SlideShare a Scribd company logo

2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration

Download as PPTX, PDF
James Denton, profile picture
James Denton

The document discusses the migration of production workloads from Open vSwitch (OVS) to LinuxBridge within Rackspace's private cloud environment, emphasizing the need for reliability and stability. It outlines various migration plans, challenges associated with the schema differences between OVS and LinuxBridge, and key preparation steps required for a successful migration. Additionally, it highlights benchmarks comparing performance metrics between OVS and LinuxBridge, concluding that while OVS has more features, stability is prioritized for customers.

Internet
1 of 44
Downloaded 324 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Migrating production workloads from OVS to LinuxBridge Kevin Stevens (kevin.stevens@rackspace.com) James Denton (james.denton@rackspace.com)
Weโ€™re operators! Kevin Stevens โ€ข RPC Engineer since 2012 (Essex) โ€ข IRC: k_stev on irc.freenode.net James Denton โ€ข RPC Network Engineer since 2012 (Essex) โ€ข IRC: busterswt on irc.freenode.net
What are we doing here? 1 A history of networking in Rackspace Private Cloud 2 3 4 Our experiences with Open vSwitch Swapping out OVS with LinuxBridge What to expect with each
2011 Started building OpenStack-powered private clouds 2012 Began architecting, building and supporting private clouds in customer DCs 2013 Over 100 customers running Rackspace Private Clouds 2014 Released RPC v9 based on Icehouse. 99.99% API uptime SLA.
RPC v2.0/3.0 RPC v4.0/4.1 RPC v4.2 RPC v9.0 OpenStack Release Folsom Grizzly Havana Icehouse Network Stack nova-network Quantum Neutron Neutron L2 Connectivity flatDHCP Open vSwitch Open vSwitch LinuxBridge (ML2) L3 Agent Support N/A No Yes Yes Host OS Ubuntu 12.04 LTS Ubuntu 12.04 LTS CentOS 6.5 RHEL 6.5 Ubuntu 12.04 LTS Ubuntu 14.04 LTS The Evolution of Networking in RPC
Why Neutron?
Why Neutron w/ Open vSwitch? โ€ขOpen vSwitch pushed by community โ€ขOpen vSwitch pushed by packagers โ€ขWanted overlay networks
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
The problems โ€ขKernel panics (1.10) โ€ขovs-vswitchd segfaults (1.11) โ€ขBroadcast storms โ€ขData corruption (2.01)
Why Linux Bridge?
Why move to LinuxBridge? โ€ขLooking for reliability and stability โ€ขLess moving parts โ€ขEasier to troubleshoot โ€ขSupported by the community
โ€ข Flexibility provided by overlay networking (if not using vxlan) โ€ข Neutron Distributed Virtual Routers (Juno) โ€ข Any customizability provided by OVS not implemented by Neutron itself www.rackspace.com 12 What do we lose by moving?
Planning
Plan A: Scorch the earth! โ€ขSnapshot and delete all instances โ€ขDelete all networks โ€ขChange from OVS -> LB โ€ขRecreate all networks โ€ขBoot instances โ€ขโ€ฆ โ€ข It works butโ€ฆ
But waitโ€ฆ these are production environments!
Plan B: Migration Environment โ€ขDeploy LinuxBridge environment โ€ขSnapshot all instances โ€ขImport images into new environment โ€ขBuild new instances โ€ขCutover โ€ขโ€ฆ โ€ข It works, butโ€ฆ $$$
Plan C: Switch it out! โ€ขStop services โ€ขUpdate the database โ€ขChange the configuration from OVS -> LB โ€ขRestart services โ€ขโ€ฆ โ€ข Profit!
Issues with migrating โ€ข Neutron OVS DB schema != Neutron LinuxBridge DB schema โ€“ Migration to OVS ML2 DB schema is required first โ€ข Overlay networks may not supported โ€“ LinuxBridge uses VXLAN rather than GRE โ€“ Requires kernel >= 3.9 โ€ข Means GRE networks must be converted to VLAN networks โ€“ Didnโ€™t want to introduce additional complexity โ€“ VLANs easier to troubleshoot if something went wrong
The Process
Preparation โ€ข Determine whatโ€™s needed: โ€“Dependencies โ€“Some method of converting database to ML2 schema โ€“Some method of converting data to LB from OVS โ€“Which configuration files need mangling โ€“Which services need disabling โ€“Which services need restarting โ€“Roll-back plan
