Developing, Deploying, and Consuming L4-7 Network Services in an OpenStack Cloud

Hands-On Workshop, OpenStack Summit, Austinhttps://wiki.openstack.org/wiki/GroupBasedPolicy/Austin

Sumit Naiksatam, Igor Duarte Cardoso, Hemanth Ravi, Ivar Lazzaro, Jason Plank, David Grizzanti

Agenda1. Intro + Workshop logistics - Sumit, 5 mins

2. OpenStack *aaS services and SFC in Neutron and GBP - Igor, 10 mins

3. GBP Intro + Service Chain consumption workflow (tenant API) - Sumit, 20 mins

4. Service Chain deployment workflow (Operator API) - Ivar, 20 mins

5. BYOF - Service Developer workflow - Hemanth, 20 mins

6. HA for Services + Sungard Production setup tour - David, 10 mins

7. Q/A

LogisticsWorkshop Resources:

https://wiki.openstack.org/wiki/GroupBasedPolicy/Austin

Workshop Guide:

https://goo.gl/EwAJeg

Contains lab access information

Also, GBP devstack available to practice after workshop

OpenStack *aaS services and SFC in Neutron and GBP

OpenStack *aaS services and SFC in Neutron and GBP

OpenStack *aaS services and SFC in Neutron and GBP

OpenStack *aaS services and SFC in Neutron and GBP

OpenStack *aaS services and SFC in Neutron and GBP

● VPNaaS, FWaaS, LBaaS

● GBP can easily instantiate them

● GBP can also chain them

● Instantiation/configuration and chaining/plumbing are not coupled

● Other drivers or plumbers can easily be introduced

Policy Based Service Lifecycle Management

Group Based Policy Model

Resource Model

Resource Model

1-2-3 Easy!1. Define service chains using simple

commands/UI

2. Create Application Policy to redirect

to service chain

3. Groups provide & consume

Application Policy, done!

Consuming - Tenant Workflow

Workshop Goal

Web

FW+ LB

HTTPExternal-World App

LBHTTPDB

FW(3306)TCP

External Group PRS Service

ChainInternal Group V

M

Deploying - Operator Workflow

Separation of ConcernsOperators do this once: So that Users only have to do this:

Operator Workflow

Provide basic infrastructure constructs your cloud’s Tenants, so that they don’t have to worry about them.

● External Connectivity Policies

● Service Chain Policies

● Application Contracts

Operator Workflow

Provide basic infrastructure constructs your cloud’s Tenants, so that they don’t have to worry about them.

● External Connectivity Policies

● Service Chain Policies

● Application Contracts

External Connectivity● Neutron External Network

● Neutron Subnet

● External Segment

● Nat Pool

Service Chain● Network Service Policy

● Service Profile

● Service Chain Node

● Service Chain Spec

● Policy Action

● Policy Rule

Developing - Service Developer WorkflowBYOF - Bring Your Own Function!

Develop Firewall Service on a VM

fw-consumer

fw-provider

FW(allow icmp + ssh)

TCP

PRS Service Chain

Internal Group V

M

Service VMService

VMService VM

Service Lifecycle Management Framework - NFP

GBPService Chaining

Network Function

Orchestrator

Tenant (Over-the-cloud)

RPCNamespace

Proxy

Network Plugin Framework (NFP)

Infra (Under-the-Cloud)

RPC

REST

NFP Framework Features● Provides orchestration, configuration and visibility for Network Functions● Rendering of Service Chains via GBP NB APIs

○ NFP orchestrates Network Function Devices○ NFP renders Network Functions

● Network Function Management South Bound REST APIs○ Service Insertion for configuring Interfaces & Routes○ Service Configuration○ Service Health Monitoring

● Any L2, L3, L4-7 Network Function can be supported ○ BYOF! (“Bring your own Function”)

HA for Services

Sungard Availability Services● Target Market

○ 80% mid-to-large enterprise customers

● Typical Customer○ Shrink wrapped applications○ Looking for a mix of self-managed and Sungard AS managed offerings

● Platform Expectations○ Cloud Native & Traditional Networking models○ Above the hypervisor services (per tenant FW, LB, VPN)○ Service-chaining

Thank You

●

●●

●

●