name: title class: center, middle # Introduction to Openstack Neutron .presenter[ Sławek Kapłoński slawomir.kaplonski@ovh.net IRC: slaweq ] --- # Agenda 1. What is Neutron? * what is it for in Openstack world? * overview 2. Neutron server in details: * functions of Neutron server * main components of Neutron server 3. Neutron agents: * L2 agents (openvswitch, linuxbridge, etc.), * L3 agent, * metadata, dhcp agents. 4. Basic concepts in Neutron 5. Examples of usage Neutron CLI client 6. Standard workflow between Nova and Neutron 7. Network scenario example --- class: center # Neutron in Openstack world ![openstack_architecture](images/openstack-software-diagram.png) source: http://www.openstack.org/software ### Neutron is Networking as a Service for Openstack ??? From openstack wiki: Neutron is an OpenStack project to provide "networking as a service" between interface devices (e.g., vNICs) managed by other Openstack services (e.g., nova). --- class: center # Neutron main components ![architecture](images/components_architecture_server.png) --- class: center # Neutron server functions .left_side_list[ * SDN controller ] -- .left_side_list[ * Process REST API requests ] -- .left_side_list[ * Access to database - it is the only component with access to database ] -- .left_side_list[ * Communicate with agents via RPC (rabbitmq) ] -- .left_side_list[ * Stateless ] --- class: center # Neutron server components .left_side_list[ * Core plugin - for example ML2 with drivers for openvswitch, linuxbridge and/or SR-IOV ] -- .left_side_list[ * Service plugins - like QoS, firewall or l3 router and many others ] -- .left_side_list[ * API extenstions - used to add custom REST API functions, list of enabled extenstions can be checked via API call: ] ``` admin@devstack-1:/opt/stack/neutron$ neutron ext-list +---------------------------+-----------------------------------------------+ | alias | name | +---------------------------+-----------------------------------------------+ | default-subnetpools | Default Subnetpools | | qos | Quality of Service | +---------------------------+-----------------------------------------------+ ``` --- class: center # Neutron agents ## L2 agent ![architecture](images/components_architecture_l2agent.png) --- class: center # Neutron agents ## L2 agent .left_side_list[ * Runs on each compute and network node ] -- .left_side_list[ * Communicate only with Neutron server via RPC ] -- .left_side_list[ * Provide L2 connectivity for example for instances ] --- class: center # Neutron agents ## L3 agent ![architecture](images/components_architecture_l3agent.png) --- class: center # Neutron agents ## L3 agent .left_side_list[ * Typically runs on network nodes ] -- .left_side_list[ * Provides L3 services like: * routing between L2 networks * floating IPs ] -- .left_side_list[ * uses standard Linux tools: * standard Linux IP stack, * iptables (NAT), * network namespaces to provide isolated routers ] --- class: center # Neutron agents ## DHCP and Metadata agent ![architecture](images/components_architecture_dhcp_metadata.png) --- class: center # Neutron agents ## DHCP and Metadata agent .left_side_list[ * Both agents typically runs on network nodes ] -- .left_side_list[ * DHCP agent provides dhcp service for instances ] -- .left_side_list[ * Metadata agent provides proxy between instances and nova-api metadata service and provides metadata service for instances on 169.254.169.254:80 ] -- .left_side_list[ * Metadata agent can work together with DHCP or L3 agent ] --- class: center # Basic concepts in Neutron .left_side_list[ * network - isolated L2 network segment, like VLAN in physical networking world * tenant network - private network used in tenant, it can be done with VXLAN or GRE tunneling * provider network - mapped directly to physical network in datacenter; it can be VLAN or flat network * external network - like provider network but also provide access to internet ] -- .left_side_list[ * subnet - block of IPv4 or IPv6 addresses with configuration like dhcp server IP, gateway IP address, static routes ] --- class: center # Basic concepts in Neutron .left_side_list[ * port - connection point for attaching a single device, such as the NIC of a instance, to a virtual network ] -- .left_side_list[ * static IP - IP address assigned to port and configured for example on instance * floating IP - public IP address, configured on router and routed (NAT) to some