Apache CloudStack is an open source Infrastructure-as-a-Service platform that enables orchestration and management of compute, storage and network resources for public, private or hybrid clouds.
OpenContrail integration extends CloudStack’s networking capabilities by providing a complete L3 overlay based network virtualization solution. Private and VPC networks are implemented as overlays that are transparent and don’t depend on the underlying network switching infrastructure.Contrail’s policy driven network interconnect allows for direct traffic between different private networks without the need to traverse a router VM, such as the VPC router or domain router. This provides reliability, throughput and latency advantages. Figure 1 below depicts three separate private networks implemented using the OpenContrail’s overlay technology.
Figure 1: OpenContrail’s overlay networking functionality
OpenContrail implements advanced networking functionality such as the CloudStack VPC API and can interoperate with existing networking equipment that supports the BGP/MPLS L3VPN standard. This capability allows for a virtual network to extend directly out of the data-center and be associated with non-virtualized devices or other data-centers across an MPLS enabled WAN.Contrail also supports service chaining where a subset (or all) of traffic is taken through a series of service appliances. Services in a chain can scale out independently with Contrail steering the traffic through them in a load-balanced manner.
Solution Components & Architecture
At a high level, the solution comprises of two parts:
- Control/Management that runs:
- CloudStack Management server with integrated Contrail plugin
- Contrail controller (Configuration node, Control Node, Analytics, Database)
- Compute Hosts run:
- Hypervisor for hosting workload/services (presently only Xen)
- Contrail data-plane component (vrouter) in Dom0 of Xen
Figure 2: Cloudstack and OpenContrail solution
Contrail is officially supported in ACS and CCP 4.3 releases and supports Xen(6.2SP1) as the hypervisor. Following is the list of features supported after the first round of integration:
- Isolated Networks
- Management Networks
- Public Networks
- Static NAT (1:1) [aka Floating IP]
- Source NAT via Juniper’s vSRX
- VPC with support for:
- Multiple isolated networks
- ACLs to interconnect different isolated networking
- Internal load balancing
- Contrail Analytics and WebUI
- DevCloud Support
- Provisioning and Install through Fabric scripts
Note: ACS 4.3 has bulk of the above functionality but not all. ACS 4.4 carries all.
Future blog entries will go into the details of VPC and Service Chaining.