Define a successful outcome โ€ข Can instances gain a DHCP lease? โ€ข Do instances have internal/external connectivity? โ€ข Are security groups/other functions still operational? โ€ขWere instances placed into the correct bridge? โ€ข Will the changes survive a reboot?
Normal OVS Operation (Network Node)
Normal OVS Operation (Compute Node)
First steps: Database manipulation โ€ข Backup! Backup! Backup! โ€ข Use migrate_to_ml2.py (modified) to change the DB schema โ€ข Update segments, ports and vlan tables โ€“Change GRE to VLAN โ€“Change segmentation id to real VLAN ID โ€“Set a provider bridge
Next steps: Install and Configure โ€ข Install the LinuxBridge plugin โ€ข Update SQL connection strings โ€ข Configure ml2_conf.ini / linuxbridge_conf.ini โ€ข Change driver from OVS to ML2 in Neutron and Nova conf files
Next steps: Pull ports from bridges โ€ข Stop Neutron services on all nodes โ€ข Remove host data-plane port from the OVS bridge(s) โ€ข Pull instance taps out of the OVS-related linux bridges โ€ข Remove router and dhcp interfaces from OVS integration bridge โ€ข Stop Openvswitch
Interfaces removed from bridges
Stop openvswitch services
Finally: Restart services โ€ข Start Neutron services โ€ข Restart compute services
Post Service Restart (Network Node)
Post Service Restart (Compute Node)
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
Failure Scenarios โ€ขInstances unresponsive? โ€“Check traffic from tap->bridge->physical interface โ€“Verify VLANs properly trunked through (and VLANs created on the switch) ๏Š
Failure Scenarios (Contโ€™d) โ€ขIPs disappear or taps placed in QBR bridges โ€“Check Nova instance_info_caches table. โ€“Cache can be regenerated with a hard reboot of instance, or by adding an interface to the instance
Failure Scenarios (Contโ€™d Contโ€™d) โ€ข Unable to boot new instances? โ€“ Usual troubleshooting techniques should be used โ€ข DHCP Binding_failed error messages? โ€“ Check /etc/default/neutron-server is referencing ML2 configuration file โ€ข BRQ bridges not built? โ€“ Verify New agents checking in? โ€“ Verify the LinuxBridge agent is installed and running
Benchmarks
Compare all the things 8 4 2 0.00 1.00 2.00 3.00 4.00 5.00 6.00 7.00 8.00 9.00 10.00 * Host-to-host testing; no virtualization. Longer is better. 1 Aggregate Throughput (Gbps) # of Threads iPerf3 Benchmarks (TCP / 1500 MTU / 10G Data) โ€“ Intel X520* (ixgbe driver) Open vSwitch (VXLAN) LinuxBridge (VXLAN) Open vSwitch (GRE) Open vSwitch (VLAN) LinuxBridge (VLAN)
Compare all the things SCP File Transfers (10G file)* 115.00 Seconds 104.00 Seconds * Host-to-host testing; no virtualization. Longer is better. 61.50 Seconds 59.75 Seconds 110.50 Seconds 0.00 20.00 40.00 60.00 80.00 100.00 120.00 140.00 160.00 180.00 200.00 OVS VXLAN LB VXLAN OVS GRE OVS VLAN LB VLAN Transfer Speed (MBps)
Compare all the things SCP File Transfers (10G file)* 115.00 Seconds 104.00 Seconds * Host-to-host testing; no virtualization. Longer is better. 61.50 Seconds 59.75 Seconds 110.50 Seconds 0.00 20.00 40.00 60.00 80.00 100.00 120.00 140.00 160.00 180.00 200.00 OVS VXLAN LB VXLAN OVS GRE OVS VLAN LB VLAN Transfer Speed (MBps)
Compare all the things SCP File Transfers (10G file)* 115.00 Seconds 104.00 Seconds * Host-to-host testing; no virtualization. Longer is better. 61.50 Seconds 59.75 Seconds 110.50 Seconds 0.00 20.00 40.00 60.00 80.00 100.00 120.00 140.00 160.00 180.00 200.00 OVS VXLAN LB VXLAN OVS GRE OVS VLAN LB VLAN Transfer Speed (MBps)
โ€ข OVS provides a great deal of functionality โ€ข Network stability more important for our customers than being on the cutting edge โ€ข Linux bridge provides almost all of the features we might want to use โ€ข How to migrate existing environments to LinuxBridge โ€ข Improved stability and comparable performance with OVS achieved www.rackspace.com 41 In Summary
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
Questions?
Download @ https://github.com/busterswt/openstackparis2014