static IP address; it is not configured on instance directly and can be easily moved to another instance ] --- class: center # CLI client usage .left_side_list[ * create network ] ``` admin@devstack-1:~$ neutron net-create Local-Network Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2016-08-01T12:38:36 | | description | | | id | 74149489-5cd6-473e-aeb7-d003652c8048 | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 0 | | name | Local-Network | | port_security_enabled | True | | provider:network_type | local | | provider:physical_network | | | provider:segmentation_id | | ``` --- class: center # CLI client usage .left_side_list[ * create subnet ] ``` admin@devstack-1:~$ neutron subnet-create Local-Network 10.0.0.0/24 Created a new subnet: +-------------------+--------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------+ | allocation_pools | {"start": "10.0.0.2", "end": "10.0.0.254"} | | cidr | 10.0.0.0/24 | | created_at | 2016-08-01T12:47:28 | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | 9f31692e-f2b8-4db0-9073-1c732373b9af | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | | | network_id | 74149489-5cd6-473e-aeb7-d003652c8048 | | subnetpool_id | | ``` --- class: center # CLI client usage .left_side_list[ * Spawn instance connected to network ] ``` admin@devstack-1:~$ nova boot --image cirros-0.3.4-i386-disk \ --nic net-id=74149489-5cd6-473e-aeb7-d003652c8048 --flavor m1.micro VM-1 +--------------------------------------+----------------------------------------+ | Property | Value | +--------------------------------------+----------------------------------------+ | OS-DCF:diskConfig | MANUAL | | accessIPv4 | | | accessIPv6 | | | adminPass | U9h5cGcnZ2tm | | created | 2016-08-01T12:51:11Z | | flavor | m1.micro (84) | | id | e4d99f99-f189-4b6a-b37d-ec1f0e106e7d | | image | cirros-0.3.4-i386-disk | | key_name | - | | locked | False | | metadata | {} | | name | VM-1 | | os-extended-volumes:volumes_attached | [] | | security_groups | default | | status | BUILD | ``` --- class: center, workflow # Standard workflow between Nova and Neutron .left_side_list[ * nova-compute is spawning instance on compute node and call Neutron API to create new port (like neutron port-create ...) ] ![workflow_1](images/workflow_1.png) --- class: center, workflow # Standard workflow between Nova and Neutron .left_side_list[ * neutron-server creates port in desired network, allocate IP for this port and try to bind port with one of enabled mechanism drivers ] ![workflow_1](images/workflow_2.png) --- class: center, workflow # Standard workflow between Nova and Neutron .left_side_list[ * nova-compute receives from Neutron informations about new port and prepare to connect tap device (e.g. create bridge) * neutron-server notify L2 agent and DHCP agent about new port * nova-compute starts instances and pause it for a while ] ![workflow_1](images/workflow_3.png) --- class: center, workflow # Standard workflow between Nova and Neutron .left_side_list[ * Neutron L2 agent connects port to L2 network (vlan tagging, openflow rules, etc.) and notify neutron-server that port is ACTIVE * neutron-server notify nova-api that port for instance is ready, nova-compute can then unpause instance ] ![workflow_1](images/workflow_4.png) --- class: center, scenario #Network scenario example ![scenario overview](images/scenario-legacy-general.png) --- class: center, scenario #Network scenario example .left_image[ ![scenario compute 1](images/scenario-legacy-ovs-compute1.png) ] .right_image[ ![scenario compute 2](images/scenario-legacy-ovs-compute2.png) ] --- class: center, scenario #Network scenario example .left_image[ ![scenario network 1](images/scenario-legacy-ovs-network1.png) ] .right_image[ ![scenario network 2](images/scenario-legacy-ovs-network2.png) ] --- class: center, scenario #Network scenario example .image-fullwidth[ ![scenario flows](images/scenario-legacy-ovs-flowns1-compute.png) ] --- class: center, scenario #Network scenario example .image-w80pr[ ![scenario flows](images/scenario-legacy-ovs-flowns1-network.png) ] --- class: last # Questions? .presenters[ Sławek Kapłoński slawomir.kaplonski@ovh.net IRC: slaweq ] ## Do You want to build Openstack clouds? .job_link[ ovh.pl/jobs - Openstack Cloud Engineer ] ## Reference * https://wiki.openstack.org/wiki/Neutron * http://docs.openstack.org/liberty/networking-guide/deploy.html * http://slawqo.github.io/introduction_to_neutron/