Infrastructure as Code by Andreas Roeder

CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION

© 2016 Nokia. All rights reserved. Nuage Networks is a Nokia venture.

Infrastructure as CodeAndreas Roeder – Nuage

[email protected]

@roeder_andreas

mailto:[email protected]



Networking in OpenStack

What are we trying to address?



OVS Plugin vs. Nuage VRS (inserted on KVM Hypervisors)

Neutron Datapath on Compute – SDN Insertion

GRE Encapsulated

br-int

br-tun

patch-tun

patch-int

Port VLAN:10 Port VLAN:20

VM1Tenant A

VM2Tenant A

VM3Tenant B

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

ventb

qvob

qbrc

qvbc

vnetc

qvo

gre-10.0.0.1

eth0

TAP Device

veth pair

Linux Bridge

Open vSwitch

Configured by Nova Compute

Configured by Neutron L2 Agent

o Tenants will be separated by internal assigned VLANS

o VLANS will be mapped egress towards GRE tunnels which are unique by tunnel ID

VM1Tenant A

VM2Tenant A

VM3Tenant B

eth0eth0eth0

tapa tapb tapc

alubr0

VXLAN Encapsulated

eth0

Policy Driven Configuration from

Nuage VSP

OVS Datapath(supports L2 only)

Nuage Datapath(supports distributed L2, L3, Floating IP,…)

PHY Port



Datapath

Differentiation to Neutron with Nuage

br-intint-br-ext

VM1Tenant A

VM2Tenant A

VM3Tenant B

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

vnetb

qvob

qbrc

qvbc

vnetc

qvoc

TAP Device

veth pair

Linux Bridge

Open vSwitch

VM3Tenant B

eth0

qbrd

qvbd

vnetd

PHY Port

qvod

br-ext

phy-br-ext

Internal Router Namespace

qr-f qr-g

IP IP IP IP

IP IP

qr-fqrouter-y

Internal Router Namespace

qr-h qr-j

IP IP

qr-n qrouter-z

Floating IPNamespace

qfloat-x qf-nqr-m

qf-x

br-tun

int-br-tun1

int-br-tun1

Flow Table entry

Flow Table entry

DVR AGENT(Enhanced L3

Agent)

Private Network

eth1

Public Network

eth0

Ext-IP

alubr0VRS

(Single OVS bridge)

o Single OVS Bridgeo Is Flow-Basedo Performs Firewalling,

Switching, Routing, NAT, …

o Processes ARP, DHCP LOCALLY

o No Dedicated Network Node for o non-DVR case:

Routing, DNAT, SNAT, DHCP

o DVR case: SNAT, DHCP



Compute NodeCompute Node

Compute Node Network Node

br-int

qbr..

Neutron L3 Datapath in OpenStack

VM1Tenant A

VM2Tenant A

A Q

B

C

qbr..

