SlideShare ist ein Scribd-Unternehmen logo

How Quantum configures Virtual Networks under the Hood?

Etsuji Nakai
Etsuji Nakai
Technologie
1 von 35
Downloaden Sie, um offline zu lesen
Quantum Under the Hood Open Cloud Campus How Quantum Configures Virtual Networks Under the Hood? 2012/12/10 ver1.2 E.Nakai (Twitter @enakai00)
Quantum Under the Hood Physical and Logical Configuration Open Cloud Campus 2
Quantum Under the Hood Physical Network Connection and Agent Placement Public Network Management Network Instances are launched インスタンスが Virtual Routers on these nodes 起動するノード are configured here eth0 eth2 eth0 eth0 Network Node Quantum Service Compute Node Compute Node L2 Agent L2 Agent L2 Agent DHCP Agent L3 Agent Quantum Service can be eth1 eth1 eth1 placed on anther node Private Network Open Cloud Campus 3
Quantum Under the Hood Logical Configuration of the Virtual Network - Case1 Some network can be dedicated to a specific tenant Each instance can choose connected private network. Connections from/to Public Network (Multiple choice is allowed.) are NAT-ed here NAT Router and Firewall Public Network Packets from different subnet are filtered with the “Security Group.” net01 net02 Private Network Private Network (Subnet01) (Subnet02) Packets between same subnet are not filtered. Open Cloud Campus 4
Quantum Under the Hood Logical Configuration of the Virtual Network - Case2  By assigning a dedicated router for each tenant, each tenant can create its own private networks freely, even overlapping subnets can be used by multiple tenants. Public Network Connections from/to other Tenants or Public Network are NAT-ed here Router for Router for TenantA TenantB Subnet01 Subnet02 Subnet03 Subnet04 192.168.1.0/24 192.168.2.0/24 192.168.1.0/24 192.168.2.0/24 net01 net02 net03 net04 Open Cloud Campus 5
Quantum Under the Hood Notes on the Configuration  There are various plugin's for L2 Agent. In this document, we describe “LinuxBridge plugin” and “Open vSwitch plugin” which provides basic bridge functionality using Linux bridge / Open vSwitch.  The single Network Node could be a potential bottle neck and a single point of failure. There is a lot of design discussion about it in the upstream.  Currently dnsmasq is used by DHCP agent as in the following charts, but different DHCP options are possible by design. Other options may be added in the future.  Network Namespace support is _not_ mandatory for Case1 configuration. If you want to use multiple routers (and optionally the overlapping IP address feature), however, you have to use Case2 design and Network Namespace support is required there.  It depends on Linux distributions whether you can use the Network Namespace feature. For example, RHEL6.3/6.4 doesn't support it. Fedora17/18 supports it. Open Cloud Campus 6
Quantum Under the Hood Network Components configured by LinuxBridge Plugin using VLAN separation - Case1 Configuration - NAT Router and Firewall Public Network net01 net02 Private Network Private Network (Subnet01) (Subnet02) Model Network of this Section vm01 vm02 vm03 Open Cloud Campus 7
Quantum Under the Hood Network Components on Compute Nodes TAP device Configured by Nova Compute VLAN device vm01 vm02 vm03 Linux Bridge IP IP IP IP eth0 eth0 eth1 eth0 IP is assigned via dnsmasq running on Network Node tap01 tap02 tap03 tap04 brqXXXX brqYYYY net01 net02 VLAN device is created for eth1.101 eth1.102 each private network Configured by L2 Agent eth1 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 8
Quantum Under the Hood Network Components on Network Nodes To Public Network Configured by L3 Agent eth0 veth pair Linux Bridge tapVVV brqxxxx VLAN device NAT with iptables IP qg-VVV dnsmasq dnsmasq dnsmasq is assigned to each subnet IP IP IP IP ns-XXX qr-YYY qr-ZZZ ns-WWW tapXXX tapYYY tapZZZ tapWWW Configured by DHCP Agent brqxxxx brqxxxx Suffix “xxxx” is derived from net01 net02 the head of network UUID. eth1.101 eth1.102 Configured by L2 Agent eth1 To Private Network Open Cloud Campus 9
Quantum Under the Hood Network Namespace Separation To Public Network eth0 Suffix “bbbb” corresponds Network to router UUID. Namespace tapVVV brqxxxx qrouter-bbbb IP qdhcp-cccc qdhcp-aaaa qg-VVV Suffix “aaaa” corresponds to network UUID. dnsmasq dnsmasq IP IP IP IP ns-XXX qr-YYY qr-ZZZ ns-WWW tapXXX tapYYY tapZZZ tapWWW brqxxxx brqxxxx net01 net02 eth1.101 eth1.102 eth1 To Private Network Open Cloud Campus 10
Quantum Under the Hood Network Components configured by LinuxBridge Plugin Plugin using VLAN separation - Case2 Configuration - Public Network Router for Router for TenantA TenantB Model Network of this Section vm01 vm02 vm03 vm04 Open Cloud Campus 11
Quantum Under the Hood Network Components on Compute Nodes TAP device Configured by Nova Compute VLAN device vm01 vm02 vm02 vm03 Linux Bridge IP IP IP IP eth0 eth0 eth0 eth0 IP is assigned via dnsmasq running on Network Node tap01 tap02 tap03 tap04 brqXXXX brqYYYY net01 net02 VLAN device is created for eth1.101 eth1.102 each private network Configured by L2 Agent eth1 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 12
