OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介

Embed Size (px)

DESCRIPTION

日本OpenStackユーザ会 第15回勉強会 発表資料です。

Text of OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介

  • 1.OpenStack + OpenContrail IaaS Takashi Sogabe(@rev4t) Internet Initiative Japan., Inc.

2. ? Takashi Sogabe (@rev4t) IIJ 3. ? Contrail ! 4. OpenContrail? IaaS SDN OpenStack, CloudStack : BGPXMPP : MPLS over GRE MPLS over UDP, VXLAN 5. http://opencontrail.org/ https://github.com/Juniper/contrail-controller github http://juni.pr/17tlcQh JuniperJ-NET OpenContrail 6. MPLS/BGP? ISP IP-VPNMPLS VPN DC External routerL3VPN 7. ? Service Chaining NFV FirewallVM Network Monitoring Web Webtcpdump Remote SPAN(RSPAN) 8. ? PC server 1 Juniper5 1 1 MPLS VPN Juniper MX SRX External Router 9. 10.0.0.1/24 External Router(Gateway Router) .79 192.168.192.0/24.64 Contrail System OpenStack (controller, etc) OpenStack(nova-compute) vRouter 10. OpenContrail 11. (1) http://juni.pr/1alNn7h source git + repo devstack https://github.com/dsetia/devstack Binary JuniperOS rpm (CentOS or Fedora) Juniper.net Online form1 OS Contrail Install Media for CentOS 90-day EVAL (Release 1.02) OpenStack Grizzly 12. (2) 1. OSPC 2. setup.sh cd /opt/contrail/contrail_packages; ./setup.sh3. testbed 4. cd /opt/contrail/utils; fab install_contrail () cd /opt/contrail/utils; fab setup_all () 13. testbed cd /opt/contrail/utils/fabfile/testbeds cp testbed_singlebox_example.py testbed.py vi testbed.py ext_routers = *(srx1, 192.168.192.79)+ (external router )host1 = root@192.168.192.64 host_build = root@192.168.192.64 env.passwords = { host1: , host_build: , } 14. (3) Horizon ContrailWeb Horizon http://(IP)/ username: admin password: contrail123 Contrail http://(IP):8080/ username, password Horizon 15. External Router(1) Interface interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.192.79/24; } } } ge-0/0/1 { unit 0 { family inet { address 10.0.0.1/24; } } } 16. External Router(2) L3VPN routing-options { static { route 0.0.0.0/0 next-hop 192.168.192.5; } route-distinguisher-id 192.168.192.79; autonomous-system 64512; dynamic-tunnels { setup1 { source-address 192.168.192.79; gre; destination-networks { 192.168.192.0/24; } } } }protocols { bgp { group contrail-controller { type internal; local-address 192.168.192.79; family inet-vpn { unicast; } neighbor 192.168.192.64; } } stp; } 17. External Router(3) VRF routing-instances { cusotomer-public { instance-type vrf; interface ge-0/0/1.0; vrf-target target:64512:10000; routing-options { static { route 0.0.0.0/0 next-hop 10.0.0.2; } } } } 18. External Router(4) SRX forwarding mode packet based security { forwarding-options { family { inet6 { mode packet-based; } mpls { mode packet-based; } iso { mode packet-based; } } } }root> show security flow status Flow forwarding mode: Inet forwarding mode: packet based Inet6 forwarding mode: packet based MPLS forwarding mode: packet based ISO forwarding mode: packet based Flow trace status Flow tracing status: offFlowsecurity zone dynamic tunnel 19. OPENCONTRAIL 20. (1) 3 OpenContrail Web OpenStack neutron(quantum) OpenContrail REST API API server: http://(controller_host):8082/ Top level URL 21. .1 Floating-ipExternal routervRouter10.1.0.253.254 .253.252external network 10.0.0.0/24 global 10.1.0.0/24public 10.255.0.0/24 .254 vRoutertest-public-1 .253test-private-1test-public-2.252test-private-2.254 private 10.254.0.0/24 22. (public) 23. IP(public) 24. Global 25. test-public-1, test-public-2 26. Ping from test-public-1 to 10.0.0.1 27. Private 28. test-private-1, test-private-2 29. Ping from test-private-1 to test-public-1 30. Policy 31. Policy 32. Ping from test-private-1 to test-public-1 33. Floating-ip 34. Ping from ext-router to test-public-1root> ping 10.1.0.253 routing-instance cusotomer-public PING 10.1.0.253 (10.1.0.253): 56 data bytes 64 bytes from 10.1.0.253: icmp_seq=0 ttl=62 time=31.423 ms 64 bytes from 10.1.0.253: icmp_seq=1 ttl=62 time=2.510 ms ^C --- 10.1.0.253 ping statistics --2 packets transmitted, 2 packets received, 0% packet loss 35. External router show route (1) root> show route inet.0: 5 destinations, 5 routes (4 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0*[Static/5] 1d 20:49:14 > to 192.168.192.5 via ge-0/0/0.0 10.1.0.1/32 *[Local/0] 1d 20:49:29 Reject 192.168.192.0/24 *[Direct/0] 1d 20:49:14 > via ge-0/0/0.0 192.168.192.79/32 *[Local/0] 1d 20:49:20 Local via ge-0/0/0.0 36. External router show route (2) inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.192.0/24 *[Tunnel/300] 1d 20:49:46 Tunnel 192.168.192.64/32 *[Tunnel/300] 00:56:35 > via gr-0/0/0.32769 37. External router show route (3) cusotomer-public.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0*[Static/5] 1d 20:49:14 > to 10.0.0.2 via ge-0/0/1.0 10.0.0.0/24 *[Direct/0] 1d 20:49:14 > via ge-0/0/1.0 10.0.0.1/32 *[Local/0] 1d 20:49:19 Local via ge-0/0/1.0 10.1.0.253/32 *[BGP/170] 00:07:40, localpref 100, from 192.168.192.64 AS path: ? > via gr-0/0/0.32769, Push 16 38. External router show route (4) mpls.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 299792*[VPN/170] 02:02:08 > to 10.0.0.2 via ge-0/0/1.0, Popbgp.l3vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both192.168.192.64:2:10.1.0.253/32 *[BGP/170] 00:07:40, localpref 100, from 192.168.192.64 AS path: ? > via gr-0/0/0.32769, Push 16 39. Network(1) 40. Network(2) 41. Network(3)Flow 42. Network(4)Routing Table 43. Analyzer(1) L3SWRemote SPAN(RSPAN) Analyzer OpenStackWireshark Compute Nodetap tcpdumpAnalyzer 44. Analyzer(2) 45. Analyzer(3) 46. Cassandra External router L3VPN VXLAN 47. Service Chaining VXLAN external router Havana