Embed Size (px)
Citation preview
Copyright2015Alcatel-Lucent.Allrightsreserved.Copyright2015Alcatel-Lucent.Allrightsreserved.
AristaandNuageNetworks:BuildingCloudDatacenterswithOpenStack
MeetupLondonCityUK-November17th2015
Copyright2015Alcatel-Lucent.Allrightsreserved.
Agenda
§ Nuage/SDNIntro–whoweareandwhatwedo§ NuageVSP§ AristaandNuage=AwesomeCloudScale§ NuagevsNaLveOVSinOpenStack§ Demo§ Conclusion
Copyright2015Alcatel-Lucent.Allrightsreserved.
NuageNetworks
So;wareDefinedNetworking
Internet
Cloud Technologies Networking at scale Policy Based Solutions
ProvenbysuccesswithEnterprisesandServiceProviders
§ LeaderinSoOwareDefinedNetworkingfocusingonbestofbreed,opensoluLons
§ Alcatel-Lucentventure(EU)
§ HeadquarteredinMountainView,CA–SiliconValley
§ “nuage” = Cloud in French
VPN VPN
KVM/XEN LXC/Docker
ESXi
nuagenetworks
11/30/15
3
Copyright2015Alcatel-Lucent.Allrightsreserved.
§ Cloudischangingthewaytechnologyisbeingconsumed
§ From“orderandwait”
§ To“instantgraMficaMon”
ConsumerexpectaMonsareshi;ing
MulLpleUsers/Consumers
SingleUser
On-demandpersonalizedcatalog
The“ConsumpMonshi;”
11/30/15
4
Copyright2015Alcatel-Lucent.Allrightsreserved.
MajorTrendsUnderway
->Buildprogrammable&automatedIaaS/PaaSforallworkloads,CloudCompuLngModelsandSoOwareDefiniLon->ProvideIaaSandSecureVPCServices->SovereignClouds->DifferenLatefromAWS,Azure,Google
->CentralizedApps&hyper-distributedusersrequireRETHINKofbranchnetworkconnecLvity&services->Provideself-managed,lowcostVPNservices->Upsellnetworkservices
->Automated,AgilecloudtoconnectvirtualizedNetworkFuncLons,DevOpsSoOwareDeliveryLifeCycle->CPUintensiveNetworkFuncLonsareidealcandidatesasVNFs->LeveragewebscalearchitecturesandBigDatatoolsforAnalyLcs
PRIVATE&PUBLICCLOUDS NFVCLOUDS BRANCHCONNECTIVITY
BusinessAgility->MassiveAutomaMon+HighlySimplifiedOperaMons
MajorTrendsUnderway
Copyright2015Alcatel-Lucent.Allrightsreserved.
CurrentDataCenterNetwork
§ Computeisvirtualized
§ Availableinminutes
§ NetworkisparLallyvirtualized
§ ConfiguraLontakesdays/weeks
NetworkConfiguraLon
ComputeManagement
ApplicaLonOrchestraLon
HelpDeskChangeControl
IPAddress
VLANAddress
FirewallConfiguraLon
LAN(VLAN)ConfiguraLon
WAN(IP)ConfiguraLon
Security/QATeam
ProjectCoordinator
Networkchangecompletedindays/weeks
Servicevelocityishinderedbymanualnetworkprocess
Auto-instanLaLon
Computerequestcompletedin
minutes
00:01
AUTOMATIONCurrentDataCenterNetwork
Copyright2015Alcatel-Lucent.Allrightsreserved.
ComputeManagement
Tenant/ApplicaLonRequestNetworking
Security/ Compliance
Auto-instanLaLon
Compute Request completed in Minutes
00:01
IP Address
WAN interconnect
Policy/Security Zones
L2 /L3 Service AD
Network Change Completed automatically
Service chaining
Template->Instances
NuageTemplatesandRole-BasedWorkflowNewAutomaMngandSecuringtheDCNetwork
11/30/15
7Servicevelocityisnothinderedbymanualnetworkprocess
nuagenetworks
Copyright2015Alcatel-Lucent.Allrightsreserved.
Core
AggregaLon
ToR
vSwitch
Servers
NetworkOverlay
VxLA
N
§ Whenworkloadsaredeployed,physicalnetworkinfrastructureneedstobeprovisioned§ Timeconsuming,errorprone,equipmentspecific,etc.
