OpenStack networking - Neutron deep dive with PLUMgrid

2011-2014 © PLUMgrid - Confidential Information
Fernando Sanchez – Principal Systems Engineer @ PLUMgrid
fernando@plumgrid.com
@fernandosanchez
OpenStack Networking &
PLUMgrid Open Networking Suite for OpenStack

OpenStack: Open Source Cloud OS
•  Open source software for
compute, storage, networking
•  Distributions simplify installation
and maintenance
•  Several commercial and “free”
OpenStack distributions
available

2011-2014 © PLUMgrid - Confidential Information 3
Conceptual communication among services

At the junction of any Cloud
ISOLATION
CONNECTIVITY
COMPUTE
STORAGE
Network

Physical & Virtual Network Infrastructure
PHYSICAL
INFRASTRUCTURE
VIEW
VIRTUAL
INFRASTRUCTURE
VIEW
•  QoS, Bandwidth
•  Latency
•  Multicast
•  Capacity
•  Connectivity
•  On-Demand
•  Multi Tenant
•  Automated
•  Self Service
•  Secure
•  Distributed
Overlay Network
TENANT
NETWORKS

OpenStack Networking (Neutron)
6

Why Neutron?
•  Started with the Folsom release
•  Provide Network as a Service
•  Provide Operator & Tenants ability to
create and offer rich network topologies
and configure advanced policies
•  Offer a technology agnostic layer while
enabling vendor extensions
•  Support for advanced services
Compute Storage
Network

What is Neutron?
§  Provides REST APIs to manage network connections for the
resources managed by other OpenStack Services (e.g. Nova)
§  Technology Agnostic (framework based on “plug-ins”)
§  Multi-tenancy: Isolation, Abstraction, full control over virtual
networks
§  Modular Design: API specifies service, vendor provides its
implementation. Extensions for vendor-specific features.
§  Exposes vendor-specific network virtualization and SDN
technologies
8

What Neutron is NOT
•  Neutron does NOT implement the networks, but rather
is the front-end to the component that does create and
implement the rich network functionalities
•  When integrated with an SDN solution, it will “pass through”
OpenStack Networking API calls to the SDN Controller. The SDN
solution will then “build the actual networks”.
•  When integrated with OVS and a Network node solution*….
*this is what many people call “running Neutron” (inaccurately)
•  It can be very THIN or very THICK depending on
functionalities available in the underlying solution
9

Why Neutron Plugins?
10
•  The initial Openstack networking implementation based on nova (nova-
network) only implemented a basic model of isolation through Linux
VLANs and IP tables
•  Neutron was always architected as a pluggable architecture to provide
choice
•  back-end hardware and software agnostic
•  use a variety of technologies to implement the API requests
•  supports a broad spectrum of choices – from basic Linux VLANs and
IP tables to more advanced technologies such as network overlays

Neutron Architecture
11
Neutron API
Neutron Service
Neutron Plug-in API
API Extensions
Service API
(VPN, FW & LBaaS)
VNI & PNI
Virtual & Physical Networking Infrastructure
Plug-In ExtensionsPlug-In
Implementation

Two Types of Neutron Plugins
12
•  Implements Neutron Core API
•  Layer 2 (Switch)
•  Optionally implements Service
plugin functionality by using
extensions
Core Service
•  Implements Neutron API extensions
•  Layer 3 (Router)
•  Firewall
•  Load Balancer
•  VPN

Vendor to Plugin Type Mapping
13
PLUMgrid, VMware NSX,
Midokura, Nuage, OpenContrail
Arista, Big Switch, Brocade,
Cisco, Embrane, Extreme,
Huawei, Juniper, Microsoft
(HyperV), IBM, Mellanox, NEC,
One Convergence, ODL
Core Service
Router: Cisco
LBaaS: A10 Networks, Embrane,
Citrix (Netscaler), F5, Radware,
vArmour
FWaaS: Cisco, Freescale
VPNaaS: Cisco
List is a sample and is incompleteSource: OpenStack Marketplace/Drivers

Architecture Challenges: Neutron & OVS
Neutron
ML2/OVS
plugin
VM
Network Nodes
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VMVM VM
Nova Glance Swift Cinder
L3 Agent
FWaaS
Agent
LBaaS
Agent
Agent
Agent
Agent
Agent
Agent
Agent
DHCP
Agent
Services
Neutron
Framework
Placement of these
components is critical;
They are in data path
and become bottlenecks
Advanced Services run
on dedicated nodes.
Limited HA.
Creation of new tenants
requires careful sizing of
components to maintain
performance level
VM traffic flow can be handled in
kernel, in local user space or in
network nodes with different
performance level

