Today's datacenter networks contain more devices than ever before; servers, switches, routers, storage systems, dedicated network equipment and security appliances – many of which are further divided into virtual machines and virtual networks. Traditional network management techniques generally fall short of providing a truly scalable, automated approach to managing these next-generation networks. Users expect more control and flexibility with quicker provisioning and monitoring.
OpenStack Networking (Neutron) is a pluggable, scalable and API-driven system for managing networks and IP addresses. Like other aspects of the cloud operating system, it can be used by administrators and users to increase the value of existing datacenter infrastructure. Neutron prevents the network from being the bottleneck or limiting factor in a cloud deployment and gives users real self service over their network configurations.
Starting in the Folsom release, OpenStack Networking, then called Quantum, became a core and supported part of the OpenStack platform, and is considered to be one of the most exicting projects – with great innovation around network virtualization and software-defined networking (SDN). The general availability of Icehouse, the ninth release of OpenStack, is just around the corner, so I would like to highlight some of the key features and enhancements made by the contributors in the community to Neutron.
Modular Layer 2 (ML2) plugin enhancements
The Modular Layer 2 (ML2) plugin is a framework allowing OpenStack Networking to simultaneously utilize the variety of layer 2 networking technologies found in complex real-world data centers. It currently works with the existing Open vSwitch, Linux bridge, and Hyper-V L2 agents as what ML2 define as ‘MechanismDrivers’, and is intended to replace and deprecate the monolithic plugins associated with those. The ML2 framework is also intended to greatly simplify adding support for new L2 networking technologies, requiring much less initial and ongoing effort than would be required to add a new monolithic core plugin.
Starting with Icehouse, ML2 will support SR-IOV PCI passthrough; SR-IOV is a specification that allows a PCIe device to appear to be multiple separate physical PCIe devices. In the case of networking, this allows to assign a Virtual Function of an SR-IOV capable network card to a virtual machine as a network device (vNIC). This enables network traffic to bypass the software switch layer, which can offer better performance characteristics. SR-IOV introduces the need to enhance ML2 with support for requesting certain ‘vnic_type’ to be bound on Neutron port. Depending on the application, Neutron port can now be requested to be realized as normal vNIC (implemented using virtio NIC) or pci-passthrough (using SR-IOV).
Operational status of floating IPs
OpenStack instances receive a private IP address through which they can reach each other. In order to access these instances from other machines in the environment and from external networks like the Internet, the instances will need to be allocated a "floating IP” - which is implemented on the neutron-l3-agent as NAT (iptables) rules. Originally, floating IPs did not have an operational status, so the user had no way to check whether the floating IP has actually been created or not. This functionally was added in Icehouse through a change in the core API.
Enhanced scheduling of virtual routers
Neutron has an API extension to allow administrators and tenants to create virtual routers in order to route between networks and to access external networks. Virtual routers are scheduled in the neutron-l3-agent, which uses the Linux IP stack with iptables to perform L3 forwarding and NAT. In order to support multiple routers with potentially overlapping IP addresses across the environment, the l3-agent defaults to using Linux network namespaces to provide isolated forwarding instances.
Depending on your OpenStack cloud design, you may want to use more than one l3-agent, usually to provide fault-tolerance or high-availability, or to distribute the load of this crucial component. The default scheduler available in Neutron (‘chance’) is used to place virtual routers on l3-agents randomly, which may or may not fit to your design. Starting with Icehouse, it will now be possible to use a more efficient scheduler (‘leastrouter’) that schedules a virtual router on the l3-agent that has the lower amount of current running routers.
OpenDaylight plugin for Neutron
The OpenDaylight Project is a collaborative open source project hosted by the Linux Foundation. The goal of the project is to accelerate the adoption of software-defined-networking (SDN) and create a solid foundation for Network Functions Virtualization (NFV).
OpenDaylight now has a MechanismDriver for the ML2 plugin to enable communication between Neutron and OpenDaylight. OpenDaylight offers an SDN controller which uses OVSDB (Open vSwitch Database Management Protocol) for southbound configuration of vSwitches, and can now manage network connectivity and initiate GRE or VXLAN tunnels for OpenStack Compute nodes.
New third-party plugins
As mentioned before, Neutron has a pluggable infrastructure which uses plugins to introduce advanced network capabilities. Alongside the open-source plugins (or ML2 MechanismDrivers) such as Linux bridge, Open vSwitch or OpenDaylight, different networking vendors offer their plugin to interact with their hardware or software solution. Plugins to be included in the Icehouse release are coming from Brocade, Big Switch Networks, Embrane, Midonet, Mellanox, Nuage, Radware, Ryu, IBM, and others.
Continuation of Nova network
With the introduction of Neutron, development effort on the initial networking code that remains part of the Compute component (Nova) has gradually lessened. While many still use nova-network in production, there has been a plan to remove the code in favor of the more flexible and featured OpenStack Networking. As there are still some use-cases where nova-network fits, and as there is no clean migration path from nova-network to Neutron, it was decided that nova-network will not be deprecated in the Icehouse release. In addition, to a limited degree, patches to nova-network will now again begin to be accepted to support deployments in production.
Get Started with OpenStack Icehouse
If you want to try out OpenStack Icehouse, or to check out yourself some of the above features, please visit our RDO site. We have documentation to help get started, forums where you can connect with other users, and community-supported packages of the most up-to-date OpenStack releases available for download. You can also try the OpenDaylight integration with Neutron in this simple step-by-step procedure.
If you are looking for enterprise-level support, or information on partner certification, Red Hat also offers Red Hat Enterprise Linux OpenStack Platform.
저자 소개
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.