Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Rapidly Deploy NFV with VyOS on Kubernetes

Date Huang
August 04, 2024
Programming
0
20

Rapidly Deploy NFV with VyOS on Kubernetes

VyOS is a Linux based open source router with rich networking features. We could use Kubernetes to deploy VyOS and configuration to provide quick NFV etc.

In this session, Date Huang will show how to rapidly deploy NFV with VyOS on Kubernetes, emphasizing flexibility and scalability to provide virtual network routing and other features.

Date Huang

August 04, 2024
Tweet

More Decks by Date Huang

See All by Date Huang
從大學到出社會,這十年的參與和維護的開源專案
tjjh89017
0
990
開源專案的商業困境
tjjh89017
0
260
設計Kubernetes Controller與CRD的實踐 - 以網路為例
tjjh89017
0
830
維護自己的開源專案EZIO的心路歷程
tjjh89017
1
460
Massive Bare-Metal Operating System Provisioning Improvement - OpenInfra Day Taiwan 2019/11/12
tjjh89017
0
64
Cloud Infrastructure Interconnect with Wireguard and OSPF
tjjh89017
0
440
Build Redundant Gaming Network with Wireguard and BGP
tjjh89017
1
2.2k
CI on OpenStack
tjjh89017
0
280
EZIO, Torrent-based Recovery
tjjh89017
0
210

Other Decks in Programming

See All in Programming
Android開発以外のAndroid開発経験の活かしどころ
konifar
2
730
Method Swizzlingを行うライブラリにおけるマルチモジュール設計
yoshikma
0
110
Swiftコードバトル必勝法
toshi0383
0
150
いつか使える ObjectSpace / Maybe useful ObjectSpace
euglena1215
2
130
What is Parser
yui_knk
9
4.1k
React + TextAliveでカッコいいLyric Applicatioinを作ろう!!
tosuri13
0
400
Rubyのobject_id
qnighy
6
1.3k
rails_girls_is_my_gate_to_join_the_ruby_commuinty
maimux2x
0
190
状態管理ライブラリZustandの導入から運用まで
k1tikurisu
3
460
ブラウザ互換の重要性 - あらゆるユーザーに価値を届けるために必要なこと
yamanoku
0
110
月間4.5億回再生を超える大規模サービス TVer iOSアプリのリアーキテクチャ戦略 - iOSDC2024
techtver
PRO
1
810
Architecture Decision Record (ADR)
nearme_tech
PRO
1
670

Featured

See All Featured
Code Review Best Practice
trishagee
62
16k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
89
16k
Imperfection Machines: The Place of Print at Facebook
scottboms
263
13k
Six Lessons from altMBA
skipperchong
26
3.3k
Embracing the Ebb and Flow
colly
83
4.4k
The Art of Programming - Codeland 2020
erikaheidi
48
13k
What's in a price? How to price your products and services
michaelherold
242
11k
Music & Morning Musume
bryan
46
6k
The Cost Of JavaScript in 2023
addyosmani
42
5.4k
VelocityConf: Rendering Performance Case Studies
addyosmani
322
23k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
326
21k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
354
29k

Transcript

  1. Rapidly Deploy NFV with VyOS on Kubernetes Date Huang 黃宇強

    @ VyOS Networks [email protected] COSCUP 2024 / KCD Taipei 2024 Aug 4th 2024

  2. Agenda • About Me • Who are we • What

    is VyOS • How VyOS works with Kubernetes • Future work • Demo

  3. About Me • Date Huang 黃宇強 • VyOS Solution Architect

    • EZIO Maintainer • [email protected] • Speaking Experience: OpenStack Day Taiwan 2016-2017, Open Source Summit North America 2017, ISC High Performance Project Poster 2018, Hong Kong Open Source Conference 2019, OSC Tokyo 2019, COScon '19, TWNOG 4.0, COSCUP 2021, COSCUP 2023, Kubernetes Community Day 2023, OSC Nagoya 2024

  4. Who are we - VyOS Networks With headquarters in Poway,

    California, VyOS Networks is a company dedicated to providing an open-source network operating system solution. Its operating system, also named VyOS, is Linux-based and is widely renowned for enabling advanced network functionalities, such as VPNs, firewalls, and various top-notch routing protocols, to be performed on both physical and virtual platforms. The VyOS operating system has gained traction for being highly customizable, scalable, and suitable for small and large network infrastructures. It is employed across various industries and organizations, including service providers, educational institutions, and enterprises, for various applications like edge, branch, and cloud networking.

