Upload File

network service delivery in openstack

10
Simplifying L3-L7 Network Services deployment in OpenStack This paper describes how the One Convergence Network Services Delivery (NSD) platform offer OpenStack Cloud operators a highly differentiated Network Services automation solution that supports a broad spectrum of L4-7 services while maximizing infrastructure efficiency and ease of use. Enterprises and Service Providers are looking to use OpenStack as their cloud infrastructure platform for their managed services offering. While the platform is fairly good to provide self- service and multi-tenancy for compute, storage and networking, many of these deployments still face challenge in provisioning and automating the deployment of L3-L7 network services. Though there are some recent improvements in this area, there is still a large difference between the expectation of the operators to what exists in OpenStack. The One Convergence Network Service Delivery (NSD) platform delivers next generation technologies to address the demands of the OpenStack cloud operators by providing innovations in automation and orchestration of rich network services operating at scale and reliability. Network Service Delivery in OpenStack

Upload: truonghanh

Post on 13-Feb-2017

217 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Network Service Delivery in OpenStack

SimplifyingL3-L7NetworkServicesdeploymentinOpenStackThispaperdescribeshowtheOneConvergenceNetworkServicesDelivery(NSD)platformofferOpenStackCloudoperatorsahighlydifferentiatedNetworkServicesautomationsolutionthatsupportsabroadspectrumofL4-7serviceswhilemaximizinginfrastructureefficiencyandeaseofuse.EnterprisesandServiceProvidersarelookingtouseOpenStackastheircloudinfrastructureplatformfortheirmanagedservicesoffering.Whiletheplatformisfairlygoodtoprovideself-serviceandmulti-tenancyforcompute,storageandnetworking,manyofthesedeploymentsstillfacechallengeinprovisioningandautomatingthedeploymentofL3-L7networkservices.Thoughtherearesomerecentimprovementsinthisarea,thereisstillalargedifferencebetweentheexpectationoftheoperatorstowhatexistsinOpenStack.TheOneConvergenceNetworkServiceDelivery(NSD)platformdeliversnextgenerationtechnologiestoaddressthedemandsoftheOpenStackcloudoperatorsbyprovidinginnovationsinautomationandorchestrationofrichnetworkservicesoperatingatscaleandreliability.

Network Service Delivery in OpenStack

Page 2: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

ChallengesinNetworkServicesDeployment Thedeploymentandoperationofnetworkservicesinacomprehensive,flexible,andintegratedmannerstillremainsoneofthebiggestchallenges.ThisisanissuewithmostOpenStackbasedsolutionsingeneralonaccountofthefollowingreasons:

ComplexityofdeployingL4-L7servicesAutomatingnetworkingandnetworkservicesforenduserisdifficult.TheautomationmodelinbaseOpenStackdoesnotaddresstheissuescompletely.ProvisioningandautomatingheterogeneoussetofnetworkservicesThechallengetooperateheterogeneousnetworkservicesinOpenStackismultifold.Itrangesfromsupportformulti-vendorservicesormultipletypeofservices(TAP,L2andL3)orsupportforopensourceservicesinconjunctionwithcommercialservices.LifecyclemanagementofnetworkservicesLifecyclemanagementfornetworkservicesinOpenStackisalmostnon-existent.CompositionofnetworkservicesOpenStackhaslimitedsupportforrichcompositionofnetworkserviceviaservicechaining.VisibilityfornetworkservicesandapplicationstheyfrontVisibilityfornetworkservicesandthroughthatvisibilityforapplicationsandnetworkstheyfrontenddoesnotexistinOpenStack.

