Upload File

Download - Network Service Delivery in OpenStack

Transcript
Page 1: Network Service Delivery in OpenStack

SimplifyingL3-L7NetworkServicesdeploymentinOpenStackThispaperdescribeshowtheOneConvergenceNetworkServicesDelivery(NSD)platformofferOpenStackCloudoperatorsahighlydifferentiatedNetworkServicesautomationsolutionthatsupportsabroadspectrumofL4-7serviceswhilemaximizinginfrastructureefficiencyandeaseofuse.EnterprisesandServiceProvidersarelookingtouseOpenStackastheircloudinfrastructureplatformfortheirmanagedservicesoffering.Whiletheplatformisfairlygoodtoprovideself-serviceandmulti-tenancyforcompute,storageandnetworking,manyofthesedeploymentsstillfacechallengeinprovisioningandautomatingthedeploymentofL3-L7networkservices.Thoughtherearesomerecentimprovementsinthisarea,thereisstillalargedifferencebetweentheexpectationoftheoperatorstowhatexistsinOpenStack.TheOneConvergenceNetworkServiceDelivery(NSD)platformdeliversnextgenerationtechnologiestoaddressthedemandsoftheOpenStackcloudoperatorsbyprovidinginnovationsinautomationandorchestrationofrichnetworkservicesoperatingatscaleandreliability.

Network Service Delivery in OpenStack

Page 2: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

ChallengesinNetworkServicesDeployment Thedeploymentandoperationofnetworkservicesinacomprehensive,flexible,andintegratedmannerstillremainsoneofthebiggestchallenges.ThisisanissuewithmostOpenStackbasedsolutionsingeneralonaccountofthefollowingreasons:

ComplexityofdeployingL4-L7servicesAutomatingnetworkingandnetworkservicesforenduserisdifficult.TheautomationmodelinbaseOpenStackdoesnotaddresstheissuescompletely.ProvisioningandautomatingheterogeneoussetofnetworkservicesThechallengetooperateheterogeneousnetworkservicesinOpenStackismultifold.Itrangesfromsupportformulti-vendorservicesormultipletypeofservices(TAP,L2andL3)orsupportforopensourceservicesinconjunctionwithcommercialservices.LifecyclemanagementofnetworkservicesLifecyclemanagementfornetworkservicesinOpenStackisalmostnon-existent.CompositionofnetworkservicesOpenStackhaslimitedsupportforrichcompositionofnetworkserviceviaservicechaining.VisibilityfornetworkservicesandapplicationstheyfrontVisibilityfornetworkservicesandthroughthatvisibilityforapplicationsandnetworkstheyfrontenddoesnotexistinOpenStack.

Page 3: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

HowOneConvergenceaddressesthenetworkservicechallengesTheOneConvergenceNetworkServiceDeliverycontrollercomprehensivelyaddressesthenetworkserviceschallenges,particularlythesimplicityofthedeploymentandmanageability,facedbyOpenStackcloudoperatorsOneConvergenceNetworkServiceDeliverycontroller(NSD)

• AutomatingL3-L7networkservicedeployment• Provisioningandoperatingheterogeneoussetofnetworkservices

o Opensourceo Commercial

• Lifecyclemanagementofnetworkservices• Visibilityandoperationalinterfaceofthenetworkservices

FlexibleOpenStackdeploymentoptionsusing,

• GroupBasedPolicy,and/or,• NeutronML2Pluginand*aaSAPIs

SolutionComponentsThejointsolutionfromCiscoandOneConvergenceaddressthenetworkservices’challengesbyusingthefollowingnextgenerationtechnologies

OneConvergenceNSDOneConvergenceNetworkServiceDeliveryController(NSD)bringstheprogrammabilityofSDNtoNetworkingL3-7.ItnotonlyincreasesoperatingefficiencyforthecloudoperatorssignificantlybutalsooffersnewrevenuemodelsbyenablingrichL3-L7servicesinaself-servicemodelfortheenduser.NSDenablescompleteautomationofL3-L7servicesforthecloudviacommunitydrivenopenarchitecturepolicymodel.NSD’suniquearchitecturenotonlyenablesittoworkwithvariousheterogeneousnetworkservicesbutalsoworkwithmultiplenetworkfabricsandcloudmanagementsystems.NSDprovidesconfiguration,lifecyclemanagementandhighavailabilityofbothopensourceandleadingvendor’snetworkservicessuchasLoadbalancer,Firewall,VPN,IntrusionDetectionSystems(IDS),andWebApplicationFirewall(WAF).

