title size 30pt -...
TRANSCRIPT
BRKCDN-1006: Building Scalable OpenStack based Clouds on Cisco Architectures Ram Durairaj, Sr. Technical Leader
Murali Raju, Product Manager
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 3 Cisco Public
Agenda
Background
Technical Overview
OpenStack@Cisco
API Walk thru – Services Insertion using Quantum APIs
Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 4 Cisco Public
Acknowledgement
We would like to thank the entire Openstack@Cisco team for their support, contribution and help in creating this session, particularly,
Daneyon Hansen
Edgar Magana
Masum Hasan
and
Sumit Naiksatam
for their content/slides contributions and reviews.
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 5 Cisco Public
OpenStack: A Brief History
NASA Launches Nebula
– One of the first cloud computing platforms built by the Federal Government for the Federal Government
March 2010: Rackspace Open Sources Cloud Files software, aka Swift
May 2010: NASA open sources compute software, aka “Nova”
June 2010: OpenStack is formed
July 2010: The inaugural Design Summit
nebula.nasa.gov
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 6 Cisco Public
OpenStack Community
160 and counting
+ &
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 7 Cisco Public
OpenStack Vision
Seamless Cloud Interoperability
Public Clouds Private Clouds
Community Clouds
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 8 Cisco Public
Agenda
Background
Technical Overview
OpenStack@Cisco
API Walk thru – Services Insertion using Quantum APIs
Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 9 Cisco Public
OpenStack Introduction
A Cloud Operating System
– A collection of interrelated software components delivering capabilities to build and manage cloud infrastructure.
A global community of developers devoted to innovation and openness
Flexibility in deployment and features
Standards for broad deployment
No fear of vendor “lock-in”
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 10 Cisco Public
OpenStack Terminology
Instance- Running virtual machine
Image- Non-running virtual machine, multiple formats (AMI, OVF, etc.)
Application Programming Interface (API)- Interface for computer programs
Message Queue- Acts as a hub for passing messages between daemons
Volume- Provides persistent block storage to instances
Project- aka Tenants, provides logical separation among cloud users
Flavors- Pre-created bundles of compute resources
Fixed IP- Associated to an instance on start-up, internal only
Floating IP- Public facing IP address
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 11 Cisco Public
OpenStack Core Projects
OpenStack Compute (Nova) Software to provision virtual machines on commodity hardware at massive scale
OpenStack Object Storage (Swift) Software to reliably store billions of objects distributed across commodity hardware
OpenStack Image Service (Glance) Services for discovering, registering, and retrieving virtual machine images
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 12 Cisco Public
OpenStack Core Projects Cont..
OpenStack Dashboard (Horizon) A self-service web portal to allow administrators and users to manage OpenStack resources
OpenStack Identity (Keystone) Provides “unified authentication” across all OpenStack projects and integrates with 3rd party authentication systems
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 13 Cisco Public
OpenStack Incubation Projects
OpenStack Network Information Management (Melange) Intended to provide centralized network information management
OpenStack Network Service (Quantum) Provides “network connectivity as a service” between devices managed by other OpenStack services
Many Other Community Projects http://openstack.org/projects/
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 14 Cisco Public
OpenStack Networking Options
Flat Mode All Instances are attached to a single Linux bridge. IP’s are injected into image on launch
FlatDHCP Mode Similar to Flat Mode, but includes a DHCP server to manage instance IP’s. Instances receive an IP through a dhcpdiscover message
VLAN Network Mode (Default Mode) A VLAN, Fixed IP Subnet, and Linux bridge per tenant. Switch must support 802.1Q VLAN tagging Quantum Network Manager A peer OpenStack service providing network connectivity services
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 15 Cisco Public
OpenStack VLAN Networking Details
Libvirt-bin
Libvirt
dnsmasq
iptables
ebtables
virbr0
bridge-nf
Hypervisor
nova-network
bridge-utils
Linux Bridge 1 bridge, VLAN, Subnet per tenant
Physical Interface
--vlan_interface=
Virtual Interface
i.e. vlan 100
Virtual Port
i.e. vnet0
Instance vNIC
i.e. eth0 OpenStack
Instance
OpenStack Compute
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 16 Cisco Public
Cloud Platforms and Network APIs
Compute Service
(VMs,
Memory, Local Disk)
Storage Service
(Block,
Massive Key-value store)
User and System Admin
Basic Network Connectivity
