l3 service in opendaylight odl india summit -...
TRANSCRIPT
L3 Service In OpenDaylight
Abhinav Gupta, EricssonHanamantagoud V Kandagal, EricssonKiran N Upadhyaya, EricssonVivekanandan Narasimhan, Ericsson
Agenda
• Overview• Neutron Northbound and networking-odl• Genius• NetVirt L3Service
2
Agenda
• OpenStack Neutron• networking-odl• ODL ML2 Driver
• OpenDaylight• Neutron Northbound• NetVirt• MD-SAL• Southbound Protocols
• OVSDB• OpenFlow
Openstack and ODL Netvirt
Agenda
• Overview• Neutron Northbound and networking-odl• Genius• NetVirt L3 Service
4
Agenda
OpenStack and OpenDaylight Integration
Management Network Compute Node
VM
Networking Node
Data Network
Public Network
OVS
Router
Controller node
OpenDaylight*
Neutron Northbound
ovsdb/NetVirt
DHCP Agent
VMVM InternetOVS
Network/Control Node
Neutron
ML2DB
ML2 Plugin
Networking-odl
Yang
Model
Openstack and ODL Integration
Networking-odl Role
• Push down resource info from neutron into ODL
• Flow:
Neutron API: create/update/delete network/subnet/port/...
passes through to
ODL neutron northbound: create/update/delete network/subnet/port/…
Networking-odl
ODL Neutron Northbound
• ODL component
• Neutron Northbound does• REST API for networking-odl• Yang Model for neutron info• Mirror of Openstack neutron definition
• Neutron Northbound does NOT• Talk southbound protocol to program switches
OpenDaylight
Neutron Northbound
OpenStack Service Provider
Openflow OVSDB
Neutron
Networking-ODLNeutron
DB
MD-SAL
Yang
Model
RestAPI
User Request
ODL Neutron Northbound
Agenda
• Overview• Neutron Northbound and networking-odl• Genius• NetVirt L3 Service
8
Agenda
L2
Service
Genius
L3
ServiceACLDHCP SFC GBP
NetVirt SFC GBP
Interface
Manager
Resourc
e
Manager
ID
Manager
MDSAL
Utils
MD
-SA
LOpenflow Plugin OVSDB Plugin NETCONF Plugin
Tunnel
Manager
GENIUS
• Opendaylight offset 1 project, introduced in ODL-Boron
• Provides Generic Network Interfaces, Utilities and Services
• A framework for integration of different network services
•Decouples application NSFs from Southbound plugins
• Provides common view of network interfaces across services.
GENIUS
› Modules providing commonly used functions as shared
services to avoid duplication
– ID Manager
› Generates persistent cluster-wide unique integer IDs
› Once allocated, ID <Key, Value> mapping is persisted
across cluster restarts, until the ID is released
– MD-SAL Utils
› Provides common generic APIs and utilities for
efficient interaction with MD-SAL
– FCAPS Framework and application
› FCAPS Application generates various alarms and
counters for the different genius modules
› FCAPS Framework module collectively fetches all
data generated by FCAPS application.
› Modules providing common network view and
supporting service integration
– Interface Manager
› Classification of granular logical ports into
different types of interfaces and unique
dataplane-id allocation
› Allows bindings/registration of multiple
services to logical ports/interfaces
› Listens to service-binding changes and
accordingly programs the data plane
– Overlay Tunnel Manager
› Creates and maintains overlay tunnels
between tunnel endpoints configured in
transport-zones
– Resource Manager
› Owns and allocates different openflow
resources like table-ids, group-ids etc.
GENIUS ComponentsGENIUS Components
Agenda
• Overview• Introduction• Features delivered in Boron• Roadmap
• OVSDB• Neutron Northbound and networking-odl• Genius• NetVirt L3 Service
11
Agenda
NetVirt
NetVirt
• Provides several services like L2, L3, NAT and BGPVPN etc.