More Related Content

PDF
Understanding Open vSwitch
YongKi Kim
ย 
PPTX
SDN Architecture & Ecosystem
Kingston Smiler
ย 
PDF
็ฌฌ20ๅ›ž OpenStackๅ‹‰ๅผทไผš Neutron Deep Dive - DVR
Toru Makabe
ย 
PDF
Linux Networking Explained
Thomas Graf
ย 
PPTX
The Basic Introduction of Open vSwitch
Te-Yen Liu
ย 
PDF
ML2/OVN ใ‚ขใƒผใ‚ญใƒ†ใ‚ฏใƒใƒฃๆฆ‚่ฆณ
Yamato Tanaka
ย 
PDF
ONOS SDN Controller - Clustering Tests & Experiments
Eueung Mulyana
ย 
PDF
๏ฟผๅ›ใซใ‚‚ใงใใ‚‹! ใซใ‚…ใƒผใจใ‚ใ‚“ๅ›ใซใชใฃใฆใฟใ‚ˆใƒผ๏ผ๏ผ ใ€ŒNeutronใซใชใฃใฆ็†่งฃใ™ใ‚‹OpenStack Net - OpenStackๆœ€ๆ–ฐๆƒ…ๅ ฑใ‚ปใƒŸใƒŠใƒผ ...
VirtualTech Japan Inc.
ย 
Understanding Open vSwitch
YongKi Kim
ย 
SDN Architecture & Ecosystem
Kingston Smiler
ย 
็ฌฌ20ๅ›ž OpenStackๅ‹‰ๅผทไผš Neutron Deep Dive - DVR
Toru Makabe
ย 
Linux Networking Explained
Thomas Graf
ย 
The Basic Introduction of Open vSwitch
Te-Yen Liu
ย 
ML2/OVN ใ‚ขใƒผใ‚ญใƒ†ใ‚ฏใƒใƒฃๆฆ‚่ฆณ
Yamato Tanaka
ย 
ONOS SDN Controller - Clustering Tests & Experiments
Eueung Mulyana
ย 
๏ฟผๅ›ใซใ‚‚ใงใใ‚‹! ใซใ‚…ใƒผใจใ‚ใ‚“ๅ›ใซใชใฃใฆใฟใ‚ˆใƒผ๏ผ๏ผ ใ€ŒNeutronใซใชใฃใฆ็†่งฃใ™ใ‚‹OpenStack Net - OpenStackๆœ€ๆ–ฐๆƒ…ๅ ฑใ‚ปใƒŸใƒŠใƒผ ...
VirtualTech Japan Inc.
ย 

What's hot (20)

