SlideShare a Scribd company logo

Inside Architecture of Neutron

M
markmcclain

- Neutron provides network abstraction and connectivity as a service for OpenStack. It uses a pluggable architecture with separate components for networking services like L2, L3, VPN, firewall, and load balancing. - The Neutron server exposes a REST API and uses plugins to interface with networking devices and agents. L2 agents connect virtual ports and isolate tenant traffic. L3 agents route between networks using Linux network namespaces. - When a VM boots, Neutron creates a port, notifies the DHCP agent, wires the port, and boots the instance while isolating network resources for each tenant. Additional services like load balancing are implemented through plugins and dedicated agents.

Technology
1 of 40
Downloaded 1,570 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Inside the Architecture of Neutron Mark McClain mmcclain (at) yahoo-inc.com
Why Create Neutron? • Rich Topologies • Technology Agnostic • Extensible • Advance Services Support • Load Balancing, VPN, Firewall
The Basics
What does the user see? Compute API Network API Storage APIGUI, CLI, API Libs KVM ML2 Plugin Ceph
Abstractions Net1 10.0.0.0/24 Nova Neutron L2 virtual network virtual port virtual server virtual interface (VIF) virtual subnet VM1 10.0.0.2 VM2 10.0.0.2
Architecture
Design Goals • Unified API • Small Core • Pluggable Open Architecture • Extensible
OpenStack The Operator View
Basic Deployment neutron-server L2 AgentL2 AgentL2 AgentL2 AgentL2 AgentL2 Agent L3 AgentL3 Agent L3 AgentL3 Agent Database L3 Agent DHCP Agent L2 Agent Message Queue Adv Services
neutron-server REST API SERVICE RPC SERVICE PLUGIN REST API SERVICE • REST API • HTTP(S) Python WSGI Application • Customary TCP port is 9696 • Exposes logical resources • networks, subnets, ports, etc • Request/Response Serialization
neutron-server REST API SERVICE RPC SERVICE PLUGIN RPC SERVICE • RPC Service • AMQP via Oslo messaging modules • Enables bidirectional agent communication • Optional
neutron-server REST API SERVICE RPC SERVICE PLUGIN • PLUGIN • Written in Python • Only one active • Must implement V2 API calls • Optional database access • Optional extension support
The Plugin ML2Plugin core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
The Plugin NeutronPluginBaseV2 NeutronDbPluginV2 ML2Plugin core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
Plugin Extensions • Add logical resources to the REST API • Discovered by server at startup • REST: /v2.0/extensions • Common Extensions • Binding, DHCP, L3, Provider, Quota, Security Group • Other Extensions • Allowed Addresses, Extra Routes, Metering
Monolithic Plugin • Full implementation of core resources • Two types: • Proxy • Direct control PLUGIN
ML2: Modular Layer 2 Plugin • Full V2 Plugin Implementation • Delegates calls to proper L2 drivers • Two kinds of drivers • Type Driver • Mechanism Driver Mech Mgr PLUGIN Type Mgr
L2 Agent
L2 Agent • Runs on hypervisor • Communicates with server via RPC • Watch and notify when devices added/removed • Wires new devices • Proper network segment • Security Group Rules
Dive Into the OVS Agent • OVS • What does it actually do? • How do we get isolation? • VLAN, Overlays: GRE, VXLAN • Processing loop
Linux Network Namespace • Isolated copy of network stack • private loopback • scope limited to namespace • can reuse addresses • Explicit configuration needed to connect • Processes can spawn within namespace lo eth1 eth0 lo eth1 eth0 lo eth1 eth0 Host A B br-int
L3 Agents
Network Node L3 Agent • Run on Network Node • Uses Namespaces • Metadata Agent (if enabled) Network Node Core Hypervisor Hypervisor Hypervisor
L3 Agent How it’s implemented • Manages Collection of Network Namespaces • Isolated IP Stacks • Forwarding Enabled • net.ipv4.ip_forward=1 • Static Routing • Metadata Proxy lo eth1 eth0 lo qg-2 qr-1 lo qg-b qr-e Host A B br-ex
Configuration Agents
Configuration Agents: DHCP • RPC based notifications • dnsmasq • Isolation Support via Network Namespaces • Multiple copies for HA
Configuration Agents: Metadata Proxy • Proxies Metadata requests to Nova • Routed Networks • process embedded in router • Non-routed Networks • static route redirects traffic running in DHCP namespace
Configuration Agents: Metadata Proxy curl http://168.254.169.254/openstack/latest/meta_data.json Tenant VM Nova Metadata Service Meta NS Proxy Metadata Agent Unix Domain Socket Management Network X-Router-Id: 2bc7c882-d612-438c-a334-0047f2b5c2d7 X-Forwarded-For: 10.0.0.1 X-Instance-ID: aaaaaaaa-aaaa-aaaa-aaaaaaaaaaaa
Booting a VM • nova boot
Booting a VM • nova boot • create port • notify DHCP of new port
Booting a VM • nova boot • create port • notify DHCP of new port • create device • new in Icehouse wait
Booting a VM • nova boot • create port • notify DHCP of new port • libvirt create device • new in Icehouse wait • wire port
Booting a VM • nova boot • create port • notify DHCP of new port • libvirt create device • new in Icehouse wait • wire port • boot
Load Balancer as a Service • Service Plugin • Driver based • Agent w/Driver • Agent communicates over RPC • Open Source requires namespaces • Others interact with other systems LB Agent HAProxy
VPN as a Service • Service Plugin • Driver based • Agent w/Driver • Communicates over RPC • Openswan L3 Agent Router Metadata Proxy VPN Driver
Firewall as a Service • Edgewall • Service Plugin • Driver based • Agent w/Driver • Communicates over RPC • Experimental L3 Agent Router Metadata Proxy Firewall Driver
Differences • Different Design Decisions • Sync with backend system • L2 Agent Optional • Not all implement same extensions
Summary Open vSwitch / Linux Bridge Ryu OpenFlow Controller • Unified API • Small Core • Pluggable Open Architecture • Multiple Vendor Support • Extensible
More Information • Cloud Administrator Guide • http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html • Network v2.0 API • http://developer.openstack.org/api-ref-networking-v2.html
Questions?

