OpenStack Networking

Mark McClain OpenStack Networking Program Technical Lead

mark.mcclain@dreamhost.com

Challenges in the Cloud

•  High-density multi-tenancy –  But VLANs have trouble scaling

•  On-demand provisioning –  But traditional network solutions have

interfaces designed for manual configuration.

•  Need to place / move workloads were capacity exists

–  But network state (e.g., IP address) is tied to a particular location

© Malcolm Leman | Dreamstime.com

Tackling these challenges

– Network virtualization – Overlay tunneling:

VXLAN, GRE, STT – Software-defined

Networking (SDN) / OpenFlow

– L2 Fabric solutions – ???

What is OpenStack Networking?���

Basic Abstractions

Net1 10.0.0.0/24

Nova

Neutron L2 virtual network virtual port

virtual server virtual interface (VIF)

virtual subnet

VM1 10.0.0.2

VM2 10.0.0.2

Using the API... VM1

10.0.0.2 VM2 10.0.0.2/172.16.77.2

VM3 172.16.77.1

Tenant Net1 192.168.0.0/24 Tenant Net2

172.16.77.0/24

Public Net 10.0.0.0/8

Router

Multi-Project VM1

10.0.0.2 VM2

10.0.0.2/172.16.77.2

VM3

172.16.77.1

Tenant A Net1 192.168.0.0/24 Tenant A Net2

172.16.77.0/24

Public Net 10.0.0.0/8

Router

VM1 10.0.0.2

VM2 10.0.0.2/172.16.

77.2 VM3

172.16.77.1

Tenant B Net1 192.168.0.0/24 Tenant B Net2

172.16.77.0/24

Router

Architecture

Tenant Tools (GUI, CLI, API code)

Compute API

Network API

Storage API

Generic OpenStack APIs Operator Selected Backends

KVM

ML2 Plugin

Ceph

Authentication & Authorization via OpenStack keystone Core Neutron API API Extensions

Horizon Web UI Neutron CLI Heat - Orchestration Other tools API Tools

Open vSwitch Nova Compute

Open vSwitch Nova Compute

Open vSwitch Nova Compute

Neutron Pluggable Backend layer Modular Layer 2 Plugin

Neutron Plugins

Open vSwitch / Linux Bridge Ryu OpenFlow Controller

Common Features

Support for overlapping IPs

DHCP

Includes custom port options

Floating IPs

Security Groups

Supports Overlapping IPs

Handles VMs with multiple

NICs

Ingress / Egress rules

IPv6 matching

Plugins can offload

http://www.flickr.com/photos/mikebaird/2354116406/

Metadata

Simplified Configuration

Supports Overlapping IPs

Non-routed networks

Modular Layer 2

Driver Based

Combines OVS and Linuxbridge Plugins

Other Mechanism Drivers Available

Arista, Cisco, Hyper-V, Tail-F NCS

Advanced Services

Load Balancing

VPN

Firewall

Load Balancing as Service

Multiple Implementations

Open Source - HAProxy

Proprietary Drivers Available

VPN as a Service

Site-to-Site

IPSec

OpenSwan Reference Implementation

Firewall as a Service

Stateless filtering at the edge

Vendor drivers available

Preview available in Havana

Horizon

Manage Resources

Networks

Subnets

Routers

VPN

Horizon

Select NICs when booting

Horizon

How to Contribute

Code:

https://github.com/openstack/neutron

Blueprints and Bugs

http://launchpad.net/neutron

More Information

Installation and Admin Manual

http://docs.openstack.org/trunk/openstack-network/admin/content/

Questions?

Mark McClain OpenStack Networking Core Team Member and PTL

mark.mcclain@dreamhost.com