OpenStack Dragonflow shenzhen and Hangzhou meetups
-
Upload
eran-gampel -
Category
Engineering
-
view
296 -
download
5
Transcript of OpenStack Dragonflow shenzhen and Hangzhou meetups
Dragonflow Shenzhen OpenStack meet-upAyal Baron Eran Gampel
Dragonflow
Page 2
• Integral part of OpenStack
• Fully Open Source
• Scale, Performance and Latency
• Lightweight and Simple
• Easily Extendable• Distributed SDN Control Plane
• Sync Policy Level abstraction to the CN
Dragonflow - Distributed SDN
Neutron-Server
Dragonflow Plugin
DB
OVSDragonflow
DBDriver
Compute Node
OVSDragonflow
DBDriver
Compute Node
OVSDragonflowDB
Driver
Compute Node
OVSDragonflowDB
Driver
Compute Node
DB
VM VM..VM VM..
VM VM.. VM VM..
Compute Node Compute Node Compute Node Dragonflow
Network DB
OVS
NeutronServer
OVSDB
OVSDB-Server
ETCD RethinkDBRAMCloud
Kernel Datapath Module
NIC
User Space
Kernel Space
Dragonflow DB DriversOVSDB ETCD RethinkDBRMC
Future
Dragonflow PluginRoute Core
API SG
vswitchd
Container
VM Dragonflow ControllerAbstraction Layer
L2 App L3 AppDHCP App
FaultDetection
SG
LBaaS …FWaaS
Pluggable DB Layer
NB D
B Dr
iver
s
SB DB Drivers
smartNIC OVSDB
OVSDB
ETCD
RMC
RethinkDB
OpenFlow
Dragonflow – Under The Hood
Current Release Features (Liberty)L2 core API, IPv4, IPv6
GRE/VxLAN/Geneve tunneling protocols
Distributed L3 Virtual RouterHybrid proactive + reactive flow installationNorth-South traffic is still centralized
Distributed DHCP (with just 500 lines of code!)
Pluggable Distributed DatabaseETCD, RethinkDB, RAMCloud, OVSDB
Dragonflow Distributed DHCP
Page 6
Network Node
DHCP namespace
DHCP namespace
DHCP namespace
DHCP namespace
Neutron DHCP Implementation
DHCP namespace
dnsmasq
DHCPAgent
Neutron Server
Message QueueExample• 100 Tenants• 3 vNet / tenant= 300 DHCP Servers
1 VM Send DHCP_DISCOVER
2 Classify Flow as DHCP, Forward to Controller
3 DHCP App sends DHCP_OFFER back to VM
4 VM Send DHCP_REQUEST
5 Classify Flow as DHCP, Forward to Controller
6 DHCP App populates DHCP_OPTIONS from DB/CFG and send DHCP_ACK
Dragonflow Distributed DHCP
DHCP DISCOVER
VM DHCP SERVER
DHCP OFFER DHCPREQUEST
DHCPACK
13
46
7
Compute Node
Dragonflow
VM
OVS
VM
1 2
br-intqvoXXX qvoXXX
OpenFlow
14
25
7
Dragonflow ControllerAbstraction Layer
L2App
L3App
DHCPApp SG
36
Pluggable DB Layer
DB
Dragonflow Distributed DHCP
Match: Broadcast +UDP +S_Port=68 +D_Port=67
Action:Send to DHCP table
Service Table
DHCP TableMatch: in_port => Action:
Set metadata with port unique keySEND TO CONTROLLER
(for every local port that its network has DHCP enabled)
Default:goto “L2 Lookup Table”
Compute Node
VM
OVS
br-intqvoXXX
VM
qvoXXX
1 2
DragonflowDragonflow Local Controller
Abstraction Layer L2
AppL3
AppDHCP App SG
DB
OpenFlow
Ingress Port SecurityIngress ClassificationDispatch to Ports
Dragonflow Pluggable DB
Page 10
Database FrameworkRequirements• HA + Scalability• Different Environments have different requirements
• Performance, Latency, Scalability, etc.
Why Pluggable?• Long time to productize• Mature Open Source alternatives• Allow us to focus on the networking services only
DB Driver APIImplementations
RAMCloud
ETCD
RethinkDB
Zookeeper
Dragonflow Pluggable Database
Compute Node Compute Node Compute Node
DragonflowLocal
Controller
PluggableDB Layer
Applicative DB LayerAdapter
DBDriver
API
Expose DB Features
Neutron ServerDragonflow
Neutron Plugin
DB Operations
DatabaseServer
DB Adapter
DB Adapter
DB Adapter
DistributedDatabase
DB Data 3DB Data 2DB Data 1
Full Distribution
Compute Node 1
DragonflowLocal Cache
OVS
DB Data 1
Compute Node NDragonflow
OVS
Local Cache
DB Data 3DB Data 2
Dragonflow DB DriversOVSDB ETCD RethinkDBRMC
Selective Proactive Distribution
Compute Node 1
DragonflowLocal Cache
OVS
Net1 – VM1, VM2
Compute Node 2Dragonflow
OVS
Local CacheNet2 – VM3, VM4
VM1 VM2 VM3 VM4
RethinkDB
Net2 – VM3, VM4Net1 – VM1, VM2
DragonFlow Roadmap
Page 15
Roadmap Distributed DNAT Security Group Selective Proactive DB Containers (Kuryr plugin and nested VM support) Hierarchical Port Binding (SDN ToR) move to ML2 Pluggable Pub/Sub Mechanism Additional DBs Drivers ZooKeeper, Redis … Topology Service Injection / Service Chaining Inter Cloud Connectivity (Boarder Gateway / L2GW) …
DragonFlow Pipeline
Page 17
DragonFlow PipelineInstalled in every OVS
Service TrafficClassification
Ingress Processing
(NAT, BUM)
ARP DHCP
L2Lookup
L3LookupDVR
EgressDispatching outgoing traffic to external nodes or local ports
Ingress Port Security(ARP spoofing , SG, …)
EgressPortSecurity
EgressProcessing
(NAT)
Fully Proactive
Has Reactive Flows to Controller
Security Groups
…
Outgoing from local port Classification and tagging
Dispatching Incoming traffic from external nodes to local ports
Dragonflow for Containers Architecture Blueprint
Project Kuryr and Dragonflow
DragonflowPlugin
Compute Node
Mixed OpenStack Environments
VM
DragonflowController OVS(Controller: Dragonflow)
VM
OVS
Neutron network 1Neutron network 2Neutron network 3
Dragonflow Community
Join the project Dragonflow
• Documentation https://wiki.openstack.org/wiki/Dragonflow• Bugs & blueprints https://launchpad.net/dragonflow• DF IRC channel #openstack-dragonflow
Weekly on Monday at 0900 UTC in #openstack-meeting-4 (IRC)