Scaling Up OpenStack Networking with Routed Networks Carl Baldwin, - - PowerPoint PPT Presentation

Scaling Up OpenStack Networking with Routed Networks

Carl Baldwin, Neutron Developer, IBM Cloud @CarlNBaldwin Miguel Lavalle, Neutron Development Lead, IBM Linux Technology Center

Agenda

• Why Routed Networks
• Layer 2 and layer-3 networks at scale
• Routed Networks implementation
• Changes to Neutron
• Interaction with the Nova scheduler
• Configuration
• Demo

Agenda

• Why Routed Networks
• Layer 2 and layer-3 networks at scale
• Routed Networks implementation
• Changes to Neutron
• Interaction with the Nova scheduler
• Configuration
• Demo

Neutron excels at ….

TenantA-VM1 10.0.0.2 TenantA-VM3 9.0.0.2 TenantA-VM2 10.0.0.3 9.0.0.3

Load Balancer Public Net 88.0.0.0/18 Tenant-A Net1 10.0.0.0/24 Tenant-A Net2 9.0.0.0/24

Providing a rich toolkit to create complex networking topologies

Neutron also excels at ….

VXLAN 123567 physnet1 VLAN 37 physnet2 VLAN 413 VM 1 VM 2 VM 3

• The entire network constitutes a contiguous layer-2 domain
• Ports associated with network, not specific segment
• Ports bound automatically to segment with connectivity

Enabling admins to create complex layer-2 provider networks

But what if ….

Tenants only need to connect VM’s to a single or few shared networks

VXLAN 123567 physnet1 VLAN 37

VM VM VM VM VM VM

physnet1 VLAN 820

VM VM VM VM VM VM

One alternative is to create one large layer-2 network

• These networks become complex at larger scale
• Also have large failure domains

Layer-2 network

Another alternative to achieve scale ….

Collection of distinct networks routed together to the outside:

network-1

VM VM VM VM VM VM

network-2

VM VM VM VM VM VM

network-3

VM VM VM VM VM VM

• Leaves the choice of which network to select to the user
• This is confusing, since nothing distinguishes one network

from the other

Routed Networks

segment 1

VM VM VM VM VM

segment 2

VM VM VM VM VM

Layer-3 Layer-2

• Users boot instances to a routed network presented as a

single entity. The compute host determines the segment.

• This allows for simplicity and scalability simultaneously

Agenda

• Why Routed Networks
• Layer-2 and layer-3 networks at scale
• Routed Networks implementation
• Changes to Neutron
• Interaction with the Nova scheduler
• Configuration
• Demo

Segments

• A segment contains the encapsulation details used to carry

level-2 traffic

• Each network has at least one segment associated with it
• Segment details
• network_type - how traffic is encapsulated
• segmentation_id - the encapsulation identifier
• physical_network - a unique name for the physical network the

encapsulated traffic will be sent on

• With L2 networks, multiple segments on the same netwoks

are assumed to be bridged together

• Not true for routed networks

Network Segment API extension

• New in Newton as part of the implementation of routed

networks

• Moved segments from ML2 DB to the core DB model
• Made segment an API resource with uuid
• CRUD operations for segments as part of the ReST API
• Exposed as a service plugin
• Not enabled by default
• All core plugins are not guaranteed to work with it
• Available with:
• ML2 agents based implementation
• Ml2 OVN mechanism driver. Requires own host mapping mechanism

Subnets associate to segments in routed networks

segment 1 172.16.0.0/22 segment 2 172.16.2.0/22 segment 3 172.16.8.0/22 segment 1 172.16.12.0/22

Subnets associate to segments in routed networks

• Associating a subnet to a segment
• $ openstack subnet create --network multinet --ip-version 4
• -network-segment my-segment --subnet-range 172.16.0.0/22

multinet-segment1-subnet

• This turns a network into a routed network
• Networks have a new attribute l2_adjacency
• When a network is originally created, l2_adjacency is True
• When subnets are assigned to segments, it becomes a

routed network and its l2_adjacency becomes False

• Cannot mix subnets with segments and without segments in

the same network

Each segment requires at least one DHCP agent

segment 1 172.16.0.0/22 segment 2 172.16.2.0/22 segment 3 172.16.8.0/22 segment 1 172.16.12.0/22 DHCP DHCP DHCP DHCP If segments are small, DHCP can run in one of the compute nodes in each rack

