Hi!这里是TF中文社区关于Tungsten Fabric架构解析内容的第二篇,解读TF如何运作。本文介绍TF控制器和vRouter的软件体系结构,以及在虚拟机或容器启动时,vRouters与Tungsten Fabric控制器之间的交互。
Tungsten Fabric架构解析系列文章,旨在帮助初入TF社区的朋友答疑解惑,我们将系统介绍TF有哪些特点、如何运作、如何收集/分析/部署、如何编排、如何连接到物理网络等话题。Tungsten Fabric support Orchestrator (Choreographer)
Tungsten Fabric controller integrated OpenStack and other cloud or Kubernetes management system, its function is to ensure that when you create a virtual machine (VM) or container, according to the controller or coordinator in the specified network and security policies to provide network connectivity.
Tungsten Fabric consists of two main software components:
• Tungsten Fabric Controller - a set of network maintenance and network policy model of software services for high availability, usually run on multiple servers.
• Tungsten Fabric vRouter- installed on each host running workloads (virtual machines or containers), vRouter perform packet forwarding, and enforce network and security policies.
Tungsten Fabric typical deployment as shown below:
Tungsten Fabric controller integrated via software plug-ins with the coordinator, the coordinator of the plug-in implementation of network services.
For example, Tungsten Fabric plug OpenStack achieved Neutron API, kube-network-manager_ and _CNI (container network interface) component uses Kubernetes k8s API monitor network-related events.
Tungsten Fabric vRouter replace the Linux bridge and IP tables, Open vSwitch or computing network on the host controller is configured vRouters to achieve the desired network and security policies.
If the VM packet to be forwarded to a different host, will add vrouter MPLS over UDP / GRE VXLAN or package in which the target external header is the IP address of the host running the destination VM. The controller responsible for the installation in each set of routes for each VRF vRouter implementation of network policy.
For example: By default, the virtual machines on the same network can communicate with each other, but can not communicate with the different networks of virtual machines, unless specifically allowed in the network policy. VRouters communication between the controller and is a widely used and flexible by means of a messaging protocol XMPP achieved.
A key feature of cloud automation, users can request resources for their application, without knowing how or resources to provide details of where they are.
This is usually done through a portal, the portal provides a set of services and products, users can select and convert it to an API call to the underlying system, including cloud coordinator to initiate the necessary memory, disk and CPU virtual machine or container, ability to meet user requirements.
Service products can be like having a particular memory allocated to virtual machines it's as simple as disk and CPU, can also include the entire application stack by multiple instances of pre-configured software.
And interactive Orchestrator
Tungsten Fabric vRouter interactive controller and architecture, and a coordinator, as shown below:
The figure shows a coordinator working hypervisor, and virtual machine, and the container which is similar to the information flow of a coordinator, e.g. Kubernetes (Kubernetes container with the Tungsten Fabric).
Each interface of the workload running on a host connected to the VRF, corresponding network comprising L2 and L3 forwarding, which contains the IP address of the interface.
vRouter achieve the physical router executes integrated bridging and routing (IRB) function. vRouter only VRF network interface located on the host, including Fabric VRF physical interfaces connected to the host. VRF can use different virtual networks with overlapping IP and MAC addresses, does not define any network policy to allow traffic between them.
Tungsten Fabric virtualized network using packet transmission tunnel between the package on a different VM host, and encapsulation and de-encapsulation occurs between Fabric VRF and VM VRF.
When you create a new virtual workloads will see an event and sends it to the controller in a specific orchestrator of plug-in, then the controller sends a request to the agent for installation in the VRF routing virtual network, and the agent which is disposed in the transponder.
Using a single network interface configuration on the new VM logical flow follows:
- Use UI, CLI, or North or strategy Orchestrator Tungsten Fabric defined networks and network to the REST API. The main network is defined as a pool of IP addresses when creating the VM will be assigned to the interface.
- A user request to start VM by the coordinator, which includes a network interface resides.
- Coordinator select the new VM host to run, and instructs the calculation agent on the host gets its image and start the VM.
- Tungsten Fabric plug-in calls from the coordinator of the network service to receive events or API, indicating that it is about to launch a new VM's network interface settings. These instructions will be sent to convert a call controller Tungsten Fabric Tungsten Fabric REST.
- Tungsten Fabric controller agent sends a request to vRouter, to the virtual interface to the virtual network specified new VM. vRouter agent instructs vRouter repeaters to connect the VM virtual network interface to a VRF. If not, then create the VRF, and the interface is connected to it.
- Calculation Agent start VM, each interface is typically configured to use the DHCP request for an IP address. vRouter DHCP proxy request, then the interface IP address, default gateway and DNS server address responds.
- Once the interface has an IP address from the start and the DHCP, vrouter mounted to route IP and MAC address of the VM, and the VM virtual interface to the next hop.
- vRouter label assigned to the interface, and is mounted in the MPLS label route table. vRouter XMPP sending a message to the controller, the message contains the routing of the new VM. Next hop, and the IP address of the server route has run vRouter just label allocation protocol of the specified package.
- In the network policy allows, the new controller will be distributed to other VM route vRouters, containing the VM on the same network and other networks.
- In the network policy allows, the controller transmits to another VM route of the new VM vRouter.
At the end of this process, the updated data center routing VRF all vRouter already has information about the new VM.
Tungsten Fabric architecture analytic article first article: TF Main features and use cases
Focus on micro letter: TF Chinese community