§ IntroducingvSwitchremovestheneedtoconfigurethephysicalequipment–wethenonlyuseitfortransport
§ NetworkoverlaysaredynamicallycreatedusingVxLAN“tunnels”accordingtotheNetworkpoliciesofeachworkload
NuageversusTradiMonalNetworking ABSTRACTION
Copyright2015Alcatel-Lucent.Allrightsreserved.
NuageVSP–theArchitecture
Copyright2015Alcatel-Lucent.Allrightsreserved.
NuageNetworksVSPArchitectureandProtocolOverview
VirtualizedServiceDirectory(VSD)PolicyControlPlane
VirtualizedServiceController(VSC)NetworkControlPlane
VirtualRouLng&Switching(VRS)ForwardingPlane
Hypervisor
XMPP
Cloudband
Management/PolicyPlane/Templates
ControlPlane
ForwardingPlane
NuageNetworksVirtualizedServicesPlajorm
VirtualServicesDirectory
VirtualServicesController
DecoupledForwardingFromControlPlane
MP-BGPFederatedcontrolplaneAcrossdomains/DC
DecoupledControl&Policymanagement
REST
VRS
Hypervisor
VRS
Hypervisor
VRS
Hypervisor
VRS
VSDUI/RESTAPIVSDUI/RESTAPI
IPFabricOpenFlow+OVSDB
Linux
Copyright2015Alcatel-Lucent.Allrightsreserved.
VirtualizedServicesDirectory(VSD)–APIandmore…
IPTraffic
XMPP
VirtualizedServicesDirectory(VSD)
• VIRTUALMACHINEBASED• SERVICEDEFINITION• POLICYESTABLISHMENT• SERVICETEMPLATING• ANALYTICSENGINE&
REPORTING
NETWORKS
SECURITY
QoS
STATISTICS
ZONEPOLICIES:WEBACCESSBACKENDLOGICETC.
CRMAPP:-VM“80MBPS–REALTIME”
THRESHHOLDALARM
UI
UI
RESTAPI
MessageBus
Domain
Zones
Subnets
Policies
VPNPublicInternet
VirtualizedServicesDirectory
VirtualizedServicesController
VirtualRouLng&Switching
Hypervisor
Copyright2015Alcatel-Lucent.Allrightsreserved.
• VIRTUALMACHINEBASED• SDNCONTROLLER• POWEREDBYSERVICE
ROUTEROPERATINGSYSTEM(SROS)
• PEERING&FEDERATION• AUTO-DISCOVERY• TENANTSLICING
VirtualizedServicesController(VSC)
SROSBASEDSMNP/CLIBGP/IGP
SERVICEMGRForwardingdBRIB/FIB
XMPP
Std.ProtocolControlpathtoVRS
Messagebusfor:EventNoLficaLonsPolicyPush
Security
LoadBalancing
IPTraffic
XMPP
VirtualizedServicesDirectory
VirtualizedServicesController
VirtualRouLng&Switching
Hypervisor
VirtualizedServicesController(VSC)–ControlPlane
Copyright2015Alcatel-Lucent.Allrightsreserved.
L2orL3
(VLAN,VXLAN,GRE)
VirtualRouLngandSwitching(VRS)
VRS-H*
VRS-G
VRS-X
VRS-V
CitrixXENHypervisors
VMwarevSphereHypervisors
MicrosoOHyper-VHypervisors
GatewayforBareMetalServers&Appliances
KVMHypervisors
VRS-K
SupportforBrandXHypervisor
VRS-?
L2-L4VIRTUALSWITCH• OPENV-SWITCHBASED• PROVIDESBOTHVXLAN
ANDMPLSoGRETUNNELENCAPSULATIONOPTIONS
• PROGRAMMEDTHROUGHOPENFLOWFROMVSC,ENCAPSULATESVMFLOWINTOPREFERREDPROTOCOL(L2ORL3)
• DETECTSVMINSTANTIATIONANDTEARDOWN
IPTraffic
XMPP
VirtualizedServicesDirectory
VirtualizedServicesController
VirtualRouMng&Switching
Hypervisor
VirtualRouLng&Switching
Hypervisor
*Hyper-Vsupportedinanupcomingrelease
VirtualizedRouMngandSwiMng(VRS)VirtualizedRouMngandSwitching(VRS)
Copyright2015Alcatel-Lucent.Allrightsreserved.
