nova net-or-neutron-atlanta2014.pptx
DESCRIPTION
OpenStack Neutron Vs. Nova-NetworkTRANSCRIPT
© 2014 VMware Inc. All rights reserved.
Nova-Network or Neutron for OpenStack Cloud? Somik Behera Twitter: @Strikesme Slidedeck location - http://www.slideshare.net/somikbehera
Nova-Network Vs. OpenStack Neutron
Nova-Network presents networking models like the Federation’s Droids.
2
OpenStack Neutron is the Rebel Alliance bringing Networking to 21st century
Outline • Nova-Network - Federation’s proposal for Networking
– Basics to advanced.
• OpenStack Neutron -The Rebel Alliance’s response to bring the revolution to networking – Neutron basics, OVS Plugin details.
• Hmm… Does Neutron work in large scale production environments? • Summary
3
Nova-Network Single, rigid, monolithic model of networking.
OpenStack Networking before Neutron • Nova offers basic networking in OpenStack (nova-network)
– Note: It was the only offering before Quantum (old Neutron project name)
Nova-network is still available today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported
Only Flat,
Flat DHCP
and VLAN DHCP
OpenStack Networking before Neutron • Nova offers "networking as a service" in OpenStack (nova-network)
– Note: It was the only offering before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported
Only Flat,
Flat DHCP
and VLAN DHCP
No 3-tier Network topology supported
OpenStack Networking before Neutron • Nova offers "networking as a service" in OpenStack (nova-network)
– Note: It was the only offering before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported Limited Scale and Network Services supported
Scale
L2 (using VLAN), DHCP&DNS (using dnsmask), Security (using IPtables on hypervisors)
IP address management (using SQL DB table)
Limited Network Services
No self-tenant L3, no Load Balancer, no VPN.
OpenStack Networking before Neutron • Nova offers "networking as a service" in OpenStack (nova-network)
– Note: It was the only offering before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported Limited Network Services supported
No integration with 3rd party Network solutions No ability to use 3rd parties to overcome the limitations of nova-network
OpenStack Networking before Neutron • Nova offers "networking as a service" in OpenStack (nova-network)
– Note: It was the only offering before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported Limited Network Services supported
No integration with 3rd party Network solutions
Complex/Limited HA and management/monitoring
Nova-Networking deep dive – VLAN mode Other than with the flat modes, each project has its own network that maps to a VLAN and bridge that needs to be pre-
configured on the physical network
VM Traffic is bridged through one bridge and VLAN per project onto the physical network
DHCP and Default Gateway is provided by OpenStack Networking – Through ‘dnsmasq’ (DHCP) and iptables/routing stack + NAT / floating-ip’s
nova-compute
hypervisor VM VM
Bridge 30 IP Stack
Compute Node + Networking *
nova-compute
hypervisor VM VM
Br 30 IP Stack
Compute Node
nova-compute
hypervisor VM VM
IP Stack
Compute Node
External Network
(or VLAN)
Internal VLANs
WAN/Internet
dnsmasq
iptables/ routing
Bridge 40
VLAN30 VLAN40
Br 40
VLAN30 VLAN40
Br 30
Br 40
VLAN30 VLAN40
VLAN Trunk VLAN Trunk
dnsmasq
* With ‘multi-host’, each compute node will also be a networking node
NAT & floating
-IPs
nova-netw.
iptables iptables
Neutron Decouple. Pool. Choice.
