본문
OpenStack 릴리즈별 프로젝트 버전 정리 (L,M,N)
오픈스택을 실제로 도입하는 경우 최신버전으로 매번 업그레이드하는것에 상당한 부담이 있으므로, 한동안 사용할 특정버전을 고정해놓는 작업이 필요하다. 그리고 다른 기관의 오픈스택 인프라와 연동해야 하는 상황일 경우에는, 향후에 발생할 버전 업그레이드를 고려하여 특정 버전 및 프로젝트의 API호환여부도 파악해 놓아야 한다. 이런 의사결정을 위해 자료가 필요한데, 잠깐 찾아봤을떄는 이를 종합적으로 정리해놓은 페이지가 없어서 직접 아래와 같이 정리해보았다. 최근 3개 릴리즈인 Liberty, Mikata, Newton을 대상으로 조사를 진행하였고, API의 경우 Mikata에서 Newton으로 넘어갈때 Cinder와 Keystone에서 default API version이 변경되어 빨간색으로 표시하였다. 그리고 릴리즈가 갱신되면서 개별 프로젝트들에서도 새로운 기능이 추가되는데, 이렇게 정리하면 된다, 라는 나름의 가이드라인을 Neutron을 바탕으로 아래에 공개한다. 이렇게 정리한 후 상황 또는 유스케이스에 맞게 강조할건 강조하고 뺄건 빼서 장표를 만들면 된다.
원문링크:
https://wiki.openstack.org/wiki/ReleaseNotes/Liberty
https://releases.openstack.org/newton/
http://developer.openstack.org/api-guide/quick-start/
* ()에서 x는 Deprecated, ?는 Partial Support를 의미.
* Horizon(Dashboard)과 Keystone은 Release Version(Major #)이 동일하다.
* Mitaka Keystone(v9.0) Release Notes: Deprecated all v2.0 APIs. Most v2.0 APIs will be removed in the ‘Q’ release.
버전별 Neutron 신기능 정리
1. Liberty
- admins to manually schedule agents, allowing host resources to be tested before they are enabled for tenant use.
- supports IPv6 Prefix Delegation for the automatic assignment of CIDRs to IPv6 subnets.
- LBaaS V2 reference driver is now based on Octavia
- offers role base access control (RBAC) for networks.
- The OVS agent may now be restarted without affecting data plane connectivity.
- Certain performance enhancements when deploying Neutron with Ubuntu Trusty Tahr were found and should be used.
- Pluggable IPAM enables the use of alternate or third-party IPAM.
- Neutron now exposes a QoS API, initially offering bandwidth limitation on the port level.
- Router high availability (L3 HA / VRRP) now works when layer 2 population (l2pop) is enabled.
- VPNaaS reference drivers now work with HA routers.
- Networks used for VRRP traffic for HA routers may now be configured to use a specific segmentation type or physical network tag.
- Ports that failed to bind when an L2 agent was offline can now recover after the agent is back online.
- Use the value of the network ‘mtu’ attribute for the MTU of virtual network interfaces such as veth pairs, patch ports, and tap devices involving a particular network.
- Enable end-to-end support for arbitrary MTUs including jumbo frames between instances and provider networks by moving MTU disparities between flat or VLAN networks and overlay networks from layer-2 devices to layer-3 devices that support path MTU discovery (PMTUD).
- When advertise_mtu is set in the config, Neutron supports advertising the LinkMTU using Router Advertisements.
- The Linuxbridge agent now supports the ability to toggle the local ARP responder when L2Population is enabled.
- A new option ha_keepalived_state_change_server_threads has been added to configure the number of concurrent threads spawned for keepalived server connection requests. With more threads, simultaneous requests for multiple HA routers state change can be handled faster.
2. Mitaka
- the combination of ‘path_mtu’ defaulting to 1500 and ‘advertise_mtu’ defaulting to True provides a value of MTU accounting for any overlay protocol overhead on the network to instances using DHCP. For example, an instance attaching to a VXLAN network receives a 1450 MTU from DHCP accounting for 50 bytes of overhead from the VXLAN overlay protocol if using IPv4 endpoints.
- queries to the Networking API for network objects will now return network objects that contain a sane MTU value.
- The ML2 plug-in supports calculating the MTU for networks that are realized as flat or VLAN networks, by consulting the ‘segment_mtu’ option.
- The LinuxBridge agent can now configure basic bandwidth limiting QoS rules set for ports and networks.
- External networks can now be controlled using the RBAC framework that was added in Liberty. This allows networks to be made available to specific tenants (as opposed to all tenants) to be used as an external gateway for routers and floating IPs.
