Presentation is loading. Please wait.

Presentation is loading. Please wait.

Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc.

Published byTy Horlick Modified over 3 years ago

Similar presentations

Presentation on theme: "Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc."— Presentation transcript:

1 Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc.

2 Modular Layer 2 (ML2) Driver Based Combines OVS and Linuxbridge VXLAN Support L3 Separation L2 Population Vendor Drivers Available

3 Original Goal: The Modular Layer 2 (ML2) Plugin is a framework allowing OpenStack Networking to simultaneously utilize the variety of layer 2 networking technologies found in complex real-world datacenters. ML2 was designed to ease the burden of adding new L2 networking technologies into OpenStack Networking. ML2 will deprecate the Open vSwitch, LinuxBridge, and Hyper-V monolithic Neutron Plugins It works with each of their existing L2 agents simultaneously

4 ML2 exposes two different types of drivers: “Type” and “Mechanism” ML2 TypeDrivers: Maintain type-specific state Provide tenant network allocation Validate provider networks Current TypeDrivers: local, flat, VLAN, GRE, and VXLAN ML2 MechanismDrivers: Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled Current MechanismDrivers: Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS

5 Maintain type-specific state Provide tenant network allocation Validate provider networks Current TypeDrivers: local, flat, VLAN, GRE, and VXLAN

6 Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled Current MechanismDrivers: Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS MechanismDrivers can work with many different technologies: Agent based MechanismDrivers (Hyper-V, LinuxBridge, and OVS) Controller based MechanismDrivers (Tail-F NCS and OpenDaylight) ToR switch MechanismDrivers (Arista and Cisco Nexus)

7 Neutron Server ML2 Plugin Type Manager Mechanism Manager VLAN TypeDriver VLAN TypeDriver GRE TypeDriver GRE TypeDriver VXLAN TypeDriver VXLAN TypeDriver OVS/LinuxB ridge Cisco Nexus Arista L2 Population Tail-F NCS API Extensions Hyper-V

8 Load Balancing as a Service Multiple Network Node Driver Based OpenSource - HAProxy Vendor Drivers Available (Nicira Service Plugin) Agent based solution Horizon Integrated

9 Lbaas Simple Workflow Create a Pool of VIP’s from a Neutron Subnet Add Member instances to the Pool Optionally associate monitors with Pools Monitors check the backend members of a VIP Can use Ping, TCP, HTTP, HTTPS for health checks Can specify the delay, timeout, retries, url and expected codesfor each monitor Specify a weight for added members and a port number. Can load balance using: Round Robin Least Connections Source IP Add VIP to the Pool (One per pool)

10 VPN as a Service Site-to-Site IPSec Pre-Shared Key Multiple Node Support OpenSource based on OpenSwan Under development: MPLS VPN, BGP MPLS VPN Horizon Integrated

11 VPN as a Service Simple Workflow Create IKE Policy Tenant Name Create IPSec Policy Tenant Name Create a VPN Service Tenant Subnet Router Auth algorithm: Sha1 Encryption Algorithm: aes-128 (aes 3des, aes- 256, aes-192) Phase 1 negotiation mode: Main Mode (Aggressive mode) PFS: Group5 (group2, group5, or group14) IKE Version: v1 (v2 ) Transform protocol: ESP (AH, AH-ESP) Encapsulation mode: tunnel (transport) Auth algorithm: sha1 Encryption Algorithm: aes-128 (aes 3des, aes-256, aes-192) PFS: Group5 (group2, group5, or group14) Create IPSec site connection Tenant Peer Id Peer CIDR(s) Peer Address Psk IKE Policy IPSec Policy VPN Service Id

12 Firewall as a Service Stateless Filtering at the Edge Vendor Drivers Preview Available in Havana Agent Based Horizon Integrated

13 Firewall as a Service Simple Workflow Create a Firewall Policy Add Firewall Rules Can specify Audited attribute Source, dest IP, port etc. Strict Ordering Create a Tenant Firewall

14 Additional New Features Improved Horizon Integration Panels for Load Balancer, Firewall and VPN as a service. DHCP Per Port Options Plugin Improvements

15 Looking ahead to Icehouse... Parity with nova-network Improved IPv6 Support L3 High Availability Plugins and Drivers External Testing New Plugins and Drivers

16 Icehouse Advanced Services Load Balancing as a Service Multiple pools per VIP VPN as a Service SSL VPN API Firewall as a Service Revised API

Download ppt "Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc."

Similar presentations

What’s New in Fireware XTM v11.3.4

What’s New in Fireware XTM v11.3.4
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Modular Layer 2 In OpenStack Neutron

Modular Layer 2 In OpenStack Neutron
© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.

© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Kyle Mestery Principal Engineer, Office of the Cloud CTO, Cisco.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Kyle Mestery Principal Engineer, Office of the Cloud CTO, Cisco.
1 Linux Foundation Collaboration Summit19 February 2015 IPv6-enabled OPNFV Bin Hu IPv6 Project Lead, OPNFV Other contributors of presentation Henry Gessau,

1 Linux Foundation Collaboration Summit19 February 2015 IPv6-enabled OPNFV Bin Hu IPv6 Project Lead, OPNFV Other contributors of presentation Henry Gessau,
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
7th OpenSTACK USER group nordics

7th OpenSTACK USER group nordics
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Similar presentations

Ads by Google