Scribd Logo
Upload

Welcome to Scribd!

  • Neutron Update

    Uploaded by

    SaravanaRaajaa
    31 views16 pages
    sa

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    sa

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views16 pages

    Neutron Update

    Uploaded by

    SaravanaRaajaa
    sa

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Neutron

    Whats new in Havana?


    Arvind Somya
    Software Engineer
    Cisco Systems Inc.

    Modular Layer 2 (ML2)


    Driver Based
    Combines OVS and Linuxbridge
    VXLAN Support
    L3 Separation
    L2 Population
    Vendor Drivers Available

    What is Ml2?
    Original Goal:

    The Modular Layer 2 (ML2) Plugin is a framework


    allowing OpenStack Networking to simultaneously utilize
    the variety of layer 2 networking technologies found in
    complex real-world datacenters.
    ML2 was designed to ease the burden of adding new L2 networking technologies into
    OpenStack Networking.
    ML2 will deprecate the Open vSwitch, LinuxBridge, and Hyper-V monolithic Neutron
    Plugins

    It works with each of their existing L2 agents


    simultaneously

    ML2 Drivers
    ML2 exposes two different types of drivers: Type and Mechanism
    ML2 TypeDrivers:

    Maintain type-specific state


    Provide tenant network allocation
    Validate provider networks
    Current TypeDrivers:
    local, flat, VLAN, GRE, and VXLAN
    ML2 MechanismDrivers:

    Responsible for taking information supplied by


    TypeDrivers and ensuring it is properly applied given the

    ML2 TypeDrivers
    Maintain type-specific state
    Provide tenant network allocation
    Validate provider networks
    Current TypeDrivers:

    local, flat, VLAN, GRE, and VXLAN

    ML2 MechanismDrivers
    Responsible for taking information supplied by TypeDrivers and ensuring it is properly
    applied given the specific networking mechanisms which have been enabled
    Current MechanismDrivers:

    Arista, Cisco Nexus, Hyper-V, L2 Population,


    LinuxBridge, Open vSwitch, Tail-F NCS
    MechanismDrivers can work with many different technologies:

    Agent based MechanismDrivers (Hyper-V, LinuxBridge,


    and OVS)
    Controller based MechanismDrivers (Tail-F NCS and
    OpenDaylight)
    ToR switch MechanismDrivers (Arista and Cisco Nexus)

    Modular Layer 2 Diagram


    Neutron
    Neutron Server
    Server

    ML2
    ML2 Plugin
    Plugin

    API
    API Extensions
    Extensions

    Type
    Type Manager
    Manager

    Mechanism
    Mechanism Manager
    Manager

    Tail-F
    Tail-FNCS
    NCS
    OVS/Linux
    OVS/Linux
    Bridge
    Bridge
    L2
    L2
    Population
    Population
    Hyper-V
    Hyper-V
    Cisco
    Cisco
    Nexus
    Nexus
    Arista
    Arista
    VXLAN
    VXLAN
    TypeDriver
    TypeDriver
    GRE
    GRE
    TypeDriver
    TypeDriver
    VLAN
    VLAN
    TypeDriver
    TypeDriver

    Load Balancing as a Service


    Multiple Network Node
    Driver Based
    OpenSource - HAProxy
    Vendor Drivers Available (Nicira Service
    Plugin)
    Agent based solution
    Horizon Integrated

    Lbaas Simple Workflow


    Can load
    balance using:
    Round Robin
    Least
    Connections
    Source IP

    Create a Pool of VIPs


    from a Neutron Subnet

    Optionally associate
    monitors with Pools
    Monitors check the backend members of a VIP
    Can use Ping, TCP, HTTP, HTTPS for health checks
    Can specify the delay, timeout, retries, url and expected
    codesfor each monitor

    Add VIP to the Pool


    (One per pool)

    Add Member instances to


    the Pool
    Specify a weight for
    added members
    and a port number.

    VPN as a Service
    Site-to-Site
    IPSec Pre-Shared Key
    Multiple Node Support
    OpenSource based on OpenSwan
    Under development: MPLS VPN, BGP MPLS VPN
    Horizon Integrated

    VPN as a Service Simple Workflow


    Create a VPN Service
    Tenant
    Subnet
    Router

    Create IKE Policy


    Auth algorithm: Sha1

    Tenant

    Name

    Encryption Algorithm: aes-128 (aes 3des, aes256, aes-192)


    Phase 1 negotiation mode: Main Mode
    (Aggressive mode)
    PFS: Group5 (group2, group5, or group14)
    IKE Version: v1 (v2)

    Create IPSec Policy

    Tenant

    Name

    Transform protocol: ESP (AH, AH-ESP)


    Encapsulation mode: tunnel (transport)
    Auth algorithm: sha1
    Encryption Algorithm: aes-128 (aes 3des,
    aes-256, aes-192)
    PFS: Group5 (group2, group5, or group14)

    Create IPSec site connection


    Tenant
    Peer Id
    Peer CIDR(s)
    Peer Address
    Psk
    IKE Policy
    IPSec Policy
    VPN Service Id

    Firewall as a Service
    Stateless Filtering at the Edge
    Vendor Drivers
    Preview Available in Havana
    Agent Based
    Horizon Integrated

    Firewall as a Service Simple Workflow


    Can specify
    Audited
    attribute

    Create a Firewall
    Policy

    Create a Tenant
    Firewall

    Add Firewall
    Rules

    Source, dest IP,


    port etc.
    Strict Ordering

    Additional New Features


    Improved Horizon Integration
    Panels for Load Balancer, Firewall and
    VPN as a service.
    DHCP Per Port Options
    Plugin Improvements

    Looking ahead to Icehouse...


    Parity with nova-network
    Improved IPv6 Support
    L3 High Availability
    Plugins and Drivers
    External Testing
    New Plugins and Drivers

    Icehouse Advanced Services


    Load Balancing as a Service
    Multiple pools per VIP
    VPN as a Service
    SSL VPN API
    Firewall as a Service
    Revised API

    You might also like