SlideShare uma empresa Scribd logo

OpenStack Pluggable IPAM Development and deployment experience with Romana Cloud Native networks

Transferir como PPTX, PDF
Romana Project
Romana Project

The session from the Austin OpenStack Summit on the new Neutron Pluggable IPAM APIs. Includes use case of Romana using the APIs to build their network and security automation solution

Internet
1 de 20
OPENSTACK PLUGGABLE IPAM Development and deployment experience with Romana Cloud Native networks Chris Marino Robert Starmer
OpenStack Summit Austin Before Pluggable IPAM • Workflow • Each Tenant creates segment • Manually Assigns CIDR • DHCP server issues IPs as they get launched • Problems and issues • Many manual and error prone steps • Coordination with DC VLANs • Gateway misconfiguration • Duplicate IPs • Integration with enterprise IPAM April 2016romana.io Slide 1
OpenStack Summit Austin Had to change…. • Old approach • Monolithic with Neutron plugins and needed to be pulled out separately • New requirements • Separated IPAM driver with pluggable back end • Support vendor specific back end implementation • Large development effort to refactor code • Congrats to John Belamaric and rest of team April 2016romana.io Slide 2
OpenStack Summit Austin Old/New IPAM sequencing April 2016romana.io Slide 3April 2016romana.io Neutron Plugin Neutron Plugin Neutron DB Plugin Neutron DB Plugin v2 IPAM Driver Pluggable IPAM Neutron DB IPAM Subnet create_port create_port get_subnet Allocate_IP Allocate_IP IP IPAMSubnet port, IP data port, IP data port, IP data
OpenStack Summit Austin Neutron Node n Node n Node n Node n Node n VM VM External IPAM Typical Deployment April 2016romana.io Slide 4 vSwitch ML2IPAM iptablesL2
OpenStack Summit Austin Pluggable IPAM advantages • IPAM necessary for many enterprise deployments • Enables innovative deployment alternatives • Intelligent IP address assignment • Simplify OpenStack operations • Increase performance • Enable nested endpoints for container networking April 2016romana.io Slide 5
OpenStack Summit Austin Romana Project • Network and Security Automation • Layer 3 based isolation and tenancy model • Assign tenants and segments physical IP ranges • Hierarchical addressing enables route aggregation • Apply security directly to physical network • Requires nothing more than standard L3 routing • No virtual network required • Native performance and visibility • Eliminates overlays • Works for nested container endpoints too! • Intelligent IPAM combined with route control April 2016romana.io Slide 6
OpenStack Summit Austin Romana Project April 2016romana.io Slide 7 REST Call Returns IP IPAM Driver Romana IPAM Routes Neutron Plugin Neutron DB Plugin v2 IPAM Driver Pluggable IPAM Neutron DB IPAM Subnet
OpenStack Summit Austin Neutron Node n Node n Node n Node n Node n Agent VM VM Romana Deployment April 2016romana.io Slide 8 Romana IPAM Routes ML2IPAM iptables
