OpenStack Network Architecture Nova-network + Neutron

OpenStack Network Architecture (Nova-network/neutron)

In the OpenStack network system, network technology is not innovative, but the technical points used are very complex, including Bridge, VLAN, GRE, Vxlan,OvS,OpenFlow,SDN, iptables, etc. Of course, there will not be a specific technical introduction, outlining the technology, mainly with the combination of OpenStack point to do detailed analysis.

nova-network Network Architecture

In Nova-network, its network model includes flat, DHCP flat, VLAN, the technology used mainly has bridge, VLAN,

The DHCP flat multi-network node architecture diagram looks like this:

Advantages: simple structure, stable

Disadvantage: All tenants are on a horizontal plane, there is no isolation between tenants, because all tenants are in a subnet, when the large-scale deployment of its broadcast storm will be a big negative factor, as for the model of its VM upper limit, I have no condition test.

The VLAN schema is as follows :

• create exclusive for the tenant Bridge
• Create VLAN Interface vlan100 , based on 802.1q agreement to play VLAN ID
• DNSMASQ Monitor the bridge Gateway, responsible for fixed IP the distribution
• Switch Port set to Chunk Mode
• eth0 responsible for VMS data communication between the eth1 responsible for external network access

VLAN Model:

Pros: Tenants are quarantined

Cons: Requires the support of the physical switch chunk port, the actual deployment is more complex, the number of VLAN ID is 4,094, that is, up to 4,094 subnet tenants, not applicable to the public cloud.

Conclusion: Compared to neutron network, although there is no neutron so many functional plug-ins, only bridge, but its stability has been verified by most users, for small-scale private cloud (1000 vm size), Nova-network can be considered, The current environment for online deployment is also nova-network.

Resources:

https://www.mirantis.com/blog/openstack-networking-flatmanager-and-flatdhcpmanager/

https://www.mirantis.com/blog/vlanmanager-network-flow-analysis/

https://www.mirantis.com/blog/openstack-networking-vlanmanager/

http://blog.csdn.net/hilyoo/article/details/7721401

http://blog.csdn.net/beginning1126/article/details/39371757

Neutron Network Architecture

Neutron network system compared to the nova-network to be more complex, the use of the technical point is very complicated, before the introduction of network architecture, it is necessary to outline the GRE, Vxlan, OvS, OpenFlow, SDN technology points.

As explained above, VLAN technology there is VLAN ID limit 4094, public cloud tenants certainly more than 4094, two-tier technology, can only be deployed in a LAN, unable to achieve cross-room deployment. To break these two limits, the GRE and Vxlan tunneling techniques are added.

Gre:

Cross-room Deployment: 3-Layer tunnel technology, in the original Small network IP head to join the large network IP head and GRE head, the IP head of the network is a public IP;

Segment ID: The most important field in the GRE header should be a 4-byte key value (segment ID), which acts as a VLAN ID within VLAN technology, isolating the tenant's role, since it is 4 bytes and is not limited by the 4094 VLAN ID. is the GRE typical application VPN.

Of course, GRE also has its drawbacks,

1. GRE is point-to-point technology, each two points need to have a tunnel , for the 4 layer of port resources is a waste;
2. Increase the IP header, it is bound to reduce the MTU value of the VM, the same size of data, the need for more IP packet transmission, transfer efficiency has an impact.

VXLAN:

For the first disadvantage of VLAN and GRE, the industry put forward the Vxlan technology, which is VXLAN head structure and communication flow respectively.

1. 24bit Vnid:vxlan Technology in the original Mac frame based on the addition of a new Mac header, IP header, Vxlan header, in the Vxlan header, Vnid equivalent to the size of the VLAN id,24bit,16m, far greater than 4094.
2. Sophomore network, the implementation of cross-room deployment: At both ends of the communication add vtep equipment, can be hardware equipment, can also be software implementation, of course, in the neutron network, it is implemented by the software. The device records the VLAN ID, VM mac, and Vtep IP correspondence, which is obtained by the VM initiating an ARP request. There is a multicast address in the Vxlan network, all vtep devices need to join the multicast address, vtep the broadcast request for ARP to increase the multicast IP header into a multicast request, once a VM initiates ARP request, all Vtep can receive, vtep in the multicast IP header removed, Send the original broadcast package to the VM so that the ARP table will be established between the different VMs. The Vxlan network establishes a large 2-tier network for all VMS.
3. Allows the legacy subnet to migrate seamlessly to the cloud without changing the IP address, or to allow virtual machines to migrate across the data center (previously only migrated in the same VLAN)
4. About cross-room Vxlan interoperability: the aforementioned through the multicast message implementation of ARP transmission, but on the WAN, multicast packet transmission is limited, the industry's usual solution is through the SDN CONTROLLER,SDN controller and do the ARP proxy, And get the VM inner layer Mac and outer vtep IP correspondence, exchange this information between different controllers.

Conclusion:

1. GRE solves the problem of VLAN ID number limit and inter-room interoperability;
2. Vxlan solves the problem of VLAN ID limit and cross-room interoperability, simultaneously solves the problem of GRE point-to-point tunneling, and realizes a large 2-layer network, which can be used for seamless migration between VMs in the engine room.
   

Resources:

http://blog.csdn.net/freezgw1985/article/details/16354897

Http://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-729383.html

OpenStack Network Architecture Nova-network + Neutron