Dragonflow Shenzhen OpenStack meet-upAyal Baron Eran Gampel

Dragonflow

Page 2

• Integral part of OpenStack

• Fully Open Source

• Scale, Performance and Latency

• Lightweight and Simple

• Easily Extendable• Distributed SDN Control Plane

• Sync Policy Level abstraction to the CN

Dragonflow - Distributed SDN

Neutron-Server

Dragonflow Plugin

DB

OVSDragonflow

DBDriver

Compute Node

OVSDragonflow

DBDriver

Compute Node

OVSDragonflowDB

Driver

Compute Node

OVSDragonflowDB

Driver

Compute Node

DB

VM VM..VM VM..

VM VM.. VM VM..

Compute Node Compute Node Compute Node Dragonflow

Network DB

OVS

NeutronServer

OVSDB

OVSDB-Server

ETCD RethinkDBRAMCloud

Kernel Datapath Module

NIC

User Space

Kernel Space

Dragonflow DB DriversOVSDB ETCD RethinkDBRMC

Future

Dragonflow PluginRoute Core

API SG

vswitchd

Container

VM Dragonflow ControllerAbstraction Layer

L2 App L3 AppDHCP App

FaultDetection

SG

LBaaS …FWaaS

Pluggable DB Layer

NB D

B Dr

iver

s

SB DB Drivers

smartNIC OVSDB

OVSDB

ETCD

RMC

RethinkDB

OpenFlow

Dragonflow – Under The Hood

Current Release Features (Liberty)L2 core API, IPv4, IPv6

GRE/VxLAN/Geneve tunneling protocols

Distributed L3 Virtual RouterHybrid proactive + reactive flow installationNorth-South traffic is still centralized

Distributed DHCP (with just 500 lines of code!)

Pluggable Distributed DatabaseETCD, RethinkDB, RAMCloud, OVSDB

Dragonflow Distributed DHCP

Page 6

Network Node

DHCP namespace

DHCP namespace

DHCP namespace

DHCP namespace

Neutron DHCP Implementation

DHCP namespace

dnsmasq

DHCPAgent

Neutron Server

Message QueueExample• 100 Tenants• 3 vNet / tenant= 300 DHCP Servers

1 VM Send DHCP_DISCOVER

2 Classify Flow as DHCP, Forward to Controller

3 DHCP App sends DHCP_OFFER back to VM

4 VM Send DHCP_REQUEST

5 Classify Flow as DHCP, Forward to Controller

6 DHCP App populates DHCP_OPTIONS from DB/CFG and send DHCP_ACK

Dragonflow Distributed DHCP

DHCP DISCOVER

VM DHCP SERVER

DHCP OFFER DHCPREQUEST

DHCPACK

13

46

7

Compute Node

Dragonflow

VM

OVS

VM

1 2

br-intqvoXXX qvoXXX

OpenFlow

14

25

7

Dragonflow ControllerAbstraction Layer

L2App

L3App

DHCPApp SG

36

Pluggable DB Layer

DB

Dragonflow Distributed DHCP

Match: Broadcast +UDP +S_Port=68 +D_Port=67

Action:Send to DHCP table

Service Table

DHCP TableMatch: in_port => Action:

Set metadata with port unique keySEND TO CONTROLLER

(for every local port that its network has DHCP enabled)

Default:goto “L2 Lookup Table”

Compute Node

VM

OVS

br-intqvoXXX

VM

qvoXXX

1 2

DragonflowDragonflow Local Controller

Abstraction Layer L2

AppL3

AppDHCP App SG

DB

OpenFlow

Ingress Port SecurityIngress ClassificationDispatch to Ports

Dragonflow Pluggable DB

Page 10

Database FrameworkRequirements• HA + Scalability• Different Environments have different requirements

• Performance, Latency, Scalability, etc.

Why Pluggable?• Long time to productize• Mature Open Source alternatives• Allow us to focus on the networking services only

DB Driver APIImplementations

RAMCloud

ETCD

RethinkDB

Zookeeper

Dragonflow Pluggable Database

Compute Node Compute Node Compute Node

DragonflowLocal

Controller

PluggableDB Layer

Applicative DB LayerAdapter

DBDriver

API

Expose DB Features

Neutron ServerDragonflow

Neutron Plugin

DB Operations

DatabaseServer

DB Adapter

DB Adapter

DB Adapter

DistributedDatabase

DB Data 3DB Data 2DB Data 1

Full Distribution

Compute Node 1

DragonflowLocal Cache

OVS

DB Data 1

Compute Node NDragonflow

OVS

Local Cache

DB Data 3DB Data 2

Dragonflow DB DriversOVSDB ETCD RethinkDBRMC

Selective Proactive Distribution

Compute Node 1

DragonflowLocal Cache

OVS

Net1 – VM1, VM2

Compute Node 2Dragonflow

OVS

Local CacheNet2 – VM3, VM4

VM1 VM2 VM3 VM4

RethinkDB

Net2 – VM3, VM4Net1 – VM1, VM2

DragonFlow Roadmap

Page 15

Roadmap Distributed DNAT Security Group Selective Proactive DB Containers (Kuryr plugin and nested VM support) Hierarchical Port Binding (SDN ToR) move to ML2 Pluggable Pub/Sub Mechanism Additional DBs Drivers ZooKeeper, Redis … Topology Service Injection / Service Chaining Inter Cloud Connectivity (Boarder Gateway / L2GW) …

DragonFlow Pipeline

Page 17

DragonFlow PipelineInstalled in every OVS

Service TrafficClassification

Ingress Processing

(NAT, BUM)

ARP DHCP

L2Lookup

L3LookupDVR

EgressDispatching outgoing traffic to external nodes or local ports

Ingress Port Security(ARP spoofing , SG, …)

EgressPortSecurity

EgressProcessing

(NAT)

Fully Proactive

Has Reactive Flows to Controller

Security Groups

…

Outgoing from local port Classification and tagging

Dispatching Incoming traffic from external nodes to local ports

Dragonflow for Containers Architecture Blueprint

Project Kuryr and Dragonflow

DragonflowPlugin

Compute Node

Mixed OpenStack Environments

VM

DragonflowController OVS(Controller: Dragonflow)

VM

OVS

Neutron network 1Neutron network 2Neutron network 3

Dragonflow Community

Join the project Dragonflow

• Documentation https://wiki.openstack.org/wiki/Dragonflow• Bugs & blueprints https://launchpad.net/dragonflow• DF IRC channel #openstack-dragonflow

Weekly on Monday at 0900 UTC in #openstack-meeting-4 (IRC)