free the packets - unconstrained networking in openstack

CONFIDENTIAL - SOLELYFORAUTHORIZED PERSONS HAVING ANEEDTOKNOWPROPRIETARY – USEPURSUANT TOCOMPANY INSTRUCTION

©2016Nokia. All rights reserved. Nuage Networks isaNokia venture.

FreethePackets- UnconstrainedNetworkinginOpenstackationAndreasRoeder– [email protected],2016

@roeder_andreas



Agenda§ Introduction§ CurrentnetworkingArchitecturesinOpenStackShortcomings->Solutions

§ DemoQnA

2/26/16

2



IntroductionWhatisallofthisabout?

2/26/16

3



Nuage NetworksOverview§ Nuage isbasedinSiliconValleywithateamaround theworld

§ AnNokiaventurefocusedondatacenterandbranchofficenetworkevolution forthe

cloudera§ LeverageNokiainfrastructureandkeytechnologies

§ CreationofanAbstraction&Automation layerbetweennetworking featuresandhardwareequipment

§ Policy-drivennetworkingdesign reflectingbusinessdirectives,notnetwork



WhatUserswantfromOpenStackNetworking

2/26/16

5

Source:http://superuser.openstack.org/articles/openstack-mitaka-release-what-s-next-for-neutron-cinder-and-ceilometer



WhatUserswantfromOpenStackNetworking

2/26/16

6

Source:http://superuser.openstack.org/articles/openstack-mitaka-release-what-s-next-for-neutron-cinder-and-ceilometer



CurrentnetworkingArchitecturesinOpenStack

Whatarewetryingtofix?

2/26/16

7



2/26/16

8

OVSPluginvs.NuageVRS(insertedonKVMHypervisors)NeutronDatapath onCompute– SDNInsertion

GREEncapsulated

br-int

br-tun

patch-tun

patch-int

PortVLAN:10 PortVLAN:20

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

ventb

qvob

qbrc

qvbc

vnetc

qvo

gre-10.0.0.1

eth0

TAPDevice

veth pair

LinuxBridge

Open vSwitch

ConfiguredbyNovaCompute

ConfiguredbyNeutronL2Agent

o TenantswillbeseparatedbyinternalassignedVLANS

o VLANS will bemappedegresstowardsGREtunnelswhichareuniquebytunnelID

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

tapa tapb tapc

alubr0

VXLANEncapsulated

eth0

Policy DrivenConfigurationfrom

Nuage VSP

OVSDatapath(supportsL2only)

NuageDatapath(supportsdistributedL2,L3,FloatingIP,…)

PHYPort



2/26/16

9

DatapathComparetoNeutron+Nuage

br-intint-br-ext

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

vnetb

qvob

qbrc

qvbc

vnetc

qvoc

TAPDevice

veth pair

LinuxBridge

Open vSwitch

VM3TenantB

eth0

qbrd

qvbd

vnetdPHYPort

qvod

br-ext

phy-br-ext

InternalRouterNamespace

qr-f qr-g

IP IP IP IP

IP IP

qr-fqrouter-yInternalRouterNamespace

qr-h qr-jIP IP

qr-n qrouter-z

FloatingIPNamespace

qfloat-x qf-nqr-m

qf-x

br-tun

int-br-tun1

int-br-tun1

FlowTableentry

FlowTableentry

DVRAGENT(Enhanced L3

Agent)

PrivateNetwork

eth1

Public Network

eth0

Ext-IP

alubr0VRS

(SingleOVSbridge)

o SingleOVSBridgeo IsFlow-Basedo PerformsFirewalling,

Switching,Routing,NAT,…

o ProcessesARP,DHCPLOCALLY

o NoDedicatedNetworkNodeforo non-DVRcase:

Routing,DNAT,SNAT,DHCP

o DVRcase: SNAT,DHCP



ComputeNodeComputeNode

ComputeNode NetworkNode

br-int

qbr..

