ASTARA OVERVIEW
Neutron Operational Challenges
Managing multiple services is challenging
Each SDN/L2 backend is different
Difficult to change
Multi vendor deployments can be difficult
Day Two Operations
RaaS
APPLICATION SECURITY
APPLICATION PERFORMANCE
LBaaS
NODE BALANCING
VPN FWaaS
NFaaS
Logical NeutronVM1
10.0.0.2VM2
10.0.0.2/172.16.VM3
172.16.77.1
Tenant A Net1 192.168.0.0/24
Tenant A Net2 172.16.77.0/24
Public Net 10.0.0.0/8
VM110.0.0.2
VM210.0.0.2/172.16.
VM3172.16.77.1
Tenant B Net1 192.168.0.0/24
Tenant B Net2 172.16.77.0/24
Router Router
Astara
OTTNETWORKSERVICESDELIVERANYLAYER3-7SERVICES
OPENSOURCEAPIsNEUTRON,NOVA,GLANCE&MORE
HYPER-SCALABLECONTROLPLANEFORXXLCLOUDS
ASTARA — “THE RUG” “REALLY TIED THE ROOM TOGETHER”
Reference Neutron
neutron-server
L2 AgentL2 AgentL2 AgentL2 AgentL2 AgentL2 Agent
L3 AgentL3 Agent
L3 AgentL3 Agent
Database
L3 Agent
DHCP Agent
L2 Agent
Message Queue
Adv Services
neutron-server
Neutron w/ Astara
neutron-server
L2 AgentL2 AgentL2 AgentL2 AgentL2 AgentL2 Agent
Database
L2 Agent
Message Queueneutron-server
Astara
Neutron Reference
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
Network Node
Network Node
Astara with VMs
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
HV
ASTARA UNDER THE HOOD
What is Astara?Control Plane Orchestration
Logically Centralized
Pluggable Drivers
Multi-Process/Multi-Threaded
Utilizes standard APIs/interfaces for Neutron, Nova, Glance and Ceilometer
In Development since Folsom
Astara Supports
Dynamic Routing
OSPF
BGP
Designed for IPv6
L2 Agnostic
OVS, LinuxBridge or other solution
Astara Architecture
AstaraManagement/Orchestration Physical Network (L2)
Nova
Neutron
Open:OVS/LinuxBridge Proprietary
Astara OTT Support (L2 Agnostic)
Astara Adv Services: Routing/LB/FW
OpenStack APIs
Pluggable OTT ArchitectureAdd new services easily
Can enabled for tenants upload images
Driver Based
LBaaS (HAProxy, nginx)
VPNaaS
Routing (Linux, BSD, CSR, etc).
Support Services without OpenStack APIs
Utilizes standard APIs/interfaces for Neutron, Nova, Glance and Ceilometer
Internals
Python
Project began during Folsom
Based on Multiprocessing and Threads
Scaling is easier
No hangs for slow or dead VNFsWorker
Notification Processor
Scheduler
Worker
What’s in a worker?
State Machine for each VNF
Includes queue of pending operations
Instance Manager
ACTIVE/ACTIVE SCALING
Scaling Up
Add threadsAstara
Astara
HA and Scaling
VNF1 VNF2 VNF3
VNF4 VNF5 VNF6
VNF7 VNF8 VNF9
HA and ScalingScale Up
Add threads
Scale Out
Active/Active
Astara
VNF1 VNF2VNF3 VNF4VNF5 VNF6
VNF7 VNF8VNF9
Astara
HA and ScalingScale Up
Add threads
Scale Out
Active/Active
Astara
VNF1 VNF2VNF3 VNF4 VNF5VNF6 VNF7 VNF8VNF9
AstaraAstara
HA and ScalingScale Up
Add threads
Scale Out
Active/Active
Astara
VNF1 VNF2VNF3 VNF4VNF5 VNF6
VNF7 VNF8VNF9
Astara
How is this implemented?
Implemented using Hash Ring borrowed from Ironic
Orchestrator makes no assumptions about current state of function
simplifies expand/contract
late notifications are non-issue
New in Mitaka
Bring Your Own Network Function
Active/Active Appliances
VRRP
VPNaaS
Instance Pooling
ASTARA COMPONENTS
Astara-ApplianceBasic Router Image
Supports BGP (Bird), VPN (StrongSwan), DHCP (dnsmasq), Metadata Services
Linux: Debian 8.3 Base
Image traditionally built with Disk Image Builder
Configured via REST API
Typical interfaces
eth0: management network
eth1: external gateway
eth2-ethN: tenant networks
Astara-Neutron
Small Shim Layer
Provides L3 Plugin
Provides ML2 Wrapper
Long Term Goal: Module Retirement
Features are removed as upstream Neutron capabilities replace
Looking ahead to Newton
Generic VNF Driver
Python entrypoint support
Load Balancing
SFC Integration
DEMO
Astara
OTTNETWORKSERVICESDELIVERANYLAYER3-7SERVICES
OPENSOURCEAPIsNEUTRON,NOVA,GLANCE&MORE
HYPER-SCALABLECONTROLPLANEFORXXLCLOUDS
THANK YOU
QUESTIONS?