containerizing network services - alon harel - openstack day israel 2016
TRANSCRIPT
Containerizing Network ServicesAlon Harel, Architect, [email protected]
Network Services As Containers
Neutron
LBaaS
VPNaaS
FWaaS
Dynamic
Routing
2
3
Why Containers?
4
Why Containers?Services share Similar lifecycle
Schedule, start (fast), monitor, move/delete
5
Why Containers?Services share Similar lifecycle
ScalabilityEasily create more as load increases
6
Why Containers?Services share Similar lifecycle
Scalability
Resiliency & HAContainer health detection and fail-over
7
Why Containers?Services share Similar lifecycle
Scalability
Resiliency & HA
Multi-ImplementationAlternative solutions can be leveraged side-by-side
8
Why Containers?Services share Similar lifecycle
Scalability
Resiliency & HA
Multi-Implementation
ManagementManagement made easy for the cloud operator
9
MidoNet with Containers
OpenStack Neutron
Neutron Plugin
LBaaS FWaaS VPNaaS BGP
Northbound
Southbound
10
MidoNet with Containers
SouthboundDatabase
Compute withMidoNet Agent
Instances
OpenStack Neutron
MidoNet Plugin
PORTWhere to connect toSERVICE CONTAINERType, Implementation, ConfigurationSERVICE CONTAINER GROUPScheduling Policy
SERVICELBaaS, VPNaaS, BGP
MidoNetController
Northbound
Southbound
11
MidoNet with Containers
SouthboundDatabase
Compute withMidoNet Agent
Instances
OpenStack ∙ Neutron
MidoNet Plugin
ContainerService
ContainerService
ContainerService
ContainerService
ContainerService
MidoNetController
12
MidoNet with Containers
SouthboundDatabase
Compute withMidoNet Agent
Instances
OpenStack ∙ Neutron
MidoNet Plugin
MidoNetController
1 Northbound to southbound translationSchedule container on a compute nodeAgent launches the container
2
3
3 1
2
13
MidoNet with Containers
SouthboundDatabase
Compute withMidoNet Agent
Instances
OpenStack ∙ Neutron
MidoNet Plugin
MidoNetController
1 Northbound to southbound translationSchedule container on a compute nodeAgent launches the containerAgent reports the container statusController monitors status and take actions
2
3
3 1
5
4
5
2
4
14
VPN ExampleMERCURY192.168.1.0/24
VENUS192.168.2.0/24
PUBLIC1.0.0.0/24
1.0.0.2
1.0.0.3
Tenant Routers
IPSecContainer
IPSecContainer
Northbound Model
Southbound look
1 Router port for the service container
2 Redirect rules matching traffic between peer networksBind the container port to a compute host
3
15
VPN ExampleMERCURY192.168.1.0/24
VENUS192.168.2.0/24
PUBLIC1.0.0.0/24
1.0.0.2
1.0.0.3
Tenant Routers
IPSecContainer
IPSecContainer
Northbound Model
Southbound look
MERCURY192.168.1.0/24
169.254.X.Y/30
1 Router port for the service container
2 Redirect rules matching traffic between peer networksBind the container port to a compute host
3
ANYWHERE affinity
16
Scheduling Policies1
Affinity Policies• ANYWHERE
HOST-GROUP affinity
17
Scheduling Policies1
Affinity Policies• ANYWHERE• HOST-GROUP
PORT-GROUP affinity
18
Scheduling Policies1
vPort0
vPort1
vPort2
vPort3
Edge Provider Router
TenantRouters
vPort0 Uplink
Ports
vPort1
vPort2
vPort3
Affinity Policies• ANYWHERE• HOST-GROUP• PORT-GROUP
19
Scheduling Policies2 WEIGHTED policy
1 1 0 0
5 5 2 2
host host0 set container-weight 5host host6 set container-weight 0
Static metric
Selection Policies• WEIGHTED
0 1 0
20
Scheduling Policies2 LEAST policy
5 5 2 0
host host0 set container-limit 5host host3 set container-limit 0
ControllerServer
Live metric
-1
Container
Quota
Selection Policies• WEIGHTED• LEAST
Content licensed under a Creative-Commons Attribution license.
Cover photo by Tristan Schmurr.