Neutron Advanced Services

About Me• Sean Roberts• VP Development at

Akanda Inc

• Former OpenStack Board Director

• Past Yahoo, VMware, Stanford, and Genentech

Where Are We Headed Today?

OpenStack Neutron Networking Basics

Advanced Services: LBaaS, VPNaaS, FWaaS

Neutron: Liberty and Beyond

OpenStack Neutron Networking Basics

OSI Model

Physical Layer

Data Link Layer

Network Layer

Transport Layer

Session Layer

Presentation Layer

Application Layer

1

2

3

4

5

6

7

TCP, UDP

IPv4,IPv6, ICMP

HTTP, DNS, etc

ARP, Ethernet, VLAN

Akanda Project Architecture

AkandaManagement/Orchestration Physical Network (L2)

Nova

Neutron

Open:OVS/LinuxBridge Proprietary

Akanda L2 Agnostic Overlay Support

Akanda Adv Services: Routing/LB/FW

OpenStack APIs

OpenStack

Neutron

Reference Neutron

neutron-server

Database

L3 AgentL3 AgentL3 Agent

Advanced ServiceAdvanced

ServiceAdvanced Services

Message Queue

DHCP AgentDHCP AgentDHCP Agent

L2 AgentL2 AgentL2 AgentL2 AgentL2 Agents

neutron-server

REST API SERVICE

RPC SERVICE

PLUGIN

Plugin Extensions

● Add logical resources to the REST API● Discovered by server at startup○ REST: /v2.0/extensions

● Common Extensions○ Port binding extended attributes,

DHCP, L3, Provider, Quota, Security Group

2 Types of Plugins

MonolithicPlugin

Mech Mgr

Modular Plugin

Type Mgr

Monolithic Plugin

Typical among SDN vendors

They come in two varieties:

● Proxy● Direct control

PLUGIN

Modular Plugin

Delegates calls to proper drivers

Two kinds of drivers

● Type Driver● Mechanism Driver

Mech Mgr

PLUGIN

Type Mgr

Why Not Flat?

IsolationVLAN

• 802.1Q

• limited

• underlay must support

GRE/VXLAN

• L2 encapsulated in L3

• routable

• overlay independence

Tunneling

A

D

CB

Neutron Advanced Services

ReferenceImplementation

Load Balancing as a Service

HAProxyOctavia Projecthttp://octavia.io

VPN as a Service

OpenSwan

Router

Metadata Proxy

VPN Driver

● Reference implementation uses OpenSwan

● Site-to-Site

● Multiple connections per tenant

● IKE, IPSec

Firewall as a Service• Reference Implementation is

Currently Experimental and not production ready

• Whats next?

L3 Agent

Router

Metadata Proxy

Firewall Driver

Akanda

What is Akanda● Akanda is a multi-process, multi-

threaded Neutron advanced services orchestration service

● It currently supports routers and in the near future, load balancers, VPNs and firewalls

Core Akanda Principles● Simple

● Compatible

● Open Development (Apache v2)

The Rug really tied the room together

Reference Neutron

neutron-server

Database

L3 AgentL3 AgentL3 Agent

Advanced ServiceAdvanced

ServiceAdvanced Services

Message Queue

DHCP AgentDHCP AgentDHCP Agent

L2 AgentL2 AgentL2 AgentL2 AgentL2 Agents

Neutron + the Rug

L2 AgentL2 AgentL2 AgentL2 AgentL2 Agent

Message Queue

L3 AgentL3 AgentService Instance

neutron-server

Database

Akanda (the rug)

Router Instance Lifecycle● Router per tenant distributed throughout

the cluster

● The router controls the data flow at layer 3 level of the TCP/IP network stack

Akanda Project Details● Get the source: https://github.

com/stackforge/akanda

● Project status and tarballs: https://launchpad.net/akanda

● Documentation: http://docs.akanda.io

● IRC - #akanda on freenode.net

Neutron: Liberty and Beyond

OpenStack’s Big Tent

● Open Design● Open Development● Open Community● Open Source

The Neutron Stadium● Common Forum

● Improved Consistency

● Shared Governance

Neutron: Liberty● IPAM● BGP Speaker● NFV

Enhancements● Service Function

Chaining● Enhanced

Security Groups● Paying Down

Technical Debt Canadian2006 - Liberty, Saskatchewan (CC-by-sa-3.0)

commons.wikimedia.org/w/index.php?title=User:Canadian2006&action=edit&redlink=1

Questions