openstack networking - neutron deep dive with plumgrid

2011-2014 © PLUMgrid - Confidential Information

Fernando Sanchez – Principal Systems Engineer @ PLUMgrid [email protected] @fernandosanchez

OpenStack Networking & PLUMgrid Open Networking Suite for OpenStack


OpenStack: Open Source Cloud OS

•  Open source software for compute, storage, networking

•  Distributions simplify installation

and maintenance

•  Several commercial and “free” OpenStack distributions available

2011-2014 © PLUMgrid - Confidential Information 3

Conceptual communication among services


At the junction of any Cloud

ISOLATION

CONNECTIVITY

COMPUTE

STORAGE

Network


Physical & Virtual Network Infrastructure PH

YSIC

AL

INFR

AST

RU

CTU

RE

VI

EW

VIR

TUA

L IN

FRA

STR

UC

TUR

E

VIEW

•  QoS, Bandwidth •  Latency •  Multicast •  Capacity •  Connectivity

•  On-Demand •  Multi Tenant •  Automated •  Self Service •  Secure •  Distributed

Overlay Network

TENANT NETWORKS


OpenStack Networking (Neutron)

6


Why Neutron?

•  Started with the Folsom release

•  Provide Network as a Service

•  Provide Operator & Tenants ability to create and offer rich network topologies and configure advanced policies

•  Offer a technology agnostic layer while enabling vendor extensions

•  Support for advanced services

Compute Storage Network


What is Neutron?

§  Provides REST APIs to manage network connections for the resources managed by other OpenStack Services (e.g. Nova)

§  Technology Agnostic (framework based on “plug-ins”) §  Multi-tenancy: Isolation, Abstraction, full control over virtual

networks §  Modular Design: API specifies service, vendor provides its

implementation. Extensions for vendor-specific features. §  Exposes vendor-specific network virtualization and SDN

technologies

8


What Neutron is NOT

•  Neutron does NOT implement the networks, but rather is the front-end to the component that does create and implement the rich network functionalities •  When integrated with an SDN solution, it will “pass through”

OpenStack Networking API calls to the SDN Controller. The SDN solution will then “build the actual networks”.

•  When integrated with OVS and a Network node solution*…. *this is what many people call “running Neutron” (inaccurately)

•  It can be very THIN or very THICK depending on functionalities available in the underlying solution

9


Why Neutron Plugins?

10

•  The initial Openstack networking implementation based on nova (nova-network) only implemented a basic model of isolation through Linux VLANs and IP tables

•  Neutron was always architected as a pluggable architecture to provide choice

•  back-end hardware and software agnostic

•  use a variety of technologies to implement the API requests

•  supports a broad spectrum of choices – from basic Linux VLANs and IP tables to more advanced technologies such as network overlays


Neutron Architecture

11

Neutron API

Neutron Service

Neutron Plug-in API

API Extensions

Service API (VPN, FW & LBaaS)

VNI & PNI Virtual & Physical Networking Infrastructure

Plug-In Extensions Plug-In Implementation


Two Types of Neutron Plugins

12

•  Implements Neutron Core API

•  Layer 2 (Switch)

•  Optionally implements Service plugin functionality by using extensions

Core Service

•  Implements Neutron API extensions

•  Layer 3 (Router)

•  Firewall

•  Load Balancer

•  VPN


Vendor to Plugin Type Mapping

13

PLUMgrid, VMware NSX, Midokura, Nuage, OpenContrail

Arista, Big Switch, Brocade, Cisco, Embrane, Extreme, Huawei, Juniper, Microsoft

(HyperV), IBM, Mellanox, NEC, One Convergence, ODL

Core Service

Router: Cisco

LBaaS: A10 Networks, Embrane, Citrix (Netscaler), F5, Radware,

vArmour

FWaaS: Cisco, Freescale

VPNaaS: Cisco

List is a sample and is incomplete Source: OpenStack Marketplace/Drivers


Architecture Challenges: Neutron & OVS

Neutron

ML2/OVS plugin

VM

Network Nodes

VM VM

VM

VM VM VM

VM VM

VM VM VM

VM VM

VM

VM VM VM

Nova

Glance

Swift

Cinder L3 Agent

FWaaS Agent LBaaS Agent

Agent

Agent

Agent

Agent

Agent

Agent

DHCP Agent

Services Neutron

Framework

Placement of these components is critical; They are in data path

and become bottlenecks

Advanced Services run on dedicated nodes.

Limited HA.

