onic japan 2016 - contrail アップデート
TRANSCRIPT
ONIC 2016Contrail 3.x update & Contrail + Something
Daisuke Nakajima | Systems Engineer
Contrail Re-cap
Physical IP Fabric(no changes)
CONTRAIL Overview
CONTRAIL CONTROLLER
ORCHESTRATOR
Host O/SvRouter
Network / Storage orchestration
Gateway
…
Internet / WAN or Legacy Env.
(Config, Control, Analytics, Svr Mgmt)
(Windows, Linux ….) on BMS
TOR
Compute orchestration
Virtual Network Blue
Virtual Network Red
FW
Logical View
…
Cen
tral
ized
P
olic
y D
efin
itio
nD
istr
ibu
ted
Po
licy
Enfo
rcem
ent
BGP
BGP XMPPOVSDB
Integration with VM,Container and BMS
Green Virtual
Network
(RT = G)
VM1
VM2
Blue Virtual
Network
(RT = B)
LOG
ICA
LP
HYS
ICA
L
Bare Metal Server Integration (using vRouter) achieved through:
L2 / L3 Gateway
Containers Docker / LXC
Smart NIC
VN Green
(RT = G)
VM1
VM2
… VLAN
VN Blue
(RT = B)
VM3
VM3
VRF (RT=B)
IP Fabric
C1 C2
C1 C2 C3
Containers
C3
VM
NFV traffic management
load balancing as
Virtual Serviceload balancing in
vRouter
Mechanisms
ECMP
Flow Tables
Consistent Hashing
Challenges
Scale and performance
Stickiness
Symmetry
Grow Scalability with simple way
Blue
Network
Yellow
Network
NFV1
NFV2
NFV3Add additional NFVs
to expand its scaling
OpenStack Survey Apr 2016% of users of OpenStack Network (Neutron) per driver
[ Source: https://www.openstack.org/assets/survey/April-2016-User-Survey-Report.pdf]
Contrail 3.x Update
vRouter DPDK
vRouter Overview (Today)
vRouter
Kernel Space
User SpaceQEMU Layer
Kernel Space
User Space
Guest VM
tap-xyz(vif)
vHOST
tap-xyz(vif)
VIRTIO
Nova Agent
vRouter Host Agent
Application VM
DPDK vRouter Overview
Kernel Space
User SpaceQEMU Layer
Kernel Space
User Space
Application VMDPDK
Guest VMNova Agent
vRouter Host Agent
vRouter DPDK
eth0
VIF: TAP
eth1
VIF: TAP
DPDK vRouter Architecture
VM (Virtual Machine)
VIRTIO RingVIRTIO
Frontend
User Space vHost (libvirt 1.2.7)
vHost-Net : Kernel Space (Before QEUMU 2.1) vHost-User: User Space vHost (QEMU 2.1)
vRouter (User-Space)
VRFWD hugetlbfs (DPDK Ring)
User-Space
Qemu Uvhost client
Kernel Space
Virtio ring
Mmap’ed memory in VRFWD from hugetlbfs
Uvhost Server
Unix Socket(Message exchanged
once VM isUP)
1 2 3 4
NIC Queues (1,2..N)
DPDK NIC
DPDK vRouter
1 2 3 4
DPDK lcores
Lcores to NIC Queue Mapping 1-1
Poll
vRouter Forwarding
netlink
pkt0
VRF
Config
Policy Tables
vRouter Agent(vnswad)
Uvhost Server: Assigns lcore to virtio interfaces based on Unix Socket Message communications
TCP Connection
(routes/nexthops/
interfaces/flows
Created by DPDK EAL(Environment Abstraction Layer)
Created by DPDK EAL(Environment Abstraction Layer)
VIRTIOBandend
HostCompute Node
QEMU 2.2 Process Per VM
Host Process per VM
DPDK 2.0 Libraries
Guest
VNF Health Check
Contrail-Controller
Contrail Health Check (Service Liveliness)
VM-HC-014.4.4.5/24
(eth0)
vRouter
Hypervisor
02:a6:8f:d7:ed:f7
00:00:5e:00:01:00
192.168.1.236/24 (eth0/bond0)
IP FIB Test-VN4.4.4.5 – interface tapx
169.254.169.254 - Link Local
ac:16:2d:9f:fa:9d
vhost0
L2-receive
L2-receive
MAC FIB Test-VN02:a6:8f:d7:ed:f7 – interface tapx
ff:ff:ff:ff:ff:ff – L2 Composite
VMI:tapxyz-00
contrail-vrouter-agent-health-check.py
# contrail-vrouter-agent-health-check.py -m PING/HTTP -d 169.254.32.0 -t 5 -r 1 -i 180
HC: Health Check (Flow)
HC
: H
ea
lth
Ch
eck (F
low
)
contrail-vrouter-agent
Health Check Failed
Purge Route VRF (local)
Contrail-Controller
XMPP
Purge Route VRF (Global)Controller
1. Create Health Check PING or HTTP• Local-IP, URI, IP:Port• Delay, Timeout, Retries
2. Attach the HC to SI V2 or Contrail Port (VMI)3. When Health Check failed the route will be purged from the VRF
Note: A REST API, Heat or GUI can be used to create a Health Check object and properties. The same Health Check can apply to multiple VM interfaces
and a VM Interface can be associated to multiple Health Check Objects
Summary: Determines the liveliness of a service provided by
a VM by checking if its operationally up or down. vRouter
agent uses ping and HTTP URL to the link local address to
check the liveliness of the VMI. If the health check determines
the service is not operational it removes the routes for the VM
disabling forwarding of packets to the VM
Health Check Objects are:
• Enabled
• Monitor-type # Health Check protocol type to be used
(HTTP/PING)
• Delay # delay between to health check attempts
• Timeout #timeout for single health check attempt
• max-retries #number of retries to attempt before declaring a failure
• url-path # url string for HTTP, destination IP for all other cases
Contrail Health Check (Contrail GUI)Create Health Check
Apply Health Check to Service Instance
Contrail Health Check via VMI
Contrail Analytics
Unified Network managementVirtual-network, vPort, Underlay Switch, Gateway router, Physical / Virtual correlation by LLDP and SNMP.
