OpenStack NFV Training - OVN & OpenFlow Deep Dive
Course description and goal
The course is a profound training on OpenStack networking. It starts with the introduction to OpenStack and its architecture, then clarifies core OpenStack projects as Identity service (Keystone), Image service (Glance), Compute service (Nova), Block storage (Cinder) in order to describe the surroundings of the networks in OpenStack and mainly focus on Networking project (Neutron). Virtual network infrastructure is described and based on the Open Virtual Network project, Open vSwitch and OpenFlow. The goal of the course is to understand basic operations and architecture of OpenStack as well as to familiarize participants with various networking technologies behind OpenStack, extending information about OVN and underlying flows, resources and tools.
Level
Intermediate to Expert
Duration
21 hours (3 days)
Prerequisites
- Solid Linux administration skills
- Solid networking knowledge
- Basic knowledge of cloud computing paradigm
Training plan
- Introduction to OpenStack
- History of the cloud and OpenStack
- Cloud features
- Cloud models
- private, public, hybrid
- on-premise, IaaS, PaaS, SaaS
- Public and private cloud deployments based on OpenStack
- Open source and commercial OpenStack distributions
- OpenStack deployment models
- OpenStack ecosystem
- Projects
- Underlying tools
- Integrations
- OpenStack lifecycle
- OpenStack certification
- OpenStack lab (VM) for this course
- Hands-on OpenStack administration workshop
- Getting to know OpenStack
- OpenStack components (Keystone, Glance, Nova, Neutron, Cinder, Swift, Heat)
- Interaction with OpenStack cloud
- OpenStack daemons and API communication flow
- Keystone - Identity management service
- Domains, projects, users and roles
- Managing Keystone catalogue services and endpoints
- Openrc and clouds.yaml - CLI client configuration files
- Creating users and projects
- Glance - Image service
- Images adjusted to the cloud
- Image features (properties, metadata, format, container)
- Uploading and downloading image
- Neutron - Networking
- Overview of the Neutron architecture
- ML2 plugins for Neutron
- Basic Neutron network resource types
- Networking at the Compute Node
- Manage tenant networks, subnets
- East-West routing
- Manage external/provider networks
- North-South routing
- Floating IPs management
- Manage security groups and rules
- Anti-spoofing - port security
- Networking quotas
- Verification of Neutron services
- Nova - Compute service
- Interfaces to hypervisors
- Keypair management
- Flavour management
- Instance parameters
- Creating an instance
- Verification of spawned instances
- Snapshotting
- Instance management
- Assigning floating IPs
- Interactive console and console log
- Security groups assignment
- Compute quotas
- Getting statistics from Nova
- Placement API and Nova Cells v2
- Verification of Nova services
- Cinder - Block Storage
- Volume parameters
- Creating volume
- Manage volume
- Attaching volume to Nova instance
- Getting to know OpenStack
- Deep-dive into Neutron and itβs OVN backend
- OVN architecture
- OVN components
- ML2 - OVN vs OvS driver
- Top-down OVN networking
- OpenStack logic (Neutron database)
- Northbound database
- Southbound database
- Logical datapath pipelines
- Logical flows
- OpenFlow flows
- Neutron network and OVN logical switch
- Logical ports and their types
- Switching flows
- Neutron router and OVN logical router
- NAT types
- Routing flows
- Neutron subnet and native DHCP
- DHCP flows
- Security groups in OVN
- ACLs and Port Groups
- Security group flows
- Port security in OVN
- Summary of OVN Northbound tables
- Information flow in OVN
- Neutron DB, OVN NB and SB DB, OpenFlow at OvS
- Logical flow tracing
- Defining microflows
- L2 tracing
- L3 tracing
- DHCP tracing
- Physical flows - OpenFlow
- Physical live-cycle of VM-originated packet
- Physical tracing
- Tracing for hypothetical packets
- Tracing for real packets
- Displaying Open vSwitch database and resources