OpenStack/Quantum SDNbased network virtulization with Ryu

OpenStack/Quantum SDNbased network virtulization with Ryu Kei Ohmura NTT May 31, 2013

Outline Introduction to Ryu OpenStack Quantum and Ryu Demo Summary 2

What is Ryu 流流 (ryu) means flow 龍龍 (ryu) means japanese dragon, one of warter gods 3

What is Ryu manages flow control to enable intelligent networking Packet 4

SDN(Software Defined Networking) Separates control and data plane: Open interface between control and data plane Network control and management features in software Feature Feature Feature Feature OS Specialized packet Forwarding hardware OS Specialized packet Forwarding hardware Feature Feature OS Specialized packet Forwarding hardware 5

SDN(Software Defined Networking) Separates control and data plane: Open interface between control and data plane Network control and management features in software Applicatoin layer Business applications Business applications Control layer SDN control software North- bound API: Programmable Open APIs Network services Network services Network services Network-related control Infrastructure layer Network Device Network Device South- bound API (ex., ) Network Device Packet forwarding Network Device Network Device http://www.opennetworking.org/sdn-resources/meet-sdn 6

Overview One of the key technologies to realize SDN Open interface between control and data plane Controller switch switch switch protocol switch Mac dst Mac src match field IP dst IP src TCP dst Flow Table Action * * * * 6667 * output : 3.............. count er byte coun ters, etc 7

Ryu SDN framework SDN Framework A platform for building SDN applications Provides useful libraries and well-defined API Open source software (Apache v2) Fully written in Python Project site: http://osrg.github.com/ryu/ SDN apps SDN apps SDN apps Ryu SDN framework switch switch well- defined API protocol 8

Our goals De facto SDN platform Standard network controller for cloud orchestrators, e.g. OpenStack Default network controller for Linux Distributions, e.g. RHEL/feadora/ ubuntu High quality for commercial deployment code quality, functionality, usability 9

Features Generality Vendor-neutral Supports open interface (eg., ) Used by some switch vendors Agile Framework for SDN application development instead of all-purpose big monolithic controller. 10

Architecture Implement your apps by using Ryu SDN Framework operator RESTful management API OpenStack cloud orchestration REST API for Quantum Ryu SDN frame work Built-in Apps: tenant isolation, L2 switch User Apps User-defined API via REST or RPC Libraries: OF REST, topology discovery, firewall OF protocols parser/ serializer OF1.0, 1.2, 1.3 OF- Config 1.1 Non- OF protocols parser/serializer netconf, vrrp, netflow, packet lib existing IP networks switch 11

Current status protocol OF1.0 + nicira extensions, OF1.2, OF1.3 OF-Config 1.1 Other protocols netconf, vrrp, xflow, snmp, ovsdb Ryu applications/libraries Topology viewer OF REST Firewall Some sample apps are in the ryu/app directory. Switch Interoperability Referenced by some switch vendors Open vswitch Integration testing with Open vswitch (OF1.0, OF1.2) nicira extensions, OVSDB Integration with other components HA with Zookeeper IDS (Intrusion Detection System) OpenStack Quantum 12

How to use Install Ryu from pip $ sudo pip install ryu Install Ryu from the source code $ git clone git://github.com/osrg/ryu.git $ cd ryu; sudo python./setup.py install Run your application $ ryu-manager yourapp.py 13

Mac learning switch $ ryu-manager ryu/app/simple_switch.py L2 switch app Ryu (1) (2) (3) (4) Host A FlowTable switch Host B tutorial: https://github.com/osrg/ryu/wiki/_tutorial 14

OF REST $ ryu-manager ryu/app/ofctl_rest.py operator Ryu OF REST API OF REST API add a flow entry POST http://example.org/stats/flownetry/ add delete flow entries DELETE http://example.org/stats/ flowentry/delete get flow stats GET http://example.org/stats/flow/{dpid} switch protocol switch switch 15