More Related Content

PDF
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
PDF
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
PDF
QEMU Disk IO Which performs Better: Native or threads?
Pradeep Kumar
 
PDF
Service Function Chaining in Openstack Neutron
Michelle Holley
 
PPTX
OpenvSwitch Deep Dive
rajdeep
 
PDF
20150511 jun lee_openstack neutron 분석 (최종)
rootfs32
 
PPTX
OpenStackユーザ会資料 - Masakari
masahito12
 
PDF
DPDK & Layer 4 Packet Processing
Michelle Holley
 
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
QEMU Disk IO Which performs Better: Native or threads?
Pradeep Kumar
 
Service Function Chaining in Openstack Neutron
Michelle Holley
 
OpenvSwitch Deep Dive
rajdeep
 
20150511 jun lee_openstack neutron 분석 (최종)
rootfs32
 
OpenStackユーザ会資料 - Masakari
masahito12
 
DPDK & Layer 4 Packet Processing
Michelle Holley
 

What's hot (20)

PDF
[232] 성능어디까지쥐어짜봤니 송태웅
NAVER D2
 
PDF
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
Pierre-jean Texier
 
PDF
BPF / XDP 8월 세미나 KossLab
Taeung Song
 
PDF
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
PDF
SDN입문 (Overlay and Underlay)
NAIM Networks, Inc.
 
PPTX
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
PDF
Kvm performance optimization for ubuntu
Sim Janghoon
 
PDF
Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...
Odinot Stanislas
 
PDF
A crash course in CRUSH
Sage Weil
 
PDF
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
PDF
EBPF and Linux Networking
PLUMgrid
 
ODP
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
Saju Madhavan
 
PDF
An Introduction to OpenStack
Scott Lowe
 
PDF
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
PDF
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
Zabbix
 
PDF
[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...
OpenStack Korea Community
 
PDF
Kubecon 2023 EU - KServe - The State and Future of Cloud-Native Model Serving
Theofilos Papapanagiotou
 
PDF
The linux networking architecture
hugo lu
 
PPTX
Kubernetes Basics
Antonin Stoklasek
 
PDF
Network Automation with Ansible
Anas
 
[232] 성능어디까지쥐어짜봤니 송태웅
NAVER D2
 
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !
Pierre-jean Texier
 
BPF / XDP 8월 세미나 KossLab
Taeung Song
 
Ceph Block Devices: A Deep Dive
Red_Hat_Storage
 
SDN입문 (Overlay and Underlay)
NAIM Networks, Inc.
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
Kvm performance optimization for ubuntu
Sim Janghoon
 
Ceph: Open Source Storage Software Optimizations on Intel® Architecture for C...
Odinot Stanislas
 
A crash course in CRUSH
Sage Weil
 
[KubeCon EU 2022] Running containerd and k3s on macOS
Akihiro Suda
 
EBPF and Linux Networking
PLUMgrid
 
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
Saju Madhavan
 
An Introduction to OpenStack
Scott Lowe
 
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
Alexei Vladishev - Zabbix - Monitoring Solution for Everyone
Zabbix
 