GroupBasedPolicy(GBP)OpenStackGBPisacommunitydrivenintent-basedpolicymodelandimplementationprojectinwhich,both,CiscoandOneConvergenceareactivecontributors.Thepolicymodelallowsfordeclarativedefinitionofapplication,networkandnetworkservices

Page 4: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

intent.ApartfromtheL2/L3networkingmodelandfunctionality,italsoprovidesthefollowingrichfunctionalityfornetworkservices:

ServiceagnosticInsertion,ChainingandCompositionmodel:TheGBPmodelallowsforrepresentationofanytypeofNetworkServicetobeinsertedandchainedprovidingarichpolicy-driveninterfaceforservicescomposition.ServiceagnosticPluggableArchitecture:TheGBParchitecturesupportsaPluginandDriver-baseddesignwithawell-definedsouth-boundinterfacethatdecouplestheservicedefinitionfromtheservicerealization.ThisprovidesanextensiblemechanismtodeliveranynewnetworkservicebeyondthosedefinedbyOpenStack’scurrent*aaSdefinitions.ServiceagnosticLifecycleManagementframework:TheGBParchitecturealsosupportsagenericServiceLifecycleManagementcomponentthatenablesintegrationofservicevendororchestrationsolutions.PropagationofPolicyandNetworkContext:OneofthekeyaspectsofGBPisthatitprovidesaframeworkforhighlevelofautomationbyderivingnetworkparametersfromthedefinitionofintent.Asnetworkservicesareinstantiated,therelevantnetworkparametersarederivedandpassedtothenetworkserviceimplementation.

OpenStackNeutronNeutronisanOpenStackprojecttoprovide"networkingasaservice"betweeninterfacedevices(e.g.,vNICs)managedbyotherOpenstackservices(e.g.,nova).ItprovidesanAPIforuserstodefinenetworksandtheattachmentsintothemandhasapluggablearchitecturethatsupportsmanypopularnetworkingvendorsandtechnologies.

Page 5: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

WhatNSDprovidesCompleteautomationofalllayers(L3-L7)ofnetworking

TheNSDarchitectureenablesL3-L7servicestobequicklyintegratedandautomatedinOpenStack.

• ThedriversforNSDandOpenStackNeutronareincludedaspartoftheOpenStackGBPpackagemakingitveryquicktodeploythenetworkingfunctionalityofOpenStack.ThisallowsthenetworkinglayertobedrivenviatheGBPRESTAPIs.

• NSDoutofthebox,includessupportforOpenStackadvancedservicesforvariousopensourceandcommercialservicesandtheirrespectiveserviceprofiles.Asapplicationsaredeployedthenetworkparametersforthenetworkservicesfront-endingtheapplicationsareautomaticallyderivedfromtheapplicationsandprovisionedbyNSD.ThismakestheinitialprovisioningandsetupofL3-L7networkservicesextremelyeasy.

• NSDadaptstothechangesintheapplication,suchastheadditionordeletionofserversinapplicationgroupresultinginallthenetworkservicestobeautomaticallyprovisionedwiththeparametersderivedfromthechanges.Thisrelievestheoperatorandtheenduserfromprovisioningthenetworksforvariousapplicationchanges,thusallowingforcompletelightsoutautomation.

