Overview

MPLS VPNaaS (MPLS VPN-as-a-Service) is a Neutron extension that introduces MPLS VPN feature set.

The following is the proposed plan for design and implementation of the MPLS VPN as a Service feature in OpenStack Networking for the Havana release.

This BP refers to Neutron/VPNaaS (IPSec VPN)( https://wiki.openstack.org/wiki/Neutron/VPNaaS) .

Why MPLS VPN IN OPENSTACK

1. To meet users’ demands: QoS guarantee

2. MPLS is widely supported by backbone devices: Generally, core nodes in backbone have the ability to deploy MPLS tunnels.

In era of cloud computing, tenants have more and more data interactions with datacenter network, and also secure connections, QoS and elastic adjustment are needed. Consequently, MPLS tunnel is a better solution to construct VPN through backbone.

Precondition

We consider that the MPLS VPN in WAN have been established by ISP(or other provider),so we just need to consider how a tenant’s subnet could access the MPLS VPN .We use term of MPLS VPN Access Connection to represent the connection between a neutron router(which connects a subnet or just a vm of a tenant) and a PE.Also,a MPLS VPN Access Connection can represent the connection between a vendor’s hardware device(a CE router) and PE.

USE CASE

USE CASE 1

If there are no hardware devices in OpenStack as a CE devices.Then we combine quagga and Neutron router to make Neutron a CE access router.This implementation need no specific hardware device.

USE CASE 2

If there are vendor’s hardware devices in OpenStack,a vendor need to provide its driver,which will configure vendor’s devices to access MPLS VPN.

How MPLS VPN Works

Neutron Router

In Neutron, a tenant can create routers for subnets or tenant and define the connections between subnets,this is Neutron Router.