ryu network operating system - · pdf fileopenstack) default ... $ ryu-manager...
TRANSCRIPT
Ryu: Network Operating System
Kei Ohmura (NTT) <[email protected]> Isaku Yamahata (VA Linux) <[email protected]> <[email protected]> Aug 29, 2012 http://osrg.github.com/ryu/
Outline
Introduction
How it works
Integration with OpenStack
Demo
Summary
2
Introduction
What is “Ryu”
流 (ryu)
means “flow” in Japanese
4
What is “Ryu”
流 (ryu)
means “flow” in Japanese
5 Host A
Host B
Packet
Network packet
“flow” Packet
What is “Ryu”
龍 (ryu)
means “Japanese dragon”, one of water gods
6 Host A
Host B
Packet
Network packet
“flow” Packet
What is “Ryu”
7 Host A
Host B
Packet
Network packet
“flow” Packet
龍 (ryu)
manages “flow” of water
What is “Ryu”
manages network
packet “flow”
8 Host A
Host B
Packet
Network packet
“flow” Packet
Ryu: network operating system
Open-sourced network operating system Network operating system
Logically centralized controller for managing thousands of network switches A platform for building network applications to manage switches
Open source software (Apache v2) Fully written in Python Project site: http://osrg.github.com/ryu/
9 Host A
Host B
Ryu
Packet
Packet
OpenFlow protocol
Our goals
De facto OSS network operating system A platform for building network applications
Well-defined API to implement network applications Provides useful applications and libraries Supports OpenFlow protocol to manage OpenFlow
switch and Open vSwitch
Standard network controller of cloud software (e.g. OpenStack)
Default Controller for feadora/debian/ubuntu
High quality enough for use in large production environment Code quality Functionality Usability
10
Features of Ryu
Generality Vendor-free network operating system
Interoperability testing with various OpenFlow switches
Supports not only OpenFlow protocol but also other useful protocols, if necessary
Supports various IaaS platforms Supports various IaaS platform such as
CloudStack and OpenStack in the future
11
Architecture overview
12
Network I/O
Openflow protocol Parser/serializer
API
app app
Open vSwitch
Openflow switch(*)
Open vSwitch
Operators
RESTful management API
Logically centralized controller ・Supports OpenFlow 1.0, 1.2
(including Nicira Extension)
Programmatic network control interface ・ We can implement
network control applications on top of the Ryu
Ryu network operating system
OpenFlow protocol
Current status and work items
OpenFlow protocol OF1.0 + Nicira extensions, OF1.1 (WIP), OF1.2, OF1.3 (WIP) OF-Config (not yet undertaken)
Ryu applications/libraries GRE tunneling VLAN support (WIP) MAC based segregation Topology discovery (WIP) HA support using Zookeeper (WIP)
Supports IaaS
Ryu plugin was merged into OpenStack Essex Quantum Updating patches for OpenStack Folsom release
Its release is planned at Sep 27th, 2012
Others Integration testing with Open vSwitch (OF1.0, OF1.2) Supports ovddb jsonrpc (WIP) 13
How it works
How to use
Install Ryu from pip
Install Ryu from the source code
Run sample application
15
$ git clone git://github.com/osrg/ryu.git $ cd ryu; sudo python ./setup.py install
$ ryu-manager yourapp.py
$ sudo pip install ryu
mac learning switch
Run mac learning switch application
16
Setup test environment with mininet(*), if you don‟t have OpenFlow switches. (*) http://openflow.org/mininet
$ ryu-manager ryu/app/simple_switch.py
Host A
Ryu
Host B
FlowTable
OpenFlow Switch
L1 port: 1 L1 port: 0
mac learning switch
Run mac learning switch application
17
$ ryu-manager ryu/app/simple_switch.py
Host A
Ryu
Host B
FlowTable
OpenFlow Switch
Ping the Host B
L1 port: 0 L1 port: 1
mac learning switch
Run mac learning switch application
18
$ ryu-manager ryu/app/simple_switch.py
Host A
Ryu
Host B
FlowTable
OpenFlow Switch
Flow table has no rule how to handle this ping packet.