[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...
OpenStack Korea Community
 
Kubecon 2023 EU - KServe - The State and Future of Cloud-Native Model Serving
Theofilos Papapanagiotou
 
The linux networking architecture
hugo lu
 
Kubernetes Basics
Antonin Stoklasek
 
Network Automation with Ansible
Anas
 
Ad

Similar to Inside Architecture of Neutron (20)

PDF
Open stack networking_101_update_2014
yfauser
 
PPTX
OpenStack Networking and Automation
Adam Johnson
 
PDF
Bridges and Tunnels: A Drive Through OpenStack Networking
markmcclain
 
PDF
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
markmcclain
 
PDF
neutron_icehouse_update
Akihiro Motoki
 
PPTX
Networking in Openstack - Neutron 101
Mochamad Taufik Romdony
 
PDF
OpenStack networking (Neutron)
CREATE-NET
 
PDF
Network as a Service, Assaf Muller
Cloud Native Day Tel Aviv
 
PPT
Neutrondev ppt
marunewby
 
PDF
Agile OpenStack Networking with Cisco Solutions
Cisco DevNet
 
PDF
Open stack networking_101_part-1
yfauser
 
PPTX
Openstack Overview
rajdeep
 
PPTX
Modular Layer 2 In OpenStack Neutron
mestery
 
PDF
Open stack networking_101_update_2014-os-meetups
yfauser
 
PDF
Open Source Backends for OpenStack Neutron
mestery
 
PDF
Open stack networking_101_part-2_tech_deep_dive
yfauser
 
PPTX
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
Rohit Agarwalla
 
PDF
Openstack Networking Internals - first part
lilliput12
 
PPTX
Neutron behind the scenes
inbroker
 
PPTX
Openstack Basic with Neutron
KwonSun Bae
 
Open stack networking_101_update_2014
yfauser
 
OpenStack Networking and Automation
Adam Johnson
 
Bridges and Tunnels: A Drive Through OpenStack Networking
markmcclain
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
markmcclain
 
neutron_icehouse_update
Akihiro Motoki
 
Networking in Openstack - Neutron 101
Mochamad Taufik Romdony
 
OpenStack networking (Neutron)
CREATE-NET
 
Network as a Service, Assaf Muller
Cloud Native Day Tel Aviv
 
Neutrondev ppt
marunewby
 
Agile OpenStack Networking with Cisco Solutions
Cisco DevNet
 
Open stack networking_101_part-1
yfauser
 
Openstack Overview
rajdeep
 
Modular Layer 2 In OpenStack Neutron
mestery
 
Open stack networking_101_update_2014-os-meetups
yfauser
 
Open Source Backends for OpenStack Neutron
mestery
 
Open stack networking_101_part-2_tech_deep_dive
yfauser
 
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
Rohit Agarwalla
 
Openstack Networking Internals - first part
lilliput12
 
Neutron behind the scenes
inbroker
 
Openstack Basic with Neutron
KwonSun Bae
 
Ad

Recently uploaded (20)

PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Encapsulation theory and applications.pdf
gurumoop
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
A Presentation on Artificial Intelligence
memembruh336
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 

