Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Modular Layer 2 In OpenStack Neutron
© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Kyle Mestery Principal Engineer, Office of the Cloud CTO, Cisco.
1 Linux Foundation Collaboration Summit19 February 2015 IPv6-enabled OPNFV Bin Hu IPv6 Project Lead, OPNFV Other contributors of presentation Henry Gessau,
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
7th OpenSTACK USER group nordics
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
K. Salah1 Security Protocols in the Internet IPSec.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Course 201 – Administration, Content Inspection and SSL VPN
Additional SugarCRM details for complete, functional, and portable deployment.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Data Center Network Redesign using SDN
Barracuda Load Balancer Server Availability and Scalability.
Network Address Translation (NAT) CS-480b Dick Steflik.
OpenStack Summit Feedback 5-8 November 2013 Hong Kong Gergely Szalay
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Advanced Unix 25 Oct 2005 An Introduction to IPsec.
Virtual Private Networking Irfan Khan Myo Thein Nick Merante.
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
TCP/IP Protocols Contains Five Layers
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 4: Securing IP.
Generic Routing Encapsulation GRE  GRE is an OSI Layer 3 tunneling protocol: Encapsulates a wide variety of protocol packet types inside.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.
100% Exam Passing Guarantee & Money Back Assurance
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
IPsec Problems and Solutions
100% Exam Passing Guarantee & Money Back Assurance
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Server-to-Client Remote Access and DirectAccess
Virtual Private Networks (VPNs)
Turn up the Heat with LBaaS v2
Presentation transcript:

Neutron What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc.

Modular Layer 2 (ML2) Driver Based Combines OVS and Linuxbridge VXLAN Support L3 Separation L2 Population Vendor Drivers Available

Original Goal: The Modular Layer 2 (ML2) Plugin is a framework allowing OpenStack Networking to simultaneously utilize the variety of layer 2 networking technologies found in complex real-world datacenters. ML2 was designed to ease the burden of adding new L2 networking technologies into OpenStack Networking. ML2 will deprecate the Open vSwitch, LinuxBridge, and Hyper-V monolithic Neutron Plugins It works with each of their existing L2 agents simultaneously

ML2 exposes two different types of drivers: “Type” and “Mechanism” ML2 TypeDrivers: Maintain type-specific state Provide tenant network allocation Validate provider networks Current TypeDrivers: local, flat, VLAN, GRE, and VXLAN ML2 MechanismDrivers: Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled Current MechanismDrivers: Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS

Maintain type-specific state Provide tenant network allocation Validate provider networks Current TypeDrivers: local, flat, VLAN, GRE, and VXLAN

Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled Current MechanismDrivers: Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS MechanismDrivers can work with many different technologies: Agent based MechanismDrivers (Hyper-V, LinuxBridge, and OVS) Controller based MechanismDrivers (Tail-F NCS and OpenDaylight) ToR switch MechanismDrivers (Arista and Cisco Nexus)

Neutron Server ML2 Plugin Type Manager Mechanism Manager VLAN TypeDriver VLAN TypeDriver GRE TypeDriver GRE TypeDriver VXLAN TypeDriver VXLAN TypeDriver OVS/LinuxB ridge Cisco Nexus Arista L2 Population Tail-F NCS API Extensions Hyper-V

Load Balancing as a Service Multiple Network Node Driver Based OpenSource - HAProxy Vendor Drivers Available (Nicira Service Plugin) Agent based solution Horizon Integrated

Lbaas Simple Workflow Create a Pool of VIP’s from a Neutron Subnet Add Member instances to the Pool Optionally associate monitors with Pools Monitors check the backend members of a VIP Can use Ping, TCP, HTTP, HTTPS for health checks Can specify the delay, timeout, retries, url and expected codesfor each monitor Specify a weight for added members and a port number. Can load balance using: Round Robin Least Connections Source IP Add VIP to the Pool (One per pool)

VPN as a Service Site-to-Site IPSec Pre-Shared Key Multiple Node Support OpenSource based on OpenSwan Under development: MPLS VPN, BGP MPLS VPN Horizon Integrated

VPN as a Service Simple Workflow Create IKE Policy Tenant Name Create IPSec Policy Tenant Name Create a VPN Service Tenant Subnet Router Auth algorithm: Sha1 Encryption Algorithm: aes-128 (aes 3des, aes- 256, aes-192) Phase 1 negotiation mode: Main Mode (Aggressive mode) PFS: Group5 (group2, group5, or group14) IKE Version: v1 (v2 ) Transform protocol: ESP (AH, AH-ESP) Encapsulation mode: tunnel (transport) Auth algorithm: sha1 Encryption Algorithm: aes-128 (aes 3des, aes-256, aes-192) PFS: Group5 (group2, group5, or group14) Create IPSec site connection Tenant Peer Id Peer CIDR(s) Peer Address Psk IKE Policy IPSec Policy VPN Service Id

Firewall as a Service Stateless Filtering at the Edge Vendor Drivers Preview Available in Havana Agent Based Horizon Integrated

Firewall as a Service Simple Workflow Create a Firewall Policy Add Firewall Rules Can specify Audited attribute Source, dest IP, port etc. Strict Ordering Create a Tenant Firewall

Additional New Features Improved Horizon Integration Panels for Load Balancer, Firewall and VPN as a service. DHCP Per Port Options Plugin Improvements

Looking ahead to Icehouse... Parity with nova-network Improved IPv6 Support L3 High Availability Plugins and Drivers External Testing New Plugins and Drivers

Icehouse Advanced Services Load Balancing as a Service Multiple pools per VIP VPN as a Service SSL VPN API Firewall as a Service Revised API

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.