OpenStack and the Transformation of the Data Center

Lew Tucker, VP/CTO Cloud Computing, Cisco @lewtucker

OpenStack Summit – Atlanta, May 2014

2016 20202017

71% of apps will run on virtual

machines

2/3 of all mobile

traffic will be video

50 billion connected devices

The Growth of the Internet Is Impacting All Aspects of IT

More data created this year than in the past

50002012

Mobile

Internetof

Things

New Breed of Apps

IT World Becoming Increasingly Complex

Systems of

Record to

Systems of

Engagement

- Geoffrey Moore

http://www.slideshare.net/rstrad1/moore-digitalimpact

Devices Collaboration

Software & Apps

NetworkIT Infrastructure

& Platform Services

Internet of Things to Internet of Everything

Smart Grid Smart Buildings

Smart Factories

SF City ParkingSpaces

(open source data)

Connecting, sensing, measuring, and controlling in real time improves reliability, cost, and alignment of supply and demand

New Technologies Driving a Virtuous Cycle of Innovation

BIG DATA

INTERNET OF THINGS

Volume Velocity Variety

Design It

Code It Where Can We Put It?

Procure It Install It Configure It

Secure It

Push It

The Promise of Cloud ComputingFrom 8 Weeks to 15 Minutes

Continuous Deployment

… with Elastic Scaling

06 07 08 09 10 11 12 130%

100%Datacenter Spending (%) Over Time

Server Spending Standalone Servers - Mgnt & AdminVirtual Servers - Mgnt & Admin Power & Cooling Expense

Source: IDC, 2011 “New Economic Model for the Datacenter”

• Operating expenses represent over 80% of data center spending

• OpEx increase driven by server virtualization

• New models are needed

Management (OpEx) Expenses Growing

IT Administrators Face a Tidal Wave of Innovations

Network Functions Virtualization

OpenStack

Programmability

OpenFlow

Virtualization

Abstraction Orchestration

Cloudification

Data Centers

Network OS

Hypervisor

Automation

And the Data Centerskeep Growing

OpenStack Heralds the Creation of a New Layer in Software Stack That Spans the Entire Data Centers

Unified Compute, Storage, Networking Infrastructure - Physical + Virtual

OpenStack Network Service

OpenStack Compute Service OpenStack Storage Service

User App-1

User App-2

UserApp-3

PaaS Service

User App-3

Puppet

Ansible

Git GerritJenkins

Software and Automation – Driving Speed and Agility

Software-Defined Networking – Overlay Networking

Servers

VPNs/Public Internet

Edge Routers

Scale Out Core

. .. .

Virtual Access Layer

vSwitch

OpenStack Platform: Services and APIs

NovaCompute

HeatOrchestration

Glance Image

Storage

SwiftStorage

NeutronNetworking

KeystoneSecurity

OpenStack Design PrincipleBuilt as a set of loosely coupled, related projects developing advanced cloud services

• Each service driven by community projects with contributions from many companies

• Easier for innovation through addition of new services

• Small number of core services

• Larger number of associated services

Meanwhile, a Revolution Was Happening in Networking…

OpenFlow

• Protocol which would allow software running on servers to direct the flow of packets in a network

• Separation of control and data planes

ServerVirtualization

• Created need

for virtual switches on each server

• Vmware, Cisco Nexus 1000v, Open vSwitch

VirtualizedNetworkServices

• Firewall, load-balancing, VPN

• Network service orchestration

NetworkController

• Lots of activity around creating new SDN controllers

• Open source projects: Open Daylight

Network Functions Virtualization (NFV) Provides Dynamically Scalable Services

AT&T, BT, Orange, Telecom Italia, Telefonica, Telstra, Verizon…

OpenStack Networking Evolved

Nova Networking

• Simple, flat networking• Contained within Nova

service• Difficult to accommodate

rapid changes happening in networking

Neutron Networking

• Treat networking as a separate service

• Designed to hide specific vendor/technology implementation choices from the developer’s APIs and abstractions

• Being extended to include network services and heterogeneous environments

OpenStack Neutron Networking Service

Network Service (Neutron) API

Network ServiceNetwork abstraction definition and management

No actual implementation of abstraction

Plugin API

API Extensions

Vendor Plug-InsLinux Bridge, Open vSwitch, Cisco, Big Switch, Brocade, Cloudbase, Mellanoz, Midonet, NEX, PLUMgrid, Ryu, Vmware NSX ….

