Post on 17-May-2018
Networking in OpenStackNeutron, SDN, NFV, Containers
Rossella Sblendido
Team Lead Networking
rsblendido@suse.com
2
Traditional networking
3
Limitations of Traditional Networking
4
It's hardware centric!
5
Closed system
● Vendor specific software● Costly● Hard to inter-operate
6
Not scalable!
7
No abstractions
● Hard to maintain● Hard to innovate● Hard to experiment
8
Server virtualization
VLANs are not flexible enough (e.g. server is moved)
Traffic differs from the classic server-client model
9
Connect a new machine
1. Reach the place
10
Connect a new machine
1. Reach the place
2. Plug the cable
11
Connect a new machine
1. Reach the place
2. Plug the cable
3. Configure
12
OpenFlow
13
OpenFlow
● Open standard● Separation of control plane and data plane
● OF switch has flow tables● OF controller programs the flow entries
● Flow = match + action
14
OpenFlow switch
15
SDN
16
What's SDN?
● Separate control plane from data plane● Centralization of control● Program a network vs configure network
17
Overlay network
● Encapsulation decouples a network service from the underlying infrastructure
● Per-service state is restricted at the edge of the network
Image from ipcraft.net
18
Connect a new machine in the virtual world
19
NFV
20
What's NFV?
21
NFV benefits
● Agility● Reduced costs● Faster time to market● Interoperability
22
OPNFV
● Open Source platform for deploying NFV solutions
23
Networking in OpenStack
24
Neutron
● Neutron is an OpenStack project to provide “networking as a service” between interface devices (e.g., vNICs) managed by other Openstack services (e.g., nova)
● provides a powerful API to define the network connectivity
25
Neutron abstractions
● Network: L2 broadcast domain● Subnet: a block of v4 or v6 IP addresses and associated
configuration state.● Port: a connection point for attaching a single device, such
as the NIC of a virtual server, to a virtual network. Also describes the associated network configuration, such as the MAC and IP addresses to be used on that port.
● Router: interconnects networks
26
Modular architecture
● Plugin: custom back-end implementation of the Networking API
● Neutron-server: exposes the API
27
Neutron agents
● L2 agent● DHCP agent● L3 agent● Metadata agent
28
Neutron advanced services: LBaaS
● Pools● Virtual IPs● Listeners● Health monitors
29
Neutron advanced services: VPNaaS
● IPSec● OpenSwan
30
Neutron advanced services: FWaaS
● Enhanced router
31
Containers
32
Containers are cool but...
● Containers need to be reachable● Containers need to be connected together
Image from patgt.net
33
Kuryr
● Neutron Stadium● Map container networking abstraction to the Neutron API● Bring containers and VMs together under one API
34
Kuryr: how it works
● Maps libnetwork API into Neutron API● Leverages the networking services provided by Neutron
35
Thanks!Questions?