OpenContrail Overview Architecture & Demo

Transcription

1 OpenContrail Overview Architecture & Demo Qasim Arham Oct, 2014

2 Agenda Introduction OpenStack Architecture and Overview OpenContrail and OpenStack Integration OpenStack Neutron Overview OpenContrail Architecture How to configure OpenContrail Overlay Network Demo

3 OpenStack Overview Dashboard (Horizon) Networking (Neutron) Object Storage Computing (Nova) Identity (Keystone) Image Service (Glance)

4 Value Visibility to End Users OpenStack as IaaS End Users Application Developer SaaS PaaS Network Architects IaaS

5 OpenStack Overview (Grizzly) Network (Neutron) OpenStack GUI Dashboard (Horizon) Provides Network Connectivity Image Repo (Glance) Provides UI for Services & Modules Compute (Nova) Block Storage (Cinder) Provides Authentication And service catalog for All Services & Modules Object Storage (Swift) Identity (Keystone)

6 OpenStack Overview (Havana) Network (Neutron) OpenStack GUI Dashboard (Horizon) Provides Network Connectivity Provides UI for Services & Modules Image Repo (Glance) Block Storage (Cinder) Compute (Nova) Provides Authentication And service catalog for All Services & Modules Object Storage (Swift) Heat (Orchestration) Ceilometer (Metering) Identity (Keystone)

7 OpenStack Architecture Overview OpenStack GUI Horizon GUI Keystone (Identity/Access Mgmt) Keystone Server Keystone DB Glance (Image Service) API SRV Registry Glance DB Queue Nova Compute (Orchestration) API SRV Scheduler Conductor Nova DB. Swift (Object Storage) Neutron Plugin API SRV Proxy Object Store VMs Spawned Neutron Server DHCP/IPAM Neutron DB API SRV Cinder Vol Cinder (Block Storage) Scheduler Queue Storage Cinder DB Nova Agent VM01 VM02 VM03 Hypervisor Compute Neutron Plugin/ Agent

8 OpenStack Architecture Overview (cont.) HTTP RabbitMQ SQL iscsi OpenStack GUI Horizon GUI Keystone (Identity/Access Mgmt) Keystone Server Keystone DB Glance (Image Service) API SRV Registry Glance DB Queue API SRV Nova Compute (Orchestration) Scheduler Conductor Nova DB. Swift (Object Storage) Neutron Plugin API SRV Proxy Object Store Neutron Server DHCP/IPAM Neutron DB Cinder (Block Storage) VM01 API SRV Cinder DB Scheduler Queue Storage Cinder Vol Nova Compute Agent Hypervisor Compute Neutron Plugin/ Agent

9 Contrail/OpenStack Overview (Grizzly) Network (vrouter) Controller (Contrail) CFMG (Contrail) Analytics (Contrail) Contrail GUI Configuration and Analytics OpenStack GUI Dashboard (Horizon) Image Repo (Glance) Provides UI for Services & Modules Compute (Nova) Block Storage (Cinder) Provides Authentication And service catalog for All Services & Modules Object Storage (Swift) Identity (Keystone)

10 Contrail Architecture XMPP Orchestrator (OpenStack) XMPP Analytics REST Analytics Configuration Contrail Controller Configuration IF-MAP Control IBGP Control BGP + NetConf Compute (vrouter) Gateway (MX, EX, QFX) Service (SRX, Firefly)

11 Get VM Image to Spawn OpenContrail Integration with OpenStack User Logs in, Create tenant (Projects), Create IPAM, Create Virtual Network, Launch VMs OpenStack GUI Contrail GUI Horizon GUI Contrail GUI Authentication, Authorization, etc. Keystone (Identity/Access Mgmt) Launch VM/Instance Networking Interaction (VN,IPAM,Port, VIF..etc.) Glance (Image Service) Nova Compute (Orchestration) Neutron Plugin Contrail Config API SRV Scheduler. Contrail Control Swift (Object Storage) Select Compute to spawn Instance (VM) Get Virtual Network Info Cinder (Block Storage) Block Storage Assignment Spawn VM Info VMs Spawned VM01 VM03 VM02 DHCP Bi-directional Message Bus (XMPP Interaction) Contrail Agent Nova Agent Hypervisor vrouter Storage Compute Plug(Tap Interfaces, Instance ID )