• Based on OpenDaylightGenius framework
L2
Service
Genius
L3
ServiceDHCP
MD
-SA
L
Openflow Plugin OVSDB Plugin
Neutron NSF
NAT
Service
ACL
Service
NetVirt
L2 Service (ELAN)
• Provides Routing-as-a-service (IP lookup)
• Every Neutron Router is modeled as a VPN instance.
• Distributed Routing of packets from source to destination.
• Supports NAT service enabling VMs to access external networks that are GRE, VLAN or FLAT types
• Support extra-route(s) configuration for routers
• Support both IPv4 and IPv6 routing
13
L3 Service (VPN)
NetVirt internals
• Neutron VPN service listens on DCNs from Neutron Northbound for network, router, subnet, port and floating IP CRUD events.
• On a network creation, a new ELAN instance is created. External networks can also be created (by setting --router:external parameter to true) to cater to DNAT/SNAT usecases.
• On a subnet creation, it is mapped to the L2 network it belongs to. This subnet, when added later to a router as an interface enables L3 service.
• On a router creation, an equivalent VPN instance is created to enable intra DC routing across subnet(s) added as router-interface(s)
• When a subnet is attached to the router via router-interface-add OpenStack API• FIB Table is populated for all the neutron ports present on the subnet with rules to support L3 forwarding.• The router-interface mac address corresponding to the port created as part of the operation is propagated for further use.
14
L3 Service Orchestration Workflow
Neutron Port Create Workflow
• On a neutron port create:• A new interface in created with the port UUID as the interface name.• Interface manager allocates an lport tag for the interface from ID manager. The lport tag is the dataplanerepresentation for the interface. Since it is a unique key generated by ID manager, it is persisted across reboots.• If the subnet corresponding to the port has already been added as a router-interface, then the corresponding L3 (VPN) interface is created.
• When the port is up (interface state up event is received), interface manager programs the dataplane for the VM related routes.
• Neutron floating IPs enable access to a VM via an external network• L3 floating IP entity is created for an external network and can be further associated to a fixed neutron IP.• This neutron IP belongs to the VM port present on subnet (router interface).• The router will act as the gateway for the exernal network.• This triggers dataplane processing for floating IP use-cases.
15
L3 Service Orchestration Workflow
• Extra Route is supported to add static route to the neutron router.• The router needs to be pre-
created to inject it, as extra route is added as part of an update operation.
• ‘--route’ attribute in neutron router is updated with the nexthop IP address and the destination CIDR
Router Attributes
router ID router to which attached
destination CIDR ("10.0.0.0 / 24")
nexthop "192.168.0.1"
The nexthop must be part of that subnet
which is associated with the router
Enables injection of extra routes
with variable subnet masks
id
name
admin_state_up
status
tenant_id
Subnet < id list>
Neutron Router
Extra route
VM communication on same hypervisor
1. Create Network NET1 and NET2neutron net-create NET1neutron net-create NET2
