Open Source Networking with OpenStack and ONOS

for Pragmatic Network/Security Solution

Jay Chung Atto Research

pag

e 2

Two Stories

DC Network Virtualization

with OpenStack and ONOS

Virtual WAN Management

with ONOS

pag

e 3

DC Network Virtualization

pag

e 4

Collaboration with ON-LAB

pag

e 5

0.1 Vanilla Neutron

Baseline OVS Plugin

OVS based Overlay Network

OVS-Agent : switching and tunnel management (ovs setting)

DHCP-Agent : IPAM (IP, Mac setting in dnsmasq)

L3-Agent : L3 and NAT (iptables / routing setting)

pag

e 6

0.2 SDN-based Neutron

Can we make it simple?

Applying the concept of SDN

pag

e 7

0.3 Software Switch Structure

Simplify the Layered Structure of Bridges

pag

e 8

0.4 Routing Rule Optimization

EX. L3 Routing Optimization

pag

e 9

1.1 System Layout

By taking advantage of SDN controller build a Optimized Neutron-based Overlay virtual network system

pag

e 1

0

2.1 Function List

Target System Function list

Network Controller

Neutron API Proxy L2 switching L3 routing DHCP ARP Proxy HA (Active-Active or Active-Standby) SDN Controller integration

SDN Application service

Load Balancer Stateless Firewall

High performance of vSwitch

OpenFlow 1.3 as a Line-Late class/ Software Switch supporting 1.4 Supporting not only Host – Guset but also Guest-Guest telecommunications acceleration

Network virtualization Tunneling between same Tenant VM through VXLAN/NVGRE BUM traffic optimizing Logical Switching/Routing

External Gateway

Floating IP NAT L3 Gateway Athene interlocking

Operation System Virtual Network Create/ Change/ Delete

pag

e 1

1

3.1 C-Node Network Structure

OVS directly controlled by SDN Controller

Neutron L2 ovs-agent removal and simplifies the structure bridges

SDN Controller control Flow through vSwitch and manage bridge and port through OVSDB

Organizing Full Mesh Tunneling IP Fabric between C-Node by adding a tunneling port to OVSDB

pag

e 1

2

3.2 Overlay Networking

Each tenant configure a virtual network as a Overlay on physical IP tunneling

VXLAN and NVGRE module is supported at least more than a kernel 3.12

UDP Src Port is used for load balancing in EMCP physical network by hashing the values of L2/L3/L4 VM

pag

e 1

3

3.3 Gateway Architecture

A multi-node Gateway handle North-South traffic between external network and virtual network

Assigning Floating IP bandwidth then ECMP Routing

In case of Gateway node failure, SDN controller reset the path and configure HA

Neuron L3 is scalable to physical OF Switch in the future because it uses only OVS without DHCP Agent

pag

e 1

4

4.1 Controller Architecture

Overlay virtual network Controller with expanded SDN Controller

With Neutron API Handler, handling Neutron v2.0 API which is transmitted in OpenStack

By SDN APP control of the OVS C-Node, Gateway to Overlay Virtual Network Optimization

Providing management, monitoring function required by the operating system

pag

e 1

5

4.2 OpenStack Interface

Neutron

Improving the Nova Network Model

Introduction of plug-in framework to provide a vendor-specific solution

Supporting Overlapping IP for each VXLAN/NVGRE Overlay tenant

Neutron API has no change except adding LB API since Folsom release

API Version History

Release Codename API Version Special Note

2011.10 Diablo Quantum API v1.0

2012.04 Essex Quantum API v1.1

2012.10 Folsom Quantum API v2.0 Releasing as a alternative of nova-network main project

2013.10 Havana Neutron API v2.0 Project name is changed as Neutron

2014.10 Juno Neutron API v2.0 API is v2.0 likewise

pag

e 1

6

4.3 Controller Clustering

OpenFlow-based clustering

Because from OpenFlow1.2 many Controller is customizable, Compute node can be connected to a number of Network Controller

Using the connection which is connected to the other Controller node when one Controller node failure occur

Active-Standby or Active-Active composition

pag

e 1

7

8.1 Management Features

Managing each Tenant Virtual Network

Based on OpenStack Horizon

Integrated through Neutron API v2.0

Network, subnet, port management

pag

e 1

8

9.1 Underlay Network

Openflow based underlay network management

Leaf-spine automatic topology recognition and management

STP-free L2 network traffic processing

Flow by automatic load balancing

Interface, mac, ip - based Tenant Network Management

Leaf Switch – For server connection Leaf Switch – For PC connection

Spine Switch – Leaf Switch Backbone switches for connection

40G

Server User PC

Leaf Switch – For external Network connection

Fabric Management SDN App.

Core Networ

k/WAN

SDN Controller

OpenFlow

… …

pag

e 1

9

Virtual WAN Management

pag

e 2

0

1.1 KREONET – Research Network

pag

e 2

1

2.1 Softwarizing KREONET

pag

e 2

2

2.2 KREONET-S Goal

pag

e 2

3

4.1 VDN Manager Module

VDN reactive forwarding requirements

Default VDN behavior: any-to-any

VDN isolation: few-to-few inside a same VDN

• All communication between the device belonging to the same VDN

VDN 1

(Default)

VDN 1

(Default)

VDN 10

VDN 10 VDN 10

VDN 20 VDN 20

VDN 1

(Default)

VDN 1

(Default)

VDN 10

VDN 10 VDN 10 VDN 1

(Default

VDN 1

(Default) VDN 1

(Default)

VDN 1

(Default)

VDN 1

(Default) VDN 1

(Default)

VDN 1

(Default)

Communication available

Communication unavailable

pag

e 2

4

4.2 Path Computation Engine [1/2]

Path computation engine (PCE) Module

Spanning Tree

Prim Algorithm’s Time Complexity

VDN 10

Minimum edge weight data structure Time complexity (total)

Adjacent matrix, searching O(|V|2)

Binary heap and adjacency list O(|E| log |V|)

Fibonacci heap and adjacency list O (|E| + |V| log |V|)

pag

e 2

5

4.3 VDN UI Module [2/2]

pag

e 2

6

5.1 Where we are

pag

e 2

7

6.1 Moving Forward