L1 port: 1 L1 port: 0
mac learning switch
Run mac learning switch application
19
$ ryu-manager ryu/app/simple_switch.py
Host A
Ryu
Host B
FlowTable
OpenFlow Switch
Forwards the packet that encapsulated by the OpenFlow messages to the controller
L1 port: 1 L1 port: 0
mac learning switch
Run mac learning switch application
20
$ ryu-manager ryu/app/simple_switch.py
Host A
Ryu
Host B
FlowTable
OpenFlow Switch
Calls packet-in handler and installs the rule into the switch
Rule: {in_port: 0, dst_mac: HostB, actions: {Output: 1}}
L1 port: 1 L1 port: 0
mac learning switch
Run mac learning switch application
21
$ ryu-manager ryu/app/simple_switch.py
Host A
Ryu
Host B
FlowTable
OpenFlow Switch
L1 port: 1 L1 port: 0
(*) Strictly speaking, it‟s different from the code. If you are interested in it, please see the code.
Multiple controllers for high availability
Centralized controller is single point of failure (SPOF) To avoid SPOF, we have used Zookeeper(*) and multiple controllers feature of
OpenFlow Monitoring controllers by using Zookeeper to detect controller failure If the master controller is down, the slave controller sends the RoleRequest message to
the switch to change its role to the „master‟
22
Host A
Ryu (master)
Host B
FlowTable
OpenFlow Switch
Ryu (slave)
Zookeeper (*) http://zookeeper.apache.org/
Integration with OpenStack
OpenStack
Nova: cloud management system Nova compute node
Physical machine that runs guest VM instances
Nova network node Physical machine that runs networks gateway to the outside
network
Quantum: network management system Quantum server
Manages network configuration Nova requests quantum-server for network configuration
Quantum agent It runs on nova compute/network node
Quantum plugin Plugin for each network technology Ryu plugin
24
Integration with OpenStack
OpenStack Open source software for building
private and public clouds
What does Ryu bring to OpenStack? Flat L2 networks regardless of the
underlying physical network
Scalable multi-tenant isolations Ryu provides tunneling based isolations
VLAN doesn‟t scale larger than 4096
We don‟t need high-end switches
25
How Ryu works with OpenStack
26
Quantum db: [datapath id, Tunnel ip]
[network uuid, tunnel key]
Quantum-node: Somewhere where compute/network can communicate. Typically on network-node
Quantum Server
Vif driver Ryu agent OVS
Create Tap port
Create Tunnel port
linux_net driver OVS
Ryu db [in memory] [Tenant id, tunnel id]
[dpid, port, tenant id, mac addr] [dpid, port, remote_dpid]
Ryu-node: Somewhere where compute/network can communicate. Typically on network-node
Ryu
Ryu agent
Compute-node network-node
OpenFlow
REST API
DB Access Quantum API
Demo
Demo
Multiple controllers using Zookeeper (HA)
Ryu + OpenStack (GRE tunneling)
28
Ryu Demo (HA)
29
Host A
Ryu (master)
Host B
Open vSwitch
Zookeeper
Ryu (slave)
Failover
Ryu demo (GRE tunneling)
30 Linux(phyisical machine)
KVM
Linux
OVS
Qemu/KVM
ping
Linux
Qemu/KVM
ping
Linux
Nova compute
Quantum agent
bridge
KVM
Linux
OVS Nova compute
Quantum agent
GRE tunnel
KVM
Linux
OVS
Qemu/KVM
ping
Linux
Qemu/KVM
ping
Linux
Nova compute
Quantum agent
GRE tunnel
ryu
Quantum server
Nova network Openstack
servers
Qemu/KVM
ping
Linux
Qemu/KVM
ping
Linux
GRE tunnel
31
Tenant A VM 1
Tenant A VM 2
Tenant B VM 1
OVS 1
Host 1
Tenant A VM 3
Tenant B VM 2
Tenant B VM 3
OVS 2
Host 2
Tenant A VM 4
Tenant B VM 4
Tenant B VM 5
OVS 3
Host 3 GRE tunnel 1-3
GRE tunnel 1-2
GRE tunnel 2-3
Tenant A ID -> 1 Tenant B ID -> 2
Ryu demo (GRE tunneling)
Summary
Future items
Enrich applications and libraries Integration with Quantum IPAM and L3 API Firewall Virtual network to physical network, and vice
versa Convert among GRE key, VLAN tag, MPLS label, …
Enhance controller performance
Distributed controllers No single point of failure Datacenter-wide scalability
Multi-processing
33
Summary
Ryu is an open-sourced network operating system licensed under Apache License v2.
