) Glance (Images) *-as-a-Service Capability OpenStack Service Quantum Cinder (Block) Identity Keystone
● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
● API to build rich networking topologies ● Extensible via plugins (may support virtual networks, hardware or mixed) ● More capabilities (QoS, security groups) ● Platform for services (LBaaS, FWaaS, etc) Welcome Quantum*! * urgently renamed to OpenStack Networking due to trademark violation
Quantum Architecture Core REST API Extension REST API Extension REST API AuthN/AuthZ Core Plugin (vendor-specific) DB agent Service Plugin DB agent Core Plugin Interface Service Plugin Interface
Network Node quantum-l3-agent quantum-dhcp-agent quantum-*plugin-agent quantum-metadata-agent quantum-lbaas-agent Compute Node quantum-*plugin-agent nova-compute Cloud Controller nova-api nova-scheduler keystone quantum-server rabbotmq mysql Compute Node quantum-*plugin-agent nova-compute Compute Node quantum-*plugin-agent nova-compute data network management network Quantum Deployment external network Internet
Core API objects ● Port - a point of attachment to network ● Network - isolated L2 network segment ● Subnet - associates a block of IP addresses with network L3 extension objects ● Router - gateway between networks ● Floating IP - static mapping from public IP in external network to private IP in local Quantum Objects
Quantum Object Relations port network subnet floating ip router VM L3 L2
● Big Switch Networks ● Brocade ● Cisco ● Hyper-V ● Linux Bridge ● Meta Plugin Core Plugins ● Midokura Midonet ● NEC OpenFlow ● Nicira NVP ● Open vSwitch ● PLUMgrid ● Ryu OpenFlow
● Programmable packet forwarding and network topology configuration ● An external ‘controller’ component sets up flows and/or topologies for network traffic ● Particularly suitable for virtual networking in massively scalable environments Software Defined Networks
● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
● Open source programmable virtual switch ● Supports OpenFlow, 802.1Q VLANs, LACP, STP ● Supports KVM and Xen ● OVS is the basis for different SDN/network virtualization platforms ● Flexible controller in user-space ● Fast datapath in kernel Open vSwitch
● Port may have more than one interface ● IEEE 802.1Q support attaching VLAN tags to interfaces ● Packets are forwarded by flow ● Fine-grained ACLs and QoS (L2-L4 matching, actions) ● Centralized control via OpenFlow ● Works on Xen, KVM, VirtualBox Open vSwitch Concepts
Open vSwitch Tools ovs-vswitchd - daemon that implements a switch with help of kernel module ovsdb-server - database server ovs-vsctl - utility for working with the configuration ovs-appctl - tool for controlling Open vSwitch daemon ovs-dpctl - datapath management utility ovs-controller - simple OpenFlow controller ovs-ofctl - OpenFlow switch management utility ovs-pki - utility for managing public-key infrastructure
Example: logical view VM1 10.0.0.3 VM2 10.0.0.4 VM3 12.0.0.3 VM4 12.0.0.4 Tenant A router 10.0.0.1 30.0.0.2 Tenant B router 12.0.0.1 30.0.0.3 Tenant A Tenant B External router Internet
Example: physical view VM1 10.0.0.3 VM3 12.0.0.3 VM2 10.0.0.4 VM4 12.0.0.4 Compute Node 1 Compute Node 2 br-intbr-int eth1eth0 eth1eth0 mgmt network data network br-ex br-ex
Let's Start (with example)! We have: ● tenant A and network (10.0.0.0/24) ● router that wires private network with external ● DCHP enabled (quantum port is create) Commands we need: ● brctl show - to show all bridges ● ovs-vsctl show - to show all interfaces ● ip netns exec - to show contents of namespace ● quantum port-list, quantum net-list
