nvp deep dive_session_cee-day

NVP Deep Dive Yves Fauser Network Virtualiza3on Pla6orm System Engineer (slides prepared by Bad Hedlund & Dan Wendlandt) OpenStack CEE Day 2013

Network Virtualiza6on Virtual Network Virtual Machine DECOUPLE AUTOMATE Logical Routers Load Balancer VIP vCPU Logical Switches vNIC image vRAM Security Proles REPRODUCE SoMware SOFTWARE VIRTUALIZATION LAYER Hardware L3 Router CPU NIC Network x86 Machine HD L2 Switch Load Balancer RAM OpenStack CEE Day 2013

A technical deni6on of network virtualiza6on Network virtualiza3on is: A reproducKon of physical networks: Q: Do you have L2 broadcast / mul3cast, so apps do not need to be modied? Q: Do you have the same visibility and control over network behavior? A fully isolated environment: Q: Could two tenants decide to use the same RFC 1918 private IP space? Q: Could you clone a network (IPs, MACs, and all) and deploy a second copy? Physical network locaKon independent: Q: Can two VMs be on the same L2 logical network, while in dierent physical L2 networks? Q: Can a VM migrate without disrup3ng its security policies, packet counters, or ow state? Physical network state independent: Q: Do physical devices need to be updated when a new network/workloads is provisioned? Q: Does the applica3on depend on a feature in the physical switch specic to a vendor? Q: If a physical device died and was replaced, would applica3on details need to be known? Network virtualiza3on is NOT: Running network func3onality in a VM (e.g., Router or Load-balancer VM) OpenStack CEE Day 2013

Introducing NVP NVP Network Virtualiza3on Pla6orm Compa3ble with KVM, XenServer, and VMware hypervisors. NVP 1.0 release in July 2011 (prod deployments for 2 years) Network pla6orm for largest produc3on OpenStack deployment, and many others 4 new releases per year (soMware is ea3ng the world) Current release is NVP 3.1 (Q2 release) OpenStack CEE Day 2013

The NVP Stack Mgmt & Operator Tools Quantum & Quantum API NVP API NVP Control Plane L2/L3 Gateways Service Nodes Hypervisors + OVS Physical Network OpenStack CEE Day 2013

Physical (Non-virtualized) View Internet Remote Site Bare Metal VLANs L2 Gateway Tenants Operators L3 Gateway L3 Gateway NVP Manager OVS OVS OVS L2 Gateway OVS Service Nodes Service Nodes OVS OVS L3 Fabric NVP API Controller Controller NVP Controller OVS OVS Hypervisor 1 Hypervisor 2 WEB APP WEB DB OpenStack CEE Day 2013 OVS Hypervisor N DB APP Compute

Logical (Virtualized) View World NAT World NAT World World NAT L Router NAT L Router L Router L Router L Switch L Switch L Switch Remote Site L Switch L Router L Switch L Switch L Switch L L Monitoring Switch Security QoS Switch Security QoS Switch Monitoring Switch L Switch L L Security QoS Monitoring L Switch L Switch Security QoS Monitoring L Switch DB APP DB WEB Security QoS Monitoring APPDB DB WEB WEB APP DB WEB APP APP DB WEB DB WEB APP WEB APP Virtual Network WEB APP WEB APP Virtual Network Virtual Network WEB APP Virtual Network Virtual Network OpenStack CEE Day 2013 DB DB DB

Treat your physical network like you treat your compute servers One big pool of resource capacity to be sliced up on-demand for tenants. Rely on only commodity features (L3 forwarding) to enable vendor exibility. ConguraKon is done once when the devices are racked, can easily be automated. No human in the loop when an applica3on/workload is provisioned. Flexibility to choose/change architecture design without impac3ng applica3ons. OpenStack CEE Day 2013

Fabric & POD Design World BGP Pod Switch Pod Switch BGP OSPF ISIS No VM addresses Spine Switch Spine Switch Spine Switch Spine Switch L3 ECMP L3 L2 Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch Hypervisor Hypervisor NVP Controller Hypervisor Hypervisor Service Nodes Hypervisor Hypervisor OpenStack Hypervisor Hypervisor Edge Switch STT/GRE Edge Switch VLANs OpenStack Compute Cabinets Compute Cabinets Infrastructure Cabinets OpenStack CEE Day 2013 L3 Gateways L2 Gateways Edge Gateway Cabinets R R Sta3c / NAT

About Open vSwitch Open Source, started with code contributed by Nicira Widespread support in a lot of Linux Distribu3ons Upstreamed in Linux Kernel Building block for most Quantum Plugins today. No single feature set: generic ow table lookup + tunneling engine. Really what mamers is how this engine is programmed. Ranges from: very simple (L2 forwarding) very complex (L2 + L3 + ACL + QoS, etc.) OpenStack CEE Day 2013