  5. What is VyOS • Open Source network operating system based

    on Debian • Runs on x86_64 devices ◦ Experimental ARM64 UEFI support • Provide a powerful set of features for Routing, Firewall, VPN etc • Get everything from VyOS github page ◦ https://github.com/vyos

  6. What is VyOS • Dynamic Routing: BGP, OSPF, IS-IS •

    Tenant Network: BGP EVPN VXLAN, VRF, NAT support • Stateful firewall based on nftables and conntrack • Support IPSec, OpenVPN, Wireguard etc, VPN protocols • Running OCI container to provide more flexibility ◦ Suricata container for IDS/IPS mode

  7. You can Deploy VyOS on • Bare-Metal x86_64 server •

    Cloud ◦ AWS ◦ GCP ◦ Azure ◦ Oracle Cloud • VM ◦ KVM ◦ VMware ◦ Xen ◦ Hyper-V

  8. How VyOS works with Kubernetes • We can run VyOS

    as a VM on Kubernetes ◦ Pass through `/dev/kvm` ◦ Run Libvirt/QEMU ◦ Configure Bridge CNI to provide network ◦ Similar to Kubevirt • Login to Pod and enable virsh console to configure

  9. How to make VyOS as an App on Kubernetes •

    Configure VyOS with Serial/KVM Console? • Configure VyOS with Cloud-init and SSH? • Is there any way to deploy VyOS configuration with API or anything else? ◦ IaC style deployment? ◦ Auto sync configuration from other resource?

  10. QEMU Guest Agent True Out-of-Band Management • No need any

    OOB network • Read/Write/Execute file in the VM on demand ◦ https://qemu-project.gitlab.io/qemu/interop/qemu-ga-ref.html • What can we do next? • How to use QEMU-GA for VyOS?

  11. VyOS on Kubernetes • Watch CRDs, ConfigMap, or files change

    • Write configurations into VyOS with qemu-ga • Execute scripts to load all configurations • We got a VyOS App on Kubernetes to provide NFV • https://github.com/tjjh89017/vyos-on-k8s

  12. POD VyOS VM QEMU-GA Controller ConfigMap config: "" command: |

    set interfaces ethernet eth0 address '1.1.1.1/24' set protocols bgp address-family l2vpn-evpn advertise-all-vni set protocols bgp address-family l2vpn-evpn advertise-default-gw set protocols bgp listen range 1.1.1.0/24 peer-group 'PEER' set protocols bgp peer-group PEER address-family l2vpn-evpn route-reflector-client set protocols bgp peer-group PEER address-family l2vpn-evpn soft-reconfiguration inbound set protocols bgp peer-group PEER remote-as 'internal' set protocols bgp system-as '65000' set protocols bgp timers holdtime '3' set protocols bgp timers keepalive '1' set system host-name 'spine1' 1. Mount as file Config 2. Watch File 3. Sync with QEMU-GA 4. Apply Config Change

  13. POD VyOS VM QEMU-GA Controller CRDs config: "" command: |

    set interfaces ethernet eth0 address '1.1.1.1/24' set protocols bgp address-family l2vpn-evpn advertise-all-vni set protocols bgp address-family l2vpn-evpn advertise-default-gw set protocols bgp listen range 1.1.1.0/24 peer-group 'PEER' set protocols bgp peer-group PEER address-family l2vpn-evpn route-reflector-client set protocols bgp peer-group PEER address-family l2vpn-evpn soft-reconfiguration inbound set protocols bgp peer-group PEER remote-as 'internal' set protocols bgp system-as '65000' set protocols bgp timers holdtime '3' set protocols bgp timers keepalive '1' set system host-name 'spine1' 1. Watch CRDs Change 2. Sync with QEMU-GA 3. Apply Config Change

  14. What can we do for the business? • Rapidly deploy

    VyOS and Configuration for your service ◦ Provide VPN accounts rapidly and easily • Easily manage and maintain the VyOS instance ◦ Kubernetes will auto heal your deployment • Auto a High Quality HA with Kubernetes ◦ Use Node Affinity to auto schedule the service to different nodes • IaC for network configuration ◦ Use ConfigMap or CRDs to configure all your network settings ◦ You only need to generate the configurations for your system

  15. DEMO • Construct Tenant Network with VyOS • Using BGP

    EVPN VXLAN

  16. DEMO • Deploy VPN server on Kubernetes

  17. Future Work • Kubernetes Controller based ◦ CRDs to deploy

    and sync VyOS configuration ◦ True VyOS App • Sidecar Controller with Kubevirt ◦ Enjoy Kubevirt VM feature with config sync

  18. POD VyOS VM QEMU-GA Controller CRDs config: "" command: |

    set interfaces ethernet eth0 address '1.1.1.1/24' set protocols bgp address-family l2vpn-evpn advertise-all-vni set protocols bgp address-family l2vpn-evpn advertise-default-gw set protocols bgp listen range 1.1.1.0/24 peer-group 'PEER' set protocols bgp peer-group PEER address-family l2vpn-evpn route-reflector-client set protocols bgp peer-group PEER address-family l2vpn-evpn soft-reconfiguration inbound set protocols bgp peer-group PEER remote-as 'internal' set protocols bgp system-as '65000' set protocols bgp timers holdtime '3' set protocols bgp timers keepalive '1' set system host-name 'spine1' 1. Watch CRDs Change 2. Sync with QEMU-GA 3. Apply Config Change NFV Controller 0. Auto Generate Config on Demand
  19. None