SimplicityforenduserstodeploytheirapplicationssecurelyandoptimallyWhiletheself-servicecloudallowsenduserstheflexibilitytomanagetheinfrastructurewithoutdependingontheinfrastructureadmins,italsomeansthatthecomplexityofnetworkingandnetworkservicesistransferredtothem.Theendusersaretypicallyapplicationfocusedandlessknowledgeableorinvolvedintheseaspects.GBPpolicymodelallowsforseparationoftheseskilllevelsbyallowingenduserstospecifytheirapplicationrelatedpolicies

Page 6: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

whichcanthenbeoverlaidwiththeinfrastructurepoliciesspecifiedbythecloudoperator.ThepoliciesarethenrenderedbyOpenStackGBPservice,NSDcontrollertoconfigureallthelayersofnetworkingwithintheconstraintssetbytheend-user&cloudoperatorpolicies.Furtherthesystemadaptstoruntimechanges,thusautomatingthenetworkingcompletely.ThisholisticapproachprovidesagreatdealofsimplificationtooperationswhichtranslatestoasignificantreductioninOPEX.Richdifferentiatedserviceoffering

Enterprisestraditionallydeployedcomplexsetofnetworkservicesforenterpriseapplicationstoprovidesecurity,assuranceandscale.Thesenetworkservicedevicesarestaticallychainedtoprovideacomprehensiveservicetoapplications.Asenterprisesstartedtomovetothecloudinfrastructuretheoperatorsandusersexpectsimilarrichnesscombinedwiththeflexibilityandprogrammabilityofthecloud.NSDprovidesacomprehensivesetoffeaturesthatarenotavailableotherwiseinOpenStack.

Multi-vendornetworkservicesNSDprovidestheabilitytoconfigure,deployandoperatenetworkservicesfrommultiplevendorsoutofbox.Itprovidesacommonframeworktooperatethedeviceswhileensuringtheavailabilityofdevicespecificfeatures.Further,theNSDarchitectureenablesrelativeeaseofinsertionofanewdeviceintoitsframework.

Open-sourcenetworkservicesNSDnotonlyprovidesopen-sourcenetworkservicesbutalsoextendsthembyprovidingassurance,scaleandimagemanagement.

Page 7: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

L4-L7lifecyclemanagement

NSDprovidescomprehensivesetoflifecyclemanagementfunctionsfornetworkservicesthatinclude–

NetworkservicemanagementNSDprovidestheservicemanagementframeworktocreate,deleteandlistnetworkservices.Theframeworkabstractsthecloudresourceswithapluginmodeltoincorporatenewtypeseasily.

ImageandupgrademanagementNSDenhanceswhatthecloudmanagementsystemsuchasOpenStackprovidesbyassociatingcloudresourcessuchasCPU,Memoryandstorage,versioningofimagesandsupportingupgradefornewerversions.

NetworkserviceassuranceOneofthekeyaspectsofNSDistosupporthighavailabilityforthenetworkservicesthatincludesactive-active,active-passiveorN+1modes.

LicensemanagementNSDsupportsandenhanceslicensemanagementforvariouscommercialnetworkservicesitsupports.Thefunctionalityincludesallocating, releasingandmanagingthelicensesacrossvarioustenants.

Page 8: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

ConfigurationmanagementTheabilitytomanageconfigurationofnetworkservicesisaveryimportantaspectoflifecyclemanagement.WhileNSDsupportsthestandard*aaSAPIprovidedbyOpenStack,italsoprovidessupportforvendorspecificfeaturestobeconfiguredviatheservicemanagementframework.

InstancemanagementThisincludesprovidinginstancemanagementcapabilitiessuchasplacement,migration,supportforcloudresourcechangesandprovidingoperationalview.

Flexibledeploymentmodel

Thoughmostenterprisecloudoperatorsliketheflexibility,simplicityandtherichfeaturesofthepolicydrivenmodel,someoperatorswouldliketostartwithbaseneutronbeforetheymovetopolicydrivenmodel.Thesolutionsupportsflexibledeploymentmodetohavepolicyonlydrivenmodel,neutrononlyorboth.Thisgivesabilityfortheoperatorstochooseanycombinationduringdeployment.