ovs-vsctl show Bridge br-int Port "qr-9b80a882-55" tag: 1 Interface "qr-9b80a882-55" type: internal Port "tap66a249f1-bf" tag: 1 Interface "tap66a249f1-bf" type: internal Port br-int Interface br-int type: internal Bridge br-ex Port "qg-e41c368d-a8" Interface "qg-e41c368d-a8" type: internal Port br-ex Interface br-ex type: internal internal interface of router port of DHCP server external interface of router
brctl show bridge name bridge id STP enabled interfaces br-ex 0000.6eed69b21a4b no qg-e41c368d-a8 br-int 0000.f68d58076046 no qr-9b80a882-55 tap66a249f1-bf
Let's Rock! Expand the configuration: ● Launch VM in tenant A (10.0.0.3) ● Create network for tenant B (12.0.0.0/24) with DHCP enabled (12.0.0.2) but without router ● Launch VM in tenant B (12.0.0.3)
logical view VM1 10.0.0.3 VM3 12.0.0.3 Tenant A router 10.0.0.1 172.18.7.3 Tenant A Tenant B External router Internet
ovs-vsctl show Bridge br-int Port "qvo8b0b577a-2c" tag: 1 Interface "qvo8b0b577a-2c" Port "qr-9b80a882-55" tag: 1 Interface "qr-9b80a882-55" type: internal Port "tap66a249f1-bf" tag: 1 Interface "tap66a249f1-bf" type: internal Port "qvo4a744a65-92" tag: 2 Interface "qvo4a744a65-92" Port "tap3aa4a560-d2" tag: 2 Interface "tap3aa4a560-d2" type: internal Port br-int Interface br-int type: internal interface for VM in tenant A interface for VM in tenant B interface of DHCP server in tenant B
physical view VM 10.0.0.3 VM 12.0.0.3 Compute Node 1 eth0 br-ex DHCP 10.0.0.2 DHCP 12.0.0.2 Router 10.0.0.1 br-int
brctl show bridge name bridge id STP enabled interfaces br-ex 0000.6eed69b21a4b no qg-e41c368d-a8 br-int 0000.f68d58076046 no qr-9b80a882-55 qvo4a744a65-92 qvo8b0b577a-2c tap3aa4a560-d2 tap66a249f1-bf qbr4a744a65-92 8000.7a95a8a2b9bd no qvb4a744a65-92 tap4a744a65-92 qbr8b0b577a-2c 8000.de84d986f61e no qvb8b0b577a-2c tap8b0b577a-2c one bridge for VM (created by VIF driver in Nova)
ip netns List of namespaces. There's one namespace per DHCP port and per router port qdhcp-9a7e9331-2508-4615-889b-b99a6f260eef qdhcp-1b2101e0-cefa-4347-a581-e1f1f02215a1 qrouter-0e0e2e6e-a60b-4808-b914-8f45cae02b2e qdhcp-9a7e... qdhcp-1b21... qrouter-0e0e... 12.0.0.2 10.0.0.2 10.0.0.1 172.18.7.3
ip netns exec <> ifconfig Show interfaces for namespace associated with router qg-e41c368d-a8 Link encap:Ethernet HWaddr fa:16:3e:27:a1:85 inet addr:172.18.7.3 Bcast:172.18.76.135 Mask:255.255.255.248 inet6 addr: fe80::f816:3eff:fe27:a185/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:60 errors:0 dropped:0 overruns:0 frame:0 TX packets:69 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6608 (6.6 KB) TX bytes:5298 (5.2 KB) qr-9b80a882-55 Link encap:Ethernet HWaddr fa:16:3e:9e:ed:50 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe9e:ed50/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:18878 errors:0 dropped:0 overruns:0 frame:0 TX packets:3958 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3269696 (3.2 MB) TX bytes:349880 (349.8 KB)
● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
● Unified API for load balancing ● Features: ○ LB between services on VMs ○ configurable LB methods (e.g. round-robin) ○ session persistence ○ health monitoring (TCP, HTTP) ● Reference implementation based on HAProxy Load Balancing as a Service
LBaaS Architecture Plugin Agent HAProxy process RPC REST API DB Extension python-quantumclient Horizon Quantum
Pool LBaaS Model Member Member VM A 10.0.0.4:80 VM B 10.0.0.5:80 Vip (10.0.0.10:80) Health Monitor Subnet Subnet
LBaaS Wiring VM A Load Balancer Router 10.0.0.1010.0.0.4 VM B 10.0.0.5 External Traffic Internal Trafficfloating ip 172.0.0.10
1. Create pool 2. Create members (1 per VM / service) 3. Create vip for the pool 4. (opt.) Create health monitor and associate with Pool LBaaS Workflow
LBaaS UI
Havana Release: ● More services: firewall-as-a-service, vpn-as-a- service ● Multi-host DHCP agent (analog to Nova) ● IPv6 support for L3 services Provide API for every service in the network! Future of OpenStack Networking
Q&A

