Click here to load reader

Openstack Neutron & Interconnections with BGP/MPLS VPNs

  • View
    253

  • Download
    3

Embed Size (px)

Text of Openstack Neutron & Interconnections with BGP/MPLS VPNs

  • OPENSTACK NEUTRON & INTERCONNECTIONS WITH BGP/MPLS VPNS

    Paul Carver Tim Irnich Thomas Morin

  • NFV

    POPs

    A NEED TO INTERCONNECT OPENSTACK AND BGP/MPLS VPNS

    BGP/MPLS VPNs:

    a key building block for backbone network engineering

    the foundation for operators VPN services

    How to drive interconnections between Openstack and BGP/MPLS VPNs ?

    public

    cloud IP/MPLS

    backbones

    core & access

    NFV

    POPs internal cloud

    platforms &

    OSS

    business,

    mobile,

    residential

    customers

    existing BGP VPN

    deployments

    and new uses for

    NFV and inter-DC

  • ONCE UPON A TIME

    Back in 2012

    Some SDN controllers had support to create connectivity with BGP VPNs

    each with its own API

    not multi-tenant APIs

    Between 2012 and 2014 some unsuccessful attempts at bringing the ability to interconnect BGPVPNs into Quantum/Neutron

    by NTT (Nati Ueno), Contrail (Pedro Marques), Orange

    Neutron community not yet familiar enough with this Telco stuff

    Neutron less modular technically and organizationally

    hard to meet the light reference implementation criteria

    This changed in 2015 !

  • NETWORKING-BGPVPN INCEPTION

    Early 2015

    Neutron became more modular

    Openstack Big Tent and Neutrons Stadium

    Growing awareness of Telco things in Neutrons community

    June 2015

    group of interested contributors, including Orange, Ericsson, AT&T, Cloudwatt

    early API draft refined based on past attempts

    an early API+driver implementation made opensource

    networking-bgpvpn was created in Neutron Stadium

    Since

    Releases for Liberty, Mitaka, Newton

    Backports for Juno and Kilo

    Steadily improving and extending

  • CURRENT STATUS

    Newton release of networking-bgpvpn: October 13th 2016

    base features:

    BGPVPN definitions L2

    L3

    Network associations, Router associations

    Neutron CLI support

    includes drivers for:

    Neutron ML2/OpenVSwitch (with bagpipe)

    OpenDaylight

    OpenContrail

    Nuage Networks (out of tree)

    additional features:

    full Heat binding

    Horizon GUI

    Tempest suite

  • NEUTRON BGP VPN INTERCONNECTIONS SERVICE PLUGIN

    OVERVIEW

    Neutron

    BGP

    Peers

    dataplane (vswitch/ vrouter)

    VMs

    Backend X (e.g. Neutron+Bagpipe, OpenDaylight,

    OpenContrail, Nuage, etc.) API

    BGPVPN

    Service Plugin

    packets carried

    over MPLS

    to/from VPNs

    BGP

    VPN

    routes

    driver for

    X

    ?

  • Neutron

    SDN Controller

    BGP

    Peers

    driver for

    backend X

    packets carried

    over MPLS

    to/fromVPNs

    API

    BGPVPN

    Service Plugin

    REST

    BGP

    VPN

    routes

    HOW IT WORKS WITH AN SDN CONTROLLER

    E.G. OPENDAYLIGHT, OPENCONTRAIL, NUAGE NETWORKS, ETC.

    driver for SDN

    Controller X compute node

    VMs VMs

    compute node

    VMs VMs

    vswitch vswitch

    NBI

    BGP

    SBI

  • HOW IT WORKS WITH NEUTRON OVS + BAGPIPE

    Neutron

    compute node

    BGP

    Peers

    VMs

    API

    BGPVPN

    Service Plugin

    OpenVSwitch

    br-int | br-tun | br-mpls packets carried

    over MPLS

    towards VPNs

    Neutron OVS

    agent

    BGP

    VPN

    routes

    bagpipe

    BGP

    bagpipe

    driver

    RabbitMQ ML2 as Core Plugin

    openvswitch

    mech driver

    bagpipe

    extension

  • NEW API RESOURCES

    (already existing

    API resources)

