Technical Level: Medium
OpenStack Knowledge: Medium (Architect)
OpenDayLight Knowledge: Fundamentals
The Universal OpenStack adoption has changed the way to develop new datacenter’s services. Questions like: How much storage capacity and bandwidth does this new App need? are being addressed by an emerging role of Cloud Architects. IT Storage/Network Architects, who used to care of it App by App, are facing orchestration challenges as their most important priority now. In other words, how many storage/network services can be directly available from the orchestration dashboard to the end-user.
The time when custom-designed hardware used to bring an important competitive advantage is almost vanished. Most of advanced datacenters and cloud services are reduced to white commodity boxes (check out my note about DSSD as one exception to it: Don’t try to attach a horse hitch to a tesla ). Software is the superior brain managing all resources, making the most of them, bringing a highly responsive analytic as never seen before. Just check out how Google’s got the perfect combination between scale and speed for their networks at Pulling Back the Curtain on Google’s Network Infrastructure (one petabit/sec of total bisection bandwidth)
IT Resources used to be defined depending on every App performance/capacity needs. Now, their definition is based on the compatibility with orchestration platforms like OpenStack, even before to go to the App’s needs. Storage decisions are being reduce to opt between block or object. Cinder or Swift. Throughput tests are being done from instances to compare price/performance among different techs. Therefore, who cares what pieces of hardware are backstage? if you get the performance that your App needs from the very instances.
Even so, Network techs goes on ahead of storage in this history of change. SDN started its development much earlier than SDS (Software Defined Storage). And since NFV, a very awaited component among cloud rock-stars, SDN started to be a critical resource to manage, scale and control all these chained communication services.
Avoid vendor lock-in to stay competitive. Open standards make honest vendors. Most of the SDN vendors/projects has decided to move “OpenStack Network Virtualization” up to its first priority in the roadmap. OpenDayLight is not the exception. Besides, Service Function Chaining has been the core use case, ODL’s board has also decided to concentrate efforts into Neutron and OVS-DB.
A flat network virtualization management only based on Nova has been left behind years ago. Multi-layers App topologies with important needs in network functions have been stressing these projects and their supporters. Neutron, formerly called Quantum, has been enriched along with the growth of NFV’s adopters.
A warm OpenStack integration from OpenDayLight Helium
Dave Neary gave us away a short guide to implement “OpenDaylight and OpenStack” in the last OpenStack Summit in Vancouver. After a small review about ODL Helium, we were taken into a OpenVSwitch ML2 Mechanism overview based on Networking in too much detail from RedHat. You might like take a look at my There’s real magic behind openstack neutron notes, before go to the next lines.
Later Dave took us into the ODL Southbound interface to OVSDB and brought differences versus to the default nova/neutron settings. ODL Helium is removing BR-TUN (Bridge Tunnel) from every node. VXLAN encapsulation happens into the BR-INT instead. We’ve got a glance that Lithium removes “L3 Agent” and BR-EXT from neutron nodes and gets parity with Neutron features like LBaaS.
Next pictures remarks ODL’s features that work with OpenStack Juno
Drawbacks: Migrate from OVS/Neutron default settings to ODL is absolutely disruptive. You will have to delete every configuration. Security groups cannot be centrally managed by ODL yet. However, ODL will bring an important change in Lithium to manage Security rules in Neutron, see next section.
Amazing progress of Lithium to get OpenStack’s Neutron features parity.
Below you can see a picture with details about what is new in the Lithium release and how it works with OpenStack. ODL’s Neutron & OVSDB Services increased feature parity with Neutron including support for LBaaS, Distributed Virtual Router, NAT, External Gateway and Floating IP support. Also, there some improvements in performance & stability in this integration.
Next picture shows how DLUX automatically creates a graphical topology based on the info received from every openflow switch. VTN manages all OVS at control and compute OpenStack nodes. Even the underline switches used as data plane to connect these nodes can be configured by VTN Manager.
Although Nova Security Groups are not centrally managed, Lithium supports the integration with OpenStack Neutron Group Based Policy since its first release in Juno. OpenStack’s GBP also is supported by vendors-specific policy drivers from Nuage Virtual Services’ Platform, Cisco ACI and One Convergence Network. Honestly, I don’t believe Nova security groups will be eventually supported by ODL. Instead, GBP offers a most advanced and powerful option to it.
OpenStack’s GBP simplifies the job for security operators to apply rules based on the App’s profile and avoid direct interaction with the underlying network infrastructure. Also OpenStack’s GBP describes the chaining of multiple network services to speed up App development. It makes operators, security and App teams get better along.
Among other improvement we can find that ODL’s VPN Service has direct Integration with Openstack Neutron (APIs adhering to Openstack BGP VPN blueprint). ODL’s AAA component (Authentication, Authorization and Accounting) has also got integration with Keystone for Federation and SSO functions.
References worth to check out:
- Helium OpenDaylight Juno OpenStack at RedHat: Show a setup of a small configuration of OpenStack Juno and ODL Helium. It shows every command to replace OVS Agent at Neutron by ODL ML2. You can get an examples of scripts to clean up control and compute nodes from OVS settings and namespaces.
- How to set up OpenStack for the integration with VTN Manager at ODL Lithium: VTN Manager works as network service provider for OpenStack. Be amazed by the screen shots from Horizon and DLUX.
- Using OpenDaylight with OpenStack (PDF): This doc describes how to set north/south-bond plug-ins up, and how to tell when everything is working.
- GroupBasedPolicy/ReleaseNotes/Juno: Here you can check the announcement ODL’s GBP is supported in this first release of OpenStack’s GBP in Juno.
- OpenStack Group Based Policy Documentation: OpenStack’s GBP description and a good sample of how it works.