Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Door don't - there is no try ;consistentnetworking viaSDNinOpenStackAndreasRoeder– Nuage;Christoph Torlinsky - [email protected] ;[email protected],2016
@roeder_andreas
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
IntroductionWhatisallofthisabout?
3/18/16
2
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
AboutNuage Networks§ Nuage isaEuropeanstartupwithofficesintheSiliconeValley
§ AnNokiabackedventurefocusedondatacenterandbranchofficenetworkevolution
fortheSoftwareDefinedCloudComputingWorld
§ CreationofanAbstraction&Automation layerbetweennetworking decouplingHardware
§ APIandPolicynetworkingdesign reflectingbusinessdirectives,notnetwork
§ ActiveinmanydiverseNetworkingForumsandOpenSourceProjects
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
CurrentstateofnetworkinginOpenStack
Whatarewetryingtoaddress?
3/18/16
4
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/18/16
5
OVSPluginvs.NuageVRS(insertedonKVMHypervisors)NeutronDatapath onCompute– SDNInsertion
GREEncapsulated
br-int
br-tun
patch-tun
patch-int
PortVLAN:10 PortVLAN:20
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
qbra
qvba
vneta
qvoa
qbrb
qvbb
ventb
qvob
qbrc
qvbc
vnetc
qvo
gre-10.0.0.1
eth0
TAPDevice
veth pair
LinuxBridge
Open vSwitch
ConfiguredbyNovaCompute
ConfiguredbyNeutronL2Agent
o TenantswillbeseparatedbyinternalassignedVLANS
o VLANS will bemappedegresstowardsGREtunnelswhichareuniquebytunnelID
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
tapa tapb tapc
alubr0
VXLANEncapsulated
eth0
Policy DrivenConfigurationfrom
Nuage VSP
OVSDatapath(supportsL2only)
NuageDatapath(supportsdistributedL2,L3,FloatingIP,…)
PHYPort
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/18/16
6
DatapathDifferentiationtoNeutronwithNuage
br-intint-br-ext
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
qbra
qvba
vneta
qvoa
qbrb
qvbb
vnetb
qvob
qbrc
qvbc
vnetc
qvoc
TAPDevice
veth pair
LinuxBridge
Open vSwitch
VM3TenantB
eth0
qbrd
qvbd
vnetdPHYPort
qvod
br-ext
phy-br-ext
InternalRouterNamespace
qr-f qr-g
IP IP IP IP
IP IP
qr-fqrouter-yInternalRouterNamespace
qr-h qr-jIP IP
qr-n qrouter-z
FloatingIPNamespace
qfloat-x qf-nqr-m
qf-x
br-tun
int-br-tun1
int-br-tun1
FlowTableentry
FlowTableentry
DVRAGENT(Enhanced L3
Agent)
PrivateNetwork
eth1
Public Network
eth0
Ext-IP
alubr0VRS
(SingleOVSbridge)
o SingleOVSBridgeo IsFlow-Basedo PerformsFirewalling,
Switching,Routing,NAT,…
o ProcessesARP,DHCPLOCALLY
o NoDedicatedNetworkNodeforo non-DVRcase:
Routing,DNAT,SNAT,DHCP
o DVRcase: SNAT,DHCP
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
ComputeNodeComputeNode
ComputeNode NetworkNode
br-int
qbr..
3/18/16
7
NeutronL3Datapath inOpenStack
VM1TenantA
VM2TenantA
A Q
B
C
qbr..
R
S
D T
br-tun
E
F
G br-tunH
br-intJ
I
M O
dhcprouter
PN
Kbr-ext L
ML2OVS/NetworkNode
VM1TenantA
VM2TenantA
A B
VM1TenantA
VM2TenantA
C D
alubr0 alubr0
VRS-GSoftwareGW
alubr0
HardwareGW
alubr0
VXLAN VXLANVXLAN
VXLAN
NuageVSP
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
NeutronServer
RabbitMQ
L3Agent
OVSAgent
MetadataProxy
MetadataAgent
Keepalived
OVS
dnsmasq
NetworkNode
OVSAgent
OVS
ComputeNode
RabbitMQ
MySQL
Nuage ArchitectureDifferentiationo Neutron requireshighDatabasereadandwriteoperations andMessaging(RabbitMQBottlenecks)
o SincethereisNOseparatecontrolplane,Neutronserverhastodealwitheverycomputenodewithoutanyoffload
o Nodatabaseinquirycachesupported fortheDatabasewhichtremendouslyincreasedDatabasereadpressure
o SQLAlchemydesigninneutroncode addsDatabasepressure andMetadatacachinginefficiency
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Sinlge SDNAPIforadiverseApplications
ItsnotjusttheVMandOpenStack anymore,isit?
3/18/16
9
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Physicalservers VirtualMachines Containers PublicCloud
VSP=Policy-DrivenVirtualizedNetworkingforallEnvironments
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Same policies andtemplates canbeused across anyendpoint:OpenStack VMs,Containers,PaaS or Physical
DOCKERContainers KVMVirtualMachines Physical &Baremetals
L2Service “SQL”with Security“Medium”,nopublic access,QoS “Gold+”
L3Service “FrontEnd”with Security“High”,NAT,BW=10Mbps,QoS “Silver”
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Nuage SDNArchitectureHowwecandoallofthat?
3/18/16
12
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
VSD
API / REST / Python / GO…
VSDVSD
VSC VSCBGP
XMPP
ESXi KVMVRS VRS
BM
VTEP
DCI
Hyper-VVRS
XENVRS
XLC / Docker
VRS
Nuage DetailedArchitecture
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
TypicalNuage Usecases§ ConvergedDatacenter(MultipleSites,MultipleCMS,
MultipleWorkloadFormfactors)onpremise/offpremise§ Microsegmentation§ Desaster recovery§ P2V/V2Vmigration§ Devops§ NGDataCenter FabricAutomation
3/18/16
14
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
UseCases:
3/18/16
15
CloudInfrastructureFramework
FWaaS
LBaaS
(X)aaSIntegrationFramework
HybridCloudConnect
VPNaaS
ProgrammableDataPlane
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
DemoOverview1/2
3/18/16
16
§ SetupbasedonRedHat OSP6togetherwithNuage 3.2R4
§ NonHASetup
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
DemoOverview2/2§ SetupbasedonCentoswithdocker:1.8.2-7.el7.centos
3/18/16
17
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Demo/QnA
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Thevspk and associated tools are available onGitHub andPyPI: https://github.com/nuagenetworks
Nuage NetworksCommunityandForums
+
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/18/16
20
https://www.openstack.org/summit/austin-2016/summit-schedule/
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/18/16
21
THANKYOU