do or don't - there is no try ; consistent networking via sdn in openstack – manchester uk...

CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION

Doordon't-thereisnotry;consistentnetworkingviaSDNinOpenStack–ManchesterUKMeetup

@nuagenetworks

Introduc1onWhatisallofthisabout?

17/08/16

AboutNuageNetworks-SDN§  NuageisaEuropeanstartupwithofficesintheSiliconeValley

§  AnNokiabackedventurefocusedondatacenterandbranchofficenetworkevolu\onfortheSo]wareDefinedCloudCompu\ngWorld

§  Crea\onofanAbstrac\on&Automa\onlayerbetweennetworkingdecouplingHardware

§  APIandPolicynetworkingdesignreflec\ngbusinessdirec\ves,notnetwork

§  Ac\veinmanydiverseNetworkingForumsandOpenSourceProjects

NuageispureSo:wareDefinedOverlayNetworkingTunnelsbetweenEndpointsprovideL2andL3services

FullydecoupledfromHW

NaturalfitforCloudandmore

Tunnels“Overlay”thePhysicalnetworkandprovideisola\on

GatewayRouters=OverlayExitpoint

CurrentnetworkingArchitecturesinOpenStack

Whatarewetryingtoaddress?

17/08/16

OVSExtensionvs.NuageVRS(insertedonKVMHypervisors)NeutronDatapathonCompute–SDNInser1on

GREEncapsulated

br-int

br-tun

patch-tun

patch-int

PortVLAN:10 PortVLAN:20

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

gre-10.0.0.1

TAPDevice

vethpair

LinuxBridge

OpenvSwitch

ConfiguredbyNovaCompute

ConfiguredbyNeutronL2Agent

o  Tenantswillbe

separatedbyinternalassignedVLANS

o  VLANSwillbemappedegresstowardsGREtunnelswhichareuniquebytunnelID

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

tapa tapb tapc

alubr0

VXLANEncapsulated

PolicyDriven

Configura1onfromNuageVSP

OVSDatapath(supportsL2only)

NuageDatapath(supportsdistributedL2,L3,Floa\ngIP,…)

PHYPort

17/08/16

OVSDatapathComparetoNeutron+Nuage=SingleBridge

br-intint-br-ext

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

TAPDevice

vethpair

LinuxBridge

OpenvSwitch

VM3TenantB

PHYPort

br-ext

phy-br-ext

InternalRouterNamespace

qr-f qr-g

IP IP IP IP

qr-fqrouter-yInternalRouterNamespace

qr-h qr-jIP IP

qr-n qrouter-z

Floa\ngIPNamespace

qfloat-x qf-nqr-m

br-tun

int-br-tun1

FlowTableentry

DVRAGENT(EnhancedL3

Agent)

PrivateNetwork

PublicNetwork

Ext-IP

alubr0VRS

(SingleOVSbridge)

o  SingleOVSBridgeo  IsFlow-Basedo  PerformsFirewalling,

Switching,Rou\ng,NAT,…

o  ProcessesARP,DHCPLOCALLY

o  NoDedicatedNetworkNodeforo  non-DVRcase:

Rou\ng,DNAT,SNAT,DHCP

o  DVRcase:SNAT,DHCP

ComputeNodeComputeNode

ComputeNode NetworkNode

br-int

17/08/16

Op\misedwith3rdPartySDNNeutronL3Datapath

VM1TenantA

VM2TenantA

br-tun

br-tunH

br-intJ

dhcprouter

br-ext L

ML2OVS/NetworkNode

VM1TenantA

VM2TenantA

VM1TenantA

VM2TenantA

alubr0 alubr0

VRS-GSo]wareGW

alubr0

HardwareGW

alubr0

VXLAN VXLANVXLAN

NuageSDN

NeutronServer

RabbitMQ

L3Agent

OVSAgent

MetadataProxy

MetadataAgent

Keepalived

dnsmasq

NetworkNode

OVSAgent

ComputeNode

RabbitMQ

Nuage3rdPartySDNArchitectureDifferen1a1ono  NeutronrequireshighDatabasereadandwriteopera\onsandMessaging(RabbitMQ)

o  SincethereisNOseparatecontrolplane,Neutronserverhastodealwitheverycomputenodewithoutanyoffload

o  NodatabaseinquirycachesupportedfortheDatabasewhichtremendouslyincreasedDatabasereadpressure

o  SQLAlchemyDatabasetoolkitdesigninneutroncodeaddsDatabasepressureandMetadatacachinginefficiency

SDNforadiverseApplica1onWorld

ItsnotjusttheVMandOpenStackanymore,or?

17/08/16

Physicalservers VirtualMachines Containers PublicCloud

VSP=Policy-DrivenVirtualizedNetworkingforallEnvironments

Samepoliciesandtemplatescanbeusedacrossanyendpoint:OpenStackVMs,Containers,PaaSorPhysical

L3Service“FrontEnd”withSecurity“High”,NAT,BW=10Mbps,QoS“Silver”

L2Service“SQL”withSecurity“Medium”,nopublicaccess,QoS“Gold+”

DOCKERContainers KVMVirtualMachines Physical&Baremetals

SDNREQUIRMENTSFORcontainers§  IntegrateswithDeveloperandOpera\onsworkflows§  Supportshybridapplica\onenvironmentswithcontainers,VMs

andBMSs§  AssignIPaddressestoContainers(no-NATing)§  GranularSecurityPolicyframework§  Highperformancesolu\onthatconvergesquicklyduringpeak

containerac\va\on/deac\va\onevents

Nuage3rdPartyArchitectureHowtoimproveallofthat?

17/08/16

UseCases:

17/08/16

CloudInfrastructureFramework

(X)aaSIntegra1onFramework

HybridCloud

Connect

VPNaaS

ProgrammableDataPlane

DemoOverview1/2

17/08/16

§  SetupbasedonOpenStackLibertytogetherwithNuage4.0

§  NonHASetup

Demo/QnA

ThenewlyannouncedvspkandassociatedtoolsarenowavailableonGitHubandPIP:hups://github.com/nuagenetworks

NuageNetworksCommunityForums

17/08/16

THANKYOU

do or don't - there is no try ; consistent networking via sdn in openstack – manchester uk...

Technology

barbican nova chef openstack openstack charms cinder...

openstack installation (icehouse) openstack

robert collins openstack on openstack 201304162

ptg dulin schedule - openstacklists.openstack.org ›...

red hat openstack platform 16 · scripts also perform...

cloud networking (vitmma02) network virtualization...

spectrum scale openstack integration -...

openstack operations guide - openstack docs: current

networking openstack: advanced - onecloud classes |...

vmware integrated openstack installation and … integrated...

openstack deployment manual - bright...

openstack training - openstack summit atlanta

openstack deployment...

openstack on openstack

openstack-ansible · openstack-ansible simple flexible...

manchester openstack meetup: i have an openstack cloud, now...

how to deliver high performance openstack cloud: christoph...

openstack & ubuntu (india openstack day)

openstack networking quantum · openstack...

joint openstack kubernetes environment (openstack summit)