openstack neutron & interconnections with bgp/mpls vpns
TRANSCRIPT
OPENSTACK NEUTRON & INTERCONNECTIONS WITH BGP/MPLS VPNS
Paul Carver Tim Irnich Thomas Morin
NFV
POPs
A NEED TO INTERCONNECT OPENSTACK AND BGP/MPLS VPNS
BGP/MPLS VPNs:
• a key building block for backbone network engineering
• the foundation for operators VPN services
How to drive interconnections between Openstack and BGP/MPLS VPNs ?
public
cloud IP/MPLS
backbones
core & access
NFV
POPs internal cloud
platforms &
OSS
business,
mobile,
residential
customers
existing BGP VPN
deployments
and new uses for
NFV and inter-DC
ONCE UPON A TIME…
Back in 2012…
Some SDN controllers had support to create connectivity with BGP VPNs
each with its own API
not multi-tenant APIs
Between 2012 and 2014… some unsuccessful attempts at bringing the ability to interconnect BGPVPNs into Quantum/Neutron…
by NTT (Nati Ueno), Contrail (Pedro Marques), Orange
Neutron community not yet familiar enough with this “Telco stuff”
Neutron less modular technically and organizationally
hard to meet the “light reference implementation” criteria
This changed in 2015 !
NETWORKING-BGPVPN INCEPTION
Early 2015
Neutron became more modular
Openstack ‘Big Tent’ and Neutrons Stadium
Growing awareness of Telco things in Neutron’s community
June 2015
group of interested contributors, including… Orange, Ericsson, AT&T, Cloudwatt
early API draft refined based on past attempts
an early API+driver implementation made opensource
networking-bgpvpn was created in Neutron “Stadium”
Since…
Releases for Liberty, Mitaka, Newton
Backports for Juno and Kilo
Steadily improving and extending
CURRENT STATUS
Newton release of networking-bgpvpn: October 13th 2016
base features:
• BGPVPN definitions • L2
• L3
• Network associations, Router associations
• Neutron CLI support
includes drivers for:
• Neutron ML2/OpenVSwitch (with bagpipe)
• OpenDaylight
• OpenContrail
• Nuage Networks (out of tree)
additional features:
• full Heat binding
• Horizon GUI
• Tempest suite
NEUTRON BGP VPN INTERCONNECTIONS SERVICE PLUGIN
OVERVIEW
Neutron
BGP
Peers
dataplane (vswitch/ vrouter)
VMs … …
Backend X (e.g. Neutron+Bagpipe, OpenDaylight,
OpenContrail, Nuage, etc.) API
BGPVPN
Service Plugin
packets carried
over MPLS
to/from VPNs
BGP
VPN
routes
driver for
X…
?
Neutron
SDN Controller
BGP
Peers
driver for
backend X
packets carried
over MPLS
to/fromVPNs
API
BGPVPN
Service Plugin
REST
BGP
VPN
routes
HOW IT WORKS WITH AN SDN CONTROLLER…
E.G. OPENDAYLIGHT, OPENCONTRAIL, NUAGE NETWORKS, ETC.
