Standalone Neutron: How we integrated it with Abiquo
This is a talk I gave at the OpenStack BCN 7th birthday meetup.
In it I explain how we integrated a standalone Neutron with Abiquo to implement an SDN solution w/o a full OpenStack.
The Abiquo use case 20 July 2017 OpenStack BCN 7th birthday meetup 2 Abiquo had a basic self-service networking model for KVM based on VLANs. We wanted to add support for: • Firewalls • Load Balancers • Floa:ng Ips • Other networking technologies (not a priority)
Available op:ons 20 July 2017 OpenStack BCN 7th birthday meetup 3 • Implement our own solu:on • Explore the exis:ng SDN products – Highly customizable – Mul:-tenant – Open source – Good community support
Choosing OpenStack 20 July 2017 OpenStack BCN 7th birthday meetup 4 OpenStack already had what we needed, but we only needed some parts of the relevant compute stack: • Keystone – For access control and mul:- tenancy • Neutron – To provide the SDN features • Nova – We already had our own hypervisor agent and wanted to integrate it with Neutron
Neutron implementa:on 20 July 2017 OpenStack BCN 7th birthday meetup 5 Our hypervisor agent already managed VLANs and Linux bridges, so we started using: • VLANs for user defined networks • The Linux bridges plugin • Iptables for security groups • The LBaaS API with HAProxy for load balancers
The controller node 20 July 2017 OpenStack BCN 7th birthday meetup 7 The controller node keeps the logical networking model. We directly manage it using the Neutron API to: • Create networks and subnets • Manage security groups • Create and configure ports • Manage floa:ng IPs • Manage load balancers
The compute agent 20 July 2017 OpenStack BCN 7th birthday meetup 10 We will rely on the Linux bridges agent to create all stuff What needs to be done to let the agent know that the infrastructure is ready?
The compute agent 20 July 2017 OpenStack BCN 7th birthday meetup 11 We will rely on the Linux bridges agent to create all stuff What needs to be done to let the agent know that the infrastructure is ready? How do we make the ports ACTIVE?
Example: VM with a single IP and SSH access 20 July 2017 OpenStack BCN 7th birthday meetup 12 Create the network (neutron) net-create test --tenant-id b7de212040bc4518b9fe11b53e8cbed7 Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 1a817eb7-ef09-455a-95dc-75e24d7b3d13 | | mtu | 0 | | name | test | | provider:network_type | vlan | | provider:physical_network | abq-vlans | | provider:segmentation_id | 78 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | b7de212040bc4518b9fe11b53e8cbed7 | +---------------------------+--------------------------------------+
Example: VM with a single IP and SSH access 20 July 2017 OpenStack BCN 7th birthday meetup 14 Create the tenant router (neutron) router-create test-router --tenant-id b7de212040bc4518b9fe11b53e8cbed7 Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | distributed | False | | external_gateway_info | | | ha | False | | id | 7983a549-a08e-4928-9614-d06c13ef1cb3 | | name | test-router | | routes | | | status | ACTIVE | | tenant_id | b7de212040bc4518b9fe11b53e8cbed7 | +-----------------------+--------------------------------------+ (neutron) router-gateway-set test-router abq-external Set gateway for router test-router (neutron) router-interface-add test-router test-subnet Added interface 75809387-a8bb-4db4-a39e-8064e47927cc to router test-router.
Example: VM with a single IP and SSH access 20 July 2017 OpenStack BCN 7th birthday meetup 22 Interfaces in the compute node [root@nacx-kvm ~]# ip link 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:1e:11:76 brd ff:ff:ff:ff:ff:ff 3: eth1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:0c:55:0f brd ff:ff:ff:ff:ff:ff 4: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:92:05:b4 brd ff:ff:ff:ff:ff:ff 5: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:92:05:b4 brd ff:ff:ff:ff:ff:ff Interfaces are managed by the compute agent (Nova), our custom hypervisor agent in this case Our agent needs to create the right one
Example: VM with a single IP and SSH access 20 July 2017 OpenStack BCN 7th birthday meetup 24 Crea:ng the interface for the VM [root@nacx-kvm ~]# ip tuntap add name tap18365a93-63 mode tap [root@nacx-kvm ~]# ip link 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:1e:11:76 brd ff:ff:ff:ff:ff:ff 3: eth1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:0c:55:0f brd ff:ff:ff:ff:ff:ff 4: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:92:05:b4 brd ff:ff:ff:ff:ff:ff 5: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:92:05:b4 brd ff:ff:ff:ff:ff:ff 9: tap18365a93-63: mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 4a:38:29:71:f4:8d brd ff:ff:ff:ff:ff:ff 10: eth1.78@eth1: mtu 1500 qdisc noqueue master brq1a817eb7-ef state UP mode DEFAULT qlen 1000 link/ether 52:54:00:0c:55:0f brd ff:ff:ff:ff:ff:ff 11: brq1a817eb7-ef: mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 52:54:00:0c:55:0f brd ff:ff:ff:ff:ff:ff
Example: VM with a single IP and SSH access 20 July 2017 OpenStack BCN 7th birthday meetup 25 Crea:ng the interface for the VM [root@nacx-kvm ~]# ip tuntap add name tap18365a93-63 mode tap [root@nacx-kvm ~]# ip link 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:1e:11:76 brd ff:ff:ff:ff:ff:ff 3: eth1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:0c:55:0f brd ff:ff:ff:ff:ff:ff 4: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:92:05:b4 brd ff:ff:ff:ff:ff:ff 5: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:92:05:b4 brd ff:ff:ff:ff:ff:ff 9: tap18365a93-63: mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 4a:38:29:71:f4:8d brd ff:ff:ff:ff:ff:ff 10: eth1.78@eth1: mtu 1500 qdisc noqueue master brq1a817eb7-ef state UP mode DEFAULT qlen 1000 link/ether 52:54:00:0c:55:0f brd ff:ff:ff:ff:ff:ff 11: brq1a817eb7-ef: mtu 1500 qdisc noqueue state UP mode DEFAULT qlen 1000 link/ether 52:54:00:0c:55:0f brd ff:ff:ff:ff:ff:ff
Lessons learned 20 July 2017 OpenStack BCN 7th birthday meetup 27 • Even though OpenStack is very modular, there are (hidden) hardcoded things that are important for integra:ons • Open source is key when approaching new technology – Access to a community knowledge base of similar issues, use cases and experiences – Access to the source code is o-en the best way to understand technology
nacx
minorun365
cybozuinsideout
ufried
cimadai
rilmayer
palark
lemiorhan
murachiakira
comucal
radkmb
is_ryo
tacck
quramy
holman
aarron
keavy
danielanewman
brad_frost
tanoku
eileencodes
ufuk
jmmastey
bluesmoon
hursman