2/26/16

10

NeutronL3Datapath

VM1TenantA

VM2TenantA

A Q

B

C

qbr..

R

S

D T

br-tun

E

F

G br-tunH

br-intJ

I

M O

dhcprouter

PN

Kbr-ext L

ML2OVS/NetworkNode

VM1TenantA

VM2TenantA

A B

VM1TenantA

VM2TenantA

C D

alubr0 alubr0

VRS-GSoftwareGW

alubr0

HardwareGW

alubr0

VXLAN VXLANVXLAN

VXLAN

NuageVSP



NeutronServer

MySQL

RabbitMQ

L3Agent

OVSAgent

MetadataProxy

MetadataAgent

Keepalived

OVS

dnsmasq

NetworkNode

OVSAgent

OVS

ComputeNode

RabbitMQ

Acutal ArchitectureLimitationo NeutronisrequiredhighDatabasereadandwriteoperations

o SincethereisNOseparatecontrolplane,Neutronserverhastodealwitheverycomputenodewithoutanyoffload

o Nodatabaseinquirycachesupported fortheDatabasewhichtremendouslyincreasedDatabasereadpressure

o MassivelySQLAlchemy misuseandbugsintheneutroncodewhichgreatlyaddedDatabasepressure



MySQL

Push

Nuage architectureisdesignedfor ScaleComputeNode

ComputeNode

ComputeNode

ComputeNode

o VSDonepushtoVSC

o VSCdonothaveDatabasethereforesupportmuchfasteroperationandprovidegreaterscale

VRS

VRSVRS

VRSVRSVRS



Nuage architectureisdesignedfor ScaleComputeNode

ComputeNode

ComputeNode

ComputeNode

VRS

VRSVRS

VRSVRVRS

ComputeNode

ComputeNode

ComputeNode

ComputeNode

VRS

VRSVRS

VRSVRVRS

ComputeNode

ComputeNode

ComputeNode

ComputeNode

VRS

VRSVRS

VVVRS

ComputeNode

ComputeNode

ComputeNode

ComputeNode

VRS

VRSVRS

VRSVRVRS

MySQL

Push

Push

Push

Push

MP-BGP Federation



TypicalNuage Usecases§ ConvergedDatacenter(MultipleSites,MultipleCMS,MultipleWorkloadFormfactors)onPremise

§ Microsegmentation§ Desaster recovery§ P2V/V2Vmigration§ Devops§ NGDataCenter FabricAutomation

2/26/16

14



CloudServiceManagement Plane

VirtualizedServicesDirectory

VirtualRouting &Switching (VRS)• Distributed switch/router – L2-4rules• Integration ofbaremetalassets

Virtualized ServicesController (VSC)• SDNController, programsthenetwork• Richrouting featuresetbasedonALU7x50

Virtualized ServicesDirectory(VSD)• Network PolicyEngine– abstracts complexity• Servicetemplates andanalytics

NuageNetworksVirtualizedServicesPlatform(VSP)

DatacenterControl Plane

VirtualizedServicesController

MP-BGP

VirtualRouting&Switching

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HYPERVISOR

HardwareGWforBareMetal

Nuage or3rd partyIPFabric

DatacenterData Plane

EdgeRouter

MP-BGP

NuageNetworksVSPArchitecture

C VPC

V



SoftwareDefinedNetworkingforCloudsatScale

16



Thenewly announced vspk and associated tools are now available onGitHub andPIP: https://github.com/nuagenetworks

Nuage git



Demo/QnA



DemoOverview1/2

2/26/16

19

§ SetupbasedonRedHat OSP6togetherwithNuage 3.2R4

§ NonHASetup



DemoOverview2/2§ SetupbasedonCentoswithdocker:1.8.2-7.el7.centos

2/26/16

20



2/26/16

21

THANKYOU

free the packets - unconstrained networking in openstack

Technology