Upload
openstack-korea-community
View
883
Download
0
Embed Size (px)
Citation preview
1. Cloud & Mobile
Networking is Changing
3. Containers and PaaS
2. The Application is the Network
What does this mean for OpenStack Networking?
We are in the 3rd fundamental structural transition in the history of IT
Cloud Computing
We are here
Mainframe
Mainframe
PC Revolution
Client/Server
Cloud
Cloud
• Mobile Devices & Clouds
(public & private)
• Software Defined
• Local Applications
• Minor role for networking
• Desktops & Servers
• Campus Networks
• Data Centers
Networking for Mobile & Cloud
• traceroute to demo-aws.eng.vmware.com (52.35.205.45), 64 hops max, 52 byte packets
• 1 * * *
• 2 50-254-159-158-static.hfc.comcastbusiness.net (50.254.159.158) 3.367 ms
• 3 50.184.162.1 (50.184.162.1) 26.484 ms
• 4 te-0-2-0-15-sur04.santaclara.ca.sfba.comcast.net (162.151.30.113) 13.716 ms
• 5 hu-0-3-0-4-ar01.hayward.ca.sfba.comcast.net (68.87.192.241) 30.744 ms
• 6 hu-0-0-0-0-ar01.santaclara.ca.sfba.comcast.net (68.85.154.249) 27.420 ms
• 7 be-33651-cr01.sunnyvale.ca.ibone.comcast.net (68.86.90.93) 16.763 ms
• 8 he-0-12-0-0-pe02.529bryant.ca.ibone.comcast.net (68.86.86.166) 29.906 ms
• 9 as16509-2-c.529bryant.ca.ibone.comcast.net (66.208.229.30) 20.418 ms
• 10 * * *
• 11 * * *
• 12 205.251.229.68 (205.251.229.68) 48.178 ms
• 13 205.251.232.145 (205.251.232.145) 35.174 ms
• 14 54.239.48.191 (54.239.48.191) 39.651 ms
• 15 205.251.232.151 (205.251.232.151) 49.356 ms
• 16 205.251.230.125 (205.251.230.125) 32.864 ms
CONFIDENTIAL 5
For mobile users, companies no longer control the networking hardware
Example:
• Working from Starbucks on an AWS demo.
• My IT department controls 0% of networking hardware
• It is still responsible for security & compliance
Clouds are the New SilosIT Department Nightmare: Different teams, different technology stacks, different security & compliance
On-Premises Datacenter
Multi-Cloud NetworkingCompanies need to extend networks across public clouds
On-Premises Datacenter Multi-Cloud Networking
Web
Portal
Retail
App
Web
PortalBig Data Big Data
Tomorrow’s NetworkingConnect and Secure Applications across Private and Public Multiple Clouds
Connect & Secure
• Create private networks within
or across clouds
• Define logical switches routers
• Use firewalls to segment
applications
• Service Insertion
• Distributed Enterprise Edge
Internet
Networking is Changing
2. The Application is the Network
1. Cloud & Mobile
3. Containers and PaaS
What does this mean for OpenStack Networking?
THE APP HAS EVOLVED
INTO A NETWORK
INFRASTRUCTURE HAS
EVOLVED INTO A
SOFTWARE PLATFORM
VIRTUALIZATION
Networking is Changing
3. Containers and PaaS
1. Cloud & Mobile
2. The Application is the Network
What does this mean for OpenStack Networking?
Host
Hypervisor
ContainersContainers are emerging as the application management layer of choice
App
bin/libs
OS
App
bin/libs
OS
App
bin/libs
OS
bin/libs
OS
Application ContainersVM Applications
Application Containers
Host
Ap
p
Ap
p
Ap
p
Ap
p
Ap
p
Ap
p
Ap
p
Ap
p
Ap
p
Containers
bin/libs
Container Networking
Containers run inside of VMs
• One VM per server per security domain
• Containers often behind NAT
• No container level networking
Does this make sense?
It actually does…
16
Enterprise model today
VM
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Hypervisor
VM
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
vSwitch
Container Networking
Two levels of vSwitch
• First layer vSwitch inside the container VM
• Second layer vSwitch inside the Hypervisor
• Container level networking
17
In the future, container level visibility
VM
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Hypervisor
VM
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
vSwitch
vSwitch vSwitch
1818
Hypervisor Hypervisor Hypervisor
Guest
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Guest
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
Co
nta
ine
r
vSwitch vSwitch
Guest
Co
nta
ine
r
Conta
iner
Co
nta
ine
r
Co
nta
ine
r
vSwitch
Physical Network Infrastructure
Internet
Containers – More Secure with a HypervisorHypervisor provides a security control point
Container Networking
• Attacker can’t escalate from container to vSwitch
• Does not gain physical network access
• Ability to spread is limited
Networking is Changing
1. Cloud & Mobile
3. Containers and PaaS
2. The Application is the Network
What does this mean for OpenStack Networking?
OpenStack Networking TodayPhysical and Virtual Networks connect Virtual Machines
Physical Network
Virtual Network
Tomorrow: Cross-Platform NetworkingYour network needs to manage many different types of endpoints
Physical Network
Virtual Network
Hyper-V
Example: NSX for OpenStack and Amazon Web Services
22
Native support for AWS instances with coherent services and security posture for on and off-premise
22
AWS Cloud
Data Center
Web
Server
HR
Server
Developer
Launches instances
via Amazon console
Amazon Web
Services• Native AWS Server
instances (AMI’s)
• Added to NSX virtual
networks via policy
On-Premise NSX/vSphere
• AWS instances are added to logical switch
• Consistent security posture on-premise and in cloud
• AWS instances leverage services
…
IT Administrator
Defines network and
security policy
Internet
CONFIDENTIAL 23
On-Prem Data Center(Today) Containers
(2016)
Public Clouds(2016)
Virtual Desktop(VDI)
Mobile Devices(Airwatch)
Internet of Things(Roadmap)
Branch Offices(Partner)
Networking is Evolving
• H/W networks no longer under IT control (e.g. mobile, IoT, public clouds)
• Challenge is security, compliance and QoS
NSX Everywhere
• An overlay to manage network policy
• Spans many types of underlying networks
• Transparent app-level security across clouds
Example: NSX for OpenStack and beyond…Managing Security and Connectivity for many Heterogeneous End Points