A 5 minutes intro to Openstack (and a few more minutes on Openstack Networking) Salvatore Orlando 3 rd OSUG Italy Meetup Rome, May 9 th 2013
Ecosystem Releated/Unofficial Projects Incubating Projects Openstack is the code For more info: Integrated Projects
Openstack is even more code! Client libraries Documentation (api, admin, …) Infrastructure Gating (tempest, devstack, …) Gating (tempest, devstack, …)
Openstack is the community May 8 th 2013: 9,342 people from 87 countries Interact via: – Mailing lists: general, development, documentation, operators … – Ask Openstack (ask.openstack.org) – Launchpad Home to all openstack integrated projects – IRC (#openstack-101, #openstack, #openstack-dev, …) – Local User Groups (like today!) – Summit & Conference (twice a year)
See Openstack evolving, everyday – Release status – Active Reviews – Grab the code
(Virtual) Networking in Openstack Nova-network – L2/L3 networking with IP address management – Security Groups – Floating Ips and external gateway (SNAT) – Network redundancy with ‘multi-host’ – 3 Network Managers: Flat, FlatDHCP: L3 isolation via security groups VLAN Manager: L2 isolation The project formerly known as Quantum* – L2 networking with choice of segmentation/virtualization techniques – Shared L2 networks – “Provider mappings” for L2 networks – IPAM with overlapping IPs and built-in, scalable DHCP – Security Groups – L3 east-west traffic (inter-subnet routing) – Static route configuration – Floating Ips and external gateway (SNAT) – Load Balancing – Nova metadata integration – Wide choice of pluggable backends
Openstack Network quick intro Quantum is an Openstack project to provide “networking as a service” between interface devices (e.g., vNICs) managed by other Openstack services (e.g., nova) Manages network virtualization – just like compute (nova) manages server virtualisation Advocates multi-tenancy Technology-agnostic
Openstack Network: basic architecture Simple technology agnostic API Plugin translates API request into concrete, technology specific implementation API guarantees isolation of resources from management perspective Plugin ensures isolation at data plane API Server Plugin Authentication API Requests
Plugin classification Built-in – Solution (management, control, and data plane) entirely contained in the Quantum source tree 3 rd party – Plugin proxies request to an external “controller” – Can use one or more built-in components (e.g.: DHCP Agent, L3 agent) – 3 rd party plugins can either be Open Source or Commercial
Quick plugin reference Built-inHyper-V Linux Bridge Open vSwitch 3 rd party - OpensourceBig Switch NEC Ryu 3 rd Party - CommercialBig Switch (?) Brocade Cisco Midonet Nicira NVP Plumgrid
Openstack Network Architecture Open vSwitch plugin Quantum Server OVS Plugin DHCP Agent L3 Agent Metadata Agent L2 Agent AMPQ Load Balancing Agent API Node Network Services Node Compute Node
Logical View Net-A1 Net-A2 Net-B1 Rtr-A Rtr-B External Network Tenant “A” Tenant “B” DHCP A1 1 A1 2 A2 1 B1 1 B1 2 Internal Gateway Internal Gateway Internal Gateway External Gateway External Gateway
Physical realization OVS Plugin – GRE Overlays Compute Node C2 Compute Node C3 Network Node Compute Node C1 Br-tun Br-int Br-tunBr-int Br-tunBr-int Br-tunBr-int A1 2 B1 1 B1 2 A2 1 A2 1 A1 1 Local VLAN tags converted into GRE keys (and vice versa) DHCP L3 Br-ex
Network node - Details Br-tun Br-int DHCP L3 Br-ex NS-Net-A1 NS-Net-A2 NS-Net-B1 Dnsmasq /24 Dnsmasq /24 Dnsmasq /24 Dnsmasq /24 Dnsmasq /24 Dnsmasq /24 NS-Rtr-B NS-Rtr-A Iptables SNAT/DNAT Iptables SNAT/DNAT Iptables SNAT/DNAT Iptables SNAT/DNAT L3 Fwd