addressing dhcp and dns scalability issues in openstack neutron
TRANSCRIPT
Vikram Hosakote, Sr. Software DeveloperCisco Systems
October 28, 2015, OpenStack Summit Tokyo
A dnsmasq alternative using
Cisco Prime Network
Registrar (CPNR)
Addressing DHCP and DNS Scalability in Neutron
© 2015 Cisco and/or its affiliates. 2
Beyond the Stack
Cisco is committed to helping
Build, Deploy, Scale and Connect
your OpenStack clouds
© 2015 Cisco and/or its affiliates. 3
•Introduction•What is DHCP and DNS ?•Dnsmasq issues•Problem statement•Cisco’s solution•Design and Architecture•Difference between Dnsmasq and Cisco’s solution•Scale testing approach•Scale numbers•Q & A
Agenda
© 2015 Cisco and/or its affiliates. 4
Addressing DHCP and DNS scalability issues in OpenStack Neutron with Cisco’s highly-scalable, enterprise-class, RESTful solution using Cisco Prime Network Registrar (CPNR)
Introduction
© 2015 Cisco and/or its affiliates. 5
•Bootstrapping protocols that run when a VM comes up
•DHCP provides IP address to VMs
•DNS converts a domain name like www.openstack.org to its IP address 190.93.240.15
•VM loses network connectivity if DHCP/DNS fails
What is DHCP and DNS ?
© 2015 Cisco and/or its affiliates. 6
•One dnsmasq process for each DHCP network
•Dnsmasq reloads and re-reads its config file in /var/lib/neutron/dhcp every time a DHCP port is created
•Not RESTful – Difficult to operate, maintain and monitor
•Does not scale – Not enterprise-class
Dnsmasq issues
© 2015 Cisco and/or its affiliates. 7
Dnsmasq issues on network node
OVS
tap
qdhcp-xxxx
dnsmasq
tap
qdhcp-yyyy
dnsmasq
tap
qdhcp-zzzz
dnsmasq
© 2015 Cisco and/or its affiliates. 8
Number of dnsmasq processes and reloads increases with number of DHCP networks and ports
Dnsmasq issues
© 2015 Cisco and/or its affiliates. 9
UID PID PPID C STIME TTY TIME CMDroot 13458 1 0 Sep28 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tape527cdc5-f5 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/b6068322-bda0-424d-adce-33bb789ae9f0/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/b6068322-bda0-424d-adce-33bb789ae9f0/host --addn-hosts=/var/lib/neutron/dhcp/b6068322-bda0-424d-adce-33bb789ae9f0/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/b6068322-bda0-424d-adce-33bb789ae9f0/opts --leasefile-ro --dhcp-authoritative --dhcp-range=set:tag0,1.0.0.0,static,86400s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocalroot 14879 1 0 Sep28 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tapeba942d0-e4 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/bbde13dc-509a-4283-b7be-b0e85e0e3291/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/bbde13dc-509a-4283-b7be-b0e85e0e3291/host --addn-hosts=/var/lib/neutron/dhcp/bbde13dc-509a-4283-b7be-b0e85e0e3291/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/bbde13dc-509a-4283-b7be-b0e85e0e3291/opts --leasefile-ro --dhcp-authoritative --dhcp-range=set:tag0,2.0.0.0,static,86400s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocalroot 15662 1 0 Sep28 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tapd4f686e7-8b --except-interface=lo --pid-file=/var/lib/neutron/dhcp/fba7e10e-f34a-49c2-8867-1e85127a4040/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/fba7e10e-f34a-49c2-8867-1e85127a4040/host --addn-hosts=/var/lib/neutron/dhcp/fba7e10e-f34a-49c2-8867-1e85127a4040/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/fba7e10e-f34a-49c2-8867-1e85127a4040/opts --leasefile-ro --dhcp-authoritative --dhcp-range=set:tag0,3.0.0.0,static,86400s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocalroot 18990 1 0 Sep28 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tap1310c9ba-41 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/d1b7f521-1c4f-40b9-8f2c-9384d73ee57e/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/d1b7f521-1c4f-40b9-8f2c-9384d73ee57e/host --addn-hosts=/var/lib/neutron/dhcp/d1b7f521-1c4f-40b9-8f2c-9384d73ee57e/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/d1b7f521-1c4f-40b9-8f2c-9384d73ee57e/opts --leasefile-ro --dhcp-authoritative --dhcp-range=set:tag0,4.0.0.0,static,86400s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocalroot 23443 1 0 Sep28 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tapf7b2b9ab-d9 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/09f610ca-57bd-482e-9030-b9490e342f29/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/09f610ca-57bd-482e-9030-b9490e342f29/host --addn-hosts=/var/lib/neutron/dhcp/09f610ca-57bd-482e-9030-b9490e342f29/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/09f610ca-57bd-482e-9030-b9490e342f29/opts --leasefile-ro --dhcp-authoritative --dhcp-range=set:tag0,5.0.0.0,static,86400s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocalroot 19841 1 0 Sep28 ? 00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tapf6d5913a-25 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/954371a4-5234-472e-bd80-7981573a69e8/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/954371a4-5234-472e-bd80-7981573a69e8/host --addn-hosts=/var/lib/neutron/dhcp/954371a4-5234-472e-bd80-7981573a69e8/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/954371a4-5234-472e-bd80-7981573a69e8/opts --leasefile-ro --dhcp-authoritative --dhcp-range=set:tag0,6.0.0.0,static,86400s --dhcp-lease-max=65536 --conf-file= --domain=openstacklocal
Dnsmasq issues
© 2015 Cisco and/or its affiliates. 10
Dnsmasq does NOT scale
© 2015 Cisco and/or its affiliates. 11
Replace neutron’s dnsmasq with a DHCP driver that is
•Highly-scalable
•Enterprise-class and uses a Cisco product
•RESTful - Easy to operate, maintain and monitor
•Easy to install and deploy
Problem statement
© 2015 Cisco and/or its affiliates. 12
Cisco has used Cisco Prime Network Registrar (CPNR) and developed
•A DHCP driver for neutron that can be enabled in
/etc/neutron/dhcp_agent.ini
•DHCP and DNS relays that relay packets between VMs and the DHCP/DNS server
•Ansible and Puppet scripts to automate installation, upgrade and deployment
•A testing tool to scale DHCP and DNS by simulating clients
Cisco’s solution
© 2015 Cisco and/or its affiliates. 13
Design and Architecture
© 2015 Cisco and/or its affiliates. 14
Difference between Dnsmasq and Cisco’s solution
Dnsmasq
One instance per network Reloads when a port is created Does not support REST API Not enterprise-class Does not scale Recommended limit is 10,000 clients Shares resources (CPU, memory, disk)
with network node
Cisco’s solution
One instance per entire network node Does not reload when a port is created Supports REST API Enterprise-class and cloud-ready Highly scalable Recommended limit is 2 million clients! Uses dedicated resources (CPU,
memory, disk) on a separate server Designed, developed and tested by
Cisco!
© 2015 Cisco and/or its affiliates. 15
• DHCP scale testing was done using perfDHCP
• DNS scale testing was done using DNSperf
• perfDHCP and DNSperf are test tools developed by ISC (Internet Systems Consortium) BIND
• Scale testing was done by simulating DHCP and DNS clients without using Nova VMs
Scale testing approach
© 2015 Cisco and/or its affiliates. 16
Scale numbersDHCP Port scaling numbers – One network with many DHCP ports
© 2015 Cisco and/or its affiliates. 17
Scale numbersDHCP Network scaling numbers – Many networks each with 5 DHCP ports
© 2015 Cisco and/or its affiliates. 18
Scale numbersDNS scaling numbers
© 2015 Cisco and/or its affiliates. 19
• Cisco Blog at https://communities.cisco.com/community/technology/datacenter/blog/2015/10/15/ciscos-scalable-dhcp-and-dns-solution-for-openstack-neutron
• Email [email protected]
More info
© 2015 Cisco and/or its affiliates. 20
Q & A
© 2015 Cisco and/or its affiliates. 21
Thank You