Understanding Modular Layer 2 in OpenStack Neutron

M
o
d
u
l
a
r
 
L
a
y
e
r
 
2
 
I
n
O
p
e
n
S
t
a
c
k
 
N
e
u
t
r
o
n
Robert Kukura, Red Hat
Kyle Mestery, Cisco
 
1.
I’ve heard the Open vSwitch and Linuxbridge
Neutron Plugins are being deprecated.
2.
I’ve heard ML2 does some cool stuff!
3.
I don’t know what ML2 is but want to learn
about it and what it provides.
W
h
a
t
 
i
s
 
M
o
d
u
l
a
r
 
L
a
y
e
r
 
2
?
A new Neutron core plugin in Havana
Modular
o
Drivers for layer 2 network types and mechanisms -
interface with agents, hardware, controllers, ...
o
Service plugins and their drivers for layer 3+
Works with existing L2 agents
o
openvswitch
o
linuxbridge
o
hyperv
Deprecates existing monolithic plugins
o
openvswitch
o
linuxbridge
M
o
t
i
v
a
t
i
o
n
s
 
F
o
r
 
a
M
o
d
u
l
a
r
 
L
a
y
e
r
 
2
 
P
l
u
g
i
n
B
e
f
o
r
e
 
M
o
d
u
l
a
r
 
L
a
y
e
r
 
2
 
.
.
.
Neutron Server
Open vSwitch Plugin
OR
Neutron Server
Linuxbridge Plugin
OR ...
B
e
f
o
r
e
 
M
o
d
u
l
a
r
 
L
a
y
e
r
 
2
 
.
.
.
Neutron Server
Vendor X Plugin
I want to write
a Neutron
Plugin.
But I have to
duplicate a lot of
DB,
segmentation,
etc. work.
What a pain. :(
M
L
2
 
U
s
e
 
C
a
s
e
s
Replace existing monolithic plugins
o
Eliminate redundant code
o
Reduce development & maintenance effort
New features
o
Top-of-Rack switch control
o
Avoid tunnel flooding via L2 population
o
Many more to come...
Heterogeneous deployments
o
Specialized hypervisor nodes with distinct network
mechanisms
o
Integrate *aaS appliances
o
Roll new technologies into existing deployments
M
o
d
u
l
a
r
 
L
a
y
e
r
 
2
 
A
r
c
h
i
t
e
c
t
u
r
e
The Modular Layer 2 (ML2) Plugin is a
framework allowing OpenStack Neutron to
simultaneously utilize the variety of layer 2
networking technologies found in complex
real-world data centers.
W
h
a
t
s
 
S
i
m
i
l
a
r
?
ML2 is functionally a superset of the monolithic
openvswitch, linuxbridge, and hyperv plugins:
Based on NeutronDBPluginV2
Models networks in terms of provider attributes
RPC interface to L2 agents
Extension APIs
W
h
a
t
s
 
D
i
f
f
e
r
e
n
t
?
ML2 introduces several innovations to achieve
its goals:
Cleanly separates management of network types from
the mechanisms for accessing those networks
o
Makes types and mechanisms pluggable via drivers
o
Allows multiple mechanism drivers to access same
network simultaneously
o
Optional features packaged as mechanism drivers
Supports multi-segment networks
Flexible port binding
L3 router extension integrated as a service plugin
M
L
2
 
A
r
c
h
i
t
e
c
t
u
r
e
 
D
i
a
g
r
a
m
Neutron Server
ML2 Plugin
Type Manager
Mechanism Manager
API Extensions
GRE
TypeDriver
Arista
VLAN
TypeDriver
VXLAN
TypeDriver
Cisco Nexus
Hyper-V
L2
Population
Linuxbridge
Open
vSwitch
Tail-F NCS
M
u
l
t
i
-
S
e
g
m
e
n
t
 
N
e
t
w
o
r
k
s
VXLAN 123567
physnet1 VLAN 37
physnet2 VLAN 413
VM 1
VM 2
VM 3
Created via multi-provider API extension
Segments bridged administratively (for now)
Ports associated with network, not specific segment
Ports bound automatically to segment with connectivity
T
y
p
e
 
