ATLANTA – Large enterprises that use OpenStack took to the stage here this week to sing the praises – and point out the faults – of the open source cloud management platform, particularly when it comes to networking.
OpenStack’s Icehouse release is the first in which the previous networking API, Nova-network, has been deprecated in favor of Neutron, which allows software-defined networking vendors to plug their wares into the OpenStack infrastructure.
But it appears OpenStack Neutron has stumbled out of the gate.
The much-lauded support for rolling upgrades in Icehouse doesn’t extend to upgrades between Nova-network and Neutron, according to one keynote presentation by Joel Johnston, platform architect for Sony Computer Entertainment America, at the OpenStack Summit.
“Getting from version to version of OpenStack, I think that’s a level of maturity that we’re still waiting to see,” Johnston said.
HA for Neutron is a complex beast.
director of products and innovation design, Deutsche Telekom
The Neutron development team is working to solve this problem, according to Mark Collier, COO of the OpenStack Foundation, who interviewed Johnston during the presentation.
“It’s certainly been a theme we’ve heard quite a bit,” Collier said.
In another session, a representative of Deutsche Telekom presented on its work with OpenStack, which the company uses to provide a self-service virtual environment for internal customers. Glitches with OpenStack Neutron pop up in its Havana-based environment, according to Alexander Stellwag, director of products and innovation design for the company.
Deutsche Telekom has upgraded to Neutron under Havana, but has encountered issues with availability in the new networking service, he added.
There are no dedicated network nodes with Neutron, but rather agents distributed among compute nodes. Deutsche Telekom uses a custom Python script for high availability (HA) in the Neutron environment right now, to check the availability of agents and reschedule them if necessary after a failure.
“HA for Neutron is a complex beast,” Stellwag said.
Other large customers worry about Neutron scalability with the agent-based architecture.
“It would be nice if they would use a model similar to Amazon, where routers and load balancers are instantiated as instances on the infrastructure, rather than agents that run on the host,” said Aaron Knister, a contractor working for a major government agency. “It seems like that would be more scalable.”
Finally, there is a Neutron-related security advisory which earned a mention in presentations this week: a bug that could allow tenants in a multi-tenant environment to route network traffic over another tenant’s router. A patch is available to mitigate this issue.