1. Create Subnet SUBNET1 (10.1.1.0/24) and SUBNET2 (20.1.1.0/24)neutron subnet-create --name SUBNET1 NET1 10.1.1.0/24neutron subnet-create --name SUBNET2 NET2 20.1.1.0/24
2. Create Router ROUTER1neutron router-create ROUTER1
4. Add subnets SUBNET1 and SUBNET2 to routerneutron router-interface-add ROUTER1 SUBNET1neutron router-interface-add ROUTER1 SUBNET2
5. Boot VMs on same hypervisornova boot --flavor m1.tiny --image e0fc590d-2eb7-4027-be3e-4c2a86edba37 --nic net-id=$(neutron net-list | grep '\sNET1' |awk '{print $2}') --availability-zone nova:osc-1 VM-01nova boot --flavor m1.tiny --image e0fc590d-2eb7-4027-be3e-4c2a86edba37 --nic net-id=$(neutron net-list | grep '\sNET2' |awk '{print $2}') --availability-zone nova:osc-1 VM-02
VM communication on same hypervisor
Lport Dispatcher Table (17)Match = Lport-TagActions = Write-metadata (VPN-Id)
Gateway MAC Table(19)Match = VPN-Id + Router-GW-MAC
FIB Table(21)Match = VPN-Id + Destination-IP
OF GroupAction = Set
Destination MAC
VM1
10.1.1.4
OVS Data path
VM2
20.1.1.5
Ingress Table (0)Match = in_portActions = Write-metadata (Lport-tag)
VM communication on same hypervisor
stack@osc-1:~/devstack$ sudo ovs-ofctl show br-int -O OpenFlow13OFPT_FEATURES_REPLY (OF1.3) (xid=0x2): dpid:00000ab04e2f8441n_tables:254, n_buffers:256capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATSOFPST_PORT_DESC reply (OF1.3) (xid=0x3):4(tun8eee0158860): addr:9e:bc:09:ff:b3:02
config: 0state: 0speed: 0 Mbps now, 0 Mbps max
8(tap8a43fce6-74): addr:fe:16:3e:11:84:c3 10.1.1.4config: 0state: 0current: 10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps max
9(tapf917a710-eb): addr:fe:16:3e:56:d5:34 20.1.1.5config: 0state: 0current: 10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps max
LOCAL(br-int): addr:0a:b0:4e:2f:84:41config: PORT_DOWNstate: LINK_DOWNspeed: 0 Mbps now, 0 Mbps max
stack@osc-1:~/devstack$ sudo ovs-ofctl -O OpenFlow13 dump-groups br-intOFPST_GROUP_DESC reply (OF1.3) (xid=0x2):group_id=150000,type=all,bucket=actions=set_field:fa:16:3e:56:d5:34->eth_dst,output:9group_id=150001,type=all,bucket=actions=set_field:fa:16:3e:11:84:c3->eth_dst,output:8group_id=210002,type=all,bucket=actions=group:210001group_id=210001,type=all,bucket=actions=set_field:0x6->tun_id,resubmit(,55)group_id=175001,type=all,bucket=actions=CONTROLLER:65535,bucket=actions=resubmit(,17),bucket=actions=resubmit(,81)
VM communication on same hypervisor
VM communication on same hypervisor
stack@osc-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=0cookie=0x8000001, duration=26036.546s, table=0, n_packets=29766, n_bytes=1964572, priority=5,in_port=4
actions=write_metadata:0x20000000001/0x1fffff0000000001,goto_table:36cookie=0x8000000, duration=431.225s, table=0, n_packets=17, n_bytes=1912, priority=4,in_port=8 actions=write_metadata:0x40000000000/0xffffff0000000000,goto_table:17cookie=0x8000000, duration=276.208s, table=0, n_packets=17, n_bytes=1912, priority=4,in_port=9 actions=write_metadata:0x30000000000/0xffffff0000000000,goto_table:17
stack@osc-1:~/devstack$stack@osc-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=17cookie=0x8000001, duration=444.871s, table=17, n_packets=15, n_bytes=1238, priority=2,metadata=0x40000000000/0xffffff0000000000
actions=write_metadata:0x6000040000011174,goto_table:19cookie=0x8040000, duration=443.850s, table=17, n_packets=8, n_bytes=552, priority=3,metadata=0x6000040000000000/0xffffff0000000000
