May 23, 2018 Dragonflow Project Update OpenStack Summit Vancouver Pino de Candia, @pino_deca
What does Dragonflow do? • Distributed SDN-based Neutron Implementation • Our mission is to implement advanced networking services in a manner that is efficient, elegant and simple. It is designed to support large scale deployments with a focus on low latency and performance.
OpenStack Pike Features ➔ IPv6 ➔ Trunk ports (VLAN aware VMs) ➔ SFC ➔ Service Health Report ➔ BGP ➔ Distributed SNAT ➔ Complete DB-Model Refactor
OpenStack Queens ➔ Skydive integration ➔ Application Decoupling ➔ Vagrant fixes and more options
Skydive Integration ➡ Visualize how Dragonflow sees the topology ➡ For operations and debugging ➡ With real-time updates ➡ And graphical tracing of simulated packets More information on Skydive: ➡ Slides: https://www.slideshare.net/SylvainAfchain/skydive-realtime-network-analyzer ➡ Austin talk: https://www.youtube.com/watch?v=nQSdGKV8ceM
Skydive Integration
Application Decoupling Previously: ➡ Config defined datapath as a list of apps: apps_list=l2,l3_proactive,dhcp,dnat,sg,portsec,... ➡ Each app: • Chose OpenFlow tables numbers in which to place flows • Packet registers in which to place state • Strong coupling between apps Now: ➡ Apps define a contract of entrypoints, exitpoints and registers ➡ Config specifies datapath as a graph ➡ Controller allocates all required table IDs and registers
Application Decoupling – what are apps?
Application Decoupling – the datapath Provider VM egress Port Sec SecGroups L2 L3 Port Filter Egress FW Ingress FW L3
Application Decoupling – new datapath config vertices: edges: input: provider.out.default: l2.in.default type: input input.out.vm-egress: portsec.in.default provider: portsec.out.accept: secgroup.in.egress type: provider secgroup.out.egress-accept: l2.in.default l2: l2.out.unicast: l3.in.ingress-filter type: l2 l3.out.ingress-match: firewall.in.egress portsec: firewall.out.egress-accept: l3.in.route type: portsec l3.out.post-route: firewall.in.ingress secgroup: firewall.out.ingress-accept: l2.in.default type: sg l3: type: l3-proactive firewall: type: firewall
Beyond Queens ➔ Bug fixes ➔ Rocky compatibility ➔ Maintenance Only one full-time dev on Dragonflow Users should do their own tagging/release management
Work in Progress – help wanted Feature Notes Status Auto upgrade Similar to alembic for sqlalchemy Advanced patch in progress For Kubernetes integration, via CNI driver Patch in progress OpenStack Kuryr OpenStack Ansible deployment Patch in progress RPMs Required by OSA deployment Patch in progress Native L4LB (as opposed to LBaaS Designed, not implemented Octavia, already supported) For local name lookup (as opposed DNS Designed, not implemented to Designate, already supported)
How to give feedback ➔ IRC: #openstack-dragonflow ◆ Cores: oanson, lihi, dimak, irenab ◆ Welcome new core: snapiri ➔ We’re listening on the mailing list ➔ launchpad: https://bugs.launchpad.net/dragonflow ➔ Trello: https://trello.com/b/PM7nah4Z/project-dragonflow ➔ Blog: http://dragonflow.net/
How to contribute ➔ Try it out! ◆ Send feedback! ◆ Let us know you’re out there! ➔ Open a bug ➔ Send a question ➔ Submit a patch ➔ Review other patches
Q&A Thank you! openstack @OpenStack openstack OpenStackFoundation
Recommend
More recommend