Quantum Under the Hood Network Components on Network Nodes To Public Network Configured by L3 Agent brqxxxx eth0 veth pair Linux Bridge tapZZZ tapCCC NAT with iptables VLAN device IP IP qg-ZZZ qg-CCC dnsmasq dnsmasq dnsmasq is assigned to each subnet IP IP IP IP ns-XXX qr-YYY qr-BBB ns-AAA tapXXX tapYYY tapBBB tapAAA Configured by DHCP Agent brqxxxx brqxxxx Suffix “xxxx” is derived from net01 net02 the head of network UUID. eth1.101 eth1.102 Configured by L2 Agent eth1 To Private Network Open Cloud Campus 13
Quantum Under the Hood Network Components on Network Nodes To Public Network brqxxxx eth0 Network Suffix “bbbb” corresponds Namespace to router UUID. tapZZZ tapCCC IP qrouter-bbbb IP qrouter-cccc qdhcp-aaaa qg-ZZZ qg-CCC qdhcp-dddd Suffix “aaaa” corresponds to network UUID. dnsmasq dnsmasq IP IP IP IP ns-XXX qr-YYY qr-BBB ns-AAA tapXXX tapYYY tapBBB tapAAA brqxxxx brqxxxx net01 net02 eth1.101 eth1.102 eth1 To Private Network Open Cloud Campus 14
Quantum Under the Hood Network Components configured by Open vSwitch Plugin using VLAN separation - Case1 Configuration - NAT Router and Firewall Public Network net01 net02 Private Network Private Network (Subnet01) (Subnet02) Model Network of this Section vm01 vm02 vm03 Open Cloud Campus 15
Quantum Under the Hood Network Components on Compute Nodes Configured by Nova Compute TAP device vm01 vm02 vm03 IP IP IP IP eth0 eth0 eth1 eth0 veth pair Linux Bridge vnet0 vnet1 vnet2 vnet3 qbrXXX qbrYYY qbrZZZ qbrWWW Open vSwitch qvbXXX qvbYYY qvbZZZ qvbWWW qvoXXX qvoYYY qvoZZZ qvoWWW Port VLAN tag:1 Port VLAN tag:2 Tenant flows are separated br-int by internally assigned VLAN ID int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 phy-br-eth1 dl_vlan=102 ⇒ mod_vlan_vid:2 br-eth1 Tenant flows are separated by user defined VLAN ID eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 dl_vlan=2 ⇒ mod_vlan_vid:102 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 16
Quantum Under the Hood Network Components on Network Node To Public Network Internal port eth1 veth pair br-ex phy-br-ex NAT with iptables qg-VVV Open vSwitch IP dnsmasq Configured by L3 Agent dnsmasq dnsmasq is assigned to each subnet IP IP IP IP tapXXX qr-YYY qr-ZZZ tapWWW Configured by DHCP Agent Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 dl_vlan=102 ⇒ mod_vlan_vid:2 phy-br-eth1 br-eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 eth1 dl_vlan=2 ⇒ mod_vlan_vid:102 To Private Network Open Cloud Campus 17
Quantum Under the Hood Network Namespace Separation To Public Network Network eth1 Namespace br-ex phy-br-ex qg-VVV qrouter-bbbb IP Suffix “bbbb” corresponds to router UUID. dnsmasq dnsmasq qdhcp-aaaa qdhcp-cccc IP IP IP IP Suffix “aaaa” corresponds tapXXX qr-YYY qr-ZZZ tapWWW to network UUID. Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 phy-br-eth1 br-eth1 eth1 To Private Network Open Cloud Campus 18
Quantum Under the Hood Network Components configured by Open vSwitch Plugin using VLAN separation - Case2 Configuration - Public Network Router for Router for TenantA TenantB Model Network of this Section vm01 vm02 vm03 vm04 Open Cloud Campus 19
Quantum Under the Hood Network Components on Compute Nodes Configured by Nova Compute vm01 vm02 vm03 vm04 TAP device IP IP IP IP eth0 eth0 eth0 eth0 veth pair Linux Bridge vnet0 vnet1 vnet2 vnet3 qbrXXX qbrYYY qbrZZZ qbrWWW Open vSwitch qvbXXX qvbYYY qvbZZZ qvbWWW qvoXXX qvoYYY qvoZZZ qvoWWW Port VLAN tag:1 Port VLAN tag:2 Tenant flows are separated br-int by internally assigned VLAN ID int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 phy-br-eth1 dl_vlan=102 ⇒ mod_vlan_vid:2 br-eth1 Tenant flows are separated by user defined VLAN ID eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 dl_vlan=2 ⇒ mod_vlan_vid:102 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 20
Quantum Under the Hood Network Components on Network Node To Public Network Internal port eth1 veth pair br-ex phy-br-ex NAT with iptables qg-ZZZ qg-CCC Open vSwitch IP IP dnsmasq Configured by L3 Agent dnsmasq dnsmasq is assigned to each subnet IP IP IP IP tapXXX qr-YYY qr-BBB tapAAA Configured by DHCP Agent Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 dl_vlan=102 ⇒ mod_vlan_vid:2 phy-br-eth1 br-eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 eth1 dl_vlan=2 ⇒ mod_vlan_vid:102 To Private Network Open Cloud Campus 21
Quantum Under the Hood Network Namespace Separation To Public Network Network eth1 Namespace br-ex phy-br-ex qg-ZZZ qg-CCC qrouter-bbbb qrouter-cccc Suffix “bbbb” corresponds IP IP to router UUID. dnsmasq dnsmasq qdhcp-aaaa qdhcp-dddd IP IP IP IP Suffix “aaaa” corresponds tapXXX qr-YYY qr-BBB tapAAA to network UUID. Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 phy-br-eth1 br-eth1 eth1 To Private Network Open Cloud Campus 22
Quantum Under the Hood Notes on the Configuration  On Compute Nodes, the use of Linux Bridge between the integration switch (br-int) and VM tap devices may look redundant. But It's required for Nova's security group feature to work. They are configured with Nova's “LibvirtHybridOVSBridgeDriver”.  You can choose another driver if you don't need the security group functionality. Then, the configuration will be different.  The security group feature will be integrated with Quantum in the future, and this would be more simplified. Open Cloud Campus 23