More Related Content

What's hot (20)

PPTX
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 
PDF
OpenStack Architecture
Mirantis
 
PDF
OpenStack Neutron Tutorial
mestery
 
PPTX
OVN - Basics and deep dive
Trinath Somanchi
 
PDF
Open vSwitch Introduction
HungWei Chiu
 
PDF
Deep dive into Kubernetes Networking
Sreenivas Makam
 
PPTX
01. Kubernetes-PPT.pptx
TamalBanerjee16
 
PDF
Understanding Open vSwitch
YongKi Kim
 
PPTX
Kubernetes 101 for Beginners
Oktay Esgul
 
PDF
20150511 jun lee_openstack neutron 분석 (최종)
rootfs32
 
PDF
Kubernetes networking
Sim Janghoon
 
ODP
DevOps @ OpenShift Online
OpenShift Origin
 
PPTX
OpenStack Architecture and Use Cases
Jalal Mostafa
 
PDF
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
PPTX
OVN DBs HA with scale test
Aliasgar Ginwala
 
PDF
Kubernetes Networking
CJ Cullen
 
PDF
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
PDF
오픈스택 멀티노드 설치 후기
영우 김
 
PPTX
OpenStack Neutron behind the Scenes
Anil Bidari ( CEO , Cloud Enabled)
 
PPTX
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 
OpenStack Architecture
Mirantis
 
OpenStack Neutron Tutorial
mestery
 
OVN - Basics and deep dive
Trinath Somanchi
 
Open vSwitch Introduction
HungWei Chiu
 
Deep dive into Kubernetes Networking
Sreenivas Makam
 
01. Kubernetes-PPT.pptx
TamalBanerjee16
 
Understanding Open vSwitch
YongKi Kim
 
Kubernetes 101 for Beginners
Oktay Esgul
 
20150511 jun lee_openstack neutron 분석 (최종)
rootfs32
 
Kubernetes networking
Sim Janghoon
 
DevOps @ OpenShift Online
OpenShift Origin
 
OpenStack Architecture and Use Cases
Jalal Mostafa
 
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
OVN DBs HA with scale test
Aliasgar Ginwala
 
Kubernetes Networking
CJ Cullen
 
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
오픈스택 멀티노드 설치 후기
영우 김
 
OpenStack Neutron behind the Scenes
Anil Bidari ( CEO , Cloud Enabled)
 
OpenStack Neutron's Distributed Virtual Router
carlbaldwin
 

Viewers also liked (11)

PPTX
Introduction to vxlan
Mohammed Umair
 
PPTX
Vxlan frame format and forwarding
Mohammed Umair
 
PDF
Quantum firewall as a service open stack havana design summit, portland 2013
Sumit Naiksatam
 
PDF
Nova network, the dirty details 041613
OpenStack Foundation
 
PDF
Basics of firewall, ebtables, arptables and iptables
Przemysław Piotrowski
 
PDF
OpenStack Scale-out Networking Architecture
Randy Bias
 
PDF
OpenStack Neutron Havana Overview - Oct 2013
Edgar Magana
 
PPTX
Openstack Basic with Neutron
KwonSun Bae
 
PPTX
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
James Denton
 
PDF
Virtualized network with openvswitch
Sim Janghoon
 
PDF
Designing Teams for Emerging Challenges
Aaron Irizarry
 
Introduction to vxlan
Mohammed Umair
 
Vxlan frame format and forwarding
Mohammed Umair
 
Quantum firewall as a service open stack havana design summit, portland 2013
Sumit Naiksatam
 
