vBrownBag OpenStack Networking Talk

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Kyle Mestery

Technical Leader, Office of the Cloud CTO, Cisco

Mark Voelker

Technical Leader, SDU, Cisco

OpenStack Networking

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 2

PLEASE NOTE: OpenStack Quantum is now called purely OpenStack Networking


Before we start …


Real OpenStack Networking Hackers Code In The Snow


OpenStack + Networking: beginnings of a virtual data center• Advantages of cloud computing

On-demand virtualized resources, self-service, lower cost

Resources managed by others

• Ability to create your own isolated private networks

• Extensible

• Challenge!!Easy-to-use

Minus the complexity of the traditional data center

Should work with different networking infrastructure

OpenStackNetworking


OpenStack Design Summit April 2011

• Compute service (EC2): virtual machines• Specify vCPU, Memory, Disk

• Launch instance (image, mem_size, disk)

• Suspend, clone, migrate

• Storage service (S3, EBS): virtual disks• Specify storage amount, access rights

• Store object

• Create/attach block

• What to do about networks?Simplistic implementation

Embedded in the compute component

App Svr

OS

VM

??


2011 Design Summit - community-driven merger of proposals

NetworkServicePOCNTT/Midokura

NetworkContainersCisco

NetworkServiceCitrix/Rackspace/Nicira

NaaS Core DesignIntel

… more

OpenStackNetworking


OpenStack Networking ServiceResource abstractions and service interfaces

• Compute service (EC2): virtual machines• Launch instance (image, mem_size, disk)

• Suspend, clone, migrate

• Storage service (S3, EBS): virtual disks• Store object

• Create/attach block

• Network service (OpenStack Networking): virtual networks• Create/delete private network

• Attach VM to network resource

• Create subnets and routers

• Work with different networking environments

App Svr

OS

VM

App Svr

OS

VM

App Svr

OS

VM


OpenStack Networking: A first class citizen in cloud computing

Cloud Platform - Developer API

Compute(Nova)

Servers

Storage(Swift)

Disks

Network(Quantum)

Networks

Identity(Keystone)

Portal(Horizon)

Images(Glance)

Applications OtherServices

Folsom Release


OpenStack Networking Abstractions Virtual Networks:

A basic dedicated L2 network segment

Common realization is a VLAN

Virtual Ports:

Attachment point for devices connecting to virtual networks.

Ports expose configuration and monitoring state via extensions (e.g., ACLs, QoS policies, Packet Statistics)

Subnets:

An IPAM construct to store CIDR

Also allows to set the Gateway IP and host routes

Virtual Routers

Per tenant routers


OpenStack Networking Plugins & Extensions Plugin:

Realization of the OpenStack Networking abstractions

Supports different back-end technologies and vendors

One plugin per OpenStack Networking deployment (there could be sub-plugins managed by the main plugin)

Examples: Linux Bridge Plugin, OVS Plugin, Cisco (Nexus)

Extensions:

API Extensibility for new or back-end specific features

Example: Port-profiles, quality-of-service, etc.


Extending OpenStack Networking to support L3 Constructs Routing within the

tenant (support multi-tier topologies)

Overlapping IP addresses

Support gateways – Internet, VPN

Support other L3 services – LB, Firewall, Caching, etc.

Hybrid Cloud (Public + Private)

Further evolve OpenStack Networking to be a multi-tenant network service for creating virtual data centers (application specific topologies + network services)


OpenStack Networking Plugins in Grizzly• BigSwitch

• Brocade

• Cisco Nexus

• Hyper-V

• Linux Bridge

• Meta Plugin

• Midokura Midonet

• NEC OpenFlow

• Nicira NVP

• Open vSwitch

• PLUMgrid

• Ryu OpenFlow


Big Changes in OpenStack Networking in Grizzly• Large increase in the number of plugins upstream

• LBaaSFramework

Drivers

More to come

• Multiple agent supportSimple scheduler

Ability to balance tenants across multiple network nodes

Cannot balance a tenant across multiple nodes (planned for Havana)


So what does this all look like?


Quantum L2 Agent

Nova Compute

Control Node

Quantum L2 Agent

Nova Compute

Control Node

Typical Grizzly OpenStack Networking Deployment w/ OVS

Quantum Serverand Plugin

Nova

…

Quantum L2 Agent

Nova Compute

Control Node Compute Node

Quantum L2 Agent

Quantum L3 Agent

Quantum DHCP Agent

Network Node

External Network

Management Network

Data Network

br-ex

ethX

ethX

ethX

Quantum L2 Agent

Quantum L3 Agent

Quantum DHCP Agent

Network Node

Quantum L2 Agent

Quantum L3 Agent

Quantum DHCP Agent

Network Node


Host Network


Host Networking: OVS

eth0

Tenant B Network

Management Network

Data Network

eth1 eth2

bond0

VM1 VM1 VM1

br-int

Tenant A Networkbr-tun

Linux Bridge Linux Bridge Linux Bridge Security Groups rules applied here

VLANs used for isolation amongst tenants here

GRE Keys used to isolate tenant traffic in the tunnel


Cisco Plugin in Grizzly


Tenant A – VLAN 100 VM 1

10.0.0.3

Nexus 3K

br-int

eth0

br-eth0

Host 1

Tenant B – VLAN 200 VM 1

10.0.1.3

br-int

eth0

br-eth0

Host 2

Tenant A – VLAN 100 VM 2

10.0.0.4

Nexus 3K

br-int

eth0

br-eth0

Host N-1

Tenant B – VLAN 200 VM 2

10.0.1.4

br-int

eth0

br-eth0

Host N

Quantum

Controller Node

Cisco NexusPlugin

Nexus Interface

Driver

QuantumOVS

Plugin

VLAN 100 VLAN 200 VLAN 100 VLAN 200

eth0 eth0 eth0 eth0

Communication with plugin agents on hosts

Communication with Nexus switches using Netconf

…

Technology

vBrownBag OpenStack Networking Talk