Quantum Under the Hood Example of Configuration Steps Open Cloud Campus 24
Quantum Under the Hood Example Configuration Steps for Case1 (1/2)  Under the “service” tenant, create the shared router, define the public network, and set it as a default gateway of the router. # tenant=$(keystone tenant-list | awk '/service/ {print $2}') # quantum router-create router01 # quantum net-create --tenant-id $tenant public01 --provider:network_type flat --provider:physical_network physnet1 --router:external=True # quantum subnet-create --tenant-id $tenant --name public01_subnet01 --gateway 10.64.201.254 public01 10.64.201.0/24 --enable_dhcp False # quantum router-gateway-set router01 public01  Under the user tenant “redhat”, create the private network “net01” and its subnet, and connect it to the router. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum net-create --tenant-id $tenant net01 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 101 # quantum subnet-create --tenant-id $tenant --name net01_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router01 net01_subnet01 Open Cloud Campus 25
Quantum Under the Hood Example Configuration Steps for Case1 (2/2)  Another network “net02” can be added in the same way. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum net-create --tenant-id $tenant net02 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 102 # quantum subnet-create --tenant-id $tenant --name net02_subnet01 net02 192.168.102.0/24 # quantum router-interface-add router01 net02_subnet01 Open Cloud Campus 26
Quantum Under the Hood Example Configuration Steps for Case2 (1/2)  Under the “service” tenant, define the public network. # tenant=$(keystone tenant-list | awk '/service/ {print $2}') # quantum net-create --tenant-id $tenant public01 --provider:network_type flat --provider:physical_network physnet1 --router:external=True # quantum subnet-create --tenant-id $tenant --name public01_subnet01 --gateway 10.64.201.254 public01 10.64.201.0/24 --enable_dhcp False  Under the user tenant “redhat”, create the tenant router and set its gateway for the public network. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum router-create --tenant-id $tenant router01 # quantum router-gateway-set router01 public01  Then, define private network “net01” and its subnet, and connect it to the router. # quantum net-create --tenant-id $tenant net01 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 101 # quantum subnet-create --tenant-id $tenant --name net01_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router01 net01_subnet01 Open Cloud Campus 27
Quantum Under the Hood Example Configuration Steps for Case2 (2/2)  Additonal router and private networks for another tenant “redhat2” can be added in the same way. # tenant=$(keystone tenant-list|awk '/redhat2/ {print $2}') # quantum router-create --tenant-id $tenant router02 # quantum router-gateway-set router02 public01 # quantum net-create --tenant-id $tenant net02 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 102 # quantum subnet-create --tenant-id $tenant --name net02_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router02 net02_subnet01 Open Cloud Campus 28
Quantum Under the Hood iptable chains Open Cloud Campus 29
Quantum Under the Hood Packet filtering chains on Compute Nodes filter table Packet filtering for instances are done on Compute Nodes FORWARD nova-filter-top Filtering chain is created for nova-compute-local each instance. nova-compute-inst-xx Packets from the same Subnet are not filtered. nova-compute-provider Security Group is Packets from the same subnet ACCEPT applied here Filtering by Security Group ACCEPT nova-compute-sg-fallback DROP nova-compute-FORWARD *These are configured by Nova Compute ACCEPT (“Security Group” is a part of Nova functions.) Open Cloud Campus 30
Quantum Under the Hood NAT chains on Network Node (1/2) Packet filtering for instances nat table POSTROUTING are done on Compute Nodes quantum-l3-agent-POSTROUTING Packets _not_ on Public NW port ACCEPT quantum-postrouting-bottom NAT is applied only at the edge of Public Network quantum-l3-agent-snat SNAT from Private IP quantum-l3-agent-float-snat to the associated Floating IP Packets from Private IP SNAT associated with Floating IP Packets from Private IP SNAT nova-api-POSTROUTING SNAT from Private IP to Router's Public IP nova-api-postrouting-bottom *These are mainly configured by L3 Agent. ACCEPT Open Cloud Campus 31
Quantum Under the Hood NAT chains on Network Node (2/2) nat table PREROUTING quantum-l3-agent-PREROUTING Packet to Floating IP DNAT nova-api-PREROUTING DNAT from Floating IP to the corresponding Private IP ACCEPT *These are mainly configured by L3 Agent. Open Cloud Campus 32
Quantum Under the Hood References Open Cloud Campus 33
Quantum Under the Hood References  OpenStack Network (Quantum) Administration Guide – http://docs.openstack.org/trunk/openstack-network/admin/content/index.html  Quantum L2 Linux Bridge Plugin – http://wiki.openstack.org/Quantum-Linux-Bridge-Plugin  QuickStart with RHOS(Red Hat OpenStack) Folsom Preview – http://d.hatena.ne.jp/enakai00/20121118/1353226066 Open Cloud Campus 34
Quantum Under the Hood Open Cloud Campus Enjoy the Life with OpenStack! Etsuji Nakai Twitter @enakai00

