1 / 16

Neutron

Neutron. What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc. Modular Layer 2 (ML2). Driver Based Combines OVS and Linuxbridge VXLAN Support L3 Separation L2 Population Vendor Drivers Available. What is Ml2?. Original Goal:

diallo
Download Presentation

Neutron

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Neutron What’s new in Havana? ArvindSomya Software Engineer Cisco Systems Inc.

  2. Modular Layer 2 (ML2) Driver Based Combines OVS and Linuxbridge VXLAN Support L3 Separation L2 Population Vendor Drivers Available

  3. What is Ml2? • Original Goal: • The Modular Layer 2 (ML2) Plugin is a framework allowing OpenStack Networking to simultaneously utilize the variety of layer 2 networking technologies found in complex real-world datacenters. • ML2 was designed to ease the burden of adding new L2 networking technologies into OpenStack Networking. • ML2 will deprecate the Open vSwitch, LinuxBridge, and Hyper-V monolithic Neutron Plugins • It works with each of their existing L2 agents simultaneously

  4. ML2 “Drivers” • ML2 exposes two different types of drivers: “Type” and “Mechanism” • ML2 TypeDrivers: • Maintain type-specific state • Provide tenant network allocation • Validate provider networks • Current TypeDrivers: • local, flat, VLAN, GRE, and VXLAN • ML2 MechanismDrivers: • Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled • Current MechanismDrivers: • Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS

  5. ML2 TypeDrivers • Maintain type-specific state • Provide tenant network allocation • Validate provider networks • Current TypeDrivers: • local, flat, VLAN, GRE, and VXLAN

  6. ML2 MechanismDrivers • Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled • Current MechanismDrivers: • Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS • MechanismDrivers can work with many different technologies: • Agent based MechanismDrivers(Hyper-V, LinuxBridge, and OVS) • Controller based MechanismDrivers (Tail-F NCS and OpenDaylight) • ToR switch MechanismDrivers (Arista and Cisco Nexus)

  7. Modular Layer 2 Diagram Neutron Server ML2 Plugin API Extensions Type Manager Mechanism Manager VLAN TypeDriver Arista Cisco Nexus L2 Population OVS/LinuxBridge Tail-F NCS GRE TypeDriver VXLAN TypeDriver Hyper-V

  8. Load Balancing as a Service Multiple Network Node Driver Based OpenSource - HAProxy Vendor Drivers Available (NiciraService Plugin) Agent based solution Horizon Integrated

  9. Lbaas Simple Workflow Create a Pool of VIP’s from a Neutron Subnet Add VIP to the Pool (One per pool) • Can load balance using: • Round Robin • Least Connections • Source IP Optionally associate monitors with Pools Add Member instances to the Pool Specify a weight for added members and a port number. Monitors check the backend members of a VIP Can use Ping, TCP, HTTP, HTTPS for health checks Can specify the delay, timeout, retries, url and expected codesfor each monitor

  10. VPN as a Service Site-to-Site IPSec Pre-Shared Key Multiple Node Support OpenSource based on OpenSwan Under development: MPLS VPN, BGP MPLS VPN Horizon Integrated

  11. VPN as a Service Simple Workflow • Create a VPN Service • Tenant • Subnet • Router • Authalgorithm: Sha1 • Encryption Algorithm: aes-128 (aes 3des, aes-256, aes-192) • Phase 1 negotiation mode: Main Mode (Aggressive mode) • PFS: Group5 (group2, group5, or group14) • IKE Version: v1 (v2) • Create IKE Policy • Tenant • Name Create IPSec Policy Tenant Name • Create IPSec site connection • Tenant • Peer Id • Peer CIDR(s) • Peer Address • Psk • IKE Policy • IPSec Policy • VPN Service Id • Transform protocol: ESP (AH, AH-ESP) • Encapsulation mode: tunnel (transport) • Authalgorithm: sha1 • Encryption Algorithm: aes-128 (aes 3des, aes-256, aes-192) • PFS: Group5 (group2, group5, or group14)

  12. Firewall as a Service Stateless Filtering at the Edge Vendor Drivers Preview Available in Havana Agent Based Horizon Integrated

  13. Firewall as a Service Simple Workflow Can specify Audited attribute Create a Firewall Policy Add Firewall Rules Source, dest IP, port etc. Strict Ordering Create a Tenant Firewall

  14. Additional New Features Improved Horizon Integration • Panels for Load Balancer, Firewall and VPN as a service. DHCP Per Port Options Plugin Improvements

  15. Looking ahead to Icehouse... Parity with nova-network Improved IPv6 Support L3 High Availability Plugins and Drivers External Testing New Plugins and Drivers

  16. Icehouse Advanced Services Load Balancing as a Service Multiple pools per VIP VPN as a Service SSL VPN API Firewall as a Service Revised API

More Related