O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

DragonFlow sdn based distributed virtual router for openstack neutron

2.715 visualizações

Publicada em

Dragonflow is an implementation of a fully distributed virtual router for OpenStack® Neutron™ that is based on a light weight SDN controller
blog.gampel.net

Publicada em: Engenharia
  • Seja o primeiro a comentar

DragonFlow sdn based distributed virtual router for openstack neutron

  1. 1. Eran Gampel Chief Architect, Huawei European Research Center Eshed Gal-Or Sr Research Architect, Huawei European Research Center DragonFlow Solution Overview
  2. 2. Page 2 The Problem Network Node Bottleneck  All inter-subnet traffic goes through the network controller  In a typical cloud deployment scenario, most East-West application traffic is between subnets (e.g. the popular Web→App→DB pattern)  Current model is mimicking physical world (router) network elements using virtual software components  Using the Linux network namespace  Pre-configured (regardless of actual need)
  3. 3. Page 3 Host 4 The Problem – continued (single tenant) Host 1 VM1 WWW Neutron Network Node Host 2 VM2 App Host 3 VM3 DB Overlay network Logical Connection Physical Switch Physical network
  4. 4. Page 4 The Problem – at scale (16 tenants) Host 4 Neutron Controller Host 4 Neutron Controller Physical Switch(es) Host 4 Neutron Controller Host 4Host 1 VM1 WWW Network Node Host 2 VM2 App Host 3 VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB Host 7 VM1 WWW Host 6 VM2 App Host 5 VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB Host 11 VM1 WWW Host 12 VM2 App Host 13 VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB Host 17 VM1 WWW Host 16 VM2 App Host 15 VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB Overlay network Logical Connection Physical network
  5. 5. Page 5 State of the art (DVR) (Openstack Juno)  Proactive approach (pre-configuring 100% of possible flows)  Distribute L3 services on compute nodes  Linux namespace is cloned to all compute nodes that participate in a tenant network  Keeps all namespace in all compute nodes synchronized
  6. 6. Page 6 Introduction  Dragonflow is an implementation of a fully distributed virtual router for OpenStack® Neutron™ that is based on a light weight SDN controller  The main purpose of DragonFlow is to simplify management of the virtual router, while improving performance and scale and eliminating the single point of failure, as well as the notorious Network Node Bottleneck  As opposed to using big running software entities to represent virtual network elements (e.g. router), Dragonflow compiles the virtual router into standard forwarding element flows
  7. 7. Page 7 Architecture
  8. 8. Page 8 DragonFlow Advantages (vs. Juno DVR)  Simple and nimble architecture  Very small change impact on Neutron (vs. very big change impact)  Higher performance (+20% from initial benchmarks)  Simpler management (Only actual flows are distributed to forwarding elements instead of all possibilities)  Higher scalability and flexibility  Elastic architecture allows scaling in and out as the managed instance network grows/shrinks  Utilize the power of SDN (vs. legacy hard-wired opaque software)
  9. 9. Page 9 Control Node Neutron Service Plugins Network Node Bootstrap L3 Service L3 Controller Agent L3 App Message Queue (AMQP) Compute Node Neutron Agent OVS qbrXXX VM br-tun br-int vxlan qvoXXX patch-tun patch-int IPTables Core Plugins ML2 IPTables Namespace DHCP Agent DHCP Service OpenFlow Install L3 pipline (L3 Agent) Legacy SNAT/FIP