OpenStack Networking & PLUMgrid
15

Last Mile to Agility: Virtual Networks
16
PHYSICAL
INFRASTRUCTURE
VIRTUAL
INFRASTRUCTURE
Virtual Compute
Compute Storage
Virtual Storage
CRM VDI ERP IaaSSaaS PaaS
Network
Virtual Networks
Self Service Portal/Catalog
Cloud Management Platform

PLUMgrid Open Networking Suite
17
PHYSICAL NETWORK INFRASTRUCTURE
VIRTUAL DOMAIN
Tenant A
PLUMGRID
NETWORK
LIBRARY
Bridge
Router
LB
Security
Policies
Bridge
Security
Policies
Bridge
DHCP
FW
VIRTUAL DOMAIN
Tenant B
Scalable Architecture Non-Stop Forwarding Service Insertion

PLUMgrid Open Networking Suite
18
ü  No single point of failure
ü  Highly resilient & self-healing
ü  Terabits of distributed scale out performance
Internet
PLUMgrid
IO Visor Edge
PLUMgrid
Directors
PLUMgrid
IO Visor Gateway
Virtual Domain A Virtual Domain B
Overlay Network

Understanding Virtual Domains
PHYSICAL
INFRASTRUCTURE
VIEW
VIRTUAL
INFRASTRUCTURE
VIEW
Custom or Template based Virtual Network Domains per Tenant
Tenant 1 Tenant 2 Tenant 3
VM VM VM VM
Internet
VM VM
VM
VM PLUMgrid Zone

Architecture Solution: Neutron & PLUMgrid
Neutron
PLUMgrid
Plugin
VM
Virtual Domains
Tenant Networks
iO Visor Kernel Module -- Distributed Data Plane
PLUMgrid Director
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VMVM VM
Nova Glance Swift Cinder
3rd party
Virtual Network Functions
Control Plane
VM to VM optimized
packet flow due to
distributed VNFs –
Eliminating bottlenecks
Virtual Domains
automatically scale out
as more servers are
deployed
All VNF control planes
are fully redundant
Director Cluster is
deployed in
management rack
Virtual Domain A Virtual Domain B Virtual Domain C

PLUMgrid Platform Architecture
21

Data
Plane

Controller

Closed
Network

Functions

Orchestration
layers
South
Bound
API

North
Bound
API

Management
API

Physical
Network
Infrastructure
Vendors
SDN
Vendors
Commodity Switch or
Software Virtual Switch
From PNI to SDN vendors?
Data Plane
Controller
Closed Network
Functions
From one Vertically Integrated Environment to the Next?

Data
Plane
‘

Controller
‘

Closed
Network

Functions

Orchestration
layers
South
Bound
API
+
Extensions

North
Bound
API

Management
API

3rd party Network
Function
North
Bound
AP
Extensions

3rd party new Network Functions
Required Platform changes
(unfunded)
Data Plane
Controller
Closed Network
Functions
Architecture Gridlock
Networking: Extending the Data Plane?

Data Plane
Controller
Closed Network
Functions
South Bound API
North Bound API
Management API
DP DP DP
CP CP CP
Network Function
CP-DP APIs
Management API
DEVELOPERS
OPERATORS
PG-SDK
OPERATORS
IO-VISOR™
Director
Old SDN architecture PLUMgrid Platform
IO-visor™ based Architecture
Platform Ecosystem: Get the Controller Out of the Way
Platform Ecosystem: Get the Controller out of the way

BRIDGE
ROUTER
NAT
IO VISOR™
DP DP DP
IO Visor™ : Internals
PLUMgrid Director CP CP CP
Director APIs
API
BRG
API RTR API NAT
API BRG API RTR API NAT
Ports
REST APIs
Port Mgr. (PEM)
IO Visor
•  Stiches multiple ‘PLUMlet DPs’
as directed by NOS
•  Allows different NF CPs to
manage their ‘PLUMlets’
•  The Director controls the
IO Visor™

IO VISOR™
BRIDGE
ROUTER
NAT
DP DP DP
OPERATORS
PLUMgrid IOVisor Ecosystem – SDK & APIs
SDK
PLUMgrid Director
REST APIs
CP CP CP
CMS
GUI
Network Services
Hypervisor
Infrastructure

PLUMgrid Ignition
27
Immersive PLUMgrid Technology Experience

PLUMgrid Ignition
28
Go to: www.plumgrid.com/plumgrid-ignition/

2011-2014 © PLUMgrid - Confidential Information 29
Next Steps
Stay Connect at www.plumgrid.com/events/
Sign Up for PLUMgrid Ignition at www.plumgrid.com
Follow Us @PLUMgrid

Our Vision
30
THANK YOU!

OpenStack networking - Neutron deep dive with PLUMgrid

More Related Content

OpenStack networking - Neutron deep dive with PLUMgrid