12 OpenContrail Integration with OpenStack Horizon Scripts (API) Nova API Nova Scheduler 1. Create an Instance (VM info, Network, IPAM, Policies, etc.) Neutron Plugin Neutron Driver 4. Create VM Interface 6. Publish VM Intf on IFMap Configuration Control 2. Schedule an Instance on the Compute 3. VM Network properties 7. VM Interface Config Over XMPP Nova Compute Compute Driver Virtual-IF Driver 5. Add Port Compute Virtual Router Contrail Agent vrouter (Kernel)

13 OpenStack Neutron "network-as-a-service SDN

14 OpenStack Neutron Neutron: Pluggable, scalable, API-driven network and IP Management Provides a rich and tenant-facing API for defining network connectivity and addressing in the cloud

15 Neutron Networking API Functionalities Network An isolated L2 Segment, analogous to VLAN in the physical networking world. Subnet A block of v4 or v6 IP addresses and associated configuration state. Port A connection point for attaching a single device, such as a NIC of a virtual server to a virtual network. Virtual Router & NAT Local & External networks

16 Neutron Architecture API Overview Pluggable Back-End using Vif OVS Plugin Linux Bridge Plugin NEC Plugin Big Switch Plugin Hyper-V Plugin Brocade Plugin OpenContrail Gateway Service Firewall Service REST API Neutron

17 Neutron Components Neutron Server - API L3 Agent DHCP Agent Data Base Queue Plugin Agent

18 Neutron Plugin & Agent Summary OVS NICIRA OpenContrail RYU Others Flat VLAN GRE XMPP/ BGP GRE VxLAN OpenF low/o VS??? OpenStack Neutron dnsmasq NAT Router IPTables??? HAprox y F5??? DHCP AGENT L3 AGENT Firewall AGENT L-B AGENT

19 Floating IP (Neutron) OpenStack Cluster Instance 1 VM1 Internal Private Pool (VN1) /24 Instance 2 VM2 Floating POOL (Public) / Instance 3 VM3 NAT Router (L2/L3) Basic L3 router construct to route between L2 networks Provides a gateway to external networks Support for SNAT and Floating IPs

20 Security Group Security Groups Allows L3-L4 packet filtering for security policies to protect the instances (VMs) Collection of network access rules that specify traffic allowed to and from a VM Associated with a VM at startup If not specified, a VM is assigned to the default Security Group, which allows traffic from all other members of the group VM can be associated with many Security Groups Security Group rule specifies: Source of traffic (IP/CIDR or another Security Group) Protocol (TCP, UDP, ICMP, etc.) Destination port on VM SSH TCP RTP

21 Physical Network Design (OpenStack Architecture) Public/Provider Network eth1 eth1 eth1 Compute Cluster eth1 Swift Cluster eth1 Compute Network Controller / Endpoint node Block Storage Block Storage Block Storage eth0 eth0 eth0 eth0 eth0 eth0 Private Storage Management iscsi

22 OpenContrail Architecture

23 OpenContrail What is OpenContrail? SDN solution Automates and orchestrates highly scalable virtual networks Network programmability NFV Big data analytics Open system architecture Visualization Two primary drivers Cloud networking NFV in service provider network

24 Two Main Components Contrail Controller Control plane Logically centralized, physically distributed Management, control, and analytics Manages the vrouters Contrail vrouter Forwarding plane Extends physical network to virtual overlay network Provides Layer 2 and Layer 3 services

25 Bridging Physical and Virtual Networks Virtual Networks Implemented on top of physical networks Replaces VLAN-based isolation Virtual networks isolated from each other unless permitted by security polices Provides multi-tenancy in a virtualized data center MPLS L3VPN and EVPN technologies Used to implement NFV

