Post on 15-Apr-2017
Neutron 201
About Me
• Senior Developer at Akanda inc
• Former RefStack PTL
• Past Engineer at BlueBox, Piston, and HP
Where are we headed today?
• OpenStack Neutron Networking Basics
• Advanced Services: LBaaS, VPNaaS, FWaaS
• Neutron: Liberty and Beyond
OpenStack Neutron Networking Basics
OSI Model
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer
1
2
3
4
5
6
7
TCP, UDP
IPv4,IPv6, ICMP
HTTP, DNS, etc
ARP, Ethernet, VLAN
OpenStack
Neutron
Reference Neutron
neutron-server
Database
L3 AgentL3 AgentL3 Agent
Advanced ServiceAdvanced
ServiceAdvanced Services
Message Queue
DHCP AgentDHCP AgentDHCP Agent
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agents
neutron-server
REST API SERVICE
RPC SERVICE
PLUGIN
Plugin Extensions
• Add logical resources to the REST API
• Discovered by server at startup
• REST: /v2.0/extensions
• Common Extensions
• Binding, DHCP, L3, Provider, Quota, Security Group
2 types of plugins..
MonolithicPlugin
Mech Mgr
Modular Plugin
Type Mgr
Monolithic Plugin
Typical among sdn vendorsThey come in two varieties;
• Proxy
• Direct control
PLUGIN
Modular Plugin
Delegates calls to proper drivers
• Two kinds of drivers
• Type Driver
• Mechanism Driver Mech Mgr
PLUGIN
Type Mgr
Flat vs Not..
IsolationVLAN
• 802.1Q
• limited
• underlay must support
GRE/VXLAN
• L2 encapsulated in L3
• routable
• overlay independence
Tunneling
A
D
CB
Neutron Advanced Services
ReferenceImplementation
Load Balancer V2
HAProxyOctavia Projecthttp://octavia.io
VPN as a Service
OpenSwan
Router
Metadata Proxy
VPN Driver
● Reference implementation uses OpenSwan
● Details can be found at: https://wiki.openstack.org/wiki/Neutron/VPNaaS
Firewall as a Service
• Reference Implementation is Currently Experimental and not production ready
• Whats next?
L3 Agent
Router
Metadata Proxy
Firewall Driver
Akanda
What is Akanda● Akanda is a multi-process, multi-
threaded Neutron advanced services orchestration service
● It currently supports routers and in the future, load balancers, VPNs and firewalls
Core Akanda Principles● Simple ● Compatible● Open Development (Apache v2)
The Rug really tied the room together
Reference Neutron
neutron-server
Database
L3 AgentL3 AgentL3 Agent
Advanced ServiceAdvanced
ServiceAdvanced Service
Message Queue
DHCP AgentDHCP AgentDHCP Agent
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agents
Neutron + the Rug
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agent
Message Queue
L3 AgentL3 AgentService Instance
neutron-server
Database
Akanda (the rug)
Router Instance Lifecycle● Router per tenant distributed throughout
the cluster
● The router controls the data flow at layer 3 level of the TCP/IP network stack
Akanda Project Details● Get the source: https://github.
com/stackforge/akanda
● Project status and tarballs: https://launchpad.net/akanda
● Documentation: http://docs.akanda.io
● IRC - #akanda on freenode.net
Neutron: Liberty and Beyond
OpenStack’s Big Tent
• Open Design
• Open Development
• Open Community
• Open Source
The Neutron Stadium
• Common Forum
• Improved Consistency
• Shared Governance
Neutron: Liberty• IPAM
• BGP Speaker
• NFV Enhancements
• Service Function Chaining
• Enhanced Security Groups
• Paying Down Technical Debt Canadian2006 - Liberty, Saskatchewan (CC-by-sa-3.0)
commons.wikimedia.org/w/index.php?title=User:Canadian2006&action=edit&redlink=1
Questions