Top 10 Must‑Watch OpenStack Networking Sessions from the Austin Summit

Summary

Today we recommend a series of technical talks from the Austin OpenStack Summit that focus on OpenStack networking features and tools, aimed at developers, architects, and users.

Video Index

Tap-As-A-Service What You Need to Know Now

Skydive, Real-Time Network Topology and Protocol Analyzer

Neutron DSCP Policing your Network

Troubleshoot Cloud Networking Like a Pro

Load Balancing as a Service, Mitaka and Beyond

Tired of Iptables Based Security Groups? Here’s How to Gain Trem

Integration of Neutron, Nova and Designate: How to Use It and How to Configure It

SNAT High Availability Service in Neutron for Distributed Virtual Routers

Virtual Routers on Compute Nodes: A (Not So) Irrational Decision?

F5 Networks - Technically Speaking..Are You in or Are You Out?

1. Tap-As-A-Service What You Need to Know Now

Rating: ★★★☆

Overview: Tap‑As‑A‑Service is mainly used for monitoring; the presentation covers its architecture, purpose, usage, and includes a demo.

Comments: TAAS already has an OVS implementation and CLI, based on two concepts: Tap Service (the port to monitor) and Tap Flow (the specific flow).

Overlay network monitoring is a real need, but the OVS‑Port‑Mirror design’s reliability and scalability have not been fully tested.

Monitoring VM traffic is simple for admins; the challenge is building a full monitoring and analysis system on top of it.

2. Skydive, Real-Time Network Topology and Protocol Analyzer

Rating: ★★★★

Overview: Red Hat developers created Skydive, an open‑source overlay network monitoring tool with a sleek Web UI; a demo shows automatic topology discovery, packet capture, and ElasticSearch integration.

Comments: If it truly solves overlay network monitoring, it would be a breakthrough for OpenStack users.

Current OVS management is manual and cumbersome; traditional tools like Zabbix are unsuitable.

Skydive fills this gap by scanning Linux and OVS networks, visualizing topology, and capturing packets.

Performance and scale testing are still missing; large OpenStack clouds may have hundreds of namespaces and ports, with traffic in the terabit‑per‑second range.

3. Neutron DSCP Policing your Network

Rating: ★★★★

Overview: Latest developments in Neutron QoS, implementation details, challenges, and solutions, focusing on DSCP handling.

Comments: Progress on Neutron QoS is slow but ongoing.

The session explains what DSCP is, how it is used in OpenStack, and its OVS implementation.

Key challenges:

A solution to keep QoS rules persistent across L2 agent restarts by assigning a unique cookie to each flow.

Feature isolation to ensure multiple functions (security groups, VLAN, QoS) can coexist without interference, using a small service‑function‑chain‑like table design.

Synchronization of RPC versions between server and agent, with future roadmap including ECN, minimum bandwidth guarantees, and ingress traffic limiting.

4. Troubleshoot Cloud Networking Like a Pro

Rating: ★★★☆

Overview: Indian presenters share practical tips for troubleshooting OpenStack networking.

Comments: Key tools include ip, brctl, ovs‑*, netstat, iptables, arping, ping, tcpdump, plus a solid understanding of architecture diagrams and I/O paths.

Reference PDF is available at http://www.slideshare.net/SohailArham/troubleshoot-cloud-networking-like-a-pro .

The session mentions a mysterious

check.sh

script; readers are encouraged to create their own and contribute to the OpenStack/Steth project.

5. Load Balancing as a Service, Mitaka and Beyond

Rating: ★★★☆

Overview: Progress and future plans for the LBaaS project.

Comments: Dashboard improvements and LBaaS now supports layer‑7; Octavia adds active/standby HA, security enhancements, easier image updates, and automatic certificate acquisition.

6. Tired of Iptables Based Security Groups? Here’s How to Gain Trem

Rating: ★★★★

Overview: New OVS‑based security group implementation.

Comments: Traditional iptables security groups struggle with complex virtual topologies and performance.

The presentation proposes a three‑level firewall evolution:

Level 1 – basic ACL Level 2 – stateful firewall Level 3 – full OSI firewall with DPI.

Implementing stateful firewalls in OVS can use the OpenFlow

learn

action, though flow tables become hard to read.

Another approach adds a

cs_state

field via conntrack, offering modest performance gains.

Future work will move conntrack to user space for better performance and usability.

7. Integration of Neutron, Nova and Designate: How to Use It and How to Configure It

Rating: ★★★☆

Overview: Using Nova, Neutron, and Designate to automate VM DNS name assignment, DNS record creation, and external DNS integration.

Comments: The workflow matches the official OpenStack Mitaka networking guide.

Internally, DNS uses the dns_domain attribute of the network resource and the VM’s hostname; Neutron’s DHCP server (dnsmasq) provides the DNS service, so the subnet’s dns_nameservers must be set correctly.

Designate supports external DNS services such as Bind, PowerDNS, Akamai, DynECT, Infoblox, and for Chinese users, DNSPod.

Use cases include pushing DNS info to external systems when creating ports or floating IPs.

8. SNAT High Availability Service in Neutron for Distributed Virtual Routers

Rating: ★★★

Overview: HA for SNAT routers in DVR scenarios.

Comments: This moves L3 HA functionality onto the DVR SNAT router, solving previous incompatibilities.

Future plans include a more efficient control plane and BGP support.

9. Virtual Routers on Compute Nodes: A (Not So) Irrational Decision?

Rating: ★★★

Overview: TWC’s design before DVR, placing L3 agents on all compute nodes (VR‑D).

10. F5 Networks - Technically Speaking..Are You in or Are You Out?

Rating: ★★★★

Overview: Short sponsor talk covering F5’s roadmap with OpenStack, current implementations, and demos.

Comments: The roadmap is the most valuable part; hope F5 delivers on schedule.