OpenStack Summit Austin Romana RESTAPI April 2016romana.io Slide 9 { # In case of OpenStack, this is the project's UUID "tenant_id" : "Tenant ID", # Segment ID. In case of OpenStack, this is # the value of the metadata tag whose name is 'romanaSegment' "segment_id" : "Segment ID", # Host ID. In case of OpenStack, this is the value of # 'binding:host_id' field of port object. "host_id" : "Host ID" # Optional "name" : "Endpoint name", } { "ip" : "10.0.0.3", "id" : 37, # In case of OpenStack, this is the project's UUID "tenant_id" : "Tenant ID", # Segment ID. This is the OpenStack equivalent of L3 network' "segment_id" : "Segment ID", # Host ID. "host_id" : "Host ID" # Optional "name" : "Endpoint name", } Example: Get new IP Address POST Response • Available Resources • Tenants, Segments, Endpoints, Hosts, Policies
OpenStack Summit Austin Example April 2016romana.io Slide 10 Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Capacity 0 0 0 0 1 0 1 0 Example: Bits Length Purpose 10.0 Network 8 Full Network (10/8) Hosts 8 Up to 255 Hosts Tenants 4 Up to 16 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 8 Up to 255 Endpoints per Segment Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Host ID Bits (4) Capacity 1 0 1 0 1 1 0 0 0 0 0 1 Up to 16 Hosts Example: Bits Length Purpose 172.16 Network 12 Full Network (172.16/12) Hosts 4 Up to 16 Hosts Tenants 4 Up to 16 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 8 Up to 255 Endpoints per Segment Endpoint ID Up to 255 Hosts Up to 255 Tenant/Segments 255 Endpoints Tenant and Segment ID Bits (8) Endpoint ID Up to 255 Tenant/Segments 255 Endpoints Location 12 1-12 16 20 17-20 10/8 Net Mask Host ID Bits (8) Tenant and Segment ID Bits (8) Location 8 1-8 16 9-16 24 21-24 32 25-32 13-16 20 17-20 24 21-24 32 25-32 172.16/12 Net Mask
OpenStack Summit Austin Physical Deployment April 2016romana.io Slide 11 192.168.0.10 192.168.0.11 192.168.0.12 Host 1 VM 1: 10.1.1.22 G/W: 10.1.0.1/16 VM 1: 10.1.1.33 VM 1: 10.1.2.44 VM 1: 10.1.2.55 10.2/16 -> 192.168.0.11 10.3/16 -> 192.168.0.12 Host 2 VM 1: 10.2.1.22 G/W: 10.2.0.1/16 VM 1: 10.2.1.33 VM 1: 10.2.2.44 VM 1: 10.2.2.55 10.1/16 -> 192.168.0.10 10.3/16 -> 192.168.0.12 Host 3 VM 1: 10.3.1.22 G/W: 10.3.0.1/16 VM 1: 10.3.1.33 VM 1: 10.3.2.44 VM 1: 10.3.2.55 10.1/16 -> 192.168.0.10 10.2/16 -> 192.168.0.11
OpenStack Summit Austin North/South Traffic April 2016romana.io Slide 12 • Neutron Network node routes traffic between segments • Network node performs all L3 functions • East/West traffic encapsulated, but is direct to destination host VXLAN Decap VXLAN Decap VXLAN Encap VXLAN Encap 2 Top of Rack Round Trips East/West Traffic Per Instance Security
OpenStack Summit Austin Direct routed paths • Latency dramatically reduced • No Network node • No encap • Identical path for East/West traffic April 2016romana.io Slide 13 Eliminated Bypassed Bypassed Romana Romana 1 Top of Rack Round Trip Per Network Security
OpenStack Summit Austin Direct Routing Latency • North/South Latency reduced 50%-85% • 10% improvement for East/West traffic between hosts (no encap) • No performance penalty for local on-host East/West traffic April 2016romana.io Slide 14 North/South (Routed) East/West (Switched) Time (ms) Local Remote Local Remote Native OpenStack 1.51* 1.51 0.24 0.85 Pani Networks 0.24 0.77 0.24** 0.77** Relative Performance Local Remote Local Remote Native OpenStack 100% 100% 100% 100% Pani Networks 16% 51% 100% 90% * All N/S OpenStack traffic goes off host ** All Pani traffic is routed
