Packet Pushers

Where Too Much Technology Would Be Barely Enough

  • HOME
  • Podcasts
    • Heavy Networking
    • Priority Queue
    • Network Break
    • Briefings In Brief
    • Datanauts
    • Full Stack
    • IPv6 Buzz
    • Community
  • News
  • Hosts
  • Subscribe
  • Sponsor
  • Contact

IGNITION MEMBERSMEMBER LOGIN

You are here: Home / Blogs / OpenStack Neutron – The Dirty Network Detail

OpenStack Neutron – The Dirty Network Detail

Steven Iveson March 25, 2015

Update: I’m slowly getting there, third and more accurate diagram attached below which now includes where security policies, iptables and network namespaces are deployed. I’ve now also removed the previous two incorrect diagrams as they seem to be popping up on Google.

This post is just a quick response to a comment by Turing Machinæ on Show 227 – OpenStack Neutron Overview with Kyle Mestery, which was “I’ve learnt absolutely NOTHING about openstack from this podcast.” Whilst I don’t agree I have some empathy; time and time again I’ve found myself hitting a brick wall recently when trying to understand ‘the new hotness’ where cloud, Linux and a host of other technologies are concerned. I want some real detail, I want to understand things at a fundamental level so I can gain a full understanding. I really do “wanna get DIRTY!”

Blogs, podcasts, manuals, wikis, whatever; very few are focused on the low level network detail and implementation. Little is written with a network engineer in mind, its all a black box. As a colleague said to me just today “I just click next”. This is possible because the detail is abstracted and most server/dev/ops/sysadmin folk simply need to get a subnet or two allocated, enter it in a web GUI and… click next. There are clearly people out there who fully understand the network aspects related to these products, but mostly, I don’t think they are ‘network people’.

Aside from the obvious negative career implications (your skills are only required to build the underlay), it raises an interesting point around abstraction and understanding of the underlying components. I suspect that in the same way that I don’t think about or care about network card drivers any more, no-one cares about how networking is implemented in the new stack.

Just to drive this point home, here’s my take on how OpenStack networking is provided, in proper, low-level network detail, when using OpenStack Havana and Mirantis Fuel (to provide simplified, automated builds). Keep in mind that this relates to a single physical host.

You’ll note that, despite a few days research, I still don’t fully understand quite how br-int (and the guest for that matter) talks to anything other than the br-ex based network. Quite why there are two connections from br-int to br-ext is also a mystery. I’d love to fully understand all this, so please get in touch if you can fill me in – for everyone’s benefit. I’ll update the diagram as and when I understand more.

Of course, please keep in mind this diagram is not $gospel, is incomplete and possibly very wrong (hopefully not for long).

I’d also suggest you keep in mind that this diagram only represents a single physical host. Add in a server blade, converged system (say UCS), your ToR switches and all the rest and you have a golden ticket to troubleshooting and performance hell (perhaps). Bridges are all OVS. Its not all negative; that fact that this is even possible on Linux is pretty impressive and certainly demonstrates what is possible. I’ve also no doubt (as mentioned next) that massive improvements are on the way where both OpenStack, containers and other technologies are concerned.

One last thing, I’m aware that the Juno OpenStack release includes ML2 which may simplify things somewhat.

–Removed to prevent incorrect information being propagated by Google

Just one more thing; where is the configuration for all of this stored? How would you back it up? How do you monitor all this?

Here’s an updated version (one day later). I’m pretty sure I’ve been getting confused by differences in how Controller, Network and Compute nodes are networked. Features such as DVS and L3 HA change the picture quite a bit too. It’s too early to cover those but I will in time.

–Removed to prevent incorrect information being propagated by Google

Here’s a much improved version (three weeks later), with the compute and network node architectures split out. I’ve still got work to do as this diagrams assumes VLAN separation and I’d also like to accommodate GRE and VXLAN tunnel use. Note I’m showing two ‘tenants’, each with one guest, VLAN and ‘router’;

Neutron Networking - CompNet - v1

11 Comments

About Steven Iveson

The last of four children of the seventies, Steve was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 20 years in a variety of roles, predominantly in data centre environments. More recently he's widened his skill set to embrace DevOps, Linux, containers, automation, orchestration, cloud and more. He's been awarded F5 Networks DevCentral MVP status five times in 2014, 2016, 2017, 2018 and 2019. Details of his F5 related books can be found here. You can find him on Twitter: @sjiveson.

Comments

  1. kk says

    March 26, 2015 at 1:43 am

    I guess the talk was more about the strategy of neutron. To be honest, have never seen gory details about neutron in open and reasons for such an architecture. This is one of the issues for deployment.

    Reply
  2. Etherealmind says

    March 26, 2015 at 9:17 am

    Packet Pushers Weekly is a deep dive technology show and we simply aren’t focussed on teaching basics. We want to talk about the stuff that no one else does.

    If you want to learn OpenStack then buy some books. Lots of good ones, vendors have some good manuals and there are plenty of blog posts on installing and using OpenStack.

    Reply
    • What Lies Beneath says

      March 26, 2015 at 1:21 pm

      Fully appreciate your comments regarding the podcast, I’d hoped I’d made it clear my more negative comments were not directed at it.

