[Openstack-operators] [OpenStack][Neutron][SFC] Regarding SFC support on provider VLAN N/W
nicolas at lrasc.fr
nicolas at lrasc.fr
Thu Sep 27 13:25:43 UTC 2018
On 2018-09-26 14:06, Amit Kumar wrote:
> Hi All,
>
> We are using Ocata release and we have installed networking-sfc for
> Service Function Chaining functionality. Installation was successful
> and then we tried to create port pairs on VLAN N/W and it failed. We
> tried creating port-pairs on VXLAN based N/W and it worked. So, is it
> that SFC functionality is supported only on VXLAN based N/Ws?
>
> Regards,
> Amit
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Hi,
I had similar problems with networking-sfc (not able to create port pair
groups and not able to delete port pairs). I also had trouble
understanding the documentation of networking-sfc.
I sent a mail (see below) to the people listed in the doc and to
commiters on the github repo, but I didn't get any answer.
I am interested in any feedback about my questions below! TY!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My previous email about networking-sfc begins here.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi,
I want to test the Service Function Chaining SFC functionalities of
OpenStack
when using the networking_sfc driver. But I have some problems with
reproducing
the tutorial in the doc [1][2].
If I execute the command in the tuto [1][2], it fails.
There is a chance that I miss something, either in the networking_sfc
installation phase or in the tuto test config phase. If you could be
kind enough
to read the following, that could help me and maybe improve my
understanding
of the tutorial/doc.
You need to read this with a text editor to see the figures.
#################################
## Installation of networking_sfc
#################################
## My environment
First, I deploy my OpenStack env with the OpenStack Ansible framework.
This is a quick description of my lab environment:
OpenStack version : stable/queens
OpenStack Ansible OSA version : 17.0.9.dev22
python env version : python2.7
operating system : Ubuntu Server 16.04
1 controller node, 1 dedicated neutron node, 2 computes nodes
## Installation of networking_sfc
Then, I manually install [over my OSA deployment] and configure
networking_sfc
following these links:
* https://docs.openstack.org/networking-sfc/latest/install/install.html
* https://docs.openstack.org/releasenotes/networking-sfc/queens.html
I install with pip (python2.7).
First, I must source the right python venv (OSA is prepared for that
[3]):
```
user at neutron-serveur: source
/openstack/venvs/neutron-17.0.9/bin/activate
```
(NB: following [3], OSA should deploy OpenStack with networkin-sfc, but
it did not work for me. Therefore I installed networkin-sfc manually.)
Then I install networking-sfc:
```
(neutron-17.0.9) user at neutron-serveur: pip install -c
https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/queens
networking-sfc==6.0.0
```
The install seems to be ok (no error, only Ignoring python3.x version of
soft).
Then, I modify the neutron config files to meet this:
https://docs.openstack.org/networking-sfc/latest/install/configuration.html
###########################
## Using networking_sfc CLI
###########################
I want to reproduce the following steps to check my installation and get
a
better understanding:
* [1] https://docs.openstack.org/newton/networking-guide/config-sfc.html
* [2]
https://docs.openstack.org/networking-sfc/latest/contributor/system_design_and_workflow.html
But after reading this, I don't understand a few things.
When I read the description of the example, this is what I understand:
```
+-------------+ +-----+ +-----+ +-----+
+-------------+
| service | | VM1 | | VM2 | | VM3 | |
service |
| VM vm1 |->--p1| SF1 |p2->--p3| SF2 |p4->--p5| SF3 |p6->--| VM vm2
|
|22.1.20.1:23 | +-----+ +-----+ +-----+
|171.4.5.6:100|
| Source | |
Destination |
+-------------+
+-------------+
```
But when I read the next steps, this is what I see:
```
+-----+ +-----+ +-----+
| VM1 | | VM2 | | VM3 |
22.1.20.1:23->--p1| SF1 |p2->--p3| SF2 |p4->--p5| SF3
|p6->--171.4.5.6:100
+-----+ +-----+ +-----+
```
Here I have several questions:
1. How do you configure the net1 network ?
2. Shouldn't we add an IP subnet to net1 ? Because I can not create an
instance if there are no IP subnet. Maybe the 3 SFx instances VM1, 2
& 3
need 1 port for admin and 2 ports for their sfc port pair.