actions=write_metadata:0x8000041388000000,goto_table:50cookie=0x8040000, duration=289.014s, table=17, n_packets=8, n_bytes=552, priority=3,metadata=0x6000030000000000/0xffffff0000000000
actions=write_metadata:0x8000031389000000,goto_table:50cookie=0x8000001, duration=290.022s, table=17, n_packets=15, n_bytes=1238, priority=2,metadata=0x30000000000/0xffffff0000000000
actions=write_metadata:0x6000030000011174,goto_table:19cookie=0x8000000, duration=26130.445s, table=17, n_packets=0, n_bytes=0, priority=0,metadata=0x4000000000000000/0xe000000000000000
actions=write_metadata:0x6000000000000000/0xe000000000000000,goto_table:80stack@osc-1:~/devstack$stack@osc-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=19cookie=0x1080000, duration=26139.570s, table=19, n_packets=10, n_bytes=420, priority=100,arp,arp_op=2 actions=CONTROLLER:65535,resubmit(,17)cookie=0x1080000, duration=26139.570s, table=19, n_packets=36, n_bytes=1512, priority=100,arp,arp_op=1 actions=group:175001cookie=0x8000009, duration=454.317s, table=19, n_packets=7, n_bytes=686, priority=20,metadata=0x11174/0xffffffff,dl_dst=fa:16:3e:96:aa:e9 actions=goto_table:21cookie=0x8000009, duration=454.317s, table=19, n_packets=7, n_bytes=686, priority=20,metadata=0x11174/0xffffffff,dl_dst=fa:16:3e:39:9f:fe actions=goto_table:21cookie=0x1080000, duration=26139.617s, table=19, n_packets=52, n_bytes=4496, priority=0 actions=resubmit(,17)
stack@osc-1:~/devstack$stack@osc-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=21cookie=0x8000003, duration=504.995s, table=21, n_packets=2, n_bytes=196, priority=42,ip,metadata=0x11174/0xffffffff,nw_dst=10.1.1.4 actions=write_actions(group:150001)cookie=0x8000003, duration=350.151s, table=21, n_packets=2, n_bytes=196, priority=42,ip,metadata=0x11174/0xffffffff,nw_dst=20.1.1.5
actions=write_actions(group:150000)stack@osc-1:~/devstack$
VM communication on same hypervisor
VM communication on different hypervisor1. Create Network NET1 and NET2
neutron net-create NET1neutron net-create NET2
2. Create Subnet SUBNET1 (10.1.1.0/24) and SUBNET2 (20.1.1.0/24)neutron subnet-create --name SUBNET1 NET1 10.1.1.0/24neutron subnet-create --name SUBNET2 NET2 20.1.1.0/24
3. Create Router ROUTER1neutron router-create ROUTER1
4. Add subnets SUBNET1 and SUBNET2 to routerneutron router-interface-add ROUTER1 SUBNET1neutron router-interface-add ROUTER1 SUBNET2
5. Boot VMs on hypervisor-1nova boot --flavor m1.tiny --image e0fc590d-2eb7-4027-be3e-4c2a86edba37 --nic net-id=$(neutron net-list |grep '\sNET1' |awk '{print $2}') --availability-zone nova:osc-1 VM-01
6. Boot VMs on hypervisor-2nova boot --flavor m1.tiny --image e0fc590d-2eb7-4027-be3e-4c2a86edba37 --nic net-id=$(neutron net-list |grep '\sNET2' |awk '{print $2}') --availability-zone nova:cn-1 VM-02
VM communication on different hypervisor
VM communication on different hypervisorstack@osc-1:~/devstack$ sudo ovs-ofctl show br-int -O OpenFlow13OFPT_FEATURES_REPLY (OF1.3) (xid=0x2): dpid:00000ab04e2f8441n_tables:254, n_buffers:256capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATSOFPST_PORT_DESC reply (OF1.3) (xid=0x3):4(tun8eee0158860): addr:9e:bc:09:ff:b3:02
config: 0state: 0speed: 0 Mbps now, 0 Mbps max
8(tap8a43fce6-74): addr:fe:16:3e:11:84:c3 10.1.1.4config: 0state: 0current: 10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps max
