os networking vs plumgrid v3files.meetup.com/2979972/os_networking_plumgrid_ons.pdf• virtual...
TRANSCRIPT
2011-2014 © PLUMgrid - Confidential Information
January 2015
OpenStack Networking & PLUMgrid Open Networking Suite for OpenStack
2011-2014 © PLUMgrid - Confidential Information
Infrastructure Transformation
Enable rapid service delivery models
Mobile & Self Service Instant & On-demand Simple & Social
While avoiding rigid infrastructure & lock-in
2011-2014 © PLUMgrid - Confidential Information
Rapid OpenStack Adoption
Broad and growing ecosystem
Vendors & Community
• Web Services • QA/Test environment • Databases • Big Data/Hadoop • CDN/Video Streaming
• MetaCloud • Eucalyptus • CloudScaling • Contrail • SoftLayer
• High venture capital investment • High number of start ups • High private investments by vendors • High number of enterprise participation
• 17K contributors • 140+ countries • 430+ companies • US, Japan, Britain
• 700+ deployments • Retail, Media, Financials, • Healthcare, Transport, Research • Service providers
$Billions announced in initiatives New and old applications moving to OpenStack
Applications Use Cases
Large Scale build outs planned
Deployed Customers
Double & Triple Digit Growth YoY
Adoption Growth
OpenStack DNA & Business
Talent & Technology Acquisitions
Investment & Initiatives
2011-2014 © PLUMgrid - Confidential Information
At the junction of any Cloud
ISOLATION
CONNECTIVITY
COMPUTE
STORAGE
Network
2011-2014 © PLUMgrid - Confidential Information
Choose the Right Architecture from the Start
5
• Distributed or Centralized • HW Offload PERFORMANCE
• Single or Multi-rack • Multi-cell SCALE
• CP and DP resiliency • Interaction with CMS/Compute HA
• Services portfolio growth • Competitive edge EXTENSIBILITY
2011-2014 © PLUMgrid - Confidential Information
OpenStack Architecture
6"
2011-2014 © PLUMgrid - Confidential Information 7"
Conceptual communication among services
2011-2014 © PLUMgrid - Confidential Information 8"
Internal Communication for services
2011-2014 © PLUMgrid - Confidential Information
Common Terminology
9"
2011-2014 © PLUMgrid - Confidential Information
Inside a Compute Node
10
Compute Node
Kernel
Eth mgmt
KVM
Tenant VMs
VM VM VM User
Vif
2011-2014 © PLUMgrid - Confidential Information
Tenant & External Networks (and their IP spaces)
• Tenant Network: • Isolated (not true for flat). Provides private IP space
(potentially overlapping) • Comprises of networks, subnets and ports. Additionally
routers (and advanced features)
• Can be tagged or untagged
• Can be built using overlay networks
• External Network: • Used to connect to existing legacy network infrastructure • Can be shared or dedicated
• Can be tagged or untagged
11
2011-2014 © PLUMgrid - Confidential Information
Physical & Virtual Network Infrastructure
PHYS
ICAL
IN
FRAS
TRU
CTU
RE
VI
EW
VIR
TUAL
IN
FRAS
TRU
CTU
RE
VI
EW
• QoS, Bandwidth • Latency • Multicast • Capacity • Connectivity
• On-Demand • Multi Tenant • Automated • Self Service • Secure • Distributed
Overlay Network
TENANT NETWORKS
2011-2014 © PLUMgrid - Confidential Information
OpenStack Networking (Neutron)
13"
2011-2014 © PLUMgrid - Confidential Information
Why Neutron?
• Started with the Folsom release
• Provide Network as a Service
• Provide Operator & Tenants ability to create and offer rich network topologies and configure advanced policies
• Offer a technology agnostic layer while enabling vendor extensions
• Support for advanced services
2011-2014 © PLUMgrid - Confidential Information
What is Neutron?
§ Provides REST APIs to manage network connections for the resources managed by other OpenStack Services (e.g. Nova)
§ Technology Agnostic (framework based on “plug-ins”) § Multi-tenancy: Isolation, Abstraction, full control over virtual
networks § Modular Design: API specifies service, vendor provides its
implementation. Extensions for vendor-specific features. § Exposes vendor-specific network virtualization and SDN
technologies
15
2011-2014 © PLUMgrid - Confidential Information
What Neutron is NOT
• Neutron is the actual front-end to the component that does create and implement the rich network functionalities
• A.k.a. when integrated with an SDN solution it will “pass through” OpenStack Networking API calls to the SDN Controller
• It can be very THIN or very THICK depending on functionalities available in the underlying solution
16
2011-2014 © PLUMgrid - Confidential Information
Neutron Architecture
17
Neutron API
Neutron Service
Neutron Plug-in API
API Extensions
Service API (VPN, FW & LBaaS)
VNI & PNI Virtual & Physical Networking Infrastructure
Plug-In Extensions Plug-In Implementation
2011-2014 © PLUMgrid - Confidential Information
Neutron Plugin
• Written in Python – only one active at a given time
• Extensions add resources to the REST API (automatically discovered)
• Plugin can be of two types • Proxy
• Direct Control
18
2011-2014 © PLUMgrid - Confidential Information
Neutron & Agents
19
Neutron Server Queue
L3-Agent (FW & NAT) L3-Agent
(FW & NAT) L3-Agent
L2 Agent
DHCP Agent DHCP Agent
Adv. Services DB
2011-2014 © PLUMgrid - Confidential Information
Architecture Challenges: Neutron & OVS
Neutron
ML2/OVS plugin
VM
Network Nodes
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VM VM VM
Nova
Glance
Swift
Cinder
L3 Agent
FWaaS Agent LBaaS Agent
Agent
Agent
Agent
Agent
Agent
Agent
DHCP Agent
Services Neutron
Framework
Placement of these components is critical; They are in data path
and become bottlenecks
Advanced Services run on dedicated nodes.