D
r
i
v
e
r
 
A
P
I
class TypeDriver(object):
    @abstractmethod
    def get_type(self):
        pass
    @abstractmethod
    def initialize(self):
        pass
    @abstractmethod
    def validate_provider_segment(self, segment):
        pass
    @abstractmethod
    def reserve_provider_segment(self, session, segment):
        pass
    @abstractmethod
    def allocate_tenant_segment(self, session):
        pass
    @abstractmethod
    def release_segment(self, session, segment):
        pass
M
e
c
h
a
n
i
s
m
 
D
r
i
v
e
r
 
A
P
I
class MechanismDriver(object):
    @abstractmethod
    def initialize(self):
        pass
    def create_network_precommit(self, context):
        pass
    def create_network_postcommit(self, context):
        pass
    def update_network_precommit(self, context):
        pass
    def update_network_postcommit(self, context):
        pass
    def delete_network_precommit(self, context):
        pass
    def delete_network_postcommit(self, context):
        pass
    def create_subnet_precommit(self, context):
        pass
    def create_subnet_postcommit(self, context):
        pass
    def update_subnet_precommit(self, context):
        pass
    def update_subnet_postcommit(self, context):
        pass
    def delete_subnet_precommit(self, context):
        pass
    def delete_subnet_postcommit(self, context):
        pass
    def create_port_precommit(self, context):
        pass
    def create_port_postcommit(self, context):
        pass
    def update_port_precommit(self, context):
        pass
    def update_port_postcommit(self, context):
        pass
    def delete_port_precommit(self, context):
        pass
    def delete_port_postcommit(self, context):
        pass
    def bind_port(self, context):
        pass
    def validate_port_binding(self, context):
        return False
    def unbind_port(self, context):
        pass
class NetworkContext(object):
    @abstractproperty
    def current(self):
        pass
    @abstractproperty
    def original(self):
        pass
    @abstractproperty
    def network_segments(self):
        pass
P
o
r
t
 
B
i
n
d
i
n
g
Determines values for port’s binding:vif_type and
binding:capabilities attributes and selects
segment
Occurs when binding:host_id set on port or
existing valid binding
ML2 plugin calls bind_port() on registered
MechanismDrivers, in order listed in config, until
one succeeds or all have been tried
Driver determines if it can bind based on:
o
context.network.network_segments
o
context.current[‘binding:host_id’]
o
context.host_agents()
For L2 agent drivers, binding requires live L2
agent on port’s host that:
o
Supports the network_type of a segment
of the port’s network
o
Has a mapping for that segment’s
physical_network if applicable
If it can bind the port, driver calls
context.set_binding() with binding details
If no driver succeeds, port’s binding:vif_type set
to BINDING_FAILED
class PortContext(object):
    @abstractproperty
    def current(self):
        pass
    @abstractproperty
    def original(self):
        pass
    @abstractproperty
    def network(self):
        pass
    @abstractproperty
    def bound_segment(self):
        pass
    @abstractmethod
    def host_agents(self, agent_type):
        pass
    @abstractmethod
    def set_binding(self, segment_i
d,
   
vif_type,
                    cap_port_filter):
        pass
H
a
v
a
n
a
 
F
e
a
t
u
r
e
s
T
y
p
e
 
D
r
i
v
e
r
s
 
i
n
 
H
a
v
a
n
a
The following are supported segmentation
types in ML2 for the Havana release:
local
flat
VLAN
GRE
VXLAN
M
e
c
h
a
n
i
s
m
 
D
r
i
v
e
r
s
 
i
n
 
H
a
v
a
n
a
The following ML2 MechanismDrivers exist in
Havana:
Arista
Cisco Nexus
Hyper-V Agent
L2 Population
Linuxbridge Agent
Open vSwitch Agent
Tail-f NCS
B
e
f
o
r
e
M
L
2
 
L
2
 
P
o
p
u
l
a
t
i
o
n
 
M
e
c
h
a
n
i
s
m
D
r
i
v
e
r
Host 1
Host 2
Host 3
Host 4
Host 1
VM A
VM G
VM E
VM D
VM B
VM C
VM F
VM H
VM I
“VM A” wants to talk to “VM G.” “VM A” sends a
broadcast packet, which is replicated to the entire
tunnel mesh.
W
i
t
h
M
L
2
 