Developer API
Servers Disks Accounts
Networking is only used for connectivity. Cloud APIs are being standardized using a very simplistic network model
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 17 Cisco Public
Quantum: Network-as-a-Service As a peer to compute and storage
Compute Service
(VMs, Memory,
Local Disk)
Storage Service
(Block, Massive
Key-value store)
Network Service
(Virtual
Networks, Services)
Rich set of Network Connectivity and Features
Developer API
Servers Disks Networks
OpenStack and Cisco’s contribution
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 18 Cisco Public
Quantum Architecture
Quantum API
Quantum Service • L2 network abstraction definition and management • Device and service attachment framework • Does NOT implement any abstractions
Quantum Plug-in API
API Extensions
Vendor/User Plug-In • Maps abstraction to implementation on physical network • Makes all decisions about *how* a network is implemented • Can provide additional features through API extensions
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 19 Cisco Public
Agenda
Background
Technical Overview
OpenStack@Cisco
API Walk thru – Services Insertion using Quantum APIs
Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 20 Cisco Public
Cisco Plugin’s for Quantum
Quantum API
Quantum Service
Quantum Plug-in API
API Extensions
Cisco Cloud Networking Plug-In
NX-OS, UCS, Cisco Network Services Manager, VXLAN, …
Cisco Infrastructure Products
Unified Fabric
Unified Computing
Unified Network Services
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 21 Cisco Public
Software Architecture
Queue (RabbitMQ)
Nova-
Scheduler
Nova-API
Nova-Network
DB MySQL)
Nova API
calls
Nova-
Compute
User VM 1
User VM 2
Compute controller (Nova)
Compute Node 1
Network controller (Quantum)
Quantum Manager
Quantum-API
Quantum-Plugin
Quantum API calls A user can interface with the Quantum directly
Or via a Quantum Client/Proxy (Quantum Manager) interfaced with Nova-Network
Request to launch a Server in Nova may result in call to Quantum to provision and connect Server to network
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 22 Cisco Public
Quantum Abstractions
Quantum provides abstractions and relevant functions and interfaces (API) for CRUD of
– Virtual Network (VN)
– Virtual port (VPT) on a VN
– Attachment of a virtual interface (VIF) of a virtual server (VM) to VPT, thus connecting the VM to the network
SW 11
VM1
WS1
OS
vNIC1
vETH1
ETH1 Hypervisor
vETH2
VM2
App
OS
vNIC2
VM42
App
OS
vNIC4
vETH3 vETH4
VM3
WS2
OS
vNIC3
VN-Red-E2
VN-Blue-E1
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 23 Cisco Public
Quantum Abstractions
Via the CRUD API a A VM can be dynamically
– Taken On or off network
– Moved from one port to another changing on-demand
• VLAN
• QoS
• Network access (for example private to public)
2
SW 11
VM1
WS1
OS
vNIC1
vETH1
ETH1 Hypervisor
vETH2
VM2
App
OS
vNIC2
VM42
App
OS
vNIC4
vETH3 vETH4
VM3
WS2
OS
vNIC3
VN-Red-E2
VN-Blue-E1
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 24 Cisco Public
Realization of Quantum Abstractions
Virtual network can be realized via (or mapped to)
– Linux Bridge
– VLAN
– Linux Bridge + VLAN
– Any network configuration via Plug-in
Virtual port mapped to
– Linux TAP/TUN
• TAP: L2 virtual port, TUN: L3 tunnel
– vETH in VM-FEX environment
2
SW 11
VM1
WS1
OS
vNIC1
vETH1
ETH1 Hypervisor
vETH2
VM2
App
OS
vNIC2
VM42
App
OS
vNIC4
vETH3 vETH4
VM3
WS2
OS
vNIC3
VN-Red-E2
VN-Blue-E1
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 25 Cisco Public
Plugin
Create Network/Port and attachment are abstract APIs
These abstractions can be mapped to multiple network technologies
Any technology or vendor specific networking features/capabilities can be interfaced/integrated via Quantum Plug-in mechanism
2
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 26 Cisco Public
OpenStack@Cisco
Turn-key OpenStack offering
Best practices and whitepapers have been developed
Cisco’s Quantum contribution available for download from OpenStack.org
Current Software Development
• Quantum L3 service for Essex release (April 2012)
• Expand Cisco-specific drivers (NX-OS, UCS, Palo)
• Stabilize OpenStack Core Projects
Cisco Intelligent Automation for Cloud integration (demo available)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 27 Cisco Public
Quantum API server
Cisco Plug-in
VIC/802.1qbh Driver NX-OS driver
UCS/VIC (Palo) NX-OS Fabric
RestFul API: CRUD operations 1. create-network 2. create-port 3. attach-port API – Cisco Extensions Port Profiles, Qos Policies
Plug-In Drivers UCSM using XML/APIs NX-OS resident Policy Agent APIs or NX-OS XML APIs ( based on availability) Use Case Driven Development Openstack-Compute refactoring
Cisco’s contribution to Quantum
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 28 Cisco Public
Per device type, e.g. UCS Inventory Nexus Inventory
Quantum Logical Abstractions
L2 Network Plugin
Nexus Plugin
Nexus Driver
Realization of logical model, generic + extensions
