openstack orchestrated service chaining · virtual private network virtual tenant network mgr....
TRANSCRIPT
![Page 1: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/1.jpg)
OpenStack Orchestrated Service ChainingSu-Hun YUN, Hideyuki Tai, Masashi Kudo
NEC
#ODSummit
![Page 2: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/2.jpg)
Agenda
• Virtual Tenant Network (VTN) in ODL• VTN models
• Service Chaining
• OpenStack integration
• Demo
#ODSummit
![Page 3: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/3.jpg)
Service Chaining with Virtual Tenant Network
#ODSummit
![Page 4: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/4.jpg)
OpenDaylight Virtual Tenant Network (VTN) Project
#ODSummit
VTN
Coordinator
VTN
Manager
・Provides VTN API (Northbound)
・Builds VTN models using
OpenDaylight API
・Controls multiple SDN controllers
VTN Coordinator:
・Enables multi tenant
・End-to-end dynamic path control
VTN Manager:
![Page 5: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/5.jpg)
Service Abstraction Layer/Core
Base Network Functions
- Lithium
OpenFlow Enabled Devices
DLUX VTN Coordinator
OpenStackNeutron
SDNI Wrapper
Network Applications Orchestrations & Services
Open vSwitchesAdditional Virtual &
Physical DevicesData Plane Elements
(Virtual Switches, Physical Device Interfaces)
Controller Platform Services/Applications
OpenFlow Stats Manager
OVSDB NETCONF PCMM/COPS
SNBILISP
BGP PCEP SNMPSXP Southbound Interfaces &
Protocol Plugins
OpenFlow
OpenFlow Switch Manager
USCCAPWAP OPFLEX CoAPHTTP
OpenFlow Forwarding Rules Mgr
L2 Switch
Host Tracker
Topology Processing
AAA AuthN Filter
OpenDaylight APIs REST/RESTCONF/NETCONF
Data Store (Config & Operational) Messaging (Notifications / RPCs)
LACP
Network ServicesService Function Chaining
Reservation
Virtual Private Network
Virtual Tenant Network Mgr.
Unified Secure Channel Mgr
OVSDB Neutron
Device Discovery, Identification & Driver Management
LISP Service
DOCSIS Abstraction
SNMP4SDN
Network Abstractions (Policy/Intent)
ALTO Protocol Manager
Network Intent Composition
Group Based Policy Service
Platform Services
Authentication, Authorization & Accounting
Neutron Northbound
Persistence
SDN Integration Aggregator
Time Series Data RepositoryLink Aggregation Ctl Protocol
![Page 6: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/6.jpg)
• Network virtualization for multi tenant, traffic isolation, abstraction of physical network
VTN (Virtual Tenant Network)
#ODSummit
DDoS
Server-D
LB
OFS
WAN Optimizer
Virtual
Physical
Server-B
Server-BServer-A
WAN Optimizer FW
VTN #1
Server-C
Server-A
FW
Server-DServer-C
DDoSVTN #2
FW
OFS
LB
ODL Controller
![Page 7: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/7.jpg)
Policy Target Description
VTN logical representation of virtual network
Virtual node
(vNode)
vBridge logical representation of L2 switch function
vRouter logical representation of L3 router function
vTerminalLogical representation of virtual node that is connected to an interface mapped to a physical port
vTunnellogical representation of Tunnel (consists of vTEPs and vBypass(es))
vTEP logical representation of Tunnel End Point (TEP)
vBypasslogical representation of connectivity between controlled networks
Virtual Interface
Interfacerepresentation of end point on the virtual node (VM, servers, appliance, vBridge, vRouter, etc)
VTN Models
#ODSummit
![Page 8: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/8.jpg)
Intent based actions
#ODSummit
VTN
•Define matching conditions (12 tuples) •Apply intent and actions
Traffic
Redirect(Eg. Service Chaining)
Forward(Eg. To destination Port)
Mark(Eg. QoS)
Drop(Eg. ACL)
![Page 9: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/9.jpg)
Traffic redirection
#ODSummit
Intent
Redirect traffic
Server-BServer-A
Tenant1vBridge1
vtn Tenant1{vbridge vBridge1{
flow-filter in{
sequence-number 1{match flow-list match-list-aaction redirectredirect-destination vTerminal1 interface if1
}(snip)
}
Server-C
vTerminal1
192.168.10.3
VTN Model
![Page 10: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/10.jpg)
Service Chaining on VTN
#ODSummit
DDoS
Server-D
LB
OFS
WAN Optimizer
Virtual
Physical
Server-B
Server-BServer-A
WAN Optimizer FW LB
Server-C
Server-A
FW
Server-DServer-C
DDoS FW
OFS
VTN #1
VTN #2
ODL Controller
![Page 11: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/11.jpg)
OpenStack and VTN
#ODSummit
![Page 12: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/12.jpg)
OpenStack and VTN
#ODSummit
Neutron
Neutron Interface
ML2 Plug-inGUI
VTN Coordinator
OVSDB
VTN Manager
OpenStack
ODL
App
MD-SAL
OpenFlow
OVS Switch OVS
Applications
Service
Chain Policy
Switch
REST API
![Page 13: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/13.jpg)
OpenStack and VTN : Automatic mapping
#ODSummit
Neutron
Neutron Interface
ML2 Plug-inGUI
VTN Coordinator
OVSDB
VTN Manager
OpenStack
ODL
App
MD-SAL
OpenFlow
OVS Switch OVS
Applications
Service
Chain Policy
Switch
REST API
FWVM
network -> VTNsubnet -> vBridgeport -> interfaceport mapping
Create FW as VM
Ready for service!