Vendor/User Plug-In

Implementation of abstractions

Virtual or physical

Extended APIs

OpenStack Neutron ML2 Architecture

Neutron Server

DHCP Agent

L3 Agent

Message Queue

REST API

Neutron Core plugins

Type Drivers Mechanism Drivers

Neutron Service plugins

• Core + Extension REST APIs

• Message queue for communicating with neutron agents

• Core and service plugins

• Different vendor core plugins

• Different network technology support

• ML2 plugin with type and mechanism drivers

• Service plugins with backend drivers

IPTables on

Network Node

Core APINetwork Port Subnet

Resource and Attribute Extension APIProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS ….

L2 Agent

OVS on Compute

Southbound Interfaces

Futures

OpenStack Neutron ML2 Architecture

Neutron Server

REST API

Neutron Core plugins

Type Drivers

Mechanism Drivers

Neutron Service plugins

• Core + Extension REST APIs

• Message queue for communicating with neutron agents

• Core and service plugins

• Different vendor core plugins

• Different network technology support

• ML2 plugin with type and mechanism drivers

• Service plugins with backend drivers

Core APINetwork Port Subnet

Resource and Attribute Extension APIProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS ….

Southbound Interfaces

Futures

Neutron Networking for Tenant Isolation

Networks

Tenant Networks

Admin Provider Networks

vSwitch

ToR/Fabric

vSwitch, ToR

vSwitch

Network Type Network Segmentation Scheme for Tenant Isolation

Device Implementing Network Segmentation Scheme

Direct Device Configuration

Device Configuration

through Controller

Neutron Plugin/Driver

Neutron Networking for Layer 3 Services

Networks

Tenant Networks

Admin Provider Networks

Linux Host

Service VM’s

Provisioned

Externally

Network Type

Device implementing Advanced Service

Direct Device Configuration

Device Configuration

through Controller

Neutron Plugin/Driver

vSwitch, ToR

Routers

Neutron Resource

Neutron Cisco CSR1000v for Neutron VPN Service

VMs on Compute

CSR1Kv VM

Neutron Server

Neutron Service Plugin (VPN)

Cisco VPN Service Driver

VPN Agent

Cisco VPN Device Driver

REST API

Benefits

• CSR1Kv secure VPN qualified solution

• Unlock rich CSR1Kv features into OpenStack

Router

10.1.0.4

10.1.0.1

172.24.4.11

10.2.0.4

Router

Network

10.2.0.1

172.24.4.21

CSR1Kv

172.24.4.23

10.2.0.6

Site to Site IPsec Tunnel

CSR1Kv

172.24.4.13

Private networkPrivate network

Public NetworkPublic Network

Site1 Site2

Server Virtualization

Virtual Switches

Storage Virtualization

NetworkVirtualization

Network Function

Virtualization

VMs and Containers

Network Controllers

Object Storage Services

Block Storage Services

OpenStack Platform for the New Data Center

OpenStack Cloud Platform Services

ApplicationsUser Apps System Apps

Orchestration

Provisioning Metering MonitoringIdentity

System administration apps and services orchestrating the infrastructure – YES

User-facing applications?

Is there an easier way to realize developer’s intent without becoming a network administrator?

Do Applications Really Want to Program the Network?

Typical 3-Tier Application Design Pattern

Web Tier

Web ServerVM

PublicInternet

App ServerVM

MemCacheVM

App-Server Tier

DatabaseVM

Database Tier

Want to connect web servers to public Internet, while blocking outside access to application and database servers

Load Balance Across Web Servers Protect VMs with Security Group Rules

Create Networks, Routers

Developer’s Intent: Control Access, Direct Traffic

Web Tier

Web SvrVM

PublicInternet

App SvrVM

MemCacheVM

App Server Tier

DataBaseVM

Database Tier

Policy PolicyPolicy

PerformanceSecurityScalabilityAvailability

Consistency, Repeatability

Group-based Policy Abstractions Developed by the Community

https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction

Blueprint Contributors:• Nuage, Juniper, IBM, Big Switch, One Convergence, Red Hat, Mirantis, Midokura,