26 Overlay Networking Overlay Networking Physical underlay network Routers and switches Provides IP connectivity Uniform low-latency, non-blocking, high-bandwidth connectivity No per-tenant state Virtual overlay network vrouters create overlay network on top of the underlay network Per-tenant state MPLS over GRE tunnels MPLS over UDP tunnels VXLAN tunnels

27 Example ( 1 site) Contrail within a data center MPLS over GRE tunnel automatically setup when VMs are deployed VN to VN communication requires a security policy VN-A Contrail VN-B vrouter vrouter Compute 1 Compute 2 A-1 B-1 B-2 A-2

28 Example ( 2 Sites) Data Centers connected over the WAN One tunnel per vrouter connection Contrail WAN Compute 1 Compute 2 vrouter vrouter vrouter vrouter Compute 3 A-1 B-1 A-2 C-1 C-2 B-2 A-3 B-3 Data Center 1 Data Center 2 Compute 4

29 Contrail Architecture XMPP Orchestrator (OpenStack) XMPP Analytics REST Analytics Configuration Contrail Controller Configuration IF-MAP Control IBGP Control BGP + NetConf Compute (vrouter) Gateway (MX, EX, QFX) Service (SRX, Firefly)

30 Logical Architecture & Interface Overview Contrail Logical Architecture OpenStack GUI Contrail GUI Server2 Contrail CFMG/Analytics/GUI Control Plane (IF-MAP) Control Plane (IF-MAP) Control Plane (Sandesh) Server3 Contrail Controller Control Plane (IBGP) Control Plane (XMPP) Control Plane (IBGP) Server4 Contrail Controller Control Plane (XMPP) MX-GW Data Plane MPLSoGRE Server5 Contrail vrouter Data Plane MPLSoGRE Server6 Contrail vrouter VM01 VM02 VM03 VM01 VM02 VM03

31 Contrail Stack Compute and vrouter Customer OSS/BSS OpenStack CloudStack REST APIs (Configuration, Operational, Analytics) Analytics Engine Analytics Engine Analytics Engine Configuration s Control Plane Control Plane Control Plane Compute (vrouter) Gateway (MX, EX, QFX) Service (SRX, Firefly)

32 Contrail vrouter (SW Overview) Compute (vrouter) Replaces the Linux bridge or OVS module in Hypervisor kernel Performs bridging (E-VPN) and routing (L3VPN) Performs network services like security policies, NAT, multicast, mirroring, and load balancing No need for Service s or L2/L3 gateways for routing, broadcast, multicast, or NAT Routes automatically leaked into VRFs based on policy Multiple interfaces support on VMs Multiples interface support from Compute s to switching fabric Contrail vrouter supervisor-vrouter contrail-vrouter contrail-vrouter-nodemgr Support Servcies libvirtd Nova Servcies openstack-nova-compute

33 Contrail Stack: Control Layer Customer OSS/BSS OpenStack CloudStack REST APIs (Configuration, Operational, Analytics) Analytics Engine Analytics Engine Analytics Engine Configuration Control Plane Control Plane Control Plane Compute (vrouter) Gateway (MX, EX, QFX) Service (SRX, Firefly)

34 Contrail Controller (SW Overview) Control All Control s are active-active Each vrouter uses XMPP to connect with multiple Control s for redundancy Each Control connects to multiple Configuration s for redundancy BGP and NetConf is used to connect with physical gateway routers or Service s Control s federate using BGP Control s can run different software versions for test-before-deploy and live upgrades Contrail Config ssupervisor-config contrail-api contrail-config-nodemgr contrail-discovery contrail-schema contrail-svc-monitor contrail-zookeeper Ifmap redis-config Contrail Database supervisord-contrail-database contrail-database Contrail Control supervisor-control contrail-control contrail-control-nodemgr supervisor-dns contrail-dns contrail-named Quantum Servcies quantum-server Support Servcies rabbitmq-server

