Neutron
Download
1 / 16

Neutron - PowerPoint PPT Presentation


  • 268 Views
  • Uploaded on

Neutron. What’s new in Havana? Arvind Somya Software Engineer Cisco Systems Inc. Modular Layer 2 (ML2). Driver Based Combines OVS and Linuxbridge VXLAN Support L3 Separation L2 Population Vendor Drivers Available. What is Ml2?. Original Goal:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Neutron' - diallo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Neutron

Neutron

What’s new in Havana?

ArvindSomya

Software Engineer

Cisco Systems Inc.


Modular layer 2 ml2
Modular Layer 2 (ML2)

Driver Based

Combines OVS and Linuxbridge

VXLAN Support

L3 Separation

L2 Population

Vendor Drivers Available


What is ml2
What is Ml2?

  • Original Goal:

    • The Modular Layer 2 (ML2) Plugin is a framework allowing OpenStack Networking to simultaneously utilize the variety of layer 2 networking technologies found in complex real-world datacenters.

  • ML2 was designed to ease the burden of adding new L2 networking technologies into OpenStack Networking.

  • ML2 will deprecate the Open vSwitch, LinuxBridge, and Hyper-V monolithic Neutron Plugins

    • It works with each of their existing L2 agents simultaneously


Ml2 drivers
ML2 “Drivers”

  • ML2 exposes two different types of drivers: “Type” and “Mechanism”

  • ML2 TypeDrivers:

    • Maintain type-specific state

    • Provide tenant network allocation

    • Validate provider networks

    • Current TypeDrivers:

    • local, flat, VLAN, GRE, and VXLAN

  • ML2 MechanismDrivers:

    • Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled

    • Current MechanismDrivers:

    • Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS


Ml2 typedrivers
ML2 TypeDrivers

  • Maintain type-specific state

  • Provide tenant network allocation

  • Validate provider networks

  • Current TypeDrivers:

    • local, flat, VLAN, GRE, and VXLAN


Ml2 mechanismdrivers
ML2 MechanismDrivers

  • Responsible for taking information supplied by TypeDrivers and ensuring it is properly applied given the specific networking mechanisms which have been enabled

  • Current MechanismDrivers:

    • Arista, Cisco Nexus, Hyper-V, L2 Population, LinuxBridge, Open vSwitch, Tail-F NCS

  • MechanismDrivers can work with many different technologies:

    • Agent based MechanismDrivers(Hyper-V, LinuxBridge, and OVS)

    • Controller based MechanismDrivers (Tail-F NCS and OpenDaylight)

    • ToR switch MechanismDrivers (Arista and Cisco Nexus)


Modular layer 2 diagram
Modular Layer 2 Diagram

Neutron Server

ML2 Plugin

API Extensions

Type Manager

Mechanism Manager

VLAN

TypeDriver

Arista

Cisco Nexus

L2 Population

OVS/LinuxBridge

Tail-F NCS

GRE

TypeDriver

VXLAN

TypeDriver

Hyper-V


Load balancing as a service
Load Balancing as a Service

Multiple Network Node

Driver Based

OpenSource - HAProxy

Vendor Drivers Available (NiciraService Plugin)

Agent based solution

Horizon Integrated


L baas simple workflow
Lbaas Simple Workflow

Create a Pool of VIP’s from a Neutron Subnet

Add VIP to the Pool (One per pool)

  • Can load balance using:

  • Round Robin

  • Least Connections

  • Source IP

Optionally associate monitors with Pools

Add Member instances to the Pool

Specify a weight for added members

and a port number.

Monitors check the backend members of a VIP

Can use Ping, TCP, HTTP, HTTPS for health checks

Can specify the delay, timeout, retries, url and expected

codesfor each monitor


Vpn as a service
VPN as a Service

Site-to-Site

IPSec Pre-Shared Key

Multiple Node Support

OpenSource based on OpenSwan

Under development: MPLS VPN, BGP MPLS VPN

Horizon Integrated


Vpn as a service simple workflow
VPN as a Service Simple Workflow

  • Create a VPN Service

  • Tenant

  • Subnet

  • Router

  • Authalgorithm: Sha1

  • Encryption Algorithm: aes-128 (aes 3des, aes-256, aes-192)

  • Phase 1 negotiation mode: Main Mode (Aggressive mode)

  • PFS: Group5 (group2, group5, or group14)

  • IKE Version: v1 (v2)

  • Create IKE Policy

  • Tenant

  • Name

Create IPSec Policy

Tenant

Name

  • Create IPSec site connection

  • Tenant

  • Peer Id

  • Peer CIDR(s)

  • Peer Address

  • Psk

  • IKE Policy

  • IPSec Policy

  • VPN Service Id

  • Transform protocol: ESP (AH, AH-ESP)

  • Encapsulation mode: tunnel (transport)

  • Authalgorithm: sha1

  • Encryption Algorithm: aes-128 (aes 3des, aes-256, aes-192)

  • PFS: Group5 (group2, group5, or group14)


Firewall as a service
Firewall as a Service

Stateless Filtering at the Edge

Vendor Drivers

Preview Available in Havana

Agent Based

Horizon Integrated


Firewall as a service simple workflow
Firewall as a Service Simple Workflow

Can specify

Audited attribute

Create a Firewall Policy

Add Firewall Rules

Source, dest IP,

port etc.

Strict Ordering

Create a Tenant Firewall


Additional new features
Additional New Features

Improved Horizon Integration

  • Panels for Load Balancer, Firewall and VPN as a service.

    DHCP Per Port Options

    Plugin Improvements


Looking ahead to icehouse
Looking ahead to Icehouse...

Parity with nova-network

Improved IPv6 Support

L3 High Availability

Plugins and Drivers

External Testing

New Plugins and Drivers


Icehouse advanced services
Icehouse Advanced Services

Load Balancing as a Service

Multiple pools per VIP

VPN as a Service

SSL VPN API

Firewall as a Service

Revised API


ad