EXTENDING OPENSTACK NEUTRON API’S

NEUTRON ROUTER

SECURITY GROUP

NEUTRON NETWORK

Neutron API Group Policy API

Tenant Tenant

Use Existing Neutron APIs with APIC and Cisco ACI

Contract

SERVICE CHAIN

Group Policy introduces a new API that maps to the ACI policy model

SEPARATING TENANT POLICIES FROM OPERATIONS

ACI Admin(Manages Network

Operations and Infrastructure)

EPG APP

EPG DBF/WL/B

EPG WEB

Application Network Profile

Create Application Policy

5 ACI Fabric

Push Policy

OpenStack Tenant

(Manages Tenant and Application

State only)

Instantiate VMs

Web WebWebWeb AppApp4

Create Application Network Profile

HYPERVISOR HYPERVISOR HYPERVISOR

NOVANEUTRON

Automatically Push Network Profiles to AFC

EPG APP

EPG DBF/WL/B

EPG WEB

Application Network Profile

Application Policy Infrastructure Controller

OPENSTACK + CISCO’S APPLICATION POLICY CONTROLLER

NEUTRON ROUTER

SECURITY GROUP

Web WebWebWeb AppApp DB DB

NEUTRON NETWORK

Web WebWebWeb AppApp DB DB

Contract Contract Contract

DBAPPWEBADC

F/WADC

APIC PluginAPIC Plugin OVS Plugin

NeutronNetworking

APIC PluginGroup Policy

Plugin OVS Plugin

NeutronNetworking

APIC PLUGIN GROUP POLICY PLUGIN

https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction

Thursday, May 15: 1:30 – 2:10

B309IBM, Cisco,

Midokura

Wednesday, May 14:3:30-4:10B309

KEY SESSIONS: NEUTRON NETWORKING IN AN APPLICATION-CENTRIC WORLD

Closing Thoughts

The Landscape has changed

We’ve moved from mainframes with dumb terminals to cloud-based apps, smart phones, and devices

Cloud-native apps at scale span multiple availability zones and geographies

Any app, anywhere, any device

The Vanishing Data Center and the InterCloud

Multi-tenancy, dynamic provisioning, and elasticity is the new normal

Applications are continuously deployed and released

DevOps turns infrastructure into code

Data centers are becoming nodes in a larger, global graph

Computing and distributed storage is moving to the edge

How will this change the concepts of traditional networks?

What is meant by a cloud when they themselves become part of an Intercloud?

Thank you.

OpenStack and the Transformation of the Data Center - Lew Tucker

Technology

Chemical Reactions - Lew 2008

INTERPRETACION PRUEBA DE ESFUERZO TRINA MARTIN MARIA de LEW TRINA MARTIN MARIA de LEW

Liberty University v. Lew

ANUPDATEONOSM TOTHENFVRG · PDF file•Environmentbased"on"Mininet/Containernet ... OpenStackNewton OpenStackNewton OpenStackKilo OpenVIM OpenStack+ODL OpenStack+ODL OpenStackMitaka

Tołstoj Lew - Anna Karenina

Четырехлетие OpenStack - Mirantis OpenStack Overview

Letter from Lew Fidler

Quantum: What it is and Where its going Lew Tucker VP/CTO Cloud Computing Cisco Systems, Inc. @lewtucker

BARBICAN NOVA CHEF OPENSTACK OPENSTACK CHARMS CINDER OPENSTACK-ANSIBLE · 2019-02-26 · openstack charms openstack-ansible oslo packaging-deb packaging-rpm puppet openstack quality

TUCKER COUNTY, WEST VIRGINIA - Downstream Strategies€¦ · Trust Fund, Tucker ounty ommission, Tucker ounty Development Authority, and Tucker ounty Planning ommission. We acknowledge

Ben-Hur - Lew Wallace

OpenStack: Time is Now - Lew Tucker

6 Lew Frankfort

2010 Lew Electric Catalog

GDL OpenStack Community - Openstack Introduction

Ksero Na Lew Oxi

Tucker High1929 Tucker High Aerial 1961

Kaba Lew Sky

Lew, Laura

Commercials issue - americanradiohistory.com...Commercials issue y ' I N LEW RIFFORD LEW GIFFORD What's happening where the action is P k 6 LEW GIFFORD PADLIIIEft LEW GIFFORD PfZUL