OpenStack Nova and Quantum

Dave Lapsleydlapsley@nicira.com

Outline

• What is the challenge?• How do Nova + Quantum meet the challenge?• What about AWS VPC?• Quantum Architecture• Where is Quantum headed?

Nova/Quantum Architecture

Adapted from http://ken.pepple.info/openstack/2011/04/22/openstack-nova-architecture/

Large data centers today can have around 2.4 million Virtual Machines

How do we manage and network these virtual machines and the

services built around them?

OpenStack provides an open-source, innovation-enabling platform for doing just

this

Open, scalable, secure, and manageable computing and

networking in the cloud*

* Storage too! But that’s an entire presentation in itself.

OpenStack Nova Virtualize Computation

How do we manage connectivity?

Quantum Virtualize Network

Quantum

• A standalone OpenStack service• Provides network connectivity between a set of

network interfaces from other services• Exposes API of logical abstractions for describing

network connectivity + policy between interfaces. • Uses a plug-in architecture, so multiple technologies

can implement the logical abstractions• Provides a technology agnostic platform for

sophisticated cloud network topologies

AWS VPC

• Amazon Web Service Virtual Private Cloud– “…lets you provision a private, isolated section of the

Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define.”

– Similar goals and functionality to OpenStack Quantum• But… different ecosystem– Closed system– Provided API and that’s it– Must use AWS

• Compare with Nova + Quantum

Quantum: Single Service

Quantum: Two Services

Quantum Architecture

Plugin communicates with external devices to implement logical abstractions from the tenant API

“Network agents” running on nova hypervisor fit within this model.

Plugin might manage just the network edge (e.g., a vswitch), or all network devices.

Plugin interface maps to “core” tenant API + admin API.

Virtual Network Abstractions (1)• Interface IDs:

– Services (e.g., nova, atlas) expose interface-IDs via their own tenant APIs to represent any device from that service that can be “plugged” into a virtual network.

– Example: nova.foo.com/<tenant-id>/server/<server-id>/eth0

• Networks:– Tenants use Quantum API to create networks, get back UUID: – Example: quantum.foo.com/<tenant-id>/network/<network-id>

• Ports:– Tenants can create ports on a network, get a UUID, and associate config with those ports (APIs for

advanced port config are TBD, initially ports give L2 connectivity):– Example: quantum.foo.com/<tenant-id>/network/<network-id>/port/<port-id>

• Attachments:– Tenants can “plug” an interface into a port by setting the attachment of a port to be the appropriate

interface-id. – Example: set quantum.foo.com/<tenant-id>/network/<network-id>/port/<port-id>/attach to value

“nova.foo.com/<tenant-id>/server/<server-id>/eth0” .

Virtual Network Abstractions (2)• Implementation Abstraction:

– At no time does the customer see details of how a network is implemented (e.g., VLANs).

• Explicit Association:– Association of interfaces with network is an explicit step more control.

• API Extensions:– Plugins can expose API extensions to introduce more complex functionality (e.g., QoS).

Extension support is queriable, so a customer can “discover” capabilities.

• Extension Refactoring:– API extensions that represent common functionality across many plug-ins can become part of

the core API.

• API Evolution:– Core API is currently simple, focused on connectivity. Core API will evolve.

Example Scenario

Example Scenario w/ VLAN Plugin

VLAN Plugin

• One VLAN per “network”• Hypervisor NIC is VLAN trunk, all switches are

trunked.• When an interface-ID is associated with a

network, plugin uses the edge binding to find the interface-location (a port on a vswitch) and puts that port on the correct VLAN.

Future Directions

• Applying for core project status for Folsom• Expect 5-10 new plugins in next 6 months.• Support for new overlay technologies like NVGRE +

VXLAN• L3 routing + Firewall capabilities via new Quantum API• VPN, data-center-interconnect technologies.• Closer integration with Melange (IP address

management)• Improved Horizon integration.

Summary• What is the challenge?

– Managing and networking data centers and their services• How do Nova + Quantum meet the challenge?

– Open, scalable, secure, and manageable computing and networking in the cloud*

• What about AWS VPC?– Great goals! Not open.

• Quantum Architecture– Network connectivity as a service, API of logical abstractions, plug-in

architecture, service pluggability.• Where is Quantum headed?

– Core status, new plugins, new technologies, L3/FW + new API, VPN DCI technologies, closer integration with IPAM and Horizon

Thank you

dlapsley@nicira.com

http://wiki.openstack.org/Quantum