Page 9: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

Networkservicesoperationalvisibilityandanalytics

NSDprovidesarichoperationalmodelfornetworkservicesbygatheringstatisticsandlogsfromtheseservices.Thesenotonlyprovideinsightsintotheoperations,healthandperformancecharacteristicsofnetworkservices,butalsotheapplicationstheyfront.Thiswillnotonlyprovidevisibilityintotheentire(L2-L7)networkingstackbutalsotheapplicationsthattheyfrontend.ValuePropositionTheintegratedsolutionprovidesthefollowingbenefits

• Completeautomationofalllayers(L2-L7)ofnetworking.o Adaptabilitytochangingconditions

• Scaleandefficiencyrequiredbylargedatacenterso Fullydistributed,scalablevirtualnetworkingsolutionforOpenStack(L2,L3,

DHCP,metadata)• Physical+virtualsolution

o Combinesbaremetalandvirtualresourcesseamlessly• Simplicityforenduserapplicationdeployment

o Policydrivennetworking• Richdifferentiatedserviceoffering

o Multi-vendornetworkserviceso Open-sourcenetworkserviceso SupportforTap,transparentL-2,&L-3o Servicechains

• L4-L7LifecycleManagement

Page 10: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

o Serviceassurance/highavailabilityo Uniform/commonmodelfororchestrating/configuringnetworkserviceso SeamlesssupportforVMsandcontainers

• Flexibledeploymentmodelo Group-BasedPolicy(GBP)o NeutronML2Pluginand*aaSAPIs

• Advancedoperationalvisibilityandanalyticso Networkservices

UseCases

UseCases Description

ManagedServiceProvider

ManagedServiceProviders(MSPs)enabledtoofferenterprisegradeIaaSplatformwiththeavailabilityofthefollowingfunctionality–

• Completeautomationofalllayersofnetworking• Operatecloudnetworkingatscale• Richsetofnetworkservicesprovidedtothetenants• Newrevenuemodelsbyofferingflexibleanddynamic

networkservices

EnterpriseIT

ThesolutionoffersthefollowingfunctionalityforEnterpriseIToperators,providingcloudinfrastructureforapplicationownersinvariousbusinessgroups–

• Flexibilityandagilityindeployingvirtualnetworkservices• Simplicityofdefinitionviaintentpolicyfortheapplication

owners• Assuranceofnetworksandnetworkservices• Bestofbreednetworkservicesandavailabilityofvendor

specificfeatures

ManagedCloudNetworkServices

Cloudoperatorscannowcomposerichnetworkservicesandofferthemasacloudservice.Newbusinessmodelstosupport“bringyourowndevice”(BYOD)viadynamicinsertionofcustomerprovidednetworkservicesoverthebasesetprovidedbycloudoperators.

ApplicationvisibilityasaService

Operationalvisibilityandanalyticsprovidedacrossalllayersofnetworkingcanbeofferedasaservicetotenants.Thisnotonlyallowsforcustomerspecificvisibilityintonetworksandnetworkservicesbutalsointothecustomerapplications.

ForMoreInformationhttps://wiki.openstack.org/wiki/GroupBasedPolicyhttp://www.oneconvergence.com/network-service-delivery.html


Top Related

OpenStack Quantum Network Service
OpenStack Quantum Network Service
Network Service in OpenStack Cloud, by Yaohui Jin
Network Service in OpenStack Cloud, by Yaohui Jin
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdf
Research Article EmuStack: An OpenStack-Based DTN Network
Research Article EmuStack: An OpenStack-Based DTN Network
OpenStack Network Design using Cisco Solutionsd2zmdbbm9feqrf.cloudfront.net/2016/anz/pdf/BRKDCT-2445.pdf · OpenStack Network Design using Cisco Solutions ... • OpenStack and OpenDaylight
OpenStack Network Design using Cisco Solutionsd2zmdbbm9feqrf.cloudfront.net/2016/anz/pdf/BRKDCT-2445.pdf · OpenStack Network Design using Cisco Solutions ... • OpenStack and OpenDaylight
OpenStack Network Planning
OpenStack Network Planning
Accelerating the Software Delivery Pipelinewith Mirantis OpenStack
Accelerating the Software Delivery Pipelinewith Mirantis OpenStack
VMware + OpenStack · VMware’s OpenStack Initiative Contribute to OpenStack •Integrate VMware compute, network, storage SW with OpenStack. •Make OpenStack better, helping customers
VMware + OpenStack · VMware’s OpenStack Initiative Contribute to OpenStack •Integrate VMware compute, network, storage SW with OpenStack. •Make OpenStack better, helping customers