Why people use OpenStack with Neutron? • Neutron improves nova-network in multiple areas
• Larger number of Network Topologies and services supported • L3: Self-Tenant provisioning
• Security (ingress + egress rules support)
• LBaSS
• VPNaSS (coming)
Why people use OpenStack with Neutron? • Neutron improves nova-network in multiple areas
• Larger number of Network Topologies and services supported • L3: Self-Tenant provisioning
• Security (ingress + egress rules support)
• LBaSS
• VPNaSS (coming)
• Supports overlay • Remove the VLAN limitation (using overlay with GRE)
VM VM VM VM VM VM VM VM VM
Hypervisor
Any L2/L3 Fabric
Hypervisor1-IP@ à Hypervisor2-IP@ [GRE VM1-IP@ à VM2-IP@] VM VM
VM1-IP@ à VM2-IP@
Why people use OpenStack with Neutron? • Neutron improves over nova-network in multiple areas
• Larger number of Network Topologies and services supported • L3: Self-Tenant provisioning
• Security (ingress + egress rules support)
• LBaSS
• VPNaSS (coming)
• Supports overlay • Remove the VLAN limitation (using overlay with GRE)
• Enables Choice! • Open to 3rd party solution:
• VMware NSX Plugin (Nicira Plugin)
• LinuxBridge Plugin
• OVS Plugin
• Cisco UCS / Nexus 5000 Plugin
• NEC Ryu Plugin
Neutron – Open Source OVS Plugin Architecture The following components play a role in the open source OVS Plugin Architecture
Neutron-OVS-Agent: Receives tunnel & flow setup information from OVS-Plugin and programs OVS to build tunnels and to steers traffic into those tunnels
Neutron-DHCP-Agent: Sets up dnsmasq in a namespace per configured network/subnet, and enters mac/ip combination in dnsmasq dhcp lease file
Neutron-L3-Agent: Sets up iptables/routing/NAT Tables (routers) as directed by OVS Plugin
In most cases GRE overlay tunnels are used, but flat and vlan modes are also possible
IP Stack
Neutron- Network-Node
nova-compute
hypervisor VM VM
IP Stack
Compute Node
nova-compute
hypervisor VM VM
Compute Node
External Network
(or VLAN)
WAN/Internet
Routing/iptables
Layer 3 Transport Network
dnsmasq NAT & floating
-IPs Routing/iptables
N.-L3-Agent N.-DHCP-Agent N.-OVS-Agent
ovsdb/ ovsvsd
Neutron-Server + OVS-Plugin
N.-OVS-Agent N.-OVS-Agent
ovsdb/ ovsvsd
ovsdb/ ovsvsd
Layer 3 Transport Net.
IP Stack
br-int br-int br-tun
br-int br-tun
br-tun
L2 in L3 (GRE) Tunnel
dnsmasq
br-ex
iptables iptables
Is Neutron ready for Production?
What do folks run in DEV/QA – Nova-network or Neutron?
Neutron deployments beat nova-network by about 5:1 in DEV/QA OpenStack environments
17
• Neutron: 169 deployments
• Nova-Network: 35 deployments
Reference: 2014 Openstack User Survey - http://www.slideshare.net/ryan-lane/openstack-atlanta-user-survey
What do folks run in DEV/QA – Nova-network or Neutron?
Neutron deployments beat nova-network by about 2.5:1 in production OpenStack environments
18
• Neutron: 135 deployments
• Nova-Network: 51 deployments
Reference: 2014 Openstack User Survey - http://www.slideshare.net/ryan-lane/openstack-atlanta-user-survey
Which backend or plugin do folks run with Neutron?
Open vSwitch (which is the opensource backend developed by Nicira/VMware) is the leading backend plugin for Networking & Neutron.
19
Reference: 2014 Openstack User Survey - http://www.slideshare.net/ryan-lane/openstack-atlanta-user-survey
Summary
20 CONFIDENTIAL
Nova-Network OpenStack Neutron Choice (VLAN/rigid model)
Dev/Test Deployments Production Deployments Use-cases supported L4-L7 Services & Ecosystem support
Join the (Rebel) Alliance. Let’s take Neutron to the next level!
Slidedeck location - http://www.slideshare.net/somikbehera
Resources
21
• This Deck: http://www.slideshare.net/somikbehera • OpenStack Neutron Hands-on-Lab session:
http://openstacksummitmay2014atlanta.sched.org/event/953131793228675251b38e9199fed940#.U3RQ461dUsY by Aaron Rosen
• Getting Started with Neutron & NSX Free 365 days a year, online Hands-on-Lab: http://labs.hol.vmware.com/ ( Search for OpenStack or HOL-SDC-1320)
• Older deck on Why we need Neutron - http://www.slideshare.net/somikbehera/openstack-quantum-past-present-future