- A DHCP agent is assigned to an availability zone; the network will be hosted by the DHCP agent with availability zone specified by the user.
- An L3 agent is assigned to an availability zone; the router will be hosted by the L3 agent with availability zone specified by the user. This supports the use of availability zones with HA routers. DVR isn’t supported now because L3HA and DVR integration isn’t finished. (Once Nova takes advantage of this “get-me-a-network” feature, a user can launch an instance without explicitly provisioning network resources via an externally connected private tenant network.)
- Support integration with external DNS service. (Floating IPs can have dns_name and dns_domain attributes associated with them; Ports can have a dns_name attribute associated with them. The network where a port is created can have a dns_domain associated with it; Floating IPs and ports will be published in an external DNS service if they have dns_name and dns_domain attributes associated with them.)
- The reference driver integrates neutron with designate
- Drivers for other DNSaaS can be implemented
- Driver is configured in the default section of neutron.conf using parameter ‘external_dns_driver’
- Ports that failed to bind when an L2 agent was offline can now recover after the agent is back online.
- Neutron now supports sharing of QoS policies between a subset of tenants.
- Security group rules, networks, ports, routers, floating IPs, and subnet pools may now contain an optional description which allows users to easily store details about entities.
- Add popular IP protocols to the security group code. End-users can specify protocol names instead of protocol numbers in both RESTful API and python-neutronclient CLI.
- RBAC support for QoS policies
- Users can set tags on their network resources. Networks can be filtered by tags. The supported filters are ‘tags’, ‘tags-any’, ‘not-tags’ and ‘not-tags-any’.
- Add timestamp fields ‘created_at’, ‘updated_at’ into neutron core resources like network, subnet, port and subnetpool. And support for querying these resources by changed-since, it will return the resources changed after the specfic time string like YYYY-MM-DDTHH:MM:SS
- By default, the DHCP agent provides a network MTU value to instances using the corresponding DHCP option if core plugin calculates the value. For ML2 plugin, calculation mechanism is enabled by setting [ml2] path_mtu option to a value greater than zero.
- Allow non-admin users to define “external” extra-routes.
- Announcement of tenant subnets via BGP using centralized Neutron router gateway port as the next-hop
- Announcement of floating IP host routes via BGP using the centralized Neutron router gateway port as the next-hop
- Announcement of floating IP host routes via BGP using the floating IP agent gateway as the next-hop when the floating IP is associated through a distributed router
- Neutron no longer includes static example configuration files. Instead, use tools/generate_config_file_samples.sh to generate them. The files are generated with a .sample extension.
- Add derived attributes to the network to tell users which address scopes the network is in.
- The subnet API now includes a new use_default_subnetpool attribute. This attribute can be specified on creating a subnet in lieu of a subnetpool_id.
- Neutron now supports creation of ports for exposing physical functions as network devices to guests.
- Use the value of the network ‘mtu’ attribute for the MTU of virtual network interfaces such as veth pairs, patch ports, and tap devices involving a particular network.
- Enable end-to-end support for arbitrary MTUs including jumbo frames between instances and provider networks by moving MTU disparities between flat or VLAN networks and overlay networks from layer-2 devices to layer-3 devices that support path MTU discovery (PMTUD).
- The Linuxbridge agent can now be extended by 3rd parties using a pluggable mechanism. (l2 agent extensions)
- Libvirt qemu/kvm instances can now be attached via MacVtap in bridge mode to a network. VLAN and FLAT attachments are supported.
- When advertise_mtu is set in the config, Neutron supports advertising the LinkMTU using Router Advertisements.
- A new API endpoint /v2.0/network-ip-availabilities that allows an admin to quickly get counts of used_ips and total_ips for network(s) is available.
- SriovNicSwitchMechanismDriver driver now exposes a new VIF type ‘hostdev_physical’ for ports with vnic type ‘direct-physical’ (used for SR-IOV PF passthrough). This will enable Nova to provision PFs as Neutron ports.
- The RPC and notification queues have been separated into different queues.
- Neutron services should respond to SIGUSR2 signal by dumping valuable debug information to standard error output.
- New security groups firewall driver is introduced. It’s based on OpenFlow using connection tracking.
- Neutron can interact with keystone v3.
- Allowed address pairs can now be cleared by passing None in addition to an empty list.
- High Availability (HA) of SNAT service is supported for Distributed Virtual Routers (DVRs).
- Improve DVR’s resiliency during Nova VM live migration events.
- Neutron now provides network IP availability information.
- Neutron is integrated with Guru Meditation Reports library.
- Create DVR router namespaces pro-actively on the destination node during live migration events. This helps minimize packet loss to floating IP traffic.
- Loaded agent extensions of SR-IOV agent are now shown in agent state API.
