vbrownbag openstack networking talk
DESCRIPTION
My slides from the 04-08-2013 vBrownBag Podcast around OpenStack Networking.TRANSCRIPT
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Kyle Mestery
Technical Leader, Office of the Cloud CTO, Cisco
Mark Voelker
Technical Leader, SDU, Cisco
OpenStack Networking
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 2
PLEASE NOTE: OpenStack Quantum is now called purely OpenStack Networking
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 3
Before we start …
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Real OpenStack Networking Hackers Code In The Snow
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
OpenStack + Networking: beginnings of a virtual data center• Advantages of cloud computing
On-demand virtualized resources, self-service, lower cost
Resources managed by others
• Ability to create your own isolated private networks
• Extensible
• Challenge!!Easy-to-use
Minus the complexity of the traditional data center
Should work with different networking infrastructure
OpenStackNetworking
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
OpenStack Design Summit April 2011
• Compute service (EC2): virtual machines• Specify vCPU, Memory, Disk
• Launch instance (image, mem_size, disk)
• Suspend, clone, migrate
• Storage service (S3, EBS): virtual disks• Specify storage amount, access rights
• Store object
• Create/attach block
• What to do about networks?Simplistic implementation
Embedded in the compute component
App Svr
OS
VM
??
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
2011 Design Summit - community-driven merger of proposals
NetworkServicePOCNTT/Midokura
NetworkContainersCisco
NetworkServiceCitrix/Rackspace/Nicira
NaaS Core DesignIntel
… more
OpenStackNetworking
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
OpenStack Networking ServiceResource abstractions and service interfaces
• Compute service (EC2): virtual machines• Launch instance (image, mem_size, disk)
• Suspend, clone, migrate
• Storage service (S3, EBS): virtual disks• Store object
• Create/attach block
• Network service (OpenStack Networking): virtual networks• Create/delete private network
• Attach VM to network resource
• Create subnets and routers
• Work with different networking environments
App Svr
OS
VM
App Svr
OS
VM
App Svr
OS
VM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
OpenStack Networking: A first class citizen in cloud computing
Cloud Platform - Developer API
Compute(Nova)
Servers
Storage(Swift)
Disks
Network(Quantum)
Networks
Identity(Keystone)
Portal(Horizon)
Images(Glance)
Applications OtherServices
Folsom Release
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
OpenStack Networking Abstractions Virtual Networks:
A basic dedicated L2 network segment
Common realization is a VLAN
Virtual Ports:
Attachment point for devices connecting to virtual networks.
Ports expose configuration and monitoring state via extensions (e.g., ACLs, QoS policies, Packet Statistics)
Subnets:
An IPAM construct to store CIDR
Also allows to set the Gateway IP and host routes
Virtual Routers
Per tenant routers
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
OpenStack Networking Plugins & Extensions Plugin:
Realization of the OpenStack Networking abstractions
Supports different back-end technologies and vendors
One plugin per OpenStack Networking deployment (there could be sub-plugins managed by the main plugin)
Examples: Linux Bridge Plugin, OVS Plugin, Cisco (Nexus)
Extensions:
API Extensibility for new or back-end specific features
Example: Port-profiles, quality-of-service, etc.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Extending OpenStack Networking to support L3 Constructs Routing within the
tenant (support multi-tier topologies)
Overlapping IP addresses
Support gateways – Internet, VPN
Support other L3 services – LB, Firewall, Caching, etc.
Hybrid Cloud (Public + Private)
Further evolve OpenStack Networking to be a multi-tenant network service for creating virtual data centers (application specific topologies + network services)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
OpenStack Networking Plugins in Grizzly• BigSwitch
• Brocade
• Cisco Nexus
• Hyper-V
• Linux Bridge
• Meta Plugin
• Midokura Midonet
• NEC OpenFlow
• Nicira NVP
• Open vSwitch
• PLUMgrid
• Ryu OpenFlow
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Big Changes in OpenStack Networking in Grizzly• Large increase in the number of plugins upstream
• LBaaSFramework
Drivers
More to come
• Multiple agent supportSimple scheduler
Ability to balance tenants across multiple network nodes
Cannot balance a tenant across multiple nodes (planned for Havana)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 15
So what does this all look like?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Quantum L2 Agent
Nova Compute
Control Node
Quantum L2 Agent
Nova Compute
Control Node
Typical Grizzly OpenStack Networking Deployment w/ OVS
Quantum Serverand Plugin
Nova
…
Quantum L2 Agent
Nova Compute
Control Node Compute Node
Quantum L2 Agent
Quantum L3 Agent
Quantum DHCP Agent
Network Node
External Network
Management Network
Data Network
br-ex
ethX
ethX
ethX
Quantum L2 Agent
Quantum L3 Agent
Quantum DHCP Agent
Network Node
Quantum L2 Agent
Quantum L3 Agent
Quantum DHCP Agent
Network Node
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 17
Host Network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Host Networking: OVS
eth0
Tenant B Network
Management Network
Data Network
eth1 eth2
bond0
VM1 VM1 VM1
br-int
Tenant A Networkbr-tun
Linux Bridge Linux Bridge Linux Bridge Security Groups rules applied here
VLANs used for isolation amongst tenants here
GRE Keys used to isolate tenant traffic in the tunnel
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 19
Cisco Plugin in Grizzly
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Tenant A – VLAN 100 VM 1
10.0.0.3
Nexus 3K
br-int
eth0
br-eth0
Host 1
Tenant B – VLAN 200 VM 1
10.0.1.3
br-int
eth0
br-eth0
Host 2
Tenant A – VLAN 100 VM 2
10.0.0.4
Nexus 3K
br-int
eth0
br-eth0
Host N-1
Tenant B – VLAN 200 VM 2
10.0.1.4
br-int
eth0
br-eth0
Host N
Quantum
Controller Node
Cisco NexusPlugin
Nexus Interface
Driver
QuantumOVS
Plugin
VLAN 100 VLAN 200 VLAN 100 VLAN 200
eth0 eth0 eth0 eth0
Communication with plugin agents on hosts
Communication with Nexus switches using Netconf
…