Limited HA.
Creation of new tenants requires careful sizing of components to maintain
performance level
VM traffic flow can be handled in kernel, in local user space or in
network nodes with different performance level
2011-2014 © PLUMgrid - Confidential Information
OpenStack Networking & PLUMgrid
22"
2011-2014 © PLUMgrid - Confidential Information
Last Mile to Agility: Virtual Networks
23
PHYSICAL INFRASTRUCTURE
VIRTUAL INFRASTRUCTURE
Virtual Compute
Compute Storage
Virtual Storage
CRM VDI ERP IaaS SaaS PaaS
Network
Virtual Networks
Self Service Portal/Catalog
Cloud Management Platform
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Open Networking Suite
24
PHYSICAL NETWORK INFRASTRUCTURE
VIRTUAL DOMAIN Tenant A
PLUMGRID NETWORK LIBRARY
Bridge
Router
LB
Security Policies
Bridge
Security Policies
Bridge
DHCP
FW
VIRTUAL DOMAIN Tenant B
Scalable Architecture Non-Stop Forwarding Service Insertion
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Open Networking Suite
25
ü No single point of failure ü Highly resilient & self-healing ü Terabits of distributed scale out performance
Internet
PLUMgrid IO Visor Edge
PLUMgrid Directors
PLUMgrid IO Visor Gateway
Virtual Domain A Virtual Domain B
Overlay Network
2011-2014 © PLUMgrid - Confidential Information
Understanding Virtual Domains
PHYS
ICAL
IN
FRAS
TRU
CTU
RE
VI
EW
VIR
TUAL
IN
FRAS
TRU
CTU
RE
VI
EW
Custom or Template based Virtual Network Domains per Tenant
Tenant 1 Tenant 2 Tenant 3
VM VM VM VM
Internet
VM VM
VM
VM PLUMgrid Zone
2011-2014 © PLUMgrid - Confidential Information
Neutron & PLUMgrid
27
Neutron Server Queue
L3-Agent (FW & NAT) L3-Agent
(FW & NAT) L3-Agent
L2 Agent
DHCP Agent DHCP Agent
Adv. Services DB
PLUMgrid Director
2011-2014 © PLUMgrid - Confidential Information
Architecture Solution: Neutron & PLUMgrid
Neutron PLUMgrid
Plugin
VM
Virtual Domains Tenant Networks
iO Visor Kernel Module -- Distributed Data Plane
PLUMgrid Director
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VM VM VM
Nova
Glance
Swift
Cinder
3rd party Virtual Network Functions Control Plane
VM to VM optimized packet flow due to distributed VNFs –
Eliminating bottlenecks
Virtual Domains automatically scale out
as more servers are deployed
All VNF control planes are fully redundant
Director Cluster is deployed in
management rack
Virtual Domain A Virtual Domain B Virtual Domain C
2011-2014 © PLUMgrid - Confidential Information
Designed for Mission Critical Networks
30
OpenStack Nova Simple Networks
OpenStack Neutron Multi-tenant Networks Limited HA, Scale
PLUMgrid Neutron Plugin Rich, Mission Critical Networks High Performance, Scale, HA, Functions
• Simple Topology • VLAN based isolation • Limited features
development • Will be obsoleted
• Designed to support multi-tenant Network Topologies
• Modular Plugin Architecture • Limited High Availability • Performance Limitations due
to Network Node (NAT) and use of IP tables
• Limited Scale
• Designed for mission critical SDN & Distributed Systems from the ground up
• Virtual Domains + Distributed Virtual Network Functions
• Built-in HA of all VNFs • Inherent performance due to all
VNFs being distributed in IO Visor
• Designed to scale-out across racks (1000 nodes)
• Extensible (IO Visor + PLUMgrid Platform)
2011-2014 © PLUMgrid - Confidential Information
Our Vision
34
THANK YOU!
Join us for upcoming events. More info at www.plumgrid.com/events