Openstack Users Ja Sogabe e
Openstack Users Ja Sogabe e
Openstack Users Ja Sogabe e
OpenStack + OpenContrail
Takashi Sogabe(@rev4t)
Internet Initiative Japan., Inc.
Who am I ?
Takashi Sogabe (@rev4t)
I develop services and devices at IIJ
Lately, I also verify software and implement
network in order to create new services
I call myself full stack engineer
What is OpenContrail ?
Its a software that can easily create IaaS that
has scalability
Its an SDN product
Source of Information
http://opencontrail.org/
Documents and packages are provided here
https://github.com/Juniper/contrail-controller
Source codes are provided openly at github
http://juni.pr/17tlcQh
Valuable information in Japanese regarding
OpenContrail, posted by Juniper Arimura-san on JNET
Why MPLS/BGP ?
They are mature technology so you can use it
with peace of mind
ISPs are already using MPLS for IP-VPN services
Performance is maintained with lots of VPN
connections in place
Its easy to establish inter-DC connections or
hybrid clouds
Use of L3VPN router for external router makes it easy
to interconnect
Network Monitoring
You can monitor in-communication session
information from web screen
If necessary, you can tcpdump from the web screen
Imagine overlay network version of Remote SPAN (RSPAN)
Router * 1 unit
One which can talk MPLS VPN
Juniper MX and SRX are examples
If you dont need External Router, then not
necessary
OpenContrail Architecture
Install (1)
http://juni.pr/1alNn7h
Building from source
git + repo
Setting up is cumbersome so this is adequate for building only
devstack
https://github.com/dsetia/devstack
Install (2)
1. Download OS image and install on PC
2. Run setup.sh
cd /opt/contrail/contrail_packages; ./setup.sh
Testbed file
cd /opt/contrail/utils/fabfile/testbeds
cp testbed_singlebox_example.py testbed.py
Edit vi testbed.py
ext_routers = *(srx1, 192.168.192.79)+
(if external router does not exist, comment out)
host1 = [email protected]
host_build = [email protected]
env.passwords = {
host1: <host password>,
host_build: <host password>,
}
Install (3)
If installation is successful, you can log in
Horizon and Contrail Web screen
Horizon
http://(host ip address)/
username: admin
password: contrail123
Contrail
http://(host ip address):8080/
username, password Same as Horizon
protocols {
bgp {
group contrail-controller {
type internal;
local-address 192.168.192.79;
family inet-vpn {
unicast;
}
neighbor 192.168.192.64;
}
}
stp;
}
Tenant network
.1
Floating-ip
External router
vRouter
10.1.0.253
.254
.253
.252
external network
10.0.0.0/24
global
10.1.0.0/24
public
10.255.0.0/24
.254
vRouter
test-public-1
.253
test-private-1
test-public-2
.252
test-private-2
.254
private
10.254.0.0/24
Create Policy
Apply Policy
*[Static/5] 1d 20:49:14
> to 192.168.192.5 via ge-0/0/0.0
10.1.0.1/32
*[Local/0] 1d 20:49:29
Reject
192.168.192.0/24 *[Direct/0] 1d 20:49:14
> via ge-0/0/0.0
192.168.192.79/32 *[Local/0] 1d 20:49:20
Local via ge-0/0/0.0
*[Static/5] 1d 20:49:14
> to 10.0.0.2 via ge-0/0/1.0
10.0.0.0/24
*[Direct/0] 1d 20:49:14
> via ge-0/0/1.0
10.0.0.1/32
*[Local/0] 1d 20:49:19
Local via ge-0/0/1.0
10.1.0.253/32 *[BGP/170] 00:07:40, localpref 100, from 192.168.192.64
AS path: ?
> via gr-0/0/0.32769, Push 16
*[VPN/170] 02:02:08
> to 10.0.0.2 via ge-0/0/1.0, Pop
Network Management(1)
Network Management(4)
Summary
Very easy to use admin screen
You can monitor communications on overlay