Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
3521
Views
1
Helpful
0
Comments

Multicast with OpenStack using Cisco's Nexus9000 and UCS

Vikram Hosakote
Cisco Employee
Cisco Employee
‎04-27-2017 08:16 PM

This is a blog about how to deploy multicast in an OpenStack cloud.  Unlike broadcast and unicast, multicast is used for one-to-many communications.

What is multicast?


  • One-to-many communication
  • Driven by receivers (On the contrary, unicast is driven by senders)
  • A multicast “group” is identified by a multicast IP address
  • Without multicast, sender must duplicate each packet
  • Analogy: TV and radio broadcasting

Components of multicast

  • Multicast addressing
    • Group addresses range from 224.0.0.0 to 239.255.255.255 (class D addresses)
    • Mac addresses range from 01-00-5E-00-00-00 to 01-00-5E-7F-FF-FF
  • Multicast group management (IGMP)
  • Multicast routing (Protocol Independent Multicast or PIM) and IGMP querying
  • Unicast routing (OSPF, IS-IS, RIP) is needed for PIM
  • Multicast clients that receive multicast traffic/streams

Multicast use cases

  • One-to-many corporate communications such as
    • Employee training videos
    • Quarterly company meetings
    • Company-wide corporate communications
    • Executive announcements
  • Music/media streaming
  • Video podcasts
  • IPTV services
  • One-to-many software updates/patches
  • Social networking (Facebook, Twitter feeds, Instagram)
  • Financial services, banks, stock exchange
  • Government/Federal agencies
  • RTP (Real Time Protocol) applications

State of Multicast in OpenStack

  • No multicast available out-of-the-box
  • Open vSwitch 2.5 (virtual L2 switch) supports IGMP snooping (Open vSwitch)
  • Linux Bridge 2.4 (virtual L2 switch) supports IGMP snooping (https://wiki.linuxfoundation.org/networking/bridge)

    • For brN, the settings can be found under /sys/devices/virtual/net/brN/bridge.

      • multicast_snooping

  • Neutron virtual router (L3-Agent) does not support multicast routing, PIM and querying
  • No CLI or API to configure multicast
  • Multicast cannot be configured in the Horizon GUI
  • Anti-spoofing rules and security groups drop multicast packets
  • No plugin support/architecture for multicast

How to deploy Multicast in OpenStack?

  • Enable IGMP snooping in OVS/Linux bridge
  • Add rules to allow multicast UDP port in security groups
  • Disable neutron port-security for ports in multicast path
  • Use neutron’s --allowed-address-pairs attribute and allow multicast group's destination IP address and MAC addresses
  • SR-IOV ports may also be used
  • Three recommended network architectures to deploy Multicast in OpenStack:
    • Use provider networks without neutron router (L3-agent) and do multicast and unicast routing on upstream L3 devices connected to TOR outside OpenStack
    • Use Cisco’s ASR1k plugin for neutron instead of L3-agent
    • Use Cisco’s ACI and APIC driver for neutron

Using provider networks without neutron router (L3-agent)

  1. Don’t use Neutron-L3-Agent  (OpenStack’s virtual router not used)
  2. Neutron does not route any multicast or unicast traffic
  3. Use Neutron provider network
    1. Use lab-routable public VLAN configured on top-of-rack switches
    2. Use lab's router outside OpenStack
    3. Use lab's gateway outside OpenStack
  4. Attach Nova instances directly to provider network with no neutron router
  5. Configure multicast routing / PIM and unicast routing (OSPF) on the lab upstream router (N9k)
  6. OVS does IGMP snooping
  7. Multicast source sends multicast UDP streams
  8. PIM on lab's upstream router (N9k) forwards multicast packets to OpenStack VMs
  9. Nova VMs receive/consume multicast streams

prov_net.png

prov.png

Use Cisco’s ASR1k plugin for neutron instead of L3-agent

  1. Use Cisco’s ASR1k plugin for OpenStack Neutron instead of neutron-L3-agent
    1. GitHub - openstack/networking-cisco: Cisco Vendor Code for Neutron
  2. Neutron-L3-Agent (OpenStack’s virtual router) not used
  3. ASK1k plugin does both unicast and multicast routing
  4. Two ASR1000s used in VPC pair
  5. Neutron talks to ASR1k using Cisco’s config agent (using NETCONF)
  6. Neutron does not route any multicast or unicast routing traffic
  7. Configure multicast routing / PIM and unicast routing (OSPF) on the ASRs
  8. OVS does IGMP snooping
  9. Multicast source sends multicast UDP streams
  10. PIM on the ASRs forwards multicast packets to OpenStack VMs
  11. Nova VMs receive/consume multicast streams


asr1k.png


ACI and APIC driver for neutron


aci.png


UCSM multicast policy


ucsm1.png


ucsm2.png


ACI/APIC multicast policy


aci_pol.png


Multicast for media applications


  • Cisco’s video conferencing apps:
    • Telepresence
    • Webex
    • Jabber
  • Cisco’s video and collaborations apps:
    • Virtualized Video Processing (V2P)
    • Videoscape AnyRes
    • IPTV devices
    • video encoders
    • video surveillance
  • VLC player http://www.videolan.org/projects/multicat.html

Multicast limitations

  • IGMP snooping degrades performance of layer-2 switch
  • High bandwidth multicast traffic degrades unicast routing
  • Needs plugin (ASR1k, APIC) integration with neutron
  • Best-effort and out-of-sequence delivery (UDP is unreliable)
  • Lack of TCP windowing results in network congestion
  • Duplicate packets and occasional loops when unicast routing is broken

Multicast testing tools

Multicast talk I gave at Cisco Live in Las Vegas in 2016

Multicast in OpenStack

Hope this blog is helpful to anyone deploying Multicast with OpenStack using Cisco's Nexus9000 and UCS!

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


Cisco Cloud Native resources:

Popular Articles
Customers Also Viewed These Support Documents