blueprint spec for opendaylight bgpvpn support
Change-Id: I82695f9119e146797761b45b7fbd0c0c5f3c5edb Signed-off-by: Periyasamy Palanisamy <periyasamy.palanisamy@ericsson.com>
This commit is contained in:
parent
bc940971a7
commit
4f09298b86
|
@ -0,0 +1,185 @@
|
||||||
|
OpenDaylight with BGPVPN support in Neutron
|
||||||
|
###########################################
|
||||||
|
:date: 2017-11-17 16:30
|
||||||
|
:tags: OpenDaylight,Open vSwitch,neutron,BGPVPN,L3,DC-GW
|
||||||
|
|
||||||
|
Blueprint on Launchpad
|
||||||
|
|
||||||
|
* https://blueprints.launchpad.net/openstack-ansible/+spec/opendaylight-with-bgpvpn-support
|
||||||
|
|
||||||
|
|
||||||
|
This spec introduces the work required for OpenDaylight configured with BGPVPN
|
||||||
|
through Openstack-Ansible to enable Openstack deployments with extended L3 support.
|
||||||
|
|
||||||
|
Problem description
|
||||||
|
===================
|
||||||
|
|
||||||
|
The support for BGPVPN is available from OpenDaylight since its Beryllium
|
||||||
|
release. Openstack can make use of this feature by configuring neutron to use
|
||||||
|
BGPVPN service plugin.
|
||||||
|
|
||||||
|
`` https://docs.openstack.org/networking-bgpvpn/latest/user/drivers/opendaylight/index.html ``
|
||||||
|
`` https://docs.openstack.org/networking-bgpvpn/latest/user/usage.html ``
|
||||||
|
|
||||||
|
In addition to it, quagga/zrpcd and its dependent packages have to be installed
|
||||||
|
along with OpenDaylight for configuring OpenDaylight as a BGP speaker.
|
||||||
|
|
||||||
|
Proposed change
|
||||||
|
===============
|
||||||
|
|
||||||
|
For the configuration of OpenDaylight as a BGP speaker that integrate into
|
||||||
|
deployer's infrastructure, a new OpenStack-Ansible playbook with required
|
||||||
|
ansible tasks for installing quagga and its required packages will be written.
|
||||||
|
The wiring of the OpenDaylight configuration as a BGP speaker will be done
|
||||||
|
inside the neutron role, which configures OpenDaylight (see playbook/role
|
||||||
|
impact for details).
|
||||||
|
|
||||||
|
The initial supported distros would be CentOS and Ubuntu.
|
||||||
|
|
||||||
|
Alternatives
|
||||||
|
============
|
||||||
|
|
||||||
|
There are other bgpvpn backend drivers available with neutron like BaGPipe,
|
||||||
|
OpenContrail driver and Nuage Network driver to configure the BGPVPN.
|
||||||
|
|
||||||
|
Playbook/Role impact
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
The new playbook will be added in OpenStack-Ansible which installs quagga and
|
||||||
|
configure OpenDaylight for BGP speaker. This playbook would get executed after
|
||||||
|
neutron playbook in neutron server node (in case of ha deployment, among three
|
||||||
|
neutron server containers, one is chosen), because quagga just needs to get
|
||||||
|
installed in one of the OpenDaylight node and run additional karaf CLI
|
||||||
|
commands to make it as BGP speaker.
|
||||||
|
|
||||||
|
The proposal is to add a extra variable in neutron_plugin_base, overriding the
|
||||||
|
default ODL behavior, and trigger the usage of BGPVP.
|
||||||
|
When ``neutron_plugin_type`` variable set to ``ml2.opendaylight``,
|
||||||
|
``neutron_plugin_base`` list variable having
|
||||||
|
`networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin`` item, then neutron
|
||||||
|
server node will be installed/configured with OpenDaylight and Quagga.
|
||||||
|
|
||||||
|
Upgrade impact
|
||||||
|
--------------
|
||||||
|
|
||||||
|
This is the first implementation of OpenDaylight with Quagga, so no
|
||||||
|
upgrade concerns yet.
|
||||||
|
|
||||||
|
Security impact
|
||||||
|
---------------
|
||||||
|
|
||||||
|
Networking-bgpvpn configuration requires the setup of a username and password for
|
||||||
|
northbound authentication towards OpenDaylight. The deployer should be able to
|
||||||
|
configure those credentials.
|
||||||
|
|
||||||
|
Communication between the controller and the switches will not be secured by
|
||||||
|
default. Using TLS to secure the communications is considered a stretch goal,
|
||||||
|
and deployers need to consider this security implication, specially in
|
||||||
|
production environments. For more information on secure communications between
|
||||||
|
OpenDaylight and OpenvSwitch, see the `References`_.
