Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
1 January 16, 2014
Dynamic Service Chaining
OpenStack Meetup, Jan 2014
Jan Lindblad, Tail-f
2 January 16, 2014
About Tail-f
• 90+ customers since foundation in 2005 • Roughly equal numbers in US, Europe and Asia
• HQ in Stockholm, US Office in Santa Clara
• Software products company targeting • Service Providers
• Enterprise Data Centers • Network Equipment Vendors
• Strong activity in standardization
3 January 16, 2014
About the Presenter
Jan Lindblad is the Principal Solutions Architect at Tail-f Systems where he advises on the design of devices and network management solutions. He is a device and network management system expert with extensive knowledge in information and data modeling in Yang, XML Schema, UML and interfaces include carrier class Command Line Interface (CLI), NETCONF, WebUI and SNMP.
Jan is an active member of TeleManagement Forum (TMF), Internet Engineering Task Force (IETF), Service Availability Forum (SAF). For more than 25 years, he has worked as developer, applications engineer and product manager for IBM, Ericsson, Enea. Jan received his Masters in Computer Science from the Royal Institute of Technology (KTH) in Stockholm, 1995. He has taught hundreds of training classes in various programming languages, operating systems, high availability, and network management and acted as long term Swedish government industry advisor for the Vinnova program on Advanced Software Technology (ASTEC).
4 January 16, 2014
Use Case: VPN with Service Chaining
Internet
Customer
C POP 2
Customer
B
Customer
C POP 1
FW
IDS WAN ACCEL
APP FILTER
Customer
A
To sell a bit-‐pipe is nice.
To sell a bit-‐pipe plus value added services is nicer.
If you can scale.
Service Provider
5 January 16, 2014
Use Case: VPN with Service Chaining
How would you implement this? • with short time to market • in existing networks • consisting of multiple-vendors • across multiple technology
domains • providing end-to-end visibility
from customer to network resources • and back from resources to
customer and SLA
• allowing gradual introduction of future technologies like OpenFlow • permitting service changes with
minimal network impact • automatically cleaning up unused
resources at service retirement • in a highly-available
configuration • at low cost
Traffic Shaper IPS/IDS
Content Filtering
WAN acceleration Firewall
A
B
A
B
6 January 16, 2014
Use Case: VPN with Service Chaining
Traffic Shaper IPS/IDS
Content Filtering
WAN acceleration Firewall
A
B
A
B
Implement service chain and configure flow route: -‐ Policy based rouMng -‐ OpenFlow applicaMon
Set up flow on each L4-‐L7 device
Set up flow on each L4-‐L7 device
Select L4-‐L7 devices and set up flow on each: -‐ Many brands available -‐ Physical or virtual
ImplementaMon steps and opMons:
Once setup, what if a parMcular service chain needs to be reconfigured? Or decommissioned?
What if the VPN service definiMon is
upgraded with more opMons?
What if one of the service chain
devices is replaced with a different brand device?
That’s enough to add flows. Maybe also think about the life-‐cycle?
So how can SDN and OpenFlow help us?
7 January 16, 2014
SDN Architecture
Forwarding Layer
Distributed mulM-‐protocol flow forwarding
Network OperaMng System Layer
Logically centralized, transacMonal, global
device model
SpecificaMon Layer
Logically centralized, transacMonal, global specificaMon model
www.slideshare.net/marMn_casado/sdn-‐abstracMons
SDN Inventors and Gurus Casado, Shenker, McKeown, Koponen, et al. describe the SDN architecture like this:
8 January 16, 2014
SDN Specification Layer
Flow Profile Name: HQDC Inbound From Networks: Internet To Networks: 116.54.16.128/26 Reserved bandwidth: 2.5 Gb/s QoS profile: RealMme SLA Level: Gold WAN Accelera@on Content filtering Office SAP Citrix Backup Skype Video File Transfer Firewall
VPN Service AcMvaMon Portal: Add Flow
✓
✓
✓ Configure… Cancel AcMvate
9 January 16, 2014
Service Application: Model-to-model mapper
Traffic Steering Device Model
Port: unique integer 0..47 Src: IP-‐address/mask Dst: IP-‐address/mask
AcMon: drop | output(N) | …
Firewall Device Model
Src: IP-‐address/mask Dst: IP-‐address/mask Port: integer 1..65535 AcMon: drop | allow
Service ApplicaMon
VPN Service Model
Flow Profile Name: unique string From Networks: [ IP-‐address/mask ] To Networks: [ IP-‐address/mask ] Reserved bandwidth: integer > 0 Key SDN ProperMes
• Logically centralized APIs
• Model-‐to-‐model mapping
• Transac@ons
VPN Service AcMvaMon Portal: Add Flow
✓ ✓
✓ Configure… Cancel AcMvate
db
Nice if APIs, UIs, DB schemas are rendered from service model
10 January 16, 2014
Service ApplicaMon
Network-‐wide Transac@on
In Out
1 6 2 7 3 8 4 9 5 10
Service Application executing Network-wide Transaction
Customer B
Internet
Rule #117: Src=*, Dst=116.54.16.128/26, Port=80, AcMon=allow
Rule #118: Src=*, Dst=116.54.16.128/26, Port=*, AcMon=drop
Rule #46: Port=1, Src=*, Dst=116.54.16.128/26, AcMon=output(6)