Nova network, the dirty details 041613
OpenStack Foundation
 
Basics of firewall, ebtables, arptables and iptables
Przemysław Piotrowski
 
OpenStack Scale-out Networking Architecture
Randy Bias
 
OpenStack Neutron Havana Overview - Oct 2013
Edgar Magana
 
Openstack Basic with Neutron
KwonSun Bae
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
James Denton
 
Virtualized network with openvswitch
Sim Janghoon
 
Designing Teams for Emerging Challenges
Aaron Irizarry
 
Ad

Similar to OpenStack Networking (20)

PDF
Quantum - Virtual networks for Openstack
salv_orlando
 
PPTX
Quantum grizzly summit
Dan Wendlandt
 
PPTX
Quantum PTL Update - Grizzly Summit.pptx
OpenStack Foundation
 
PDF
What's new in OpenStack Liberty
Michael Solberg
 
PPTX
Openstack Quantum yahoo meetup 1 23-13
Dan Wendlandt
 
PDF
CloudKC: Evolution of Network Virtualization
Cynthia Thomas
 
PPTX
OpenStack Quantum: Cloud Carrier Summit 2012
Dan Wendlandt
 
PPTX
Quantum for Cloud Operators - Folsom Conference
Dan Wendlandt
 
PDF
June Boston openStack Summit: Preparing quantum for the data center
Kamesh Pemmaraju
 
PPTX
Harmonia open iris_basic_v0.1
Yongyoon Shin
 
PDF
Simplify Networking for Containers
LinuxCon ContainerCon CloudOpen China
 
PDF
Nvp deep dive_session_cee-day
yfauser
 
PPT
CloudStack and SDN
Sebastien Goasguen
 
PPTX
OpenStack Quantum Intro (OS Meetup 3-26-12)
Dan Wendlandt
 
PPTX
Openstack meetup-pune-aug22-overview
rajdeep
 
PPTX
Quantum Folsom Summit Developer Overview
Dan Wendlandt
 
PDF
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
eurobsdcon
 
PDF
Open stack networking_101_update_2014
yfauser
 
PPTX
OpenStack Networking and Automation
Adam Johnson
 
PPTX
OpenStack 2012 fall summit observation - Quantum/SDN
Te-Yen Liu
 
Quantum - Virtual networks for Openstack
salv_orlando
 
Quantum grizzly summit
Dan Wendlandt
 
Quantum PTL Update - Grizzly Summit.pptx
OpenStack Foundation
 
What's new in OpenStack Liberty
Michael Solberg
 
Openstack Quantum yahoo meetup 1 23-13
Dan Wendlandt
 
CloudKC: Evolution of Network Virtualization
Cynthia Thomas
 
OpenStack Quantum: Cloud Carrier Summit 2012
Dan Wendlandt
 
Quantum for Cloud Operators - Folsom Conference
Dan Wendlandt
 
June Boston openStack Summit: Preparing quantum for the data center
Kamesh Pemmaraju
 
Harmonia open iris_basic_v0.1
Yongyoon Shin
 
Simplify Networking for Containers
LinuxCon ContainerCon CloudOpen China
 
Nvp deep dive_session_cee-day
yfauser
 
CloudStack and SDN
Sebastien Goasguen
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
Dan Wendlandt
 
Openstack meetup-pune-aug22-overview
rajdeep
 
Quantum Folsom Summit Developer Overview
Dan Wendlandt
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
eurobsdcon
 
Open stack networking_101_update_2014
yfauser
 
OpenStack Networking and Automation
Adam Johnson
 
OpenStack 2012 fall summit observation - Quantum/SDN
Te-Yen Liu
 
Ad

More from Ilya Shakhat (6)

