OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutron ?

Post on 06-May-2015

1.073 views 1 download

description

Paris, 5th December 2013 : OpenStack in Action 4! organized by eNovance, brings together members of the OpenStack community.

Transcript of OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutron ?

What's new in virtual OpenStack networking

from eNovance import Neutron

Sylvain Afchain •  Senior Developer •  Neutron contributor

Emilien Macchi

•  OpenStack Engineer •  Automation, deployments

Founded 2008 Team 90+ Growth 200% Clients 200+

Neutron

“Pluggable, scalable, API-driven network and IP management”

New features in Havana

Before ML2...

Neutron server with

Open-vSwitch plugin

Neutron server with

Linux Bridge plugin

OR OR...

ML2 (Modular Layer 2)

•  New reference plugin •  Handles numerous of L2 technologies: Flat, VLAN,

VXLAN, GRE •  Works with existing drivers: Linux Bridge, Open-vSwitch,

Arista, Cisco, Hyper-V •  New mechanism: L2 population (partial-mesh and

forwarding table population)

Before L2 population...

Full mesh

With L2 population

Partial mesh

FWaaS

VM

BR-INT

BR-EX

VM

VROUTER

SECURITY GROUPS

Without...

Layer 2

Layer 3

FWaaS

VM

BR-INT

BR-EX

VM

VROUTER

SECURITY GROUPS

With... VM

BR-INT

BR-EX

VM

VROUTER

FIREWALL

SECURITY GROUPS Layer 2

Layer 3

FWaaS (Firewall as a Service)

•  Service plugin + Agent + Drivers •  Concept: IPtables rules on virtual routers •  Drivers: IPtables or vArmour •  Complements Security Groups

VPNaaS (virtual private network)

•  Scope: Layer 3 Site-to-site (IPsec) •  Experimental in Havana •  Only preshared keys, no certificates •  OpenSwan as default driver

VPNaaS

VM VM VM

VPN

Router Router

10.0.0.4 10.0.0.5

172.24.1.0/24

10.1.0.5

10.1.0.1

172.24.1.22

10.0.0.1

172.24.1.21

Metering

•  Service plugin + Agent + Drivers •  Concept: IPtables rules on virtual routers •  Drivers: IPtables •  Collects traffic counters with labels and sends to Ceilometer •  Next steps: use metering for Layer 3 scheduling

Roadmap to Icehouse

L3 high availability

•  Bring high availability on virtual routers •  Delete SPOF in L3 Agent •  Allow routers to be scheduled on two L3 Agents •  Master / Slave model •  VIP managed by Keepalived •  TCP sessions managed by conntrackd •  Add new L3 schedulers

L3 high availability

VM

BR-INT

BR-EX

Internet

VM

VROUTER

Without...

L2 Agent

L3 Agent

VM lost connectivity

L3 high availability

VM

BR-INT

BR-EX

Internet

VM

VROUTER

Without...

L2 Agent

L3 Agent

With...

VM lost connectivity

VM

BR-INT

BR-EX

Internet

VM

VROUTER 2 L3 Agents VROUTER

External connectivity is backuped

L3 on edge? (proposal)

•  Move floating IP on compute nodes •  Improve North-South traffic •  VMs without floating IP continue to use L3 agent to

reach external networks •  VMs with floating IP reach external network on the

compute edge.

Havana follow-up

•  VPNaaS: SSL support with OpenVPN driver •  VPNaaS: Layer 2 private networks (L2TP, MPLS) •  LBaaS: new drivers (vendors) •  Metering: improve API to get traffic counters

Icehouse: new puppies

•  L2 driver for OpenDaylight •  Framework for Advanced Services in Virtual Machines •  Neutron server is multi-workers •  More Tempest coverage (QA) •  L3 scheduling improvements

Questions ?

sylvain@enovance.com

@eNovance

emilien@enovance.com