PPTX
Introduction to DPDK
Kernel TLV
ย 
PDF
Open vSwitch Introduction
HungWei Chiu
ย 
PPTX
Packet flow on openstack
Achhar Kalia
ย 
PDF
OpenStack NeutronใฎๆฉŸ่ƒฝๆฆ‚่ฆ - OpenStackๆœ€ๆ–ฐๆƒ…ๅ ฑใ‚ปใƒŸใƒŠใƒผ 2014ๅนด12ๆœˆ
VirtualTech Japan Inc.
ย 
PDF
20150511 jun lee_openstack neutron ๋ถ„์„ (์ตœ์ข…)
rootfs32
ย 
PDF
VPNaaS in Neutron
Kazunori Takeuchi
ย 
PDF
RDMA, Scalable MPI-3 RMA, and Next-Generation Post-RDMA Interconnects
inside-BigData.com
ย 
PDF
Intel dpdk Tutorial
Saifuddin Kaijar
ย 
ODP
Dpdk performance
Stephen Hemminger
ย 
PPTX
EVPN-Presentation.pptx
VimalMallick
ย 
PDF
ๆ—ฅๆœฌOpenStackใƒฆใƒผใ‚ถไผš ็ฌฌ37ๅ›žๅ‹‰ๅผทไผš
Yushiro Furukawa
ย 
PPTX
OVN ่จญๅฎšใ‚ตใƒณใƒ—ใƒซ ๏ฝœ OVN config example 2015/12/27
Kentaro Ebisawa
ย 
PDF
1000 Ccna Questions And Answers
CCNAResources
ย 
PDF
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Netgate
ย 
PDF
OpenStackใƒˆใƒฉใƒ–ใƒซใ‚ทใƒฅใƒผใƒ†ใ‚ฃใƒณใ‚ฐๅ…ฅ้–€
VirtualTech Japan Inc.
ย 
PDF
Service Function Chaining in Openstack Neutron
Michelle Holley
ย 
PPTX
OpenvSwitch Deep Dive
rajdeep
ย 
PDF
็Ÿฅใฃใฆใ„ใ‚‹ใ‚ˆใ†ใง็Ÿฅใ‚‰ใชใ„Neutron -ไปฎๆƒณใƒซใƒผใ‚ฟใฎๅ†—้•ทใจๅˆ†ๆ•ฃ- - OpenStackๆœ€ๆ–ฐๆƒ…ๅ ฑใ‚ปใƒŸใƒŠใƒผ 2016ๅนด3ๆœˆ
VirtualTech Japan Inc.
ย 
PDF
BGP Unnumbered ใง้Šใ‚“ใงใฟใŸ
akira6592
ย 
PDF
DPDK & Layer 4 Packet Processing
Michelle Holley
ย 
Introduction to DPDK
Kernel TLV
ย 
Open vSwitch Introduction
HungWei Chiu
ย 
Packet flow on openstack
Achhar Kalia
ย 
OpenStack NeutronใฎๆฉŸ่ƒฝๆฆ‚่ฆ - OpenStackๆœ€ๆ–ฐๆƒ…ๅ ฑใ‚ปใƒŸใƒŠใƒผ 2014ๅนด12ๆœˆ
VirtualTech Japan Inc.
ย 
20150511 jun lee_openstack neutron ๋ถ„์„ (์ตœ์ข…)
rootfs32
ย 
VPNaaS in Neutron
Kazunori Takeuchi
ย 
RDMA, Scalable MPI-3 RMA, and Next-Generation Post-RDMA Interconnects
inside-BigData.com
ย 
Intel dpdk Tutorial
Saifuddin Kaijar
ย 
Dpdk performance
Stephen Hemminger
ย 
EVPN-Presentation.pptx
VimalMallick
ย 
ๆ—ฅๆœฌOpenStackใƒฆใƒผใ‚ถไผš ็ฌฌ37ๅ›žๅ‹‰ๅผทไผš
Yushiro Furukawa
ย 
OVN ่จญๅฎšใ‚ตใƒณใƒ—ใƒซ ๏ฝœ OVN config example 2015/12/27
Kentaro Ebisawa
ย 
1000 Ccna Questions And Answers
CCNAResources
ย 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Netgate
ย 
OpenStackใƒˆใƒฉใƒ–ใƒซใ‚ทใƒฅใƒผใƒ†ใ‚ฃใƒณใ‚ฐๅ…ฅ้–€
VirtualTech Japan Inc.
ย 
Service Function Chaining in Openstack Neutron
Michelle Holley
ย 
OpenvSwitch Deep Dive
rajdeep
ย 
็Ÿฅใฃใฆใ„ใ‚‹ใ‚ˆใ†ใง็Ÿฅใ‚‰ใชใ„Neutron -ไปฎๆƒณใƒซใƒผใ‚ฟใฎๅ†—้•ทใจๅˆ†ๆ•ฃ- - OpenStackๆœ€ๆ–ฐๆƒ…ๅ ฑใ‚ปใƒŸใƒŠใƒผ 2016ๅนด3ๆœˆ
VirtualTech Japan Inc.
ย 
BGP Unnumbered ใง้Šใ‚“ใงใฟใŸ
akira6592
ย 
DPDK & Layer 4 Packet Processing
Michelle Holley
ย 
Ad

Viewers also liked (12)