LOCAL(br-int): addr:0a:b0:4e:2f:84:41config: PORT_DOWNstate: LINK_DOWNspeed: 0 Mbps now, 0 Mbps max
stack@cn-1:~/devstack$ sudo ovs-ofctl show br-int -O OpenFlow13OFPT_FEATURES_REPLY (OF1.3) (xid=0x2): dpid:00006afeb328884bn_tables:254, n_buffers:256capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATSOFPST_PORT_DESC reply (OF1.3) (xid=0x3):2(tunbd72b7a9957): addr:e2:57:b1:97:e5:41
config: 0state: 0speed: 0 Mbps now, 0 Mbps max
5(tapb9311db2-0f): addr:fe:16:3e:5d:4a:7e 20.1.1.6config: 0state: 0current: 10MB-FD COPPERspeed: 10 Mbps now, 0 Mbps max
LOCAL(br-int): addr:6a:fe:b3:28:88:4bconfig: PORT_DOWNstate: LINK_DOWNspeed: 0 Mbps now, 0 Mbps max
VM communication on different hypervisor
Lport Dispatcher Table(17)Match = Lport-TagActions = Write-metadata (VPN-Id)
Gateway MAC Table (19)Match = VPN-Id + Router GW MAC
FIB Table (21)Match = VPN-Id+ Dest-IP Actions = Write-Tun-Id
VM1
10.1.1.4
OVS Data path
OVS Data path
VM2
20.1.1.6
VxLAN Tunnel
Ingress Table (0)Match = in_port
Ingress Tunnel Table (36)Match = Tunnel-Id
OF GROUPAction = Set Destination MAC
Ingress Table (0)Match = in_portActions = Write-metadata (Lport-tag)
VM communication on different hypervisor
VM communication on different hypervisor
Flows on DPN1
stack@osc-1:~/devstack$stack@osc-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=0cookie=0x8000001, duration=26715.515s, table=0, n_packets=30543, n_bytes=2015854, priority=5,in_port=4
actions=write_metadata:0x20000000001/0x1fffff0000000001,goto_table:36cookie=0x8000000, duration=1110.194s, table=0, n_packets=19, n_bytes=2052, priority=4,in_port=8
actions=write_metadata:0x40000000000/0xffffff0000000000,goto_table:17stack@osc-1:~/devstack$stack@osc-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=17cookie=0x8000001, duration=1118.065s, table=17, n_packets=17, n_bytes=1378, priority=2,metadata=0x40000000000/0xffffff0000000000
actions=write_metadata:0x6000040000011174,goto_table:19cookie=0x8040000, duration=1117.044s, table=17, n_packets=9, n_bytes=594, priority=3,metadata=0x6000040000000000/0xffffff0000000000
actions=write_metadata:0x8000041388000000,goto_table:50cookie=0x8000000, duration=26803.639s, table=17, n_packets=0, n_bytes=0, priority=0,metadata=0x4000000000000000/0xe000000000000000
actions=write_metadata:0x6000000000000000/0xe000000000000000,goto_table:80stack@osc-1:~/devstack$stack@osc-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=19cookie=0x1080000, duration=26815.258s, table=19, n_packets=10, n_bytes=420, priority=100,arp,arp_op=2 actions=CONTROLLER:65535,resubmit(,17)cookie=0x1080000, duration=26815.258s, table=19, n_packets=38, n_bytes=1596, priority=100,arp,arp_op=1 actions=group:175001cookie=0x8000009, duration=1130.005s, table=19, n_packets=8, n_bytes=784, priority=20,metadata=0x11174/0xffffffff,dl_dst=fa:16:3e:96:aa:e9 actions=goto_table:21cookie=0x8000009, duration=1130.005s, table=19, n_packets=8, n_bytes=784, priority=20,metadata=0x11174/0xffffffff,dl_dst=fa:16:3e:39:9f:fe actions=goto_table:21cookie=0x1080000, duration=26815.305s, table=19, n_packets=52, n_bytes=4496, priority=0 actions=resubmit(,17)
