Jump to: navigation, search

Difference between revisions of "Obsolete:Networking"

m (Fifieldt moved page Networking to Obsolete:Networking)
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
__NOTOC__
+
 
 
= Networking Overview =
 
= Networking Overview =
  
 
Live notes may be taken for this topic at: http://etherpad.openstack.org/Networking
 
Live notes may be taken for this topic at: http://etherpad.openstack.org/Networking
 +
 +
== Nova Implementation ==
 +
 +
Current implementation
 +
* Private networking and VPNs
 +
** Instances attached to separated VLAN tagged bridges
 +
* IP Address allocation handled by API
 +
* DHCP Server assigns addresses
 +
 +
[[attachment:NovaNetworkingDiagram.png]]
 +
 +
Instance launch network steps
 +
* On Network Node
 +
** If vlan doesn't exist:
 +
*** create vlan and bridge for project
 +
*** run dhcp server bridged into vlan
 +
* generate mac address
 +
** if cloudpipe instance:
 +
*** give specific ip to instance
 +
* else:
 +
** find free private ip
 +
* configure dhcp server with mac and ip
 +
* On Compute Node
 +
** If vlan doesn't exist:
 +
*** create vlan and bridge for project
 +
* Spawn vm and nic with specified mac address
 +
** Bridge the vm nic into the project vlan
 +
 +
Volume creation network steps
 +
* volume node creates lvm
 +
* volume node exposes lvm using vblade-persist
 +
 +
Volume attach network steps
 +
* compute node discovers volume
 +
* compute node attaches volume to vm as pci device
 +
 +
Ip association
 +
* Find free public ip
 +
* Associate the ip with public interface
 +
* Set up iptables rules to forward to private ip
 +
 +
Future implementation
 +
* Pluggable Network Implementation
 +
** Support for flat networking model
 +
** Support for IP injection
 +
* Network is its own worker process and uses queue
 +
* Support for dedicated network hardware
  
 
== Rackspace Implementation ==
 
== Rackspace Implementation ==
Line 9: Line 56:
 
* Flat Network Design
 
* Flat Network Design
 
* Networking configurations injected into instances, or pulled via a Guest Agent
 
* Networking configurations injected into instances, or pulled via a Guest Agent
 +
* IPs pulled from Cluster Controller per network group.
 
* Instances protected by various IPTables, Ebtables, Arptables rules
 
* Instances protected by various IPTables, Ebtables, Arptables rules
 
** Protects instances from IP/MAC Address Spoofing
 
** Protects instances from IP/MAC Address Spoofing
 
** Protects instances from ARP Poisoning Attacks
 
** Protects instances from ARP Poisoning Attacks
 
* Host machines connect three Datacenter Networks: public, service-net, management-net
 
* Host machines connect three Datacenter Networks: public, service-net, management-net
** [[ManagementNet]] is used for communication from controllers to host.
+
** Management-net is used for communication from controllers to host.
 
* Instances connected to single bridge for each network, public, service-net
 
* Instances connected to single bridge for each network, public, service-net
 
* Bandwidth throttling.
 
* Bandwidth throttling.
Line 19: Line 67:
 
Future implementation
 
Future implementation
  
* Addition of host-net bridge for internal communication from Instances to all host network for storage.
+
* Addition of host-net bridge for internal communication from Instances.
** Is this an additional network interface or does this piggy back existing
+
** Needed for Hypervisor agnostic communication between Host and Guest Communication.  (we can't rely only on [[XenStore]])
** Need Hypervisor agnostic communication for Guest Communication. 
+
** IPs assigned via DHCP over local host network.
 +
** Is this an additional guest network interface or does this piggy back existing?
 
* [http://openvswitch.org/ Open vSwitch]
 
* [http://openvswitch.org/ Open vSwitch]
** Instance protection rules could be pushed into the vSwitch.  
+
** Instance networking protection rules could be pushed into the vSwitch.  
 
 
== Nova Implementation ==
 
 
 
Current implementation
 
* Private networking and VPNs
 
** Instances attached to separated VLAN tagged bridges
 
* IP Address allocation handled by API
 
* DHCP Server assigns addresses
 
 
 
Future implementation
 
* Pluggable Network Implementation
 
** Support for flat networking model
 
** Support for IP injection
 
* Network is its own worker process and uses queue
 
* Support for dedicated network hardware
 
  
 
== IPv6 ==
 
== IPv6 ==

Latest revision as of 15:50, 30 September 2013

Networking Overview

Live notes may be taken for this topic at: http://etherpad.openstack.org/Networking

Nova Implementation

Current implementation

  • Private networking and VPNs
    • Instances attached to separated VLAN tagged bridges
  • IP Address allocation handled by API
  • DHCP Server assigns addresses

attachment:NovaNetworkingDiagram.png

Instance launch network steps

  • On Network Node
    • If vlan doesn't exist:
      • create vlan and bridge for project
      • run dhcp server bridged into vlan
  • generate mac address
    • if cloudpipe instance:
      • give specific ip to instance
  • else:
    • find free private ip
  • configure dhcp server with mac and ip
  • On Compute Node
    • If vlan doesn't exist:
      • create vlan and bridge for project
  • Spawn vm and nic with specified mac address
    • Bridge the vm nic into the project vlan

Volume creation network steps

  • volume node creates lvm
  • volume node exposes lvm using vblade-persist

Volume attach network steps

  • compute node discovers volume
  • compute node attaches volume to vm as pci device

Ip association

  • Find free public ip
  • Associate the ip with public interface
  • Set up iptables rules to forward to private ip

Future implementation

  • Pluggable Network Implementation
    • Support for flat networking model
    • Support for IP injection
  • Network is its own worker process and uses queue
  • Support for dedicated network hardware

Rackspace Implementation

Current implementation

  • Flat Network Design
  • Networking configurations injected into instances, or pulled via a Guest Agent
  • IPs pulled from Cluster Controller per network group.
  • Instances protected by various IPTables, Ebtables, Arptables rules
    • Protects instances from IP/MAC Address Spoofing
    • Protects instances from ARP Poisoning Attacks
  • Host machines connect three Datacenter Networks: public, service-net, management-net
    • Management-net is used for communication from controllers to host.
  • Instances connected to single bridge for each network, public, service-net
  • Bandwidth throttling.

Future implementation

  • Addition of host-net bridge for internal communication from Instances.
    • Needed for Hypervisor agnostic communication between Host and Guest Communication. (we can't rely only on XenStore)
    • IPs assigned via DHCP over local host network.
    • Is this an additional guest network interface or does this piggy back existing?
  • Open vSwitch
    • Instance networking protection rules could be pushed into the vSwitch.

IPv6

IPv6 should have first-class support, we can derive IPv4 address binding with the IPv6 to IPv6 mapping space and configuration options.

IPv4 Countdown Clock