Scribd Logo
Upload

Welcome to Scribd!

  • 54 views

    Inside The Architecture of Neutron: Mark Mcclain

    Uploaded by

    Matt Sell
    Neutron is OpenStack's networking component that provides network connectivity between instances and supports advanced network services. It uses a pluggable architecture with separate components including the neutron server, agents, and plugins to provide a unified API while remaining extensible. The neutron server handles the API and communicates with plugins and agents using RPC to manage network abstractions like ports, subnets, and virtual networks across different networking technologies in a technology-agnostic way.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Inside The Architecture of Neutron: Mark Mcclain

    Uploaded by

    Matt Sell
    54 views40 pages
    Neutron is OpenStack's networking component that provides network connectivity between instances and supports advanced network services. It uses a pluggable architecture with separate components including the neutron server, agents, and plugins to provide a unified API while remaining extensible. The neutron server handles the API and communicates with plugins and agents using RPC to manage network abstractions like ports, subnets, and virtual networks across different networking technologies in a technology-agnostic way.

    Original Description:

    openstack neutron presentation

    Original Title

    insidearchofneutron-140512233511-phpapp01

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Neutron is OpenStack's networking component that provides network connectivity between instances and supports advanced network services. It uses a pluggable architecture with separate components including the neutron server, agents, and plugins to provide a unified API while remaining extensible. The neutron server handles the API and communicates with plugins and agents using RPC to manage network abstractions like ports, subnets, and virtual networks across different networking technologies in a technology-agnostic way.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    54 views40 pages

    Inside The Architecture of Neutron: Mark Mcclain

    Uploaded by

    Matt Sell
    Neutron is OpenStack's networking component that provides network connectivity between instances and supports advanced network services. It uses a pluggable architecture with separate components including the neutron server, agents, and plugins to provide a unified API while remaining extensible. The neutron server handles the API and communicates with plugins and agents using RPC to manage network abstractions like ports, subnets, and virtual networks across different networking technologies in a technology-agnostic way.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 40

    Inside the Architecture of Neutron

    Mark McClain

    mmcclain (at) yahoo-inc.com

    Why Create Neutron?

    Rich Topologies

    Technology Agnostic

    Extensible

    Advance Services Support

    Load Balancing, VPN, Firewall

    The Basics

    What does the user see?

    GUI, CLI, API Libs

    Compute API

    KVM

    Network API

    ML2 Plugin

    Storage API

    Ceph

    Abstractions

    Nova

    VM2

    10.0.0.2

    VM1

    10.0.0.2

    virtual server
    virtual interface (VIF)

    virtual port
    L2 virtual network
    Neutron

    Net1

    10.0.0.0/24

    virtual subnet

    Architecture

    Design Goals

    Unified API

    Small Core

    Pluggable Open Architecture

    Extensible

    OpenStack

    The Operator View

    Basic Deployment
    L2
    Agent
    L2
    Agent
    L2
    Agent
    L2
    Agent
    L2
    Agent
    L2
    L2 Agent
    Agent
    L3
    Agent
    L3
    L3 Agent
    Agent
    neutron-server

    Database

    Message
    Queue

    L3
    Agent
    L3
    Agent
    DHCP
    Agent
    Adv Services

    neutron-server

    REST API

    HTTP(S) Python WSGI Application

    Customary TCP port is 9696

    Exposes logical resources

    networks, subnets, ports, etc

    Request/Response Serialization

    REST API
    SERVICE

    RPC SERVICE

    PLUGIN

    neutron-server

    RPC Service

    AMQP via Oslo messaging modules

    Enables bidirectional agent


    communication

    Optional

    REST API
    SERVICE

    RPC SERVICE

    PLUGIN

    neutron-server

    PLUGIN

    Written in Python

    Only one active

    Must implement V2 API calls

    Optional database access

    Optional extension support

    REST API
    SERVICE

    RPC SERVICE

    PLUGIN

    The Plugin
    core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin

    ML2Plugin

    The Plugin
    core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin

    NeutronPluginBaseV2

    NeutronDbPluginV2

    ML2Plugin

    Plugin Extensions

    Add logical resources to the REST API

    Discovered by server at startup

    Common Extensions

    REST: /v2.0/extensions

    Binding, DHCP, L3, Provider, Quota, Security Group

    Other Extensions

    Allowed Addresses, Extra Routes, Metering

    Monolithic Plugin

    Full implementation of core resources

    Two types:

