Shulou(Shulou.com)06/02 Report--

Manifesto of the Lady

This paper mainly introduces the new virtual network architecture-Cable, which is realized by the virtual network working group in order to uniformly manage the network modules of different orchestration systems and simplify the development process of virtual network functions.

Preface

In OpenStack architecture, Neutron is used as a virtual network module to manage the network of virtual machines. With the development of container technology, more and more applications are deployed to container orchestration systems such as Kubernetes, and Kubernetes also has its own network management module, such as Flannel,Calico. The maintenance of OpenStack and Kubernetes network modules not only increases the management cost, but also can not meet the needs of virtual machine and container network interworking. In order to uniformly manage the network modules of different orchestration systems and simplify the development process of virtual network functions, the virtual network working group implemented a new virtual network architecture Cable.

Background introduction

At present, the company's virtual network architecture has the following shortcomings: 1 physical machine, virtual machine and container network are managed separately, which can not achieve direct interconnection. (2) DHCP and metadata in Neutron agent adopt centralized service, so they are not robust enough. (3) the implementation of vxlan needs the support of external router, which is more complex.

The new network architecture needs to meet the unified management of physical machine, virtual machine and container network to achieve direct interconnection; simplify Neutron agent, distributed architecture to achieve DHCP, metadata and other functions; at the virtual network level to achieve vxlan; to provide traffic mirroring and other new functions.

Scheme realization

Cable overall frame diagram

To meet the appeal requirements, the Cable architecture implements the following two key points

1 Virtual data plane

The virtual data plane is no longer based on OVS, but uses a more feature-rich virtual router vrouter.ko. Vrouter.ko is an open source data module in Juniper's virtual network architecture OpenContrail. Compared with OVS's simple packet forwarding, vrouter.ko supports virtual network routing, vxlan, flow table configuration security group, flow table configuration nat/snat, traffic mirroring and other functions. The rich data plane function simplifies the development difficulty of the network function module.

2 self-developed management plane

Re-develop the management plane by ourselves. The management plane unifies the management of OpenStack and Kubernetes network modules; adopts the watch mode in Kubernetes to actively monitor the changes of platform resources and perform related operations; distributed DHCP; uses the flow function of vrouter.ko to realize nat, security group and so on.

Cable workflow

When the user request reaches the Neutron Server, the Contrail Neutron Plugin forwards the request to the control node (Control Node) of the Cable. The proxy conversion request of the control node is sent to the API,API and the received request is sent to the corresponding module, in which controller is responsible for the specific calculation and allocation, and the IPAM module is responsible for the management of the network address. Each computing node deploys Cable agent to listen for Control Node resources through Rest API. If resource changes are detected, vrouter.ko is called to execute the corresponding request (add / delete / modify network information).

Compatible with Openstack

Cable needs to consider how to be compatible with the existing virtual network structure, so that Neutron can make a smooth transition to the new architecture. Therefore, on the basis of keeping the original interface of Neutron unchanged, replace the db of Neutron with etcd, and replace DHCP-agent,metadata-agent,l3-agent with unified cable-agent. After replacing Neutron with Cable, the relevant command line and Restful API of OpenStack remain unchanged, which realizes seamless switching and facilitates operation and maintenance management.

Cable replaces Neutron rear frame composition

Summary

The new virtual network architecture is compatible with different network planes, simplifies the network function module, and makes the network more robust. At present, the overall architecture of Cable has been basically developed, and the network architecture of DHCP, metadata and VLAN has been realized. In the future, more functions such as security group, VXLAN and so on will be realized, automatic deployment will be realized, and the monitoring function will be improved.

The official account of technology sharing created by the 360Cloud platform team covers database, big data, micro-service, container, AIOps, IoT and many other technical areas. Through solid technology accumulation and rich front-line combat experience, it will bring you the most promising technology sharing.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.