|
||||||
|
|
||||||
|
Performance impact
|
||||||
|
------------------
|
||||||
|
|
||||||
|
For those choosing to opt-in this deployment method, some extra packages need
|
||||||
|
to be installed on the neutron server, which would make installation last a
|
||||||
|
bit longer.
|
||||||
|
|
||||||
|
Extra resources are needed to run the OpenDaylight SDN controller on
|
||||||
|
the system as well. However, performance in Neutron API calls should be
|
||||||
|
minimum.
|
||||||
|
|
||||||
|
End user impact
|
||||||
|
---------------
|
||||||
|
|
||||||
|
End users would have a new networking and BGPVPN API available through Neutron.
|
||||||
|
This would enable them to create bgpvpn scenarios (e.g. Router and Network
|
||||||
|
association with BGPVPN). This will require some documentation with troubleshooting
|
||||||
|
steps to verify that OpenDaylight is working properly, as well as pointers
|
||||||
|
to OpenDaylight's official documentation.
|
||||||
|
|
||||||
|
No changes to Horizon or other OpenStack components are expected.
|
||||||
|
|
||||||
|
Deployer impact
|
||||||
|
---------------
|
||||||
|
|
||||||
|
New artifacts are being deployed, namely the Karaf runtime for OpenDaylight,
|
||||||
|
quagga/zrpcd, thrift and the networking-odl pip package. OpenDaylight requires
|
||||||
|
around 2.5G of RAM to work properly, with OpenStack, that would need to be
|
||||||
|
considered when dimensioning the host where it will run.
|
||||||
|
|
||||||
|
Also deployers need to ensure that OpenvSwitch with version >= 2.8 is deployed
|
||||||
|
in all networking nodes, namely compute hosts and hosts where neutron agents are
|
||||||
|
running.
|
||||||
|
|
||||||
|
Developer impact
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Developers have a new playbook to maintain, whose scope is very reduced and not
|
||||||
|
in the path of all deployments.
|
||||||
|
|
||||||
|
Developer impact is very low, all tasks for BGPVPN deployment will be optional
|
||||||
|
and can be ignored.
|
||||||
|
The tasks won't be skipped, but instead no host will be matched for the new
|
||||||
|
playbooks. This way, if we put the playbook on the path for every
|
||||||
|
developer/deployer, the impact will be minimum.
|
||||||
|
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
------------
|
||||||
|
|
||||||
|
There are no dependencies
|
||||||
|
|
||||||
|
Implementation
|
||||||
|
==============
|
||||||
|
|
||||||
|
Assignee(s)
|
||||||
|
-----------
|
||||||
|
|
||||||
|
Primary assignee:
|
||||||
|
Periyasamy Palanisamy (epalper)
|
||||||
|
Dimitrios Markou (mardim)
|
||||||
|
|
||||||
|
Work items
|
||||||
|
----------
|
||||||
|
|
||||||
|
1. Add new playbook for installing/configuring quagga/zrpcd
|
||||||
|
2. Task to configure ODL as a BGP speaker
|
||||||
|
3. Make neutron role to get configured with OpenDaylight BGPVPN driver
|
||||||
|
4. Create a new test and verify that it passes
|
||||||
|
5. Document the new functionality
|
||||||
|
|
||||||
|
Testing
|
||||||
|
=======
|
||||||
|
|
||||||
|
As a replacement of Neutron backend, this new scenario should provide the same
|
||||||
|
capabilities of existing backends, so existing tests should be run.
|
||||||
|
|
||||||
|
A test specific for OpenDaylight can also be implemented, in the same way as
|
||||||
|
there are currently tests for Calico or DragonFlow.
|
||||||
|
|
||||||
|
Documentation impact
|
||||||
|
====================
|
||||||
|
|
||||||
|
The new scenario *OpenDaylight+BGPVPN* will be documented, explaining
|
||||||
|
the configuration parameters required to deploy it.
|
||||||
|
|
||||||
|
References
|
||||||
|
==========
|
||||||
|
|
||||||
|
OpenDaylight scenario with OpenStack-Ansible
|
||||||
|
|
||||||
|
* https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-opendaylight.html
|
||||||
|
* https://git.openstack.org/cgit/openstack/openstack-ansible-specs/tree/specs/pike/opendaylight.rst
|
||||||
|
|
||||||
|
packaging and installing quagga/zrpcd packages
|
||||||
|
|
||||||
|
* https://github.com/opnfv/apex/blob/master/build/build_quagga.sh
|
||||||
|
|
||||||
|
BGP peering with OpenDaylight
|
||||||
|
|
||||||
|
* https://github.com/opnfv/sdnvpn/blob/master/sdnvpn/test/functest/testcase_3.py
|
||||||
|
|
||||||
|
Enabling BGPVPN mechanism driver at neutron
|
||||||
|
|
||||||
|
* https://docs.openstack.org/networking-bgpvpn/latest/user/drivers/opendaylight/index.html
|
Loading…
Reference in New Issue