Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Neutron DVR

Download as PPTX, PDF
Edgar Magana
Edgar Magana

This document discusses Neutron networking status in OpenStack, including features like Distributed Virtual Router (DVR) support. DVR allows distributed routing to remove bottlenecks and enable one-hop east-west traffic between VMs on different hypervisors. The document provides configuration options for enabling DVR and an example multi-node Devstack configuration for testing DVR on compute and network nodes. It also includes diagrams illustrating how DVR works to deliver traffic between VMs on different networks and hypervisors.

Related slideshows

OpenStack Neutron Liberty Updates
OpenStack Neutron Liberty UpdatesOpenStack Neutron Liberty Updates
OpenStack Neutron Liberty Updates
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
 
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
 
1 of 12
Neutron Distributed Virtual Router Edgar Magana Cloud Operations Architect
Acknowledgments Big Thanks to Great Developers in OpenStack Community & OpenStack Foundation. Information presented here are sourced from my own experience as OpenStack developer/user and from OpenStack Foundation Documents & Community. Views and Technical points expressed here are solely presenter’s and doesn’t reflect his employer views/positions or OpenStack Foundation in anyway.
Networking Status (Neutron)  nova-network Parity – Feature parity with nova-network in progress – Initial migration path -- initial path for nova-network deprecation  L3 Enhancements – Multiple L3 agents – HA through plugins & keepalived – Each router created is assigned to 2 or more agents  IPv6 – Next generation of IP routing – 2001:0db8:85a3:0042:1000:8a2e:0370:7334 rather than 10.28.255.168 – Address assignment – SLAAC – Stateful DHCP – Stateless DHCP – Router advertisement through RADVD
Networking Status (Neutron)  DVR – Uses L3 HA – Removes bottleneck in east-west traffic – Shares OVS route information across virtual routers – One-hop traffic for VMs on different hypervisors – Requires OVS on ML2 plugin  New plugins/Drivers – OpenContrail plugin – A10 Networks LBaaS driver – Arista L3 routing plugin – Big Switch L3 routing plugin – Brocade L3 routing plugin – Cisco APIC ML2 Driver (including a L3 routing plugin) – Cisco CSR L3 routing plugin – Freescale SDN ML2 Mechanism
OpenStack Networking Deployment
Network Node Internals
DVR Support in Juno  The new Enhanced L3 Agent can operate in 3 different modes: 1. Legacy (default for backward compatibility)  Centralized routing only  Runs on Network Nodes 2. DVR  Supports distributed routing  Runs on Compute Nodes 3. DVR_SNAT  Supports legacy centralized routing, DVR and centralized SNAT  Runs on either Network/Service Node or Compute Nodes  Each mode adds new support for certain features while continuing to support the other features but is dependent on the l3-agent scheduler.