PPTX
DevOops - Lessons Learned from an OpenStack Network Architect
James Denton
ย 
ODP
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
Saju Madhavan
ย 
PDF
Osdc2014 openstack networking yves_fauser
yfauser
ย 
PPTX
Vxlan frame format and forwarding
Mohammed Umair
ย 
PPTX
Introduction to vxlan
Mohammed Umair
ย 
PDF
OpenStack Networking
Ilya Shakhat
ย 
PDF
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
harryvanhaaren
ย 
PPT
Whats kpi
tednarusmith
ย 
PPT
Kpi logistics examples
tednarusmith
ย 
PPTX
Criterias creative idea
Alex Demin
ย 
PDF
book
Dao Quynh
ย 
PPT
What kpi
tednarusmith
ย 
DevOops - Lessons Learned from an OpenStack Network Architect
James Denton
ย 
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
Saju Madhavan
ย 
Osdc2014 openstack networking yves_fauser
yfauser
ย 
Vxlan frame format and forwarding
Mohammed Umair
ย 
Introduction to vxlan
Mohammed Umair
ย 
OpenStack Networking
Ilya Shakhat
ย 
OVS and DPDK - T.F. Herbert, K. Traynor, M. Gray
harryvanhaaren
ย 
Whats kpi
tednarusmith
ย 
Kpi logistics examples
tednarusmith
ย 
Criterias creative idea
Alex Demin
ย 
book
Dao Quynh
ย 
What kpi
tednarusmith
ย 
Ad

Similar to 2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration (20)

PPTX
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Cloud Native Day Tel Aviv
ย 
PDF
OpenStack and OpenContrail for FreeBSD platform by Michaล‚ Dubiel
eurobsdcon
ย 
PDF
10 sdn-vir-6up
Sachin Siddappa
ย 
PPTX
Dragonflow Austin Summit Talk
Eran Gampel
ย 
PPTX
nested-kvm
sethuraman ramanathan
ย 
PDF
Cumulus Linux 2.5 Overview
Cumulus Networks
ย 
PPTX
OpenStack Networking and Automation
Adam Johnson
ย 
PPTX
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Cloud Native Day Tel Aviv
ย 
PPTX
Dragonflow 01 2016 TLV meetup
Eran Gampel
ย 
PDF
Software Defined Networks (SDN) na przykล‚adzie rozwiฤ…zania OpenContrail.
Semihalf
ย 
PDF
VMworld 2013: Advanced VMware NSX Architecture
VMworld
ย 
PDF
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
nvirters
ย 
PDF
Open Networking for Your OpenStack
Cumulus Networks
ย 
PPTX
Reference design for v mware nsx
solarisyougood
ย 
PDF
Open stack networking_101_part-2_tech_deep_dive
yfauser
ย 
PDF
Open stack networking_101_update_2014-os-meetups
yfauser
ย 
PDF
Nvp deep dive_session_cee-day
yfauser
ย 
PPTX
VIO on Cisco UCS and Network
Yousef Morcos
ย 
ODP
Cloudstack networking2
Hiroaki Kawai
ย 
PPTX
Optimising nfv service chains on open stack using docker
Satya Sanjibani Routray
ย 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Cloud Native Day Tel Aviv
ย 
OpenStack and OpenContrail for FreeBSD platform by Michaล‚ Dubiel
eurobsdcon
ย 
10 sdn-vir-6up
Sachin Siddappa
ย 
Dragonflow Austin Summit Talk
Eran Gampel
ย 
nested-kvm
sethuraman ramanathan
ย 
Cumulus Linux 2.5 Overview
Cumulus Networks
ย 
OpenStack Networking and Automation
Adam Johnson
ย 
Running Neutron at Scale - Gal Sagie & Eran Gampel - OpenStack Day Israel 2016
Cloud Native Day Tel Aviv
ย 
Dragonflow 01 2016 TLV meetup
Eran Gampel
ย 
Software Defined Networks (SDN) na przykล‚adzie rozwiฤ…zania OpenContrail.
Semihalf
ย 
VMworld 2013: Advanced VMware NSX Architecture
VMworld
ย 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
nvirters
ย 
Open Networking for Your OpenStack
Cumulus Networks
ย 
Reference design for v mware nsx
solarisyougood
ย 
Open stack networking_101_part-2_tech_deep_dive
yfauser
ย 
Open stack networking_101_update_2014-os-meetups
yfauser
ย 
Nvp deep dive_session_cee-day
yfauser
ย 
VIO on Cisco UCS and Network
Yousef Morcos
ย 
Cloudstack networking2
Hiroaki Kawai
ย 
Optimising nfv service chains on open stack using docker
Satya Sanjibani Routray
ย 

Recently uploaded (20)

PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
ย 
PDF
๐Ÿ’ฐ ๐”๐Š๐“๐ˆ ๐Š๐„๐Œ๐„๐๐€๐๐†๐€๐ ๐Š๐ˆ๐๐„๐‘๐Ÿ’๐ƒ ๐‡๐€๐‘๐ˆ ๐ˆ๐๐ˆ ๐Ÿ๐ŸŽ๐Ÿ๐Ÿ“ ๐Ÿ’ฐ
GRAB
ย 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
ย 
PDF
Vigrab.top โ€“ Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
ย 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
ย 
PPTX
Funds Management Learning Material for Beg
NKKumar16
ย 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
ย 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
ย 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
ย 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
ย 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
ย 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
ย 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
ย 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
ย 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
ย 
PDF
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
ย 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
ย 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
ย 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
ย 
PPTX
artificial intelligence overview of it and more
yafotin445
ย 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
ย 
๐Ÿ’ฐ ๐”๐Š๐“๐ˆ ๐Š๐„๐Œ๐„๐๐€๐๐†๐€๐ ๐Š๐ˆ๐๐„๐‘๐Ÿ’๐ƒ ๐‡๐€๐‘๐ˆ ๐ˆ๐๐ˆ ๐Ÿ๐ŸŽ๐Ÿ๐Ÿ“ ๐Ÿ’ฐ
GRAB
ย 
tcp ip networks nd ip layering assotred slides
pakadamfdp
ย 
Vigrab.top โ€“ Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
ย 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
ย 
Funds Management Learning Material for Beg
NKKumar16
ย 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
ย 
Introduction to Information and Communication Technology
AkmadArzieAyao1
ย 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
ย 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
ย 
SAP Ariba Sourcing PPT for learning material
NKKumar16
ย 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
ย 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
ย 
Digital Literacy And Online Safety on internet
riksa rifqi
ย 
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
ย 
WebRTC in SignalWire - troubleshooting media negotiation
Giacomo Vacca
ย 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
ย 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
ย 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
ย 
artificial intelligence overview of it and more
yafotin445
ย 