PDF
Distributed tracing in OpenStack
Ilya Shakhat
 
PDF
OpenStack reliability metrics
Ilya Shakhat
 
PDF
Intro to os-faults library
Ilya Shakhat
 
PDF
Shaker
Ilya Shakhat
 
PDF
Stackalytics
Ilya Shakhat
 
PDF
OpenStack Networking LBaaS
Ilya Shakhat
 
Distributed tracing in OpenStack
Ilya Shakhat
 
OpenStack reliability metrics
Ilya Shakhat
 
Intro to os-faults library
Ilya Shakhat
 
Shaker
Ilya Shakhat
 
Stackalytics
Ilya Shakhat
 
OpenStack Networking LBaaS
Ilya Shakhat
 

Recently uploaded (20)

PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
July Patch Tuesday
Ivanti
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Biography of Daniel Podor.pdf
Daniel Podor
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
July Patch Tuesday
Ivanti
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Biography of Daniel Podor.pdf
Daniel Podor
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
"AI Transformation: Directions and Challenges", Pavlo Shaternik
Fwdays
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 

OpenStack Networking

  • 2. ● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
  • 3. ● Open source system for building scalable private and public clouds ● Launched in 2010 by NASA and Rackspace, now 150+ companies, >9000 people, 87 countries ● A collection of “cloud services” ● Each service includes: ○ A tenant-facing API that exposes logical abstractions for consuming the service. ○ One or more backend implementations of that API What is OpenStack?
  • 4. ● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
  • 5. Very easy to configure Different managers (network providers): ● FlatManager ● FlatDHCPManager ● VlanManager Nova Network
  • 6. ● Network bridge ● 'dnsmasq' DHCP server ● Bridge as default gw Limitations: ● Single L2 domain and ARP space, no tenant isolation ● Single IP pool Flat Network
  • 8. ● Network bridge ● Vlan interface over physical interface Limitations: ● Scaling limit in 4k vlan tags ● Vlans are configured manually on switch by admin ● May have issues with overlapping MACs Vlan Network
  • 10. ● Networking is too tied to Nova ● Two Key Problems: 1: Limited technology 2: Tenants want to replicate rich enterprise network topologies Why new module? VLANs are Great! - Stone Age Man
  • 11. Issues: ● VLANs is the only way of doing multi-tenancy ● Only Linux bridge supported (no ACLs, QoS, monitoring) ● Network controller is single point of failure Solution: ● Software-defined Networking (SDN) / OpenFlow ● Overlay tunneling: VXLAN, NVGRE, STT ● Fabric solutions: FabricPath, Qfabric, etc. ● Pluggable mechanism via common API to enable different vendor technologies Limited technologies
  • 12. Issues: ● No way to control topology nor create “multi-tier” networks ● No control over IP addressing ● No way to insert own services (e.g. firewall, IPS) Solution: ● API for managing multiple private networks, IP addressing ● API extensions to control: security policies, quality-of-service, monitoring ● Service plugins such as firewall, intrusion detection, VPN Tenants want control
  • 13. OpenStack Modules .. before Compute Storage Network Nova Swift (Objects) Glance (Images) *-as-a-Service Capability OpenStack Service Cinder (Block) Identity Keystone
  • 14. OpenStack Modules .. now Compute Storage Network Nova Swift (Objects) Glance (Images) *-as-a-Service Capability OpenStack Service Quantum Cinder (Block) Identity Keystone
  • 15. ● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
  • 16. ● API to build rich networking topologies ● Extensible via plugins (may support virtual networks, hardware or mixed) ● More capabilities (QoS, security groups) ● Platform for services (LBaaS, FWaaS, etc) Welcome Quantum*! * urgently renamed to OpenStack Networking due to trademark violation