① Openstackreceivesrequestforcomputeassets② VMinstanLatedonhypervisors③ EventtriggersNuageVRSwhichinformsVSCofVMplacement
a. VSCqueriesVSDonpolicyb. VSDissuesVSCwithnetworkservicetemplatec. VSCdeployspolicytoapplicableVRS’s
④ NetworkservicesarecreatedbasedonpolicyfromVSD
CloudServiceNetworkInstanMaMonwithNuageNetworks
NetworkconnecLvityinstanLated
CloudServiceManagementPlane
DatacenterControlPlane
DatacenterDataPlane
VirtualRouLng&Switching
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
NetworkServices
4
CloudManagertoHypervisorcom
municaLons
BrooklynDatacenter-Zone1
Domain
Subnets
VPNInternet
ZonesPolicies
Copyright2015Alcatel-Lucent.Allrightsreserved.
CloudServiceNetworkInstanMaMonwithNuageNetworks
InterDatacenterwithmulLpleCloudManagers
CloudServiceManagementPlane
DatacenterControlPlane
DatacenterDataPlane
BrooklynDatacenter-Zone1
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
CloudManagertoHypervisorcom
municaLons
HYPERVISOR
HYPERVISOR
HYPERVISOR
BrooklynDatacenter-Zone2
HYPERVISOR
HYPERVISOR
HYPERVISOR
NetworkServices
VirtualizedServicesController
ManhawanDatacenter-Zone2
FederaLonofControllers
Domain
Subnets
VPNInternet
ZonesPolicies
Copyright2015Alcatel-Lucent.Allrightsreserved.
CloudServiceNetworkInstanMaMonwithNuageNetworks
FederatedInterDatacenterServices(mulLpleCMS)
CloudServiceManagementPlane
DatacenterControlPlane
DatacenterDataPlane
BrooklynDatacenter-Zone1
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
CloudManagertoHypervisorcom
municaLons
HYPERVISOR
HYPERVISOR
HYPERVISOR
BrooklynDatacenter-Zone2
HYPERVISOR
HYPERVISOR
HYPERVISOR
NetworkServices
ManhawanDatacenter-Zone2
FederaLonofControllers
EdgeRouter
MPLS(MP-BGP)
ServiceProviderControlPlane
ServiceProviderDataPlane
BusinessVPNService
PrivateDatacenter
MP-BGPMP-BGP
Domain
Subnets
VPNInternet
ZonesPolicies
Copyright2015Alcatel-Lucent.Allrightsreserved.
Nuage+Arista=Awesome
Copyright2013Alcatel-Lucent.Allrightsreserved.
Hypervisor Agnostic Broad Ecosystem of Technology partners
Bare metal & virtual Workloads
þ Service Chaining
þ Policy Abstraction
þ L2 and L3 Virtualization
þ Statistics & Analytics þ Underlay/ Overlay Correlation
þ End to End service design
þ OPEN and Standards based
þ Programmable/ Extensible
þ Config/Image/Inventory Mgmt
þ Automation, Network Telemetry
þ CMS Integration
þ Physical /Virtual Management
þ App and NW Visibility
VirtualizedServicesPlaiorm(VSP)
þ Unified operational model
*AristaStrictlyPrivate&ConfidenLal–sharedunderNDAonly
þ VXLAN HW VTEP
AristaandNuageNetworksSoluMon
AristaEOSProgrammableUnderlayAristaHWVTEP
þ Arista EOS (Linux)
þ Restful API / SDK / Plug-ins and Eco-system
Copyright2013Alcatel-Lucent.Allrightsreserved.
AristaProvisioningwithCVX
config>vswitch-controller#info----------------------------------------------xmpp-server"[email protected]”open-flowserver-key"cf1:/private.key”server-cerLficate"cf1:/private.crt”apply-tls-valuesexitxmppexit
showvswitch-controllervswitches=================================================VSwitchTable=================================================vswitch-instancePersonalityUpLmeNumVM/hostIf/BridgeIf-------------------------------------------------------------------------------va-10.102.127.248/1HW-VTEP3d20:39:140/0/0
VSC/TiMOS
interfaceVxlan1vxlansource-interfaceLoopback1vxlancontroller-clientvxlanudp-port4789vxlanvlan100vni100000vxlanvlan110vni110000
Arista HW-VTEP
sh int vxlan 1 Vxlan1 is up, line protocol is up (connected) Hardware is Vxlan Source interface is Loopback1 and is active with 10.102.127.249 Replication/Flood Mode is headend with Flood List Source: VCS Remote MAC learning via Datapath Static vlan to vni mapping is [100, 100000] [110, 110000] Dynamic vlan to vni mapping for 'vcs' is [210, 140] Headend replication flood vtep list is: 100 10.102.127.249 10.102.127.248 110 10.102.127.249 10.102.127.248 210 10.102.127.249 10.102.127.248
Arista VTEP
VSD ARISTA-CVXXMPP OVSDB
VSC
cvxnoshutdownservicehscnoshutdownvtepfloodlisttypeallmanager172.16.163.53servicevxlannoshutdown
Arista CVX
NuageVSP
Copyright2015Alcatel-Lucent.Allrightsreserved.