2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration

  • 1. Migrating production workloads from OVS to LinuxBridge Kevin Stevens (kevin.stevens@rackspace.com) James Denton (james.denton@rackspace.com)
  • 2. Weโ€™re operators! Kevin Stevens โ€ข RPC Engineer since 2012 (Essex) โ€ข IRC: k_stev on irc.freenode.net James Denton โ€ข RPC Network Engineer since 2012 (Essex) โ€ข IRC: busterswt on irc.freenode.net
  • 3. What are we doing here? 1 A history of networking in Rackspace Private Cloud 2 3 4 Our experiences with Open vSwitch Swapping out OVS with LinuxBridge What to expect with each
  • 4. 2011 Started building OpenStack-powered private clouds 2012 Began architecting, building and supporting private clouds in customer DCs 2013 Over 100 customers running Rackspace Private Clouds 2014 Released RPC v9 based on Icehouse. 99.99% API uptime SLA.
  • 5. RPC v2.0/3.0 RPC v4.0/4.1 RPC v4.2 RPC v9.0 OpenStack Release Folsom Grizzly Havana Icehouse Network Stack nova-network Quantum Neutron Neutron L2 Connectivity flatDHCP Open vSwitch Open vSwitch LinuxBridge (ML2) L3 Agent Support N/A No Yes Yes Host OS Ubuntu 12.04 LTS Ubuntu 12.04 LTS CentOS 6.5 RHEL 6.5 Ubuntu 12.04 LTS Ubuntu 14.04 LTS The Evolution of Networking in RPC
  • 7. Why Neutron w/ Open vSwitch? โ€ขOpen vSwitch pushed by community โ€ขOpen vSwitch pushed by packagers โ€ขWanted overlay networks
  • 9. The problems โ€ขKernel panics (1.10) โ€ขovs-vswitchd segfaults (1.11) โ€ขBroadcast storms โ€ขData corruption (2.01)
  • 11. Why move to LinuxBridge? โ€ขLooking for reliability and stability โ€ขLess moving parts โ€ขEasier to troubleshoot โ€ขSupported by the community
  • 12. โ€ข Flexibility provided by overlay networking (if not using vxlan) โ€ข Neutron Distributed Virtual Routers (Juno) โ€ข Any customizability provided by OVS not implemented by Neutron itself www.rackspace.com 12 What do we lose by moving?
  • 14. Plan A: Scorch the earth! โ€ขSnapshot and delete all instances โ€ขDelete all networks โ€ขChange from OVS -> LB โ€ขRecreate all networks โ€ขBoot instances โ€ขโ€ฆ โ€ข It works butโ€ฆ
  • 15. But waitโ€ฆ these are production environments!
  • 16. Plan B: Migration Environment โ€ขDeploy LinuxBridge environment โ€ขSnapshot all instances โ€ขImport images into new environment โ€ขBuild new instances โ€ขCutover โ€ขโ€ฆ โ€ข It works, butโ€ฆ $$$
  • 17. Plan C: Switch it out! โ€ขStop services โ€ขUpdate the database โ€ขChange the configuration from OVS -> LB โ€ขRestart services โ€ขโ€ฆ โ€ข Profit!
  • 18. Issues with migrating โ€ข Neutron OVS DB schema != Neutron LinuxBridge DB schema โ€“ Migration to OVS ML2 DB schema is required first โ€ข Overlay networks may not supported โ€“ LinuxBridge uses VXLAN rather than GRE โ€“ Requires kernel >= 3.9 โ€ข Means GRE networks must be converted to VLAN networks โ€“ Didnโ€™t want to introduce additional complexity โ€“ VLANs easier to troubleshoot if something went wrong
  • 20. Preparation โ€ข Determine whatโ€™s needed: โ€“Dependencies โ€“Some method of converting database to ML2 schema โ€“Some method of converting data to LB from OVS โ€“Which configuration files need mangling โ€“Which services need disabling โ€“Which services need restarting โ€“Roll-back plan
  • 21. Define a successful outcome โ€ข Can instances gain a DHCP lease? โ€ข Do instances have internal/external connectivity? โ€ข Are security groups/other functions still operational? โ€ขWere instances placed into the correct bridge? โ€ข Will the changes survive a reboot?
  • 22. Normal OVS Operation (Network Node)
  • 23. Normal OVS Operation (Compute Node)
  • 24. First steps: Database manipulation โ€ข Backup! Backup! Backup! โ€ข Use migrate_to_ml2.py (modified) to change the DB schema โ€ข Update segments, ports and vlan tables โ€“Change GRE to VLAN โ€“Change segmentation id to real VLAN ID โ€“Set a provider bridge
  • 25. Next steps: Install and Configure โ€ข Install the LinuxBridge plugin โ€ข Update SQL connection strings โ€ข Configure ml2_conf.ini / linuxbridge_conf.ini โ€ข Change driver from OVS to ML2 in Neutron and Nova conf files
  • 26. Next steps: Pull ports from bridges โ€ข Stop Neutron services on all nodes โ€ข Remove host data-plane port from the OVS bridge(s) โ€ข Pull instance taps out of the OVS-related linux bridges โ€ข Remove router and dhcp interfaces from OVS integration bridge โ€ข Stop Openvswitch
  • 29. Finally: Restart services โ€ข Start Neutron services โ€ข Restart compute services
  • 30. Post Service Restart (Network Node)
  • 31. Post Service Restart (Compute Node)
  • 33. Failure Scenarios โ€ขInstances unresponsive? โ€“Check traffic from tap->bridge->physical interface โ€“Verify VLANs properly trunked through (and VLANs created on the switch) ๏Š
  • 34. Failure Scenarios (Contโ€™d) โ€ขIPs disappear or taps placed in QBR bridges โ€“Check Nova instance_info_caches table. โ€“Cache can be regenerated with a hard reboot of instance, or by adding an interface to the instance
  • 35. Failure Scenarios (Contโ€™d Contโ€™d) โ€ข Unable to boot new instances? โ€“ Usual troubleshooting techniques should be used โ€ข DHCP Binding_failed error messages? โ€“ Check /etc/default/neutron-server is referencing ML2 configuration file โ€ข BRQ bridges not built? โ€“ Verify New agents checking in? โ€“ Verify the LinuxBridge agent is installed and running
  • 37. Compare all the things 8 4 2 0.00 1.00 2.00 3.00 4.00 5.00 6.00 7.00 8.00 9.00 10.00 * Host-to-host testing; no virtualization. Longer is better. 1 Aggregate Throughput (Gbps) # of Threads iPerf3 Benchmarks (TCP / 1500 MTU / 10G Data) โ€“ Intel X520* (ixgbe driver) Open vSwitch (VXLAN) LinuxBridge (VXLAN) Open vSwitch (GRE) Open vSwitch (VLAN) LinuxBridge (VLAN)
  • 38. Compare all the things SCP File Transfers (10G file)* 115.00 Seconds 104.00 Seconds * Host-to-host testing; no virtualization. Longer is better. 61.50 Seconds 59.75 Seconds 110.50 Seconds 0.00 20.00 40.00 60.00 80.00 100.00 120.00 140.00 160.00 180.00 200.00 OVS VXLAN LB VXLAN OVS GRE OVS VLAN LB VLAN Transfer Speed (MBps)
  • 39. Compare all the things SCP File Transfers (10G file)* 115.00 Seconds 104.00 Seconds * Host-to-host testing; no virtualization. Longer is better. 61.50 Seconds 59.75 Seconds 110.50 Seconds 0.00 20.00 40.00 60.00 80.00 100.00 120.00 140.00 160.00 180.00 200.00 OVS VXLAN LB VXLAN OVS GRE OVS VLAN LB VLAN Transfer Speed (MBps)
  • 40. Compare all the things SCP File Transfers (10G file)* 115.00 Seconds 104.00 Seconds * Host-to-host testing; no virtualization. Longer is better. 61.50 Seconds 59.75 Seconds 110.50 Seconds 0.00 20.00 40.00 60.00 80.00 100.00 120.00 140.00 160.00 180.00 200.00 OVS VXLAN LB VXLAN OVS GRE OVS VLAN LB VLAN Transfer Speed (MBps)
  • 41. โ€ข OVS provides a great deal of functionality โ€ข Network stability more important for our customers than being on the cutting edge โ€ข Linux bridge provides almost all of the features we might want to use โ€ข How to migrate existing environments to LinuxBridge โ€ข Improved stability and comparable performance with OVS achieved www.rackspace.com 41 In Summary

