do or don't - there is no try ; consistent networking via sdn in openstack – manchester uk...

CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.

Doordon't-thereisnotry;consistentnetworkingviaSDNinOpenStack–ManchesterUKMeetup

@nuagenetworks



Introduc1onWhatisallofthisabout?

17/08/16

2



AboutNuageNetworks-SDN§  NuageisaEuropeanstartupwithofficesintheSiliconeValley

§  AnNokiabackedventurefocusedondatacenterandbranchofficenetworkevolu\onfortheSo]wareDefinedCloudCompu\ngWorld

§  Crea\onofanAbstrac\on&Automa\onlayerbetweennetworkingdecouplingHardware

§  APIandPolicynetworkingdesignreflec\ngbusinessdirec\ves,notnetwork

§  Ac\veinmanydiverseNetworkingForumsandOpenSourceProjects



NuageispureSo:wareDefinedOverlayNetworkingTunnelsbetweenEndpointsprovideL2andL3services

FullydecoupledfromHW

NaturalfitforCloudandmore

Tunnels“Overlay”thePhysicalnetworkandprovideisola\on

GatewayRouters=OverlayExitpoint



CurrentnetworkingArchitecturesinOpenStack

Whatarewetryingtoaddress?

17/08/16

5



17/08/16

6

OVSExtensionvs.NuageVRS(insertedonKVMHypervisors)NeutronDatapathonCompute–SDNInser1on

GREEncapsulated

br-int

br-tun

patch-tun

patch-int

PortVLAN:10 PortVLAN:20

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

ventb

qvob

qbrc

qvbc

vnetc

qvo

gre-10.0.0.1

eth0

TAPDevice

vethpair

LinuxBridge

OpenvSwitch

ConfiguredbyNovaCompute

ConfiguredbyNeutronL2Agent

o  Tenantswillbe

separatedbyinternalassignedVLANS

o  VLANSwillbemappedegresstowardsGREtunnelswhichareuniquebytunnelID

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

tapa tapb tapc

alubr0

VXLANEncapsulated

eth0

PolicyDriven

Configura1onfromNuageVSP

OVSDatapath(supportsL2only)

NuageDatapath(supportsdistributedL2,L3,Floa\ngIP,…)

PHYPort



17/08/16

7

OVSDatapathComparetoNeutron+Nuage=SingleBridge

br-intint-br-ext

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

vnetb

qvob

qbrc

qvbc

vnetc

qvoc

TAPDevice

vethpair

LinuxBridge

OpenvSwitch

VM3TenantB

eth0

qbrd

qvbd

vnetd

PHYPort

qvod

br-ext

phy-br-ext

InternalRouterNamespace

qr-f qr-g

IP IP IP IP

IP IP

qr-fqrouter-yInternalRouterNamespace

qr-h qr-jIP IP

qr-n qrouter-z

Floa\ngIPNamespace

qfloat-x qf-nqr-m

qf-x

br-tun

int-br-tun1

int-br-tun1

FlowTableentry

FlowTableentry

DVRAGENT(EnhancedL3

Agent)

PrivateNetwork

eth1

PublicNetwork

eth0

Ext-IP

alubr0VRS

(SingleOVSbridge)

o  SingleOVSBridgeo  IsFlow-Basedo  PerformsFirewalling,

Switching,Rou\ng,NAT,…

o  ProcessesARP,DHCPLOCALLY

o  NoDedicatedNetworkNodeforo  non-DVRcase:

Rou\ng,DNAT,SNAT,DHCP

o  DVRcase:SNAT,DHCP



ComputeNodeComputeNode

ComputeNode NetworkNode

br-int

qbr..

17/08/16

8

Op\misedwith3rdPartySDNNeutronL3Datapath

VM1TenantA

VM2TenantA

A Q

B

C

qbr..

R

S

D T

br-tun

E

F

G

br-tunH

br-intJ

I

M O

dhcprouter

PN

K

br-ext L

ML2OVS/NetworkNode

VM1TenantA

VM2TenantA

A B

VM1TenantA

VM2TenantA

C D

alubr0 alubr0

VRS-GSo]wareGW

alubr0

HardwareGW

alubr0

VXLAN VXLANVXLAN

VXLAN

NuageSDN



NeutronServer

RabbitMQ

L3Agent

OVSAgent

MetadataProxy

MetadataAgent

Keepalived

OVS

dnsmasq

NetworkNode

OVSAgent

OVS

ComputeNode

RabbitMQ

MySQL

Nuage3rdPartySDNArchitectureDifferen1a1ono  NeutronrequireshighDatabasereadandwriteopera\onsandMessaging(RabbitMQ)

o  SincethereisNOseparatecontrolplane,Neutronserverhastodealwitheverycomputenodewithoutanyoffload

o  NodatabaseinquirycachesupportedfortheDatabasewhichtremendouslyincreasedDatabasereadpressure

o  SQLAlchemyDatabasetoolkitdesigninneutroncodeaddsDatabasepressureandMetadatacachinginefficiency



SDNforadiverseApplica1onWorld

ItsnotjusttheVMandOpenStackanymore,or?

17/08/16

10



Physicalservers VirtualMachines Containers PublicCloud

VSP=Policy-DrivenVirtualizedNetworkingforallEnvironments



Samepoliciesandtemplatescanbeusedacrossanyendpoint:OpenStackVMs,Containers,PaaSorPhysical

L3Service“FrontEnd”withSecurity“High”,NAT,BW=10Mbps,QoS“Silver”

L2Service“SQL”withSecurity“Medium”,nopublicaccess,QoS“Gold+”

DOCKERContainers KVMVirtualMachines Physical&Baremetals



SDNREQUIRMENTSFORcontainers§  IntegrateswithDeveloperandOpera\onsworkflows§  Supportshybridapplica\onenvironmentswithcontainers,VMs

andBMSs§  AssignIPaddressestoContainers(no-NATing)§  GranularSecurityPolicyframework§  Highperformancesolu\onthatconvergesquicklyduringpeak

containerac\va\on/deac\va\onevents



Nuage3rdPartyArchitectureHowtoimproveallofthat?

17/08/16

14



UseCases:

17/08/16

15

CloudInfrastructureFramework

FWaaS

LBaaS

(X)aaSIntegra1onFramework

HybridCloud

Connect

VPNaaS

ProgrammableDataPlane



DemoOverview1/2

17/08/16

16

§  SetupbasedonOpenStackLibertytogetherwithNuage4.0

§  NonHASetup



Demo/QnA



ThenewlyannouncedvspkandassociatedtoolsarenowavailableonGitHubandPIP:hups://github.com/nuagenetworks

NuageNetworksCommunityForums



17/08/16

19

THANKYOU

do or don't - there is no try ; consistent networking via sdn in openstack – manchester uk...

Technology