Empfohlen

Deep Dive Into Quantum
Deep Dive Into QuantumDeep Dive Into Quantum
Deep Dive Into QuantumOpenCity Community
 
Quantum Networks
Quantum NetworksQuantum Networks
Quantum NetworksOpenCity Community
 
CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るsamemoon
 
Ubuntu Cloud Juju
Ubuntu Cloud JujuUbuntu Cloud Juju
Ubuntu Cloud JujueNovance
 
draft_myungho
draft_myunghodraft_myungho
draft_myunghoMyungho Jung
 
CloudStack Performance Testing
CloudStack Performance TestingCloudStack Performance Testing
CloudStack Performance Testingbuildacloud
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Etsuji Nakai
 

Empfohlen

Deep Dive Into Quantum
Deep Dive Into QuantumDeep Dive Into Quantum
Deep Dive Into QuantumOpenCity Community
 
Quantum Networks
Quantum NetworksQuantum Networks
Quantum NetworksOpenCity Community
 
CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るsamemoon
 
Ubuntu Cloud Juju
Ubuntu Cloud JujuUbuntu Cloud Juju
Ubuntu Cloud JujueNovance
 
draft_myungho
draft_myunghodraft_myungho
draft_myunghoMyungho Jung
 
CloudStack Performance Testing
CloudStack Performance TestingCloudStack Performance Testing
CloudStack Performance Testingbuildacloud
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersKernel TLV
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Etsuji Nakai
 
Playing BBR with a userspace network stack
Playing BBR with a userspace network stackPlaying BBR with a userspace network stack
Playing BBR with a userspace network stackHajime Tazaki
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)Boden Russell
 
[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programming[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programmingnpinto
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?Jérôme Petazzoni
 
Virtual net performance
Virtual net performanceVirtual net performance
Virtual net performanceStephen Hemminger
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
 
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)npinto
 
Docker vs kvm
Docker vs kvmDocker vs kvm
Docker vs kvmWilson Cunalata
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleMajor Hayden
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroupsKernel TLV
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespacesLocaweb
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Boden Russell
 
Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012EneaSoftware
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Jérôme Petazzoni
 
Hack the whale
Hack the whaleHack the whale
Hack the whaleMarco Ferrigno
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyBoden Russell
 
Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksStephen Hemminger
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlanSuraj Deshmukh
 

Weitere ähnliche Inhalte

Was ist angesagt?

Playing BBR with a userspace network stack
Playing BBR with a userspace network stackPlaying BBR with a userspace network stack
Playing BBR with a userspace network stackHajime Tazaki
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in LinuxSadegh Dorri N.
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)Boden Russell
 
[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programming[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programmingnpinto
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?Jérôme Petazzoni
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
 
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)npinto
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleMajor Hayden
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroupsKernel TLV
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespacesLocaweb
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Boden Russell
 
Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012EneaSoftware
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Jérôme Petazzoni
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyBoden Russell
 

Was ist angesagt? (20)

Playing BBR with a userspace network stack
Playing BBR with a userspace network stackPlaying BBR with a userspace network stack
Playing BBR with a userspace network stack
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
Lightweight Virtualization in Linux
Lightweight Virtualization in LinuxLightweight Virtualization in Linux
Lightweight Virtualization in Linux
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
LXC – NextGen Virtualization for Cloud benefit realization (cloudexpo)
 
[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programming[Harvard CS264] 05 - Advanced-level CUDA Programming
[Harvard CS264] 05 - Advanced-level CUDA Programming
 
LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?LXC, Docker, security: is it safe to run applications in Linux Containers?
LXC, Docker, security: is it safe to run applications in Linux Containers?
 
Virtual net performance
Virtual net performanceVirtual net performance
Virtual net performance
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
 
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
[Harvard CS264] 07 - GPU Cluster Programming (MPI & ZeroMQ)
 
Docker vs kvm
Docker vs kvmDocker vs kvm
Docker vs kvm
 
Securing OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with AnsibleSecuring OpenStack and Beyond with Ansible
Securing OpenStack and Beyond with Ansible
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroups
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...
 
Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012Enea Linux and LWRT FTF China 2012
Enea Linux and LWRT FTF China 2012
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!
 
Hack the whale
Hack the whaleHack the whale
Hack the whale
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
 

Andere mochten auch

Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksStephen Hemminger
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelKernel TLV
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 

Andere mochten auch (6)

Linux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricksLinux Bridging: Teaching an old dog new tricks
Linux Bridging: Teaching an old dog new tricks
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface Manager
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Hardware Probing in the Linux Kernel
Hardware Probing in the Linux KernelHardware Probing in the Linux Kernel
Hardware Probing in the Linux Kernel
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 

Ähnlich wie How Quantum configures Virtual Networks under the Hood?

CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るsamemoon
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum openstackindia
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantumMiguel Lavalle
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes CoreOS
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignRandy Bias
 
OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012Dan Wendlandt
 
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deploymentsNeutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deploymentsThomas Morin
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first partlilliput12
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Affan Syed
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron) CREATE-NET
 
3.5 SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day3.5 SDN CloudStack Developer Day
3.5 SDN CloudStack Developer DayKimihiko Kitase
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksAdrien Blind
 
Dynamic composition of virtual network functions in a cloud environment
Dynamic composition of virtual network functions in a cloud environmentDynamic composition of virtual network functions in a cloud environment
Dynamic composition of virtual network functions in a cloud environmentFrancesco Foresta
 

Ähnlich wie How Quantum configures Virtual Networks under the Hood? (20)

CloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫るCloudStackユーザ会〜仮想ルータの謎に迫る
CloudStackユーザ会〜仮想ルータの謎に迫る
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 
Openstack Networking and ML2
Openstack Networking and ML2Openstack Networking and ML2
Openstack Networking and ML2
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network Design
 
OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012OpenStack Quantum: Cloud Carrier Summit 2012
OpenStack Quantum: Cloud Carrier Summit 2012
 
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deploymentsNeutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
 
Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpPushing Packets - How do the ML2 Mechanism Drivers Stack Up
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first part
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
OpenStack networking (Neutron)
OpenStack networking (Neutron) OpenStack networking (Neutron)
OpenStack networking (Neutron)
 
3.5 SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day3.5 SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day
 
Docker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined NetworksDocker networking basics & coupling with Software Defined Networks
Docker networking basics & coupling with Software Defined Networks
 
Dynamic composition of virtual network functions in a cloud environment
Dynamic composition of virtual network functions in a cloud environmentDynamic composition of virtual network functions in a cloud environment
Dynamic composition of virtual network functions in a cloud environment
 

Mehr von Etsuji Nakai

「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考えるEtsuji Nakai
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Etsuji Nakai
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowEtsuji Nakai
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスEtsuji Nakai
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモEtsuji Nakai
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsEtsuji Nakai
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English LearningEtsuji Nakai
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎Etsuji Nakai
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門Etsuji Nakai
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineEtsuji Nakai
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2Etsuji Nakai
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersEtsuji Nakai
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterEtsuji Nakai
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginnersEtsuji Nakai
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQNEtsuji Nakai
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかEtsuji Nakai
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜Etsuji Nakai
 

Mehr von Etsuji Nakai (20)

PRML11.2-11.3
PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3
 
「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える「ITエンジニアリングの本質」を考える
「ITエンジニアリングの本質」を考える
 
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実Googleのインフラ技術に見る基盤標準化とDevOpsの真実
Googleのインフラ技術に見る基盤標準化とDevOpsの真実
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
 
Googleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービスGoogleにおける機械学習の活用とクラウドサービス
Googleにおける機械学習の活用とクラウドサービス
 
Spannerに関する技術メモ
Spannerに関する技術メモSpannerに関する技術メモ
Spannerに関する技術メモ
 
Googleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOpsGoogleのインフラ技術から考える理想のDevOps
Googleのインフラ技術から考える理想のDevOps
 
A Brief History of My English Learning
A Brief History of My English LearningA Brief History of My English Learning
A Brief History of My English Learning
 
TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎TensorFlowプログラミングと分類アルゴリズムの基礎
TensorFlowプログラミングと分類アルゴリズムの基礎
 
TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門TensorFlowによるニューラルネットワーク入門
TensorFlowによるニューラルネットワーク入門
 
Using Kubernetes on Google Container Engine
Using Kubernetes on Google Container EngineUsing Kubernetes on Google Container Engine
Using Kubernetes on Google Container Engine
 
Lecture note on PRML 8.2
Lecture note on PRML 8.2Lecture note on PRML 8.2
Lecture note on PRML 8.2
 
Machine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application DevelopersMachine Learning Basics for Web Application Developers
Machine Learning Basics for Web Application Developers
 
Your first TensorFlow programming with Jupyter
Your first TensorFlow programming with JupyterYour first TensorFlow programming with Jupyter
Your first TensorFlow programming with Jupyter
 
Deep Q-Network for beginners
Deep Q-Network for beginnersDeep Q-Network for beginners
Deep Q-Network for beginners
 
Life with jupyter
Life with jupyterLife with jupyter
Life with jupyter
 
TensorFlowで学ぶDQN
TensorFlowで学ぶDQNTensorFlowで学ぶDQN
TensorFlowで学ぶDQN
 
DevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきかDevOpsにおける組織に固有の事情を どのように整理するべきか
DevOpsにおける組織に固有の事情を どのように整理するべきか
 
PRML7.2
PRML7.2PRML7.2
PRML7.2
 
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
インタークラウドを実現する技術 〜 デファクトスタンダードからの視点 〜
 

Kürzlich hochgeladen

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Kürzlich hochgeladen (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

How Quantum configures Virtual Networks under the Hood?