Editor's Notes

  • #3: Who are we Kevin since 2006 James since 2008
  • #7: -Why did we originally go with Neutron
  • #8: -Why did we go with OVS
  • #10: -Kernel panics - Physical hosts would crash with a familiar stack trace -Segfaults โ€“ ovs-vswitchd segfaults and restarts itself resulting in empty flow tables because the Neutron OVS plugin would not rebuild the flows. Instances on an affected node would lose connectivity. Still a problem in 1.11 if pushing enough traffic. -Broadcast storms โ€“ If servers come up around the same time and the Neutron OVS plugin does not start for some reason, the servers begin forwarding everything to each other. Easily fixed by patching the startup script for Openvswitch but again extra complexity. -Data corruption. Eg. MYSQL transaction โ€˜BEGINโ€™ seen as โ€˜BEGieโ€™ on the receiving end -Relying on packaged version of OVS cripples your ability to stay current on something so fast-moving as OVS -Compiling OVS and kernel modules adds unnecessary complexity and requires frequent downtime
  • #11: -What made us choose to move to Linux Bridge?
  • #12: -tried and true -Been around for over a decade (2000). -Less complexity. -Allows us to take advantage of all of the features we wanted to use anyway.
  • #13: -lose the flexibility provided by using overlay networking like GRE which for the most part has been pretty solid in itself. -wouldnโ€™t be able to take advantage of the DVR functionality in Juno. -QOS customizations?
  • #14: -how do we move to Linux Bridge
  • #20: -*how* we went about the migration
  • #21: Extensive testing, no cowboy shit
  • #23: A glance at how our networking looks with OVS and GRE tenant overlay networks
  • #24: A glance at how our networking looks with OVS and GRE tenant overlay networks
  • #27: -Give the linuxbridge agent a clean slate to work with
  • #28: look at the removal of the tap interfaces from the โ€˜qbrโ€™ linux bridges, and removal of the physical interface from OVS provider bridge
  • #29: When we stop the openvswitch service, the OVS bridges are no longer available
  • #31: Restart LinuxBridge agent, L3 agent and DHCP agent
  • #32: Restart linuxbridge and compute
  • #35: Cache - This cache is used by nova when connecting instance to bridges. To rebuild, hard reboot or add an interface.
  • #36: Binding failed - Check /etc/default/neutron-server (Ubuntu)
  • #37: -does it actually pay off? -In the stability and supportability department definitely but how about performance-wise?
  • #38: -Benchmarks should be taken with a grain of salt, given the disparity of hardware and software being evaluated. YMMV.
  • #39: -Here we have a simple file transfer speed comparison (more is better in this graph)
  • #40: -GRE on OVS
  • #41: โ€ฆand VLAN on linux bridge