neutron and bgp vpns with bagpipe
TRANSCRIPT
Neutron and BGP VPNs with BaGPipe
Thomas Morin
Mathieu Rohon
Openstack Paris - Nov. 2014
Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 2
Neutron and BGP VPNs: two use cases
BGP VPNs…
– standard BGP extensions to build multi-site L2 or L3 virtual networks
– well-known technologies in network providers’ networks
Two use cases in the context of Openstack
– A: connectivity between Openstack and BGP VPNs outside the DC
– seamless solution for hybdrid cloud, multi-DC, cloud op/net op
interco
– B: build Neutron L2 networks using BGP VPNs
– proven scalability
Let’s see …how we can address them
With a focus on…
– minimizing complexity
– (number of protocols & components added to the base
Opentack/Neutron architecture)
– code reuse
Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 3
API extension:
– Admin: neutron bgpvpn-connection-create --route-target 64512:2 --tenant-id <uuid>
– Tenant: neutron bgpvpn-connection-update <bgpvpn id> --network-id <uuid>
BGPVPN service plugin implements the BGPVPN extension
tells the VPNAgent/BGP which VPN route to advertise
the agent and BGP speaker manipulate:
– the neutron router to add VPN routes in the router namespace
– the OVS bridge to forward MPLS traffic
Use case A Connectivity bw. Openstack and BGP VPNs outside the DC
IP/MPLS WAN
Nova Neutron …
ML2Plugin
compute VM VM
compute VM VM
network node net ns
net ns
network physical infra
AS BR
BGP IP VPN
Inter-AS
VXLAN, …
MPLS (or MPLS/GRE)
bridge bridge
Neutron L2Agent
Neutron L2Agent
Neutron VPNAgent
BGP
Nova Nova Neutron L2Agent
MPLS bridge
bridge
BGPVPN Service Plugin
… BGP VPN
Connection
API
Cloud Edge
Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 4
Neutron status and related work
What we currently have:
– an API extension is under review: – https://review.openstack.org/#/c/93329/
– BaGPipe BGP: a BGP speaker with MPLS VPN capabilities – inhouse dev, opensourced last June – lightweight: not a full-blown BGP implementation – BGP encodings of ExaBGP are reused – https://github.com/Orange-OpenSource/bagpipe-bgp
– OVS trunk which is capable of MPLS encap. in the datapath: – github.com/openvswitch/ovs/blob/master/FAQ.md#q-does-open-vswitch-
support-mpls – a detailed design proposal:
– https://docs.google.com/drawings/d/1NN4tDgnZlBRr8ZUf5-6zzUcnDOUkWSnSiPm8LuuAkoQ
– Neutron plugins/MD which already deal with MPLS use cases and could leverage the BGPVPN API extension:
– OpenContrail plugin – NuageNetwork MD for ML2
related work in Neutron:
– BGP dynamic routing: https://review.openstack.org/#/c/125401 – Service insertion/chaining – l3 agent refactoring (modular l3 agent) – similarly as for DVR, relevant to distribute MPLS capabilities on compute nodes
Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 5
Nova Neutron … … ML2Plugin
BaGPipe mech driver
VM VM VM VM VM VM
network physical
infra
BGP Route
Reflectors
BGP E-VPN
VXLAN encap (or MPLS/x/IP)
vSwitch vSwitch vSwitch
Neutron BaGPipe Agent
Neutron BaGPipe Agent
Neutron BaGPipe Agent
BGP BGP BGP Nova Nova Nova
Use case B
Build Neutron L2 networks using BGP VPNs
Overlay architecture
– VXLAN encapsulation of VM-to-VM traffic, by the vswitch
vSwitches forwarding tables populated by BGP VPN extensions
– lightweight/barebone implementation of BGP VPNs
– E-VPN: draft-ietf-l2vpn-evpn
Ok but why ??
– scalability proven to millions of endpoints – route reflection techniques
with publish/subscribe
mapping distribution
– standards: can interop with other solutions, including hardware vendors ToR switches
Note: similar as Nuage Networks or OpenContrail, but lightweight and built-in into Neutron
Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 6
Use case B
Build Neutron L2 networks using BGP VPNs
Status
– we have had running code for months
– ML2 plugin BaGPipe mechanism driver
– BaGPipe agent
– BaGPipe BGP VPN implementation
– github.com/Orange-OpenSource/bagpipe-bgp
Next steps
– push ML2 mech. driver and agent in Kilo
– pick an opensource route reflector
– Quagga, BIRD, OpenContrail BGP stack
More…
– integrate with third-party E-VPN ToR switches
– inter-subnet connectivity
– service-chaining
Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 7
Wrap up
Use case A: integrating Neutron with BGP VPNs outside DCs is a Real Need
for some players
Use case B: using BGP VPNs inside the DC is an opportunity (for everyone)
We didn’t say “SDN” or “NFV”, but of course, it is what this is all about
– …except we try to provide all this directly through Neutron with less additional
components than SDN branded products
Next step: Kilo integration ?? Neutron incubator ?
Want to help…
– contact us, {thomas.morin,mathieu.rohon}@orange.com
– follow the blueprint
– discuss on openstack-dev
Want to follow…
– http://github.com/Orange-OpenSource/bagpipe-bgp
– twitter @netpeeker