BreakingtheIcewithOpenStackNeutron

MuneebAhmad

Aboutme..

Senior Design Engineer at PLUMgrid Inc with over three years of experience inimplemenFng soGware-defined networking (SDN), high availability, distributedsystemsandAPIs.AnacFvememberoftheOpenStackcommunity,withcontribuFonsinthenetworkingecosystem,focusedprimarilyonNeutronprojectinOpenStack.

@smuneebahmed

muneeb@plumgrid.com

WhatisOpenStack?•  OpenStackisacloudmanagementsystemthatcontrolslargepoolsof

compute,storage,andnetworkingresourcesthroughoutadatacenter,allmanagedthroughadashboardthatgivesadministratorscontrolwhileempoweringtheiruserstoprovisionresourcesthroughawebinterface.

OpenStackCoreServicesCompute(Nova)providesvirtualserversondemand.ComputeresourcesareaccessibleviaAPIsfordevelopersbuildingcloudapplicaFonsandviawebinterfacesforadminsandusers.Thecomputearchitectureisdesignedtoscalehorizontallyonstandardhardware.

Network(Neutron)isapluggable,scalableandAPI-drivensystemformanagingnetworksandIPaddresses.ItallowsuserstocustomizenetworkseTngs,thenprovisiondifferentnetworktypes(suchasflatnetworks,VLANsorvirtualprivatenetworks)ondemand.

BlockStorage(Cinder)providespersistentblockstorageguesttoguestVMs.They’remeanttobeassignedtocomputeinstancestoallowforexpandedstorage.TheCindersoGwaremanagesthecreaFonoftheseblocks,plustheoperaFonsforaYachinganddetachingtheblockstocomputeservers.

OpenStackCoreServices(Conceptual)

Neutron

NeutronOverview•  IncubaFonprojectinApril2011•  PromotedtoCoreProjectatFolsomSummit(April2012)•  NeutronsolvestwomainproblemsinNova–Network:

1.  Limitednetworkingtechnologyo  Basiclinuxbridging-basedimplementaFono  Limitedfeatures(ACL,QoS,VPN?)o  LimitedmulF-tenancyisolaFon–802.1qVLANtags

2.  LimitedUser/Tenantcontroloverthenetworko  Tenantcannotcreatetheirownnetworktopologieso  TenantcannotleveragedifferentnetworkvirtualizaFontechnologies

WhyuseNeutron?•  ProvidesRESTAPIstomanagenetworkconnecFonsforthe

resourcesmanagedbyotherOpenStackservices(e.g.Nova)•  Createrichtopologies•  TechnologyagnosFc•  Extensible•  MulF-tenancy:IsolaFon,AbstracFon,fullcontrolovervirtual

networks•  Modulardesign:APIspecifiesservice,vendorprovidesits

implementaFon•  AdvanceServicesSupport(LB,VPN,Firewall)

Whatdoestheusersee?

AbstracFons

DesignGoals•  UnifiedAPI

•  SmallCore

•  PluggableOpenArchitecture

•  Extensible

Architecture

BasicDeployment

neutron-server

•  RESTAPI•  HTTP(S)PythonWSGIApplicaFon

•  CustomaryTCPportis9696

•  Exposeslogicalresources

o  networkso  subnetso  ports

•  Request/ResponseSerializaFon

neutron-server

•  RPCService•  AMQPviaOslomessaging

modules

•  EnablesbidirecFonalagentcommunicaFon

•  OpFonal

neutron-server•  PLUGIN

•  WriYeninPython

•  OnlyoneisacFve

•  MustimplementV2APIcalls

•  OpFonaldatabaseaccess

•  OpFonalextensionsupport

ThePlugincore_plugin=neutron.plugins.ml2.plugin.Ml2Plugin

ThePlugincore_plugin=neutron.plugins.ml2.plugin.Ml2Plugin

PluginExtensions•  AddlogicalresourcestotheRESTAPI

•  Discoveredbyserveratstartup:

–  REST:/v2.0/extensions

•  Commonextensions:–  Binding,DHCP,L3,Provider,Quota,SecurityGroups

•  Otherextensions:–  ExtraRoutes,Metering

BooFngaVM

•  novaboot

BooFngaVM

•  novaboot

•  createport•  noFfyDHCPofnew

port

BooFngaVM

•  novaboot

•  createport•  noFfyDHCPofnew

port

•  createdevice

•  wireport

•  boot

Summary•  UnifiedAPI

•  SmallCore

•  PluggableOpenArchitecture

•  MulFpleVendorSupport

•  Extensible

I’veGotIt!

Acknowledgements•  www.docs.openstack.org•  hYp://developer.openstack.org/api-ref-networking-v2.html•  hYp://docs.openstack.org/admin-guide-cloud/index.html•  hYp://www.slideshare.net/markmcclain/inside-architecture-of-neutron