- OVS firewall driver requires OVS 2.5 version or higher with linux kernel 4.3 or higher.
- Support configuration of greenthreads pool for WSGI.
- The ‘physical_device_mappings’ of sriov_nic configuration now can accept more than one NIC per physical network.
- Add options to designate external dns driver of neutron for SSL based connections. This makes it possible to use neutron with designate in scenario where endpoints are SSL based.
- The local_ip value in ml2_conf.ini can now be set to an IPv6 address configured on the system.
- The Neutron server now learns the appropriate firewall wiring behavior from each OVS agent so it no longer needs to be configured with the firewall_driver. This means it also supports multiple agents with different types of firewalls.
- By default, the QoS driver for the Open vSwitch and Linuxbridge agents calculates the burst value as 80% of the available bandwidth.
- Server notifies L3 HA agents when HA router interface port status becomes active. Then L3 HA agents spawn keepalived process. So, server has to be restarted before the L3 agents during upgrade.
3. Newton
- Add options to designate external dns driver of neutron for SSL based connections. This makes it possible to use neutron with designate in scenario where endpoints are SSL based.
- Prior to Newton, the neutron-openvswitch-agent used ‘ovs-ofctl’ of_interface driver by default. In Newton, ‘of_interface’ defaults to ‘native’. This mostly eliminates spawning ovs-ofctl and improves performance a little.
- Properly calculate overlay (tunnel) protocol overhead for environments using IPv4 or IPv6 endpoints. The value of the ‘overlay_ip_version’ option adds either 20 bytes for IPv4 or 40 bytes for IPv6 to determine the total tunnel overhead amount.
- Prior to Newton, the default option for ‘ovsdb_interface’ was ‘vsctl’. In Newton ‘ovsdb_interface’ defaults to ‘native’. This change switches the way of communication with OVSDB from the ovs-vsctl tool to Open vSwitch python api to improve out-of-the-box performance for typical deployments.
- The internal pluggable IPAM implementation – added in the Liberty release – is now the default for both old and new deployments. Old deployments are unconditionally switched to pluggable IPAM during upgrade. Old non-pluggable IPAM is deprecated and removed from code base.
- The “vlan-aware-vms” feature allows Nova users to launch VMs on a single port (trunk parent port) that connects multiple Neutron logical networks together.
- SR-IOV now supports egress minimum bandwidth configuration. At the time of writing, Neutron bandwidth booking is not integrated with Compute scheduler, which means that minimal bandwidth is not guaranteed but provided as best effort.
- The port resource now has an ip_allocation attribute. The value of this attribute will be set to ‘immediate’, ‘deferred’, or ‘none’ at the time the port is created. ‘immediate’ means that the port is expected to have an IP address and Neutron attempted IP allocation on port creation. ‘deferred’ means that the port is expected to have an IP address but Neutron deferred IP allocation until a port update provides the host to which the port will be bound. ‘none’ means that the port was created explicitly with no addresses by passing [] in fixed_ips when creating it. All existing ports are considered to have ‘immediate’ IP allocation. Any ports that do not have this attribute should also be considered to have immediate IP allocation.
- Subnets now have a new property ‘service_types’. This is a list of port device owners, such that only ports with a matching device owner will be given an IP from this subnet.
- net-mtu extension now recalculates network MTU on each network access, not just on creation. It now allows operators to tweak MTU related configuration options and see them applied to all network resources right after controller restart, both old and new.
- The new l2_adjacency extension adds an l2_adjacency field to the network, to indicate whether or not there is guaranteed L2 adjacency between the ports on that Network.
- The neutron L3 agent now has the ability to load agent extensions, which allows other services to integrate without additional agent changes. An API for exposing the l3 agent’s router info data to the extensions is also provided so that extensions can remain consistent with router state.
- Neutron switched to using oslo.cache library to cache port state in metadata agent. With it, more caching backends are now available, including Memcached and Mongo.
- The Networking API now supports the ‘project_id’ field in requests and responses, for compatibility with the Identity (Keystone) API V3.
- Users can now apply a QoS rule to a port or network to setup the minimum egress bandwidth per queue and port. The minimum egress bandwidth rule is applied to each port individually.
- New API extensions, ‘sorting’ and ‘pagination’, have been added to allow API users to detect if sorting and pagination features are enabled. API sorting and pagination features are now enabled by default.
- tenant_id column has been renamed to project_id. This database migration is required to be applied as offline migration.
- Middleware was added to parse the X-Forwarded-Proto HTTP header or the Proxy protocol in order to help neutron respond with the correct URL refs when it’s put behind a TLS proxy (such as HAProxy).
댓글