Presentation is loading. Please wait.

Presentation is loading. Please wait.

7th OpenSTACK USER group nordics

Published byJustin Webb Modified over 9 years ago

Similar presentations

Presentation on theme: "7th OpenSTACK USER group nordics"— Presentation transcript:

1 7th OpenSTACK USER group nordics
OpenStack Neutron Spyridon Dosis 7th OpenSTACK USER group nordics

2 Outline Neutron Architecture Neutron and Linux Networking
Neutron and OpenvSwitch Network Packet Flows Distributed Virtual Router

3 Neutron Overview OpenStack’s networking component, networking-as-a-service Create, configure, manage software-defined networks First introduced in Havana release, renamed from ‘Quantum’ Pluggable architecture enabling additional services e.g. load-balancing-as-a-service (LBaaS), VPN-as-a-service (VPNaaS), DNS-as-a-service (DNSaaS) interface with L2 & L3 hardware, SDN controllers etc.

4 Neutron in OpenStack Neutron uses Keystone (Identity Service) for authenticating / authorizing all API requests Integration with Horizon enabling tenants to create networks / subnets and cloud users to connect instances to tenant / provider networks through virtual NICs Interaction with Nova for the required ‘plugging’ of the virtual NICs to the VM instances

5 Neutron Terminology Provider Network Tenant Network
Networks defined in OpenStack that map to the existing data center’s physical network Support for either flat or VLAN network types Can be shared among the tenants Tenant Network Networks defined by OpenStack tenants’ users Support for VLAN and GRE Route between tenant networks using the L3 agent and the Neutron routers Image taken from

6 A Basic Setup Demo Setup in VMWare Workstation
Management Network ( /24) controller network computeA compute Data Network ( /24) network computeA compute External Network ( /24) controller computeA computeC Image taken from

7 Tenant Network Features
Support for Overlapping IPs Multiple Tenants having the same internal subnets (e.g /24) but still remain isolated Configuration DHCP / Host routes / DNS name servers Metadata (e.g. SSH-key injection) Security Groups Ingress / Egress Rule Configuration Floating IPs (1:1 NAT) Support for IPv6

8 Neutron Component Communication
Database neutron-server Message Queue L2 Agent(s) L3 / DHCP / Other Agents

9 Neutron Components neutron-server
Implements the REST API (v2) calls Interfaces with other OpenStack services via RPC calls Database persistence Translates between API and plugin calls The plugin implements the core networking (network ports, networks and subnets, IP addressing etc.) Either implements directly or proxies to dedicated 3rd party hardware/software solution

10 ML2 Plugin A modular framework replacing previous monolithic plugins (openvswitch, linuxbridge) Network Type Drivers Flat, GRE , VLAN, VXLAN TypeDrivers Network Mechanism Drivers OpenvSwitch , Linuxbridge, Cisco Nexus etc. Allows multiple mechanisms to be used simultaneously

11 Open vSwitch An open source, software-based virtual switch
Supports distribution across multiple physical servers Supports many features e.g. VLAN,GRE, VXLAN, NetFlow, sFlow, LACP The OpenvSwitch plugin is loaded by the Neutron service Receives API calls and stores the corresponding network data in a database backend The OpenvSwitch agent that runs on each compute node Reads the database and implements the network model / configures the network flows on the local vSwitch instance.

12 GRE (Generic Routing Encapsulation)
Used to create virtual point-to-point links over IP (L2-in-L3) The GRE Header It has some benefits over VLANs such as being a routable protocol and not requiring e.g Q on physical switches / physical network interfaces

13 Linux Network Namespaces & Neutron
The ability to create logical and separate network stacks assigned to group of processes Each stack has its own routing table, firewall rules, network interfaces L3 agent creates a network namespace per virtual router and dnsmasq process Create and attach veth (virtual Ethernet interfaces) to a network namespace Connect the network namespaces to physical network interfaces via a bridge (e.g. linuxbridge or Openvswitch bridge)

14 A Network Packet Flow through Neutron
Packet exits the VM’s ethX interface through a tap virtual Ethernet interface that connects to a Linux Bridge where iptables rules are applied. ipset optimization Connect the Linux Bridge with the OpenvSwitch br-int using a veth pair (qvb & qvo) – VLAN tagging at br-int Pass traffic to br-tun through patch interfaces Reach network node through the GRE tunnel Pass traffic to br-int (network node) through patch interfaces Deliver to virtual router and then exit though br-ex Image taken from