Hypervisor Controller Controller NVP Controller TCP 6633 OpenFlow TCP 6632 OVSDB Top of Rack Switch(s) MGMT eth0 user eth1 kernel br0 Cong/State DB Linux IP stack + rouKng table 192.168.10.1 Tunnel Ports (to Linux IP Stack) ovsdb-server br-int (ow table) ovs-vswitchd WEB OpenStack CEE Day 2013 WEB APP APP

NVP Tunneling VM source MAC VM source IP Logical Network Physical Network VM source MAC VM VM Open vSwitch (OVS) Open vSwitch (OVS) Hypervisor Pla6orm Hypervisor Pla6orm VM source MAC VM source IP VM source MAC VM source IP VM source IP source HV MAC source MAC Source HV IP source HV IP OpenStack CEE Day 2013

A friendly note about tunneling protocols tunneling protocol != network virtualiza3on. They are just a part of the solu3on. What does mamer: how forwarding rules setup. For example: GRE was around for years, but missing programmable forwarding VXLAN adop3on hobbled by reliance on mul3cast to program forwarding. NVP enables programma3c forwarding setup, can use many protocols. For example: IPsec tunneling if security is required (e.g., over WAN) VXLAN if interac3on with a physical switch is required. OpenStack CEE Day 2013

NVP Controller Basics x86 SoMware Exposes northbound API to Quantum Southbound API to OVS Maps between logical + physical Never handles dataplane trac OpenStack CEE Day 2013 NVP NVP Controller NVP Controller Controller

NVP Controller scale out Transport Network Controller Cluster WebService API NVP Controller NVP Controller Node1 Node2 Persistent Storage NVP Controller NVP Controller Node3 Node4 All nodes Ac3ve Workload sliced and shared Majority rule Live SoMware Upgrades OpenStack CEE Day 2013 Logical Network NVP Controller Node5

NVP API NVP API Descrip3on of physical world Non-Virtualized Abstrac3ons Transport Nodes (Mgmt & tunnel informa3on about hypervisors, gateways, service nodes) Transport Zones (Physical networks connec3ng Transport Nodes) Gateway Services (Collec3on of GW devices that func3on as a single unit) Controller Cluster status Descrip3on of logical world Virtualized Abstrac3ons Logical Switch (L2) Logical Router (L3) Logical Port Port security / port isola3on ACLs / Security Groups QoS Packet Sta3s3cs Port mirroring OpenStack CEE Day 2013

Quantum w/NVP Architecture Create Net 1 Create Net 1 Quantum API NVP Plugin Tenant Scripts Horizon Return port-ID NVP Controller NVP Controller NVP Controller Cluster Create port Net 1, return port ID Orchestra3on Code Boot VM on Net 1 Nova API Nova Driver Push ow state OVS Create vnic with port ID OpenStack CEE Day 2013 Nova Compute L3 Fabric

L2 Gateways virtualized view Logical Switch 1 VLAN 10 WEB WEB Data non-virtualized view Data Data VLAN 10 Data L3 Gateway L2 Gateway IPSec + STT/GRE WAN / Internet Service Node Service Node NVP Controller STT/GRE Tunnels Hypervisors HV1 br-int WEB HV2 br-int WEB OpenStack CEE Day 2013

L3 Gateway HA + Scale-out L3 Gateway Service Failure Zone 2 Failure Zone 1 R9 R3 R11 R5 R1 R7 R5 R11 R10 R4 R12 R6 R2 R8 R6 R12 GW N GW 1 GW N+1 GW2 STT/GRE Tunnels with monitoring. Hypervisors HV1 br-int HV2 br-int OpenStack CEE Day 2013

Service Node HA + Scale-out Bcat/Mcast ReplicaKon Service Failure Zone 2 Failure Zone 1 Logical Switch 1 Logical Switch 1 Logical Switch 1 Logical Switch 1 Logical Switch N Logical Switch N Logical Switch N Logical Switch N SN 1 SN N SN N+1 SN 2 STT/GRE Tunnels with monitoring. Hypervisors HV1 br-int HV2 Brad Hedlund - OpenStack Grizzly OpenStack CEE Day 2013 br-int

Management & Opera6ons Tunnel status Port-to-port troubleshoo3ng tool Traceow packet injec3on OpenStack CEE Day 2013

Management & Opera6ons (2) Automated deployment of new Version Built in compa3bility verica3on Rollback Online Upgrade (i.e. dataplane & control plane services stay up) OpenStack CEE Day 2013

NVP: Its not just about scale Data plane performance Fast + reliable high availability (data plane + control plane) Rich logical network capabili3es (QoS, ACLs, sta3s3cs, etc.) Ability to onboard remote customers + physical workloads (L2 GW) Operator tools to troubleshoot, upgrade, etc. OpenStack CEE Day 2013

Thank You! Have a great OpenStack CEE Day and check out our booth OpenStack CEE Day 2013