OpenStack Summit Austin Nested Container Networking April 2016romana.io Slide 15 Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Capacity 0 0 0 0 1 0 1 0 Example: Bits Length Purpose 10.0 Network 8 Full Network (10/8) Hosts 8 Up to 255 Hosts Tenants 4 Up to 16 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 8 Up to 255 Endpoints per Segment Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Host ID Bits (4) Capacity 1 0 1 0 1 1 0 0 0 0 0 1 Up to 16 Hosts Example: Bits Length Purpose 172.16 Network 12 Full Network (172.16/12) Hosts 4 Up to 16 Hosts Tenants 4 Up to 16 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 8 Up to 255 Endpoints per Segment Endpoint ID Up to 255 Hosts Up to 255 Tenant/Segments 255 Endpoints Tenant and Segment ID Bits (8) Endpoint ID Up to 255 Tenant/Segments 255 Endpoints Location 12 1-12 16 20 17-20 10/8 Net Mask Host ID Bits (8) Tenant and Segment ID Bits (8) Location 8 1-8 16 9-16 24 21-24 32 25-32 13-16 20 17-20 24 21-24 32 25-32 172.16/12 Net Mask
OpenStack Summit Austin Nested Containers April 2016romana.io 192.168.0.10 192.168.0.11 192.168.0.12 Slide 16 Host 1 VM 1: 10.1.1.22 G/W: 10.1.0.1/16 10.2/16 -> 192.168.0.11 10.3/16 -> 192.168.0.12 172.17/16-> 192.168.0.11 172.18/16 -> 192.168.0.12 Pod 172.16.1.8 Pod 172.16.2.9 GW 172.16.0.1/16 172.17/16 -> 10.2.0.1 172.18/16 -> 10.3.0.1 Host 2 VM 1: 10.2.1.22 G/W: 10.2.0.1/16 Pod 172.17.6.8 Pod 172.17.2.11 GW 172.17.0.1/16 172.18/16 -> 10.3.0.1 172.16.16 -> 10.1.0.1 Host 3 VM 1: 10.3.1.22 G/W: 10.3.0.1/16 Pod 172.18.3.8 Pod 172.18.4.9 GW 172.18.0.1/16 172.16/16 -> 10.1.0.1 172.17/16 -> 10.2.0.1 10.1/16 -> 192.168.0.10 10.3/16 -> 192.168.0.12 172.16/16 -> 192.168.0.10 172.18/16 -> 192.168.0.12 10.1/16 -> 192.168.0.10 10.2/16 -> 192.168.0.11 172.16/16 -> 192.168.0.10 172.17/16-> 192.168.0.11
OpenStack Summit Austin Ubernetes April 2016romana.io 192.168.0.10 192.168.0.11 192.168.0.12 Slide 17 Host 1 VM 1: 10.1.1.22 G/W: 10.1.0.1/16 10.2/16 -> 192.168.0.11 10.3/16 -> 192.168.0.12 172.17/16-> 192.168.0.11 172.18/16 -> 192.168.0.12 Pod 172.16.1.8 Pod 172.16.2.9 GW 172.16.0.1/16 172.17/16 -> 10.2.0.1 172.18/16 -> 10.3.0.1 Host 2 VM 1: 10.2.1.22 G/W: 10.2.0.1/16 Pod 172.17.6.8 Pod 172.17.2.11 GW 172.17.0.1/16 172.18/16 -> 10.3.0.1 172.16.16 -> 10.1.0.1 Host 3 VM 1: 10.3.1.22 G/W: 10.3.0.1/16 Pod 172.18.3.8 Pod 172.18.4.9 GW 172.18.0.1/16 172.16/16 -> 10.1.0.1 172.17/16 -> 10.2.0.1 10.1/16 -> 192.168.0.10 10.3/16 -> 192.168.0.12 172.16/16 -> 192.168.0.10 172.18/16 -> 192.168.0.12 10.1/16 -> 192.168.0.10 10.2/16 -> 192.168.0.11 172.16/16 -> 192.168.0.10 172.17/16-> 192.168.0.11 WAN
OpenStack Summit Austin Demo • OpenStack on four physical machines • Launch VMs on private 10/8 network • Kubernetes running on VMs • Kubernetes Network 172.16/12 • Container Network Interface (CNI) configuration of pods • Romana IPAM allocates IPs for VMs and pods • Chosen specially to maintain static routes and CIDRs to each host and VM • All IPs reachable by construction April 2016romana.io Slide 18
OpenStack Summit Austin Thank You… • Network and Security Automation • All details available at romana.io • Open source • Apache 2.0 • github.com/romana • Release v0.8 available now • Integration with OpenStack and Kubernetes April 2016romana.io Slide 19

