openstack neutron advanced services by akanda
TRANSCRIPT
About Me• Sean Roberts• VP Development at
Akanda Inc
• Former OpenStack Board Director
• Past Yahoo, VMware, Stanford, and Genentech
Where Are We Headed Today?
OpenStack Neutron Networking Basics
Advanced Services: LBaaS, VPNaaS, FWaaS
Neutron: Liberty and Beyond
OSI Model
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer
1
2
3
4
5
6
7
TCP, UDP
IPv4,IPv6, ICMP
HTTP, DNS, etc
ARP, Ethernet, VLAN
Akanda Project Architecture
AkandaManagement/Orchestration Physical Network (L2)
Nova
Neutron
Open:OVS/LinuxBridge Proprietary
Akanda L2 Agnostic Overlay Support
Akanda Adv Services: Routing/LB/FW
OpenStack APIs
Reference Neutron
neutron-server
Database
L3 AgentL3 AgentL3 Agent
Advanced ServiceAdvanced
ServiceAdvanced Services
Message Queue
DHCP AgentDHCP AgentDHCP Agent
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agents
Plugin Extensions
● Add logical resources to the REST API● Discovered by server at startup○ REST: /v2.0/extensions
● Common Extensions○ Port binding extended attributes,
DHCP, L3, Provider, Quota, Security Group
Monolithic Plugin
Typical among SDN vendors
They come in two varieties:
● Proxy● Direct control
PLUGIN
Modular Plugin
Delegates calls to proper drivers
Two kinds of drivers
● Type Driver● Mechanism Driver
Mech Mgr
PLUGIN
Type Mgr
IsolationVLAN
• 802.1Q
• limited
• underlay must support
GRE/VXLAN
• L2 encapsulated in L3
• routable
• overlay independence
ReferenceImplementation
Load Balancing as a Service
HAProxyOctavia Projecthttp://octavia.io
VPN as a Service
OpenSwan
Router
Metadata Proxy
VPN Driver
● Reference implementation uses OpenSwan
● Site-to-Site
● Multiple connections per tenant
● IKE, IPSec
Firewall as a Service• Reference Implementation is
Currently Experimental and not production ready
• Whats next?
L3 Agent
Router
Metadata Proxy
Firewall Driver
What is Akanda● Akanda is a multi-process, multi-
threaded Neutron advanced services orchestration service
● It currently supports routers and in the near future, load balancers, VPNs and firewalls
Reference Neutron
neutron-server
Database
L3 AgentL3 AgentL3 Agent
Advanced ServiceAdvanced
ServiceAdvanced Services
Message Queue
DHCP AgentDHCP AgentDHCP Agent
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agents
Neutron + the Rug
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agent
Message Queue
L3 AgentL3 AgentService Instance
neutron-server
Database
Akanda (the rug)
Router Instance Lifecycle● Router per tenant distributed throughout
the cluster
● The router controls the data flow at layer 3 level of the TCP/IP network stack
Akanda Project Details● Get the source: https://github.
com/stackforge/akanda
● Project status and tarballs: https://launchpad.net/akanda
● Documentation: http://docs.akanda.io
● IRC - #akanda on freenode.net
Neutron: Liberty● IPAM● BGP Speaker● NFV
Enhancements● Service Function
Chaining● Enhanced
Security Groups● Paying Down
Technical Debt Canadian2006 - Liberty, Saskatchewan (CC-by-sa-3.0)
commons.wikimedia.org/w/index.php?title=User:Canadian2006&action=edit&redlink=1