Copyright 2013 Alcatel-‐Lucent. All rights reserved. @ssneddon
Sco= Sneddon Principal Architect, APAC Business Development Lead Nuage Networks
Scalable and Enterprise Ready Neutron Networking
§ Compute is Virtualized
§ Available in Minutes
§ Network is ParGally Virtualized
§ ConfiguraGon takes Days/Weeks
Network ConfiguraGon
Compute Management
New Tenant / ApplicaGon Request
Auto-‐instanGaGon
Compute Request completed in
Minutes Help Desk Change Control
IP Address
VLAN Address
Firewall Configuration
LAN (VLAN) Configuration
WAN (IP) Configuration
Security / QA Team
Project Coordinator
Network Change completed in days/Weeks
00:01
Datacenter Network
Service velocity is hindered by manual network process
§ Network is “more” virtualized
§ API’s give is a programmaGc configuraGon interface
§ Could introduce new complexiGes
§ Could introduce some performance and scale issues
Network ConfiguraGon
Compute Management
New Tenant / ApplicaGon Request
Auto-‐instanGaGon
Compute Request completed in
Minutes
Network API
Some Network Change completed In Minutes
00:01 00:01
So@ware Defined Datacenter Network
Service velocity accelerated, but…
§ Commi=ees sGll build “networks”
§ Audits/reviews
§ In a NaaS environment (OpenStack Neutron, AWS, etc) this is delegated to the tenant
§ Is this what your DevOps team should be doing?
Network ConfiguraGon
So@ware Defined Network ConfiguraEon
We’ve only addressed part of the automaEon problem
DevOps Team
VLAN Address
IP Address
WAN (IP) Configuration
Firewall Configuration
Network Configuration created in days/Weeks
§ Current Neutron Networking provides building blocks to create logical topologies § Networks, Ports, Subnets ,Routers, Security Groups
neutron net-‐create web neutron subnet-‐create web 10.0.0.0/24 neutron router-‐create router1 neutron router-‐add-‐interface router1 web …
§ Not abstracted into a consumable model
OpenStack Neutron Networks
web
VM VM VM VM VM VM
app db
Puts the burden of topology design on the DevOps team
§ DevOps has an understanding of the specific applicaGon needs § SegmentaGon, Port numbers, ConnecGvity goals
§ Should not be burdened with the implementaGon details § Routes, Subnets, VLANs
The DevOps team needs an Abstracted view The Neutron Group Based Policy Extension addresses this
A DevOps View
web
VM
VM
VM
app
VM
VM
VM
web
VM
VM
VM
Policy approach to networking
Policy Templates
Users
ApplicaGon Types
Business Rules
Policy EvaluaGon
Firewall
Firewall
W
BL BL
W
Firewall W W
Firewall
Firewall
W
BL BL
W
Firewall
Firewall
W
BL BL
W
BL BL
Design once, re-‐use mulEple Emes
ApplicaGon Networks
ApplicaGon-‐centric
Nuage templates and role-‐based workflow
Compute Management
Tenant / ApplicaGon Request Networking
Security/ Compliance
Service velocity is not hindered by manual network process
Auto-‐instanGaGon
Compute Request completed in Minutes
00:01
IP Address
WAN interconnect
Policy/Security Zones
L2 /L3 Service AD
Network Change Completed automatically
Service chaining
Template->Instances
Cloud Service Management Plane
Datacenter Control Plane
Datacenter Data Plane
Virtual RouGng & Switching
Nuage Networks Virtual Services PlaPorm Network virtualizaGon and automaGon
Virtualized Services Directory
Virtualized Services Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter -‐ Zone 1
Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analyGcs
Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich rouGng feature set
Virtual RouEng & Switching (VRS) • Distributed switch / router – L2-‐4 rules • IntegraGon of bare metal assets
Nuage Networks Virtualized Services PlaPorm (VSP)
IP Fabric
Edge Router
MP-‐BGP
MP-‐BGP
Hardware GW for Bare Metal
Openness (Choice)
Performance & Deployability
(Mission CriEcal, Brownfield)
Policy AbstracGons (Happy Users, Happy IT)
Requirements for a producEon OpenStack Network
Performance & Deployability
• Scalable Security Groups
• Flow performance
• Convergence performance
• IntegraGon of BMS and exisGng DCs
• Distributed L3 service on Nuage 7850 VSG
• 3rd Party Gateway IntegraGon Openness (Choice)
Performance & Deployability
(Mission CriEcal, Brownfield)
Policy AbstracGon (Happy Users, Happy IT)
OpenStack Neutron Networking
• OVS Plugin programs Open vSwitches to create virtual layer-‐2 and layer-‐3 networks.
• Only requirement for physical network is IP connecGvity for transport of virtual networks.
• DHCP servers and virtual routers (per subnet) are spun up on a neutron network node and patched in via tunnels to compute node.
VM VM
Nova Compute Neutron Network Node
Router FW/NAT
DHCP
(dnsmasq)
IntegraGon bridge
VM
Tunnel bridge
Bridge Bridge Bridge
Neutron-‐OVS-‐Agent
VM VM
Nova Compute
IntegraGon bridge
VM
Tunnel bridge
Bridge Bridge Bridge
Neutron-‐OVS-‐Agent
Tunnel bridge
IntegraG
on brid
ge
br-‐ext
Neutron-‐L3-‐Agent
Neutron-‐DHCP-‐Agent
Neutron-‐OVS-‐Agent
Datacenter IP Fabric
Logical Network Drawing
Router FW/NAT
VM VM VM
VLAN 1 VLAN 2 VLAN 3 VM VM VM
Internet WAN
OVS Plugin
GRE Tunnel
OpenStack Neutron Architectural Gaps
• CongesGon issues – External traffic – Traffic between subnets -‐ such as traffic between applicaGon Gers
• Security groups (ipchains) require an addiGonal linux bridge in between the VM and the integraGon bridge adding latency and reducing performance.
