DragonFlow sdn based distributed virtual router for openstack neutron
10 likes2,977 views
Dragonflow is a distributed virtual router implementation for OpenStack that enhances performance and scalability while eliminating the network node bottleneck. It simplifies the management of virtual routers by compiling them into standard forwarding flows, improving routing efficiency and reducing the need for extensive pre-configurations. The next release aims to support additional features like north-south L3 IPv4 distribution and multi-controller setups.
DragonFlow sdn based distributed virtual router for openstack neutron
- 1. Eran Gampel Chief Architect, Huawei European Research Center Eshed Gal-Or Sr Research Architect, Huawei European Research Center DragonFlow Solution Overview
- 2. Page 2 The Problem Network Node Bottleneck All inter-subnet traffic goes through the network controller In a typical cloud deployment scenario, most East-West application traffic is between subnets (e.g. the popular Web→App→DB pattern) Current model is mimicking physical world (router) network elements using virtual software components Using the Linux network namespace Pre-configured (regardless of actual need)
- 3. Page 3 Host 4 The Problem – continued (single tenant) Host 1 VM1 WWW Neutron Network Node Host 2 VM2 App Host 3 VM3 DB Overlay network Logical Connection Physical Switch Physical network
- 4. Page 4 The Problem – at scale (16 tenants) Host 4 Neutron Controller Host 4 Neutron Controller Physical Switch(es) Host 4 Neutron Controller Host 4Host 1 VM1 WWW Network Node Host 2 VM2 App Host 3 VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB Host 7 VM1 WWW Host 6 VM2 App Host 5 VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB Host 11 VM1 WWW Host 12 VM2 App Host 13 VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB Host 17 VM1 WWW Host 16 VM2 App Host 15 VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB VM1 WWW VM2 App VM3 DB Overlay network Logical Connection Physical network
- 5. Page 5 State of the art (DVR) (Openstack Juno) Proactive approach (pre-configuring 100% of possible flows) Distribute L3 services on compute nodes Linux namespace is cloned to all compute nodes that participate in a tenant network Keeps all namespace in all compute nodes synchronized
- 6. Page 6 Introduction Dragonflow is an implementation of a fully distributed virtual router for OpenStack® Neutron™ that is based on a light weight SDN controller The main purpose of DragonFlow is to simplify management of the virtual router, while improving performance and scale and eliminating the single point of failure, as well as the notorious Network Node Bottleneck As opposed to using big running software entities to represent virtual network elements (e.g. router), Dragonflow compiles the virtual router into standard forwarding element flows
- 8. Page 8 DragonFlow Advantages (vs. Juno DVR) Simple and nimble architecture Very small change impact on Neutron (vs. very big change impact) Higher performance (+20% from initial benchmarks) Simpler management (Only actual flows are distributed to forwarding elements instead of all possibilities) Higher scalability and flexibility Elastic architecture allows scaling in and out as the managed instance network grows/shrinks Utilize the power of SDN (vs. legacy hard-wired opaque software)
- 9. Page 9 Control Node Neutron Service Plugins Network Node Bootstrap L3 Service L3 Controller Agent L3 App Message Queue (AMQP) Compute Node Neutron Agent OVS qbrXXX VM br-tun br-int vxlan qvoXXX patch-tun patch-int IPTables Core Plugins ML2 IPTables Namespace DHCP Agent DHCP Service OpenFlow Install L3 pipline (L3 Agent) Legacy SNAT/FIP