Inside Architecture of Neutron

  • 1. Inside the Architecture of Neutron Mark McClain mmcclain (at) yahoo-inc.com
  • 2. Why Create Neutron? • Rich Topologies • Technology Agnostic • Extensible • Advance Services Support • Load Balancing, VPN, Firewall
  • 4. What does the user see? Compute API Network API Storage APIGUI, CLI, API Libs KVM ML2 Plugin Ceph
  • 5. Abstractions Net1 10.0.0.0/24 Nova Neutron L2 virtual network virtual port virtual server virtual interface (VIF) virtual subnet VM1 10.0.0.2 VM2 10.0.0.2
  • 7. Design Goals • Unified API • Small Core • Pluggable Open Architecture • Extensible
  • 9. Basic Deployment neutron-server L2 AgentL2 AgentL2 AgentL2 AgentL2 AgentL2 Agent L3 AgentL3 Agent L3 AgentL3 Agent Database L3 Agent DHCP Agent L2 Agent Message Queue Adv Services
  • 10. neutron-server REST API SERVICE RPC SERVICE PLUGIN REST API SERVICE • REST API • HTTP(S) Python WSGI Application • Customary TCP port is 9696 • Exposes logical resources • networks, subnets, ports, etc • Request/Response Serialization
  • 11. neutron-server REST API SERVICE RPC SERVICE PLUGIN RPC SERVICE • RPC Service • AMQP via Oslo messaging modules • Enables bidirectional agent communication • Optional
  • 12. neutron-server REST API SERVICE RPC SERVICE PLUGIN • PLUGIN • Written in Python • Only one active • Must implement V2 API calls • Optional database access • Optional extension support
  • 13. The Plugin ML2Plugin core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
  • 15. Plugin Extensions • Add logical resources to the REST API • Discovered by server at startup • REST: /v2.0/extensions • Common Extensions • Binding, DHCP, L3, Provider, Quota, Security Group • Other Extensions • Allowed Addresses, Extra Routes, Metering
  • 16. Monolithic Plugin • Full implementation of core resources • Two types: • Proxy • Direct control PLUGIN
  • 17. ML2: Modular Layer 2 Plugin • Full V2 Plugin Implementation • Delegates calls to proper L2 drivers • Two kinds of drivers • Type Driver • Mechanism Driver Mech Mgr PLUGIN Type Mgr
  • 19. L2 Agent • Runs on hypervisor • Communicates with server via RPC • Watch and notify when devices added/removed • Wires new devices • Proper network segment • Security Group Rules
  • 20. Dive Into the OVS Agent • OVS • What does it actually do? • How do we get isolation? • VLAN, Overlays: GRE, VXLAN • Processing loop
  • 21. Linux Network Namespace • Isolated copy of network stack • private loopback • scope limited to namespace • can reuse addresses • Explicit configuration needed to connect • Processes can spawn within namespace lo eth1 eth0 lo eth1 eth0 lo eth1 eth0 Host A B br-int
  • 23. Network Node L3 Agent • Run on Network Node • Uses Namespaces • Metadata Agent (if enabled) Network Node Core Hypervisor Hypervisor Hypervisor
  • 24. L3 Agent How it’s implemented • Manages Collection of Network Namespaces • Isolated IP Stacks • Forwarding Enabled • net.ipv4.ip_forward=1 • Static Routing • Metadata Proxy lo eth1 eth0 lo qg-2 qr-1 lo qg-b qr-e Host A B br-ex
  • 26. Configuration Agents: DHCP • RPC based notifications • dnsmasq • Isolation Support via Network Namespaces • Multiple copies for HA
  • 27. Configuration Agents: Metadata Proxy • Proxies Metadata requests to Nova • Routed Networks • process embedded in router • Non-routed Networks • static route redirects traffic running in DHCP namespace
  • 28. Configuration Agents: Metadata Proxy curl http://168.254.169.254/openstack/latest/meta_data.json Tenant VM Nova Metadata Service Meta NS Proxy Metadata Agent Unix Domain Socket Management Network X-Router-Id: 2bc7c882-d612-438c-a334-0047f2b5c2d7 X-Forwarded-For: 10.0.0.1 X-Instance-ID: aaaaaaaa-aaaa-aaaa-aaaaaaaaaaaa
  • 29. Booting a VM • nova boot
  • 30. Booting a VM • nova boot • create port • notify DHCP of new port
  • 31. Booting a VM • nova boot • create port • notify DHCP of new port • create device • new in Icehouse wait
  • 32. Booting a VM • nova boot • create port • notify DHCP of new port • libvirt create device • new in Icehouse wait • wire port
  • 33. Booting a VM • nova boot • create port • notify DHCP of new port • libvirt create device • new in Icehouse wait • wire port • boot
  • 34. Load Balancer as a Service • Service Plugin • Driver based • Agent w/Driver • Agent communicates over RPC • Open Source requires namespaces • Others interact with other systems LB Agent HAProxy
  • 35. VPN as a Service • Service Plugin • Driver based • Agent w/Driver • Communicates over RPC • Openswan L3 Agent Router Metadata Proxy VPN Driver
  • 36. Firewall as a Service • Edgewall • Service Plugin • Driver based • Agent w/Driver • Communicates over RPC • Experimental L3 Agent Router Metadata Proxy Firewall Driver
  • 37. Differences • Different Design Decisions • Sync with backend system • L2 Agent Optional • Not all implement same extensions
  • 38. Summary Open vSwitch / Linux Bridge Ryu OpenFlow Controller • Unified API • Small Core • Pluggable Open Architecture • Multiple Vendor Support • Extensible
  • 39. More Information • Cloud Administrator Guide • http://docs.openstack.org/admin-guide-cloud/content/ch_networking.html • Network v2.0 API • http://developer.openstack.org/api-ref-networking-v2.html