Page 3: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

HowOneConvergenceaddressesthenetworkservicechallengesTheOneConvergenceNetworkServiceDeliverycontrollercomprehensivelyaddressesthenetworkserviceschallenges,particularlythesimplicityofthedeploymentandmanageability,facedbyOpenStackcloudoperatorsOneConvergenceNetworkServiceDeliverycontroller(NSD)

• AutomatingL3-L7networkservicedeployment• Provisioningandoperatingheterogeneoussetofnetworkservices

o Opensourceo Commercial

• Lifecyclemanagementofnetworkservices• Visibilityandoperationalinterfaceofthenetworkservices

FlexibleOpenStackdeploymentoptionsusing,

• GroupBasedPolicy,and/or,• NeutronML2Pluginand*aaSAPIs

SolutionComponentsThejointsolutionfromCiscoandOneConvergenceaddressthenetworkservices’challengesbyusingthefollowingnextgenerationtechnologies

OneConvergenceNSDOneConvergenceNetworkServiceDeliveryController(NSD)bringstheprogrammabilityofSDNtoNetworkingL3-7.ItnotonlyincreasesoperatingefficiencyforthecloudoperatorssignificantlybutalsooffersnewrevenuemodelsbyenablingrichL3-L7servicesinaself-servicemodelfortheenduser.NSDenablescompleteautomationofL3-L7servicesforthecloudviacommunitydrivenopenarchitecturepolicymodel.NSD’suniquearchitecturenotonlyenablesittoworkwithvariousheterogeneousnetworkservicesbutalsoworkwithmultiplenetworkfabricsandcloudmanagementsystems.NSDprovidesconfiguration,lifecyclemanagementandhighavailabilityofbothopensourceandleadingvendor’snetworkservicessuchasLoadbalancer,Firewall,VPN,IntrusionDetectionSystems(IDS),andWebApplicationFirewall(WAF).

GroupBasedPolicy(GBP)OpenStackGBPisacommunitydrivenintent-basedpolicymodelandimplementationprojectinwhich,both,CiscoandOneConvergenceareactivecontributors.Thepolicymodelallowsfordeclarativedefinitionofapplication,networkandnetworkservices

Page 4: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

intent.ApartfromtheL2/L3networkingmodelandfunctionality,italsoprovidesthefollowingrichfunctionalityfornetworkservices:

ServiceagnosticInsertion,ChainingandCompositionmodel:TheGBPmodelallowsforrepresentationofanytypeofNetworkServicetobeinsertedandchainedprovidingarichpolicy-driveninterfaceforservicescomposition.ServiceagnosticPluggableArchitecture:TheGBParchitecturesupportsaPluginandDriver-baseddesignwithawell-definedsouth-boundinterfacethatdecouplestheservicedefinitionfromtheservicerealization.ThisprovidesanextensiblemechanismtodeliveranynewnetworkservicebeyondthosedefinedbyOpenStack’scurrent*aaSdefinitions.ServiceagnosticLifecycleManagementframework:TheGBParchitecturealsosupportsagenericServiceLifecycleManagementcomponentthatenablesintegrationofservicevendororchestrationsolutions.PropagationofPolicyandNetworkContext:OneofthekeyaspectsofGBPisthatitprovidesaframeworkforhighlevelofautomationbyderivingnetworkparametersfromthedefinitionofintent.Asnetworkservicesareinstantiated,therelevantnetworkparametersarederivedandpassedtothenetworkserviceimplementation.

OpenStackNeutronNeutronisanOpenStackprojecttoprovide"networkingasaservice"betweeninterfacedevices(e.g.,vNICs)managedbyotherOpenstackservices(e.g.,nova).ItprovidesanAPIforuserstodefinenetworksandtheattachmentsintothemandhasapluggablearchitecturethatsupportsmanypopularnetworkingvendorsandtechnologies.

Page 5: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

WhatNSDprovidesCompleteautomationofalllayers(L3-L7)ofnetworking

TheNSDarchitectureenablesL3-L7servicestobequicklyintegratedandautomatedinOpenStack.

• ThedriversforNSDandOpenStackNeutronareincludedaspartoftheOpenStackGBPpackagemakingitveryquicktodeploythenetworkingfunctionalityofOpenStack.ThisallowsthenetworkinglayertobedrivenviatheGBPRESTAPIs.