VM VM
Nova Compute Neutron Network Node
Router FW/NAT
DHCP
(dnsmasq)
IntegraGon bridge
VM
Tunnel bridge
Neutron-‐OVS-‐Agent
VM VM
Nova Compute
IntegraGon bridge
VM
Tunnel bridge
Bridge Bridge Bridge Bridge Bridge Bridge
Neutron-‐OVS-‐Agent
Tunnel bridge
IntegraG
on brid
ge
br-‐ext
Neutron-‐L3-‐Agent
Neutron-‐DHCP-‐Agent
Neutron-‐OVS-‐Agent
Datacenter IP Fabric
Logical Network Drawing
Router FW/NAT
VM VM VM
VLAN 1 VLAN 2 VLAN 3 VM VM VM
Internet WAN
OVS Plugin
• Nuage VSP agent with OVS = dVRS
• Distributed rouGng, switching, filtering, and NAT
• VxLAN overlay to create virtual L2 and L3 networks.
• Only requirement is IP transport.
Nova Compute Nova Compute
Datacenter IP Underlay Network
Logical Network Drawing
Router FW/NAT
VM VM VM
VLAN 1 VLAN 2 VLAN 3 VM VM VM
Internet WAN
VM VM VM VM VM VM
dVRS dVRS
VSC VSC
Neutron with Nuage VSP Plugin
• No congesGon issues All traffic takes a direct path reducing congesGon, lowering latency, and providing consistent applicaEon performance.
• East/West between local VM’s can be routed locally.
• East/West between VM’s on different hosts sent directly.
• North/South traffic is sent directly to a PE/GW router.
Nova Compute Nova Compute
Datacenter IP Underlay Network
Logical Network Drawing
Router FW/NAT
VM VM VM
VLAN 1 VLAN 2 VLAN 3 VM VM VM
Internet WAN
dVRS dVRS
VSC VSC VM VM VM VM VM VM
Advantages of Nuage / Neutron SoluEon
Nuage Control/Policy Performance
• Openstack performance – 75K VMs in 8 hours (or avg 2.5 VMs/
second)
• Customer test – 65K VMs, restart networking
• Results – Another SDN soluGon: 1 hour bring-‐
up, ~ 18 VMs/second – Nuage SDN: 8 min bring-‐up
~ 135 VMs/second
Cloud Service Management Plane
Datacenter Control Plane
Datacenter Data Plane
Virtual RouGng & Switching
Virtualized Services Directory
Virtualized Services Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
IP Fabric
MP-‐BGP
Openness
• Major OpenStack distribuEons • Nuage plugin for Juno
• Advanced mode support
• Nuage VRS with naGve OVS kernel
• OpenStack DistribuGon partners
• ExisEng DCs • 3rd party GW integraGon
• MulG Cloud support
• Security and other Services • 3rd party Appliances, IPAM integraGons
Openness (Choice)
Performance & Deployability
(Mission CriEcal, Brownfield)
Policy AbstracGon (Happy Users, Happy IT)
Customers in the driving seat
EXISTING DATACENTER NETWORK
. . . .
Any Cloud Management System
Any Datacenter Network Infrastructure
Any Server or Hypervisor or Container
Nuage is commided to an Open, Best of Breed Ecosystem
ESXi KVM Docker
XEN
BareMetal
LXC
Consistent capabiliEes across all plaPorms
Policy AbstracEon – Happy Users, Networking/Security Admins
• IT focused ApplicaGon Designer
• Policy primiGves & UI extensions
• Appliance IntegraGon framework
• Service chain designer
• Networking/Security Controls
• In the hands of qualified people
• Extensions for plugins
Openness (Choice)
Performance & Deployability
(Mission criEcal, Brownfield)
Policy AbstracGon (Happy Users, Happy IT)
Front End
DNS ProducEon Domain
Mgmt
Puppet
Internet
Front End
Business logic
Internet
Front End
Business logic
Private Cloud Requirements: ApplicaEon friendly abstracEons
Hypervisor
Hypervisor
Hypervisor
DC1
ESXi
IP Backbone
DC2
BMS
Gateway
SDN must serve ApplicaEon networking needs
Hypervisor
Hypervisor
Hypervisor DC1
KVM
Overall Policy/OrchestraGon
Front End
DNS QA
Domain
Mgmt
Puppet
Internet
Front End
Business logic
Internet
Front End
Business logic
Front End
DNS Development
Domain
Mgmt
Puppet
Project 1 Project n
Shared Services Internet
Front End
Business logic
Internet
Front End
Business logic
Nuage App Designer Demo…
Openness (Choice)
Performance & Deployability
(Mission CriEcal, Brownfield)
Policy AbstracGons (Happy Users, Happy IT)
Nuage Networks Virtualized Services PlaPorm
Delivering ProducEon Ready Neutron Networks
Room 212/213 (Level 2)
11:15 -‐ 11:55 -‐ Hybrid your Cloud with Numergy and Nuage 12:05 -‐ 12:45 -‐ Nuage Networks: OpenStack Neutron and Private Clouds 14:00 -‐ 14:40 -‐ Nuage Networks: Pets, Cadle and Herding Dogs
Nuage Networks at the OpenStack Summit
24 11/4/14
Thank You!
@nuagenetworks
@ssneddon