Feeds

HP: OpenStack's networking nightmare Neutron 'was everyone's fault'

Cloud brains at HP, Red Hat, Piston, spill beans on the weak link in the OpenStack cloud

Internet Security Threat Report 2014

OpenStack Summit HP has admitted that the networking component of OpenStack sucks, and that the community needs to have a serious think about how to develop it in the future.

The enterprise IT company's chief operating officer for cloud, Saar Gillai, told El Reg on Tuesday that the reason why OpenStack's "Neutron" system has had so many problems is "we approached it as the community wrong."

Neutron is the OpenStack project's "networking-as-a-service" technology which is meant to help administrators create, configure, and manage software-defined networks.

The tech is a core project, and its stability is absolutely crucial for the creation of large infrastructure-as-a-service clouds based on OpenStack.

Neutron is based on Quantum, which was contributed into the project by Nicira. Nicira was then acquired by VMware, and the company's members continue to make contributions into the tech. Many original users of Quantum paired it with Nicira's "NSX" plug-in, which made use of the company's software-defined networking tech.

Unfortunately, when using Neutron without the NSX plug-in, it had serious problems.

"This is the only project where we required a third-party [component] to be whole," explains Red Hat's director of product management for its virtualization business unit, Andrew Cathrow. "The challenge really was that Neutron really grew up around one vendor, and when people were talking about Neutron they were really talking about Nicira."

HP ran into this weakness when building its own public cloud service. The problems were so severe that HP was forced to rewrite the networking component of OpenStack for its own cloud, Gillai confirmed. "We ran into [Neutron's problems] on public cloud and that's why we stayed off of mainline [OpenStack] for a long, long time," he explains. Now, with HP Helion, the company is trying to develop a stock OpenStack distribution based on the main community brand and fix networking along the way.

The Neutron problem was that the type of problems HP runs into only happen at very large scale, and so many smaller production deployments of OpenStack didn't experience these issues. But as the tech limbers up for significant production deployments, Neutron's problems are becoming more and more apparent, causing users to complain at a user panel for the tech held on Monday.

"It was everyone's fault," Gillai says. "I think the community understands that in the next 12 months a lot of work will be done. We ran into [Neutron problems] hot and heavy in our public cloud. It's something that has to get solved. It will require vendors to step aside and accept they've got to follow the OpenStack way of doing things."

Neutron's problems are both endemic to its own design, and software-defined networking systems that it plugs into.

"We tried supporting a bunch of the commercial software-defined networks [in Neutron]," explained Piston Cloud Computing's chief technology officer Joshua McKenty in a chat with El Reg. "The theory was, 'is it just the open vSwitch in Neutron is crap?' – [but] even the commercial ones aren't where they need to be."

The problem is that the community "focused on shiny layer four through seven features" at the expense of base networking tech, McKenty said.

"I expect in the next twelve months Neutron will get better," Gillai says. "It's a big problem, I agree. To some extent you could argue it stayed this way because, quote unquote, people could get away with it. At the end of the day it's now caused enough problems at customers that we have to go fix it."

Gillai's comments are echoed by Red Hat. "We've got all the vendors in the ecosystem acknowledging it," said Red Hat's Cathrow. "I feel positive about the future."

In many ways, Neutron's failure and planned rebirth are a metaphor for OpenStack as a whole, with the tech promising too much at the start, becoming overly dependent on vendors, and only being fixed when paying punters started to confront its weaknesses. As the OpenStack collective learn these lessons the hope is that they will run into fewer errors, and perhaps make good on their plan to provide a viable cloud operating system to telcos and other businesses.

"We have to look back and learn the lessons about when things leave incubation, and I believe those decisions have been learnt," Cathrow said. "We all carry scars from those decisions." ®

Internet Security Threat Report 2014

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
VMware's tool to harden virtual networks: a spreadsheet
NSX security guide lands in intriguing format
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.