View
251
Download
3
Category
Preview:
Citation preview
Cisco Defined Openstack
김형수부장 / hyungsok@cisco.com
Cisco Systems Korea
5th Feb 2015
Cisco Confidential 2
© 2014 Cisco and/or its affiliates. All rights reserved.
• Openstack @ Cisco
• Solutions for Openstack
• Group Based Policy with Openstack
• Demo
Contents
• OpenStack Foundation 골드멤버
• 50명이상의개발자가 Neutron, Nova, Horizon, Cinder, Ceilometer컴포넌트에서적극적으로활동
• 70여개이상의 Blueprints 제안
• Advanced work in:
• Neutron plugins: Nexus, ACI, Open Daylight,
• IPv6, NFV, ML2, SRIOV
• Group Based Policy
• Intelligent Solver Scheduler
• Kolla containers
Cisco’s Commitment and Contributions
Juno: Neutron LOCS
Cisco Confidential 4
© 2014 Cisco and/or its affiliates. All rights reserved.
• Cisco 서비스 (external)
• WebEx
• Project Squared
• Cisco IT 서비스 (internal)
• Cisco Cloud Service
• Cisco 제품에포함된 Openstack
• Cisco Modeling Lab
• APIC Enterprise Module
Cisco’s Openstack use cases
OpenStack Solutions for Cisco Unified Systems
새로운제품 : Cisco UCS Integrated Infrastructure for Red Hat OpenStack Platform
(UCSO 혹은 UCS Openstack)
• Starter
• Advanced
• Advanced ACI얻을수 있는 이점
• 빠른 Openstack 배포
• UCS를통한투자비절약
• 검증된디자인을통한위험감소
• 인터클라우드를 위한준비된환경제공
• 정책기반관리기능(ACI)
www.cisco.com/go/ucsopenstack
Starter Edition, Functional Architecture
Red Hat
Cisco
OpenStack Cloud APIs
Inkta
nk C
ep
h(B
lock S
tora
ge
)Nova(Computing)
Hypervisor(KVM)
Neu
tro
n(N
etw
ork
ing)
Hea
t(O
rch
estr
atio
n)
Ceilo
me
ter
(Te
lem
etr
y)
Cin
de
r(V
olu
me
s)
Ke
ysto
ne
(Id
en
tity
)
Red Hat OpenStack Dashboard (Horizon)
Gla
nce
(Im
age
)
하드웨어인프라 : Cisco UCS C-Series, Cisco UCS Fabric Interconnects,and Cisco Nexus 9000 Series
운영체제 : Red Hat Enterprise Linux 7.0
Hardware Components
제품 설명 Qyt 기능
N9K-C9396PX Cisco Nexus 9396 in
Cisco NX-OS mode
1 L2/L3 TOR스위치
UCS-C220-M3S Cisco UCS C220 랙서버
2 관리노드및네트웍노드
UCS-C220-M3S Cisco UCS C220 랙서버
4 VM을위한컴퓨터노드
UCS-C240-M3S Cisco UCS C240 랙서버
3 Ceph스토리지서버
UCS-FI-6296 Cisco UCS fabric
interconnects, 96-port
model
2 UCS랙서버를위한집중화된관리기능과배포기능을제공함
8
© 2014 Cisco and/or its affiliates. All rights reserved.
• Automation을간단하게하자!
• 의도를선언적으로표현 ( Puppet, Chef 와유사 )
• 정책 : 금연, 주차금지, 서비스제공계약서
Group Based Policy
Group A Policy C Group B제공사용
멤버 멤버
Use Case: 3-Tier App
어플리케이션서버웹서버
어플리케이션DB
사용자DB
결제서비스
모니터링서비스
모니터링서비스v2
기존응용프로그램
외부네트웍
금융 방화벅
로드밸런서방화벽
Group Based Policy Model
Group: 동일한 end point 집합. 보통하나의어플리케이션역할
Policy Rules Set: Classifier와Action들의조합으로 Group이어떻게통신하는지정의
Policy Classifier: 트래픽필터(프로토콜, 포트, 방향)
Policy Action: 조건에맞을때수행하게될행위 ( 허용, 리다이렉트,
복사 )
Service Chains: Group간에연결된네트웍서비스
L2 Policy: L2 스위치범위에서의규정/정책
L3 Policy: L2 Policy나 subnet을포함하는분리된 L3 주소에서적용되는규정/정책
L3 Policy
Policy
Rules Set
Policy Rule
Policy Rule
Service Chain
Classifier Action
Classifier Action
L2 Policy
Group
Policy
Target
Policy
Group
Policy
Target
L2 Policy
provide consume
Node Node
GBP 적용: 3-Tier App
어플리케이션서버
앱서버룰셋
웹서버
웹서버룰셋
어플리케이션DB
앱 DB 룰셋
사용자DB
사용자 DB 룰셋
결제서비스
결제룰셋
모니터링서비스
모니터링룰셋
모니터링서비스v2
기존어플리케이션
외부그룹
금융 서비스 체인
로드밸런서방화벽
GBP가네트웍서비스를
체인으로표현
제공/사용 사용/
제공
사용
Cisco’s Group Based Policy Implementation
ACI 패브릭
Non-Blocking Penalty Free Overlay
App DBWeb
외부(Tenant VRF)
QoS
Filter
QoS
Service
QoS
Filter
Application
Policy
Infrastructure
Controller
APIC
ADCAPP DBF/W
ADCWEB
연결정책보안정책
QOS
대역폭가용성
스토리지컴퓨팅
APP
L4-L7
서비스
SLA
QoS
보안
L4 – L7APPLICATION
NETWORK PROFILE
Extensible Scripting Model
HYPERVISORHYPERVISOR HYPERVISOR
APIC
Cisco APIC - Policy Based Operation
Contract Contract Contract
DBAPPWEBADC
F/W
ADC
Group Policy
OVS Driver
Neutron
Networking
APIC Group Driver
W
ebW
eb
W
eb
W
eb
A
pp
A
ppD
BD
B
HYPERVISOR HYPERVISOR HYPERVISOR
• Openstack Neutron 통한 Policy
API 확장
• Policy API는 Cisco APIC과연동
• 기본 Nexus Plugin 호환성제공
• Juno 버전에서사용가능
• Horizon 내 Group Policy 메뉴추가
GBP with APICAPIC Driver (ML2)
https://wiki.openstack.org/wiki/GroupBasedPolicy/InstallCiscoACI
APIC Integration Live Demo
Recommended