  • 17. Quantum Architecture Core REST API Extension REST API Extension REST API AuthN/AuthZ Core Plugin (vendor-specific) DB agent Service Plugin DB agent Core Plugin Interface Service Plugin Interface
  • 18. Network Node quantum-l3-agent quantum-dhcp-agent quantum-*plugin-agent quantum-metadata-agent quantum-lbaas-agent Compute Node quantum-*plugin-agent nova-compute Cloud Controller nova-api nova-scheduler keystone quantum-server rabbotmq mysql Compute Node quantum-*plugin-agent nova-compute Compute Node quantum-*plugin-agent nova-compute data network management network Quantum Deployment external network Internet
  • 19. Core API objects ● Port - a point of attachment to network ● Network - isolated L2 network segment ● Subnet - associates a block of IP addresses with network L3 extension objects ● Router - gateway between networks ● Floating IP - static mapping from public IP in external network to private IP in local Quantum Objects
  • 20. Quantum Object Relations port network subnet floating ip router VM L3 L2
  • 21. ● Big Switch Networks ● Brocade ● Cisco ● Hyper-V ● Linux Bridge ● Meta Plugin Core Plugins ● Midokura Midonet ● NEC OpenFlow ● Nicira NVP ● Open vSwitch ● PLUMgrid ● Ryu OpenFlow
  • 22. ● Programmable packet forwarding and network topology configuration ● An external ‘controller’ component sets up flows and/or topologies for network traffic ● Particularly suitable for virtual networking in massively scalable environments Software Defined Networks
  • 23. ● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
  • 24. ● Open source programmable virtual switch ● Supports OpenFlow, 802.1Q VLANs, LACP, STP ● Supports KVM and Xen ● OVS is the basis for different SDN/network virtualization platforms ● Flexible controller in user-space ● Fast datapath in kernel Open vSwitch
  • 25. ● Port may have more than one interface ● IEEE 802.1Q support attaching VLAN tags to interfaces ● Packets are forwarded by flow ● Fine-grained ACLs and QoS (L2-L4 matching, actions) ● Centralized control via OpenFlow ● Works on Xen, KVM, VirtualBox Open vSwitch Concepts
  • 26. Open vSwitch Tools ovs-vswitchd - daemon that implements a switch with help of kernel module ovsdb-server - database server ovs-vsctl - utility for working with the configuration ovs-appctl - tool for controlling Open vSwitch daemon ovs-dpctl - datapath management utility ovs-controller - simple OpenFlow controller ovs-ofctl - OpenFlow switch management utility ovs-pki - utility for managing public-key infrastructure
  • 27. Example: logical view VM1 10.0.0.3 VM2 10.0.0.4 VM3 12.0.0.3 VM4 12.0.0.4 Tenant A router 10.0.0.1 30.0.0.2 Tenant B router 12.0.0.1 30.0.0.3 Tenant A Tenant B External router Internet
  • 28. Example: physical view VM1 10.0.0.3 VM3 12.0.0.3 VM2 10.0.0.4 VM4 12.0.0.4 Compute Node 1 Compute Node 2 br-intbr-int eth1eth0 eth1eth0 mgmt network data network br-ex br-ex
  • 29. Let's Start (with example)! We have: ● tenant A and network (10.0.0.0/24) ● router that wires private network with external ● DCHP enabled (quantum port is create) Commands we need: ● brctl show - to show all bridges ● ovs-vsctl show - to show all interfaces ● ip netns exec - to show contents of namespace ● quantum port-list, quantum net-list
  • 30. ovs-vsctl show Bridge br-int Port "qr-9b80a882-55" tag: 1 Interface "qr-9b80a882-55" type: internal Port "tap66a249f1-bf" tag: 1 Interface "tap66a249f1-bf" type: internal Port br-int Interface br-int type: internal Bridge br-ex Port "qg-e41c368d-a8" Interface "qg-e41c368d-a8" type: internal Port br-ex Interface br-ex type: internal internal interface of router port of DHCP server external interface of router
