Network as a Service, Assaf Muller
•
3 likes•1,521 views
OpenStack Neutron Conceptual Overview: What is networking virtualization? *Example of Neutron capabilities * Run down of components including L2, L3, DHCP agents, the service itself * Core concepts - Ports, networks, subnets * Network types - External, provider, tenant * VLANs and tunnels for connectivity and segregation * Instances IP addressing, routers, NAT and floating IPs * Nova Neutron interaction, workflow of creating a VM with network connectivity * Neutron modularity - Core and service plugins
Report
Share
Network as a Service, Assaf Muller
- 1. Network as a Service Assaf Muller, Associate Software Engineer, Cloud Networking, Red Hat assafmuller.wordpress.com, amuller@redhat.com, amuller on Freenode (#openstack) Introduction to Neutron
- 2. ● The first slide is always a giant graph ● Forget graphs, why Neutron? – Tenant connectivity and isolation – Network virtualization – Tenant creates his own network(s), router(s), allowing complex network topologies for multi-tier applications – *aaS The Why
- 3. Network Virtualization Example ● Create a network ● Connect the new private network to the public network ● Create a DB instance ● Create three web servers ● Make DB accessable exclusively by web servers ● Create a load balancer to the web servers ● Attach a floating IP to the load balancer ● Filter anything other than incoming HTTP(s) traffic All done logically, in software, via the GUI, API or CLI
- 4. Core Concepts Ports Network Subnets 10.0.0.1 10.0.0.2 10.128.0.1 VLAN 10 10.0.0.1 10.0.0.0 – 10.127.255.255 10.128.0.0 – 10.255.255.255
- 5. ● External network – Internet routable network ● Provider network – Created by admin, mapped to pre-existing network in datacenter, used for external networks* ● Tenant network – Self provisioned network, isolated from other tenants, optionally connected to other tenant and external networks Network Types * VMs may also be directly connected to provider networks
- 6. Compute NodeCompute Node Routers, NAT, Floating IPs VM: 10.0.0.1 VM: 10.0.0.2 Tenant Network – 10.0.0.0/8 Network Node
- 7. Compute Node vRouter – Internal – 10.255.255.254 vRouter – External – 212.10.20.1 vRouter – Floating IP – 212.10.20.2 Compute Node Routers, NAT, Floating IPs VM: 10.0.0.1 VM: 10.0.0.2 Tenant Network – 10.0.0.0/8 Provider Network – 212.10.20.0/24Network Node
- 8. VM Data Management Internet API Services Compute Node (Nova compute, L2 agent) Network Node (L2 agent, vRouters, DHCP, Metadata) Components API Compute Node (Nova compute, L2 agent)
- 9. Components API Node: Neutron Nova Keystone Glance Swift Cinder ... Optionally SQL Database Optionally AMQP Broker Network Node: L2 Agent L3 Agent DHCP Agent Metadata Agent Optionally LB, VPN and FW agents Compute Node: L2 Agent Nova Compute Compute Node: L2 Agent Nova Compute
- 10. ● Neutron Service – Accepts API requests, handles DB ● L3 Agent – Manages virtual routers ● DHCP Agent – Manages dnsmasq instances ● Metadata Agent – Proxy to Nova metadata service ● L2 Agent – Manages networking on compute node – OVS flows / Linux bridges, VLAN tagging, security groups * Components talk via RPC Components API Network Node Compute
- 11. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API)
- 12. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 2. Create VM (RPC: Nova API to Nova conductor)
- 13. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 2. Create VM (RPC: Nova API to Nova conductor)
- 14. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 2. Create VM (RPC: Nova API to Nova conductor)
- 15. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 5. Create Port (API: Nova compute to Neutron service) 6. Create tap device 2. Create VM (RPC: Nova API to Nova conductor)
- 16. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 5. Create Port (API: Nova compute to Neutron service) 7. Neutron creates port (Allocates MAC, IP) 6. Create tap device 2. Create VM (RPC: Nova API to Nova conductor)