• NSDoutofthebox,includessupportforOpenStackadvancedservicesforvariousopensourceandcommercialservicesandtheirrespectiveserviceprofiles.Asapplicationsaredeployedthenetworkparametersforthenetworkservicesfront-endingtheapplicationsareautomaticallyderivedfromtheapplicationsandprovisionedbyNSD.ThismakestheinitialprovisioningandsetupofL3-L7networkservicesextremelyeasy.

• NSDadaptstothechangesintheapplication,suchastheadditionordeletionofserversinapplicationgroupresultinginallthenetworkservicestobeautomaticallyprovisionedwiththeparametersderivedfromthechanges.Thisrelievestheoperatorandtheenduserfromprovisioningthenetworksforvariousapplicationchanges,thusallowingforcompletelightsoutautomation.

SimplicityforenduserstodeploytheirapplicationssecurelyandoptimallyWhiletheself-servicecloudallowsenduserstheflexibilitytomanagetheinfrastructurewithoutdependingontheinfrastructureadmins,italsomeansthatthecomplexityofnetworkingandnetworkservicesistransferredtothem.Theendusersaretypicallyapplicationfocusedandlessknowledgeableorinvolvedintheseaspects.GBPpolicymodelallowsforseparationoftheseskilllevelsbyallowingenduserstospecifytheirapplicationrelatedpolicies

Page 6: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

whichcanthenbeoverlaidwiththeinfrastructurepoliciesspecifiedbythecloudoperator.ThepoliciesarethenrenderedbyOpenStackGBPservice,NSDcontrollertoconfigureallthelayersofnetworkingwithintheconstraintssetbytheend-user&cloudoperatorpolicies.Furtherthesystemadaptstoruntimechanges,thusautomatingthenetworkingcompletely.ThisholisticapproachprovidesagreatdealofsimplificationtooperationswhichtranslatestoasignificantreductioninOPEX.Richdifferentiatedserviceoffering

Enterprisestraditionallydeployedcomplexsetofnetworkservicesforenterpriseapplicationstoprovidesecurity,assuranceandscale.Thesenetworkservicedevicesarestaticallychainedtoprovideacomprehensiveservicetoapplications.Asenterprisesstartedtomovetothecloudinfrastructuretheoperatorsandusersexpectsimilarrichnesscombinedwiththeflexibilityandprogrammabilityofthecloud.NSDprovidesacomprehensivesetoffeaturesthatarenotavailableotherwiseinOpenStack.

Multi-vendornetworkservicesNSDprovidestheabilitytoconfigure,deployandoperatenetworkservicesfrommultiplevendorsoutofbox.Itprovidesacommonframeworktooperatethedeviceswhileensuringtheavailabilityofdevicespecificfeatures.Further,theNSDarchitectureenablesrelativeeaseofinsertionofanewdeviceintoitsframework.

Open-sourcenetworkservicesNSDnotonlyprovidesopen-sourcenetworkservicesbutalsoextendsthembyprovidingassurance,scaleandimagemanagement.

Page 7: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

L4-L7lifecyclemanagement

NSDprovidescomprehensivesetoflifecyclemanagementfunctionsfornetworkservicesthatinclude–

NetworkservicemanagementNSDprovidestheservicemanagementframeworktocreate,deleteandlistnetworkservices.Theframeworkabstractsthecloudresourceswithapluginmodeltoincorporatenewtypeseasily.

ImageandupgrademanagementNSDenhanceswhatthecloudmanagementsystemsuchasOpenStackprovidesbyassociatingcloudresourcessuchasCPU,Memoryandstorage,versioningofimagesandsupportingupgradefornewerversions.

NetworkserviceassuranceOneofthekeyaspectsofNSDistosupporthighavailabilityforthenetworkservicesthatincludesactive-active,active-passiveorN+1modes.

