Chapter 8. OpenContrail Networking with OpenStack

In Chapter 7, Getting Started with OpenContrail, we introduced OpenContrail as an open source controller for SDN and NFV implementations. With its own virtual networking element (vRouter) and a powerful architecture, OpenContrail is among the most popular SDN platforms for OpenStack.

We covered an introduction to OpenContrail and OpenStack briefly in the previous chapter. In this chapter, we will go through this integration in more detail. Starting with a step-by-step guide for the integration, we will take you through the basic capabilities of OpenContrail. We will use the OpenContrail GUI and CLI to get a better understanding of the virtual networking capabilities. We will then look at the advanced networking services that can be realized using OpenContrail and OpenStack.

We will cover the following topics in this chapter:

  • Integrating OpenContrail with OpenStack
  • Virtual network management in OpenContrail
  • Data-packet flow in OpenContrail
  • Service chaining using OpenContrail

OpenContrail integration with OpenStack

While OpenContrail is a powerful SDN solution by itself, it is designed to work seamlessly with the OpenStack cloud platform. OpenContrail not only integrates with Neutron using a plugin, but it also relies on other OpenStack services, such as Keystone, Glance, and Nova. First, we will show you how to integrate OpenStack with OpenContrail. We will then show you the interaction with various OpenStack services.

DevStack-based installation

In Chapter 7, Getting Started with OpenContrail, we showed the steps to install OpenContrail directly from the source code. In order to learn OpenContrail integration with OpenStack, we will use DevStack to perform the OpenStack installation and configuration. DevStack is a set of scripts that installs OpenStack for learning, development, and experimentation. It is important to note that DevStack installation will be performed on the same setup where OpenContrail is already installed, as shown in Chapter 7, Getting Started with OpenContrail. The following steps show how to install and configure OpenStack for OpenContrail using DevStack:

  1. The first step is to check out DevStack from GitHub. In the home directory of your Ubuntu server, execute the git command, as shown here:
        git clone https://github.com/openstack-dev/devstack -b stable/liberty
    
  2. The next important step is to check and ensure that all OpenContrail services are running properly. We will be using a built-in utility for this. First, we will have to initialize some environment variables, as shown here:
        export CONTRAIL_DIR=/home/openstack/contrail-installer
        export DEVSTACK_DIR=/home/openstack/devstack
    

    We will use the contrail-status utility to check for the status of all the OpenContrail services, as shown in the following screenshot. Ensure that all OpenContrail services' statuses are ACTIVE. If any of the services have any issues, the output will show ERROR against the service and will also display the error details:

    DevStack-based installation

  3. Now we will proceed with the OpenStack installation using DevStack. The commands shown here will change the directory to the code checked out from GitHub and copy the OpenContrail plugin code to the appropriate folder within DevStack for configuring Neutron:

    DevStack-based installation

  4. Next, we will create a localrc file for DevStack using the samples that come with the OpenContrail installer:

    DevStack-based installation

  5. Add the lines shown here to the localrc file using a text editor of your choice. Note that the SERVICE_HOST attribute's value may vary based on your setup:

    DevStack-based installation

  6. Execute the stack.sh program to start the OpenStack installation and configuration process.

By default, DevStack creates an OpenStack account with the username admin and a password as specified in the localrc file, which in our case is contrail123. Once the stack.sh program completes successfully, you should be able to log into OpenContrail and see the main Monitor view of OpenContrail:

DevStack-based installation

The OpenContrail UI is categorized into four navigation groups. These groups are indicated by the icon on the top navigation bar, as shown in the following screenshot:

DevStack-based installation

We will be covering the configure-related actions in a bit more detail in the following sections.

OpenStack services used by OpenContrail

We have emphasized that OpenContrail is an SDN platform that integrates closely with cloud orchestration platforms such as OpenStack. Let us now look at the integration in a bit more detail. The following diagram will be used to describe the interaction between OpenStack and OpenContrail components:

OpenStack services used by OpenContrail

OpenStack services and their interaction with OpenContrail

When we log into OpenContrail, it redirects the authentication requests to the Keystone service in OpenStack. In addition to validating the credentials, OpenContrail also uses the user and project information stored in OpenStack to enforce appropriate access control on its user interface.

OpenContrail also communicates with Glance for fetching VM images. It is important to note that OpenContrail does not provide capabilities to start arbitrary VM instances. It uses Glance to populate and create Service Templates and Service Instances that allow users to chain networking services. We will cover this in detail in the following section.

The integration with Nova addresses two important features in OpenContrail. First, when an end-user VM instance is started, Nova invokes the OpenContrail Virtual Interface Driver (VIF Driver) to provide connectivity between the VM instance and the vRouter on the compute node. The second aspect of OpenContrail and Nova integration comes into the picture when you create Service Instances in OpenStack. As part of service chaining, virtual network functions are started using Nova APIs.

Finally, the most important and deepest integration between OpenStack and OpenContrail happens with the Neutron service. OpenContrail acts as the core plugin for Neutron and thereby handles all the networking API calls made to Neutron. Whether the end user is using the OpenStack GUI or CLI or OpenContrail GUI, all the networking-related requests are processed by OpenContrail. The translation between the OpenStack networking object model (high-level model) to the internal model of OpenContrail is performed by the configuration node within the OpenContrail controller.

All the API requests coming into OpenContrail and the ones made to OpenStack from OpenContrail are processed by an OpenContrail API server process.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.248.75