Site: http://osrg.github.com/ryu/
Set up Ryu enviroment with VM images https://github.com/osrg/ryu/wiki/RYU-
OpenStack-environment-VM-image-file-HOWTO
34
Appendix
Block diagram of Ryu
36
Openflow protocol Parser/serializer
Event queue/dispatcher
RyuApp magement
HTTP server (WSGI)
Switch management/OFP event
REST API RyuApp
GREtunnel RyuApp
Discovery RyuApp VLAN
Storage Memory
...
Higher level event
GRE tunneling with OpenStack
Network Tenant creation GRE key assignment Gateway creation
Guest VM instance creation Port creation
tenant <-> key <-> port relationship
Setting flow to the VM port
Tunnel port management Tunnel port creation/deletion
Track physical compute node
Setting flow to the tunnel port
37
Ryu
OVS Ryu agent
Vif driver
Quantum server
OVS
Ryu agent
Vif driver
OVS Ryu agent
Vif driver
vport-gre: remote_ip=xxx, local_ip=yyy, key=0
Quantum db: (datapath id, Tunnel ip)
The Agent polls db: Create vport-gre Update port status
(tenant uuid, tunnel_id)
Ryu db (in memory) (Tenant id, tunnel id)
(dpid, port, tenant id, mac addr) (dpid, port, local_ip, remote_ip)
(tenant, tunnel)
vm port(dpid, tenant uuid, mac addr)
OVS Ryu agent
linux_net driver
Gw port(dpid, Tenant uuid, mac addr)
(tenant uuid, tunnel_id)
Linux_net driver creates gw ports
Vif driver creates vm port
Network id(uuid) creation/deletionq On vm creation: port uuid, mac address
Tunnel id
Dataflow VM Port: (dpid, Tenant uuid, mac addr) Tunnel port: (dpid, local_ip, remote_ip)
Ryu Quantum
server
OVS linux_net driver
Network Creation
Network-node
2. Create net 4. uuid
nova-network
1. create network
6. Create gw-xxx
7. (tenant_id, network_id, dpid, Port, mac)
3. Network uuid,Tunnel key
5.plug
8 (network_id, dpid, port, mac)
9. set flow entryies
Ryu Quantum
server
OVS vif driver
Instance Creation
compute-node
2. Create port 3. uuid
nova-compute
1. create instance
5. Create tap-xxx
7. (network_id, dpid, port, mac)
4.plug
6. (tenant_id, network_id, dpid, Port, mac) 8. set flow entryies
Ryu Quantum server
OVS
Node boot up
Compute/Network-node
Ryu agent
ryu_v2.ini
Quantum db
1. Get IP address
2. Register (dpid, ipaddress)
3. Get list of (dpid, ip address) (and polling)
4. Create vport-gre to ip address
5. register (dpid, port-id, remote_dpid)
Table 0 Table 1 Table 2
Src table Tunnel out Local out
VM port
match action
in_port src mac
set_tunnel goto table 1
in_port drop
match action
tunnel_id dst mac
output(tunnel) goto table 2
match action
tunnel_id dst mac
output(vm) tunnel_id goto table 2
tunnel_id drop Tunnel port in_port
tunnel_id goto table 2
in_port drop
OVS
VM1
VM2 GRE tunnel
tunnel port
VM port
In port
Flow Table Usage