scaling up openstack networking with routed networks · --network-segment my-segment --subnet-range...
TRANSCRIPT
Scaling Up OpenStack Networking with Routed NetworksCarl Baldwin, Neutron Developer, IBM Cloud @CarlNBaldwinMiguel Lavalle, Neutron Development Lead, IBM Linux Technology Center
Agenda• Why Routed Networks
• Layer 2 and layer-3 networks at scale• Routed Networks implementation
• Changes to Neutron• Interaction with the Nova scheduler
• Configuration• Demo
Agenda• Why Routed Networks
• Layer 2 and layer-3 networks at scale• Routed Networks implementation
• Changes to Neutron• Interaction with the Nova scheduler
• Configuration• Demo
Neutron excels at ….
TenantA-VM110.0.0.2
TenantA-VM39.0.0.2
TenantA-VM210.0.0.3 9.0.0.3
Load Balancer
Public Net88.0.0.0/18
Tenant-A Net110.0.0.0/24
Tenant-A Net29.0.0.0/24
Providing a rich toolkit to create complex networking topologies
Neutron also excels at ….
VXLAN 123567
physnet1 VLAN 37 physnet2 VLAN 413
VM 1 VM 2 VM 3
• The entire network constitutes a contiguous layer-2 domain• Ports associated with network, not specific segment• Ports bound automatically to segment with connectivity
Enabling admins to create complex layer-2 provider networks
But what if ….Tenants only need to connect VM’s to a single or few shared networks
VXLAN 123567
physnet1 VLAN 37
VM VMVM VMVMVM
physnet1 VLAN 820
VM VMVM VMVMVM
One alternative is to create one large layer-2 network• These networks become complex at larger scale• Also have large failure domains
Layer-2 network
Another alternative to achieve scale ….Collection of distinct networks routed together to the outside:
network-1
VM VMVM VMVMVM
network-2
VM VMVM VMVMVM
network-3
VM VMVM VMVMVM
• Leaves the choice of which network to select to the user• This is confusing, since nothing distinguishes one network
from the other
Routed Networks
segment 1
VMVM VM VMVM
segment 2
VM VMVM VMVM
Layer-3
Layer-2
• Users boot instances to a routed network presented as a single entity. The compute host determines the segment.
• This allows for simplicity and scalability simultaneously
Agenda• Why Routed Networks
• Layer-2 and layer-3 networks at scale• Routed Networks implementation
• Changes to Neutron• Interaction with the Nova scheduler
• Configuration• Demo
Segments• A segment contains the encapsulation details used to carry
level-2 traffic• Each network has at least one segment associated with it• Segment details
• network_type - how traffic is encapsulated• segmentation_id - the encapsulation identifier• physical_network - a unique name for the physical network the
encapsulated traffic will be sent on• With L2 networks, multiple segments on the same netwoks
are assumed to be bridged together• Not true for routed networks
Network Segment API extension• New in Newton as part of the implementation of routed
networks• Moved segments from ML2 DB to the core DB model• Made segment an API resource with uuid
• CRUD operations for segments as part of the ReST API• Exposed as a service plugin
• Not enabled by default• All core plugins are not guaranteed to work with it• Available with:
• ML2 agents based implementation• Ml2 OVN mechanism driver. Requires own host mapping mechanism
Subnets associate to segments in routed networks
segment 1
172.16.0.0/22
segment 2
172.16.2.0/22
segment 3
172.16.8.0/22
segment 1
172.16.12.0/22
Subnets associate to segments in routed networks• Associating a subnet to a segment
• $ openstack subnet create --network multinet --ip-version 4 --network-segment my-segment --subnet-range 172.16.0.0/22 multinet-segment1-subnet
• This turns a network into a routed network• Networks have a new attribute l2_adjacency• When a network is originally created, l2_adjacency is True• When subnets are assigned to segments, it becomes a
routed network and its l2_adjacency becomes False• Cannot mix subnets with segments and without segments in
the same network
Each segment requires at least one DHCP agent
segment 1
172.16.0.0/22
segment 2
172.16.2.0/22
segment 3
172.16.8.0/22
segment 1
172.16.12.0/22
DHCP DHCP DHCP DHCP
If segments are small, DHCP can run in one of the compute nodes in each rack
Ports in routed networks• In a routed network, a port cannot get ip addresses until it is
bound, when the segment it will be connected to is known• These unbound ports have an empty fixed_ips attribute
• Ports have a new attribute ip_allocation• immediate for bound and unbound ports in l2 networks• immediate for ports in routed networks that were bound at creation• deferred for routed networks ports that were unbound at creation.