HowtheSoluMonWorks–Workflow
20
VirtualRouLng&
Switching(VRS)Hypervisors,servers
NuageNetworksVSP
VXLAN
BareMetalServers
VirtualizedServicesDirectory(VSD)
VirtualizedServicesController(VSC)
HW VTEP
VSCsendsserviceawributestoAristaoverOVSDB
4
VSCsendsremoteMAClisttoAristawheneveranewhostorendpointisdiscovered(SWorHWVTEP)
6
VSDprovisionstheAristaHWVTEPs• DiscoversAristaHW
VTEPviaVSC• AssignsAristaports
toenterprisetenants
• ConfiguresVLANs• Extendspoliciesto
includebare-metalworkloads
2
VSDsendsserviceinformaLontoVSC
3AristaHWVTEPisconfigured• Port/VLAN
mappingtoVXLAN,VXLANVNID&listoftunnels
5
ConfigureVSConAristaswitch• VSC-Arista
OVSDBcontrolestablished
1
1
2
3
4
56
OVSBD
Copyright2015Alcatel-Lucent.Allrightsreserved.
NuagevsNaMveOVSinOpenStack
Copyright2015Alcatel-Lucent.Allrightsreserved.
OpenstackArchitecture
Nuage
Copyright2015Alcatel-Lucent.Allrightsreserved.
NeutronDatapathonComputeOVSPluginvs.NuageVRS(insertedonKVMHypervisors)
vm1Test Tenant
eth0
vm2Test Tenant
eth0
vm1Test1 Tenant
eth0
tapxx
alubr0
eth0
tapxx tapxx
VXLAN encapsulated
OVSDatapath(supportsL2only)
NuageDatapath(supportsdistributedL2,L3,FloaLngIP,…)
PolicyconfiguraLonfrom
VSC/VSD
Copyright2015Alcatel-Lucent.Allrightsreserved.
NeutronL3DatapathwithNuageSDNIntegraMon
OpenStack Compute Host
alubr0
OpenStack ComputeHost
alubr0
Hardware Gateway
VXLAN
VXLAN
test0 test1
A B
test2 test3
A B
VRS-G software gateway
alubr0
VXLANVXLAN
VXLAN
eth0
ML2OVS/NetworkNode NuageVSP
Copyright2015Alcatel-Lucent.Allrightsreserved.
ComparetoNeutron+Nuage
§ SingleOVSBridge§ IsFlow-Based§ PerformsFirewalling,
Switching,RouLng,NAT,…§ ProcessesARP,DHCPLOCALLY
§ NoDedicatedNetworkNodefor§ non-DVRcase:RouLng,DNAT,
SNAT,DHCP§ DVRcase:SNAT,DHCP
VRS(SingleOVSbridge)
Copyright2015Alcatel-Lucent.Allrightsreserved.
OpenStackNaLvevsNuageNetworks
ControlPlanehooksintoNeutronAPI
NovaHorizon
pyNeutronClient
=Bowleneckstoscale-outathigh#ofnodes,orhighrateofchange
VSD
ScalesoutusingMP-BGPSelecLvelydownloadsandprogramsforwardinginformaLononeachVRS
VSC VRS
Copyright2015Alcatel-Lucent.Allrightsreserved.
§ NuageintegrateswiththeOpenStacknetworkingmodule(Neutron)§ Havana,Icehouse,JunoandKiloandLibertyaresupported§ Havana,IcehouseareEOL
§ OntheControllerNode:§ TheNuageplug-inisaddedasaNeutronCorePlugin§ NootherNeutronplug-insneeded§ Nodatatraffictothenetwork/controllernode
§ OntheComputeNode:§ NoNeutronAgentsneeded§ InstallVRSandnova-computeoncomputenode
ComponentsIntegraMontoOpenstack
Copyright2015Alcatel-Lucent.Allrightsreserved.