LicensemanagementNSDsupportsandenhanceslicensemanagementforvariouscommercialnetworkservicesitsupports.Thefunctionalityincludesallocating, releasingandmanagingthelicensesacrossvarioustenants.

Page 8: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

ConfigurationmanagementTheabilitytomanageconfigurationofnetworkservicesisaveryimportantaspectoflifecyclemanagement.WhileNSDsupportsthestandard*aaSAPIprovidedbyOpenStack,italsoprovidessupportforvendorspecificfeaturestobeconfiguredviatheservicemanagementframework.

InstancemanagementThisincludesprovidinginstancemanagementcapabilitiessuchasplacement,migration,supportforcloudresourcechangesandprovidingoperationalview.

Flexibledeploymentmodel

Thoughmostenterprisecloudoperatorsliketheflexibility,simplicityandtherichfeaturesofthepolicydrivenmodel,someoperatorswouldliketostartwithbaseneutronbeforetheymovetopolicydrivenmodel.Thesolutionsupportsflexibledeploymentmodetohavepolicyonlydrivenmodel,neutrononlyorboth.Thisgivesabilityfortheoperatorstochooseanycombinationduringdeployment.

Page 9: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

Networkservicesoperationalvisibilityandanalytics

NSDprovidesarichoperationalmodelfornetworkservicesbygatheringstatisticsandlogsfromtheseservices.Thesenotonlyprovideinsightsintotheoperations,healthandperformancecharacteristicsofnetworkservices,butalsotheapplicationstheyfront.Thiswillnotonlyprovidevisibilityintotheentire(L2-L7)networkingstackbutalsotheapplicationsthattheyfrontend.ValuePropositionTheintegratedsolutionprovidesthefollowingbenefits

• Completeautomationofalllayers(L2-L7)ofnetworking.o Adaptabilitytochangingconditions

• Scaleandefficiencyrequiredbylargedatacenterso Fullydistributed,scalablevirtualnetworkingsolutionforOpenStack(L2,L3,

DHCP,metadata)• Physical+virtualsolution

o Combinesbaremetalandvirtualresourcesseamlessly• Simplicityforenduserapplicationdeployment

o Policydrivennetworking• Richdifferentiatedserviceoffering

o Multi-vendornetworkserviceso Open-sourcenetworkserviceso SupportforTap,transparentL-2,&L-3o Servicechains

• L4-L7LifecycleManagement

Page 10: Network Service Delivery in OpenStack

©2015OneConvergence.Inc.AllRightsReserved

NetworkServiceDeliveryinOpenStack

o Serviceassurance/highavailabilityo Uniform/commonmodelfororchestrating/configuringnetworkserviceso SeamlesssupportforVMsandcontainers

• Flexibledeploymentmodelo Group-BasedPolicy(GBP)o NeutronML2Pluginand*aaSAPIs

• Advancedoperationalvisibilityandanalyticso Networkservices

UseCases

UseCases Description

ManagedServiceProvider

ManagedServiceProviders(MSPs)enabledtoofferenterprisegradeIaaSplatformwiththeavailabilityofthefollowingfunctionality–

• Completeautomationofalllayersofnetworking• Operatecloudnetworkingatscale• Richsetofnetworkservicesprovidedtothetenants• Newrevenuemodelsbyofferingflexibleanddynamic

networkservices

EnterpriseIT

ThesolutionoffersthefollowingfunctionalityforEnterpriseIToperators,providingcloudinfrastructureforapplicationownersinvariousbusinessgroups–

• Flexibilityandagilityindeployingvirtualnetworkservices• Simplicityofdefinitionviaintentpolicyfortheapplication

owners• Assuranceofnetworksandnetworkservices• Bestofbreednetworkservicesandavailabilityofvendor

specificfeatures

ManagedCloudNetworkServices

Cloudoperatorscannowcomposerichnetworkservicesandofferthemasacloudservice.Newbusinessmodelstosupport“bringyourowndevice”(BYOD)viadynamicinsertionofcustomerprovidednetworkservicesoverthebasesetprovidedbycloudoperators.

