Dynamic Service Chaining - Meetupfiles.meetup.com/6229612/Tail-f SDN OpenStack Meetup.pdf · 2014-01-16 · January 16, 2014 3 About the Presenter Jan Lindblad is the Principal Solutions

1 January 16, 2014

Dynamic Service Chaining

OpenStack Meetup, Jan 2014

Jan Lindblad, Tail-f

2 January 16, 2014

About Tail-f

•  90+ customers since foundation in 2005 •  Roughly equal numbers in US, Europe and Asia

•  HQ in Stockholm, US Office in Santa Clara

•  Software products company targeting •  Service Providers

•  Enterprise Data Centers •  Network Equipment Vendors

•  Strong activity in standardization

3 January 16, 2014

About the Presenter

Jan Lindblad is the Principal Solutions Architect at Tail-f Systems where he advises on the design of devices and network management solutions. He is a device and network management system expert with extensive knowledge in information and data modeling in Yang, XML Schema, UML and interfaces include carrier class Command Line Interface (CLI), NETCONF, WebUI and SNMP.

Jan is an active member of TeleManagement Forum (TMF), Internet Engineering Task Force (IETF), Service Availability Forum (SAF). For more than 25 years, he has worked as developer, applications engineer and product manager for IBM, Ericsson, Enea. Jan received his Masters in Computer Science from the Royal Institute of Technology (KTH) in Stockholm, 1995. He has taught hundreds of training classes in various programming languages, operating systems, high availability, and network management and acted as long term Swedish government industry advisor for the Vinnova program on Advanced Software Technology (ASTEC).

4 January 16, 2014

Use Case: VPN with Service Chaining

Internet

Customer

C POP 2

Customer

B

Customer

C POP 1

FW

IDS WAN ACCEL

APP FILTER

Customer

A

To sell a bit-‐pipe is nice.

To sell a bit-‐pipe plus value added services is nicer.

If you can scale.

Service Provider

5 January 16, 2014


How would you implement this? •  with short time to market •  in existing networks •  consisting of multiple-vendors •  across multiple technology

domains •  providing end-to-end visibility

from customer to network resources •  and back from resources to

customer and SLA

•  allowing gradual introduction of future technologies like OpenFlow •  permitting service changes with

minimal network impact •  automatically cleaning up unused

resources at service retirement •  in a highly-available

configuration •  at low cost

Traffic Shaper IPS/IDS

Content Filtering

WAN acceleration Firewall

A

B

A

B

6 January 16, 2014



Content Filtering


A

B

A

B

Implement service chain and configure flow route: -‐  Policy based rouMng -‐  OpenFlow applicaMon

Set up flow on each L4-‐L7 device

Set up flow on each L4-‐L7 device

Select L4-‐L7 devices and set up flow on each: -‐  Many brands available -‐  Physical or virtual

ImplementaMon steps and opMons:

Once setup, what if a parMcular service chain needs to be reconfigured? Or decommissioned?

What if the VPN service definiMon is

upgraded with more opMons?

What if one of the service chain

devices is replaced with a different brand device?

That’s enough to add flows. Maybe also think about the life-‐cycle?

So how can SDN and OpenFlow help us?

7 January 16, 2014

SDN Architecture

Forwarding Layer

Distributed mulM-‐protocol flow forwarding

Network OperaMng System Layer

Logically centralized, transacMonal, global

device model

SpecificaMon Layer

Logically centralized, transacMonal, global specificaMon model

www.slideshare.net/marMn_casado/sdn-‐abstracMons

SDN Inventors and Gurus Casado, Shenker, McKeown, Koponen, et al. describe the SDN architecture like this:

8 January 16, 2014

SDN Specification Layer

Flow Profile Name: HQDC Inbound From Networks: Internet To Networks: 116.54.16.128/26 Reserved bandwidth: 2.5 Gb/s QoS profile: RealMme SLA Level: Gold WAN Accelera@on Content filtering Office SAP Citrix Backup Skype Video File Transfer Firewall

VPN Service AcMvaMon Portal: Add Flow

✓

✓

✓ Configure… Cancel AcMvate

9 January 16, 2014

Service Application: Model-to-model mapper

Traffic Steering Device Model

Port: unique integer 0..47 Src: IP-‐address/mask Dst: IP-‐address/mask

AcMon: drop | output(N) | …

Firewall Device Model

Src: IP-‐address/mask Dst: IP-‐address/mask Port: integer 1..65535 AcMon: drop | allow

Service ApplicaMon

VPN Service Model

Flow Profile Name: unique string From Networks: [ IP-‐address/mask ] To Networks: [ IP-‐address/mask ] Reserved bandwidth: integer > 0 Key SDN ProperMes

•  Logically centralized APIs

•  Model-‐to-‐model mapping

•  Transac@ons

VPN Service AcMvaMon Portal: Add Flow

✓ ✓

✓ Configure… Cancel AcMvate

db

Nice if APIs, UIs, DB schemas are rendered from service model

10 January 16, 2014

Service ApplicaMon

Network-‐wide Transac@on

In Out

1 6 2 7 3 8 4 9 5 10

Service Application executing Network-wide Transaction

Customer B

Internet

Rule #117: Src=*, Dst=116.54.16.128/26, Port=80, AcMon=allow

Rule #118: Src=*, Dst=116.54.16.128/26, Port=*, AcMon=drop

Rule #46: Port=1, Src=*, Dst=116.54.16.128/26, AcMon=output(6)