15 Neutron @ Juno Distributed Virtual Router – DVR
“router_distributed” configuration under neutron.conf agent_mode= dvr_snat for network node agent_mode = dvr for compute node(s) Need for l2population mechanism Compute node(s) connects to provider network SNAT still centralized for VMs without floating IPs

16 Neutron @ Juno North-South (floating IP)
DNAT per compute node when floatingIP is in use Default route via FIP-NS Point-to-point link between the router and the FIP namespaces Proxy-ARP for floating IPs on br-ex East-West traffic (tenant subnet-to-subnet) DVR router with the same IP and MAC address at each compute host Local DVR router maintains ARP cache of all the subnet hosts Avoid communication through the central L3 agent or ARP broadcasts

17 References videos/presentation/openstack-neutron-modular-layer-2-plugin-deep-dive juno

18 Thank You!

19 Appendix – Useful Commands
ps aux | grep ovs - Show running OpenvSwitch processes virsh list -- Show running KVM instances virsh dumpxml instance-XXXX | less -- Show KVM instance configuration brctl show -- Show linux bridges and their connected interfaces ipset list -- View the ipset defined ethtool -S qvbXXXX - Print the interface index of the veth's peer ip link list | grep ^XX - Print the veth's peer interface ovs-vsctl list-br - Lists existing OVS bridges ovs-vsctl list-ports br-int - Lists ports per OVS bridge

20 Appendix – Useful Commands
ovs-vsctl show - Brief overview of the database contents ovs-ofctl show br-tun -- Switch information such as flow tables and ports ovs-ofctl dump-flows br-tun -- Flows ip netns ls - List network namespaces ip netns exec $ROUTER1 ip addr - Network interfaces for a specific network namespace ip netns exec $ROUTER1 ip route - Routing table for a specific network namespace ip netns exec $ROUTER1 iptables -t nat - IP tables NAT rules for a specific network namespace

Download ppt "7th OpenSTACK USER group nordics"

Similar presentations

Modular Layer 2 In OpenStack Neutron

Modular Layer 2 In OpenStack Neutron
© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.

© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Kyle Mestery Principal Engineer, Office of the Cloud CTO, Cisco.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Kyle Mestery Principal Engineer, Office of the Cloud CTO, Cisco.
Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc.

Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle’s Next-Generation SDN Platform Andrew Thomas Architect Corporate Architecture.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle’s Next-Generation SDN Platform Andrew Thomas Architect Corporate Architecture.
DOT – Distributed OpenFlow Testbed

DOT – Distributed OpenFlow Testbed
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1 Linux Foundation Collaboration Summit19 February 2015 IPv6-enabled OPNFV Bin Hu IPv6 Project Lead, OPNFV Other contributors of presentation Henry Gessau,

1 Linux Foundation Collaboration Summit19 February 2015 IPv6-enabled OPNFV Bin Hu IPv6 Project Lead, OPNFV Other contributors of presentation Henry Gessau,
Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.

Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.
A 5 minutes intro to Openstack (and a few more minutes on Openstack Networking) Salvatore Orlando 3 rd OSUG Italy Meetup Rome, May 9 th 2013.

A 5 minutes intro to Openstack (and a few more minutes on Openstack Networking) Salvatore Orlando 3 rd OSUG Italy Meetup Rome, May 9 th 2013.
Performance Evaluation of Open Virtual Routers M.Siraj Rathore

Performance Evaluation of Open Virtual Routers M.Siraj Rathore
10/04/12 Under the Hood: Network Virtualization with OpenStack Neutron and VMware NSX Somik Behera – NSX Product Manager Dimitri Desmidt - NSX Senior Technical.

10/04/12 Under the Hood: Network Virtualization with OpenStack Neutron and VMware NSX Somik Behera – NSX Product Manager Dimitri Desmidt - NSX Senior Technical.
SDN in Openstack - A real-life implementation Leo Wong.

SDN in Openstack - A real-life implementation Leo Wong.
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
CECS 474 Computer Network Interoperability Tracy Bradley Maples, Ph.D. Computer Engineering & Computer Science Cal ifornia State University, Long Beach.

CECS 474 Computer Network Interoperability Tracy Bradley Maples, Ph.D. Computer Engineering & Computer Science Cal ifornia State University, Long Beach.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Networking Components

Networking Components

Similar presentations

Ads by Google