    Network X Router Y some user in

    Project Lambda

    Openstack Admin

    Network

    Association creates

    associations

    to setup

    interconnections

    BGP VPN

    default VPN

    Type: L3

    BGP Route-Target: 1234:42

    Tenant: Project Lambda

    Router

    Association

    creates a

    BGPVPN

    and gives it to

    Project Lambda

  • OPENSTACK NET-BGPVPN AND OPNFV SDNVPN

    OPNFV: a midstream integration project providing automated install of all required components for a given use case, as well as E2E testing of the said use case

    BGPVPN is such a use case

    gives upstream projects additional visibility if their changes break something at system level (i.e. when multiple components interplay)

    The OPNFV SDNVPN project aims at integrating a complete stack for BGPVPNs, focusing on cases where an SDN Controller is used

    however a Neutron/BaGPipe scenario is planned as well

  • COMPONENTS AND INTERFACES

    On top of baseline ODL-based OPNFV deployment

    Deploy BGPVPN API extension, service plugin and Heat extensions

    Activate relevant VPN features in Open Daylight

    Configure the stack

    Supported OPNFV installers

    Fuel

    Apex / TripleO

    Deployment scenarios and options

    HA and non-HA (=redundant OpenStack controller)

    Can be deployed nested/bare-metal DPN DPN

    Neutron

    Ext. APIs Core Neutron API BGPVPN API extension

    BGPVPN Service

    Generic Plugin

    ODL

    driver

    Other

    backend

    specific

    plugins

    ML2 Plugin

    ODL

    MD

    OpenDaylight Neutron NB

    BGPVPN

    Yang ext.

    ML2

    Yang

    Netvirt

    L2 E-LAN

    Service

    L3-VPN

    Service OF Plugin OVSDB

    DPN

    Driver

    B

    Driver

    C

  • OPNFV DEPLOYMENT SCENARIOS

    OPNFV deployment scenario = essentially a specific stack plus configuration that

    OPNFV installers can auto-deploy and

    That gets automatically tested in OPNFV CI

    Baseline scenarios maintained by installers

    NoSDN = just OpenStack with OVS & Neutron agent

    ODL_L2 = L2 networking done by ODL (ML2 plugin)

    ODL_L3 = ODL L3Router replaces L3Router, so L2/L3 networking handled by ODL

    SDNVPN scenario: derived from ODL_L3

  • DEMO: HOW TO DEPLOY OPNFV BGPVPN

    At the example of Fuel installer

    If youre interested in doing the same with Apex, come see us after the show

    Prerequisites:

    Fuel already deployed in a VM (using OPNFV Colorado 1.0 iso)

    VMs for compute nodes running & detected by Fuel

    Linux bridges for infra networks deployed

    Step 1: Check plugins

    Step 2: Create environment

    Step 3: Activate feature plugins

    Step 4: hit deploy & get some popcorn

    Step 5: test the system (manually or by running OPNFV test suites)

  • WRAP UP

    One API to allow tenants to control interconnections with their BGP VPNs

    Public/operator cloud business customers of MPLS VPN offers

    inter-DC, distributed cloud, edge cloud

    NFV multi-POP deployments

    Drivers for multiple SDN controllers and a Neutron implementation

    CLI interface, Horizon GUI, and Heat bindings

    Now / Soon / On the radar:

    complete E-VPN part of API

    remaining work to match Neutron Stadium requirements (more functional testing!)

    API evolution for finer-grained control of routing (static routes, preferences, route leaking)

    consider supporting multiple drivers/backends simultaneously

    see MPLS/GRE support land in OpenVSwitch (next MPLS/UDP!)

    expectations of improved feature parity among drivers

    Neutrons Stadium project working hand in hand with its OPNFV counterpart

    OpenStack / OPNFV

    contributors around BGP

    VPN

    Antoine Eiche

    Bruno Fernando

    douard Thuleau

    Cdric Savignan

    Daniel Radez

    Darek Smiegel

    Henry Gessau

    Jean-Philipe Braun

    Mathieu Rohon

    Michal Skalski

    Nikolas Hermanns

    Nishant Kumar

    Paul Carver

    Peter V. Saveliev

    Pierre Crgut

    R. R. Palleti

    Suresh K.

    Tim Irnich

    Tim Rozet

    Thomas Monguillon

    Thomas Morin

    Vishal Thapar

    Wim De Clercq

    Yannick Thomas