      Looking ahead, I hope to rectify what I see as the lack of good information out there by producing it myself.

      Reply
    • What Lies Beneath says

      March 26, 2015 at 1:21 pm

      Fully appreciate your comments regarding the podcast, I’d hoped I’d made it clear my more negative comments were not directed at it.

      Looking ahead, I hope to rectify what I see as the lack of good information out there by producing it myself.

      Reply
  3. svētā govs! says

    March 26, 2015 at 6:17 pm

    I’ve got few crap books that are not worth reading.

    Reply
  4. Suraj Deshmukh says

    October 25, 2015 at 3:55 am

    There is great information about details of Networking in Openstack alongwith commands
    https://www.rdoproject.org/Networking_in_too_much_detail

    Reply
    • Steven Iveson says

      October 26, 2015 at 9:10 am

      Indeed Suraj, that was one of the resources of my research (the RDO site has been very useful), however, it omits many key details and does not provide a the full picture. Too much detail is not enough! 🙂 For instance, the G-H connection is never covered and you’ll also note there is not a single physical interface on the diagram.

      Reply
  5. mickey cruise says

    January 18, 2016 at 4:06 pm

    Steven Iveson wrote: ‘This is possible because the detail is abstracted and most server/dev/ops/sysadmin folk simply need to get a subnet or two allocated, enter it in a web GUI and… click next. There are clearly people out there who fully understand the network aspects related to these products, but mostly, I don’t think they are ‘network people’.’

    Absurd. This statement does more to spread ignorance as it does to add any sort of real world expertise to the subject. When in fact, it is the ‘network people’ (you know them, those brutes} that lead the SDN effort – along with the old-school Unix/Linux programmers (c/c++).

    Reply
  6. Steven Iveson says

    January 18, 2016 at 8:36 pm

    Hey Mickey. Are you saying the abstraction isn’t there? That users typically hand craft things? I’m not sure what point you are trying to make regarding this?

    Is it ‘network people’ – if so, who are they? You may have a point, how many network ‘users’ know who David Miller is? How many Linux users do for that matter? There’s a real disconnect between those who create and those who consume – even in the open source world. I’m all ears on how this situation can be improved.

    Cheers

    Reply
  7. Ranjeet Badhe says

    September 13, 2017 at 8:22 am

    Thanks Steven for posting the article , very informative indeed.

    Reply
    • Steven Iveson says

      September 13, 2017 at 8:29 am

      Hey Ranjeet,

      You’re welcome and thanks for saying so. Do keep in mind things have moved on (I expect) quite a bit since I wrote this and are hopefully much better.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter
  • YouTube

RSS YouTube

  • What Does Digital Transformation Mean To Me February 12, 2019

RSS The Weekly Show

  • Heavy Networking 430: The Future Of Networking With Guido Appenzeller February 15, 2019

RSS Priority Queue

  • PQ 161: Inside Juniper’s Programmable Silicon (Sponsored) December 13, 2018

RSS Network Break

  • Network Break 222: SnapRoute Launches Network OS; Carbonite Buys Webroot February 18, 2019

RSS Briefings In Brief

  • Tech Bytes: Thousand Eyes Shares Lessons Learned From A CenturyLink Outage (Sponsored) February 18, 2019

RSS Datanauts

  • Datanauts 158: Creating, Operating, And Collaborating On Open Source February 13, 2019

RSS Full Stack Journey

  • Full Stack Journey 028: Turning The Mic On Scott Lowe December 18, 2018

RSS IPv6 Buzz

  • IPv6 Buzz 019: IPv6 And Broadband Internet Cable Providers February 7, 2019

RSS The Community Show

  • Day Two Cloud 002: How To Do Cloud Right February 6, 2019

Recent Comments

  • Martin on Fortinet Stitches New Firewalls Into Its Security Fabric
  • Ethan Banks on BiB 071: SnapRoute CN-NOS For Whitebox Focuses On Operators
  • Glenn Sullivan on BiB 071: SnapRoute CN-NOS For Whitebox Focuses On Operators
  • Ethan Banks on BiB 071: SnapRoute CN-NOS For Whitebox Focuses On Operators
  • Ethan Banks on BiB 071: SnapRoute CN-NOS For Whitebox Focuses On Operators
  • michael marrione on BiB 071: SnapRoute CN-NOS For Whitebox Focuses On Operators

PacketPushers Podcast

  • Heavy Networking
  • Network Break
  • Priority Queue
  • Briefings In Brief
  • Datanauts
  • Full Stack Journey
  • IPv6 Buzz
  • Community Podcast

PacketPushers Articles

  • All the News & Blogs
  • Only the Latest News
  • Only the Community Blogs
  • Virtual Toolbox

Search

Website Information

  • Frequently Asked Questions
  • Subscribe
  • Sponsorship
  • How To Pitch Us
  • Meet the Hosts
  • Terms & Conditions
  • Privacy Policy

Connect

  • Contact PacketPushers
  • Ask Me Anything
  • Subscribe to Podcasts
  • Sponsorship
  • Facebook
  • LinkedIn
  • RSS
  • Twitter
  • YouTube

© Copyright 2019 Packet Pushers Interactive, LLC · All Rights Reserved