OpenStack tacker and service function chaining sfc with kolla

In this blog post I will show how to deploy OpenStack Tacker with | Service Function Chaining (SFC) with OpenStack kolla project and make a few | verifications and tests to ensure fully NFV and SFC functionality.

Tacker and SFC is only supported in kolla during Pike release or later.

Tacker, NFV and SFC concepts

Tacker is an OpenStack service for NFV Orchestration with a general purpose VNF Manager to deploy and operate Virtual Network Functions (VNFs) and Network Services on an NFV Platform. It is based on ETSI MANO Architectural | Framework. Tacker documentation

Network functions virtualization (NFV) is a network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create communication services. ETSI NFV specs

Service Function Chaining is a mechanism for overriding the basic destination based forwarding that is typical of IP networks. It is conceptually related to Policy Based Routing in physical networks but it is typically thought of as a Software Defined Networking technology. It is often used in conjunction with security functions although it may be used for a broader range of features. ETSI SFC spec

Kolla

Kolla is a highly opinionated deployment tool out of the box. This permits Kolla to be deployable with the simple configuration of three key/value pairs. As an operator's experience with OpenStack grows and the desire to customize OpenStack services increases, Kolla offers full capability to override every OpenStack service configuration option in the deployment. kolla documentation

Requirements

Kolla depends on the following requirements to be met for a fully operational multinode OpenStack cluster with Tacker and SFC features:

  • Core compute stack (nova, neutron, glance, etc)

  • Heat

  • Mistral and Redis

  • Barbican

  • Networking-sfc

Deployment

Install base kolla and dependencies following kolla\'s quickstart guide

Configure globals.yml and enable services in requirements, optionally other services can be enabled altogether. Refer to kolla documentation for other option/values information.

Configure inventory file.

Generate passwords

Deploy OpenStack.

Once deployment finish, generate credential file and create base networks and a cirros image.

Tacker and SFC demo

In kolla-ansible repository a tacker demo is present. Tacker demo

Before starting the demo, install tacker and networking-sfc clients.

Demo description

Tacker demo for SFC will create the following resources:

  • Tacker default VIM

  • Tacker VNFD

  • Tacker VNF

  • kolla_sfc_client instance with a floating IP

  • kolla_sfc_server instance with a floating IP

  • Tacker VNFFGD

  • Tacker VNFFG

After demo is deployed will be able to:

  • Create sample web server in kolla_sfc_server instance.

  • Request web service from kolla_sfc_client

Traffic flows:

  • Request from kolla_sfc_client instance

  • Tacker VNF instance will receive the traffic and redirect to

    kolla_sfc_server

  • kolla_sfc_server instance receive request and reply with \"W00t

    from Kolla HTTP server!\" message.

Execute tacker demo

In tacker demo directory initialize execution.

Once finished, script will show server and client floating IP addresses, also a sample command to start a basic HTTP server in tacker_sfc_server instance.

Validate resources

Verify tacker resources are created.

Verify nova and heat resources are created.

Verify networking-sfc resources.

Verify traffic flows

Execute the command to create a sample web server in tacker_sfc_server.

Connect to tacker_sfc_client through the floating IP address

Curl to tacker_sfc_server internal/fixed IP address.

Should receive \"W00t from Kolla HTTP server!\" message

Find hypervisor where tacker VNF instance is running.

Find tacker VNF instance port ID

In the host where the instance is running, locate the tap interface.

Tap interface is tap<first 11 ID digits>.

Start tcpdump in port 80 in the tap interface.

Now curl again from tacker_sfc_client instance.

In the tcpdump should see traffic flowing to tacker_sfc_server from tacker_sfc_client

Check br-int ovs flows.

Check br-tun ovs flows.

Once Tacker and SFC is verified, all resources can be deleted.

In following posts will show how to tacker templates works and an in deep sfc traffic flows analysis.

Regards, Eduardo Gonzalez

PreviousIndexNextDeploy OpenStack designate with kolla-ansible

Last updated

Was this helpful?