openstack in action 4! emilien macchi & sylvain afchain - what's new in neutron ?
DESCRIPTION
Paris, 5th December 2013 : OpenStack in Action 4! organized by eNovance, brings together members of the OpenStack community.TRANSCRIPT
What's new in virtual OpenStack networking
from eNovance import Neutron
Sylvain Afchain • Senior Developer • Neutron contributor
Emilien Macchi
• OpenStack Engineer • Automation, deployments
Founded 2008 Team 90+ Growth 200% Clients 200+
Neutron
“Pluggable, scalable, API-driven network and IP management”
New features in Havana
Before ML2...
Neutron server with
Open-vSwitch plugin
Neutron server with
Linux Bridge plugin
OR OR...
ML2 (Modular Layer 2)
• New reference plugin • Handles numerous of L2 technologies: Flat, VLAN,
VXLAN, GRE • Works with existing drivers: Linux Bridge, Open-vSwitch,
Arista, Cisco, Hyper-V • New mechanism: L2 population (partial-mesh and
forwarding table population)
Before L2 population...
Full mesh
With L2 population
Partial mesh
FWaaS
VM
BR-INT
BR-EX
VM
VROUTER
SECURITY GROUPS
Without...
Layer 2
Layer 3
FWaaS
VM
BR-INT
BR-EX
VM
VROUTER
SECURITY GROUPS
With... VM
BR-INT
BR-EX
VM
VROUTER
FIREWALL
SECURITY GROUPS Layer 2
Layer 3
FWaaS (Firewall as a Service)
• Service plugin + Agent + Drivers • Concept: IPtables rules on virtual routers • Drivers: IPtables or vArmour • Complements Security Groups
VPNaaS (virtual private network)
• Scope: Layer 3 Site-to-site (IPsec) • Experimental in Havana • Only preshared keys, no certificates • OpenSwan as default driver
VPNaaS
VM VM VM
VPN
Router Router
10.0.0.4 10.0.0.5
172.24.1.0/24
10.1.0.5
10.1.0.1
172.24.1.22
10.0.0.1
172.24.1.21
Metering
• Service plugin + Agent + Drivers • Concept: IPtables rules on virtual routers • Drivers: IPtables • Collects traffic counters with labels and sends to Ceilometer • Next steps: use metering for Layer 3 scheduling
Roadmap to Icehouse
L3 high availability
• Bring high availability on virtual routers • Delete SPOF in L3 Agent • Allow routers to be scheduled on two L3 Agents • Master / Slave model • VIP managed by Keepalived • TCP sessions managed by conntrackd • Add new L3 schedulers
L3 high availability
VM
BR-INT
BR-EX
Internet
VM
VROUTER
Without...
L2 Agent
L3 Agent
VM lost connectivity
L3 high availability
VM
BR-INT
BR-EX
Internet
VM
VROUTER
Without...
L2 Agent
L3 Agent
With...
VM lost connectivity
VM
BR-INT
BR-EX
Internet
VM
VROUTER 2 L3 Agents VROUTER
External connectivity is backuped
L3 on edge? (proposal)
• Move floating IP on compute nodes • Improve North-South traffic • VMs without floating IP continue to use L3 agent to
reach external networks • VMs with floating IP reach external network on the
compute edge.
Havana follow-up
• VPNaaS: SSL support with OpenVPN driver • VPNaaS: Layer 2 private networks (L2TP, MPLS) • LBaaS: new drivers (vendors) • Metering: improve API to get traffic counters
Icehouse: new puppies
• L2 driver for OpenDaylight • Framework for Advanced Services in Virtual Machines • Neutron server is multi-workers • More Tempest coverage (QA) • L3 scheduling improvements