35 Route Distribution Control Plane (XMPP) : NH = ; LBL = 17 Configuration IF-MAP Control REST API : NH = ; LBL = 39 Outer MAC headers left out to reduce clutter Control Plane (XMPP) : NH = ; LBL = : NH = ; LBL = 17 PubDstIP PubSrcIP PriDstIP PriSrcIP GRE LBL= PAYLOAD IP Network vrouter Agent : NH = ; LBL = 17 VRF (Dynamic Tunnel Encapsulation) : NH = ; LBL = 39 (Dynamic Tunnel Encapsulation) VRF vrouter Agent PriDstIP PriSrcIP PAYLOAD VM-A VM-B PriDstIP PriSrcIP PAYLOAD Compute Compute 2

36 Route Distribution: L3VPN REST API Config Mgmt. DC-1 Control Plane XMPP BGP Control s : NH = ; LBL = 417 ;RD ;RT : NH = ; LBL = 417 I-MBGP E-MBGP I-MBGP E-MBGP I-MBGP MPLS Outer Label IP Network : NH = ; LBL = 317 ;RD ;RT Service Provider PriDstIP : NH = ; LBL = 217 ;RD ;RT PubDstIP PubSrcIP PriDstIP PriSrcIP MPLS PriSrcIP : NH = ; LBL = 117 ;RD ;RT LBL= PAYLOAD IP Network : NH = ; LBL = 17 ;RD ;RT BGP Control s : NH = ; LBL = 17 PubDstIP PubSrcIP PriDstIP PriSrcIP GRE LBL= PAYLOAD REST API Config Mgmt. DC-2 Control Plane XMPP GRE LBL= PAYLOAD : NH = ; LBL = 417 PriDstIP PriSrcIP PAYLOAD VM-A VM-B Server Server : NH = ; LBL = 417 PriDstIP PriSrcIP PAYLOAD

37 Route Distribution: E-VPN Control Plane (XMPP) MAC2: NH = ; LBL = 17 Configuration IF-MAP Control REST API MAC1: NH = ; LBL = 39 Control Plane (XMPP) MAC1: NH = ; LBL = 39 MAC2: NH = ; LBL = 17 PubDstIP PubSrcIP DstMAC SrcMAC GRE LBL=17 MAC1 MAC2 PAYLOAD IP Network vrouter Agent MAC2: NH = ; LBL = 17 VRF (Dynamic Tunnel Encapsulation) MAC1: NH = ; LBL = 39 (Dynamic Tunnel Encapsulation) VRF vrouter Agent DstMAC SrcMAC MAC2 MAC1 PAYLOAD VM VM DstMAC SrcMAC MAC2 MAC1 PAYLOAD Server 1 MAC1 MAC2 Server 2

38 Contrail Stack: Configuration s Customer OSS/BSS OpenStack CloudStack REST APIs (Configuration, Operational, Analytics) Analytics Engine Analytics Engine Analytics Engine Configuration s Control Plane Control Plane Control Plane Compute (vrouter) Gateway (MX, EX, QFX) Service (SRX, Firefly)

39 Contrail CFMG/Analytics/GUI (SW Overview) Contrail Database supervisord-contrail-database contrail-database Contrail Config ssupervisor-config contrail-api contrail-config-nodemgr contrail-discovery contrail-schema contrail-svc-monitor contrail-zookeeper Ifmap redis-config Support Servcies Mysqld Httpd Libvirtd rabbitmq-server memcached Contrail Web UI supervisor-webui contrail-webui contrail-webui-middleware redis-webui Contrail Analytics supervisor-analytics contrail-analytics-nodemgr contrail-collector contrail-opserver contrail-qe redis-query redis-sentinel redis-uve Horizon Services openstack-dashboard Keystone Services openstack-keystone Quantum Servcies quantum-server Cinder Services openstack-cinder-api openstack-cinder-scheduler Glance Services openstack-glance-api openstack-glance-registry Nova Servcies openstack-nova-api openstack-nova-cert openstack-nova-scheduler openstack-nova-conductor Configuration API server provides northbound REST interface -- orchestration system provisions using this API service DHT/NoSQL database is used for persistence and High Availability of configuration Schema transformer compiles the high level data model to low level model for vrouter, Service s, and Gateway Routers IF-MAP is used to represent the data-model -- Control s subscribe to a subset of the configuration