stack@osc-1:~/devstack$stack@osc-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=21cookie=0x8000003, duration=1135.571s, table=21, n_packets=2, n_bytes=196, priority=42,ip,metadata=0x11174/0xffffffff,nw_dst=10.1.1.4 actions=write_actions(group:150001)cookie=0x8000003, duration=193.159s, table=21, n_packets=0, n_bytes=0, priority=42,ip,metadata=0x11174/0xffffffff,nw_dst=20.1.1.6
actions=write_actions(set_field:0x11173->tun_id,output:4)
VM communication on different hypervisor
VM communication on different hypervisor
Flows on DPN2
stack@cn-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=0cookie=0x8000001, duration=26888.467s, table=0, n_packets=30737, n_bytes=2028682, priority=5,in_port=2
actions=write_metadata:0x10000000001/0x1fffff0000000001,goto_table:36cookie=0x8000000, duration=340.829s, table=0, n_packets=15, n_bytes=1772, priority=4,in_port=5
actions=write_metadata:0x60000000000/0xffffff0000000000,goto_table:16stack@cn-1:~/devstack$stack@cn-1:~/devstack$ sudo ovs-ofctl dump-flows br-int -OOpenflow13 | grep table=36cookie=0x9000006, duration=345.543s, table=36, n_packets=0, n_bytes=0, priority=5,tun_id=0x6 actions=output:5cookie=0x9001389, duration=345.543s, table=36, n_packets=0, n_bytes=0, priority=5,tun_id=0x1389 actions=write_actions(group:210001)cookie=0x9011173, duration=345.008s, table=36, n_packets=0, n_bytes=0, priority=5,tun_id=0x11173 actions=write_actions(group:150003)
stack@cn-1:~/devstack$stack@cn-1:~/devstack$stack@cn-1:~/devstack$stack@cn-1:~/devstack$ sudo ovs-ofctl -O OpenFlow13 dump-groups br-intOFPST_GROUP_DESC reply (OF1.3) (xid=0x2):group_id=150003,type=all,bucket=actions=set_field:fa:16:3e:5d:4a:7e->eth_dst,output:5group_id=210002,type=all,bucket=actions=group:210001group_id=210001,type=all,bucket=actions=set_field:0x6->tun_id,resubmit(,55)group_id=175001,type=all,bucket=actions=CONTROLLER:65535,bucket=actions=resubmit(,17),bucket=actions=resubmit(,81)
stack@cn-1:~/devstack$
VM communication on different hypervisor
VM communication on different hypervisor
1. Create Network intNet and an External Network extNetneutron net-create extNet --router:external=True --provider:network-type greneutron net-create intNet
2. Create Subnet intSubnet and extSubnetneutron subnet-create --name intSubnet intNet 10.1.1.0/24neutron subnet-create --name extSubnet extNet 172.16.0.0/16
3. Create Router router1 and associate intNet to router1neutron router-create router1neutron router-interface-add router1 intSubnet
5. Boot VM in the internal networknova boot --flavor m1.tiny --image e0fc590d-2eb7-4027-be3e-4c2a86edba37 --nic net-id=$(neutron net-list |grep '\sintNet' |awk '{print $2}') --availability-zone nova:osc-1 VM-01
5. Link the router to the external networkneutron router-gateway-set router1 extNet
SNAT
NAPT Switch (Ingress)
VM
Ingress Table (0)Match = in_port
LFibTable (20)Match = mpls_label
Actions = Write Internet VpnId
INBOUND_NAPT_TABLE (44)Match = Internet VpnId, ext-fixed-Ip, ext-fixed-Port
Actions: Write Router VpnId, VM IP, VM Port
NAPT PFIB Table (47)Match = Router Vpn Id
FIB Table (21)Match = Router VPN-Id, VM IP
Actions= Output : VM Port
NAPT Switch (Egress)
VM Ingress Table (0)
Match = in_portActions = Write Lport-tag
Lport Dispatcher Table (17)Match = Lport tag
Actions = Write VpnId
OUTBOUND_NAPT_TABLE (46)Match = Router VpnID, Source ip, source port, L4 protocolActions : Write internet vpnid, ext fixed ip, ext fixed port
NAPT PFIB Table (47)Match = Internet Vpn Id