VSDServiceAbstracLonsintoTemplatesandPolicyrulesVirtualizedServicesDirectory(VSD)
Enterprise
Domain Zone Subnet
vPorts
vPortsL2Domain
Copyright2015Alcatel-Lucent.Allrightsreserved.
#OpenasessionwithVSDsession=vsdk.NUVSDSession(username=vsd_user,password=vsd_pass,enterprise=vsd_org,api_url="hwps://"+vsd_ip+":8443",version="3.2")#StartthesessionandgetusercredenLalsession.start()user=session.user#CreateanorganisaLonOrganizaLon=vsdk.NUEnterprise(name=“myOrganizaLon”,descripLon=“thebestobviously)user.create_child(OrganizaLon)#CreateaTemplatedomain_template=vsdk.NUDomainTemplate(name=“myL3template”)OrganizaLon.create_child(domain_template)domain=vsdk.NUDomain(name=“mydomain”)OrganizaLon.instanLate_child(domain,domain_template,commit=True)#CreateaZoneinthedomainzone1=vsdk.NUZone(name=“zone1”)domain.create_child(zone1)#CreateaSubnetinthezonesubnet1=vsdk.NUSubnet(name=“subnet1”,address=“10.56.107.0”,netmask=“255.255.255.0”,gateway=“10.56.107.1”)zone1.create_child(subnet1)
PythonexampleofL3domaintoSubnet:
Copyright2015Alcatel-Lucent.Allrightsreserved.
DemoSetup
30
11/30/15
Copyright2015Alcatel-Lucent.Allrightsreserved.
AddiMonalcodeexamplesforusecaseshwps://github.com/nuagenetworks/vspk-examples
Copyright2015Alcatel-Lucent.Allrightsreserved.
Copyright2015Alcatel-Lucent.Allrightsreserved.
IndustryGroupsCorePartners DifferenMaMngPartners
StrategicEnterprisePartners
EcosystemPartners
Full-FledgedPartnerProgram
Copyright2015Alcatel-Lucent.Allrightsreserved.
PhysicalSwitches DPDKSwitches
NuageVSPCore+ExtensibilityFramework
ProgrammableDistributedDP(LocalBreakout)
APLaaSIntegraMon
FWK
HybridCloud
NorthboundRESTAPIs/SDKs
Arista
7850VSG
HP5930 VirtualSwitchesvSR
OSS
VNS
LBaaS
FWaaS
Openness-conMnued…
11/30/15
34
Copyright2015Alcatel-Lucent.Allrightsreserved.
35
THANKYOU
Copyright2015Alcatel-Lucent.Allrightsreserved.
NuageNetworksReferencesandResources
§ NuageGitRepo:hwps://github.com/nuagenetworks§ PyPIinstallaLonVSDCLIandVSPK:§ hwps://pypi.python.org/pypi/vsdcli/1.0.0.1§ hwps://pypi.python.org/pypi/vspk§ hwps://pypi.python.org/pypi/bambou/1.0.0§ Emailus:[email protected]§ NuageSDNResourceCenter:
hwp://www.nuagenetworks.net/about-our-company/resource-center/§ Videos:hwps://www.youtube.com/user/nuagenetworks
Copyright2015Alcatel-Lucent.Allrightsreserved.
§ NuageVirtualRouLngandSwitchingAgent(VRS)§ VXLANTunnelEndPoint(VTEP)
§ SoOware(SW)VTEPreferstoaNuageVRS§ Hardware(HW)VTEPreferstoanAristaSwitch
§ VXLANencapsulaLonisusedfordatapathtrafficbetweenVTEPs§ VXLANtunnelsarecreatedbetweenVTEPs§ AristaswitchesarealsoprovisionedfromtheNuageVirtualizedServices
Director(VSD)whichisthePolicyEngine§ OVSDBProtocolisastandards-basedcontrolplaneprotocol
§ OVSDBVTEPSchemaisusedtoprovisiontheAristaHWVTEPfromtheNuageVirtualizedServicesController(VSC)
§ ProvisionVLAN,VxLAN,PortinformaLon§ ProgramremoteMACswhenanewSWorHWVTEPisdiscovered
37
Terminology/DefiniMons
