neutron dvr
DESCRIPTION
Neutron DVR - Operators Summit in Paris November 2014TRANSCRIPT
NeutronDistributed Virtual Router
Edgar Magana
Cloud Operations Architect
Acknowledgments
Big Thanks to Great Developers in OpenStack
Community & OpenStack Foundation.
Information presented here are sourced from my own
experience as OpenStack developer/user and from
OpenStack Foundation Documents & Community.
Views and Technical points expressed here are solely
presenter’s and doesn’t reflect his employer
views/positions or OpenStack Foundation in anyway.
Networking Status (Neutron)
nova-network Parity– Feature parity with nova-network in progress – Initial migration path -- initial path for nova-network deprecation
L3 Enhancements– Multiple L3 agents– HA through plugins & keepalived– Each router created is assigned to 2 or more agents
IPv6– Next generation of IP routing– 2001:0db8:85a3:0042:1000:8a2e:0370:7334 rather than 10.28.255.168– Address assignment
– SLAAC– Stateful DHCP– Stateless DHCP
– Router advertisement through RADVD
Networking Status (Neutron)
DVR– Uses L3 HA– Removes bottleneck in east-west traffic – Shares OVS route information across virtual routers – One-hop traffic for VMs on different hypervisors – Requires OVS on ML2 plugin
New plugins/Drivers– OpenContrail plugin– A10 Networks LBaaS driver – Arista L3 routing plugin– Big Switch L3 routing plugin– Brocade L3 routing plugin – Cisco APIC ML2 Driver (including a L3 routing plugin) – Cisco CSR L3 routing plugin – Freescale SDN ML2 Mechanism
OpenStack Networking Deployment
Network Node Internals
DVR Support in Juno The new Enhanced L3 Agent can operate in 3 different modes:
1. Legacy (default for backward compatibility) Centralized routing only Runs on Network Nodes
2. DVR Supports distributed routing Runs on Compute Nodes
3. DVR_SNAT Supports legacy centralized routing, DVR and centralized SNAT Runs on either Network/Service Node or Compute Nodes
Each mode adds new support for certain features while continuing to support the other features but is dependent on the l3-agent scheduler.
Neutron – DVR Config Options neutron.conf
[DEFAULT]router_distributed = False (True = DVR mode)dvr_base_mac = fa:16:3f:00:00:00
ovs_neutron_plugin.ini[agent]enable_distributed_routing = False (True = The l2 agent runs in DVR mode)
l3_agent.ini[DEFAULT]agent_mode = legacy
dvr dvr_snat
DVR – Devstack Multi-NodeController/Network(SNAT)HOST_IP=172.16.232.137disable_service n-netenable_service neutronenable_service tempestenable_service q-svcenable_service q-agtenable_service q-dhcpenable_service q-l3enable_service q-metaenable_service n-cpu
MYSQL_PASSWORD=novaRABBIT_PASSWORD=novaSERVICE_TOKEN=novaSERVICE_PASSWORD=novaADMIN_PASSWORD=novaLOGDAYS=1
Q_PLUGIN=ml2ENABLE_TENANT_TUNNELS=TrueTENANT_TUNNEL_RANGE=50:100Q_ML2_TENANT_NETWORK_TYPE=vxlanQ_DVR_MODE=dvr_snat
VNCSERVER_LISTEN=$HOST_IPVNCSERVER_PROXYCLIENT_ADDRESS=$HOST_IP
MULTI_HOST=1
Compute/Routing
HOST_IP=172.16.232.138SERVICE_HOST=172.16.232.137
MYSQL_HOST=$SERVICE_HOSTRABBIT_HOST=$SERVICE_HOSTGLANCE_HOSTPORT=$SERVICE_HOST:9292
MYSQL_PASSWORD=novaADMIN_PASSWORD=novaSERVICE_PASSWORD=novaSERVICE_TOKEN=novaRABBIT_PASSWORD=nova
ENABLED_SERVICES=n-cpu,neutron,n-novnc,q-agt,q-l3
Q_PLUGIN=ml2ENABLE_TENANT_TUNNELS=TrueTENANT_TUNNEL_RANGE=50:100Q_ML2_TENANT_NETWORK_TYPE=vxlanQ_DVR_MODE=dvr
VNCSERVER_LISTEN=$HOST_IPVNCSERVER_PROXYCLIENT_ADDRESS=$HOST_IP
MULTI_HOST=1
IP Network Namespaces
openstack-dev:~/devstack$ sudo ip netnsqdhcp-2e9facd9-92d3-4d71-9c80-6d3992b6751bqdhcp-ea73f4b4-d753-4d2b-9089-e0dc65cfea2bqrouter-c64a1a02-6425-4252-ba89-3146647c564fsnat-375d717f-afd3-4427-878d-4c38303e40f2qrouter-375d717f-afd3-4427-878d-4c38303e40f2
openstack-dev-compute:~/devstack$ sudo ip netnsqrouter-c64a1a02-6425-4252-ba89-3146647c564f
After creating a few networks and routers:
DVR in Action
IRIR
vm1 vm3
br-int-cn1
br-tun-cn1
vm2 vm4
br-int-cn2
br-tun-cn2
vm5
Data Network
vm6 vm71. Data frame with
srcMac = VM1, destMac = red-Mac, Network = red
2. br-int forwards to IR
10. Swap in Gateway Mac:
srcMac = green-Mac, destMac = VM2, Network = green
9. Usual Virtual switching
srcMac = dvr-cn1-Mac, destMac = VM2, Network = green
11. Deliver to VM 2:
srcMac = green-Mac, destMac = VM2, Network = green
3. Change network:
srcMac = VM1, destMac = red-Mac, Network = green
6. Dec TTL and fwd:
srcMac = green-Mac, destMac = VM2, Network = green
4. Set destMac:
srcMac = VM1, destMac = VM2, Network = green
5. Set srcMac:
srcMac = green-Mac, destMac = VM2, Network = green
7. Swap out Gateway Mac:
srcMac = dvr-cn1-Mac, destMac = VM2, Network = green
8. Usual Virtual switching :
srcMac = dvr-cn1-Mac, destMac = VM2, Network = green
LEGEND Tenant 1 has two Networks - RED & GREENTenant 2 has one Network - ORANGE
source: HP Neutron Team
Thank you!
Details:https://etherpad.openstack.org/p/kilo-summit-ops-dvrhttp://www.slideshare.net/emaganaptwitter: emaganap