Recomendados

OpenStack Ops Meetup
OpenStack Ops MeetupOpenStack Ops Meetup
OpenStack Ops MeetupRomana Project
 
Bay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupBay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupRomana Project
 
KubeCon London 2016 Ronana Cloud Native SDN
KubeCon London 2016 Ronana Cloud Native SDNKubeCon London 2016 Ronana Cloud Native SDN
KubeCon London 2016 Ronana Cloud Native SDNRomana Project
 
Cloud Native SDN
Cloud Native SDNCloud Native SDN
Cloud Native SDNRomana Project
 
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...eNovance
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
OpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute NodesOpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
 
Vandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricksVandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricksBasim Aly (JNCIP-SP, JNCIP-ENT)
 

Recomendados

OpenStack Ops Meetup
OpenStack Ops MeetupOpenStack Ops Meetup
OpenStack Ops MeetupRomana Project
 
Bay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupBay Area Network Virtualization Meetup
Bay Area Network Virtualization MeetupRomana Project
 
KubeCon London 2016 Ronana Cloud Native SDN
KubeCon London 2016 Ronana Cloud Native SDNKubeCon London 2016 Ronana Cloud Native SDN
KubeCon London 2016 Ronana Cloud Native SDNRomana Project
 
Cloud Native SDN
Cloud Native SDNCloud Native SDN
Cloud Native SDNRomana Project
 
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...
OpenStack in Action 4! Emilien Macchi & Sylvain Afchain - What's new in neutr...eNovance
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
OpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute NodesOpenStack: Virtual Routers On Compute Nodes
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
 
Vandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricksVandyke SecureCRT tips and tricks
Vandyke SecureCRT tips and tricksBasim Aly (JNCIP-SP, JNCIP-ENT)
 
Network Monitoring and Analytics
Network Monitoring and AnalyticsNetwork Monitoring and Analytics
Network Monitoring and AnalyticsPLUMgrid
 
Neutron DVR
Neutron DVRNeutron DVR
Neutron DVREdgar Magana
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Routercarlbaldwin
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerLew Tucker
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
L2 and L3 agent restructure
L2 and L3 agent restructureL2 and L3 agent restructure
L2 and L3 agent restructureRossella Sblendido
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
 
How to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need toHow to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need tosalv_orlando
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridKamesh Pemmaraju
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Dave Neary
 
OpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt FeedbackOpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt Feedbackethuleau
 
Improving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevImproving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevMichelle Holley
 
OpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaOpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaSean Roberts
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesAnil Bidari ( CEO , Cloud Enabled)
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysCumulus Networks
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Simplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaSimplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaJuergen Brendel
 
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...VirtualTech Japan Inc.
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPPROIDEA
 

Mais conteúdo relacionado

Mais procurados

Network Monitoring and Analytics
Network Monitoring and AnalyticsNetwork Monitoring and Analytics
Network Monitoring and AnalyticsPLUMgrid
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Routercarlbaldwin
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerLew Tucker
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
 
How to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need toHow to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need tosalv_orlando
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridKamesh Pemmaraju
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with NeutronKwonSun Bae
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Dave Neary
 
OpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt FeedbackOpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt Feedbackethuleau
 
Improving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevImproving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevMichelle Holley
 
OpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaOpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaSean Roberts
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysCumulus Networks
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
Simplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaSimplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaJuergen Brendel
 

Mais procurados (20)

Network Monitoring and Analytics
Network Monitoring and AnalyticsNetwork Monitoring and Analytics
Network Monitoring and Analytics
 
Neutron DVR
Neutron DVRNeutron DVR
Neutron DVR
 
OpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual RouterOpenStack Neutron's Distributed Virtual Router
OpenStack Neutron's Distributed Virtual Router
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew Tucker
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
L2 and L3 agent restructure
L2 and L3 agent restructureL2 and L3 agent restructure
L2 and L3 agent restructure
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with Romana
 
How to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need toHow to write a Neutron Plugin - if you really need to
How to write a Neutron Plugin - if you really need to
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgrid
 
Openstack Basic with Neutron
Openstack Basic with NeutronOpenstack Basic with Neutron
Openstack Basic with Neutron
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
 
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
Networking in OpenStack for non-networking people: Neutron, Open vSwitch and ...
 
OpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt FeedbackOpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt Feedback
 
Improving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware LibeventdevImproving Network Application Performance using Load Aware Libeventdev
Improving Network Application Performance using Load Aware Libeventdev
 
OpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by AkandaOpenStack Neutron Advanced Services by Akanda
OpenStack Neutron Advanced Services by Akanda
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the Scenes
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network Overlays
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
Simplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romanaSimplifying open stack and kubernetes networking with romana
Simplifying open stack and kubernetes networking with romana
 

Semelhante a OpenStack Pluggable IPAM Development and deployment experience with Romana Cloud Native networks

GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...VirtualTech Japan Inc.
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPPROIDEA
 
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...Naoto Gohko
 
Nano Server - the future of Windows Server - Thomas Maurer
Nano Server - the future of Windows Server - Thomas MaurerNano Server - the future of Windows Server - Thomas Maurer
Nano Server - the future of Windows Server - Thomas MaurerITCamp
 
You need Cloud to manage Cloud: Kubernetes as best way to manage OpenStack cl...
You need Cloud to manage Cloud: Kubernetes as best way to manage OpenStack cl...You need Cloud to manage Cloud: Kubernetes as best way to manage OpenStack cl...
You need Cloud to manage Cloud: Kubernetes as best way to manage OpenStack cl...Vadim Ponomarev
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Canada
 
Cloud Platform for IoT
Cloud Platform for IoTCloud Platform for IoT
Cloud Platform for IoTNaoto Umemori
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Julien Vermillard
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsLeveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsNetronome
 
Support of containerized workloads in ONAP
Support of containerized workloads in ONAPSupport of containerized workloads in ONAP
Support of containerized workloads in ONAPVictor Morales
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)Jeff Green
 
OpenSlava Infrastructure Automation Patterns
OpenSlava Infrastructure Automation PatternsOpenSlava Infrastructure Automation Patterns
OpenSlava Infrastructure Automation PatternsAntons Kranga
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
Optimizing Cloud Foundry and OpenStack for large scale deployments
Optimizing Cloud Foundry and OpenStack for large scale deploymentsOptimizing Cloud Foundry and OpenStack for large scale deployments
Optimizing Cloud Foundry and OpenStack for large scale deploymentsAnimesh Singh
 
Openstack days taiwan 2016 0712
Openstack days taiwan 2016 0712Openstack days taiwan 2016 0712
Openstack days taiwan 2016 0712Naoto Gohko
 
Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014Mirantis
 
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...Arthur Berezin
 
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfWhat_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfchalermpany
 

Semelhante a OpenStack Pluggable IPAM Development and deployment experience with Romana Cloud Native networks (20)

GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
 
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...
OpenStack cloud for ConoHa, Z.com and GMO AppsCloud in okinawa opendays 2015 ...
 
Lksn2017 itnsa modul2
Lksn2017 itnsa modul2Lksn2017 itnsa modul2
Lksn2017 itnsa modul2
 
Nano Server - the future of Windows Server - Thomas Maurer
Nano Server - the future of Windows Server - Thomas MaurerNano Server - the future of Windows Server - Thomas Maurer
Nano Server - the future of Windows Server - Thomas Maurer
 
You need Cloud to manage Cloud: Kubernetes as best way to manage OpenStack cl...
You need Cloud to manage Cloud: Kubernetes as best way to manage OpenStack cl...You need Cloud to manage Cloud: Kubernetes as best way to manage OpenStack cl...
You need Cloud to manage Cloud: Kubernetes as best way to manage OpenStack cl...
 
netty_qcon_v4
netty_qcon_v4netty_qcon_v4
netty_qcon_v4
 
Cisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven TelemetryCisco Connect Toronto 2017 - Model-driven Telemetry
Cisco Connect Toronto 2017 - Model-driven Telemetry
 
Cloud Platform for IoT
Cloud Platform for IoTCloud Platform for IoT
Cloud Platform for IoT
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsLeveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV Deployments
 
Support of containerized workloads in ONAP
Support of containerized workloads in ONAPSupport of containerized workloads in ONAP
Support of containerized workloads in ONAP
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
 
OpenSlava Infrastructure Automation Patterns
OpenSlava Infrastructure Automation PatternsOpenSlava Infrastructure Automation Patterns
OpenSlava Infrastructure Automation Patterns
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
Optimizing Cloud Foundry and OpenStack for large scale deployments
Optimizing Cloud Foundry and OpenStack for large scale deploymentsOptimizing Cloud Foundry and OpenStack for large scale deployments
Optimizing Cloud Foundry and OpenStack for large scale deployments
 
Openstack days taiwan 2016 0712
Openstack days taiwan 2016 0712Openstack days taiwan 2016 0712
Openstack days taiwan 2016 0712
 
Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014Mirantis OpenStack-DC-Meetup 17 Sept 2014
Mirantis OpenStack-DC-Meetup 17 Sept 2014
 
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
Kubernetes vs dockers swarm supporting onap oom on multi-cloud multi-stack en...
 
