Neutron Distributed Virtual Router Edgar Magana Cloud Operations Architect
Acknowledgments Big Thanks to Great Developers in OpenStack Community & OpenStack Foundation. Information presented here are sourced from my own experience as OpenStack developer/user and from OpenStack Foundation Documents & Community. Views and Technical points expressed here are solely presenter’s and doesn’t reflect his employer views/positions or OpenStack Foundation in anyway.
Networking Status (Neutron) nova-network Parity – Feature parity with nova-network in progress – Initial migration path -- initial path for nova-network deprecation L3 Enhancements – Multiple L3 agents – HA through plugins & keepalived – Each router created is assigned to 2 or more agents IPv6 – Next generation of IP routing – 2001:0db8:85a3:0042:1000:8a2e:0370:7334 rather than 10.28.255.168 – Address assignment – SLAAC – Stateful DHCP – Stateless DHCP – Router advertisement through RADVD
Networking Status (Neutron) DVR – Uses L3 HA – Removes bottleneck in east-west traffic – Shares OVS route information across virtual routers – One-hop traffic for VMs on different hypervisors – Requires OVS on ML2 plugin New plugins/Drivers – OpenContrail plugin – A10 Networks LBaaS driver – Arista L3 routing plugin – Big Switch L3 routing plugin – Brocade L3 routing plugin – Cisco APIC ML2 Driver (including a L3 routing plugin) – Cisco CSR L3 routing plugin – Freescale SDN ML2 Mechanism
OpenStack Networking Deployment
Network Node Internals
DVR Support in Juno The new Enhanced L3 Agent can operate in 3 different modes: 1. Legacy (default for backward compatibility) Centralized routing only Runs on Network Nodes 2. DVR
Supports distributed routing
Runs on Compute Nodes 3. DVR_SNAT
Supports legacy centralized routing, DVR and centralized SNAT
Runs on either Network/Service Node or Compute Nodes Each mode adds new support for certain features while continuing to support the other features but is dependent on the l3-agent scheduler.
IP Network Namespaces After creating a few networks and routers: openstack-dev:~/devstack$ sudo ip netns qdhcp-2e9facd9-92d3-4d71-9c80-6d3992b6751b qdhcp-ea73f4b4-d753-4d2b-9089-e0dc65cfea2b qrouter-c64a1a02-6425-4252-ba89-3146647c564f snat-375d717f-afd3-4427-878d-4c38303e40f2 qrouter-375d717f-afd3-4427-878d-4c38303e40f2 openstack-dev-compute:~/devstack$ sudo ip netns qrouter-c64a1a02-6425-4252-ba89-3146647c564f
DVR in Action LEGEND Tenant 1 has two Networks - RED & GREEN Tenant 2 has one Network - ORANGE vm1 1. Data fr vm3 ame with vm5 vm6 vm2 vm4 vm7 srcMac = VM1, destMac = red-Mac, Network = 11. Deliver to VM 2: red 2. br-int forwards to srcMac = green-Mac, destMac = VM2, Network = IR br-int-cn1 green 3. Change network: 10. Swap i b n r G -i atnt-cn2 eway Mac: srcMac = VM1, destMac = red-Mac, Network = srcMac = green-Mac, destMac = VM2, Networ IR k = green IR green 4. Set destMac: srcMac = VM1, destMac = VM2, Network = green 5. Set srcMac: srcMac = green-Mac, destMac = VM2, Network = green 6. Dec TTL and fwd: 9. Usual Virtual switching srcMac = green-Mac, destMac = VM2, Network = green srcMac = dvr-cn1-Mac, destMac = VM2, Network = br-tun-cn1 green br-tun-cn2 7. Swap out Gateway Mac: srcMac = dvr-cn1-Mac, destMac = VM2, Network = green 8. Usual Virtual switching : srcMac = dvr-cn1-Mac,D ata destM N ac etwo = VM2,rk Network = green source: HP Neutron Team