R

S

D T

br-tun

E

F

G br-tunH

br-int

J

I

M O

dhcprouter

PN

Kbr-ext L

ML2 OVS/Network Node

VM1Tenant A

VM2Tenant A

A B

VM1Tenant A

VM2Tenant A

C D

alubr0 alubr0

VRS-G Software GW

alubr0

Hardware GW

alubr0

VXLAN VXLANVXLAN

VXLAN

Nuage VSP



Evolution on Openstack Integration

Neutron Server

Neutron Core Plugins Neutron Service PluginsN

uag

eC

ore

Nu

age

FWaa

S

Nu

age

Port

A

ttri

bu

tes

Nu

age

Sub

net

Nu

age

Po

rt

ML2

Co

re

Type DriverMechanism

DriversExtension

Drivers

VLA

N

GR

E

VxL

AN

Nu

age

Vir

tio

SRIO

V N

IC

Swit

ch

Drivers for change

1. Work together with SRIOV ports

3. Implement fabric automation for SRIOV port

4. Implement fabric automation for eg. Ironic

2. Implement OS-Managed in ML2 context

Nu

age

AP

I

Nu

age

L3

Nu

age

Bar

eMet

al

Nu

age

SRIO

V

Nu

age

Net

To

po

logy



Nuage Offers Automated Integration with each

Regular Virtio AVRS/DPDK SRIOV Stateless VXLAN Offload

OVS Offload

Integration Model Regular VRS Accelerated VRS

Automated mapping of VF to VTEP

Regular VRS + Kernel VXLAN offload

Regular VRS + Kernel/DPDK FastPathimplementation

VTEP Implementation

Integration Caveats Requires dedicated cores

Requires mapping to NICNeeds driver support in VM

Requires VXLAN offloadsupport by NIC

Requires OVS offloadsupport by NIC DPDK Fast Path either in VM or in HV



What Nuage Adds on top?What is really needed?!

7/19/2017

8



Networking compared… Distributed Switching

Distributed Routing

Distributed SNAT

Distributed FIP – with support on L3 Fabric

BGP – Software / Hardware VTEP support Rich import/export policy control

MP-BGP for L3VPN interconnect

QoS – Port + FIP + BUM Rate Limit

QoS - DSCP Tagging, Remapping

Multiple FIP Subnet Pools against router

Policy Based Traffic Mirroring

…

9

7/19/2017

Distributed Switching

Distributed Routing

Centralized SNAT

Distributed FIP on L2 Fabric

BGP - software only

QoS – Port Rate Limit

BM Mapping to admin subnet



Networking compared… Cross-Tenant Routing

Route Leaking to Shared Hub

BareMetal mapping to Tenant subnet

Optimized L3 Multicast Send/Receive

Direct Routing to Underlay for

Direct BM access

Exit without network node / gateway

Port-Address-Translation

DC-Interconnect

Detailed Network Analytics

10

7/19/2017



Single SDN API for a diverse Applications / Infrastructure

Its not just the VM and OpenStack anymore, is it?



VSD

API / REST / Python / GO…

VSDVSD

VSC VSCBGP

XMPP

ESXi KVMVRS VRS

BM

VTEP

DCI

Hyper-VVRS

XENVRS

XLC / Docker

VRS

Nuage Detailed Architecture



Where is the Code?

7/19/2017

13



41 projectsPlugins to Openstack (inc

OSPd)Deployment Tools

SDKScripting examples

Github.io page

Community / Open Source - Initiatives

http://nuagex.io

[email protected]

Present at



Example RESTful API

(Simplified) API call by the user to retrieve domain information on VSD



Nuage L3 Domain Workflow mapping



Nuage VSP

Compute request

Network segment

request

Security Policy Request

Deploy TLA

Agile Scrum

TeamContinuous

Integration

Nuage in typical Pipeline

Source

ControlContinuous

Deployment

Application

Orchestration

IDE

ToolsConfiguration

Management

ServiceNow

Rally

Pagerduty

Puppet

Chef

Ansible

Incident

Management

Mesos

Ansible

CoreOS

Kubernetes

HP Cloud AutomationThoughtworks GO

Code Deploy

Drone

Packer

TravisCI

Shippable

Jenkins CI

GitHub

GitLab

BitBucket

Build Packs

Eclipse

Vagrant

Docker Compose

Jira

Rally

Application

+

Feedback Loop



Recap

7/19/2017

18



Nuage Networks for Policy-Driven Virtualized Networking across any environment

Physical servers Virtual Machines

Virtual Services Platform (VSP)

Containers Public CloudHW VTEP

OVSDB SW



Nuage NetworksData Center

VSD VSC

lab01.nuagex.io

PrivateData Center

Want to try?!



Nuage Networks

Open Platform

Open Source SDK (github.io/nuagenetworks)

Open Doors

Nuage Networks VIP Program

Nuage X (nuagex.io)

We are there – talk to us!

nuagex.io



7/19/2017

22

THANK YOU

Technology

Infrastructure as Code by Andreas Roeder