do or don't - there is no try; consistent networking via sdn in openstack by andreas roeder and...

21
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION © 2016 Nokia. All rights reserved. Nuage Networks is a Nokia venture. Do or don't - there is no try ; consistent networking via SDN in OpenStack Andreas Roeder – Nuage; Christoph Torlinsky - Nuage [email protected] ; [email protected] March 17, 2016 @roeder_andreas

Upload: nuage-networks

Post on 16-Apr-2017

1.356 views

Category:

Technology


0 download

TRANSCRIPT

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

Door don't - there is no try ;consistentnetworking viaSDNinOpenStackAndreasRoeder– Nuage;Christoph Torlinsky - [email protected] ;[email protected],2016

@roeder_andreas

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

IntroductionWhatisallofthisabout?

3/21/16

2

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

AboutNuage Networks§ Nuage isastartupwithHQinSiliconValleyandofficesaround theworld

§ AnNokiabackedventurefocusedondatacenterandbranchofficenetworkevolution

fortheSoftwareDefinedCloudComputingWorld

§ CreationofanAbstraction&Automation layerbetweennetworking decouplingHardware

§ APIandPolicynetworkingdesign reflectingbusinessdirectives,notnetwork

§ ActiveinmanydiverseNetworkingForumsandOpenSourceProjects

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

CurrentstateofnetworkinginOpenStack

Whatarewetryingtoaddress?

3/21/16

4

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/21/16

5

OVSPluginvs.NuageVRS(insertedonKVMHypervisors)NeutronDatapath onCompute– SDNInsertion

GREEncapsulated

br-int

br-tun

patch-tun

patch-int

PortVLAN:10 PortVLAN:20

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

ventb

qvob

qbrc

qvbc

vnetc

qvo

gre-10.0.0.1

eth0

TAPDevice

veth pair

LinuxBridge

Open vSwitch

ConfiguredbyNovaCompute

ConfiguredbyNeutronL2Agent

o TenantswillbeseparatedbyinternalassignedVLANS

o VLANS will bemappedegresstowardsGREtunnelswhichareuniquebytunnelID

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

tapa tapb tapc

alubr0

VXLANEncapsulated

eth0

Policy DrivenConfigurationfrom

Nuage VSP

OVSDatapath(supportsL2only)

NuageDatapath(supportsdistributedL2,L3,FloatingIP,…)

PHYPort

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/21/16

6

DatapathDifferentiationtoNeutronwithNuage

br-intint-br-ext

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

vnetb

qvob

qbrc

qvbc

vnetc

qvoc

TAPDevice

veth pair

LinuxBridge

Open vSwitch

VM3TenantB

eth0

qbrd

qvbd

vnetdPHYPort

qvod

br-ext

phy-br-ext

InternalRouterNamespace

qr-f qr-g

IP IP IP IP

IP IP

qr-fqrouter-yInternalRouterNamespace

qr-h qr-jIP IP

qr-n qrouter-z

FloatingIPNamespace

qfloat-x qf-nqr-m

qf-x

br-tun

int-br-tun1

int-br-tun1

FlowTableentry

FlowTableentry

DVRAGENT(Enhanced L3

Agent)

PrivateNetwork

eth1

Public Network

eth0

Ext-IP

alubr0VRS

(SingleOVSbridge)

o SingleOVSBridgeo IsFlow-Basedo PerformsFirewalling,

Switching,Routing,NAT,…

o ProcessesARP,DHCPLOCALLY

o NoDedicatedNetworkNodeforo non-DVRcase:

Routing,DNAT,SNAT,DHCP

o DVRcase: SNAT,DHCP

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

ComputeNodeComputeNode

ComputeNode NetworkNode

br-int

qbr..

3/21/16

7

NeutronL3Datapath inOpenStack

VM1TenantA

VM2TenantA

A Q

B

C

qbr..

R

S

D T

br-tun

E

F

G br-tunH

br-intJ

I

M O

dhcprouter

PN

Kbr-ext L

ML2OVS/NetworkNode

VM1TenantA

VM2TenantA

A B

VM1TenantA

VM2TenantA

C D

alubr0 alubr0

VRS-GSoftwareGW

alubr0

HardwareGW

alubr0

VXLAN VXLANVXLAN

VXLAN

NuageVSP

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

NeutronServer

RabbitMQ

L3Agent

OVSAgent

MetadataProxy

MetadataAgent

Keepalived

OVS

dnsmasq

NetworkNode

OVSAgent

OVS

ComputeNode

RabbitMQ

MySQL

Nuage ArchitectureDifferentiationo Neutron requireshighDatabasereadandwriteoperations andMessaging(RabbitMQBottlenecks)

o SincethereisNOseparatecontrolplane,Neutronserverhastodealwitheverycomputenodewithoutanyoffload

o Nodatabaseinquirycachesupported fortheDatabasewhichtremendouslyincreasedDatabasereadpressure

o SQLAlchemydesigninneutroncode addsDatabasepressure andMetadatacachinginefficiency

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

SingleSDNAPIfordiverseApplicationsItsnotjusttheVMandOpenStack anymore,isit?

3/21/16

9

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

Physicalservers VirtualMachines Containers PublicCloud

VSP=Policy-DrivenVirtualizedNetworkingforallEnvironments

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

Same policies andtemplates canbeused across anyendpoint:OpenStack VMs,Containers,PaaS or Physical

DOCKERContainers KVMVirtualMachines Physical &Baremetals

L2Service “SQL”with Security“Medium”,nopublic access,QoS “Gold+”

L3Service “FrontEnd”with Security“High”,NAT,BW=10Mbps,QoS “Silver”

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

Nuage SDNArchitectureHowwecandoallofthat?

3/21/16

12

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

VSD

API / REST / Python / GO…

VSDVSD

VSC VSCBGP

XMPP

ESXi KVMVRS VRS

BM

VTEP

DCI

Hyper-VVRS

XENVRS

XLC / Docker

VRS

Nuage DetailedArchitecture

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

TypicalNuage Usecases§ ConvergedDatacenter(MultipleSites,MultipleCMS,

MultipleWorkloadFormfactors)onpremise/offpremise§ Microsegmentation§ Desaster recovery§ P2V/V2Vmigration§ Devops§ NGDataCenter FabricAutomation

3/21/16

14

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

UseCases:

3/21/16

15

CloudInfrastructureFramework

FWaaS

LBaaS

(X)aaSIntegrationFramework

HybridCloudConnect

VPNaaS

ProgrammableDataPlane

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

DemoOverview1/2

3/21/16

16

§ SetupbasedonRedHat OSP6togetherwithNuage 3.2R4

§ NonHASetup

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

DemoOverview2/2§ SetupbasedonCentoswithdocker:1.8.2-7.el7.centos

3/21/16

17

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

Demo/QnA

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

Thevspk and associated tools are available onGitHub andPyPI: https://github.com/nuagenetworks

Nuage NetworksCommunityandForums

+

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/21/16

20

https://www.openstack.org/summit/austin-2016/summit-schedule/

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/21/16

21

THANKYOU