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfWhat_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
 

Último

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 

Último (11)

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 

OpenStack Pluggable IPAM Development and deployment experience with Romana Cloud Native networks

  • 1. OPENSTACK PLUGGABLE IPAM Development and deployment experience with Romana Cloud Native networks Chris Marino Robert Starmer
  • 2. OpenStack Summit Austin Before Pluggable IPAM • Workflow • Each Tenant creates segment • Manually Assigns CIDR • DHCP server issues IPs as they get launched • Problems and issues • Many manual and error prone steps • Coordination with DC VLANs • Gateway misconfiguration • Duplicate IPs • Integration with enterprise IPAM April 2016romana.io Slide 1
  • 3. OpenStack Summit Austin Had to change…. • Old approach • Monolithic with Neutron plugins and needed to be pulled out separately • New requirements • Separated IPAM driver with pluggable back end • Support vendor specific back end implementation • Large development effort to refactor code • Congrats to John Belamaric and rest of team April 2016romana.io Slide 2
  • 4. OpenStack Summit Austin Old/New IPAM sequencing April 2016romana.io Slide 3April 2016romana.io Neutron Plugin Neutron Plugin Neutron DB Plugin Neutron DB Plugin v2 IPAM Driver Pluggable IPAM Neutron DB IPAM Subnet create_port create_port get_subnet Allocate_IP Allocate_IP IP IPAMSubnet port, IP data port, IP data port, IP data
  • 5. OpenStack Summit Austin Neutron Node n Node n Node n Node n Node n VM VM External IPAM Typical Deployment April 2016romana.io Slide 4 vSwitch ML2IPAM iptablesL2
  • 6. OpenStack Summit Austin Pluggable IPAM advantages • IPAM necessary for many enterprise deployments • Enables innovative deployment alternatives • Intelligent IP address assignment • Simplify OpenStack operations • Increase performance • Enable nested endpoints for container networking April 2016romana.io Slide 5
  • 7. OpenStack Summit Austin Romana Project • Network and Security Automation • Layer 3 based isolation and tenancy model • Assign tenants and segments physical IP ranges • Hierarchical addressing enables route aggregation • Apply security directly to physical network • Requires nothing more than standard L3 routing • No virtual network required • Native performance and visibility • Eliminates overlays • Works for nested container endpoints too! • Intelligent IPAM combined with route control April 2016romana.io Slide 6
  • 8. OpenStack Summit Austin Romana Project April 2016romana.io Slide 7 REST Call Returns IP IPAM Driver Romana IPAM Routes Neutron Plugin Neutron DB Plugin v2 IPAM Driver Pluggable IPAM Neutron DB IPAM Subnet
  • 9. OpenStack Summit Austin Neutron Node n Node n Node n Node n Node n Agent VM VM Romana Deployment April 2016romana.io Slide 8 Romana IPAM Routes ML2IPAM iptables
