Neutron and BGP VPNs with BaGPipe
•
7 recomendaciones•5,614 vistas
Slides of the techtalk I gave at Openstack Summit Paris 2014 with Mathieu Rohon. We discuss how BGP VPNs can be integrated into Neutron, for fun and profit ! Video at: https://www.youtube.com/watch?v=q5z0aPrUZYc
Recomendados
Recomendados
Más contenido relacionado
Destacado
Destacado (19)
Último
Último (20)
Neutron and BGP VPNs with BaGPipe
- 1. Neutron and BGP VPNs with BaGPipe Thomas Morin Mathieu Rohon Openstack Paris - Nov. 2014
- 2. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 2 Neutron and BGP VPNs: two use cases BGP VPNs… –standard BGP extensions to build multi-site L2 or L3 virtual networks –well-known technologies in network providers’ networks Two use cases in the context of Openstack –A: connectivity between Openstack and BGP VPNs outside the DC –seamless solution for hybdrid cloud, multi-DC, cloud op/net op interco –B: build Neutron L2 networks using BGP VPNs –proven scalability Let’s see …how we can address them With a focus on… –minimizing complexity –(number of protocols & components added to the base Opentack/Neutron architecture) –code reuse
- 3. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 3 API extension: –Admin: neutron bgpvpn-connection- create --route-target 64512:2 -- tenant-id <uuid> –Tenant: neutron bgpvpn-connection- update <bgpvpn id> -- network-id <uuid> BGPVPN service plugin implements the BGPVPN extension tells the VPNAgent/BGP which VPN route to advertise the agent and BGP speaker manipulate: –the neutron router to add VPN routes in the router namespace –the OVS bridge to forward MPLS traffic Use case A Connectivity bw. Openstack and BGP VPNs outside the DC IP/MPLS WAN Nova Neutron … ML2Plugin compute VM VM compute VM VM network node net ns net ns network physical infra AS BR BGP IP VPN Inter-AS VXLAN, … MPLS (or MPLS/GRE) bridge bridge Neutron L2Agent Neutron L2Agent Neutron VPNAgent BGP Nova Nova Neutron L2Agent MPLS bridge bridge BGPVPN Service Plugin … BGP VPN Connection API Cloud Edge
- 4. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 4 Neutron status and related work What we currently have: –an API extension is under review: –https://review.openstack.org/#/c/93329/ –BaGPipe BGP: a BGP speaker with MPLS VPN capabilities –inhouse dev, opensourced last June –lightweight: not a full-blown BGP implementation –BGP encodings of ExaBGP are reused –https://github.com/Orange-OpenSource/bagpipe-bgp –OVS trunk which is capable of MPLS encap. in the datapath: –github.com/openvswitch/ovs/blob/master/FAQ.md#q-does-open-vswitch- support-mpls –a detailed design proposal: –https://docs.google.com/drawings/d/1NN4tDgnZlBRr8ZUf5- 6zzUcnDOUkWSnSiPm8LuuAkoQ –Neutron plugins/MD which already deal with MPLS use cases and could leverage the BGPVPN API extension: –OpenContrail plugin –NuageNetwork MD for ML2 related work in Neutron: –BGP dynamic routing: https://review.openstack.org/#/c/125401 –Service insertion/chaining –l3 agent refactoring (modular l3 agent) –similarly as for DVR, relevant to distribute MPLS capabilities on compute nodes
- 5. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 5 Nova Neutron … … ML2Plugin BaGPipe mech driver VM VM VM VM VM VM network physical infra BGP Route Reflectors BGP E-VPN VXLAN encap (or MPLS/x/IP) vSwitch vSwitch vSwitch Neutron BaGPipe Agent Neutron BaGPipe Agent Neutron BaGPipe Agent BGP BGP BGP Nova Nova Nova Use case B Build Neutron L2 networks using BGP VPNs Overlay architecture –VXLAN encapsulation of VM-to-VM traffic, by the vswitch vSwitches forwarding tables populated by BGP VPN extensions –lightweight/barebone implementation of BGP VPNs –E-VPN: draft-ietf-l2vpn-evpn Ok but why ?? –scalability proven to millions of endpoints –route reflection techniques with publish/subscribe mapping distribution –standards: can interop with other solutions, including hardware vendors ToR switches Note: similar as Nuage Networks or OpenContrail, but lightweight and built-in into Neutron
- 6. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 6 Use case B Build Neutron L2 networks using BGP VPNs Status –we have had running code for months –ML2 plugin BaGPipe mechanism driver –BaGPipe agent –BaGPipe BGP VPN implementation –github.com/Orange-OpenSource/bagpipe-bgp Next steps –push ML2 mech. driver and agent in Kilo –pick an opensource route reflector –Quagga, BIRD, OpenContrail BGP stack More… –integrate with third-party E-VPN ToR switches –inter-subnet connectivity –service-chaining
- 7. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange 7 Wrap up Use case A: integrating Neutron with BGP VPNs outside DCs is a Real Need for some players Use case B: using BGP VPNs inside the DC is an opportunity (for everyone) We didn’t say “SDN” or “NFV”, but of course, it is what this is all about –…except we try to provide all this directly through Neutron with less additional components than SDN branded products Next step: Kilo integration ?? Neutron incubator ? Want to help… –contact us, {thomas.morin,mathieu.rohon}@orange.com –follow the blueprint –discuss on openstack-dev Want to follow… –http://github.com/Orange-OpenSource/bagpipe-bgp –twitter @netpeeker