40 Contrail Stack: Analytics Engine Customer OSS/BSS OpenStack CloudStack REST APIs (Configuration, Operational, Analytics) Analytics Engine Analytics Engine Analytics Engine Configuration s Control Plane Control Plane Control Plane Compute (vrouter) Gateway (MX, EX, QFX) Service (SRX, Firefly)

41 Contrail CFMG/Analytics/GUI (SW Overview) Contrail Database supervisord-contrail-database contrail-database Contrail Config ssupervisor-config contrail-api contrail-config-nodemgr contrail-discovery contrail-schema contrail-svc-monitor contrail-zookeeper Ifmap redis-config Support Servcies Mysqld Httpd Libvirtd rabbitmq-server memcached Contrail Web UI supervisor-webui contrail-webui contrail-webui-middleware redis-webui Contrail Analytics supervisor-analytics contrail-analytics-nodemgr contrail-collector contrail-opserver contrail-qe redis-query redis-sentinel redis-uve Horizon Services openstack-dashboard Keystone Services openstack-keystone Quantum Servcies quantum-server Cinder Services openstack-cinder-api openstack-cinder-scheduler Glance Services openstack-glance-api openstack-glance-registry Nova Servcies openstack-nova-api openstack-nova-cert openstack-nova-scheduler openstack-nova-conductor Analytics API server provides northbound REST Interface for Applications SQL-style query language for NoSQL access -- object traces, flow records, syslog DHT/NoSQL database is used for scale and persistence Sandesh Protocol (XML over TCP) is used by all nodes (Control, Configuration, Compute, and physical network) to deposit data in the NoSQL DB Rules engine automatically collects operational state on specific events Collector supports NetFlow for non- Juniper devices Operational state of any node can be queried by the analytics engine

42 Analytics Access Through the Northbound API Configuration Virtual network (L2/L3) Security and QoS policies IPAM rules, floating IP Analyzer and mirroring Operational Control s and vrouters Datacenter gateway router Virtual router connected networks and ACLs Virtual router statistics Analytics Query tables Flow records System objects Aggregated traffic statistics

43 Contrail Stack: REST APIs Customer OSS/BSS OpenStack CloudStack REST APIs (Configuration, Operational, Analytics) Analytics Engine Analytics Engine Analytics Engine Configuration s Control Plane Control Plane Control Plane Compute (vrouter) Gateway (MX, EX, QFX) Service (SRX, Firefly)

44 APIs

45 Contrail Stack: OpenStack Customer OSS/BSS OpenStack CloudStack REST APIs (Configuration, Operational, Analytics) Analytics Engine Analytics Engine Analytics Engine Configuration s Control Plane Control Plane Control Plane Compute (vrouter) Gateway (MX, EX, QFX) Service (SRX, Firefly)

46 OpenStack Horizon VM States: Scheduling Networking Spawning Active

47 Contrail Dashboard The Dashboard page shows a at a glance view of the Infrastructure components including the number of virtual routers, control nodes, analytics nodes, and Config nodes currently operational, bubble chart of virtual routers showing the CPU and memory utilization, logs, system information and alerts

48 OpenContrail References: Github link: OpenContrail & DevStack: Configuring Contrail for OpenStack: OpenContrail Users Mailing List: OpenContrail Dev Mailing List:

49 OpenContrail References: Network Virtualization Architecture Deep Dive Software architecture Day One Book: ebook/dp/b00gtxgp7o/ref=sr_1_1?ie=utf8&qid= &sr=8-1&keywords=opencontrail

50