network-introspector to facilitate testing and debugging

Registered by Kirill Shileev

The initial motivation behind this proposal was to have the ability to test and debug IPv6 related code in neutron and its plugins. The OpenStack scenario testing done by tempest runs a number of test suites from outside the cloud, which means that the only way to inspect packets is to inject sniffers in the control nodes. Note that a devstack installation is a special case because it deploys all services locally, thus providing access to all control interfaces.
Injection is inconvenient for normal cloud deployments since the injector needs to be instrumented with su credentials for all the control nodes involved.

The network introspector will be a useful tool during the development of network related components of OpenStack itself. In addition, it will have several benefits in the operations field:

 - Debug and troubleshoot sophisticated network topologies, especially when a number of advanced external appliances are in use (e.g. vendor switches and/or controllers).

 - View network statistics and monitor networking components.

- Use the insights to find ways to optimize network topologies for the deployment at hand.

- Provide metrics for intelligent nova schedulers, for example one that deploys instances using data affinity information.

The network introspector will be implemented as an ML2 driver for Neutron. The initial implementation will most likely be a Python wrapper for tcpdump, allowing the capture of IPv4 and IPv6 protocol packets. The implementation would provide an Neutron API extension.

A typical network introspector workflow might look like this:

 1. A client uses OpenStack admin credentials to obtain a session token from Keystone.

 2. The client uses the Neutron API extension to register a task to introspect a given number of packets, with some filters (like interfaces and protocols) applied.

 3. The client may poll (using the Neutron API extension) for the status of a registered introspecting task.

 4. The client gets the resulting JSON (or binary if requested) data using the Neutron API extension when the introspecting task completes.

The network introspector API will be implemented as a Neutron API extension, available only to the cloud admin role.

In its default mode the network introspector would support existing open source mechanisms, but it will have a pluggable driver framework to allow for vendors to submit introspector plugins for their devices.

Blueprint information

Kirill Shileev
Needs approval
Kirill Shileev
Series goal:
Not started
Milestone target:
Completed by
Armando Migliaccio

Related branches




Work Items

This blueprint contains Public information 
Everyone can see this information.