FIB Table (21)Match = Internet VpnId + Ext Fixed-IpActions=push_mpls, output : MPLSoGRE tun_port
GW MAC Table (19)Match = VPNId + Dest MAC
FIB Table (21)Match = Router VPNId
PSNAT Table (26)Match = Router VPNId
VM communication on different hypervisorSNAT : VM connected to the NAPT switch
NAPT Switch
Ingress Table (0)Match = in_port
Internal Tunnel Table(36)Match = Router VpnId
OUTBOUND_NAPT_TABLE (46)Match = Router VpnId, source Ip, source Port, L4 protocolActions: Write Internet VpnId, ext-fixed-Ip, ext-fixed-Port
NAPT PFIB Table (47)Match = Internet Vpn Id
FIB Table (21)Match = Internet VPN-Id, ext-fixed-ip IP
Actions= push_mpls, Output : port
Non- NAPT Switch
VM Ingress Table (0)
Match = in_portActions = Write Lport-tag
Lport Dispatcher Table (17)Match = Lport tag
Actions = Write VpnId
GW MAC Table (19)Match = VPNId + Dest MAC
FIB Table (21)Match = Router VPNId
PSNAT Table (26)Match = Router VPNId
VM communication on different hypervisorSNAT : VM connected to the non-NAPT switch (Egress)
Non-NAPT Switch
Ingress Table (0)Match = in_port
Internal Tunnel Table(36)Match = lport tag
FIB TABLE (21)Match = Router VpnId, VM IPActions: Output to VM Port
NAPT Switch
VM
Ingress Table (0)Match = in_portActions = Write Lport-tag
LFIB Table (20)Match = mpls_label
Inbound Napt Table(44)Match = Internet VpnId, ext-fixed-Ip, ext-fixed-Port
Actions = Write router VPNId, VM IP, VM Port
FIB Table (21)Match = Router VPNId, VM
IP
NAPT PFIB Table (47)Match = Router VPNId
VM communication on different hypervisorSNAT : VM connected to the non-NAPT switch (Ingress)
VM communication on different hypervisor
1. Create a port in the internal networkneutron port-create intNet--name port1
2. Boot a VM on the portnova boot --flavor m1.tiny --image e0fc590d-2eb7-4027-be3e-4c2a86edba37 --nic port-id=$(neutron port-list
|grep '\sport1' |awk '{print $2}') --availability-zone nova:osc-1 VM-02
3. Create a floating IPneutron floatingip-create extnet
4. Associate floating IP to the fixed IPneutron floatingip-associate <floating_ip_id> <port1_id>
DNAT
DPN (Egress)
VM Ingress Table (0)Match = in_port
Lport Dispatcher Table(17)Match = lportTag
Actions = Write VpnId
PSNAT TABLE (26)Match = Router VpnId, VM IP
Actions: Write Internet VpnId, Floating IP
SNAT Table (28)Match = Internet Vpn Id
FIB Table (21)Match = Internet VPN-Id, External Host
Actions= push_mpls, Output to Port
DPN (Ingress)
VM
Ingress Table (0)Match = in_portActions = Write Lport-tag
LFIB Table (20)Match = mpls_label
PDNAT TABLE (25)Match = Internet VpnID, Floating IP
Actions : Write Router VpnId, VM IP
DNATTable (27)Match = Router Vpn Id
FIB Table (21)Match = Router VpnId + VM IpActions= Output to VM Port
VM communication on different hypervisorDNAT
GW MAC Table (19)Match = VpnId, Dest Mac
FIB Table (21)Match = Router VpnId + VM IpActions= Output to VM Port
Start From Here
• Checkout all the info on the project wiki:• NetVirt Project Wiki• Weekly meetings on Tuesday’s at 08:00am PST• Getting started: How to pull and build the code• Tutorials with slides and ova-packaged virtual machines
• NetVirt Trello page for project task tracking: NetVirt Trello
• Connect with active developers in the community on the #opendaylight-ovsdbIRC channel at freenode.net
• Join the conversation through lists.opendaylight.org and ask.opendaylight.org and [email protected]
Start from here!
Thank You