Creation of new tenants requires careful sizing of components to maintain

performance level

VM traffic flow can be handled in kernel, in local user space or in

network nodes with different performance level


OpenStack Networking & PLUMgrid

15


Last Mile to Agility: Virtual Networks

16

PHYSICAL INFRASTRUCTURE

VIRTUAL INFRASTRUCTURE

Virtual Compute

Compute Storage

Virtual Storage

CRM VDI ERP IaaS SaaS PaaS

Network

Virtual Networks

Self Service Portal/Catalog

Cloud Management Platform


PLUMgrid Open Networking Suite

17

PHYSICAL NETWORK INFRASTRUCTURE

VIRTUAL DOMAIN Tenant A

PLUMGRID NETWORK LIBRARY

Bridge

Router

LB

Security Policies

Bridge

Security Policies

Bridge

DHCP

FW

VIRTUAL DOMAIN Tenant B

Scalable Architecture Non-Stop Forwarding Service Insertion


PLUMgrid Open Networking Suite

18

ü  No single point of failure ü  Highly resilient & self-healing ü  Terabits of distributed scale out performance

Internet

PLUMgrid IO Visor Edge

PLUMgrid Directors

PLUMgrid IO Visor Gateway

Virtual Domain A Virtual Domain B

Overlay Network


Understanding Virtual Domains PH

YSIC

AL

INFR

AST

RU

CTU

RE

VI

EW

VIR

TUA

L IN

FRA

STR

UC

TUR

E

VIEW

Custom or Template based Virtual Network Domains per Tenant

Tenant 1 Tenant 2 Tenant 3

VM VM VM VM

Internet

VM VM

VM

VM PLUMgrid Zone


Architecture Solution: Neutron & PLUMgrid

Neutron PLUMgrid

Plugin

VM

Virtual Domains Tenant Networks

iO Visor Kernel Module -- Distributed Data Plane

PLUMgrid Director

VM VM

VM

VM VM VM

VM VM

VM VM VM

VM VM

VM

VM VM VM

Nova

Glance

Swift

Cinder

3rd party Virtual Network Functions Control Plane

VM to VM optimized packet flow due to distributed VNFs –

Eliminating bottlenecks

Virtual Domains automatically scale out

as more servers are deployed

All VNF control planes are fully redundant

Director Cluster is deployed in

management rack

Virtual Domain A Virtual Domain B Virtual Domain C


PLUMgrid Platform Architecture

21


Data Plane

Controller

Closed Network Functions

Orchestration layers

South Bound API

North Bound API

Management API

Physical Network Infrastructure Vendors

SDN

Vendors

Commodity Switch or Software Virtual Switch

From PNI to SDN vendors?

Data Plane

Controller


From one Vertically Integrated Environment to the Next?


Data Plane ‘

Controller ‘


Orchestration layers

South Bound API + Extensions

North Bound API

Management API

3rd party Network Function

North Bound AP Extensions

3rd party new Network Functions

Required Platform changes (unfunded)

Data Plane

Controller


Architecture Gridlock

Networking: Extending the Data Plane?


Data Plane

Controller


South Bound API

North Bound API

Management API

DP DP DP

CP CP CP

Network FunctionCP-DP APIs

Management API

DEVELO

PERS

OPERATORS

PG-S

DK

OPERATORS

IO-VISOR™

Director

Old SDN architecture PLUMgrid Platform

IO-visor™ based Architecture

Platform Ecosystem: Get the Controller Out of the Way Platform Ecosystem: Get the Controller out of the way


BR

IDG

E

RO

UTE

R

NAT

IO VISOR™

DP DP DP

IO Visor™ : Internals

PLUMgrid Director CP CP CP

Director APIs API BRG API RTR API NAT

API BRG API RTR API NAT

Ports

REST APIs

Port Mgr. (PEM)

IO Visor

•  Stiches multiple ‘PLUMlet DPs’ as directed by NOS

•  Allows different NF CPs to manage their ‘PLUMlets’

•  The Director controls the IO Visor™


IO VISOR™

BR

IDG

E

RO

UTE

R

NAT

DP DP DP

OPERATORS

PLUMgrid IOVisor Ecosystem – SDK & APIs

SD

K

PLUMgrid Director

REST APIs

CP CP CP

CMS GUI

Network Services

Hypervisor

Infrastructure


PLUMgrid Ignition

27

Immersive PLUMgrid Technology Experience


PLUMgrid Ignition

28

Go to: www.plumgrid.com/plumgrid-ignition/

2011-2014 © PLUMgrid - Confidential Information 29

Next Steps

Stay Connect at www.plumgrid.com/events/

Sign Up for PLUMgrid Ignition at www.plumgrid.com

Follow Us @PLUMgrid


Our Vision

30

THANK YOU!