OpenStack/Quantum SDN- based network

Transcription

OpenStack/Quantum SDNbased network virtulization
with Ryu
Kei Ohmura
NTT
May 31, 2013
© 2013 NTT Software Innovation Center
Outline
• Introduction to Ryu
• O penStack Quantum and Ryu
• D emo
• S ummary
2
What is “Ryu”
流流
(ryu)
means “flow”
⿓龍龍
(ryu)
means “japanese dragon”, one of warter gods
3
What is “Ryu”
manages “flow” control to enable intelligent networking
Packet
4
SDN(Software Defined Networking)
•  Separates control and data plane:
•  Open interface between control and data plane
•  Network control and management features in software
Feature
Feature
Feature
Feature
OS
OS
Specialized packet
Forwarding
hardware
Specialized packet
Forwarding
hardware
Feature
Feature
OS
Specialized packet
Forwarding
hardware
5
SDN(Software Defined Networking)
•  Separates control and data plane:
•  Open interface between control and data plane
•  Network control and management features in software
Applicatoin layer
Business applications
Business applications
Control layer
North-‐‑‒bound API: Programmable Open APIs
SDN control
software
Network services
Network services
Network services
South-‐‑‒bound API
(ex., OpenFlow)
Infrastructure layer
Network Device
Network Device
Network Device
Network-related control
Packet forwarding
Network Device
Network Device
http://www.opennetworking.org/sdn-resources/meet-sdn
6
OpenFlow Overview
• One of the key technologies to realize SDN
• Open interface between control and data plane
match field
OpenFlow Controller
OpenFlow protocol
OpenFlow
switch
OpenFlow
switch
OpenFlow
switch
Mac
dst
Mac
src
IP
dst
IP
src
TCP
dst
…
Action
count
er
byte coun
ters, etc
*
*
*
*
6667
*
output
: 3
..
..
..
..
..
.
.
..
Flow Table
OpenFlow
switch
7
Ryu SDN framework
• SDN Framework
•  A platform for building SDN applications
•  Provides useful libraries and well-defined API
• Open source software (Apache v2)
•  Fully written in Python
•  Project site: http://osrg.github.com/ryu/
SDN
apps
SDN
apps
SDN
apps
well-‐‑‒defined API
Ryu SDN framework
OpenFlow protocol
OpenFlow
switch
OpenFlow
switch
8
Our goals
• D e facto SDN platform
• Standard network controller for cloud
orchestrators, e.g. OpenStack
• Default network controller for Linux
Distributions, e.g. RHEL/feadora/
ubuntu
• H igh quality for commercial deployment
• code quality, functionality, usability
9
Features
• Generality
• Vendor-neutral
• Supports open interface (eg., OpenFlow)
• Used by some switch vendors
• Agile
• Framework for SDN application
development instead of all-purpose big
monolithic ‘controller’.
10
Architecture
• I mplement your apps by using Ryu SDN Framework
operator
OpenStack
cloud orchestration
RESTful
management
API
User
Apps
REST API
for Quantum
User-defined API
via REST or RPC
Ryu SDN frame work
Built-in Apps: tenant isolation, L2 switch
Libraries: OF REST, topology discovery, firewall
OF protocols parser/
serializer
Non-‐‑‒OF protocols
parser/serializer
OF1.0, 1.2, 1.3
OF-‐‑‒Config 1.1
netconf, vrrp, netflow, packet lib
existing
IP
networks
OpenFlow
OpenFlow
switch
11
Current status
•  OpenFlow protocol
•  OF1.0 + nicira extensions, OF1.2, OF1.3
•  OF-Config 1.1
•  Other protocols
•  netconf, vrrp, xFlow, snmp, ovsdb
•  Ryu applications /libraries
• 
• 
• 
• 
Topology viewer
OF REST
Firewall
Some sample apps are in the ryu/app directory.
•  Switch Interoperability
•  Referenced by some switch vendors
•  Open vSwitch
•  Integration testing with Open vSwitch (OF1.0, OF1.2)
•  nicira extensions, OVSDB
•  Integration with other components
•  HA with Zookeeper
•  IDS (Intrusion Detection System)
•  OpenStack Quantum
12
How to use
• Install Ryu from pip
$ sudo pip install ryu
• Install Ryu from the source code
$ git clone git://github.com/osrg/ryu.git
$ cd ryu; sudo python ./setup.py install
• Run your application
$ ryu-manager yourapp.py
13
Mac learning switch
$ ryu-manager ryu/app/simple_switch.py
L2 switch
app
Ryu
(2)
(3)
(1)
(4)
FlowTable
OpenFlow
switch
Host A
Host B
tutorial: https://github.com/osrg/ryu/wiki/OpenFlow_Tutorial
14
OF REST
$ ryu-manager ryu/app/ofctl_rest.py
operator
OF REST
API
