Embed Size (px)
Citation preview
Developing, Deploying, and Consuming L4-7 Network Services in an OpenStack Cloud
Hands-On Workshop, OpenStack Summit, Austinhttps://wiki.openstack.org/wiki/GroupBasedPolicy/Austin
Sumit Naiksatam, Igor Duarte Cardoso, Hemanth Ravi, Ivar Lazzaro, Jason Plank, David Grizzanti
Agenda1. Intro + Workshop logistics - Sumit, 5 mins
2. OpenStack *aaS services and SFC in Neutron and GBP - Igor, 10 mins
3. GBP Intro + Service Chain consumption workflow (tenant API) - Sumit, 20 mins
4. Service Chain deployment workflow (Operator API) - Ivar, 20 mins
5. BYOF - Service Developer workflow - Hemanth, 20 mins
6. HA for Services + Sungard Production setup tour - David, 10 mins
7. Q/A
LogisticsWorkshop Resources:
https://wiki.openstack.org/wiki/GroupBasedPolicy/Austin
Workshop Guide:
https://goo.gl/EwAJeg
Contains lab access information
Also, GBP devstack available to practice after workshop
OpenStack *aaS services and SFC in Neutron and GBP
OpenStack *aaS services and SFC in Neutron and GBP
OpenStack *aaS services and SFC in Neutron and GBP
OpenStack *aaS services and SFC in Neutron and GBP
OpenStack *aaS services and SFC in Neutron and GBP
● VPNaaS, FWaaS, LBaaS
● GBP can easily instantiate them
● GBP can also chain them
● Instantiation/configuration and chaining/plumbing are not coupled
● Other drivers or plumbers can easily be introduced
Policy Based Service Lifecycle Management
Group Based Policy Model
Resource Model
Resource Model
1-2-3 Easy!1. Define service chains using simple
commands/UI
2. Create Application Policy to redirect
to service chain
3. Groups provide & consume
Application Policy, done!
Consuming - Tenant Workflow
Workshop Goal
Web
FW+ LB
HTTPExternal-World App
LBHTTPDB
FW(3306)TCP
External Group PRS Service
ChainInternal Group V
M
Deploying - Operator Workflow
Separation of ConcernsOperators do this once: So that Users only have to do this:
Operator Workflow
Provide basic infrastructure constructs your cloud’s Tenants, so that they don’t have to worry about them.
● External Connectivity Policies
● Service Chain Policies
● Application Contracts
Operator Workflow
Provide basic infrastructure constructs your cloud’s Tenants, so that they don’t have to worry about them.
● External Connectivity Policies
● Service Chain Policies
● Application Contracts
External Connectivity● Neutron External Network
● Neutron Subnet
● External Segment
● Nat Pool
Service Chain● Network Service Policy
● Service Profile
● Service Chain Node
● Service Chain Spec
● Policy Action
● Policy Rule
Developing - Service Developer WorkflowBYOF - Bring Your Own Function!
Develop Firewall Service on a VM
fw-consumer
fw-provider
FW(allow icmp + ssh)
TCP
PRS Service Chain
Internal Group V
M
Service VMService
VMService VM
Service Lifecycle Management Framework - NFP
GBPService Chaining
Network Function
Orchestrator
Tenant (Over-the-cloud)
RPCNamespace
Proxy
Network Plugin Framework (NFP)
Infra (Under-the-Cloud)
RPC
REST
NFP Framework Features● Provides orchestration, configuration and visibility for Network Functions● Rendering of Service Chains via GBP NB APIs
○ NFP orchestrates Network Function Devices○ NFP renders Network Functions
● Network Function Management South Bound REST APIs○ Service Insertion for configuring Interfaces & Routes○ Service Configuration○ Service Health Monitoring
● Any L2, L3, L4-7 Network Function can be supported ○ BYOF! (“Bring your own Function”)
HA for Services
Sungard Availability Services● Target Market
○ 80% mid-to-large enterprise customers
● Typical Customer○ Shrink wrapped applications○ Looking for a mix of self-managed and Sungard AS managed offerings
● Platform Expectations○ Cloud Native & Traditional Networking models○ Above the hypervisor services (per tenant FW, LB, VPN)○ Service-chaining
Thank You