driver for SDN
Controller X compute node
VMs VMs
compute node
VMs VMs
vswitch vswitch
NBI
BGP
SBI
HOW IT WORKS WITH NEUTRON OVS + BAGPIPE …
Neutron
compute node
BGP
Peers
… VMs …
API
BGPVPN
Service Plugin
OpenVSwitch
br-int | br-tun | br-mpls packets carried
over MPLS
towards VPNs
Neutron OVS
agent
BGP
VPN
routes
bagpipe
BGP
bagpipe
driver
RabbitMQ ML2 as Core Plugin
openvswitch
mech driver
bagpipe
extension
NEW API RESOURCES
(already existing
API resources)
Network X Router Y some user in
“Project Lambda”
Openstack Admin
Network
Association creates
associations
to setup
interconnections
BGP VPN
“default VPN”
Type: L3
BGP Route-Target: 1234:42
Tenant: Project Lambda
Router
Association
creates a
BGPVPN
and gives it to
“Project Lambda”
OPENSTACK NET’-BGPVPN AND OPNFV SDNVPN
OPNFV: a midstream integration project providing automated install of all required components for a given use case, as well as E2E testing of the said use case
• BGPVPN is such a use case
• gives upstream projects additional visibility if their changes break something at system level (i.e. when multiple components interplay)
The OPNFV SDNVPN project aims at integrating a complete stack for BGPVPNs, focusing on cases where an SDN Controller is used
• however a Neutron/BaGPipe scenario is planned as well
COMPONENTS AND INTERFACES
On top of baseline ODL-based OPNFV deployment
Deploy BGPVPN API extension, service plugin and Heat extensions
Activate relevant VPN features in Open Daylight
Configure the stack
Supported OPNFV installers
Fuel
Apex / TripleO
Deployment scenarios and options
HA and non-HA (=redundant OpenStack controller)
Can be deployed nested/bare-metal DPN DPN
Neutron
Ext. APIs Core Neutron API BGPVPN API extension
BGPVPN Service
Generic Plugin
ODL
driver
Other
backend
specific
plugins
ML2 Plugin
ODL
MD
OpenDaylight Neutron NB
BGPVPN
Yang ext.
ML2
Yang
Netvirt
L2 E-LAN
Service
L3-VPN
Service OF Plugin OVSDB
DPN
Driver
B
Driver
C
OPNFV DEPLOYMENT SCENARIOS
OPNFV deployment scenario = essentially a specific stack plus configuration that
OPNFV installers can auto-deploy and
That gets automatically tested in OPNFV CI
Baseline scenarios maintained by installers
“NoSDN” = just OpenStack with OVS & Neutron agent
ODL_L2 = L2 networking done by ODL (ML2 plugin)
ODL_L3 = ODL L3Router replaces L3Router, so L2/L3 networking handled by ODL
SDNVPN scenario: derived from ODL_L3
DEMO: HOW TO DEPLOY OPNFV BGPVPN
At the example of Fuel installer
If you’re interested in doing the same with Apex, come see us after the show
Prerequisites:
Fuel already deployed in a VM (using OPNFV Colorado 1.0 iso)
VMs for compute nodes running & detected by Fuel
Linux bridges for infra networks deployed
Step 1: Check plugins
Step 2: Create environment
Step 3: Activate feature plugins
Step 4: hit deploy & get some popcorn
Step 5: test the system (manually or by running OPNFV test suites)
WRAP UP
One API to allow tenants to control interconnections with their BGP VPNs
• Public/operator cloud <-> business customers of MPLS VPN offers
• inter-DC, distributed cloud, edge cloud
• NFV multi-POP deployments
Drivers for multiple SDN controllers and a Neutron implementation
CLI interface, Horizon GUI, and Heat bindings
Now / Soon / On the radar:
• complete E-VPN part of API
• remaining work to match Neutron Stadium requirements (more functional testing!)
• API evolution for finer-grained control of routing (static routes, preferences, route leaking)
• consider supporting multiple drivers/backends simultaneously
• see MPLS/GRE support land in OpenVSwitch (next MPLS/UDP!)
• expectations of improved feature parity among drivers
Neutron’s Stadium project working hand in hand with its OPNFV counterpart
OpenStack / OPNFV
contributors around BGP
VPN…
Antoine Eiche
Bruno Fernando
Édouard Thuleau
Cédric Savignan
Daniel Radez
Darek Smiegel
Henry Gessau
Jean-Philipe Braun
Mathieu Rohon
Michal Skalski
Nikolas Hermanns
Nishant Kumar
Paul Carver
Peter V. Saveliev
Pierre Crégut
R. R. Palleti
Suresh K.
Tim Irnich
Tim Rozet
Thomas Monguillon
Thomas Morin
Vishal Thapar
Wim De Clercq
Yannick Thomas