Triangle OpenStack Meetup

20
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Kyle Mestery Technical Leader, Office of the Cloud CTO OpenStack Quantum

description

Slides on OpenStack Networking from the inaugural Triangle OpenStack Meetup.

Transcript of Triangle OpenStack Meetup

Page 1: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

Kyle Mestery

Technical Leader, Office of the Cloud CTO

OpenStack Quantum

Page 2: Triangle OpenStack Meetup

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 2

Before we start …

Page 3: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

Real Quantum Hackers Code In The Snow

Page 4: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

OpenStack + Quantum: beginnings of a virtual data center• Advantages of cloud computing

On-demand virtualized resources, self-service, lower cost

Resources managed by others

• Ability to create your own isolated private networks

• Extensible

• Challenge!!Easy-to-use

Minus the complexity of the traditional data center

Should work with different networking infrastructure

QuantumNetwork Service

Page 5: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

OpenStack Design Summit April 2011

• Compute service (EC2): virtual machines• Specify vCPU, Memory, Disk

• Launch instance (image, mem_size, disk)

• Suspend, clone, migrate

• Storage service (S3, EBS): virtual disks• Specify storage amount, access rights

• Store object

• Create/attach block

• What to do about networks?Simplistic implementation

Embedded in the compute component

App Svr

OS

VM

??

Page 6: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

2011 Design Summit - community-driven merger of proposals

NetworkServicePOCNTT/Midokura

NetworkContainersCisco

NetworkServiceCitrix/Rackspace/Nicira

NaaS Core DesignIntel

… more

Quantum

Page 7: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Quantum Network ServiceResource abstractions and service interfaces

• Compute service (EC2): virtual machines• Launch instance (image, mem_size, disk)

• Suspend, clone, migrate

• Storage service (S3, EBS): virtual disks• Store object

• Create/attach block

• Network service (Quantum): virtual networks• Create/delete private network

• Attach VM to network resource

• Create subnets and routers

• Work with different networking environments

App Svr

OS

VM

App Svr

OS

VM

App Svr

OS

VM

Page 8: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Quantum Virtual Network Service: A first class citizen in cloud computing

Cloud Platform - Developer API

Compute(Nova)

Servers

Storage(Swift)

Disks

Network(Quantum)

Networks

Identity(Keystone)

Portal(Horizon)

Images(Glance)

Applications OtherServices

Folsom Release

Page 9: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

Quantum Abstractions Virtual Networks:

A basic dedicated L2 network segment

Common realization is a VLAN

Virtual Ports:

Attachment point for devices connecting to virtual networks.

Ports expose configuration and monitoring state via extensions (e.g., ACLs, QoS policies, Packet Statistics)

Subnets:

An IPAM construct to store CIDR

Also allows to set the Gateway IP and host routes

Virtual Routers

Per tenant routers

Page 10: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

Quantum Plugins & Extensions Plugin:

Realization of the Quantum abstractions

Supports different back-end technologies and vendors

One plugin per Quantum deployment (there could be sub-plugins managed by the main plugin)

Examples: Linux Bridge Plugin, OVS Plugin, Cisco (Nexus)

Extensions:

API Extensibility for new or back-end specific features

Example: Port-profiles, quality-of-service, etc.

Page 11: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

Quantum Plug-in Architecture

Quantum Service API

Quantum API & Extensions Framework

Quantum Plug-in Framework

API Extensions

Cisco Network Plugin

Cisco Device Managers

Cisco Compute & Networking Infra• Switching portfolio (Nexus 1k/3k/5k/7k)

• Unified Computing System• Routing portfolio (e.g. ASR, CRS)

Page 12: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

Plugins and Drivers in the Cisco Plugin Plugin:

A plugin registers to handle all Quantum API calls (e.g., all network/port calls)

Plugins may make decisions that are technology, but not device-specific (e.g., mapping quantum network ‘HR’ to VLAN 100)

There needs to be a master entity making/resolving decisions in a deployment, that entity is the plugin

Drivers:

The plugin may use drivers to communicate the results of this decision to different devices (e.g., it may configure the VLAN on a port on a virtual switch port, and also tell the upstream physical switch to trunk that VLAN)

Configurable components which can be shared/reused

Page 13: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

Extending Quantum to support L3 Constructs Routing within the

tenant (support multi-tier topologies)

Overlapping IP addresses

Support gateways – Internet, VPN

Support other L3 services – LB, Firewall, Caching, etc.

Hybrid Cloud (Public + Private)

Further evolve Quantum to be a multi-tenant network service for creating virtual data centers (application specific topologies + network services)

Page 14: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

Why is Quantum important to OpenStack?

Page 15: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

Current Infrastructure-as-a-Service has Challenges

ComputeService

(VMs, Memory, Local Disk)

StorageServices

(Block, Massive Key-value

store)

User and System Admin

Basic Network Connectivity

Developer API

Servers Disks Accounts

• Only provides basic Network Connectivity. • Difficult to create N-tier apps.

• Limited ability for applications to take advantage of network services.

Page 16: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

Network Services Enable Developer Solutions

User and System Admin

Network Connectivity

Developer API

ComputeService

(VMs, Memory, Local Disk)

Servers

StorageServices

(Block, Massive Key-value store)

Disks

NetworkServices

(Subnets, Network Svcs, Security)

VirtualNetworks

Network APIs

Create-network(“L2”) Attach-vm-to-network(vnet-a) Attach-service-to-network(vnet-b)

Page 17: Triangle OpenStack Meetup

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 17

So what does this all look like?

Page 18: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

Quantum L2 Agent

Nova Compute

Control Node

Quantum L2 Agent

Nova Compute

Control Node

Typical Grizzly OpenStack Quantum Deployment w/ OVSQuantum Server

and Plugin

Nova

Quantum L2 Agent

Nova Compute

Control Node Compute Node

Quantum L2 Agent

Quantum L3 Agent

Quantum DHCP Agent

Network Node

External Network

Management Network

Data Network

br-ex

ethX

ethX

ethX

Quantum L2 Agent

Quantum L3 Agent

Quantum DHCP Agent

Network Node

Quantum L2 Agent

Quantum L3 Agent

Quantum DHCP Agent

Network Node

Page 19: Triangle OpenStack Meetup

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 19

Host Network

Page 20: Triangle OpenStack Meetup

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

Host Networking: OVS

eth0

Tenant B Network

Management Network

Data Network

eth1 eth2

bond0

VM1 VM1 VM1

br-int

Tenant A Networkbr-tun

Linux Bridge Linux Bridge Linux Bridge Security Groups rules applied here

VLANs used for isolation amongst tenants here

GRE Keys used to isolate tenant traffic in the tunnel