Firewall REST $ ryu-manager ryu/app/rest_firewall.py operator Ryu Firewall REST API Firewall REST API add a rule POST h4p://example.org/firewall/rules/{switch- id} delete a rule DELETE h4p://example.org/firewall/rules/{switch- id} get rules GET h4p://example.org/firewall/rules/{switch- id} protocol Allow switch Drop https://github.com/osrg/ryu/wiki/third-party-tools,-etc. 16

Topology viewer Show topology and flows dynamically 17

HA with Zookeeper Centralized controller is single point of failure (SPOF) Ryu + ZooKeeper is able to avoid SPOF ZooKeeper master Ryu slave Ryu Failover switch Host A Host B 18

IDS integration Ryu + IDS can cope with threats in real time. snort control app Ryu (3) Alert Deep packet inspection IDS(Snort) (4) (2) switch (1) L1~L4 matching https://github.com/osrg/ryu/wiki/snort-integration 19

Ryu plugin for OpenStack Quantum Ryu plugin was merged into OpenStack Quantum Grizzly release VM VM VM VM VM VM VM VM Open vswitch Open vswitch Nova Quantum Ryu plugin REST API OpenStack apps Ryu Ryu Quantum REST API create network PUT http://example.org/v1.0/ networks/{network-id} delete network DELETE http://example.org/ v1.0/networks/{network-id} connect a new VM PUT http://example.org/v1.0/ networks/{switch-id}_{port-id} https://github.com/osrg/ryu/wiki/openstack 20

OpenStack *- as- a- Service OpenStack Service Compute Nova SwiK (Objects) Storage Cinder (Block) Glance (Images) idensty Keystone Network Quantum 21

OpenStack Quantum Provides networking- as- a- service Quantum controls network virtualization like Nova controls server virtualization plugin mechanism Enable different technologies Ryu, Open vswitch, Cisco UCS, Linux Bridge, NVP 22

What does Ryu bring to OpenStack Flat L2 networks regardless of the underlying physical network We don t need high-end switches Scalable multi- tenant isolations Ryu provides tunneling based isolations Virtual networks that Ryu provieds are decoupled from VLAN limitations 23

How Ryu works with OpenStack Quantum db: (Network id, key (tunnel id)) Quantum Server Quantum-node Quantum API Ryu Quantum REST API Ryu-node Ryu server (Network id, key) & OVSDB JSON Vif driver Ryu agent OVS L3 agent Ryu agent OVS Create Tap port Create Tunnel port Compute-node Network-node 24

Demo Ryu and OpenStack (GRE tunneling) 25

Ryu and OpenStack: physical view demo VM1 mode VM1 demo VM2 mode VM2 Qemu/KVM Qemu/KVM Qemu/KVM Qemu/KVM Ryu OVS Glance OVS Nova Nova Quantum Ryu agent Keystone Horizon KVM KVM All-in-one node GRE tunnel GRE tunnel Compute node bridge Linux(physical machine) 26

Ryu and OpenStack: logical view Tenant demo ID -> 0x2 Tenant mode ID -> 0x4 demo VM1 demo VM2 mode VM1 mode VM2 demo network mode network 27

Future works Adds more components(protocols, IaaS, stats, security, etc). Improves distributed deployment component(cluster support) New testing methods (Ryu has more than 15,000 lines test code). 28

Summary Ryu is an ongoing project Ryu project needs more developers site: http://osrg.github.com/ryu/ wiki:https://github.com/osrg/ryu/wiki/ _pages ML: ryu-devel@lists.sourceforge.net 29

Appendix

Node boot up 31

Network creation 32

Instance creation 33

Flow table usage In port match Src table Tunnel out Local out Table 0 Table 1 Table 2 action match action match action M port in_port src mac set_tunnel goto table 1 tunnel_id dst mac output(tunnel) goto table 2 in_port drop tunnel_id goto table 2 tunnel_id dst mac output(vm) Tunnel port in_port tunnel_id goto table 2 tunnel_id drop GRE tunnel tunnel port OVS VM port VM1 VM2 34