Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to dock OpenStack and Tungsten Fabric, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

How to dock OpenStack and Tungsten Fabric

The core technology of Tungsten Fabric is based on BGP MPLS VPN technology, which distributes routes through BGP protocol, including routing information of layer 2 forwarding table, and exchanges information of VPN to achieve link isolation. Through the SDN controller and the virtual router, Tungsten Fabric can separate the control plane from the forwarding plane. In addition to OpenStack,Tungsten Fabric also supports a variety of choreographers such as Kubernetes and VMware vCenter, but also can achieve the network interconnection of multiple clusters. Tungsten Fabric supports layer 2 and layer 3 isolation of virtual networks, as well as load balancing, service chain and other functions, as well as the use of Netconf to manage some physical devices. So, what is the data flow of OpenStack and TF docking? First of all, in both OpenStack and Tungsten Fabric, projects and users correspond one to one. Through the control node of OpenStack, configure the process to use the plug-in, convert the received OpenStack request into the corresponding Tungsten Fabric request, and send it to TF's API. As the core plug-in, the plug-in is usually in the configuration file of the process. Then, vRouter receives the routing table sent by the TF control node through the XMPP protocol. After the computing node gets all the information related to the virtual machine, it allocates resources, creates an interface for the virtual machine, connects the interface to the VRF of the corresponding virtual network, and then starts the virtual machine. The virtual machine obtains the IP address through the DHCP of the vRouter agent. Next, how do you communicate when the virtual machine is created successfully? Let's take a look at the data forwarding process of OpenStack and Tungsten Fabric docking. On the topology diagram, only if the compute node has a tenant virtual machine will the routing instance be created in VRF, including instances 1a and 2a. The process is as follows:

VM 1a sends an arp request and routing instance 1a responds

VM 1a sends an ip message to routing instance 1a, and after querying the ip information forwarding table, the route of virtual machine 2a is obtained.

MPLS and GRE encapsulation of packets sent by VM 1a

The packet is sent from compute node 1 to compute node 2 via GRE Tunnel.

The packet is de-encapsulated on compute node 2 and sent to routing instance 2a after querying the MPLS forwarding table.

After querying the ip forwarding table, routing instance 2a finds the address and virtual port corresponding to VM 2a, and finally sends the packet to VM 2a.

How to deploy on the MCP platform

As one of the top five code contributions of the OpenStack community, Mirantis provides all the software, services, training, and support needed to run OpenStack and Kubernetes, and has developed the MCP platform as a feature-rich automated deployment tool. Overview of MCP platform architecture

Let's take a look at the architecture of MCP. First of all, in the cloud platform, the upgrade of the entire cloud environment and the automation of operation and maintenance are realized by integrating some tools, and any changes in the infrastructure, such as adding new nodes or changing the listening port of the service, are accomplished by modifying the configuration file of reclass, realizing the concept that infrastructure is code. MCP also supports selecting OVS or Tunsten Fabric as the network component of OpenStack. OVS is relatively simple and does not require additional physical gateway devices, but it is less functional than Tunsten Fabric. Tunsten Fabric not only has functions such as service chain and network data analysis, but also supports multi-cluster SDN. There is also an OSS system on the platform, including logging, monitoring, alarm and other functions, are based on mature open source software to achieve. In terms of SDN data traffic on MCP, Tungsten Fabric handles east-west and north-south traffic in the MCP cluster through the overlay network built on the data network. The control plane communication between Tungsten Fabric controller and vRouter uses XMPP protocol. When a virtual machine is created on the compute node, the TF controller sends the forwarding table of the virtual network where the virtual machine resides to the corresponding vRouter. The control communication between the Tungsten Fabric controller and the gateway uses the iBGP protocol to publish the route of the virtual network with ASN and target to the gateway router. It is equivalent to establishing the mapping relationship between the virtual network and the gateway router vrf, and maintaining this relationship through the ibgp protocol, updating and issuing the routing table in real time. In a MCP cluster, the deployment of a minimum OpenStack + Tungsten Fabric production environment requires at least three physical machines as KVM nodes to achieve high service availability, running all virtual machines in the virtual control plane, and 2-3 physical machines as OpenStack computing nodes.

Cfg node, which manages all nodes in the cluster as salt-master

Ctl node, OpenStack Controller node, running API related to each component of OpenStack

The ntw node, as a TF controller, runs services such as API and configuration database including Tungsten Fabric, as well as middleware

Nal node, which runs on two containers, services based on Tungsten Fabric metering and analysis packages, such as analysis API, alert generator and data collector, and middleware

The cmp node, the OpenStack compute node, which runs nova-compute of OpenStack and vRouter of Tungsten Fabric.

In the demo demonstration session, Frank introduced the basic environment and deployment process in detail:

Manually deploy the KVM node to run the cfg node of the mirror source

After the operating system is installed, the physical node automatically joins the control of master

Go to the salt master node to modify the reclass configuration. In reclass, each component has a corresponding directory. Enter the directory of each component to modify the reclass configuration according to the requirements and the actual environment.

Define which components are installed by OpenStack in the OpenStack directory, and define information such as tf configuration gateway router in the tf directory

Then log in to the Jenkins of DriveTrain, and complete the deployment of each component through the specified pipeline and the corresponding incoming parameters

Enter the name in the parameter line, deploy the corresponding component, and pipeline can repeat the execution.

Log in to the OpenStack Controller node and get the virtual network information, and you will find that there are three networks, all of which are created by default in Tungsen Fabric, which indicates that neutron can now get the network information in Tungsen Fabric, which means that the neutron and Tungsen Fabric have completed the actual docking.

In the neutron plugin configuration file, the IP address and port are defined

Log in to the controller node of Tungsten Fabric, which runs a container, and you can see all the Tungsten Fabric services running on this container through the doctrail allcontrail-status command, including five parts: Control,Config,Config Database,Web UI,Support Services

Check the peer list of the TF control node on the management side of the Tungsten Fabric, and the control node completes the XMPP connection with the two vRouter. Once there is a new routing update, the TF control node will automatically send the corresponding routing entry to the vRouter, and the corresponding VRF will be created on the computing node.

On the data plane (vRouter), traffic filtering is controlled by acl derived from network policies and security groups.

When the vRouter forwarding module gets the first packet, it creates a data stream and sends the packet to vRouter agent. When vRouter agent gets the packet, it first applies the ACL of the security group and the ACL of the network policy.

Packets that pass through ACL look for VRF to get the address of the next hop. Otherwise, the packet will be dropped.

After the deployment process is completed, Frank demonstrates the basic network functions of OpenStack and Tungsten Fabric in this environment, as well as the "load balancing as a service" function. OpenStack's initial load balancing function was combined with neutron and later spun off from neutron to achieve better functionality. After the docking of OpenStack and Tungsten Fabric, the load balancer is taken over by Tungsten Fabric. You can see the HAproxy-loadbalance-template template in the service chain, configure the left and right interfaces, the left VIP and listener, the right back-end service node, and the back-end need to configure two network cards, which increases the complexity. In version 2.0, the same side configuration is supported, in the same subnet. When we use the Neutron LBaaS command to create a virtual IP and pool, Tungsten Fabric listens to the request through the plug-in to create a service instance. The scheduler then randomly selects a compute node, instantiates a Linux network namespace on it, and configures the HA agent in the namespace. Then select another compute node and do the same thing as a standby HA agent instance. And it is up to the svc-monitor service to schedule the vRouter fact to update the local corresponding HAproxy profile.

Thank you for reading this article carefully. I hope the article "how to dock OpenStack and Tungsten Fabric" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.