Openstack Quantum yahoo meetup 1 23-13

OpenStack Quantum Meetup:
Grizzly Status and Blueprint Discussion
Dan Wendlandt
dan@nicira.com
Openstack Quantum Hacker & Project Team Lead
twitter - danwendlandt

Networks for Enterprise Applications
are Complex….

Image from windowssecurity.com

Why Quantum? Reason #1
On-demand Enterprise-Class Networking
• Quantum has Tenants API to: Internet

– create multiple private L2 L3
networks L2

– control IP addressing (can use L3
same IP space as existing
datacenter deployment) L2

– Connect to an upstream router L3

for external access. L2

– Insert advanced network L3
services: routers, firewalls,
VPN, IDS, etc. L2

– Monitor network status

Cloud Stresses the Network….

• High-density multi-tenancy
– But VLANs have trouble scaling
• On-demand provisioning
– But traditional network solutions have interfaces designed for
manual configuration.
• Need to place / move workloads were capacity exists
– But network state (e.g., IP address) is tied to a particular location

Why Quantum?
#2: Leveraging Advanced Technologies
• New networking technologies are
emerging to try and tackle these
challenges.
– Network virtualization
– Overlay tunneling: VXLAN, NVGRE, STT
– Software-defined Networking (SDN) /
OpenFlow
– L2 Fabric solutions: FabricPath, Qfabric,
etc.
– [ insert other solution here ]

• Quantum provides a “plugin”
mechanism to enable different
technologies.

Quantum Architecture
Generic OpenStack APIs Operator Selected Backends

Compute API KVM

Network API OVS Plugin
Tenant Tools
(GUI, CLI, Storage API Ceph
API code)

An eco-system of A generic tenant API A “plugin” architecture
tools that leverage to create and with different back-end
the Quantum API. configure “virtual “engines”
networks”

Basic API Abstractions

VM1 VM2 virtual server
Nova 10.0.0.2 10.0.0.3
virtual interface (VIF)

virtual port
Quantum Net1 L2 virtual network
10.0.0.0/24 virtual subnet

“virtual networks” and “virtual subnets” are fundamentally multi-tenant, just
like virtual servers (e.g., overlapping IPs can be used on different networks).

Quantum Model: Dynamic Network
Creation + Association
TenantA-VM2 TenantA-VM3
TenantA-VM1
10.0.0.3 9.0.0.2
10.0.0.2
9.0.0.3

Tenant-A Net1 Tenant-A Net2
10.0.0.0/24 9.0.0.0/24

External Net
88.0.0.0/18
• Tenant can use API to create many networks.
• When booting a VM, define which network(s) it
should connect to.
• Can even plug-in “instances” that provide more
advanced network functionality (e.g., routing + NAT).

Quantum API Extensions
• Enables innovation in virtual networking.
– Tenants can query API to programmatically discover supported extensions.
– Overtime, extensions implemented by many plugins can become “core”.

• Add properties on top of existing network/port abstractions:

– QoS/SLA guarantees / limits

– Security Filter Policies

– port statistics / netflow

• New Services
– L3 forwarding, ACLs + NAT (“elastic” or “floating” IPs)
– VPN connectivity between cloud and customer site, or another cloud
datacenter.

Quantum Architecture
Generic OpenStack APIs Operator Selected Backends

Compute API KVM

Network API OVS plugin
Tenant Tools
(GUI, CLI, Storage API Ceph
API code)

An eco-system of A generic tenant API A “plugin” architecture
tools that leverage to create and with different back-end
the Quantum API. configure “virtual “engines”
networks”

Quantum Architecture (generic)
API Clients Quantum Service Backend X

Quantum
API

Tenant Create-net
Scripts .
Horizon
. Plugin
GUI . X
Create-
Orchestration
Physical
port virtual switch
Code Network
Nova Compute
API
Extensions

Interfaces from Nova plug
into a switch manages by
Uniform API
the Quantum plugin.
for all clients

World’s simplest Quantum Plugin*

• API request is dumped into an email, send to
your network administrator.
• Administrator manually configures network
connectivity.

* Not recommended for use… ever!