  • 1. Quantum Under the Hood Open Cloud Campus How Quantum Configures Virtual Networks Under the Hood? 2012/12/10 ver1.2 E.Nakai (Twitter @enakai00)
  • 2. Quantum Under the Hood Physical and Logical Configuration Open Cloud Campus 2
  • 3. Quantum Under the Hood Physical Network Connection and Agent Placement Public Network Management Network Instances are launched インスタンスが Virtual Routers on these nodes 起動するノード are configured here eth0 eth2 eth0 eth0 Network Node Quantum Service Compute Node Compute Node L2 Agent L2 Agent L2 Agent DHCP Agent L3 Agent Quantum Service can be eth1 eth1 eth1 placed on anther node Private Network Open Cloud Campus 3
  • 4. Quantum Under the Hood Logical Configuration of the Virtual Network - Case1 Some network can be dedicated to a specific tenant Each instance can choose connected private network. Connections from/to Public Network (Multiple choice is allowed.) are NAT-ed here NAT Router and Firewall Public Network Packets from different subnet are filtered with the “Security Group.” net01 net02 Private Network Private Network (Subnet01) (Subnet02) Packets between same subnet are not filtered. Open Cloud Campus 4
  • 5. Quantum Under the Hood Logical Configuration of the Virtual Network - Case2  By assigning a dedicated router for each tenant, each tenant can create its own private networks freely, even overlapping subnets can be used by multiple tenants. Public Network Connections from/to other Tenants or Public Network are NAT-ed here Router for Router for TenantA TenantB Subnet01 Subnet02 Subnet03 Subnet04 192.168.1.0/24 192.168.2.0/24 192.168.1.0/24 192.168.2.0/24 net01 net02 net03 net04 Open Cloud Campus 5
  • 6. Quantum Under the Hood Notes on the Configuration  There are various plugin's for L2 Agent. In this document, we describe “LinuxBridge plugin” and “Open vSwitch plugin” which provides basic bridge functionality using Linux bridge / Open vSwitch.  The single Network Node could be a potential bottle neck and a single point of failure. There is a lot of design discussion about it in the upstream.  Currently dnsmasq is used by DHCP agent as in the following charts, but different DHCP options are possible by design. Other options may be added in the future.  Network Namespace support is _not_ mandatory for Case1 configuration. If you want to use multiple routers (and optionally the overlapping IP address feature), however, you have to use Case2 design and Network Namespace support is required there.  It depends on Linux distributions whether you can use the Network Namespace feature. For example, RHEL6.3/6.4 doesn't support it. Fedora17/18 supports it. Open Cloud Campus 6
  • 7. Quantum Under the Hood Network Components configured by LinuxBridge Plugin using VLAN separation - Case1 Configuration - NAT Router and Firewall Public Network net01 net02 Private Network Private Network (Subnet01) (Subnet02) Model Network of this Section vm01 vm02 vm03 Open Cloud Campus 7
  • 8. Quantum Under the Hood Network Components on Compute Nodes TAP device Configured by Nova Compute VLAN device vm01 vm02 vm03 Linux Bridge IP IP IP IP eth0 eth0 eth1 eth0 IP is assigned via dnsmasq running on Network Node tap01 tap02 tap03 tap04 brqXXXX brqYYYY net01 net02 VLAN device is created for eth1.101 eth1.102 each private network Configured by L2 Agent eth1 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 8
  • 9. Quantum Under the Hood Network Components on Network Nodes To Public Network Configured by L3 Agent eth0 veth pair Linux Bridge tapVVV brqxxxx VLAN device NAT with iptables IP qg-VVV dnsmasq dnsmasq dnsmasq is assigned to each subnet IP IP IP IP ns-XXX qr-YYY qr-ZZZ ns-WWW tapXXX tapYYY tapZZZ tapWWW Configured by DHCP Agent brqxxxx brqxxxx Suffix “xxxx” is derived from net01 net02 the head of network UUID. eth1.101 eth1.102 Configured by L2 Agent eth1 To Private Network Open Cloud Campus 9
  • 10. Quantum Under the Hood Network Namespace Separation To Public Network eth0 Suffix “bbbb” corresponds Network to router UUID. Namespace tapVVV brqxxxx qrouter-bbbb IP qdhcp-cccc qdhcp-aaaa qg-VVV Suffix “aaaa” corresponds to network UUID. dnsmasq dnsmasq IP IP IP IP ns-XXX qr-YYY qr-ZZZ ns-WWW tapXXX tapYYY tapZZZ tapWWW brqxxxx brqxxxx net01 net02 eth1.101 eth1.102 eth1 To Private Network Open Cloud Campus 10
  • 11. Quantum Under the Hood Network Components configured by LinuxBridge Plugin Plugin using VLAN separation - Case2 Configuration - Public Network Router for Router for TenantA TenantB Model Network of this Section vm01 vm02 vm03 vm04 Open Cloud Campus 11
  • 12. Quantum Under the Hood Network Components on Compute Nodes TAP device Configured by Nova Compute VLAN device vm01 vm02 vm02 vm03 Linux Bridge IP IP IP IP eth0 eth0 eth0 eth0 IP is assigned via dnsmasq running on Network Node tap01 tap02 tap03 tap04 brqXXXX brqYYYY net01 net02 VLAN device is created for eth1.101 eth1.102 each private network Configured by L2 Agent eth1 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 12
  • 13. Quantum Under the Hood Network Components on Network Nodes To Public Network Configured by L3 Agent brqxxxx eth0 veth pair Linux Bridge tapZZZ tapCCC NAT with iptables VLAN device IP IP qg-ZZZ qg-CCC dnsmasq dnsmasq dnsmasq is assigned to each subnet IP IP IP IP ns-XXX qr-YYY qr-BBB ns-AAA tapXXX tapYYY tapBBB tapAAA Configured by DHCP Agent brqxxxx brqxxxx Suffix “xxxx” is derived from net01 net02 the head of network UUID. eth1.101 eth1.102 Configured by L2 Agent eth1 To Private Network Open Cloud Campus 13