ApplicationvisibilityasaService

Operationalvisibilityandanalyticsprovidedacrossalllayersofnetworkingcanbeofferedasaservicetotenants.Thisnotonlyallowsforcustomerspecificvisibilityintonetworksandnetworkservicesbutalsointothecustomerapplications.

ForMoreInformationhttps://wiki.openstack.org/wiki/GroupBasedPolicyhttp://www.oneconvergence.com/network-service-delivery.html


Quantum, network services for Openstack - CSDNevents.csdn.net/OpenStack/Salvatore Orlando-Quantum,network... · Quantum, network services for Openstack ... open source cloud computing

Using OpenStack for Telco and NFV Oriented Solutions OpenStack for Telco and... · NFV Stack Making OpenStack ... // ... Compute Network Storage Management Open

Network Visibility For Openstack Operations

Research Article EmuStack: An OpenStack-Based DTN Network

OpenStack Network-as-a-Service - Neutron

Network Virtualization Needs in OpenStack as a Solution

Network Performance study on OpenStack Cloud Computing

VMware + OpenStack · VMware’s OpenStack Initiative Contribute to OpenStack •Integrate VMware compute, network, storage SW with OpenStack. •Make OpenStack better, helping customers

Achieving Network Deployment Flexibility with Mirantis OpenStack

OpenStack Network Design using Cisco Solutionsd2zmdbbm9feqrf.cloudfront.net/2016/anz/pdf/BRKDCT-2445.pdf · OpenStack Network Design using Cisco Solutions ... • OpenStack and OpenDaylight

OpenStack Cumulus Validated Design Guide · OpenStack Network Architecture in ... Cumulus Networks makes the first Linux operating system for networking ... OPENSTACK AND CUMULUS

Integrating network virtualization security in OpenStack Deployments.pdf

Network Service in OpenStack Cloud, by Yaohui Jin

Signaling Delivery Controller Virtual Openstack ... Signaling Delivery Controller Virtual Openstack Installation, Upgrade, and Maintenance Guide [II] Proprietary and Confidential …

Hands-on Lab: Test Drive Your OpenStack Network

Mastering OpenStack - Episode 12 - Network Design

[OpenStack Days Korea 2016] Track2 - How to speed up OpenStack network with PRISM

OpenStack/Quantum SDN- based network virtulization with Ryu

OpenStack Quantum Network Service

OpenStack Network Planning

Air delivery network

Business Automation and Service Delivery Platform for Openstack based cloud providers

Network GRC Delivery

Accelerating the Software Delivery Pipelinewith Mirantis OpenStack

Automated Application Delivery with OpenStack Heat … ·  · 2016-11-21iv Automated Application Delivery with OpenStack Heat Patterns ... 6.3.3 Deploying virtual machines and install

Flotilla - events.static.linuxfound.org · and IoT applications using OpenStack. Sumanth M. Sathyanarayana T-Labs Silicon Valley Innovation Center . Public Internet ! Network!Service!Delivery!in!Enterprise!Branches!

OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship

Software Defined Networking (SDN) OpenFlow and OpenStack€¦ · Linux OpenStack Platform Management GUI Network Application Orchestration & ServicesServices OpenStack Neutron NTN

Network Services Delivery

Cloud Networking (VITMMA02) Network Virtualization ...OpenStack...OpenStack network architecture » „Networking in OpenStack is a complex, multifaceted challenge.” /OpenStack Operations

eNovance - Seamless build and delivery of OpenStack based

Next Generation Network Management from Micro Focus · Enterprise Linux, OpenStack Private Cloud, Software-defined Storage Cobol Development, Software Delivery and Testing Mainframe

Monitoring System Targeting OpenStack, Baremetal, and Network Fabric

Deploying OpenStack with Cisco Compute, Network and Storage

[2017년 5월 정기세미나] Network with OpenStack - OpenStack Summit Boston Post