Neutron – DVR Config Options  neutron.conf [DEFAULT] router_distributed = False (True = DVR mode) dvr_base_mac = fa:16:3f:00:00:00  ovs_neutron_plugin.ini [agent] enable_distributed_routing = False (True = The l2 agent runs in DVR mode)  l3_agent.ini [DEFAULT] agent_mode = legacy  dvr  dvr_snat
DVR – Devstack Multi-Node Controller/Network(SNAT) HOST_IP=172.16.232.137 disable_service n-net enable_service neutron enable_service tempest enable_service q-svc enable_service q-agt enable_service q-dhcp enable_service q-l3 enable_service q-meta enable_service n-cpu MYSQL_PASSWORD=nova RABBIT_PASSWORD=nova SERVICE_TOKEN=nova SERVICE_PASSWORD=nova ADMIN_PASSWORD=nova LOGDAYS=1 Q_PLUGIN=ml2 ENABLE_TENANT_TUNNELS=True TENANT_TUNNEL_RANGE=50:100 Q_ML2_TENANT_NETWORK_TYPE=vxlan Q_DVR_MODE=dvr_snat VNCSERVER_LISTEN=$HOST_IP VNCSERVER_PROXYCLIENT_ADDRESS=$HOST_IP MULTI_HOST=1 Compute/Routing HOST_IP=172.16.232.138 SERVICE_HOST=172.16.232.137 MYSQL_HOST=$SERVICE_HOST RABBIT_HOST=$SERVICE_HOST GLANCE_HOSTPORT=$SERVICE_HOST:9292 MYSQL_PASSWORD=nova ADMIN_PASSWORD=nova SERVICE_PASSWORD=nova SERVICE_TOKEN=nova RABBIT_PASSWORD=nova ENABLED_SERVICES=n-cpu,neutron,n-novnc,q-agt,q-l3 Q_PLUGIN=ml2 ENABLE_TENANT_TUNNELS=True TENANT_TUNNEL_RANGE=50:100 Q_ML2_TENANT_NETWORK_TYPE=vxlan Q_DVR_MODE=dvr VNCSERVER_LISTEN=$HOST_IP VNCSERVER_PROXYCLIENT_ADDRESS=$HOST_IP MULTI_HOST=1
IP Network Namespaces After creating a few networks and routers: openstack-dev:~/devstack$ sudo ip netns qdhcp-2e9facd9-92d3-4d71-9c80-6d3992b6751b qdhcp-ea73f4b4-d753-4d2b-9089-e0dc65cfea2b qrouter-c64a1a02-6425-4252-ba89-3146647c564f snat-375d717f-afd3-4427-878d-4c38303e40f2 qrouter-375d717f-afd3-4427-878d-4c38303e40f2 openstack-dev-compute:~/devstack$ sudo ip netns qrouter-c64a1a02-6425-4252-ba89-3146647c564f
DVR in Action LEGEND Tenant 1 has two Networks - RED & GREEN Tenant 2 has one Network - ORANGE 11. Deliver to VM 2: srcMac = green-Mac, destMac = VM2, Network = green IR IR vm1 vm3 vm6 vm7 1. Data frame with srcMac = VM1, destMac = red-Mac, Network = red br-int-cn1 4. Set destMac: srcMac = VM1, destMac = VM2, Network = green 5. Set srcMac: srcMac = green-Mac, destMac = VM2, Network = green br-tun-cn1 vm2 vm4 br-int-cn2 br-tun-cn2 vm5 Data Network 2. br-int forwards to IR 10. Swap in Gateway Mac: srcMac = green-Mac, destMac = VM2, Network = green 9. Usual Virtual switching srcMac = dvr-cn1-Mac, destMac = VM2, Network = green 3. Change network: srcMac = VM1, destMac = red-Mac, Network = green 6. Dec TTL and fwd: srcMac = green-Mac, destMac = VM2, Network = green 7. Swap out Gateway Mac: srcMac = dvr-cn1-Mac, destMac = VM2, Network = green 8. Usual Virtual switching : srcMac = dvr-cn1-Mac, destMac = VM2, Network = green source: HP Neutron Team
Thank you! Details: https://etherpad.openstack.org/p/kilo-summit-ops-dvr http://www.slideshare.net/emaganap twitter: emaganap