L
2
 
P
o
p
u
l
a
t
i
o
n
 
M
e
c
h
a
n
i
s
m
D
r
i
v
e
r
Host 1
Host 2
Host 3
Host 4
Host 1
VM A
VM G
VM E
VM D
VM B
VM C
VM F
VM H
VM I
The ARP request from “VM A” for “VM G” is
intercepted and answered using a pre-populated
neighbor entry.
Proxy Arp
Traffic from “VM A” to “VM G” is
encapsulated and sent to “Host 4”
according to the bridge forwarding
table entry.
M
o
d
u
l
a
r
 
L
a
y
e
r
 
2
 
F
u
t
u
r
e
s
M
L
2
 
F
u
t
u
r
e
s
:
 
D
e
p
r
e
c
a
t
i
o
n
 
I
t
e
m
s
The future of the Open vSwitch and
Linuxbridge plugins
o
These are planned for deprecation in Icehouse
o
ML2 supports all their functionality
o
ML2 works with the existing OVS and Linuxbrige
agents
o
No new features being added in Icehouse to OVS
and Linuxbridge plugins
Migration Tool being developed
P
l
u
g
i
n
 
v
s
.
 
M
L
2
 
M
e
c
h
a
n
i
s
m
D
r
i
v
e
r
?
Advantages of writing an ML2 Driver instead
of a new monolithic plugin
o
Much less code to write (or clone) and maintain
o
New neutron features supported as they are added
o
Support for heterogeneous deployments
Vendors integrating new plugins should
consider an ML2 Driver instead
o
Existing plugins may want to migrate to ML2 as well
M
L
2
 
W
i
t
h
 
C
u
r
r
e
n
t
 
A
g
e
n
t
s
Neutron Server
ML2
Plugin
Host A
Linuxbridge
Agent
Host B
Hyper-V
Agent
Host C
Open vSwitch
Agent
Host D
Open vSwitch
Agent
API Network
Existing ML2 Plugin
works with existing
agents
Separate agents for
Linuxbridge, Open
vSwitch, and Hyper-V
M
L
2
 
W
i
t
h
 
M
o
d
u
l
a
r
 
L
2
 
A
g
e
n
t
Neutron Server
ML2
Plugin
Host A
Modular
Agent
Host B
Modular
Agent
Host C
Modular
Agent
Host D
Modular
Agent
API Network
Future direction is to
combine Open
Source Agents
Have a single agent
which can support
Linuxbridge and Open
vSwitch
Pluggable drivers for
additional vSwitches,
Infiniband, SR-IOV, ...
M
L
2
 
D
e
m
o
W
h
a
t
 
t
h
e
 
D
e
m
o
 
W
i
l
l
 
S
h
o
w
ML2 running with multiple MechanismDrivers
openvswitch
cisco_nexus
Booting multiple VMs on multiple compute
hosts
Hosts are running Fedora
Configuration of VLANs across both virtual
and physical infrastructure
M
L
2
 
D
e
m
o
 
S
e
t
u
p
Host 1
Host 2
Cisco Nexus Switch
eth2/1
eth2/2
eth2
nova compute
nova api
...
neutron server
neutron ovs agent
neutron dhcp
neutron l3 agent
nova compute
neutron ovs
agent
eth2
br-eth2
br-int
br-eth2
br-int
 
vm1
VLAN is added on
the VIF for VM1
and also on the
br-eth2 ports by
the ML2 OVS
MechanismDriver.
The ML2 Cisco
Nexus
MechanismDriver
trunks the VLAN
on eth2/1.
vm2
VLAN is added on
the VIF for VM2
and also on the
br-eth2 ports by
the ML2 OVS
MechanismDriver.
The ML2 Cisco
Nexus
MechanismDriver
trunks the VLAN
on eth2/2.
VM1 can ping
VM2 … we’ve
successfully
completed the
standard network
test.
Q
u
e
s
t
i
o
n
s
?
Slide Note
Embed
Share

Modular Layer 2 (ML2) is a new core plugin in OpenStack Neutron that enables interface with various network mechanisms and types for enhanced flexibility and efficiency. It replaces deprecated plugins like Open vSwitch and Linuxbridge, offering a more modular and feature-rich approach for managing layer 2 networking in complex data centers.


Uploaded on Sep 24, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Modular Layer 2 In OpenStack Neutron Robert Kukura, Red Hat Kyle Mestery, Cisco

  2. 1. Ive heard the Open vSwitch and Linuxbridge Neutron Plugins are being deprecated. 2. I ve heard ML2 does some cool stuff! 3. I don t know what ML2 is but want to learn about it and what it provides.