  • 10. OpenStack Summit Austin Romana RESTAPI April 2016romana.io Slide 9 { # In case of OpenStack, this is the project's UUID "tenant_id" : "Tenant ID", # Segment ID. In case of OpenStack, this is # the value of the metadata tag whose name is 'romanaSegment' "segment_id" : "Segment ID", # Host ID. In case of OpenStack, this is the value of # 'binding:host_id' field of port object. "host_id" : "Host ID" # Optional "name" : "Endpoint name", } { "ip" : "10.0.0.3", "id" : 37, # In case of OpenStack, this is the project's UUID "tenant_id" : "Tenant ID", # Segment ID. This is the OpenStack equivalent of L3 network' "segment_id" : "Segment ID", # Host ID. "host_id" : "Host ID" # Optional "name" : "Endpoint name", } Example: Get new IP Address POST Response • Available Resources • Tenants, Segments, Endpoints, Hosts, Policies
  • 11. OpenStack Summit Austin Example April 2016romana.io Slide 10 Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Capacity 0 0 0 0 1 0 1 0 Example: Bits Length Purpose 10.0 Network 8 Full Network (10/8) Hosts 8 Up to 255 Hosts Tenants 4 Up to 16 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 8 Up to 255 Endpoints per Segment Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Host ID Bits (4) Capacity 1 0 1 0 1 1 0 0 0 0 0 1 Up to 16 Hosts Example: Bits Length Purpose 172.16 Network 12 Full Network (172.16/12) Hosts 4 Up to 16 Hosts Tenants 4 Up to 16 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 8 Up to 255 Endpoints per Segment Endpoint ID Up to 255 Hosts Up to 255 Tenant/Segments 255 Endpoints Tenant and Segment ID Bits (8) Endpoint ID Up to 255 Tenant/Segments 255 Endpoints Location 12 1-12 16 20 17-20 10/8 Net Mask Host ID Bits (8) Tenant and Segment ID Bits (8) Location 8 1-8 16 9-16 24 21-24 32 25-32 13-16 20 17-20 24 21-24 32 25-32 172.16/12 Net Mask
  • 12. OpenStack Summit Austin Physical Deployment April 2016romana.io Slide 11 192.168.0.10 192.168.0.11 192.168.0.12 Host 1 VM 1: 10.1.1.22 G/W: 10.1.0.1/16 VM 1: 10.1.1.33 VM 1: 10.1.2.44 VM 1: 10.1.2.55 10.2/16 -> 192.168.0.11 10.3/16 -> 192.168.0.12 Host 2 VM 1: 10.2.1.22 G/W: 10.2.0.1/16 VM 1: 10.2.1.33 VM 1: 10.2.2.44 VM 1: 10.2.2.55 10.1/16 -> 192.168.0.10 10.3/16 -> 192.168.0.12 Host 3 VM 1: 10.3.1.22 G/W: 10.3.0.1/16 VM 1: 10.3.1.33 VM 1: 10.3.2.44 VM 1: 10.3.2.55 10.1/16 -> 192.168.0.10 10.2/16 -> 192.168.0.11
  • 13. OpenStack Summit Austin North/South Traffic April 2016romana.io Slide 12 • Neutron Network node routes traffic between segments • Network node performs all L3 functions • East/West traffic encapsulated, but is direct to destination host VXLAN Decap VXLAN Decap VXLAN Encap VXLAN Encap 2 Top of Rack Round Trips East/West Traffic Per Instance Security
  • 14. OpenStack Summit Austin Direct routed paths • Latency dramatically reduced • No Network node • No encap • Identical path for East/West traffic April 2016romana.io Slide 13 Eliminated Bypassed Bypassed Romana Romana 1 Top of Rack Round Trip Per Network Security
  • 15. OpenStack Summit Austin Direct Routing Latency • North/South Latency reduced 50%-85% • 10% improvement for East/West traffic between hosts (no encap) • No performance penalty for local on-host East/West traffic April 2016romana.io Slide 14 North/South (Routed) East/West (Switched) Time (ms) Local Remote Local Remote Native OpenStack 1.51* 1.51 0.24 0.85 Pani Networks 0.24 0.77 0.24** 0.77** Relative Performance Local Remote Local Remote Native OpenStack 100% 100% 100% 100% Pani Networks 16% 51% 100% 90% * All N/S OpenStack traffic goes off host ** All Pani traffic is routed
