openstack neutron and sdn

OpenStack Neutron &Software Defined Networks (SDN)

OpenStack BCN MeetUp - March 2014Iaki Pascual Software Engineer

Neutron & SDN OpenStack BCN MeetUp - March 2014

Acknowledgments

I want to thank all the developers and members in OpenStack Community, OpenStack Foundation and Open Networking Foundation. Also to my colleges in PLUMgrid Inc.

Information presented here is sourced from my own experience as PLUMgrid employee and from: OpenStack Foundation Documents & Community Open Networking Foundation Stanford Seminar 2013 - Software-Defined Networking at the Crossroads by Scott Shenker,

University of California, Berkeley http://www.youtube.com/watch?v=WabdXYzCAOU OpenStack Summit Presentations

OpenStack Neutron Modular Layer 2 Plugin Deep Dive"By: Kyle Mestery,Robert Kukura in OpenStackhttps://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/openstack-neutron-modular-layer-2-plugin-deep-dive

PLUMgrid Inc, http://plumgrid.com/resources/

Views and technical points expressed here are solely presenters and doesnt reflect the views/positions of PLUMgrid Inc in any way.


Agenda

Demo. Intro to Neutron (Havana release). Dashboard and CLI overview. Create networks, spawn VMs, test connectivity. Floating IPs, create, assign. Test external connectivity. Load Balancer create and test. Test isolation of overlapping networks.

Slides. Neutron Overview Network as a Service *(NaaS) Components Architecture New plugin ML2.

Demo. Neutron. REST API example with curl. View components, network namespaces, soft switches.

Slides. SDN. Definition, architecture. Virtual Networks. Software Edges. Example: PLUMgrid.

Conclusions. Neutron and SDN.


Demo

Dashboard and CLI overview.Create Networks, spawn VMs, test connectivity.Create and assign floating IPs, test external access.Load balancer create and test.Overlapping IPs, test tenant isolation.


Neutron in Openstack


Network as a Service (NaaS)

Provides REST APIs to manage network connections for the resources managed by other OpenStack Services (e.g. Nova)

Technology Agnostic (framework based on plug-ins) Multi-tenancy: Isolation, Abstraction, full control over virtual

networks Modular Design: API specifies service, vendor provides its

implementation. Extensions for vendor-specific features. Standalone Service : It is not exclusive to OpenStack. Neutron

is an autonomous service Exposes vendor-specific network virtualization and SDN

technologies


Neutron Components


Neutron Components

Neutron Server Runs on Controller node. Exposes API. Enforces network model. Passes requests to Neutron plugin.

Neutron Plugin Runs on Controller node. Implements the API. Interacts with neutron server, database and agents.

Queue Enhance communication between each components of neutron

Database Persistent network model

Plugin agent (*) Run on each compute node Connect instances to network port

DHCP Agent (*) Start/stop dhcp server Maintain dhcp configuration

L3 Agent (*) To implement floating IPs and other L3 features, such as NAT

(*) These components may be overridden by the plug-in


Modular Layer 2 Plug-in (ML2)

New in Havana, deprecates the OpenVSwitch and LinuxBridge plug-ins (but not the agents).

Modularity through drivers: TypeDrivers: flat, VLAN, GRE... Mechanism Drivers: OVS, LinuxBridge...

One mechanism Driver may support several Type Drivers. Vendors may implement a new plug-in or a mechanism driver.


Network Devices Compute Node


Network Devices - Network Node.


