implementing vcpe with openstack and software defined networks

OpenStack Summit | Austin, TXImplementing vCPE with OpenStack and SDN

Copyright © PLUMgrid, Inc. 2011-20162

IntroductionSpeaker(s)

Sr Director Product & Solution Marketing, PLUMgrid

AlariaValentina

Strategy & Content, Canonical

BaumanBill

Solution Architect,Canonical

GonzalezRafael

3

Intro to Canonical & PLUMgrid Solutions


Reusable operational componentsFaster. Smarter. Better. Everywhere.

Open source application modelling

reuse requires encapsulatione.g. deb, rpm


“provides neutron-api-plumgrid”

“consumes neutron-api-plumgrid”

Charms declare “interfaces”

PLUMgrid/Neutron relationneutron-

api-plumgrid

neutron-api-plumgrid

neutron-api

plumgrid-edge nova-

cloud-controller

mysql

keystone

rabbitmq-server

PLUMgrid Charm

Neutron Charm


NFV-related Juju charms

Telco-specific vendors creating Juju charms of their VNFs

EurecomVantrix6WINDOpenCellTelestaxhSenid Mobile

• PLUMgrid ONS (vCPE)• Affirmed EPC• Expeto EPC• Metaswitch IMS, SDN• Genband• Nokia• Cisco• Spirent


Juju - Open Source Generic VNFM

Bundle

Universal Service Modeling (Juju)Universal Service Modeling (Juju)

generic VNFM (Jujun)

VIM1VIM1

VIM1VIMn

RIFT.io / OSM

App IM (Juju)

Charm(VNFDa)

Charm(VNFDb)

Charm(VNFDc)

NFViNFVi

NFViNFVin

VNFa

vCPE

Catalog

VNFc

EMS

NFV-O

API’sCLI

API’s

API’sCLI

NetOps IM (OSM)


the phase change of modern softwarescale, topology, momentum

this is the age of big software


PLUMgrid – Comprehensive Networking Offering Extensive software-only SDN and NFV solution for OpenStack® Clouds

Security & Compliance Support with built-in isolation, micro-segmentation via Virtual Domains & BYO service

Operational tools with proactive visibility & analytics (powered by CloudApex)

Virtual networks provisioned by users

Scalable, distributed & highly available architecture enables Production Deployments


Behind the covers: IO Visor Project

BPF program written in C

Translated into eBPF instructions (LLVM)

Loaded in kernel and executed

Hooked at different levels of Linux Networking Stack

HW/veth/tap

TAP/Raw

driver

netif_receive_skb()

TC / traffic control

Bridge hook

IP / routing

Socket (TCP/UDP)

BPF

BPF

BPF


Virtual Domain

Dis

tribu

ted

Pol

icy

Enf

orce

men

t Zon

e

Edge Policy

Enforcement Point

Service Insertion Architecture

3rd party Network Function(FW/LB/IPS and others)

1. Firewall in L3 or TRANSPARENT mode, it IS seen from a topology point of view

2. ALL traffic goes through the Firewall

3. Tenant is aware that the Firewall is there

13

vCPE Challenges


Classic CPE modelCustomer Premises Equipment as a standalone device

• CPEs are standalone nodes• Complex software, prone to failure• Cheap hardware, prone to failure• Need to provide IPAM, QoS, FW, NAT, dynamic routing…• Can’t be easily upgraded or serviced

Service Provider’s PoP

15

Cloud vCPE Model


SDN / NFV modelSeparation of control and data planes

Control PlaneDeployed as virtualized software (optionally, in the cloud)

• “Remote control” of service from Telco premises• Easy to troubleshoot, patch or upgrade• CI/CD for Network software• Customer features developed independently of HW cycles

Data PlaneDeployed in a simplified version of the physical CPE

• “Passive” data plane• Commoditized hardware• “Evolved phone jack”• Less prone to failure


Cloud vCPE ModelMove all “VNFs” to the Cloud

• Device at the customer premises is a simple L2 switch• All L3-L7 functions virtualized and moved to the cloud

• Routing• Security• NAT• Multicast• QoS

DNS

Internet


Cloud vCPE Model ChallengesMove all intelligence and service enforcement to the cloud

• Virtualizing network functions brings significant improvements• Software economics and dynamics• Servicing and Operations• Upgrades

• But Metro networks and Home networks are very different: can we send all home traffic to/from the cloud for processing?• Broadcast storms• QoS / Aggregation / Contemption• UPNP, DLNA, NAT, Multicast for video… across the metro network?• Latency, Jitter• Security

• Loss of Internet connectivity anyone ?This is a LANThis is NOT a LAN!

DNS

Internet

19

Tethered Cloud vCPE Model


An improved virtual CPE model“Tethered CPE”: Local enforcement, remote control

Service Provider’s Cloud

• “Common network functions”: Local enforcement, remote control from the Service Provider cloud• (DHCP, IGMP/multicast, FW, NAT, BUM filtering, etc.)

• “Headless operation of data plane” – the CPE can keep working without a WAN connection• Combine with advanced third-party network functions instantiated in the the cloud to form a complete service

graph• Advanced Firewall• DPI• WAN optimization• Captive portal• CDN…

Control and command

Internet

Tethered CPEData Plane

Tethered CPEControl Plane

CDN Portal DPIWAN Op. Adv. FW

DEMO

21


vCPE Demo Logical TopologyCombining “Cloud VNFs” with “SDN VNFs”

Adv. FW

Provider Cloud (Ubuntu Openstack)

Internet

Customer Premises (CPE)

DPI

SDN VNFs: Purple icons represent virtual network functions implemented in the SDN layer. They’re fully distributed and run inside the kernel of the CPE and the Openstack compute nodesCloud VNFs: Orange icons represent third-party network functions implemented as Virtual Machines or Containers in userspace.

DPI

Portal

Access/MetroNetwork

Visit PLUMgrid @ C21 & Canonical @ A20

THANK YOU!

implementing vcpe with openstack and software defined networks

Technology