- 17. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 5. Create Port (API: Nova compute to Neutron service) 7. Neutron creates port (Allocates MAC, IP) 6. Create tap device 8. Notify DHCP agent (RPC) 2. Create VM (RPC: Nova API to Nova conductor) 9. Notify L2 agent (RPC)
- 18. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 5. Create Port (API: Nova compute to Neutron service) 7. Neutron creates port (Allocates MAC, IP) 6. Create tap device 8. Notify DHCP agent (RPC) 2. Create VM (RPC: Nova API to Nova conductor) 9. Notify L2 agent (RPC) 10. get_device_details (RPC: L2 agent to Neutron service)
- 19. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 5. Create Port (API: Nova compute to Neutron service) 7. Neutron creates port (Allocates MAC, IP) 6. Create tap device 8. Notify DHCP agent (RPC) 2. Create VM (RPC: Nova API to Nova conductor) 9. Notify L2 agent (RPC) 10. get_device_details (RPC: L2 agent to Neutron service) 11. Configure local VLAN, OVS flows 12. Send port_up notification (RPC: L2 agent to Neutron service)
- 20. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 5. Create Port (API: Nova compute to Neutron service) 7. Neutron creates port (Allocates MAC, IP) 6. Create tap device 8. Notify DHCP agent (RPC) 2. Create VM (RPC: Nova API to Nova conductor) 9. Notify L2 agent (RPC) 10. get_device_details (RPC: L2 agent to Neutron service) 11. Configure local VLAN, OVS flows 12. Send port_up notification (RPC: L2 agent to Neutron service) 13. Send port_up notification (API: Neutron service to Nova)
- 21. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 5. Create Port (API: Nova compute to Neutron service) 7. Neutron creates port (Allocates MAC, IP) 6. Create tap device 8. Notify DHCP agent (RPC) 2. Create VM (RPC: Nova API to Nova conductor) 9. Notify L2 agent (RPC) 10. get_device_details (RPC: L2 agent to Neutron service) 11. Configure local VLAN, OVS flows 12. Send port_up notification (RPC: L2 agent to Neutron service) 13. Send port_up notification (API: Neutron service to Nova) 14. port_up (RPC: Nova service to Nova compute)
- 22. Nova <--> Neutron Interaction Nova Neutron DHCP Agent L2 Agent Nova Compute L2 Agent Nova Compute 1. Create VM connected to network X (API) 3. Nova schedules VM 4. Create VM (RPC: Nova conductor to Nova compute) 5. Create Port (API: Nova compute to Neutron service) 7. Neutron creates port (Allocates MAC, IP) 6. Create tap device 8. Notify DHCP agent (RPC) 2. Create VM (RPC: Nova API to Nova conductor) 9. Notify L2 agent (RPC) 10. get_device_details (RPC: L2 agent to Neutron service) 11. Configure local VLAN, OVS flows 12. Send port_up notification (RPC: L2 agent to Neutron service) 13. Send port_up notification (API: Neutron service to Nova) 14. port_up (RPC: Nova service to Nova compute) 15. Nova compute boots VM!
- 23. Core Plugin ● Implementation of API is pluggable ● Many plugins exist: – ML2 (Open source, Red Hat blessed) – Vendor plugins (Proprietary, some are certified) ● Each plugin implements API differently. For example, 'create_port' may be proxied to some 3rd party server
- 24. Service Plugins ● Firewall as a Service – Filter traffic at the router level ● VPN as a Service – Extend your tenant networks off-site ● Load Balancer as a Service – Distribute incoming messages to a pool of VMs * Service plugins also have multiple implementations
- 25. Tenant Connectivity & Isolation ● How is tenant networks connectivity and isolation achieved, exactly? – Via VLANs or GRE / VXLAN tunnels ● More information at FOSDEM talk: – http://assafmuller.wordpress.com/2014/02/03/f osdem-14/ – Includes video, slides and series of blog posts
- 26. Questions? Assaf Muller, Associate Software Engineer, Cloud Networking, Red Hat assafmuller.wordpress.com, amuller@redhat.com, amuller on Freenode (#openstack) Network as a Service