Slides of the techtalk I gave at Openstack Summit Paris 2014 with Mathieu Rohon.
We discuss how BGP VPNs can be integrated into Neutron, for fun and profit !
Video at: https://www.youtube.com/watch?v=q5z0aPrUZYc
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Neutron and BGP VPNs with BaGPipe
1. Neutron and BGP VPNs with BaGPipe
Thomas Morin
Mathieu Rohon
Openstack Paris - Nov. 2014
2. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange
2
Neutron and BGP VPNs: two use cases
BGP VPNs…
–standard BGP extensions to build multi-site L2 or L3 virtual networks
–well-known technologies in network providers’ networks
Two use cases in the context of Openstack
–A: connectivity between Openstack and BGP VPNs outside the DC
–seamless solution for hybdrid cloud, multi-DC, cloud op/net op interco
–B: build Neutron L2 networks using BGP VPNs
–proven scalability
Let’s see …how we can address them
With a focus on…
–minimizing complexity
–(number of protocols & components added to the base Opentack/Neutron architecture)
–code reuse
3. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange
3
API extension:
–Admin: neutron bgpvpn-connection- create --route-target 64512:2 -- tenant-id <uuid>
–Tenant: neutron bgpvpn-connection- update <bgpvpn id> -- network-id <uuid>
BGPVPN service plugin implements the BGPVPN extension
tells the VPNAgent/BGP which VPN route to advertise
the agent and BGP speaker manipulate:
–the neutron router to add VPN routes in the router namespace
–the OVS bridge to forward MPLS traffic
Use case A Connectivity bw. Openstack and BGP VPNs outside the DC
IP/MPLS WAN
Nova
Neutron
…
ML2Plugin
compute
VM
VM
compute
VM
VM
network node
net ns
net ns
network physical infra
AS BR
BGP IP VPN
Inter-AS
VXLAN, …
MPLS (or MPLS/GRE)
bridge
bridge
Neutron
L2Agent
Neutron L2Agent
Neutron VPNAgent
BGP
Nova
Nova
Neutron L2Agent
MPLS bridge
bridge
BGPVPN Service Plugin
…
BGP VPN Connection API
Cloud Edge
4. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange
4
Neutron status and related work
What we currently have:
–an API extension is under review:
–https://review.openstack.org/#/c/93329/
–BaGPipe BGP: a BGP speaker with MPLS VPN capabilities
–inhouse dev, opensourced last June
–lightweight: not a full-blown BGP implementation
–BGP encodings of ExaBGP are reused
–https://github.com/Orange-OpenSource/bagpipe-bgp
–OVS trunk which is capable of MPLS encap. in the datapath:
–github.com/openvswitch/ovs/blob/master/FAQ.md#q-does-open-vswitch- support-mpls
–a detailed design proposal:
–https://docs.google.com/drawings/d/1NN4tDgnZlBRr8ZUf5- 6zzUcnDOUkWSnSiPm8LuuAkoQ
–Neutron plugins/MD which already deal with MPLS use cases and could leverage the BGPVPN API extension:
–OpenContrail plugin
–NuageNetwork MD for ML2
related work in Neutron:
–BGP dynamic routing: https://review.openstack.org/#/c/125401
–Service insertion/chaining
–l3 agent refactoring (modular l3 agent)
–similarly as for DVR, relevant to distribute MPLS capabilities on compute nodes
5. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange
5
Nova
Neutron
…
…
ML2Plugin BaGPipe mech driver
VM
VM
VM
VM
VM
VM
network
physical infra
BGP Route Reflectors
BGP E-VPN
VXLAN encap (or MPLS/x/IP)
vSwitch
vSwitch
vSwitch
Neutron
BaGPipe Agent
Neutron
BaGPipe Agent
Neutron
BaGPipe Agent
BGP
BGP
BGP
Nova
Nova
Nova
Use case B Build Neutron L2 networks using BGP VPNs
Overlay architecture
–VXLAN encapsulation of VM-to-VM traffic, by the vswitch
vSwitches forwarding tables populated by BGP VPN extensions
–lightweight/barebone implementation of BGP VPNs
–E-VPN: draft-ietf-l2vpn-evpn
Ok but why ??
–scalability proven to millions of endpoints
–route reflection techniques with publish/subscribe mapping distribution
–standards: can interop with other solutions, including hardware vendors ToR switches
Note: similar as Nuage Networks or OpenContrail, but lightweight and built-in into Neutron
6. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange
6
Use case B Build Neutron L2 networks using BGP VPNs
Status
–we have had running code for months
–ML2 plugin BaGPipe mechanism driver
–BaGPipe agent
–BaGPipe BGP VPN implementation
–github.com/Orange-OpenSource/bagpipe-bgp
Next steps
–push ML2 mech. driver and agent in Kilo
–pick an opensource route reflector
–Quagga, BIRD, OpenContrail BGP stack
More…
–integrate with third-party E-VPN ToR switches
–inter-subnet connectivity
–service-chaining
7. Neutron and BGP VPNs with BaGPipe - Thomas Morin / Mathieu Rohon - Orange
7
Wrap up
Use case A: integrating Neutron with BGP VPNs outside DCs is a Real Need for some players
Use case B: using BGP VPNs inside the DC is an opportunity (for everyone)
We didn’t say “SDN” or “NFV”, but of course, it is what this is all about
–…except we try to provide all this directly through Neutron with less additional components than SDN branded products
Next step: Kilo integration ?? Neutron incubator ?
Want to help…
–contact us, {thomas.morin,mathieu.rohon}@orange.com
–follow the blueprint
–discuss on openstack-dev
Want to follow…
–http://github.com/Orange-OpenSource/bagpipe-bgp
–twitter @netpeeker