Demo (II)

Neutron REST API, example with curl.Neutron Internals:Network namespaces DHCP, Router, LoadBalancerOVS Bridges - VLANs


Demo (II)

Neutron API example with cURL.How to update a network:1.- get the token from keystone2.- list existing networks to get id of network to update3.- update network nameAfter these, check in Dashboard that name has actually changed

$ export IP=$ export PASS=$ curl -d "{\"auth\":{\"tenantName\": \"admin\", \"passwordCredentials\": {\"username\": \"admin\", \"password\": \"$PASS\"}}}" -H "Content-type: application/json" http://$IP:35357/v2.0/tokens$ export TOKEN=$ curl -H "X-Auth-Token: $TOKEN" http://$IP:9696/v2.0/networks$ export NET=$ curl -H "X-Auth-Token: $TOKEN" -X PUT -d '{"network": {"name": "network_updated"}}' http://10.0.2.15:9696/v2.0/networks/$NET.json

APIs:http://docs.openstack.org/api/openstack-identity-service/2.0/content/POST_authenticate_v2.0_tokens_.htmlhttps://wiki.openstack.org/wiki/Neutron/APIv2-specification#API_Operations


Demo (II)

Show soft bridges. We can see the vlan tags in integration bridge.

$ sudo ovs-vsctl showe80f467f-bd33-452a-a495-e7c89736c552 Bridge br-int Port "tap0b53fd22-35" tag: 2 Interface "tap0b53fd22-35" Port "tapd7e7242f-64" tag: 3 Interface "tapd7e7242f-64" Port br-int Interface br-int type: internal Port "qr-63a50193-d2" tag: 2 Interface "qr-63a50193-d2" type: internal Port "qr-2ad51820-c7" tag: 1 Interface "qr-2ad51820-c7" type: internal Port "tap2f696f92-6c" tag: 2 Interface "tap2f696f92-6c" type: internal...


Demo (II)

Show network namespaces

$ ip netns showqlbaas-9035ea38-1916-4cf9-855f-06f1a41b1899qdhcp-a389d59d-5275-4470-9edf-44bf7de6cb0fqdhcp-f030bfa9-5209-477b-a260-e0bc552ebffdqrouter-9de1459b-c453-485c-b89e-99cb09e82371qrouter-91a3612b-835c-400b-b8db-6d11dade6b11


Demo (II)

Execute commands in network namespaces

$ sudo ip netns exec qdhcp-a389d59d-5275-4470-9edf-44bf7de6cb0f ifconfiglo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

tapae991773-bd Link encap:Ethernet HWaddr fa:16:3e:80:a8:0f inet addr:30.0.0.4 Bcast:30.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe80:a80f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:40 errors:0 dropped:0 overruns:0 frame:0 TX packets:25 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5048 (5.0 KB) TX bytes:3074 (3.0 KB)

inaki@precise:~/devstack$ sudo ip netns exec qdhcp-a389d59d-5275-4470-9edf-44bf7de6cb0f tcpdump -i tapae991773-bdtcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on tapae991773-bd, link-type EN10MB (Ethernet), capture size 65535 bytes


SDN Introduction

Why SDN?: Networks have a high operational cost. Networks are difficult to evolve. There is a need for NaaS

2008: The Open Networking Foundation (ONF) releases OpenFlow (Standford University) and NOX (Nicira).

There was previous efforts like Software Defined Radio, MPLS and other works in Universities and Companies' labs.


SDN Definition (by Open Networking Foundation)


SDN Architecture


Network Virtualization

In the original SDN 3-layer architecture, the control programs are aware of the underlying physical network.

New intermediate layer allows operator to express his needs in a higher level language, so decoupling from the physical infrastructure.

Network hypervisor will convert them into Network OS language.

Allows the creation of tenant isolated virtual networks.


Core/Edge Nodes Differentiation

Concept borrowed from MPLS. Two different kind of nodes: core/edge.

Core: Transport packets among edge nodes.

Edges: nodes connected to hosts.

All functionalities can be moved to edges while core can focus on transport.

Edge nodes became Software Edges.

SDN Controller need to talk only to edge nodes.

Actually part of the SDN work can be done by the software edges.


SDN Example: PLUMgrid.

http://plumgrid.com/resources/


Neutron & SDN

Centralized control plane allows creating isolated tenant virtual networks.

Compute nodes are the software edges.Neutron enforces SDN but actually delegates its

implementation and functionalities to the plugin.


Thank you!


?

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26