More Related Content

Neutron DVR

  • 1. Neutron Distributed Virtual Router Edgar Magana Cloud Operations Architect
  • 2. Acknowledgments Big Thanks to Great Developers in OpenStack Community & OpenStack Foundation. Information presented here are sourced from my own experience as OpenStack developer/user and from OpenStack Foundation Documents & Community. Views and Technical points expressed here are solely presenter’s and doesn’t reflect his employer views/positions or OpenStack Foundation in anyway.
  • 3. Networking Status (Neutron)  nova-network Parity – Feature parity with nova-network in progress – Initial migration path -- initial path for nova-network deprecation  L3 Enhancements – Multiple L3 agents – HA through plugins & keepalived – Each router created is assigned to 2 or more agents  IPv6 – Next generation of IP routing – 2001:0db8:85a3:0042:1000:8a2e:0370:7334 rather than 10.28.255.168 – Address assignment – SLAAC – Stateful DHCP – Stateless DHCP – Router advertisement through RADVD
  • 4. Networking Status (Neutron)  DVR – Uses L3 HA – Removes bottleneck in east-west traffic – Shares OVS route information across virtual routers – One-hop traffic for VMs on different hypervisors – Requires OVS on ML2 plugin  New plugins/Drivers – OpenContrail plugin – A10 Networks LBaaS driver – Arista L3 routing plugin – Big Switch L3 routing plugin – Brocade L3 routing plugin – Cisco APIC ML2 Driver (including a L3 routing plugin) – Cisco CSR L3 routing plugin – Freescale SDN ML2 Mechanism
  • 7. DVR Support in Juno  The new Enhanced L3 Agent can operate in 3 different modes: 1. Legacy (default for backward compatibility)  Centralized routing only  Runs on Network Nodes 2. DVR  Supports distributed routing  Runs on Compute Nodes 3. DVR_SNAT  Supports legacy centralized routing, DVR and centralized SNAT  Runs on either Network/Service Node or Compute Nodes  Each mode adds new support for certain features while continuing to support the other features but is dependent on the l3-agent scheduler.
  • 8. Neutron – DVR Config Options  neutron.conf [DEFAULT] router_distributed = False (True = DVR mode) dvr_base_mac = fa:16:3f:00:00:00  ovs_neutron_plugin.ini [agent] enable_distributed_routing = False (True = The l2 agent runs in DVR mode)  l3_agent.ini [DEFAULT] agent_mode = legacy  dvr  dvr_snat
  • 9. DVR – Devstack Multi-Node Controller/Network(SNAT) HOST_IP=172.16.232.137 disable_service n-net enable_service neutron enable_service tempest enable_service q-svc enable_service q-agt enable_service q-dhcp enable_service q-l3 enable_service q-meta enable_service n-cpu MYSQL_PASSWORD=nova RABBIT_PASSWORD=nova SERVICE_TOKEN=nova SERVICE_PASSWORD=nova ADMIN_PASSWORD=nova LOGDAYS=1 Q_PLUGIN=ml2 ENABLE_TENANT_TUNNELS=True TENANT_TUNNEL_RANGE=50:100 Q_ML2_TENANT_NETWORK_TYPE=vxlan Q_DVR_MODE=dvr_snat VNCSERVER_LISTEN=$HOST_IP VNCSERVER_PROXYCLIENT_ADDRESS=$HOST_IP MULTI_HOST=1 Compute/Routing HOST_IP=172.16.232.138 SERVICE_HOST=172.16.232.137 MYSQL_HOST=$SERVICE_HOST RABBIT_HOST=$SERVICE_HOST GLANCE_HOSTPORT=$SERVICE_HOST:9292 MYSQL_PASSWORD=nova ADMIN_PASSWORD=nova SERVICE_PASSWORD=nova SERVICE_TOKEN=nova RABBIT_PASSWORD=nova ENABLED_SERVICES=n-cpu,neutron,n-novnc,q-agt,q-l3 Q_PLUGIN=ml2 ENABLE_TENANT_TUNNELS=True TENANT_TUNNEL_RANGE=50:100 Q_ML2_TENANT_NETWORK_TYPE=vxlan Q_DVR_MODE=dvr VNCSERVER_LISTEN=$HOST_IP VNCSERVER_PROXYCLIENT_ADDRESS=$HOST_IP MULTI_HOST=1
  • 10. IP Network Namespaces After creating a few networks and routers: openstack-dev:~/devstack$ sudo ip netns qdhcp-2e9facd9-92d3-4d71-9c80-6d3992b6751b qdhcp-ea73f4b4-d753-4d2b-9089-e0dc65cfea2b qrouter-c64a1a02-6425-4252-ba89-3146647c564f snat-375d717f-afd3-4427-878d-4c38303e40f2 qrouter-375d717f-afd3-4427-878d-4c38303e40f2 openstack-dev-compute:~/devstack$ sudo ip netns qrouter-c64a1a02-6425-4252-ba89-3146647c564f
  • 11. DVR in Action LEGEND Tenant 1 has two Networks - RED & GREEN Tenant 2 has one Network - ORANGE 11. Deliver to VM 2: srcMac = green-Mac, destMac = VM2, Network = green IR IR vm1 vm3 vm6 vm7 1. Data frame with srcMac = VM1, destMac = red-Mac, Network = red br-int-cn1 4. Set destMac: srcMac = VM1, destMac = VM2, Network = green 5. Set srcMac: srcMac = green-Mac, destMac = VM2, Network = green br-tun-cn1 vm2 vm4 br-int-cn2 br-tun-cn2 vm5 Data Network 2. br-int forwards to IR 10. Swap in Gateway Mac: srcMac = green-Mac, destMac = VM2, Network = green 9. Usual Virtual switching srcMac = dvr-cn1-Mac, destMac = VM2, Network = green 3. Change network: srcMac = VM1, destMac = red-Mac, Network = green 6. Dec TTL and fwd: srcMac = green-Mac, destMac = VM2, Network = green 7. Swap out Gateway Mac: srcMac = dvr-cn1-Mac, destMac = VM2, Network = green 8. Usual Virtual switching : srcMac = dvr-cn1-Mac, destMac = VM2, Network = green source: HP Neutron Team
  • 12. Thank you! Details: https://etherpad.openstack.org/p/kilo-summit-ops-dvr http://www.slideshare.net/emaganap twitter: emaganap