Under the Trenchcoat: Neutron Agent Extensions

Under the Trenchcoat:Neutron Agent Extensions

Margaret Frances (Comcast)Nate Johnston (Comcast)David Shaughnessy (Intel)

October 27, 2016

Under the Trenchcoat: Neutron Agent Extensions3

• David Shaughnessy

- Co-author, DSCP implementation of the QoS agent extension

- Currently developing the OvS flow manager

• Nate Johnston

- Core contributor for neutron-fwaas

- Co-author, DSCP implementation of the QoS agent extension

- Co-author, L2 and L3 agent extension generalization, L3 extensions interface, L3 agent extension API

- Co-author, FWaaS L3 agent extension

• Margaret Frances

- Co-author, L2 and L3 agent extension generalization

- Co-author, L2 and L3 agent extension generalization, L3 agent extension API

- Co-author, FWaaS L3 agent extension, FWAAS v2 L3 agent extension

- Co-author, QoS plugin refactor

- Helped design the OvS flow entry mechanism to allow multiple agent extensions access without contention

Who we are

Section 1: History of Neutron Agent Extensions

History of Agent Extensions


Neutron agent extensions have their origins in the Quality of Service (QoS) effort during the Kilo and Liberty cycles. They were implemented in the ”feature/qos” branch of Neutron by:

• Moshe Levi (moshele) • Irena Berezovsky (irenab)

• Miguel Angel Ajo Pelayo (ajo) • Ihar Hrachyshka (ihrachys)

Problems with Extending the Neutron Agent

Agent extensions were originally intended to solve the following problems:

1. Any new feature that required an agent-side implementation was getting crammed into the agent code without any good structure.

2. External projects, like advanced services, were unable to extend agent functionality without overriding the agent. This was seen in the L3 agent especially.

3. Even with inheritance-based extending the agent, using more than one external service was very difficult.


The Origin of Agent Extensions

Neutron agent extensions arose to meet these challenges.

1. The extension manager (subclassed from stevedore's NamedExtensionManager) loads agent extensions at run-time

2. The agent sends messages to the extensions manager, which forwards them to the extensions


The First Implementation: Quality of Service

• Network Quality of Service (QoS) is an L2 concept that extends the idea of the network port by adding regulation of data flows.

• A new object was created, the QoSPolicy object, to specify the QoS configuration for a given port.

• QoSPolicy was made an attribute of the port, so that updates to port data would include the relevant QoS information.


Getting Information There: Notification Drivers

• A facility needed to be created to synthesize port updates necessary only to transmit the QoSPolicy to the agent.

• QoS Notification Driver is notified anytime a change occurs to a QoSPolicy object. • When that occurs, a new RPC event is synthesized that contains only the QoSPolicy

changes, and is distributed to the agents.


DSCP: Origin of the L2 Agent Extension API

• DSCP: QoS feature that modifies egress traffic using the integration bridge’s flow table.• Neutron Agent generates a random cookie_id to identify stale flows.• The cookie_id values can be requested from the integration bridge object.• Neutron’s integration bridge is exposed through the Agent Extensions API.


Making Agent Extensions Generic

The Neutron L3 agent had the same challenges as the Neutron L2 agent.• A generic extension framework was created.• The L2 extension framework was modified to derive from the generic framework.• The L2 Agent calls extensions on Port events.• The L3 Agent calls extensions on Router events.


The Second Implementation: FireWall-as-a-Service

• FWaaS was incompatible with the L3 agent at the start of Newton.• Required the development of an L3 extensions framework to integrate with the L3

agent.• FWaaS L3 agent extension establishes its own RPC topic for firewall updates.• Utilizes an Agent Extension API to retrieve the router_info variable to gain access to

network namespace.


Section 2: Agent Extensions Deep Dive


• We want to run an indefinite number of agent extensions simultaneously

• We want to be able to implement a new extension without touching agent code

• We want to be able to enable a new extension without touching agent code

• Agent extensions should have access to agent resources

Agent Extensions: Goals and Concerns




The framework:1. The agent…

• instantiates the extensions manager• sends the manager messages to forward to the extensions

2. The extensions manager…• subclasses stevedore’s NamedExtensionManager • loads agent extensions• broadcasts agent requests to all extensions

3. An abstract base class defines an interface for the extensions

Your extension must:

1. Derive from the abstract base class

2. Implement any other required methods

You must:

3. Create an entry point and register it with the caller

4. Define a unique namespace for the API

Stevedore’s NamedExtensionManager: Load Extensions at Runtime


Neutron’s agent_api: A Window



The framework:1. The agent_api…

• is initialized with agent data that the extensions will need• defines methods that expose this data

2. The agent… • instantiates the extensions manager• instantiates the API with agent-specific data• sends this loaded agent_api to the extensions manager• sends the manager messages to forward to the extensions

3. The extensions manager…• subclasses stevedore’s NamedExtensionManager • defines a unique namespace for the API• loads agent extensions• forwards the agent_api to the extensions• broadcasts agent requests to all extensions

4. An abstract base class…• defines an interface for the extensions• defines consume_api() and initialize() methods for the extensions

Neutron’s agent_api: Expose Agent Data to Agent Extensions


Your extension must:

1. Derive from the abstract base class

2. Implement consume_api() to accept the agent_api

3. Implement initialize() to do any initialization work, such as sending the agent_api to a driver, for example

4. Implement any other required methods

5. Create an entry point and register it with the caller

Your extension may:

6. Utilize data and methods provided by the received agent_api

7. Access global resources in the agent (e.g., RabbitMQ connection, oslo log objects, oslo config objects.)

Neutron’s agent_api: Expose Agent Data to Agent Extensions Part 2

22 Under the Trenchcoat: Neutron Agent Extensions

L3 Agent Extensions: The Players


The framework:

An agent extension (FWaaS):

L3: The Agent Extension API


L3: The Agent


L3: The Agent Extensions Manager


L3: The Extensions’ Abstract Base Classes


L3: The FWaaS Agent Extension



Each extension creates an entry point and registers it with the agent:

L3: Entry Points


• We want to run an indefinite number of agent extensions simultaneously

• We want to be able to implement a new extension without touching agent code

• We want to be able to enable a new extension without touching agent code

• Agent extensions should have access to agent resources

Agent Extensions: Goals and Concerns

✓✓

✓

✓

31 Under the Trenchcoat: Neutron Agent Extensions

L2 Agent Extensions: The OVS Agent Players


The OVS framework:

The QoS agent extension with an OVS driver:

L2: The OVS Agent Extension API


L2: The OVS Agent


L2: The Agent Extensions Manager


L2: The Extensions’ Abstract Base Classes


L2: The QoS Agent Extension


L2: The OvS QoS Driver


Section 3: Use Cases for Agent Extensions

40

L2 extension Use Cases

The use cases for L2 Extensions include:

- Quality of service, limiting or modifying traffic on an individual Neutron port.

- Tap-aas, mirroring traffic from a Neutron port to another port for debug purposes.

- Firewalls, filtering traffic at the Neutron Port.

Under the Trenchcoat: Neutron Agent Extensions

41

L3 extension Use Cases

The use cases for L3 Extensions include:

- Firewalls, Enforcing Access Control Lists at network gateways.

- Load balancing, Redirecting incoming traffic to other Neutron ports from the network gateway.

- Virtual private networks.


42

Future work

Work planned that impacts Neutron Agent Extensions:

- L2 OvS Flow Manager:- Manage the use of Open vSwitch's flow table between extensions to facilitate

extension interoperability.- Spec: https://review.openstack.org/#/c/320439/- Implementation: https://review.openstack.org/#/c/323963/

- Neutron Common Classification Framework:- Provide a common and consistent API for Neutron and its extensions to classify

traffic. - Spec: https://review.openstack.org/#/c/333993/- Implementation: https://github.com/openstack/neutron-classifier


https://review.openstack.org/%23/c/320439/






https://github.com/openstack/neutron-classifier

https://github.com/openstack/neutron-classifier

Addendum: Making Your Own Agent Extension

44

How do you make an agent extension?

• Extension Descriptor- Designing a Resource Attribute map

• Service plugin

• Agent plugins- L3 agent extensions- L2 agent extensions- Agent Drivers

• Extending the Neutron Client

• Creating the Devstack plugin


45

Extension Descriptor

• Describes the Extension to the Neutron Agent it will extend.


46

Resource Attribute Map

• Describes the custom data types to the agent that this extension will use.


47

Service Plugin

• Extends the Neutron REST API.• Posts updates to the database.


48

L3 Agent Plugin

• Is loaded into a Neutron L3 agent’s (q-l3) extension manager.


49

L2 Agent Plugin

• Is loaded into the Neutron agent’s (q-agt) extension manager.


50

L2 Agent Drivers

• When an extension is loaded a driver_type is passed into the agent plugin.


51

Extending the Neutron Command Line Interface

• Extending the Neutron CLI can be done the same way as the Neutron Agents.


52

Devstack plugin

• Allows your project to be built by the devstack deployment tool.


Resources


• Agent extensions devref: http://docs.openstack.org/developer/neutron/devref/agent_extensions.html#

• Plugins, extensions, and entry points: http://docs.openstack.org/developer/stevedore/tutorial/creating_plugins.html

• Stevedore’s extension manager classes: http://docs.openstack.org/developer/stevedore/managers.html#stevedore.extension.ExtensionManager

• DSCP summit talk (Austin, 2016): https://www.openstack.org/videos/video/neutron-dscp-policing-your-network

• QoS summit talk (Tokyo, 2015): https://www.openstack.org/videos/video/tokyo-3166

http://docs.openstack.org/developer/neutron/devref/agent_extensions.html

http://docs.openstack.org/developer/neutron/devref/agent_extensions.html

http://docs.openstack.org/developer/stevedore/tutorial/creating_plugins.html



http://docs.openstack.org/developer/stevedore/managers.html%23stevedore.extension.ExtensionManager

http://docs.openstack.org/developer/stevedore/managers.html%23stevedore.extension.ExtensionManager

https://www.openstack.org/videos/video/neutron-dscp-policing-your-network

https://www.openstack.org/videos/video/neutron-dscp-policing-your-network

https://www.openstack.org/videos/video/tokyo-3166



54

Legal Notices and Disclaimers

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer.

No computer system can be absolutely secure.

Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance.

Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.

© 2016 Intel Corporation © 2016 Comcast Corporation


http://www.intel.com/performance

56

QR Codes

A Neutron extension project that provides the skeleton of an out-of-tree Neutron extension:


Slides for this talk:

57

Any Questions?

Nate Johnston [email protected]

Margaret Frances [email protected]

David Shaughnessy [email protected]


mailto:[email protected]




Technology

Under the Trenchcoat: Neutron Agent Extensions