portgroups support in ironic
TRANSCRIPT
Portgroups support in Ironic
25 Feb 2017Nguyen Hung Phuong (email: [email protected])Luong Anh Tuan (email: [email protected])Fujitsu Vietnam Limited Copyright 2017 Fujitsu Vietnam Limited
Agenda• Ironic Neutron Integration• Portgroups support in Ironic • Demo• Future work for portgroups• Q&A
Copyright 2017 Fujitsu Vietnam Limited2
Agenda• Ironic Neutron Integration• Portgroups support in Ironic • Demo• Future work for portgroups• Q&A
Copyright 2017 Fujitsu Vietnam Limited3
Ironic Neutron Integration - Ironic introduction OpenStack Ironic is a set of projects that perform bare metal provisioning and
related activities. Ironic is a virtualization driver for Nova like KVM, XEN, … Ironic virtualization dirver starts a Nova instance in a real machine instead of virtual ones.
Copyright 2017 Fujitsu Vietnam Limited4
Ironic Neutron Integration - Ironic introduction Why do we need Ironic?
In some cases, user has some requirements:1. Performance-sensitive applications that want to maximize efficiency, reduce overhead from virtualization,
and avoid CPU, Network, or IO fluctuations from neighboring instances.2. Security-sensitive applications, or applications with regulatory compliance requirements that can not be run
on shared hardware.3. Applications whose licensing costs depend on # of CPUs on the Host, regardless of whether virtualization is in
play.4. Applications that need direct IO access to specialized PCI devices which are not yet virtualizable.
Why do user need bare metal service?• Mission-critical legacy applications that aren’t designed for cloud architectures• Real-time and “near real-time” systems• HPC (High-Performance computing)• BigData and related Data Science and Machine Learning projects• Tasks accessing devices and resources that cannot be virtualized
Copyright 2017 Fujitsu Vietnam Limited5
Ironic Neutron Integration - Ironic introduction Use Cases
1. An Enterprise user wants to use bare metal machine to get consistent performance not affected by another machine, nor impacted by hypervisor.
2. An Enterprise user wants to have a secure and clean bare metal machine deployed no matter who used it before.
3. An Enterprise user wants to create networks elastically so he/she can use network like I have these networks not affected by other companies.
4. An Enterprise user wants to back up internal disk of bare metal and create a snapshot. This can be backed up to an external storage managed by Cinder.
5. An Enterprise user wants to use bare metal machine integrated with block storage service so that I can use external storage service.
Copyright 2017 Fujitsu Vietnam Limited6
Ironic Neutron Integration - Ironic introduction Use Cases (cont...)
6. An Enterprise user wants to see bare metal machine from console log and operate from console so that I can analyze problems at booting time and so on.
7. An Enterprise user wants to continue my operation immediately when a bare metal machine fails without any manual operations such as switchover. Similar to HA VM user story, The user should not have to design the fail-over mechanism themselves. The system should monitor and detect bare metal machine failure and automatically fail-over to a spare bare metal machine.
8. An Enterprise user wants to use a bare metal machine with the network services such as FWaaS, LBaaS, Security Group, VPNaaS, and connection to VMs in virtual network(VXLAN) in the same manner of VMs.
What do Ironic provide? Ironic brings the advantages of both bare metal and virtualization: performance and manageability.
Copyright 2017 Fujitsu Vietnam Limited7
Ironic Neutron Integration - Ironic overview Ironic provides bare metal provisioning service in a very similar fashion in
comparison to other Nova hypervisors.
Horizon
Nova
Hypervisor
VM VM VM
Horizon
Nova
Ironic
BM BM BM
Copyright 2017 Fujitsu Vietnam Limited
CLI CLI
8
Ironic Neutron Integration Ironic used to provision servers only on flat networks, no network isolation
between tenants. Ironic Neutron integration will allow end users to utilize a baremetal instance in the same isolated (e.g. VLAN, VXLAN) networks as their virtual machines are.
Ironic Neutron integration also provide Link aggressive function(Portgroup) in Ironic.