Contrail Port Mirroring (Virtual Machine Interface)
VN: Green172.16.10.0/24
VN: Red192.168.10.0/24
VN: Red172.20.0.0/24
VN: Analyzer192.168.100.0/24
Shared VN
Green-VM172.16.10.252/24
Red-VM192.168.10.252/24
Red-VM172.20.0.3/24
Analyzer-VM192.168.100.252/24
Tenant: Admin Tenant: Demo
Steps:
• Create Overlay Topology via Heat, GUI or CLI• Collect all VM Ports VMI (CLI or GUI)• Use “add-mirror.py” script to start mirroring each VMI
traffic to Analyzer IP address “192.168.100.252”
Mirror Packets
Mirror Packets
Mirror Packets
Contrail Interface Base Port Mirroring (VMI)
Port IP: 172.20.0.3
Contrail + Something
Private Cloud + ColocationGateway solution
Green Virtual
Network
(RT = G)
VM1 VM2
Blue Virtual
Network
(RT = B)
VM1 VM2
LOG
ICA
L(P
olic
y D
efin
itio
n)
PH
YSIC
AL
(Po
licy
Enfo
rcem
ent)
Colocation Servers
…VLAN
VRF (RT=B)
IP Fabric
VM1 VM2 VM2VM1
VRF (RT=A)
VLAN
Private Cloud User Colocation
Colocation network connects Private Cloud by GW router. A switch located user Colocation connects GW router via VLAN. GW router creates VRFs corresponded its VLANs/ports.
Private Cloud + ColocationToR Switch (VXLAN) solution
Green Virtual
Network
(RT = G)
VM1 VM2
Blue Virtual
Network
(RT = B)
VM1 VM2
LOG
ICA
L(P
olic
y D
efin
itio
n)
PH
YSIC
AL
(Po
licy
Enfo
rcem
ent)
Colocation Servers
…VLAN
IP Fabric
VM1 VM2 VM2VM1
VLAN
Private Cloud User Colocation
Private cloud and Colocation server are integrated via ToR Switch (QFX5100).A switch connecting Colocation servers connects to ToR Switch by VLANs or ports. ToR Switch is configured by Contrail※Note: Consider ToR Switch redundancy.
Private Cloud + AWSIPsec connect
Green Virtual
Network
(RT = G)
VM1 VM2
Blue Virtual
Network
(RT = B)
VM1 VM2
LOG
ICA
L(P
olic
y D
efin
itio
n)
PH
YSIC
AL
(Po
licy
Enfo
rcem
ent)
… vNW
IP Fabric
VM1 VM2
Private Cloud AWS
vSRX on Contrail connects AWS by IPsec. In this case, virtual-network on Contrail must be different from AWS.
VM3 VM3
Internet
vSRX
IPsec TunnelVM3
VM1 VM2 VM3
Private Cloud + AWSDirect connect
Green Virtual
Network
(RT = G)
VM1 VM2
Blue Virtual
Network
(RT = B)
VM1 VM2
LOG
ICA
L(P
olic
y D
efin
itio
n)
PH
YSIC
AL
(Po
licy
Enfo
rcem
ent)
… vNW
IP Fabric
VM1 VM2
Private Cloud AWS
vSRX on Contrail connects AWS by IPsec. In this case, virtual-network on Contrail must be different from AWS.
VM3 VM3
Internet
vSRX
VM3
VM1 VM2 VM3
Direct Connect
DEMO Slide
Demo 環境
GW Router
Data / ControlSwitch
ManagementSwitch
Priv
ate
Clo
ud
Colo
catio
nColocationSwitch
LOGICALtPHYSICAL
Private Cloud
Network
VM1 VM2
Colocation
Network
仮想ネットワークの作成
仮想ルータの作成
仮想マシンの作成
通信確認(VM – VM)
既存環境の接続
既存環境の接続
既存環境の接続
通信確認(VM –既存環境)
Thank youThank you