Ports in routed networks

• In a routed network, a port cannot get ip addresses until it is

bound, when the segment it will be connected to is known

• These unbound ports have an empty fixed_ips attribute
• Ports have a new attribute ip_allocation
• immediate for bound and unbound ports in l2 networks
• immediate for ports in routed networks that were bound at creation
• deferred for routed networks ports that were unbound at creation.
• It will remain deferred even after binding
• Neutron maintains a hosts to segments mapping
• Used during host binding to allocate ip addresses
• Available in ML2 agent based implementations and OVN

Floating IPs

• Floating IP subnets
• BGP
• With Neutron router
• Routed external

gateway

• No Neutron router
• NAT on the port?
• DVR
• Fixed IPs

segment 1 physnet1 172.16.0.0/22 segment 2 segment 3 segment 1 physnet1 172.16.4.0/22 physnet1 172.16.8.0/22 physnet1 172.16.12.0/22 Datacenter Routing 203.0.113.0.251

• > 172.16.12.199

203.0.113.0/24 203.0.113.0.43

• > 172.16.0.227

BGP Speaker

Routed networks and Nova scheduling

Segments topology and ip address availability have to be considered by the Nova scheduler to place instances in compute nodes if routed networks are involved, both when booting and when live migrating

segment 1 172.16.0.0/22 segment 2 172.16.2.0/22 segment 3 172.16.8.0/22 segment 1 172.16.12.0/22

Changes to Nova scheduling (Ocata)

• Creation of instance’s ports moved from compute manager to

conductor and will take place prior to placement decision

• There are four use cases:

User requests Scheduler places instance at: Boot with port id. Port has no IP address Any segment with available ip addresses Boot with port id. Port has IP address Segment with subnet containing ip address Boot with network id Any segment with available ip addresses Instance move Segment with subnet containing ip address

Nova Generic Resource Pools API

Resource Pool Inventories Aggregates DISK_GB IPV4_ADDRESS Host 1 Host n

….. A resource pool represents a provider of resources: e.g. segments provide IPv4 addresses

Resource Pools for routed networks

Resource Pool Inventories Aggregates IPV4_ADDRESS Host 1 Host n

….. Only created for routed networks segments

‘Neutron segment id <uuid>’

Updated for every subnet associated with the segment Based on hosts segments mapping

Agenda

• Why Routed Networks
• Layer 2 and layer-3 networks at scale
• Routed Networks implementation
• Changes to Neutron
• Interaction with the Nova scheduler
• Configuration
• Demo

Physical preparation

• Unique physnet per segment
• VLAN number is independent per physnet
• VLAN ids can be re-used from segment to segment
• DHCP agent hosts per physnet
• Your choice of routing architecture

Neutron Configuration

• Configure segments service plugin
• Bridge mappings
• OVN provides a different way to configure host to segment access
• Create network
• Includes creating the segments with multi-provider extension
• Creating segments after network creation is also supported
• Create subnets
• Include segment_id from previous step with each subnet create

Agenda

• Why Routed Networks
• Layer 2 and layer-3 networks at scale
• Routed Networks implementation
• Changes to Neutron
• Interaction with the Nova scheduler
• Configuration
• Demo

Demo set-up

allinone compute1 segment 1 compute2 + Network compute3 segment 2 iprouter 10.1.0.0/24 fd2a:d02c:d36b:1a::/64 physnet1, vlan id 2016 10.1.1.0/24 fd2a:d02c:d36b:1b::/64 physnet2, vlan id 2016 https://github.com/miguellavalle/routednetworksvagrant

Thank You

Double Content (Layout)