  • 31. brctl show bridge name bridge id STP enabled interfaces br-ex 0000.6eed69b21a4b no qg-e41c368d-a8 br-int 0000.f68d58076046 no qr-9b80a882-55 tap66a249f1-bf
  • 32. Let's Rock! Expand the configuration: ● Launch VM in tenant A (10.0.0.3) ● Create network for tenant B (12.0.0.0/24) with DHCP enabled (12.0.0.2) but without router ● Launch VM in tenant B (12.0.0.3)
  • 33. logical view VM1 10.0.0.3 VM3 12.0.0.3 Tenant A router 10.0.0.1 172.18.7.3 Tenant A Tenant B External router Internet
  • 34. ovs-vsctl show Bridge br-int Port "qvo8b0b577a-2c" tag: 1 Interface "qvo8b0b577a-2c" Port "qr-9b80a882-55" tag: 1 Interface "qr-9b80a882-55" type: internal Port "tap66a249f1-bf" tag: 1 Interface "tap66a249f1-bf" type: internal Port "qvo4a744a65-92" tag: 2 Interface "qvo4a744a65-92" Port "tap3aa4a560-d2" tag: 2 Interface "tap3aa4a560-d2" type: internal Port br-int Interface br-int type: internal interface for VM in tenant A interface for VM in tenant B interface of DHCP server in tenant B
  • 35. physical view VM 10.0.0.3 VM 12.0.0.3 Compute Node 1 eth0 br-ex DHCP 10.0.0.2 DHCP 12.0.0.2 Router 10.0.0.1 br-int
  • 36. brctl show bridge name bridge id STP enabled interfaces br-ex 0000.6eed69b21a4b no qg-e41c368d-a8 br-int 0000.f68d58076046 no qr-9b80a882-55 qvo4a744a65-92 qvo8b0b577a-2c tap3aa4a560-d2 tap66a249f1-bf qbr4a744a65-92 8000.7a95a8a2b9bd no qvb4a744a65-92 tap4a744a65-92 qbr8b0b577a-2c 8000.de84d986f61e no qvb8b0b577a-2c tap8b0b577a-2c one bridge for VM (created by VIF driver in Nova)
  • 37. ip netns List of namespaces. There's one namespace per DHCP port and per router port qdhcp-9a7e9331-2508-4615-889b-b99a6f260eef qdhcp-1b2101e0-cefa-4347-a581-e1f1f02215a1 qrouter-0e0e2e6e-a60b-4808-b914-8f45cae02b2e qdhcp-9a7e... qdhcp-1b21... qrouter-0e0e... 12.0.0.2 10.0.0.2 10.0.0.1 172.18.7.3
  • 38. ip netns exec <> ifconfig Show interfaces for namespace associated with router qg-e41c368d-a8 Link encap:Ethernet HWaddr fa:16:3e:27:a1:85 inet addr:172.18.7.3 Bcast:172.18.76.135 Mask:255.255.255.248 inet6 addr: fe80::f816:3eff:fe27:a185/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:60 errors:0 dropped:0 overruns:0 frame:0 TX packets:69 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:6608 (6.6 KB) TX bytes:5298 (5.2 KB) qr-9b80a882-55 Link encap:Ethernet HWaddr fa:16:3e:9e:ed:50 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe9e:ed50/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:18878 errors:0 dropped:0 overruns:0 frame:0 TX packets:3958 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3269696 (3.2 MB) TX bytes:349880 (349.8 KB)
  • 39. ● What is OpenStack ● Nova network ● (Quantum) OpenStack Networking ● Open vSwitch ● Load balancing as a service Agenda
  • 40. ● Unified API for load balancing ● Features: ○ LB between services on VMs ○ configurable LB methods (e.g. round-robin) ○ session persistence ○ health monitoring (TCP, HTTP) ● Reference implementation based on HAProxy Load Balancing as a Service
  • 41. LBaaS Architecture Plugin Agent HAProxy process RPC REST API DB Extension python-quantumclient Horizon Quantum
  • 42. Pool LBaaS Model Member Member VM A 10.0.0.4:80 VM B 10.0.0.5:80 Vip (10.0.0.10:80) Health Monitor Subnet Subnet
  • 43. LBaaS Wiring VM A Load Balancer Router 10.0.0.1010.0.0.4 VM B 10.0.0.5 External Traffic Internal Trafficfloating ip 172.0.0.10
  • 44. 1. Create pool 2. Create members (1 per VM / service) 3. Create vip for the pool 4. (opt.) Create health monitor and associate with Pool LBaaS Workflow
  • 46. Havana Release: ● More services: firewall-as-a-service, vpn-as-a- service ● Multi-host DHCP agent (analog to Nova) ● IPv6 support for L3 services Provide API for every service in the network! Future of OpenStack Networking
  • 47. Q&A