OpenStack Powered by Tungsten Fabric Sukhdev Kapur Krzysztof Kajkowski Distinguished Engineer, Juniper Networks Director of Engineering, CodiLime Open Infrastructure Summit, Shanghai, November 2019 1
Tungsten Fabric Architecture Overview ORCHESTRATOR / APPS Logical View Compute Network / Storage Orchestration Centralized Policy Definition Orchestration Virtual Network Blue Virtual Network Red TF CONTROLLER BGP FW (Config, Control, Analytics, CSN) NETCONF BGP XMPP Distributed Policy Enforcement … … … Physical IP Fabric TOR (no changes) vRouter Host O/S vRouter Host O/S (Windows, Linux ….) on BMS … DC Computes CPE Devices Public Cloud VM Internet / WAN or Legacy Env. 2 2 Gateway
vRouter Architecture Overview vRouter Agent Host Compute Exchanging control state such as routes with the Control nodes using ● XMPP. Receiving low-level configuration state such as routing instances and ● vRouter Agent forwarding policy from the Control nodes using XMPP Virtual Virtual Reporting analytics state such as logs, statistics, and events to the ● Machine Machine analytics nodes. (Tenant A) (Tenant B) Config VRFs Policy Table Installing forwarding state into the forwarding plane ● Discovering the existence and attributes of VMs in cooperation with ● the Nova agent. User space Applying forwarding policy for the first packet of each new flow and ● installing a flow entry in the flow table of the forwarding plane. Proxying DHCP, ARP, DNS ● NETLINK pkt0 tap-abc tap-xyz vRouter Kernel/DPDK Encapsulating packets sent from the overlay network and ● de-capsulating packets received for the overlay network. Packets received from the overlay network are assigned to a routing vRouter Kernel ● Routing Routing instance based on the MPLS label or Virtual Network Identifier (VNI). Instance Instance Doing a lookup of the destination address of the in the Forwarding vhost0 ● Information Base (FIB) and forwarding the packet to the correct destination. The routes may be layer-3 IP prefixes or layer-2 MAC addresses. Kernel space ethX OR bondX Doing RPF check before sending Virtual machine traffic to ● XMPP destination. This is configurable. Control Node 3 3
vRouter Deployment Models KERNEL vROUTER DPDK vROUTER ● vRouter runs as a user space ● This the normal operation where process and uses DPDK for fast ... ... fwding plane of vRouter runs in vRouter vRouter path Packet I/O. VM1 VM... VM1 VM... the kernel and are connected to Agent Agent VMs using TAP interface (or veth ● Full set of SDN Capabilities pair for containers) Supported ● vRouter itself is enhanced using ● Requires the VMs to have DPDK other performance related enabled for performance features: benefits ○ TSO / LRO ○ Multi-Q Virtio SMARTNIC vROUTER SRIOV/ vROUTER COEXISTENCE ● Some workloads can directly ● vRouter fwding plane runs within SR-IOV into the NIC, while others the NIC ... ... go through the vRouter vRouter vRouter VM1 VNF 2 VM1 VM 2 ● Workloads are SRIOV-connected Agent Agent ● Sometimes a VNF can have to the NIC multiple interfaces some of which are SRIOV-ed to the NIC ● Interfaces that are SRIOV-ed into NIC don’t get the benefits / features of vRouter 4 4
Distributed Networking for VMs, PODs, & BMS On-Prem: BMS & Fabric ● Core Site ● Core Distributed Site Manager ● Edge Site Edge/POP Site Neutron/CNI/DM/Fabric SDN Controller Kubernetes Edge/MC-GW CNI Edge/POP Site Basic Networking: L2/L3 or L2/L3 Network IPAM/DHCP, DNS, Multi-Tenancy Advanced Networking: VLAN-ID, VRRP, VIP, LB, Routes OpenStack Advertisement, GW Function, Service Chaining, Traffic Neutron Steering, Flow awareness, QoS, SR-IOV/DPDK, BGP-VPN, Inter Site Federation, Health Checks, FW, IPSec/TLS Support Edge/POP Site 5 5
Policy Framework Old B e h a v i o r New B e h a v i o r Can we use one policy to be applied in all the different deployments? App1, Deployment = Dev db Web App App1, Deployment = Dev Network Policy = P1 db Web App App1, Deployment = Staging Policy = P App db Web App1, Deployment = Staging Reduced Complexity db Web App 1. Simplified Management Network Policy = P2 2. Improved Scalability 3. App1, Deployment = Prod App1, Deployment = Prod Web db App App db Web … Network Policy = P3 … 6 6
Policy Framework Reuse of policies across multiple clouds and with multiple orchestrators App1, Deployment = Dev-AWS App1, Deployment = Dev Define/Review/Approve Once → Use Everywhere Web db App db App Web y c l i o p e s u e R App1, Deployment = Staging Policy = P Reuse policy App1, Deployment = Dev-K8s App db Web Web App db Reuse policy Reuse policy App1, Deployment = Prod db Web App App1, Deployment = Dev-Mesos … B a r e M e t a l S e r v e r s App1, Deployment = Staging-BMS db Web App db Web App 7 7
Policy Framework – Use Case Example 1 && site allow https-traffic tier=web > tier=app match deployment D e f n allow mysql-traffic tier=app > tier=db match site 2 App = Finance, Deployment = Dev App = Finance, Deployment = Dev Dev Web App Web App E n f o r c e m e n t App = Finance, Deployment = Staging Staging Web App Legacy Data Legacy (tier = db) Data (tier = db) Production App = Finance, Deployment = Prod Web App site = US site = EMEA 8 8
Tungsten Fabric Deployment Models with Openstack Two Deployment models ● Monolithic Plugin ○ ML2 based - this is used in the demo ○ Neutron ML2 Plugin TypeDriver MechanismDriver OpenDaylight Open Contrail OpenvSwitch Networking Cisco Nexus Arista VLAN GRE VxLAN Flat 9 9
Tungsten Fabric and ML2 demo ● Running Tungsten Fabric SDN along with other ML2 drivers ● This facilitates: Running OVS, SR-IOV and vRouter based works simultaneously ○ Running OVS and SR-IOV workloads and have Tungsten Fabric manage the ○ fabric Live migration of OVS based computes to vRouter based computes ○ https://opendev.org/x/networking-opencontrail 10 10
Demo Setup Overview vMX (on b1s19 - node2) QFX vMX ge-0/0 xe-0/0 xe-0/1 xe-0/2 xe-0/3 eth0 eth0 eth0 b1s19 - node3 b1s19 - node1 b1s19 - node4 VM VM VM VM VM VM SRIOV OVS TF 11 11
Live Migration Scenario LAN 50.50.50.0/24 eth0 eth0 eth0 b1s19 - node3 b1s19 - node1 b1s19 - node4 VM-SRIOV VM-OVS VM-MIGRATE VM-ROUTER VM-MIGRATE 50.50.50.200 50.50.50.231 50.50.50.183 50.50.50.76 50.50.50.183 12 12
The Demo 13
Questions & Answers 14
Try Tungsten Fabric Tungsten Fabric 15 minute deployment with k8s on AWS 15
THANK YOU. 16
Recommend
More recommend