![Page 14: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/14.jpg)
OpenStack and VTN: service chaining
#ODSummit
Neutron
Neutron Interface
ML2 Plug-inGUI
VTN Coordinator
OVSDB
VTN Manager
OpenStack
ODL
App
MD-SAL
OpenFlow
OVS Switch OVS
Applications
Service
Chain Policy
Switch
REST API
FWVM
match condition: filter = xyzaction: redirect to FW
Match condition & action
Flow xyz needs to go through FW
![Page 15: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/15.jpg)
Demo
#ODSummit
![Page 16: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/16.jpg)
Demo Features
• Seamless integration with OpenStack
• Ability to insert service functions dynamically
• Not require NSH capability, work with OpenFlow switches
• Ability to visualize end-to-end flows
#ODSummit
![Page 17: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/17.jpg)
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2
host1 to host3
ODL Controller
![Page 18: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/18.jpg)
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
Virtual terminals
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2Creating virtual terminals
ODL Controller
![Page 19: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/19.jpg)
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
Virtual terminals
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2
[Match Condition]SRC IP: host1DST IP: host3
[Action]Redirect to “service function1”
ODL Controller
Configure Traffic Redirection
![Page 20: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/20.jpg)
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
Virtual terminals
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2
Configure Traffic Redirection
ODL Controller
OpenFlow
[Match Condition]SRC IP: host1DST IP: host3
[Action]Redirect to “service function1”
![Page 21: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/21.jpg)
Overview
Virtual
Physical
Virtual bridge
Virtual Tenant Network
Virtual terminals
host1 host2 Service-function1
Service-function2
host3
OpenStack Node OpenStack Node OpenStack Node
Adding 200 msdelay.
Adding 200 msdelay.
host1
host2
host3
Service-function1
Service-function2
ODL Controller
OpenFlow
Configure Traffic Redirection [Match Condition]SRC IP: host1DST IP: host3
[Action]Redirect to “service function1”
![Page 22: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/22.jpg)
Demo Software Components
• OpenDaylight Lithium• odl-vtn-manager-rest enabled
• odl-vtn-manager-neutron enabled
• VTN Coordinator
• GUI for VTN Coordinator
• OpenStack Juno
#ODSummit
![Page 23: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/23.jpg)
OVS
host3
Deployment
OpenStack (Control Node)
OVS
OpenStack (Compute Node)OpenDaylight
GUI Service Chain PolicyDemo Operation
VTN Manager
Applications
OVSMD-SAL
Neutron InterfaceNeutron
ML2 Plug-in
VTN Coordinator
OVSDB OpenFlow
OpenFlow switches
host1 host2
Service-function1
Service-function2
![Page 24: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/24.jpg)
What to expect from VTN in Beryllium?
• Integration with the SFC project
• Provide VTN visualization and configuration support in DLUX
#ODSummit
![Page 25: OpenStack Orchestrated Service Chaining · Virtual Private Network Virtual Tenant Network Mgr. Unified Secure Channel Mgr OVSDB Neutron Device Discovery, Identification & Driver Management](https://reader030.vdocuments.site/reader030/viewer/2022041110/5f0ed45d7e708231d4412454/html5/thumbnails/25.jpg)
Thank You
#ODSummit