  • 16. OpenStack Summit Austin Nested Container Networking April 2016romana.io Slide 15 Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Capacity 0 0 0 0 1 0 1 0 Example: Bits Length Purpose 10.0 Network 8 Full Network (10/8) Hosts 8 Up to 255 Hosts Tenants 4 Up to 16 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 8 Up to 255 Endpoints per Segment Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Field Host ID Bits (4) Capacity 1 0 1 0 1 1 0 0 0 0 0 1 Up to 16 Hosts Example: Bits Length Purpose 172.16 Network 12 Full Network (172.16/12) Hosts 4 Up to 16 Hosts Tenants 4 Up to 16 Tenants Segments 4 Up to 16 Segments per Tenant Endpoints 8 Up to 255 Endpoints per Segment Endpoint ID Up to 255 Hosts Up to 255 Tenant/Segments 255 Endpoints Tenant and Segment ID Bits (8) Endpoint ID Up to 255 Tenant/Segments 255 Endpoints Location 12 1-12 16 20 17-20 10/8 Net Mask Host ID Bits (8) Tenant and Segment ID Bits (8) Location 8 1-8 16 9-16 24 21-24 32 25-32 13-16 20 17-20 24 21-24 32 25-32 172.16/12 Net Mask
  • 17. OpenStack Summit Austin Nested Containers April 2016romana.io 192.168.0.10 192.168.0.11 192.168.0.12 Slide 16 Host 1 VM 1: 10.1.1.22 G/W: 10.1.0.1/16 10.2/16 -> 192.168.0.11 10.3/16 -> 192.168.0.12 172.17/16-> 192.168.0.11 172.18/16 -> 192.168.0.12 Pod 172.16.1.8 Pod 172.16.2.9 GW 172.16.0.1/16 172.17/16 -> 10.2.0.1 172.18/16 -> 10.3.0.1 Host 2 VM 1: 10.2.1.22 G/W: 10.2.0.1/16 Pod 172.17.6.8 Pod 172.17.2.11 GW 172.17.0.1/16 172.18/16 -> 10.3.0.1 172.16.16 -> 10.1.0.1 Host 3 VM 1: 10.3.1.22 G/W: 10.3.0.1/16 Pod 172.18.3.8 Pod 172.18.4.9 GW 172.18.0.1/16 172.16/16 -> 10.1.0.1 172.17/16 -> 10.2.0.1 10.1/16 -> 192.168.0.10 10.3/16 -> 192.168.0.12 172.16/16 -> 192.168.0.10 172.18/16 -> 192.168.0.12 10.1/16 -> 192.168.0.10 10.2/16 -> 192.168.0.11 172.16/16 -> 192.168.0.10 172.17/16-> 192.168.0.11
  • 18. OpenStack Summit Austin Ubernetes April 2016romana.io 192.168.0.10 192.168.0.11 192.168.0.12 Slide 17 Host 1 VM 1: 10.1.1.22 G/W: 10.1.0.1/16 10.2/16 -> 192.168.0.11 10.3/16 -> 192.168.0.12 172.17/16-> 192.168.0.11 172.18/16 -> 192.168.0.12 Pod 172.16.1.8 Pod 172.16.2.9 GW 172.16.0.1/16 172.17/16 -> 10.2.0.1 172.18/16 -> 10.3.0.1 Host 2 VM 1: 10.2.1.22 G/W: 10.2.0.1/16 Pod 172.17.6.8 Pod 172.17.2.11 GW 172.17.0.1/16 172.18/16 -> 10.3.0.1 172.16.16 -> 10.1.0.1 Host 3 VM 1: 10.3.1.22 G/W: 10.3.0.1/16 Pod 172.18.3.8 Pod 172.18.4.9 GW 172.18.0.1/16 172.16/16 -> 10.1.0.1 172.17/16 -> 10.2.0.1 10.1/16 -> 192.168.0.10 10.3/16 -> 192.168.0.12 172.16/16 -> 192.168.0.10 172.18/16 -> 192.168.0.12 10.1/16 -> 192.168.0.10 10.2/16 -> 192.168.0.11 172.16/16 -> 192.168.0.10 172.17/16-> 192.168.0.11 WAN
  • 19. OpenStack Summit Austin Demo • OpenStack on four physical machines • Launch VMs on private 10/8 network • Kubernetes running on VMs • Kubernetes Network 172.16/12 • Container Network Interface (CNI) configuration of pods • Romana IPAM allocates IPs for VMs and pods • Chosen specially to maintain static routes and CIDRs to each host and VM • All IPs reachable by construction April 2016romana.io Slide 18
  • 20. OpenStack Summit Austin Thank You… • Network and Security Automation • All details available at romana.io • Open source • Apache 2.0 • github.com/romana • Release v0.8 available now • Integration with OpenStack and Kubernetes April 2016romana.io Slide 19