Quantum Plugins

Open vSwitch / Linux Bridge

Ryu OpenFlow
Controller

Quantum Plugins Trade-offs
• Different back-end “engines” present different trade-offs:
– Scalability
– Forwarding performance
– Hypervisor Compatibility
– Network HW Compat (vendor specific? Allow L3 scale-out?)
– Manageability / troubleshooting
– Advanced Features (exposed as API extensions)
– Production testing
– High Availability (control & data plane)
– Open source vs. Free vs. Paid

• Cloud Operators weigh trade-offs, choose a plugin.

• Note: Back-end technology hidden behind logical core API
– Example: VLANs vs. tunneling

Folsom
• First “core” release (Folsom, Oct. ‘12)
– v2 API, with L2 + IP address mgmt (IPAM)
– Tenant API with Keystone + Horizon Integration
– Updated CLI
– Extensions:
• L3 “routers” w/floating IPs
• “provider networks” mapped to specific VLANs
• Tenant quotas
• Notifications

Grizzly Release
http://wiki.openstack.org/GrizzlyReleaseSchedule

• Release on April 4th.
• We are already near the end of the Grizzly
development cycle (G-3 freeze is Feb 19th)
• Expect release candidates in March.

Grizzly Features
• Metadata for Overlapping IPs.
– Requires updated Nova as well.
– Metadata on non-routed networks (expected)
• Quantum Security Groups
– Works with Overlapping IPs
– Handles VMs with multiple NICs
– Inbound / outbound rules
– v6 matching
• L3/DHCP multi-node scale-out + HA (expected)

Grizzly Features
• Advanced Services Infrastructure
• Load-balancing Service with HAproxy driver
(expected)
• New Plugins:
– Big Switch / Floodlight
– Hyper-V
– Brocade (expected)
• Many enhancements to existing plugins!

Grizzly Changes in Other Projects
• Horizon:
– L3: CRUD for quantum routers
– Graphical view of network topology
– Specifying multiple NICs when booting a VM
– LBaaS control.

• Client/CLI
– Remodeled “pythonic” client API
– New CLI commands for LB, services, etc.

Grizzly Non-Feature Improvements
• Quantum Tempest tests
• Quantum commit gating (yay!)
• Quantum DB migration
• String localization
• XML API (expected)
• Full API definition in WADL

How Can You Help?
• Grab open blueprint or bug.
• http://wiki.openstack.org/QuantumStarterBugs
• Some specific highlights:
– Vif hot plugging (Nova)
– Auto-assign floating-ips.
– Make sure euca-* network calls are proxied to
Quantum (Nova)

Thanks! Questions?
Discussion Topics?
Slides available at: http://www.slideshare.net/danwent

Dan Wendlandt
dan@nicira.com
OpenStack Quantum Hacker & Project Team Lead
twitter - danwendlandt

How Can You Help?
• Test G-3 milestone and release candidates
(Feb/March)
• Help write and validate documentation.
– https://bugs.launchpad.net/openstack-
manuals/+bugs?field.tag=quantum
– https://bugs.launchpad.net/openstack-api-
site/+bugs?field.tag=netconn-api

Tenant Network Control (Horizon)

Taking Quantum for a spin..
• Admin Documentation:
– http://docs.openstack.org/trunk/openstack-
network/admin/content/
– Ubuntu and Red Hat deployments covered.
– Please read the entire doc… if something is still
unclear, send email to the list
• Or use Devstack
– http://wiki.openstack.org/QuantumDevstack

Basic Physical Network Connectivity

Two API Deployment Models
• Cloud Operator creates networks for tenants
– Quantum API is admin only, tenants do not use it.
– Similar to nova-network model, but with flexibility around
network topology, IP addressing, etc.

• Expose API to tenants directly
– True “self-service networking”.
– Tenants use scripts, CLI, or web GUI to manage networks &
subnets.

• Can also mix-and-match strategies
– Provider creates default network connectivity, tenants can
choose to extend.

Single Flat Network

Similar to Nova-network Flat
or FlatDHCP manager.

Single Provider Router

Similar to Nova-network
VlanManager.

Per-Tenant Routers

Similar to Amazon VPC or
CloudStack model.

Openstack Quantum yahoo meetup 1 23-13

More Related Content

What's hot (20)

Viewers also liked (7)

Similar to Openstack Quantum yahoo meetup 1 23-13 (20)

Openstack Quantum yahoo meetup 1 23-13