Customer A

Network OperaMng System

11 January 16, 2014

Network-‐wide Transac@on

Network Operating System executing Network-wide Transaction



Ope

nFlow

Cisco CLI

NETCO

NF

Cisco CLI







Network OperaMng System Key SDN properMes •  Transac@ons

extend to devices •  Model-‐to-‐

mul@ple protocols •  Device type,

vendor and protocol irrelevant to operators and network apps

12 January 16, 2014

SDN and OpenFlow

Controller Controller Controller

Behavior

Ope

nFlow

Ope

nFlow

Network OperaMng System

Ope

nFlow

Service Chaining OSPF Learning

Switch

Behavior Behavior

Key SDN properMes •  Controller

implements a specific behavior

•  In NOS, each behavior appears as a device type

•  Pure OpenFlow networks are and will remain rare

•  New OpenFlow behaviors very convenient for solving specific network problems

13 January 16, 2014

Tail-f NCS solution: SDN and OpenFlow controller

14 January 16, 2014

Branches

NCS use case: •  Dynamic control of L3-L7

devices using service-oriented network API

•  Service chaining using OpenFlow

•  Virtualized appliances

Business drivers: •  Value-added services to

enterprise customers •  More agile and dynamic

service provisioning

NCS

Core/Edge (Data Center)

SW HW

Asia Tier 1 SP: Managed Services for Enterprise customers

HW HW

SW

SW

SW SW

SW

SW

15 January 16, 2014

SDN Use Case: Service Chaining


Content Filtering


Network Element Drivers OpenFlow Controller Cluster

Device Manager

Service Manager

Tail-f Network Control System

Device Models

Service Models

Network-wide CLI, WebUI

Flowlets

Flowlets

Flowlets

NETCONF, REST, Java

Network Engineer

Management Applications

Flowlet Models

A

B

A

B

16 January 16, 2014

SDN Technology Summary

SDN is about Network Evolvability, splitting the Network Problem into manageable pieces The Specification Layer, a.k.a. Service Layer provides a business-level interface for operators and applications. The interface

•  is logically centralized to hide the complexities of distributed systems •  feeds a model-to-model mapping taking high-level concepts to specific device objects

•  is transactional to protect operators and applications from having to deal with the complexities of error recovery and activation orchestration

The Network Operating System Layer provides a device-level interface for operators and applications. The interface

•  is transactional to protect from error recovery and activation orchestration complexity •  feeds a model-to-multiple protocols mapping where device type, vendor and

management protocol is irrelevant to operators and applications

The Forwarding Layer can be controlled through OpenFlow or traditional protocols like Cisco CLI

•  In reality there is a mix of traditional and OpenFlow devices

•  Speaking multiple device protocols is key in real networks

•  All device behaviors are described with device data models

17 January 16, 2014

NCS and OpenStack DEMO

18 January 16, 2014

OpenStack data center setup

Core MPLS Network DC 2 DC 1

Compute0 node

•  Two data centers •  Mesh network •  Cisco routers •  Cisco and Dell

switches •  Preconfigured MPLS

core

Compute1 node Compute2 node

19 January 16, 2014

OpenStack data center setup

•  Two OpenStack nodes

1.  Node: Compute0

•  Is both the OpenStack controller and a compute node

•  Connected to interface GigabitEthernet 0/2 on switch Catalyst0


•  Connected to interface GigabitEthernet 0/10 on switch Dell0


•  Connected to interface GigabitEthernet 0/3 on switch Catalyst2

•  ML2 VLAN type driver

•  ML2 NCS mechanism driver

20 January 16, 2014

The reason for us doing SDN is that we can program services instead of re-architecting the network and the OSS for every new service. We are not necessarily interested in programming the network, but programming the network services is key for us - this concept drastically reduces our time to market from years to weeks.

- Axel Clauberg VP & CTO, Deutsche Telekom (the TeraStream project)

Customer Quote: DT TeraStream SDN Goal

21 January 16, 2014

22 January 16, 2014

Further information

Service Provider Links (Deutsche Telekom, AT&T) •  www.pipelinepub.com/webinars •  www.layer123.com/download&doc=ATT-SDN-

Virtualization_Webinar_final SDN Links •  www.nec-labs.com/~lume/sdn-reading-list.html •  www.youtube.com/watch?v=YHeyuD89n1Y •  www.slideshare.net/martin_casado/sdn-abstractions NETCONF & YANG Links •  www.tail-f.com/education/what-is-netconf •  www.tail-f.com/education/what-is-yang

Tail-f Links •  www.tail-f.com/education

Documents

Dynamic Service Chaining - Meetupfiles.meetup.com/6229612/Tail-f SDN OpenStack Meetup.pdf · 2014-01-16 · January 16, 2014 3 About the Presenter Jan Lindblad is the Principal Solutions