Click here to load reader

Openstack Neutron, interconnections with BGP/MPLS VPNs

  • View
    385

  • Download
    1

Embed Size (px)

Text of Openstack Neutron, interconnections with BGP/MPLS VPNs

  • 1

    Openstack Neutron & Interconnections with BGP/MPLS VPNs Thomas Morin Orange Labs 2016-03-10

  • 2

    Why a need to interconnect Openstack and BGP/MPLS

    VPNs ?

    network operators using BGP/MPLS VPNs

    need to interconnect IaaS platforms with these VPNs

    public cloud

    internal cloud

    NFV platforms service networks

    Openstack de-facto IaaS foundation

    what API to drive Openstack interconnections with BGP/MPLS VPNs?

    what implementation behind this API ?

  • 3

    Interconnect Openstack and BGP/MPLS VPNs

    Goals and Use Cases ?

    Today, we can:

    use SDN Controller X,Y or Z to

    create connectivity between VMs

    and BGP VPNs

    (for some values of X only)

    use specific APIs of X,Y,Z to drive

    these interconnections

    often tenant credentials are not

    enough, need to be admin

    Goals:

    have a single controller-agnostic

    API to drive these interconnections

    allow tenants to drive what these

    interconnections

    (but only in their VPNs!)

    have this feature in Neutron itself

    for use in Openstack

    continuous integration

    as an alternative for

    deployment

  • 4

    Openstack Neutron networking-bgpvpn project

    A Neutron API to drive BGP VPN interconnections

    What it is about ?

    a service plugin that inserts into Neutron and exposes an API for BGPVPN Interconnection

    tenant I want Network X to be interconnected with BGPVPN foo

    how is an interconnection defined through the API realized ? depends on the driver ! (see next slides)

    A bit of history

    API proposal started 2+ years ago lead by Nachi Ueno and Pedro Marques)

    Effort re-started one year ago by Orange with an opensourced implementation as a starting point

    Triggered interest around Openstack Vancouver summit Welcome in Openstack big tent / Neutron stadium Creation of the Openstack networking-bgpvpn project in June 2015

  • 5

    dataplane (vswitch/ vrouter)

    Neutron BGP VPN Interconnections service plugin

    Overview

    Neutron

    Backend X (e.g. Neutron+Bagpipe, OpenDaylight,

    OpenContrail, Nuage)

    BGP

    Peers

    VMs

    driver for

    backend X

    BGP

    VPN

    routes

    packets carried

    over MPLS

    toward VPNs

    API

    BGPVPN

    Service Plugin

    driver for

    X

  • 6

    Neutron and BGP VPN Interconnections

    API constructs and workflows

    Key API Constructs

    BGPVPN resource

    contains BGP-specific parameters

    in particular import/export Route Targets

    Network Association resource

    associates a BGPVPN with a said Neutron Network

    Router association resource

    (same idea)

    Workflows

    a BGPVPN is created by the

    admin, with chosen BGP

    parameters, and given to a

    tenant (tenant cannot modify nor read

    BGP parameters)

    the tenant can then choose to

    associate a BGP VPN it owns to

    a Network or Router

    API reference: http://docs.openstack.org/developer/networking-bgpvpn/api.html

    http://docs.openstack.org/developer/networking-bgpvpn/api.htmlhttp://docs.openstack.org/developer/networking-bgpvpn/api.htmlhttp://docs.openstack.org/developer/networking-bgpvpn/api.htmlhttp://docs.openstack.org/developer/networking-bgpvpn/api.htmlhttp://docs.openstack.org/developer/networking-bgpvpn/api.html

  • 7

    How it works with Neutron+BaGPipe

    Neutron

    compute node

    BGP

    Peers

    VMs

    BGP

    VPN

    routes

    packets carried

    over MPLS

    towards VPNs

    API

    BGPVPN

    Service Plugin

    bagpipe

    driver OpenVSwitch

    Neutron OVS

    agent bagpipe BGP

    Openstack

    message bus

    bagpipe

    extension

  • 8

    Neutron

    SDN Controller

    BGP

    Peers

    driver for

    backend X

    BGP

    VPN

    routes

    packets carried

    over MPLS

    toward VPNs

    API

    BGPVPN

    Service Plugin

    REST

    How it works with an SDN Controller e.g. OpenDaylight, OpenContrail, Nuage Networks

    driver for SDN

    Controller X compute node

    VMs

    NBI

    BGP

    SBI

    VMs

    compute node

    VMs VMs

    vswitch vswitch

  • 9

    Status

    First release (was in December)

    works with Openstack last release (Liberty)

    base features:

    BGPVPN, Network associations, Router associations

    Neutron CLI support

    includes drivers for:

    Neutron ML2/OpenVSwitch (with bagpipe)

    OpenDaylight

    OpenContrail

    (Nuage Networks driver is coming, out of tree)

    Available backports for two previous releases

    Juno

    Kilo

  • 10

    Diversification of Contributors!

    http://stackalytics.com/?module=networking-bgpvpn&metric=patches&release=mitaka

    project startup

    period

    (May-Oct. 2015)

    now (past 5 months)

    http://stackalytics.com/?module=networking-bgpvpn&metric=patches&release=mitakahttp://stackalytics.com/?module=networking-bgpvpn&metric=patches&release=mitakahttp://stackalytics.com/?module=networking-bgpvpn&metric=patches&release=mitakahttp://stackalytics.com/?module=networking-bgpvpn&metric=patches&release=mitaka

  • 11

    What is next ?

    Next release will target Openstack Mitaka

    Already ready:

    Heat support

    bagpipe driver improvements

    Planned

    GUI in Openstack dashboard (Horizon)

    driver support for E-VPN (API already here)

    static routes

    prefix aggregation

  • 12

    Future / Radar

    intra-DC inter-tenant

    inter-DC

    inter-DC / Neutron2Neutron

  • 13

    A word on OPNFV

    Openstack networking-bgpvpn project has a peer project SDNVPN in OPNFV

    The Neutron BGPVPN Interconnection service plugin and the OpenDaylight

    driver are part of OPNFV very recent release (Brahmaputra, March 1st)

    OPNFV triggered very useful contributions around Openstack work

    installer support

    Fuel

    APEX/RDOManager

    functional testing (Tempest, Functest)

    More to come this year

    OPNFV can be a strong catalyzer for Telco work in Openstack

  • 14

    Conclusions

    Openstack networking-bgpvpn is a new service exposing an API, letting

    admins give tenant control over how their Openstack networks and routers are

    interconnected with BGP VPNs

    One Neutron service + API, with driver mapping toward SDN controllers

    but also usable without a controller !

    A practical one-year illustration of a possible way to kickstart Telco-specific

    work in Openstack

    Were happy to have be joined by others having a mutual interest in moving

    this forward !

  • 15

Search related