  10. 10. Page 10 OpenFlow pipeline And the NORMAL pipeline Hybrid OpenFlow Switch OVS OpenFlow processing pipeline Normal L2 Switch Input Output Packet In Packet Out Forward to controller (ofp PACKET_IN) NORMAL Drop OpenFlow Controller  Introduced in OpenFlow/1.1. Hybrid switches support concurrent operation of both OpenFlow pipeline and normal (legacy) Ethernet switching functionality. The hybrid switch allows forwarding of packets from the OpenFlow pipeline to the normal pipeline through the NORMAL and FLOOD reserved ports. Act as two completely separated switches
  11. 11. Page 11 L3 Installed pipeline Virtual Router using flows- All L2 is offloaded to the normal path
  12. 12. Page 12 L3 Controller Agent L3 SDN Application Logic Compute Node Controller L3 App OVS qbrZZZ VMzzz br-tun br-int vxlan qvoZZZ patch-tun patch-int qbrWWW VMwww qvoWWW Port VLAN TAG: 2 qbrXXX VMxxx qvoXXX qbrYYY VMyyy qvoYYY Port VLAN TAG: 1 Neutron DB OpenFlowOpenFlow VMwww first TCP connection with VMyyy Tenant A, Subnet 2 Tenant A, Subnet 1 1 1st TCP_SYN DST: VMyyy Packet is sent to controller Matched as VM to VM inter Subnet Traffic in the L3 forwarding table 2 If route (www to yyy) possible, install flow and reverse_flow PACKET_OUT 1st TCP_SYN DST: VMyyy 3
  13. 13. Page 13 L3 Controller Agent L3 SDN Application Logic same compute Node Compute Node Controller L3 App OVS qbrZZZ VMzzz br-tun br-int vxlan qvoZZZ patch-tun patch-int qbrWWW VMwww qvoWWW Port VLAN TAG: 2 qbrXXX VMxxx qvoXXX qbrYYY VMyyy qvoYYY Port VLAN TAG: 1 Neutron DB OpenFlow FLOW_MOD match: vid src_mac src_ip dst_mac dst_ip action: pop_vlan change src_mac change dst_mac output: port qvoYYY Tenant A, Subnet 2 Tenant A, Subnet 1 FLOW_MOD match: vid src_mac src_ip dst_mac dst_ip action: pop_vlan change src_mac change dst_mac output: port qvoWWW 4 5 Install Flow and Reverse Flow For Inter Subnet L3 Traffic
  14. 14. Page 14 L3 Controller Agent L3 SDN Application Logic cross compute Node Controller L3 App Compute Node OVS qbrZZZ VMzzz br-tun br-int vxlan qvoZZZ patch-tun patch-int Port VLAN TAG: 2 qbrYYY VMyyy qvoYYY Port VLAN TAG: 1 Neutron DB OpenFlow Compute Node OVS br-tun br-int vxlan patch-tun patch-int qbrWWW VMwww qvoWWW Port VLAN TAG: 2 qbrXXX VMxxx qvoXXX Port VLAN TAG: 1 OpenFlow VMwww first TCP connection with VMyyy 1st TCP_SYN DST: VMyyy If route (www to yyy) possible, install flow and reverse_flow FLOW_MOD match: vid src_mac src_ip dst_mac dst_ip action: pop_vlan change src_mac change dst_mac output: port qvoYYY FLOW_MOD match: vid src_mac src_ip dst_mac dst_ip action: pop_vlan change src_mac change dst_mac output: port qvoWWW PACKET_OUT 1st TCP_SYN DST: VMyyy 1 2 3 4 5
  15. 15. Page 15 DragonFlow Feature List  Current Release (Kilo)  APIs for routing IPv4 East-West traffic  Performance improvement for inter-subnet network by removing the amount of kernel layers (namespaces and their TCP stack overhead)  Scalability improvement for inter-subnet network by offloading L3 East-West routing from the Network Node to all Compute Nodes  Reliability improvement for inter-subnet network by removal of Network Node from the East-West traffic  Simplified virtual routing management  Supports all type drivers GRE/Vxlan/VLAN  Centralized North-South traffic  Support for HA, in case the connection to the Controller is lost, fall back to the legacy L3 implementation until recovery. Reused all the legacy L3 HA. (Controller HA will be supported in the next release).  Supports Centralized IPv6  Next Release Plan ( discussion for liberty )  Add support for North-South L3 IPv4 distribution (SNAT and DNAT)  Multi Controller Support ( Equal and Master Slave)  Add support for IPv6  For the complete list go to the Blueprints on the project Homepage
  16. 16. Page 16 External Links  Homepage: http://launchpad.net/dragonflow  Documentation: http://goo.gl/rq4uJC  Source: http://git.openstack.org/cgit/stackforge/dragonflow  Bugs: http://bugs.launchpad.net/dragonflow  Blogs: blog.gampel.net, http://galsagie.github.io  IRC : #openstack-dragonflow

×