Ryu
OF REST API
・add a flow entry
POST http://example.org/stats/flownetry/
add
・delete flow entries
DELETE http://example.org/stats/
flowentry/delete
・get flow stats
GET http://example.org/stats/flow/{dpid}
OpenFlow
protocol
OpenFlow
switch
OpenFlow
switch
OpenFlow
switch
15
Firewall REST
$ ryu-manager ryu/app/rest_firewall.py
Firewall REST API ・ add a rule POST h4p://example.org/firewall/rules/{switch-‐id} ・delete a rule DELETE h4p://example.org/firewall/rules/{switch-‐id}
・get rules GET h4p://example.org/firewall/rules/{switch-‐id}
operator
Firewall
REST API
Ryu
OpenFlow
protocol
Allow
OpenFlow
switch
Drop
https://github.com/osrg/ryu/wiki/Third-Party-Tools,-Etc.
16
Topology viewer
• Show topology and flows dynamically
17
HA with Zookeeper
• Centralized controller is single point of
failure (SPOF)
• Ryu + ZooKeeper is able to avoid SPOF
ZooKeeper
master
slave
Ryu
Ryu
Failover
OpenFlow
switch
Host A
Host B
18
IDS integration
• Ryu + IDS can cope with threats in real time.
Deep packet
(3)
snort
control app
Alert
inspection
IDS(Snort)
Ryu
(2)
(4)
OpenFlow
switch
(1) L1~L4
matching
https://github.com/osrg/ryu/wiki/Snort-Integration
19
Ryu plugin for OpenStack Quantum
• Ryu plugin was merged into OpenStack Quantum Grizzly release
Nova
Quantum
Ryu plugin
REST
API
VM VM VM VM
VM VM VM VM
OpenStack
apps
Open vSwitch
Open vSwitch
OpenFlow
Ryu Quantum REST API
・create network
PUT http://example.org/v1.0/
networks/{network-id}
・delete network
DELETE http://example.org/
v1.0/networks/{network-id}
・connect a new VM
PUT http://example.org/v1.0/
networks/{switch-id}_{port-id}
Ryu
https://github.com/osrg/ryu/wiki/OpenStack
20
OpenStack
*-‐as-‐a-‐Service OpenStack Service Compute Nova SwiK (Objects) Storage Cinder (Block) Glance (Images) idenSty Keystone Network Quantum © 2013 NTT Software Innovation Center
21
OpenStack Quantum
• Provides networking-‐‑‒as-‐‑‒a-‐‑‒service
• Quantum controls network
virtualization like Nova controls server
virtualization
• “ plugin” mechanism
• Enable different technologies
• Ryu, Open vSwitch, Cisco UCS, Linux
Bridge, NVP
22
What does Ryu bring to OpenStack
• F lat L2 networks regardless of the underlying physical network
• We don’t need high-end switches
• S calable multi-‐‑‒tenant isolations
• Ryu provides tunneling based isolations
• Virtual networks that Ryu provieds are
decoupled from VLAN limitations
23
How Ryu works with OpenStack
Quantum-node
Ryu-node
Quantum db:
(Network id, key (tunnel id))
Quantum
Server
Ryu server
(Network id, key)
Ryu Quantum
REST API
OpenFlow
&
OVSDB JSON
Quantum
API
Vif
driver
Ryu
agent
Create
Tap port
Create
Tunnel port
Compute-node
OVS
L3
agent
Ryu
agent
OVS
Network-node
24
Demo
• Ryu and OpenStack (GRE tunneling)
25
Ryu and OpenStack: physical view
demo
VM1
mode
VM1
demo
VM2
mode
VM2
Qemu/KVM
Qemu/KVM
Qemu/KVM
Qemu/KVM
Ryu
OVS
Glance
Nova
Quantum
Keystone
Horizon
KVM
All-in-one node
OVS
Nova
Ryu agent
KVM
GRE tunnel
GRE tunnel
Compute node
bridge
Linux(physical machine)
26
Ryu and OpenStack: logical view
Tenant demo ID -> 0x2
Tenant mode ID -> 0x4
demo
VM1
demo
VM2
demo network
mode
VM1
mode
VM2
mode network
27
Future works
• Adds more components(protocols, IaaS, stats, security, etc).
• Improves distributed deployment component(cluster support)
• N ew testing methods (Ryu has more than 15,000 lines test code).
28
Summary
• Ryu is an ongoing project
• Ryu project needs more developers
• site: http://osrg.github.com/ryu/
• wiki:https://github.com/osrg/ryu/wiki/
_pages
• ML: ryu-devel@lists.sourceforge.net
29
Appendix
Node boot up
31
Network creation
32
Instance creation
33
Flow table usage
In port
VM port
Src table
Table 0
match
Local out
Table 1
Table 2
match
in_port set_tunnel
src mac goto table 1
in_port
Tunnel
port
action
Tunnel out
drop
action
match
action
tunnel_id output(tunnel)
dst mac goto table 2
tunnel_id
goto table 2
tunnel_id output(vm)
dst mac
tunnel_id
in_port goto table 2
tunnel_id
drop
VM1
GRE tunnel
OVS
tunnel
port
VM2
VM port
34

OpenStack/Quantum SDN- based network

Transcription

Similar documents

Presentation - Journal of the Southeast Asian Linguistics Society