Shared networks to support VNF high availability across OpenStack multi-region deployment

Shared Networks to Support VNF

High Availability Across OpenStack

Multi Region Deployment

Speakers

Chaoyi Huang

OpenStack Tricircle PTL:

https://wiki.openstack.org/wiki/Tricircle

OPNFV Multisite PTL:

https://wiki.opnfv.org/display/multisite/

Multisite

Valentin Boucher

OPNFV Functest committer:

https://wiki.opnfv.org/display/functest

OPNFV Multisite committer:

https://wiki.opnfv.org/display/multisite

Vikram Dham

OPNFV OVN4NFV PTL:

https://wiki.opnfv.org/display/PROJ/Ov

n4nfv

OPNFV Multisite Committer:

https://wiki.opnfv.org/display/multisite/

Multisite


https://wiki.opnfv.org/display/multisite/Multisite

https://wiki.opnfv.org/display/functest



https://wiki.opnfv.org/display/PROJ/Ovn4nfv

https://wiki.opnfv.org/display/multisite/Multisite

Agenda

Lab introduction

Video Conference in multisite

vIMS in multisite

How Tricricle help the networking

Lab introduction

Laptop Laptop

BeiJing

LangFang

DongGuang

Huawei Cloud Open Lab

Lab introduction ( Chaoyi )

LangFang

BeiJing

HOST5

HOST1

Host3

OpenStack

RegionOne

OpenStack

RegionThree

OpenStack

RegionTwo

JITSI

vIMS

vIMS

JITSI

JITSI TricirclevIMS

Mixed release environment

Tricricle + Neutron Server: Pike release

Three OpenStack clouds: Newton release

Multiparty Video Conference VNF

Multiparty Video Conference architecture

Jitsi Demo - Architecture

Why TriCircle for Jitsi?

Secure logical L2 private network between Jitsi Controller and Jitsi Video Bridges

Multisite Jitsi Deployment using TriCircle

vIMS - Software Architecture

MetaSwitch Clearwater

IMS architecture before

May 2017

vIMS - Demo Architecture

vIMS - Network Architecture+-----------------------+ +-----------------------+ +----------------------+

| ext-net1 | | ext-net2 | | ext-net3 |

| +-------+ | | +-------+ | | +--+---+ |

|RegionOne | | |RegionTwo | | | RegionThree | |

| +---+---+ | | +---+---+ | | +----+--+ |

| | R1 | | | | R2 | | | | R3 | |

| +--+----+ | | +--+----+ | | +--+----+ |

| | net1 | | | net2 | | net3 | |

| +---+--+---+-+ | | +---+--+---+-+ | | ++-----+--+---+ |

| | | | | | | | | | | |

| +---------+-+ | | | +---------+-+ | | | | +--+--------+ |

| |vIMS(non-HA| | | | | vIMS(HA) | | | | | | vIMS(HA) | |

| +-----------+ | | | +-----------+ | | | | +-----------+ |

| +----+--+ | | +----+--+ | | +-+-----+ |

| | R4(1) | | | | R4(2) | | | | R4(3) | |

| +-----+-+ | | +---+---+ | | +----+--+ |

| | | | | | | | |

+-----------------------+ +-----------------------+ +----------------------+

| bridge-net | |

+------------------------+------------------+

vIMS - Limitation & Evolution

Limitation :

VNF support only 2 sites for the moment

No HA for MANO component in the demo (but cloudify 4.0 support HA)

Possible next steps :

Support multisite into Functest/cloudify_ims test-case

Support multisite/tricircle in ONAP


Neutron Server

Tricircle

Nova Cinder Neutron Server

OpenStack(Region One)

Cinder Nova

OpenStack(Region Two)

Tricircle Central

Neutron Plugin

Tricircle Local

Neutron PluginReal Core Plugin

Neutron Server

Tricircle Local


Create cross Neutron logical network

topology through central Neutron1


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local




Boot VM

in Nova2

Boot VM

in Nova2


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


Boot VM

in Nova2

Boot VM

in Nova2

33 Attach network Attach network


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


Trigger networking

automationTrigger networking

automation4 4


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local




Cross Neutron

networking automation

Cross Neutron

networking automation

XJOB

● Long duration networking automation job will be done by XJOB asynchronously

● Different SDN controller could be integrated as Neutron backend as ML2 driver or core plugin

55

L2 networking -

Shadow Port, Shadow Agent, ARP Proxy

Port1

Host1

Shadow

Port2

Shadow

Host2

Port2

Shadow

Port1

Shadow

Host1Host2

Port1’s VTEP

Port2’s VTEP

Port2’s VTEP

Port1’s VTEP

Shadow Port: a virtual object to represent a port in another cloud

Shadow Agent: a virtual object to represent VTEP of the shadow port, L2GW mode supported too.