• It will remain deferred even after binding• Neutron maintains a hosts to segments mapping
• Used during host binding to allocate ip addresses• Available in ML2 agent based implementations and OVN
Floating IPs• Floating IP subnets• BGP• With Neutron router
• Routed external gateway
• No Neutron router• NAT on the port?
• DVR• Fixed IPs
segment 1
physnet1172.16.0.0/22
segment 2
segment 3
segment 1
physnet1172.16.4.0/22
physnet1172.16.8.0/22
physnet1172.16.12.0/22
Datacenter Routing
203.0.113.0.251-> 172.16.12.199
203.0.113.0/24
203.0.113.0.43-> 172.16.0.227
BGP Speaker
Routed networks and Nova scheduling
Segments topology and ip address availability have to be considered by the Nova scheduler to place instances in compute nodes if routed networks are involved, both when booting and when live migrating
segment 1
172.16.0.0/22
segment 2
172.16.2.0/22
segment 3
172.16.8.0/22
segment 1
172.16.12.0/22
Changes to Nova scheduling (Ocata)• Creation of instance’s ports moved from compute manager to
conductor and will take place prior to placement decision• There are four use cases:
User requests Scheduler places instance at:
Boot with port id. Port has no IP address Any segment with available ip addresses
Boot with port id. Port has IP address Segment with subnet containing ip address
Boot with network id Any segment with available ip addresses
Instance move Segment with subnet containing ip address
Nova Generic Resource Pools API
Resource Pool
Inventories Aggregates
DISK_GB IPV4_ADDRESS Host 1 Host n…..
A resource pool represents a provider of resources: e.g. segments provide IPv4 addresses
Resource Pools for routed networks
Resource Pool
InventoriesAggregates
IPV4_ADDRESSHost 1 Host n…..
Only created for routed networks segments
‘Neutron segment id <uuid>’
Updated for every subnet associated with
the segment
Based on hosts segments mapping
Agenda• Why Routed Networks
• Layer 2 and layer-3 networks at scale• Routed Networks implementation
• Changes to Neutron• Interaction with the Nova scheduler
• Configuration• Demo
Physical preparation• Unique physnet per segment• VLAN number is independent per physnet
• VLAN ids can be re-used from segment to segment• DHCP agent hosts per physnet• Your choice of routing architecture
Neutron Configuration• Configure segments service plugin• Bridge mappings
• OVN provides a different way to configure host to segment access• Create network
• Includes creating the segments with multi-provider extension• Creating segments after network creation is also supported
• Create subnets• Include segment_id from previous step with each subnet create
Agenda• Why Routed Networks
• Layer 2 and layer-3 networks at scale• Routed Networks implementation
• Changes to Neutron• Interaction with the Nova scheduler
• Configuration• Demo
Demo set-up
allinone
compute1
segment 1
compute2 + Network
compute3
segment 2
iprouter10.1.0.0/24
fd2a:d02c:d36b:1a::/64physnet1, vlan id 2016
10.1.1.0/24fd2a:d02c:d36b:1b::/64physnet2, vlan id 2016
https://github.com/miguellavalle/routednetworksvagrant
Thank You
Double Content (Layout)