Rule #47: Port=7, Src=*, Dst=116.54.16.128/26, AcMon=output(8)
Customer A
Network OperaMng System
11 January 16, 2014
Network-‐wide Transac@on
Network Operating System executing Network-wide Transaction
Rule #46: Port=1, Src=*, Dst=116.54.16.128/26, AcMon=output(6)
Rule #47: Port=7, Src=*, Dst=116.54.16.128/26, AcMon=output(8)
Ope
nFlow
Cisco CLI
NETCO
NF
Cisco CLI
Rule #117: Src=*, Dst=116.54.16.128/26, Port=80, AcMon=allow
Rule #118: Src=*, Dst=116.54.16.128/26, Port=*, AcMon=drop
Rule #46: Port=1, Src=*, Dst=116.54.16.128/26, AcMon=output(6)
Rule #47: Port=7, Src=*, Dst=116.54.16.128/26, AcMon=output(8)
Rule #117: Src=*, Dst=116.54.16.128/26, Port=80, AcMon=allow
Rule #118: Src=*, Dst=116.54.16.128/26, Port=*, AcMon=drop
Network OperaMng System Key SDN properMes • Transac@ons
extend to devices • Model-‐to-‐
mul@ple protocols • Device type,
vendor and protocol irrelevant to operators and network apps
12 January 16, 2014
SDN and OpenFlow
Controller Controller Controller
Behavior
Ope
nFlow
Ope
nFlow
Network OperaMng System
Ope
nFlow
Service Chaining OSPF Learning
Switch
Behavior Behavior
Key SDN properMes • Controller
implements a specific behavior
• In NOS, each behavior appears as a device type
• Pure OpenFlow networks are and will remain rare
• New OpenFlow behaviors very convenient for solving specific network problems
13 January 16, 2014
Tail-f NCS solution: SDN and OpenFlow controller
14 January 16, 2014
Branches
NCS use case: • Dynamic control of L3-L7
devices using service-oriented network API
• Service chaining using OpenFlow
• Virtualized appliances
Business drivers: • Value-added services to
enterprise customers • More agile and dynamic
service provisioning
NCS
Core/Edge (Data Center)
SW HW
Asia Tier 1 SP: Managed Services for Enterprise customers
HW HW
SW
SW
SW SW
SW
SW
15 January 16, 2014
SDN Use Case: Service Chaining
Traffic Shaper IPS/IDS
Content Filtering
WAN acceleration Firewall
Network Element Drivers OpenFlow Controller Cluster
Device Manager
Service Manager
Tail-f Network Control System
Device Models
Service Models
Network-wide CLI, WebUI
Flowlets
Flowlets
Flowlets
NETCONF, REST, Java
Network Engineer
Management Applications
Flowlet Models
A
B
A
B
16 January 16, 2014
SDN Technology Summary
SDN is about Network Evolvability, splitting the Network Problem into manageable pieces The Specification Layer, a.k.a. Service Layer provides a business-level interface for operators and applications. The interface
• is logically centralized to hide the complexities of distributed systems • feeds a model-to-model mapping taking high-level concepts to specific device objects
• is transactional to protect operators and applications from having to deal with the complexities of error recovery and activation orchestration
The Network Operating System Layer provides a device-level interface for operators and applications. The interface
• is transactional to protect from error recovery and activation orchestration complexity • feeds a model-to-multiple protocols mapping where device type, vendor and
management protocol is irrelevant to operators and applications
The Forwarding Layer can be controlled through OpenFlow or traditional protocols like Cisco CLI
• In reality there is a mix of traditional and OpenFlow devices
• Speaking multiple device protocols is key in real networks
• All device behaviors are described with device data models
17 January 16, 2014
NCS and OpenStack DEMO
18 January 16, 2014
OpenStack data center setup
Core MPLS Network DC 2 DC 1
Compute0 node
• Two data centers • Mesh network • Cisco routers • Cisco and Dell
switches • Preconfigured MPLS
core
Compute1 node Compute2 node
19 January 16, 2014
OpenStack data center setup
• Two OpenStack nodes
1. Node: Compute0
• Is both the OpenStack controller and a compute node
• Connected to interface GigabitEthernet 0/2 on switch Catalyst0
2. Node: Compute1
• Connected to interface GigabitEthernet 0/10 on switch Dell0
3. Node: Compute2
• Connected to interface GigabitEthernet 0/3 on switch Catalyst2
• ML2 VLAN type driver
• ML2 NCS mechanism driver
20 January 16, 2014
The reason for us doing SDN is that we can program services instead of re-architecting the network and the OSS for every new service. We are not necessarily interested in programming the network, but programming the network services is key for us - this concept drastically reduces our time to market from years to weeks.
- Axel Clauberg VP & CTO, Deutsche Telekom (the TeraStream project)
Customer Quote: DT TeraStream SDN Goal
21 January 16, 2014
22 January 16, 2014
Further information
Service Provider Links (Deutsche Telekom, AT&T) • www.pipelinepub.com/webinars • www.layer123.com/download&doc=ATT-SDN-
Virtualization_Webinar_final SDN Links • www.nec-labs.com/~lume/sdn-reading-list.html • www.youtube.com/watch?v=YHeyuD89n1Y • www.slideshare.net/martin_casado/sdn-abstractions NETCONF & YANG Links • www.tail-f.com/education/what-is-netconf • www.tail-f.com/education/what-is-yang
Tail-f Links • www.tail-f.com/education