Openstack Networking Overview

NANOG

9 Oct 201845:54

Summary

TLDRThis presentation by Pete Lumbus, a Technical Marketing Engineer at Cumulus, offers an insightful overview of OpenStack, focusing on its networking aspects and design options. He discusses the complexity of OpenStack's microservices architecture, the roles of Nova and Neutron in compute and network services, and the trade-offs between different network design strategies. Lumbus also explores advanced options like using VXLAN with EVPN and server-based VXLAN for scalability, emphasizing the importance of choosing the right approach based on the number of tenants and comfort with OpenStack's interaction with the network infrastructure.

Takeaways

😀 OpenStack is a complex but powerful tool for deploying VMs with a microservices architecture, allowing for flexibility but at the cost of complexity due to its standalone components and APIs.
🔌 Networking in OpenStack is handled by Neutron, which manages tenant networks and communicates with Nova for compute services, emphasizing the importance of API communication between components.
🛠 The speaker, Pete Lumbus, suggests that the design of OpenStack networks can greatly vary based on the number of tenants and the required scalability, impacting the choice between VLAN, VXLAN, or server-based VXLAN.
🌐 VLAN-based networking is simple and static but limited in scale and can be risky due to the large blast radius of potential errors.
🔗 ML2 (Modular Layer 2) plugin allows Neutron to communicate with physical switches for VLAN or VXLAN provisioning but may introduce concerns about state loss upon device reloads.
🔒 Security and isolation are key considerations in network design; VXLAN with EVPN can provide scalability and maintain these aspects more effectively than traditional VLANs.
🌀 VXLAN on servers is a scalable approach that removes L2 broadcasts and relies on compute nodes to manage their own tenant networks, simplifying the network infrastructure.
💡 The presenter recommends considering the number of tenants, comfort with OpenStack interacting with the network, and preference for VLANs vs. VXLANs when making network design decisions.
🛑 Service chaining and additional network services like firewalling and NAT are typically handled within the compute nodes, which may require additional software components.
🔄 The shift towards using BGP for network underlays in OpenStack can provide a more scalable and resilient network, but it also adds complexity that needs to be managed.
👷‍♂️ The speaker advises against over-engineering network designs, especially in private cloud setups where simpler routing solutions might suffice and reduce complexity.

Q & A

What is OpenStack and why is it considered complex?
-OpenStack is a cloud operating system that manages compute, storage, and networking resources in a data center. It's considered complex due to its microservices-style architecture where each component is a standalone service with its own API, leading to a high degree of flexibility but also increased complexity in deployment and management.
What are the main components of OpenStack related to networking?
-The main components of OpenStack related to networking are Nova, which is the compute service responsible for deploying and managing VMs, and Neutron, the network service that manages tenant networks and assigns them to VMs.
How does the speaker describe the relationship between Neutron and Nova in OpenStack?
-The speaker describes the relationship between Neutron and Nova as a loosely coupled one, where Neutron programs the network stack on the Nova nodes and communicates with Nova via API to build network programming for VMs.
What is an ML2 plugin and what role does it play in OpenStack networking?
-An ML2 plugin, or Modular Layer 2 plugin, allows a Neutron server to communicate with a physical switch and provision VLANs or VXLANs through a common API. It is provided by the vendor and is used to translate OpenStack API calls into device-specific configurations.
What are the pros and cons of using a VLAN-based networking model in OpenStack?
-The pros of using a VLAN-based model include simplicity and the ability to pre-provision networks without dynamic changes. The cons include limited scalability due to the number of available VLANs and the potential for a large blast radius if a configuration error occurs.
What is the difference between using traditional VLANs and VXLANs in OpenStack networking?
-Traditional VLANs are limited in number and can cause scalability issues, while VXLANs allow for a more scalable environment by providing layer 2 connectivity over a layer 3 network. VXLANs also enable the creation of a more distributed and scalable network architecture.
What is the speaker's recommendation for environments with more than a thousand tenants in OpenStack?
-For environments with more than a thousand tenants, the speaker recommends building a true layer 3 network with routing down to the server to eliminate layer 2 broadcast domains and reduce the blast radius, which is essential for cloud providers.
What is the role of EVPN (Ethernet VPN) in the VXLAN-based networking model discussed in the script?
-EVPN provides the control plane for VXLAN-based networking, advertising MAC addresses and allowing for the dynamic learning and distribution of MAC addresses across the network, which helps in building a scalable and efficient network environment.
What are the potential issues with using ML2 agents on switches for OpenStack networking?
-Using ML2 agents on switches can lead to a loss of state upon switch reload, which might require re-provisioning of all VMs in a rack to regain network connectivity. It also introduces the complexity of having OpenStack dynamically change the network configuration, which might not be desirable from an operational standpoint.
What is the significance of using BGP in the server-based VXLAN model?
-Using BGP in the server-based VXLAN model allows for the creation of a complete eBGP fabric from end to end, enabling highly scalable and redundant network designs without the need for VLANs or other layer 2 configurations.
What considerations should be made when deciding between different OpenStack networking models?
-Decisions should be based on the number of tenants, comfort level with OpenStack interacting with the network, the need for scalability, and the existing network infrastructure's capabilities, such as support for VXLAN and the presence of modern top-of-rack switches.