Book Image

Software-Defined Networking (SDN) with OpenStack

By : Sreenivas Voruganti, Sriram Subramanian
Book Image

Software-Defined Networking (SDN) with OpenStack

By: Sreenivas Voruganti, Sriram Subramanian

Overview of this book

Networking is one the pillars of OpenStack and OpenStack Networking are designed to support programmability and Software-Defined Networks. OpenStack Networking has been evolving from simple APIs and functionality in Quantum to more complex capabilities in Neutron. Armed with the basic knowledge, this book will help the readers to explore popular SDN technologies, namely, OpenDaylight (ODL), OpenContrail, Open Network Operating System (ONOS) and Open Virtual Network (OVN). The first couple of chapters will provide an overview of OpenStack Networking and SDN in general. Thereafter a set of chapters are devoted to OpenDaylight (ODL), OpenContrail and their integration with OpenStack Networking. The book then introduces you to Open Network Operating System (ONOS) which is fast becoming a carrier grade SDN platform. We will conclude the book with overview of upcoming SDN projects within OpenStack namely OVN and Dragonflow. By the end of the book, the readers will be familiar with SDN technologies and know how they can be leveraged in an OpenStack based cloud.
Table of Contents (16 chapters)
Software-Defined Networking (SDN) with OpenStack
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Preface

Virtual and physical networking


Server virtualization led to the adoption of virtualized applications and workloads running inside physical servers. While physical servers are connected to the physical network equipment, modern networking has pushed the boundary of networks into the virtual domain as well. Virtual switches, firewalls, and routers play a critical role in the flexibility provided by cloud infrastructure:

Figure 1: Networking components for server virtualization

The preceding diagram describes a typical virtualized server and its various networking components.

The virtual machines are connected to a Virtual Switch inside the Compute Node (or server). The traffic is secured using virtual routers and firewalls. The Compute Node is connected to a Physical Switch, which is the entry point into the physical network.

Let us now walk through different traffic flow scenarios using Figure 1 as the background. In Figure 2, traffic from one VM to another on the same Compute Node is forwarded by the Virtual Switch itself. It does not reach the physical network. You can even apply firewall rules to traffic between the two virtual machines:

Figure 2: Traffic flow between two virtual machines on the same server

Next, let us have a look at how traffic flows between virtual machines across two compute nodes. In Figure 3, the traffic comes out from the first Compute Node and then reaches the Physical Switch. The Physical Switch forwards the traffic to the second Compute Node and the Virtual Switch within the second Compute Node steers the traffic to the appropriate VM:

Figure 3: Traffic flow between two virtual machines on different servers

Finally, the following diagram is a depiction of traffic flow when a virtual machine sends or receives traffic from the Internet. The Physical Switch forwards the traffic to the Physical Router and Firewall, which is presumed to be connected to the Internet:

Figure 4: Traffic flow from a virtual machine to external network

As seen in the preceding diagrams, the physical and the virtual network components work together to provide connectivity to virtual machines and applications.

Tenant isolation

As a cloud platform, OpenStack supports multiple users grouped into tenants. One of the key requirements of a multi-tenant cloud is to provide isolation of data traffic belonging to one tenant from the rest of the tenants that use the same infrastructure. OpenStack supports different ways of achieving the isolation of network data traffic and it is the responsibility of the virtual switch on each compute node to implement the isolation.