Presentation is loading. Please wait.

Presentation is loading. Please wait.

Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc.

Published byTy Horlick Modified over 2 years ago

Similar presentations

Presentation on theme: "Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc."— Presentation transcript:

1 Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc.

2 Modular Layer 2 (ML2) Driver Based Combines OVS and Linuxbridge VXLAN Support L3 Separation L2 Population Vendor Drivers Available

3 Original Goal: The Modular Layer 2 (ML2) Plugin is a framework allowing OpenStack Networking to simultaneously utilize the variety of layer 2 networking technologies found in complex real-world datacenters. ML2 was designed to ease the burden of adding new L2 networking technologies into OpenStack Networking. ML2 will deprecate the Open vSwitch, LinuxBridge, and Hyper-V monolithic Neutron Plugins It works with each of their existing L2 agents simultaneously

4 ML2 exposes two different types of drivers: “Type” and “Mechanism” ML2 TypeDrivers: Maintain type-specific state Provide tenant network allocation Validate provider networks Current TypeDrivers: local, flat, VLAN, GRE, and VXLAN ML2 MechanismDrivers: Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled Current MechanismDrivers: Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS

5 Maintain type-specific state Provide tenant network allocation Validate provider networks Current TypeDrivers: local, flat, VLAN, GRE, and VXLAN

6 Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled Current MechanismDrivers: Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS MechanismDrivers can work with many different technologies: Agent based MechanismDrivers (Hyper-V, LinuxBridge, and OVS) Controller based MechanismDrivers (Tail-F NCS and OpenDaylight) ToR switch MechanismDrivers (Arista and Cisco Nexus)

7 Neutron Server ML2 Plugin Type Manager Mechanism Manager VLAN TypeDriver VLAN TypeDriver GRE TypeDriver GRE TypeDriver VXLAN TypeDriver VXLAN TypeDriver OVS/LinuxB ridge Cisco Nexus Arista L2 Population Tail-F NCS API Extensions Hyper-V

8 Load Balancing as a Service Multiple Network Node Driver Based OpenSource - HAProxy Vendor Drivers Available (Nicira Service Plugin) Agent based solution Horizon Integrated

9 Lbaas Simple Workflow Create a Pool of VIP’s from a Neutron Subnet Add Member instances to the Pool Optionally associate monitors with Pools Monitors check the backend members of a VIP Can use Ping, TCP, HTTP, HTTPS for health checks Can specify the delay, timeout, retries, url and expected codesfor each monitor Specify a weight for added members and a port number. Can load balance using: Round Robin Least Connections Source IP Add VIP to the Pool (One per pool)

10 VPN as a Service Site-to-Site IPSec Pre-Shared Key Multiple Node Support OpenSource based on OpenSwan Under development: MPLS VPN, BGP MPLS VPN Horizon Integrated

11 VPN as a Service Simple Workflow Create IKE Policy Tenant Name Create IPSec Policy Tenant Name Create a VPN Service Tenant Subnet Router Auth algorithm: Sha1 Encryption Algorithm: aes-128 (aes 3des, aes- 256, aes-192) Phase 1 negotiation mode: Main Mode (Aggressive mode) PFS: Group5 (group2, group5, or group14) IKE Version: v1 (v2 ) Transform protocol: ESP (AH, AH-ESP) Encapsulation mode: tunnel (transport) Auth algorithm: sha1 Encryption Algorithm: aes-128 (aes 3des, aes-256, aes-192) PFS: Group5 (group2, group5, or group14) Create IPSec site connection Tenant Peer Id Peer CIDR(s) Peer Address Psk IKE Policy IPSec Policy VPN Service Id

12 Firewall as a Service Stateless Filtering at the Edge Vendor Drivers Preview Available in Havana Agent Based Horizon Integrated

13 Firewall as a Service Simple Workflow Create a Firewall Policy Add Firewall Rules Can specify Audited attribute Source, dest IP, port etc. Strict Ordering Create a Tenant Firewall

14 Additional New Features Improved Horizon Integration Panels for Load Balancer, Firewall and VPN as a service. DHCP Per Port Options Plugin Improvements

15 Looking ahead to Icehouse... Parity with nova-network Improved IPv6 Support L3 High Availability Plugins and Drivers External Testing New Plugins and Drivers

16 Icehouse Advanced Services Load Balancing as a Service Multiple pools per VIP VPN as a Service SSL VPN API Firewall as a Service Revised API

Download ppt "Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc."

Similar presentations

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Kyle Mestery Principal Engineer, Office of the Cloud CTO, Cisco.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Kyle Mestery Principal Engineer, Office of the Cloud CTO, Cisco.
Modular Layer 2 In OpenStack Neutron

Modular Layer 2 In OpenStack Neutron
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
7th OpenSTACK USER group nordics

7th OpenSTACK USER group nordics
OpenStack Summit Feedback 5-8 November 2013 Hong Kong Gergely Szalay

OpenStack Summit Feedback 5-8 November 2013 Hong Kong Gergely Szalay
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.

Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.

© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
2003-2004 - Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.

© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Similar presentations

Ads by Google