Networking in OpenStackNeutron, SDN, NFV, Containers

Rossella Sblendido

Team Lead Networking

rsblendido@suse.com

2

Traditional networking

3

Limitations of Traditional Networking

4

It's hardware centric!

5

Closed system

● Vendor specific software● Costly● Hard to inter-operate

6

Not scalable!

7

No abstractions

● Hard to maintain● Hard to innovate● Hard to experiment

8

Server virtualization

VLANs are not flexible enough (e.g. server is moved)

Traffic differs from the classic server-client model

9

Connect a new machine

1. Reach the place

10

Connect a new machine

1. Reach the place

2. Plug the cable

11

Connect a new machine

1. Reach the place

2. Plug the cable

3. Configure

12

OpenFlow

13

OpenFlow

● Open standard● Separation of control plane and data plane

● OF switch has flow tables● OF controller programs the flow entries

● Flow = match + action

14

OpenFlow switch

15

SDN

16

What's SDN?

● Separate control plane from data plane● Centralization of control● Program a network vs configure network

17

Overlay network

● Encapsulation decouples a network service from the underlying infrastructure

● Per-service state is restricted at the edge of the network

Image from ipcraft.net

18

Connect a new machine in the virtual world

19

NFV

20

What's NFV?

21

NFV benefits

● Agility● Reduced costs● Faster time to market● Interoperability

22

OPNFV

● Open Source platform for deploying NFV solutions

23

Networking in OpenStack

24

Neutron

● Neutron is an OpenStack project to provide “networking as a service” between interface devices (e.g., vNICs) managed by other Openstack services (e.g., nova)

● provides a powerful API to define the network connectivity

25

Neutron abstractions

● Network: L2 broadcast domain● Subnet: a block of v4 or v6 IP addresses and associated

configuration state.● Port: a connection point for attaching a single device, such

as the NIC of a virtual server, to a virtual network. Also describes the associated network configuration, such as the MAC and IP addresses to be used on that port.

● Router: interconnects networks

26

Modular architecture

● Plugin: custom back-end implementation of the Networking API

● Neutron-server: exposes the API

27

Neutron agents

● L2 agent● DHCP agent● L3 agent● Metadata agent

28

Neutron advanced services: LBaaS

● Pools● Virtual IPs● Listeners● Health monitors

29

Neutron advanced services: VPNaaS

● IPSec● OpenSwan

30

Neutron advanced services: FWaaS

● Enhanced router

31

Containers

32

Containers are cool but...

● Containers need to be reachable● Containers need to be connected together

Image from patgt.net

33

Kuryr

● Neutron Stadium● Map container networking abstraction to the Neutron API● Bring containers and VMs together under one API

34

Kuryr: how it works

● Maps libnetwork API into Neutron API● Leverages the networking services provided by Neutron

35

Thanks!Questions?