  3. What is Modular Layer 2? A new Neutron core plugin in Havana Modular o Drivers for layer 2 network types and mechanisms - interface with agents, hardware, controllers, ... o Service plugins and their drivers for layer 3+ Works with existing L2 agents o openvswitch o linuxbridge o hyperv Deprecates existing monolithic plugins o openvswitch o linuxbridge

  4. Motivations For a Modular Layer 2 Plugin

  5. Before Modular Layer 2 ... Neutron Server Neutron Server OR OR ... Open vSwitch Plugin Linuxbridge Plugin

  6. Before Modular Layer 2 ... I want to write a Neutron Plugin. What a pain. :( Neutron Server But I have to duplicate a lot of DB, segmentation, etc. work. Vendor X Plugin

  7. ML2 Use Cases Replace existing monolithic plugins o Eliminate redundant code o Reduce development & maintenance effort New features o Top-of-Rack switch control o Avoid tunnel flooding via L2 population o Many more to come... Heterogeneous deployments o Specialized hypervisor nodes with distinct network mechanisms o Integrate *aaS appliances o Roll new technologies into existing deployments

  8. Modular Layer 2 Architecture

  9. The Modular Layer 2 (ML2) Plugin is a framework allowing OpenStack Neutron to simultaneously utilize the variety of layer 2 networking technologies found in complex real-world data centers.

  10. Whats Similar? ML2 is functionally a superset of the monolithic openvswitch, linuxbridge, and hyperv plugins: Based on NeutronDBPluginV2 Models networks in terms of provider attributes RPC interface to L2 agents Extension APIs

  11. Whats Different? ML2 introduces several innovations to achieve its goals: Cleanly separates management of network types from the mechanisms for accessing those networks o Makes types and mechanisms pluggable via drivers o Allows multiple mechanism drivers to access same network simultaneously o Optional features packaged as mechanism drivers Supports multi-segment networks Flexible port binding L3 router extension integrated as a service plugin

  12. ML2 Architecture Diagram Neutron Server ML2 Plugin API Extensions Type Manager Mechanism Manager Cisco Nexus Linuxbridge Tail-F NCS TypeDriver TypeDriver TypeDriver Population Hyper-V vSwitch VXLAN VLAN Arista Open GRE L2

  13. Multi-Segment Networks VXLAN 123567 physnet1 VLAN 37 physnet2 VLAN 413 VM 1 VM 2 VM 3 Created via multi-provider API extension Segments bridged administratively (for now) Ports associated with network, not specific segment Ports bound automatically to segment with connectivity

  14. Type Driver API class TypeDriver(object): @abstractmethod def get_type(self): pass @abstractmethod def initialize(self): pass @abstractmethod def validate_provider_segment(self, segment): pass @abstractmethod def reserve_provider_segment(self, session, segment): pass @abstractmethod def allocate_tenant_segment(self, session): pass @abstractmethod def release_segment(self, session, segment): pass

  15. Mechanism Driver API def create_port_precommit(self, context): pass class MechanismDriver(object): @abstractmethod def initialize(self): pass def create_port_postcommit(self, context): pass def create_network_precommit(self, context): pass def update_port_precommit(self, context): pass def create_network_postcommit(self, context): pass def update_port_postcommit(self, context): pass def update_network_precommit(self, context): pass def delete_port_precommit(self, context): pass def update_network_postcommit(self, context): pass def delete_port_postcommit(self, context): pass def delete_network_precommit(self, context): pass def bind_port(self, context): pass def delete_network_postcommit(self, context): pass def validate_port_binding(self, context): return False def create_subnet_precommit(self, context): pass def unbind_port(self, context): pass class NetworkContext(object): @abstractproperty def current(self): pass def create_subnet_postcommit(self, context): pass def update_subnet_precommit(self, context): pass @abstractproperty def original(self): pass def update_subnet_postcommit(self, context): pass @abstractproperty def network_segments(self): pass def delete_subnet_precommit(self, context): pass def delete_subnet_postcommit(self, context): pass