- 10. Page 10 OpenFlow pipeline And the NORMAL pipeline Hybrid OpenFlow Switch OVS OpenFlow processing pipeline Normal L2 Switch Input Output Packet In Packet Out Forward to controller (ofp PACKET_IN) NORMAL Drop OpenFlow Controller Introduced in OpenFlow/1.1. Hybrid switches support concurrent operation of both OpenFlow pipeline and normal (legacy) Ethernet switching functionality. The hybrid switch allows forwarding of packets from the OpenFlow pipeline to the normal pipeline through the NORMAL and FLOOD reserved ports. Act as two completely separated switches
- 11. Page 11 L3 Installed pipeline Virtual Router using flows- All L2 is offloaded to the normal path
- 12. Page 12 L3 Controller Agent L3 SDN Application Logic Compute Node Controller L3 App OVS qbrZZZ VMzzz br-tun br-int vxlan qvoZZZ patch-tun patch-int qbrWWW VMwww qvoWWW Port VLAN TAG: 2 qbrXXX VMxxx qvoXXX qbrYYY VMyyy qvoYYY Port VLAN TAG: 1 Neutron DB OpenFlowOpenFlow VMwww first TCP connection with VMyyy Tenant A, Subnet 2 Tenant A, Subnet 1 1 1st TCP_SYN DST: VMyyy Packet is sent to controller Matched as VM to VM inter Subnet Traffic in the L3 forwarding table 2 If route (www to yyy) possible, install flow and reverse_flow PACKET_OUT 1st TCP_SYN DST: VMyyy 3
- 13. Page 13 L3 Controller Agent L3 SDN Application Logic same compute Node Compute Node Controller L3 App OVS qbrZZZ VMzzz br-tun br-int vxlan qvoZZZ patch-tun patch-int qbrWWW VMwww qvoWWW Port VLAN TAG: 2 qbrXXX VMxxx qvoXXX qbrYYY VMyyy qvoYYY Port VLAN TAG: 1 Neutron DB OpenFlow FLOW_MOD match: vid src_mac src_ip dst_mac dst_ip action: pop_vlan change src_mac change dst_mac output: port qvoYYY Tenant A, Subnet 2 Tenant A, Subnet 1 FLOW_MOD match: vid src_mac src_ip dst_mac dst_ip action: pop_vlan change src_mac change dst_mac output: port qvoWWW 4 5 Install Flow and Reverse Flow For Inter Subnet L3 Traffic
- 14. Page 14 L3 Controller Agent L3 SDN Application Logic cross compute Node Controller L3 App Compute Node OVS qbrZZZ VMzzz br-tun br-int vxlan qvoZZZ patch-tun patch-int Port VLAN TAG: 2 qbrYYY VMyyy qvoYYY Port VLAN TAG: 1 Neutron DB OpenFlow Compute Node OVS br-tun br-int vxlan patch-tun patch-int qbrWWW VMwww qvoWWW Port VLAN TAG: 2 qbrXXX VMxxx qvoXXX Port VLAN TAG: 1 OpenFlow VMwww first TCP connection with VMyyy 1st TCP_SYN DST: VMyyy If route (www to yyy) possible, install flow and reverse_flow FLOW_MOD match: vid src_mac src_ip dst_mac dst_ip action: pop_vlan change src_mac change dst_mac output: port qvoYYY FLOW_MOD match: vid src_mac src_ip dst_mac dst_ip action: pop_vlan change src_mac change dst_mac output: port qvoWWW PACKET_OUT 1st TCP_SYN DST: VMyyy 1 2 3 4 5
- 15. Page 15 DragonFlow Feature List Current Release (Kilo) APIs for routing IPv4 East-West traffic Performance improvement for inter-subnet network by removing the amount of kernel layers (namespaces and their TCP stack overhead) Scalability improvement for inter-subnet network by offloading L3 East-West routing from the Network Node to all Compute Nodes Reliability improvement for inter-subnet network by removal of Network Node from the East-West traffic Simplified virtual routing management Supports all type drivers GRE/Vxlan/VLAN Centralized North-South traffic Support for HA, in case the connection to the Controller is lost, fall back to the legacy L3 implementation until recovery. Reused all the legacy L3 HA. (Controller HA will be supported in the next release). Supports Centralized IPv6 Next Release Plan ( discussion for liberty ) Add support for North-South L3 IPv4 distribution (SNAT and DNAT) Multi Controller Support ( Equal and Master Slave) Add support for IPv6 For the complete list go to the Blueprints on the project Homepage
- 16. Page 16 External Links Homepage: http://launchpad.net/dragonflow Documentation: http://goo.gl/rq4uJC Source: http://git.openstack.org/cgit/stackforge/dragonflow Bugs: http://bugs.launchpad.net/dragonflow Blogs: blog.gampel.net, http://galsagie.github.io IRC : #openstack-dragonflow