Akanda: Open Source, Production-Ready Network Virtualization for OpenStack

72 %
28 %
Information about Akanda: Open Source, Production-Ready Network Virtualization for OpenStack
Technology

Published on November 6, 2014

Author: cleverdevil

Source: slideshare.net

Description

DreamHost has been working on our OpenStack Public Cloud, DreamCompute, for several years. At the onset of the project, we set out with an aggressive set of requirements for our networking functionality, including L2 tenant isolation, IPv6 support from the ground up, and complete support for the then emerging OpenStack Neutron APIs. Our search ended with the realization that there was a gap in OpenStack SDN for L3+ services. Thus, the Akanda project was born.

Akanda is an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack. It builds on top of Linux, iptables, and OpenStack Neutron, and is used in production to power DreamCompute's networking capabilities. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services, including routing, port forwarding, firewalling, and more. This talk will give an introduction to the Akanda project, review the DreamCompute use case, and illustrate how Akanda works under the hood. In addition, we'll discuss future capabilities, operational challenges and tips, and more.

Watch the talk video - https://www.openstack.org/summit/openstack-paris-summit-2014/session-videos/presentation/akanda-layer-3-virtual-networking-services-for-openstack

1. Production-ready, open source network virtualization Jonathan LaCour - jonathan@dreamhost.com Ryan Petrello - ryan.petrello@dreamhost.com

2. HELLO My name is Jonathan VP of Cloud at DreamHost @cleverdevil on twitter

3. HELLO My name is Ryan Senior Cloud Developer at DreamHost @ryanpetrello on twitter

4. AGENDA • The birth and evolution of Akanda • Akanda technology overview • Akanda in practice • Retrospective • The future

5.  AKANDA’S BIRTH

6. DREAMCOMPUTE IS OPEN Elastic Compute • Virtual machines via KVM hypervisor and OpenStack Block Storage • OpenStack Cinder and Ceph • Massively scalable, distributed, and self-healing • Lightning fast boot-from-volume Virtual Networking • L2 isolation for all tenants • IPv4 and IPv6 via SDN

7. AKANDA’S BIRTH  • DreamCompute’s design and development necessitated Akanda • Required L2 isolation and IPv6 • No Open Source solution and vendors were lacking • Didn’t understand cloud • Missing features and OpenStack integration

8. INITIAL DESIGN • OpenBSD service VMs • Routing, firewall, and services via OpenBSD Packet Filter (PF) • Akanda Appliance API in Python • Integration with OpenStack via Nova and Neutron • Rug Orchestration platform for creating, updating, and monitoring service VMs

9. EVOLUTION 

10. EVOLUTION  • OpenBSD not well-suited for the task • Community resistance to virtualization • Poor network throughput and network driver issues • Slow boot times (3-5 minutes) • No hot-plugging support, requiring service VM reboots

11. THE SWITCH TO LINUX • Moved to Linux • From PF to iptables, with a larger community • Significantly improved performance • Service VM boots and reboots in 45 seconds or less • Hot-plugging support

12. AKANDA ARCHITECTURE Akanda RUG Orchestration Akanda Virtual Services Routing Load Balancing Firewall Etc. OpenStack APIs – Neutron, Nova, etc. Akanda Pluggable L2 Backends NSX Linux Bridge OpenDaylight More! Physical Network (L2)

13. ❤️ • No vendor magic – open source and transparent • IPv6 support – customer VMs get IPv6 • Performance – beat the competition • Its just Linux – service VMs can run anything • Stability – routes traffic for thousands of VMs daily

14. IN DEPTH

15. THE AKANDA APPLIANCE • Linux virtual machine, built with veewee, and stored in Glance. • iptables – tenant NAT, floating IPs, etc. • dnsmasq – DHCP, DNS, etc. • bird – upstream connectivity (BGP, RADV) • Python proxy for Nova metadata service

16. APPLIANCE REST API • Not exposed to user, instead used by The Rug for configuration, monitoring, and reporting. • Primary endpoints: • Alive Check - are you alive? • Configuration Push - reconfigure / reload router services

17. { "networks": [{ "subnets": [{ "gateway_ip": "208.113.176.1", "cidr": "208.113.176.0/23", ... }], "network_id": "b1234135-a0fc-4a1a-bea3-1232341235", "interface": { "ifname": "ge1", "addresses": [“208.113.176.249/23", “2607:f298:5:110d:f816:3eff:fe7d:e274/64"] }, }], "default_v4_gateway": "208.113.176.1", "floating_ips": [{ "floating_ip": "208.113.176.249", "fixed_ip": "10.10.10.3" }], ... }

18. THE RUG • “Really ties the room together.” • Orchestration and monitoring of service VMs

19. RUG ARCHITECTURE Event Processing State Machine Notifications Neutron Health Monitoring Service VM Service VM Service VM Service VM

20. STATE MACHINE • Sophisticated state management • Ten possible states • Rug automates transitions between states

21. EXAMPLE – SERVICE VM BOOT CALC_ACTION CREATE_VM CONFIG CHECK_BOOT

22. EXAMPLE – HEALTH MONITORING CALC_ACTION ALIVE CHECK_BOOT STOP_VM CREATE_VM

23. INTERESTING FEATURES • Network hot-plugging • Upon addition or removal of a network • nova <interface-attach | interface-detach>

24. INTERESTING FEATURES • Advanced failure tracking • Configurable cool down threshold • Reporting for service VMs stuck in ERROR state

25. IN PRACTICE

26. AKANDA OPERATIONS • Build your service VM image and store in Glance • Tell the Rug which service VM image to use • The Rug actively monitors tenants missing service VMs and creates, configures, and keeps them alive

27. RUG-CTL COMMAND LINE TOOL • rug-ctl browse • Lists all service VMs and basic details • rug-ctl router debug • Forces The Rug to temporarily stop managing a service VM • rug-ctl router rebuild [—router_image_uuid] • Destroys / recreates a service VM, optionally with a different VM image

28. RETROSPECTIVE

29. RETROSPECTIVE • Neutron wasn’t ready for IPv6. Getting there now! • State machines and distributed processing are hard. Very hard. • Best way to stabilize is continuous automated testing. • As a small team, keeping pace with upstream projects is almost a full-time job.

30. THE FUTURE

31. LAUNCHING TODAY http://akanda.io

32. AKANDA’S FUTURE • Launch of Akanda, Inc. - http://akanda.io • Roadmap • Additional services – Load Balancing and Firewall • More L2 backends – physical bridge, OpenDaylight, etc. • Enterprise Rug - HA and scale-out

33. GET THE CODE, JOIN THE TEAM http://akanda.io

Add a comment

Comments

Isabella | 04/09/18
Kudos! What a neat way of thnkiing about it.

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...