  16. Port Binding class PortContext(object): @abstractproperty def current(self): pass Determines values for port s binding:vif_type and binding:capabilities attributes and selects segment Occurs when binding:host_id set on port or existing valid binding @abstractproperty def original(self): pass ML2 plugin calls bind_port() on registered MechanismDrivers, in order listed in config, until one succeeds or all have been tried @abstractproperty def network(self): pass Driver determines if it can bind based on: context.network.network_segments context.current[ binding:host_id ] context.host_agents() o o o @abstractproperty def bound_segment(self): pass @abstractmethod def host_agents(self, agent_type): pass For L2 agent drivers, binding requires live L2 agent on port s host that: Supports the network_type of a segment of the port s network o @abstractmethod def set_binding(self, segment_id, Has a mapping for that segment s physical_network if applicable o vif_type, cap_port_filter): pass If it can bind the port, driver calls context.set_binding() with binding details If no driver succeeds, port s binding:vif_type set to BINDING_FAILED

  17. Havana Features

  18. Type Drivers in Havana The following are supported segmentation types in ML2 for the Havana release: local flat VLAN GRE VXLAN

  19. Mechanism Drivers in Havana The following ML2 MechanismDrivers exist in Havana: Arista Cisco Nexus Hyper-V Agent L2 Population Linuxbridge Agent Open vSwitch Agent Tail-f NCS

  20. Before ML2 L2 Population MechanismDriver VM A wants to talk to VM G. VM A sends a broadcast packet, which is replicated to the entire tunnel mesh. VM A VM B Host 1 VM I VM C Host 1 Host 2 VM H Host 4 Host 3 VM G VM F VM E VM D

  21. With ML2 L2 Population MechanismDriver The ARP request from VM A for VM G is intercepted and answered using a pre-populated neighbor entry. Traffic from VM A to VM G is encapsulated and sent to Host 4 according to the bridge forwarding table entry. VM A VM B Host 1 Proxy Arp VM I VM C Host 2 Host 1 VM H Host 4 Host 3 VM G VM F VM E VM D

  22. Modular Layer 2 Futures

  23. ML2 Futures: Deprecation Items The future of the Open vSwitch and Linuxbridge plugins o These are planned for deprecation in Icehouse o ML2 supports all their functionality o ML2 works with the existing OVS and Linuxbrige agents o No new features being added in Icehouse to OVS and Linuxbridge plugins Migration Tool being developed

  24. Plugin vs. ML2 MechanismDriver? Advantages of writing an ML2 Driver instead of a new monolithic plugin o Much less code to write (or clone) and maintain o New neutron features supported as they are added o Support for heterogeneous deployments Vendors integrating new plugins should consider an ML2 Driver instead o Existing plugins may want to migrate to ML2 as well

  25. ML2 With Current Agents Existing ML2 Plugin works with existing agents Separate agents for Linuxbridge, Open vSwitch, and Hyper-V Neutron Server ML2 Plugin API Network Host A Host B Host C Host D Linuxbridge Agent Hyper-V Agent Open vSwitch Agent Open vSwitch Agent

  26. ML2 With Modular L2 Agent Future direction is to combine Open Source Agents Have a single agent which can support Linuxbridge and Open vSwitch Pluggable drivers for additional vSwitches, Infiniband, SR-IOV, ... Neutron Server ML2 Plugin API Network Host A Host B Host C Host D Modular Agent Modular Agent Modular Agent Modular Agent

  27. ML2 Demo

  28. What the Demo Will Show ML2 running with multiple MechanismDrivers openvswitch cisco_nexus Booting multiple VMs on multiple compute hosts Hosts are running Fedora Configuration of VLANs across both virtual and physical infrastructure

  29. ML2 Demo Setup Host 1 Host 2 VLAN is added on VLAN is added on the VIF for VM2 and also on the br-eth2 ports by the ML2 OVS nova compute the VIF for VM1 and also on the br-eth2 ports by the ML2 OVS MechanismDriver. nova api ... neutron ovs agent MechanismDriver. neutron server neutron ovs agent nova compute neutron dhcp neutron l3 agent vm1 vm2 VM1 can ping VM2 we ve successfully completed the standard network test. br-int br-int br-eth2 br-eth2 eth2 eth2 The ML2 Cisco Nexus MechanismDriver trunks the VLAN on eth2/1. The ML2 Cisco Nexus MechanismDriver trunks the VLAN on eth2/2. eth2/1 eth2/2 Cisco Nexus Switch

  30. Questions?

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#