    Proxy

    Direct control

    PLUGIN

    ML2: Modular Layer 2 Plugin

    Full V2 Plugin Implementation

    Delegates calls to proper L2 drivers

    Two kinds of drivers

    Type Driver

    Mechanism Driver

    PLUGIN
    Mech Mgr

    Type Mgr

    L2 Agent

    L2 Agent

    Runs on hypervisor

    Communicates with server via RPC

    Watch and notify when devices added/removed

    Wires new devices

    Proper network segment

    Security Group Rules

    Dive Into the OVS Agent

    OVS

    What does it actually do?

    How do we get isolation?

    VLAN, Overlays: GRE, VXLAN

    Processing loop

    Linux Network Namespace

    Isolated copy of network stack

    Host

    lo

    lo

    lo

    private loopback

    scope limited to namespace

    eth0

    eth0

    eth0

    can reuse addresses

    eth1

    eth1

    eth1

    Explicit configuration needed to connect

    Processes can spawn within namespace

    br-int

    L3 Agents

    L3 Agent

    Run on Network Node

    Uses Namespaces

    Metadata Agent (if enabled)

    Core

    Network
    Network
    Node
    Node

    Hypervisor

    Hypervisor

    Hypervisor

    L3 Agent How its implemented

    Manages Collection of Network Namespaces

    Isolated IP Stacks

    Forwarding Enabled

    net.ipv4.ip_forward=1

    Static Routing

    Metadata Proxy

    Host

    lo

    lo

    lo

    eth0

    qr-1

    qr-e

    eth1

    qg-2

    qg-b

    br-ex

    Configuration Agents

    Configuration Agents: DHCP

    RPC based notifications

    dnsmasq

    Isolation Support via Network Namespaces

    Multiple copies for HA

    Configuration Agents: Metadata Proxy

    Proxies Metadata requests to Nova

    Routed Networks

    process embedded in router

    Non-routed Networks

    static route redirects traffic running in DHCP namespace

    Configuration Agents: Metadata Proxy


    curl http://168.254.169.254/openstack/latest/meta_data.json

    Tenant
    X-Router-Id: 2bc7c882-d612-438c-a334-0047f2b5c2d7
    X-Forwarded-For: 10.0.0.1
    X-Instance-ID: aaaaaaaa-aaaa-aaaa-aaaaaaaaaaaa

    VM
    Meta NS Proxy
    Unix Domain Socket

    Metadata
    Agent

    Management Network

    Nova
    Metadata
    Service

    Booting a VM

    nova boot

    Booting a VM

    nova boot

    create port

    notify DHCP of new port

    Booting a VM

    nova boot

    create port

    notify DHCP of new port

    create device

    new in Icehouse wait

    Booting a VM

    nova boot

    create port

    libvirt create device

    notify DHCP of new port

    new in Icehouse wait

    wire port

    Booting a VM

    nova boot

    create port

    notify DHCP of new port

    libvirt create device

    new in Icehouse wait

    wire port

    boot

    Load Balancer as a Service

    Service Plugin

    Driver based

    Agent w/Driver

    Agent communicates over RPC

    Open Source requires namespaces

    Others interact with other systems

    LB Agent

    HAProxy

    VPN as a Service

    Service Plugin

    Driver based

    Agent w/Driver

    Communicates over RPC

    Openswan

    L3 Agent
    Router

    Metadata Proxy

    VPN Driver

    Firewall as a Service

    Edgewall
    Service Plugin

    Driver based

    Agent w/Driver

    Communicates over RPC

    L3 Agent
    Router

    Metadata Proxy

    Firewall Driver

    Experimental

    Differences

    Different Design Decisions

    Sync with backend system

    L2 Agent Optional

    Not all implement same extensions

    Summary

    Unified API

    Small Core

    Pluggable Open Architecture

    Multiple Vendor Support

    Extensible

    Open vSwitch / Linux Bridge

    Ryu OpenFlow

    Controller

    More Information

    Cloud Administrator Guide

    http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html

    Network v2.0 API

    http://developer.openstack.org/api-ref-networking-v2.html

    Questions?

    You might also like