Currently Ironic has supported multi tenant with VLAN networks from Newton cycle.
http://specs.openstack.org/openstack/ironic-specs/specs/approved/ironic-ml2-integration.html
Copyright 2017 Fujitsu Vietnam Limited9
Agenda• Ironic Neutron Integration• Portgroups support in Ironic • Demo• Future work for portgroups• Q&A
Copyright 2017 Fujitsu Vietnam Limited10
Portgroups support in Ironic - Story In today’s enterprise networks,
networking is business critical. Servers require durable and high-speed network connectivity. Some applications like database require high-speed networking. Allowing customers to increase bandwidth is the key to protect customer from bottlenecks as traffic demand peaks on the network.
Copyright 2017 Fujitsu Vietnam Limited11
Portgroups support in Ironic - Story If your server’s NIC got failure, it can result in a shutdown of your business,
impacting employee productivity, revenues, and brand reputation. Lost data can also result in contract penalties and stiff fines for non-compliance. Have a solution for this issue will bring you peace of mind. Let professionals make the hardware replacement later at suitable time and you will save a lot of your time and mind. You will enjoy many things more if you have less things to worry about.
Copyright 2017 Fujitsu Vietnam Limited
Baremetal nodeBMC
NIC-1 NIC-2
FAILOVER0% OF TRAFIC
NORMAL100% OF TRAFIC
Normal mode
Baremetal nodeBMC
NIC-1 NIC-2
NORMAL0% OF TRAFIC
NIC failure
FAILOVER100% OF TRAFIC
Port-1 Port-2 Port-1 Port-2
12
Portgroups support in Ironic Ironic currently supports only single NIC deployments. Single NIC architecture
doesn't allow to have good fault tolerance and aggregate link speed capabilities. We need to have a support of bonded interfaces to reach good fault tolerance and allow aggregate link speeds.
RFE document: https://bugs.launchpad.net/ironic/+bug/1618754
Trello card https://trello.com/c/KvVjeK5j/29-portgroups-support
Deployment guide https://docs.openstack.org/developer/ironic/deploy/portgroups.html
Copyright 2017 Fujitsu Vietnam Limited13
Portgroups support in Ironic LAG (Link Aggregation Group) & LACP (Link Aggregation Control Protocol)
Link Aggregation Groups (LAG) and Link Aggregation Control Protocol (LACP) are methods to provide more than one link between two switches and automate its configuration and maintenance, respectively.
LAG – Link Aggregation Groups, is a process of inter-connecting two switches with two or more links between them (or between a switch and a server),so that multiple links are combined into one bigger virtual link that can carry a higher (combined) bandwidth. All these multiple links participating in a Link Aggregation Group act like a single large (virtual) link.
Copyright 2017 Fujitsu Vietnam Limited14
Portgroups support in Ironic LAG (Link Aggregation Group) & LACP (Link Aggregation Control Protocol)
LACP – Link Aggregation Control ProtocolLACP is similar to LAG, where multiple ports/links between two switches combine to provide higher bandwidth links between them. Additionally, ports that are LACP enabled can automatically configure themselves into trunk groups, without any manual configuration/intervention.The main purpose of LACP is to automatically add/delete individual links to the aggregate bundle, while adding new links and also after recovering from link failures. LACP can monitor to verify if all the links are connected to the right group. Basically, LACP helps automate the configuration and maintenance of LAG’s.
Copyright 2017 Fujitsu Vietnam Limited15
Portgroups support in Ironic Linux bonding driver
Round-robin (balance-rr) Transmit network packets in sequential order from the first available network interface (NIC) slave through the last. This mode provides load balancing and fault tolerance.
Active-backup (active-backup) Only one NIC slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The single logical bonded interface's MAC address is externally visible on only one NIC (port) to avoid distortion in the network switch. This mode provides fault tolerance.
Broadcast (broadcast) Transmit network packets on all slave network interfaces. This mode provides fault tolerance.
Copyright 2017 Fujitsu Vietnam Limited16
Portgroups support in Ironic Linux bonding driver
802.3ad: This mode provides load balancing and fault tolerance. It creates an aggregation group that shares the same speed and duplex settings. It utilizes all slave ethernet interfaces in the active aggregator, it is based on the 802.3ad specification.