  • 14. Quantum Under the Hood Network Components on Network Nodes To Public Network brqxxxx eth0 Network Suffix “bbbb” corresponds Namespace to router UUID. tapZZZ tapCCC IP qrouter-bbbb IP qrouter-cccc qdhcp-aaaa qg-ZZZ qg-CCC qdhcp-dddd Suffix “aaaa” corresponds to network UUID. dnsmasq dnsmasq IP IP IP IP ns-XXX qr-YYY qr-BBB ns-AAA tapXXX tapYYY tapBBB tapAAA brqxxxx brqxxxx net01 net02 eth1.101 eth1.102 eth1 To Private Network Open Cloud Campus 14
  • 15. Quantum Under the Hood Network Components configured by Open vSwitch Plugin using VLAN separation - Case1 Configuration - NAT Router and Firewall Public Network net01 net02 Private Network Private Network (Subnet01) (Subnet02) Model Network of this Section vm01 vm02 vm03 Open Cloud Campus 15
  • 16. Quantum Under the Hood Network Components on Compute Nodes Configured by Nova Compute TAP device vm01 vm02 vm03 IP IP IP IP eth0 eth0 eth1 eth0 veth pair Linux Bridge vnet0 vnet1 vnet2 vnet3 qbrXXX qbrYYY qbrZZZ qbrWWW Open vSwitch qvbXXX qvbYYY qvbZZZ qvbWWW qvoXXX qvoYYY qvoZZZ qvoWWW Port VLAN tag:1 Port VLAN tag:2 Tenant flows are separated br-int by internally assigned VLAN ID int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 phy-br-eth1 dl_vlan=102 ⇒ mod_vlan_vid:2 br-eth1 Tenant flows are separated by user defined VLAN ID eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 dl_vlan=2 ⇒ mod_vlan_vid:102 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 16
  • 17. Quantum Under the Hood Network Components on Network Node To Public Network Internal port eth1 veth pair br-ex phy-br-ex NAT with iptables qg-VVV Open vSwitch IP dnsmasq Configured by L3 Agent dnsmasq dnsmasq is assigned to each subnet IP IP IP IP tapXXX qr-YYY qr-ZZZ tapWWW Configured by DHCP Agent Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 dl_vlan=102 ⇒ mod_vlan_vid:2 phy-br-eth1 br-eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 eth1 dl_vlan=2 ⇒ mod_vlan_vid:102 To Private Network Open Cloud Campus 17
  • 18. Quantum Under the Hood Network Namespace Separation To Public Network Network eth1 Namespace br-ex phy-br-ex qg-VVV qrouter-bbbb IP Suffix “bbbb” corresponds to router UUID. dnsmasq dnsmasq qdhcp-aaaa qdhcp-cccc IP IP IP IP Suffix “aaaa” corresponds tapXXX qr-YYY qr-ZZZ tapWWW to network UUID. Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 phy-br-eth1 br-eth1 eth1 To Private Network Open Cloud Campus 18
  • 19. Quantum Under the Hood Network Components configured by Open vSwitch Plugin using VLAN separation - Case2 Configuration - Public Network Router for Router for TenantA TenantB Model Network of this Section vm01 vm02 vm03 vm04 Open Cloud Campus 19
  • 20. Quantum Under the Hood Network Components on Compute Nodes Configured by Nova Compute vm01 vm02 vm03 vm04 TAP device IP IP IP IP eth0 eth0 eth0 eth0 veth pair Linux Bridge vnet0 vnet1 vnet2 vnet3 qbrXXX qbrYYY qbrZZZ qbrWWW Open vSwitch qvbXXX qvbYYY qvbZZZ qvbWWW qvoXXX qvoYYY qvoZZZ qvoWWW Port VLAN tag:1 Port VLAN tag:2 Tenant flows are separated br-int by internally assigned VLAN ID int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 phy-br-eth1 dl_vlan=102 ⇒ mod_vlan_vid:2 br-eth1 Tenant flows are separated by user defined VLAN ID eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 dl_vlan=2 ⇒ mod_vlan_vid:102 VLAN101 Physical L2 Switch for Private Network VLAN102 Open Cloud Campus 20
  • 21. Quantum Under the Hood Network Components on Network Node To Public Network Internal port eth1 veth pair br-ex phy-br-ex NAT with iptables qg-ZZZ qg-CCC Open vSwitch IP IP dnsmasq Configured by L3 Agent dnsmasq dnsmasq is assigned to each subnet IP IP IP IP tapXXX qr-YYY qr-BBB tapAAA Configured by DHCP Agent Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 VLAN ID is converted with flow table Configured by L2 Agent dl_vlan=101 ⇒ mod_vlan_vid:1 dl_vlan=102 ⇒ mod_vlan_vid:2 phy-br-eth1 br-eth1 VLAN ID is converted with flow table dl_vlan=1 ⇒ mod_vlan_vid:101 eth1 dl_vlan=2 ⇒ mod_vlan_vid:102 To Private Network Open Cloud Campus 21
  • 22. Quantum Under the Hood Network Namespace Separation To Public Network Network eth1 Namespace br-ex phy-br-ex qg-ZZZ qg-CCC qrouter-bbbb qrouter-cccc Suffix “bbbb” corresponds IP IP to router UUID. dnsmasq dnsmasq qdhcp-aaaa qdhcp-dddd IP IP IP IP Suffix “aaaa” corresponds tapXXX qr-YYY qr-BBB tapAAA to network UUID. Port VLAN tag:1 Port VLAN tag:2 br-int int-br-ex int-br-eth1 phy-br-eth1 br-eth1 eth1 To Private Network Open Cloud Campus 22
  • 23. Quantum Under the Hood Notes on the Configuration  On Compute Nodes, the use of Linux Bridge between the integration switch (br-int) and VM tap devices may look redundant. But It's required for Nova's security group feature to work. They are configured with Nova's “LibvirtHybridOVSBridgeDriver”.  You can choose another driver if you don't need the security group functionality. Then, the configuration will be different.  The security group feature will be integrated with Quantum in the future, and this would be more simplified. Open Cloud Campus 23
  • 24. Quantum Under the Hood Example of Configuration Steps Open Cloud Campus 24
