A quick introduction to Openstack Network Features, an overview of the Open vSwitch plugin with logical-2-physical mappins 3rd meetup Openstack User Group Italy

1. A 5 minutes intro to Openstack
(and a few more minutes on Openstack Networking)
Salvatore Orlando
3rd OSUG Italy Meetup
Rome, May 9th 2013

3. Ecosystem
Releated/Unofficial Projects
Incubating Projects
Openstack is the code
For more info: https://wiki.openstack.org/wiki/Projects
Integrated
Projects

4. Openstack is even more code!
Client
librariesDocumentation
(api, admin, …)
Infrastructure
Gating
(tempest,
devstack, …)

5. Openstack is the community
• May 8th 2013: 9,342 people from 87 countries
• Interact via:
– Mailing lists: general, development, documentation,
operators …
– Ask Openstack (ask.openstack.org)
– Launchpad
• Home to all openstack integrated projects
– IRC (#openstack-101, #openstack, #openstack-dev, …)
– Local User Groups (like today!)
– Summit & Conference (twice a year)

6. See Openstack evolving,
everyday
• http://status.openstack.org
– Release status
– Active Reviews
• https://github.com/openstack
– Grab the code

7. (Virtual) Networking in Openstack
• Nova-network
– L2/L3 networking with IP address management
– Security Groups
– Floating Ips and external gateway (SNAT)
– Network redundancy with ‘multi-host’
– 3 Network Managers:
• Flat, FlatDHCP: L3 isolation via security groups
• VLAN Manager: L2 isolation
• The project formerly known as Quantum*
– L2 networking with choice of segmentation/virtualization techniques
– Shared L2 networks
– “Provider mappings” for L2 networks
– IPAM with overlapping IPs and built-in, scalable DHCP
– Security Groups
– L3 east-west traffic (inter-subnet routing)
– Static route configuration
– Floating Ips and external gateway (SNAT)
– Load Balancing
– Nova metadata integration
– Wide choice of pluggable backends

8. Openstack Network quick intro
Quantum is an Openstack project to provide
“networking as a service” between interface
devices (e.g., vNICs) managed by other
Openstack services (e.g., nova)
• Manages network virtualization
– just like compute (nova) manages server virtualisation
• Advocates multi-tenancy
• Technology-agnostic

9. Openstack Network:
basic architecture
• Simple technology agnostic API
• Plugin translates API request
into concrete, technology
specific implementation
• API guarantees isolation of
resources from management perspective
• Plugin ensures isolation at data plane
API Server
Plugin
Authentication
API Requests

10. Plugin classification
• Built-in
– Solution (management, control, and data plane)
entirely contained in the Quantum source tree
• 3rd party
– Plugin proxies request to an external “controller”
– Can use one or more built-in components (e.g.:
DHCP Agent, L3 agent)
– 3rd party plugins can either be Open Source or
Commercial

11. Quick plugin reference
Built-in Hyper-V
Linux Bridge
Open vSwitch
3rd party - Opensource Big Switch
NEC
Ryu
3rd Party - Commercial Big Switch (?)
Brocade
Cisco
Midonet
Nicira NVP
Plumgrid

12. Openstack Network Architecture
Open vSwitch plugin
Quantum Server
OVS Plugin
DHCP Agent
L3 Agent
Metadata Agent
L2 Agent
L2 Agent L2 Agent L2 Agent
AMPQ
Load Balancing AgentAPI Node
Network Services Node
Compute Node Compute Node Compute Node

13. Logical View
Net-A1 Net-A2 Net-B1
Rtr-A Rtr-B
External Network
Tenant “A” Tenant “B”
DHCP DHCP DHCPA1
1
A1
2
A2
1
B1
1
B1
2
Internal
Gateway
Internal
Gateway
Internal
Gateway
External
Gateway
External
Gateway

14. Physical realization
OVS Plugin – GRE Overlays
Compute Node C2 Compute Node C3
Network NodeCompute Node C1
Br-tun
Br-int
Br-tun
Br-int
Br-tun
Br-int
Br-tun
Br-int
A1
2
B1
1
B1
2
A2
1
A1
1
Local VLAN tags
converted into GRE keys
(and vice versa)
DHCP
L3
Br-ex

15. Network node - Details
Br-tun
Br-int
DHCPL3
Br-ex
NS-Net-A1
NS-Net-A2
NS-Net-B1
Dnsmasq
10.0.0.0/24
Dnsmasq
10.0.0.0/24
Dnsmasq
10.0.1.0/24
NS-Rtr-B
NS-Rtr-A
Iptables
SNAT/DNAT
Iptables
SNAT/DNAT
L3
Fwd
L3
Fwd