ARP Proxy: configure L2 Population and ARP responder to enable APR proxy in compute node to

reduce MAC learning

Cross Neutron L2 Network: VxLAN, VLAN, Flat supported.

How Shadow Agent, Shadow Port go to another cloud

Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


1.Port update, port1(host1)


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


2.Port update, port1(host1, VTEP)


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


XJOB

3.save shadow agent

4. Trigger async. job to setup

shadow port/agent


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


XJOB

OpenStack(Region Three)

5. Create shadow port

with VTEP info in profile


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


XJOB


6. Create shadow

agent/ port


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


XJOB


7. update shadow port to

up state


Neutron Server

Tricircle



Cinder Nova


Tricircle Central

Neutron Plugin

Tricircle Local


Neutron Server

Tricircle Local


XJOB


8. Call real core plugin

for shadow port up. If

L2-population is

configured, L2pop

happened.

SDN Controller can be supported if it’s configured to the real core plugin

L3 networking -

Shadow Port, Shadow Agent, ARP Proxy

R R

Shadow Port2

Gateway Port1Gateway Port2

Shadow Port1

Bridge Network: a network used to connect routers in different cloud.

VxLAN, VLAN, Flat supported

Bridge Network

R R

Site to site VPN or dedicated line for securityTenant1

Tenant

2

Tenant level isolated

L2/L3 networking

Security and Isolation between clouds

Tricricle: networking elements

Local network

A network will only reside

in one OpenStack

cloud.

Network type could be

VLAN, VxLAN, Flat

Local router

A router will only reside in

one OpenStack cloud

Net1 Net2

R1 R2

Region One Region Two

● neutron net-create --availability-zone-hint RegionOne Net1

● neutron net-create --availability-zone-hint RegionTwo Net2

● neutron router-create --availability-zone-hint RegionOne R1

● neutron router-create --availability-zone-hint RegionTwo R2

Neutron Server

Tricircle Central

Neutron Plugin

Tricricle: networking elements

R3 R3

Region One Region Two

● neutron net-create --availability-zone-hint RegionOne --

availability-zone-hint RegionTwo Net3

● neutron router-create --availability-zone-hint RegionOne --

availability-zone-hint RegionTwo R3 Neutron Server

Tricircle Central

Neutron Plugin

Net3

Bridge-Net

R3

Cross Neutron L2 network

A network can be presented in more

than one OpenStack cloud.

Network type could be VLAN,

VxLAN, Flat

Non local router

A router can be presented in more

than one OpenStack cloud

Inter-connected via bridge network,

could be VLAN, VxLAN or Flat.

Tricricle: typical networking topology

+-----------------+ +-----------------+

|RegionOne | |RegionTwo |

| | | |

| phy_net1 | | phy_net2 |

| +--+---------+ | | +--+---------+ |

| | | | | |

| | | | | |

| +--+--------+ | | +--+--------+ |

| | | | | | | |

| | Instance1 | | | | Instance2 | |

| +------+----+ | | +------+----+ |

| | | | | |

| | net1 | | |

| +------+--------------------+---+ |

| | | |

+-----------------+ +-----------------+

+-----------------+ +-----------------+

| RegionOne | | RegionTwo |

| ext_net1 | | ext_net2 |

| +-----+-----+ | | +-----+-----+ |

| | | | | |

| +--+--+ | | +--+--+ |

| | R1 | | | | R2 | |

| +--+--+ | | +--+--+ |

| | | | | |

| +---+-+-+ | | +---+-+-+ |

| net1 | | | net2 | |

| +--------+--+ | | +--------+--+ |

| | Instance1 | | | | Instance2 | |

| +-----------+ | | +-----------+ |

| | | net3 | |

| +------+---------------------+----+ |

| | | |

+-----------------+ +-----------------+

Multiple North-South Gateways

Instances plugged into cross Neutron L2 network

Direct Provider Networks

Instances plugged into cross Neutron L2 network

Cross Neutron L2 network Cross Neutron L2 network

Tricricle: typical networking topology

Centralized North-South Traffic with East-

West L3 networking enabled

Non local router

Multi- North-South Gateways with East-

West L3 networking enabled

Non local router

Tricircle - downtime risk?

If Tricircle and the central Neutron server are

down, the existing networking and applications

can still work, each OpenStack Neutron still run,

only new network topology provisioning and

topology change will be affected.

Document: https://docs.openstack.org/developer/tricircle/

Code navigate: https://wiki.openstack.org/wiki/TricircleHowToReadCode

Wiki: https://wiki.openstack.org/wiki/Tricircle

Code base: https://github.com/openstack/tricircle/

Learn, use and contribute

https://docs.openstack.org/developer/tricircle/

https://wiki.openstack.org/wiki/TricircleHowToReadCode


https://github.com/openstack/tricircle/

Thank You