advanced network services insertions framework
DESCRIPTION
WIP draft for Advanced network service insertion at San Diego OS summitTRANSCRIPT
![Page 1: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/1.jpg)
Openstack Grizzly Summit
Quantum AdvancedServices Insertion
San Diego, California
Tuesday, October 16th
![Page 2: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/2.jpg)
What this session IS about
• Insertion of advanced network services in the logical network model
• We will try to address the following questions:
– In which points a network services can be inserted
– What are the ways for inserting a network service
– How these services affect the logical network model
![Page 3: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/3.jpg)
What this session IS NOT about
• API definition for specific services
• Discussion about the advanced services themselves
• How plugins, agents and drivers should communicate each other
• We have plenty of sessions to cover these topics!
![Page 4: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/4.jpg)
Current logical model
• Topologies implemented through routers, networks, and ports
Network Network
Router
External Network
Ports
![Page 5: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/5.jpg)
Definition of an advanced service
• The topology defines the logical model for connectivity at L2/L3
• An “advanced network service” can be regarded as a “network application” running on top of this logical platform providing a particular L4 to L7 network service
• Floating IPs are an example
![Page 6: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/6.jpg)
Advanced services and Quantum
• Three modes of interaction:
1. Ignore what lies beneathService just assumes something provides the required connectivity
2. Use QuantumService runs independently of Quantum, but uses its API to configure its own resources
3. Be a part of QuantumThe service runs within the Quantum process spaces and is part of its logical model
![Page 7: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/7.jpg)
Insertion points (in the logical model)
Network Network
Router
External Network
Uses L3 connectivity to provide a network service to all VMs reachable via a router
Router-levelinsertion
Network service provided to all VMs in a given L2 broadcast domain
Network-level insertion
Service either provided to single port or distributed across ports
Port-level insertion
![Page 8: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/8.jpg)
Advanced services and Quantum’s logical model
• TENANT PERSPECTIVE
– Insertion in “Routed” mode• The service is “attached” to a Quantum router• E.g.: Edge router providing integrated network services• From an API perspective each service is always individually configured
– Insertion in “Floating” mode• The service is configured as a “rule” or “policy” on entities of Quantum logical
modeE.g.: Load Balancing in one-arm mode
• Can probably still be reduced to the Routed mode
– Advanced services might also be specified as “properties” of logical elements• E.g.: security groups, port isolation, QoS
![Page 9: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/9.jpg)
Advanced services and Quantum’s logical model
• ADMIN/PROVIDER PERSPECTIVE– A “service type” specification defines which
services can be enabled for a given router– A physical appliance (or a pool of them)
– A virtual appliance
– A set of services and configurations (e.g.: the OSS Quantum Router implementation)
• Each router might have a different set of enabled services
• Floating mode insertion:– A service device could be implicitly created or associated to
the service being configured
![Page 10: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/10.jpg)
API tasters• POST /servicetypes
{“name”: “platinum”,“services”: [{“service”: “loadbalancer”,“provider”: “quantum.plugins.lb.foolb”},{“service”: “floatingip”,“provider”: “quantum.plugins.fip.barfip”}
]}
• POST /routers{“name”: “servicerouter”,“service_type_id”: “<some_id>”}
• POST /loadbalancers{ … Various lb stuff …“router_id”: “<some_id>”… More lb stuff …
}
![Page 11: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/11.jpg)
How advanced services are provided
• Keep using Quantum’s plugin approach
• The back end implementation of a routers could be capable of providing a range of services
– For instance, a virtual appliance providing L3 fwd, Ext GW, VPN access, Load Balancing, Firewall, etc.
• The same kind of service could even be provided by different drivers
![Page 12: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/12.jpg)
The notion of “service type”
• A concept not very different from the “flavor” for compute
• Naming is provisional (alternative proposals welcome)
• Specifies what services are allowed on a logical router
• Defines the backend provider– not necessarily exposing it
• Reflects the concept of “Integrated Network Services Device”
![Page 13: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/13.jpg)
Sample logical modelswith advanced services
The following is a discussion of sample applications of the previously introduced service
insertion model
![Page 14: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/14.jpg)
Scenario 1Integrated Services Edge Router
Network Network
Router
External Network
LB FWVPN
DNAT
LB VirtualServer
VPN Endpoint
ExtGW
FloatingIP
![Page 15: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/15.jpg)
Scenario 2One-arm Load Balancing
Network Network
Router
External Network
LB
FWVPN
DNAT
VirtualServer
ServicePoolService Type “Purple”
Service Type “Light Blue”
![Page 16: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/16.jpg)
Scenario 2.bOne-arm Load Balancing via Router
Network Network
Router
External Network
FWVPN
DNAT
VirtualServer
ServicePoolService Type “Purple”
Service Type “Light Blue”
Router
LB
![Page 17: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/17.jpg)
Scenario 4Multiple routers with different
inserted services
Network Network
Router
External Network
LB FWVPN
DNAT
Network
Router
DNAT FW
Service Type “Purple”
Service Type “Light Blue”
![Page 18: Advanced network services insertions framework](https://reader033.vdocuments.net/reader033/viewer/2022052601/55941e081a28ab66768b45d9/html5/thumbnails/18.jpg)
Thoughts about a roadmap for advanced service insertion
• Agree on general model
• Analyze use case scenarios
– Identify a relatively small subset to be implemented in 1st release
• Pretty much as we did for Quantum
• Define and implement:
– “Provider APIs” for managing service insertion
– “Tenant APIs” for handling service types