Copyright 2017 Fujitsu Vietnam Limited17
Portgroups support in Ironic Deployment
Switch-side configuration: needs to be done manually, and the mode and properties configured on the switch have to correspond to the mode and properties that will be configured on the ironic side.
Port groups configuration in the Bare Metal service:• Creating a port group.• Associate ports with the created port group
Boot an instance (or node directly, in case of using standalone ironic) providing an image that has cloud-init version 0.7.7 or later and supports bonding.
Testing.
Copyright 2017 Fujitsu Vietnam Limited18
Portgroups support in Ironic Switch-side configuration
Switch-side configuration: Needs to be done manually, and the mode and properties configured on the switch have to correspond to the mode and properties that will be configured on the ironic side.
Show information 4 ports connect to Switch:• port1.0.3 <->OpenStack Server• port1.0.4 <-> iRMC port• port1.0.11 <-> NIC MAC: 90:1b:0e:0f:ff:60• port1.0.12 <-> NIC MAC: 90:1b:0e:10:00:4d
Configuration channel-group for port1.0.11 and port1.0.12
Copyright 2017 Fujitsu Vietnam Limited
channel-group
19
Portgroups support in Ironic Switch-side configuration
Setup channel-group po1
Show running-config
Copyright 2017 Fujitsu Vietnam Limited
channel-group po1
20
Portgroups support in Ironic Create Ironic Node
./icreate_pg.sh
Copyright 2017 Fujitsu Vietnam Limited21
Portgroups support in Ironic
22
Deployment Boot an instance (or node directly, in case of using standalone ironic) providing an image that has
cloud-init version 0.7.7 or later and supports bonding.
Copyright 2017 Fujitsu Vietnam Limited
Agenda• Ironic Neutron Integration• Portgroups support in Ironic • Demo• Future work for portgroups• Q&A
Copyright 2017 Fujitsu Vietnam Limited23
Demo Ubuntu Server 14.04: Setting up NIC Teaming for load balancing and high
availabilityhttps://www.youtube.com/watch?v=Gimrwh_NQKI
Ubuntu - Configure link aggregation ( LACP )https://www.youtube.com/watch?v=v0me2svkiIg
Link aggregation between Cisco and Ubuntuhttps://www.youtube.com/watch?v=oafGOr36sJU
Copyright 2017 Fujitsu Vietnam Limited24
Demo Demo that shows how static portgroups works at the moment:
Flat network scenario:https://youtu.be/vBlH0ie6Lm4
• Switch configuration: 1:11 - 2:20• Boot an instance: 2:34• Testing: 8:10 – 9:06
Multi-tenant network scenario:https://youtu.be/Kk5Cc_K1tV8
Copyright 2017 Fujitsu Vietnam Limited25
Agenda• Ironic Neutron Integration• Portgroups support in Ironic • Demo• Future work for portgroups• Q&A
Copyright 2017 Fujitsu Vietnam Limited26
Future work for portgroups User may pass the port group mode and properties to ML2 drivers so that they can do the
configuration automatically (Dynamic portgroups support).https://review.openstack.org/#/c/415003
Additional Bonding mode.
Ironic devstack portgroups support.
Tempest tests for portgroups
Copyright 2017 Fujitsu Vietnam Limited27
Agenda• Ironic Neutron Integration• Portgroups support in Ironic • Demo• Future work for portgroups• Q&A
Copyright 2017 Fujitsu Vietnam Limited28
Thank you• Q&A
Copyright 2017 Fujitsu Vietnam Limited29
References https://wiki.openstack.org/wiki/Ironic http://docs.openstack.org/developer/ironic/ https://www.kernel.org/doc/Documentation/networking/bonding.txt
Deployment guide: https://docs.openstack.org/developer/ironic/deploy/portgroups.html
Ironic code: https://review.openstack.org/#/q/topic:bug/1618754
Nova spec: https://review.openstack.org/#/c/387534/
Copyright 2017 Fujitsu Vietnam Limited30
Copyright 2017 Fujitsu Vietnam Limited