Upload
jonathan-lacour
View
566
Download
1
Tags:
Embed Size (px)
DESCRIPTION
DreamHost has been working on our OpenStack Public Cloud, DreamCompute, for several years. At the onset of the project, we set out with an aggressive set of requirements for our networking functionality, including L2 tenant isolation, IPv6 support from the ground up, and complete support for the then emerging OpenStack Neutron APIs. Our search ended with the realization that there was a gap in OpenStack SDN for L3+ services. Thus, the Akanda project was born. Akanda is an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack. It builds on top of Linux, iptables, and OpenStack Neutron, and is used in production to power DreamCompute's networking capabilities. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services, including routing, port forwarding, firewalling, and more. This talk will give an introduction to the Akanda project, review the DreamCompute use case, and illustrate how Akanda works under the hood. In addition, we'll discuss future capabilities, operational challenges and tips, and more. Watch the talk video - https://www.openstack.org/summit/openstack-paris-summit-2014/session-videos/presentation/akanda-layer-3-virtual-networking-services-for-openstack
Citation preview
Production-ready, open source network virtualization
Jonathan LaCour - [email protected] Ryan Petrello - [email protected]
HELLOMy name is Jonathan
VP of Cloud at DreamHost
@cleverdevil on twitter
HELLOMy name is Ryan
Senior Cloud Developer at DreamHost
@ryanpetrello on twitter
AGENDA• The birth and evolution of Akanda
• Akanda technology overview
• Akanda in practice
• Retrospective
• The future
AKANDA’S BIRTH👶
DREAMCOMPUTE IS OPEN
Virtual Networking • L2 isolation for all tenants • IPv4 and IPv6 via SDN
Elastic Compute • Virtual machines via KVM hypervisor and OpenStack
Block Storage • OpenStack Cinder and Ceph • Massively scalable, distributed, and self-healing • Lightning fast boot-from-volume
AKANDA’S BIRTH• DreamCompute’s design and development necessitated Akanda
• Required L2 isolation and IPv6
• No Open Source solution and vendors were lacking
• Didn’t understand cloud
• Missing features and OpenStack integration
👶
INITIAL DESIGN• OpenBSD service VMs
• Routing, firewall, and services via OpenBSD Packet Filter (PF)
• Akanda Appliance API in Python
• Integration with OpenStack via Nova and Neutron
• Rug Orchestration platform for creating, updating, and monitoring service VMs
EVOLUTION
🙈🙉🙊
EVOLUTION• OpenBSD not well-suited for the task
• Community resistance to virtualization
• Poor network throughput and network driver issues
• Slow boot times (3-5 minutes)
• No hot-plugging support, requiring service VM reboots
🙈
THE SWITCH TO LINUX• Moved to Linux
• From PF to iptables, with a larger community
• Significantly improved performance
• Service VM boots and reboots in 45 seconds or less
• Hot-plugging support
AKANDA ARCHITECTUREA
kand
a RU
G O
rche
stra
tion
Akanda Virtual Services
OpenStack APIs – Neutron, Nova, etc.
Akanda Pluggable L2 Backends
Physical Network (L2)
Routing Load Balancing Firewall Etc.
NSX Linux Bridge OpenDaylight More!
• No vendor magic – open source and transparent
• IPv6 support – customer VMs get IPv6
• Performance – beat the competition
• Its just Linux – service VMs can run anything
• Stability – routes traffic for thousands of VMs daily
❤️
IN DEPTH
THE AKANDA APPLIANCE• Linux virtual machine, built with veewee, and stored in Glance.
• iptables – tenant NAT, floating IPs, etc.
• dnsmasq – DHCP, DNS, etc.
• bird – upstream connectivity (BGP, RADV)
• Python proxy for Nova metadata service
APPLIANCE REST API• Not exposed to user, instead used by The Rug for
configuration, monitoring, and reporting.
• Primary endpoints:
• Alive Check - are you alive?
• Configuration Push - reconfigure / reload router services
{ "networks": [{ "subnets": [{ "gateway_ip": "208.113.176.1", "cidr": "208.113.176.0/23", ... }],
"network_id": "b1234135-a0fc-4a1a-bea3-1232341235", "interface": { "ifname": "ge1", "addresses": [“208.113.176.249/23", “2607:f298:5:110d:f816:3eff:fe7d:e274/64"] }, }], "default_v4_gateway": "208.113.176.1", "floating_ips": [{ "floating_ip": "208.113.176.249", "fixed_ip": "10.10.10.3" }], ...}
THE RUG
• “Really ties the room together.”
• Orchestration and monitoring of service VMs
RUG ARCHITECTURE
Event Processing State Machine
Neutron
Notifications
Health Monitoring
Service VM
Service VM
Service VM
Service VM
STATE MACHINE
• Sophisticated state management
• Ten possible states
• Rug automates transitions between states
EXAMPLE – SERVICE VM BOOT
CALC_ACTION
CHECK_BOOT
CREATE_VM CONFIG
EXAMPLE – HEALTH MONITORING
CALC_ACTION
STOP_VM
ALIVE CHECK_BOOT
CREATE_VM
INTERESTING FEATURES
• Network hot-plugging
• Upon addition or removal of a network
• nova <interface-attach | interface-detach>
INTERESTING FEATURES
• Advanced failure tracking
• Configurable cool down threshold
• Reporting for service VMs stuck in ERROR state
IN PRACTICE
AKANDA OPERATIONS
• Build your service VM image and store in Glance
• Tell the Rug which service VM image to use
• The Rug actively monitors tenants missing service VMs and creates, configures, and keeps them alive
RUG-CTL COMMAND LINE TOOL• rug-ctl browse
• Lists all service VMs and basic details
• rug-ctl router debug
• Forces The Rug to temporarily stop managing a service VM
• rug-ctl router rebuild [—router_image_uuid]
• Destroys / recreates a service VM, optionally with a different VM image
RETROSPECTIVE
RETROSPECTIVE
• Neutron wasn’t ready for IPv6. Getting there now!
• State machines and distributed processing are hard. Very hard.
• Best way to stabilize is continuous automated testing.
• As a small team, keeping pace with upstream projects is almost a full-time job.
THE FUTURE
LAUNCHING TODAYhttp://akanda.io
AKANDA’S FUTURE• Launch of Akanda, Inc. - http://akanda.io
• Roadmap
• Additional services – Load Balancing and Firewall
• More L2 backends – physical bridge, OpenDaylight, etc.
• Enterprise Rug - HA and scale-out
GET THE CODE, JOIN THE TEAMhttp://akanda.io