  • 25. Quantum Under the Hood Example Configuration Steps for Case1 (1/2)  Under the “service” tenant, create the shared router, define the public network, and set it as a default gateway of the router. # tenant=$(keystone tenant-list | awk '/service/ {print $2}') # quantum router-create router01 # quantum net-create --tenant-id $tenant public01 --provider:network_type flat --provider:physical_network physnet1 --router:external=True # quantum subnet-create --tenant-id $tenant --name public01_subnet01 --gateway 10.64.201.254 public01 10.64.201.0/24 --enable_dhcp False # quantum router-gateway-set router01 public01  Under the user tenant “redhat”, create the private network “net01” and its subnet, and connect it to the router. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum net-create --tenant-id $tenant net01 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 101 # quantum subnet-create --tenant-id $tenant --name net01_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router01 net01_subnet01 Open Cloud Campus 25
  • 26. Quantum Under the Hood Example Configuration Steps for Case1 (2/2)  Another network “net02” can be added in the same way. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum net-create --tenant-id $tenant net02 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 102 # quantum subnet-create --tenant-id $tenant --name net02_subnet01 net02 192.168.102.0/24 # quantum router-interface-add router01 net02_subnet01 Open Cloud Campus 26
  • 27. Quantum Under the Hood Example Configuration Steps for Case2 (1/2)  Under the “service” tenant, define the public network. # tenant=$(keystone tenant-list | awk '/service/ {print $2}') # quantum net-create --tenant-id $tenant public01 --provider:network_type flat --provider:physical_network physnet1 --router:external=True # quantum subnet-create --tenant-id $tenant --name public01_subnet01 --gateway 10.64.201.254 public01 10.64.201.0/24 --enable_dhcp False  Under the user tenant “redhat”, create the tenant router and set its gateway for the public network. # tenant=$(keystone tenant-list|awk '/redhat/ {print $2}') # quantum router-create --tenant-id $tenant router01 # quantum router-gateway-set router01 public01  Then, define private network “net01” and its subnet, and connect it to the router. # quantum net-create --tenant-id $tenant net01 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 101 # quantum subnet-create --tenant-id $tenant --name net01_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router01 net01_subnet01 Open Cloud Campus 27
  • 28. Quantum Under the Hood Example Configuration Steps for Case2 (2/2)  Additonal router and private networks for another tenant “redhat2” can be added in the same way. # tenant=$(keystone tenant-list|awk '/redhat2/ {print $2}') # quantum router-create --tenant-id $tenant router02 # quantum router-gateway-set router02 public01 # quantum net-create --tenant-id $tenant net02 --provider:network_type vlan --provider:physical_network physnet2 --provider:segmentation_id 102 # quantum subnet-create --tenant-id $tenant --name net02_subnet01 net01 192.168.101.0/24 # quantum router-interface-add router02 net02_subnet01 Open Cloud Campus 28
  • 29. Quantum Under the Hood iptable chains Open Cloud Campus 29
  • 30. Quantum Under the Hood Packet filtering chains on Compute Nodes filter table Packet filtering for instances are done on Compute Nodes FORWARD nova-filter-top Filtering chain is created for nova-compute-local each instance. nova-compute-inst-xx Packets from the same Subnet are not filtered. nova-compute-provider Security Group is Packets from the same subnet ACCEPT applied here Filtering by Security Group ACCEPT nova-compute-sg-fallback DROP nova-compute-FORWARD *These are configured by Nova Compute ACCEPT (“Security Group” is a part of Nova functions.) Open Cloud Campus 30
  • 31. Quantum Under the Hood NAT chains on Network Node (1/2) Packet filtering for instances nat table POSTROUTING are done on Compute Nodes quantum-l3-agent-POSTROUTING Packets _not_ on Public NW port ACCEPT quantum-postrouting-bottom NAT is applied only at the edge of Public Network quantum-l3-agent-snat SNAT from Private IP quantum-l3-agent-float-snat to the associated Floating IP Packets from Private IP SNAT associated with Floating IP Packets from Private IP SNAT nova-api-POSTROUTING SNAT from Private IP to Router's Public IP nova-api-postrouting-bottom *These are mainly configured by L3 Agent. ACCEPT Open Cloud Campus 31
  • 32. Quantum Under the Hood NAT chains on Network Node (2/2) nat table PREROUTING quantum-l3-agent-PREROUTING Packet to Floating IP DNAT nova-api-PREROUTING DNAT from Floating IP to the corresponding Private IP ACCEPT *These are mainly configured by L3 Agent. Open Cloud Campus 32
  • 33. Quantum Under the Hood References Open Cloud Campus 33
  • 34. Quantum Under the Hood References  OpenStack Network (Quantum) Administration Guide – http://docs.openstack.org/trunk/openstack-network/admin/content/index.html  Quantum L2 Linux Bridge Plugin – http://wiki.openstack.org/Quantum-Linux-Bridge-Plugin  QuickStart with RHOS(Red Hat OpenStack) Folsom Preview – http://d.hatena.ne.jp/enakai00/20121118/1353226066 Open Cloud Campus 34
  • 35. Quantum Under the Hood Open Cloud Campus Enjoy the Life with OpenStack! Etsuji Nakai Twitter @enakai00