3. Where are the 2 objects (the 2 service VMs) with the IP address
22.1.20.1
and 172.4.5.6 ?
4. Is the proxy classifier enough to route/steer network traffic
between
the source and destination ?
My guess is the following: if I want to test SFC feature with OpenStack
and
networking-sfc driver, maybe I need the following topology:
```
+ + + +
| | | |
+---->---(X)---->-----+ | |
| Router #1 | | |
| | | |
| +--->----+ | |
| | | | |
| | p1 | |
| | +-----+ | |
| | | VM1 | | |
| | | SF1 +--- at IP-+ |
| +----------+ | | | | |
+---------+
| | Service | | +-----+ | | |
Service |
+--ps+ VM source| | p2 | +--pd+
VM Dest |
| | 22.1.20.1| | | | |
|171.4.5.6|
| | TCP 23 | +---<----+ | | |
TCP 100 |
| +----------+ | | |
+---------+
| +--->----+ | |
| | | | |
| | p3 | |
| | +-----+ | |
| | | VM2 | | |
| | | SF2 +--- at IP-+ |
| | | | | |
| | +-----+ | |
| | p4 | |
| | | | |
| +---<----+ | |
| | | |
| +--->----+ | |
| | | | |
| | p5 | |
| | +-----+ | |
| | | VM3 | | |
| | | SF3 +--- at IP-+ |
| | | | | |
| | +-----+ | |
| | p6 | |
| | | | |
| +---<----+ | |
| | | |
| | | |
| | | |
| +--->----(X)--->----~------>--------+
| | Router#2 | |
| | | |
| | | |
+-----+-----+ +-----+-----+ +----+----+ +-----+-----+
Source Net SFC net1 SFC net admin Dest Net
22.1.20.0/24 Flow trafic L2 10.42.42.0/24 171.4.5.0/2
Openstack Tenant Openstack Tenant Openstack Tenant Openstack
Tenant
Network VxLAN Network VxLAN Network VxLAN Network
VxLAN
OvS driver OvS driver OvS driver OvS driver
```
This represent the network view in OpenStack for the 3 SF instances
forming a
service chain and for the source and destination network flow.
For SF instance SF1, 2, 3: they have 3 ports
* 1 admin port
* 1 ingress port (p1, p3, p5)
* 1 egress port (p2, p4, p6)
Source and dest VM have only 1 port:
* ps port for source VM
* pd port for dest VM
I have other questions with this view:
1. I am not sure how to connect the Source Net 22.1.20.0/24 and the
SFC net1. Same for SFC net1 and Dest Net 171.4.5.0/24.
Maybe it is enough to use the flow classifier with the logical port
option (wich
is mendatory when using the OvS driver, according to the doc):
```
$ openstack sfc flow classifier create \
--ethertype IPv4 \
--source-ip-prefix 22.1.20.1/32 \
--destination-ip-prefix 171.4.5.6/32 \
--protocol tcp \
--source-port 23:23 \
--destination-port 100:100 \
--logical-source-port id_ps \
--logical-destination-port id_pd \
FC1
```
2. Maybe I don't need the 2 neutron routers (Routers #1 and #2)
because
the FC1 classifier and the port chain figures out what to do with
the
network traffic (from 22.1.20.1 to 171.4.5.6).
3. And I am still a bit confuse on wether SFC net1 should have an IP
subnet
or not. My idea is to create an additional admin network separated
from
net1.
4. Maybe I need a SDN controller ? For the moment my OpenStack
environment
only use neutron.
In an other environment, I have been trying to use Opendaylight as
a
neutron backend, but I have trouble with layer L3 network.
Many thanks for your time reading this.
Links:
* [1] https://docs.openstack.org/newton/networking-guide/config-sfc.html
* [2]
https://docs.openstack.org/networking-sfc/latest/contributor/system_design_and_workflow.html
* [3]
https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-opendaylight.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
End of my previous email about networking-sfc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
Kind regards,
Nicolas
More information about the OpenStack-operators
mailing list