Mapping of logical model to underlying physical topology and
network technology; global network view
Technology-specific; acts on one device per call;
local view
Device-interaction-transport-specific;
e.g. sending NETCONF commands
UCS Plugin
UCSM Driver
Static Configuration
Discovered Configuration
Pluggable modules via configuration files *
Modules external to Quantum *
Segmentation ID Manager
VLAN Manager
L2 Device Inventory
L2 Network Model
Device-specific Drivers
Device-specific Plugins
Cisco’s contribution to Quantum
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 29 Cisco Public
Device-Driver
Device-Driver
Device drivers: XML-API based UCSM driver, and NetConf based Nexus Driver
L2-Device-Plugin L2-Device-Plugin
L2-Device Inventory L2-Device Inventory
L2-Network-Plugin
L2-Network-Model
Core & Extended API: create_network() create_port() create_portprofile() …
L2-Device Inventory
Core & Extended API: create_network() create_port() create_portprofile() …
Return: Device IP + Context
L2-Device-Plugin
Core & Extended API: create_network(device_ip, context) create_port(device_ip, context) create_portprofile(device_ip, context) … Return: Success/failure, other information relevant to that plugin
1
2
3
4 7
Device-Driver
5 6
8
Sequence of Operations
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 30 Cisco Public
Compute Chassis
Compute Blade (Half slot)
Compute Blade (Full slot)
x86 Computer x86 Computer
X
I I
MGMT
S S
BMC
X X X X X
C C
A
G G
G G
SAN
G
R
A
G
G G
G
R
G
P M P
SAN LAN
Fabric Switch
Fabric Switch
Fabric Extender Fabric Extender
Adapter Adapter Adapter
UCS 6100 Series Fabric Interconnect
UCS 5100 Series Blade Server Chassis
UCS 2100 Series Fabric Extender
UCS B-Series Blade Servers
Mezzanine Palo Adaptors M81KR
Internal Fabric
Uplink
BMC
Host visible vNIC/vHBA
Active/Standby per vNIC Active Path
Cisco’s Quantum Plug-in – UCS/VIC support
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 31 Cisco Public
Port-Profile Virtual Network port-profile type vethernet VN-1
vmware port-group
switchport mode access
switchport access vlan 15
service-policy type qos input VN-1-QoS
service-policy type qos output VN-1-QoS
no shutdown
state enabled
ip access-list ACL-1
permit ip any any
class-map type qos match-all CL-1
match access-group name ACL-1
policy-map type qos VN-1-QoS
class CL-1
set dscp cs7
VN-1 (mapped to) VLAN 15, VN-1-QoS
Cloud Provider’s DC 1
Enterprise E1 Site 1
OpenStack/ Quantum
CRUD Requests
VSM (NX-OS)
IaaS Admin
SW 11
VM1
WS1
OS
vNIC1
vETH1
ETH1 Hypervisor
vETH2
VM2
App
OS
vNIC2
VM42
App
OS
vNIC4
vETH3 vETH4
VM3
WS2
OS
vNIC3
VN-Red-E2
VN-Blue-E1
Nexus 1Kv VEM
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 32 Cisco Public
VM-FEX port-profile type vethernet VM-App-E1
vmware port-group
switchport mode access
switchport access vlan 15
service-policy type qos input E1-QoS-PL-1
service-policy type qos output E1-QoS-PL-1
no shutdown
state enabled
ip access-list E1-ACL-1
permit ip any any
class-map type qos match-all E1-QoS-1
match access-group name E1-ACL-1
policy-map type qos E1-QoS-PL-1
class E1-QoS-CL-1
set dscp cs7
Cloud Provider’s DC 1
Enterprise E1 Site 1
VM1
App
OS
N1Kv VEM
Hypervisor
VM2
App
OS
vNIC2
VM42
App
OS
vNIC4
vETH3
vETH4
OpenStack/ Quantum
IaaS Admin
VM3
App
OS
vNIC3
vETH1
vETH2
vNIC1
FI (6100)
VM-FEX instances (vNIC) and associated vETH (on Fabric Interconnect or 5K) created automatically
802.1qbh
VLAN 15 SW 11
UCSM
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 33 Cisco Public
Part 1 (Quantum Service & Network Creation)
Quantum service invokes Cisco Plugin
Cisco Plugin invokes Cisco NX-OS Driver (Sub-Plugin)
NX-OS driver creates a VLAN using the same ID that the one for UCSM
NX-OS driver sets-up the VLAN parameters
NX-OS driver sets-ups the ports associated to the UCS (Static Network Topology)
Cisco Plugin calls UCS driver to create the port, profile and makes a cluster association
Cisco’s Quantum Plugin – NX OS Driver
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 34 Cisco Public
NX-OS driver maps the QoS configuration between the UCS and NX-OS.
NX-OS dirver configures the QoS parameters for the VLAN associated. (VLAN Level)
Part 2 (Nova Compute spawns VM)
Nova compute creates Palo-specific libvirt configuration for VM by invoking appropriate Quantum Client APIs
VM is spawned
VM has connectivity on the network created earlier
Cisco’s Quantum Plugin – NX OS Driver
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 35 Cisco Public
POST /networks.json Create virtual network (json indicates body will be in JSON) In body: "network": "name”: ”…." Returns <network id>
POST /networks/<network id>/ports.json Create a virtual port on specified network (<network id> Returns <port id>
PUT /networks/<network id>/ports/<port id>/attachment.json
Attaches the VIF (of VM) to specified network and port
GET /tenants/tenant-id/networks List all networks of a tenant
GET /tenants/tenant-id/networks/detail
GET /tenants/tenant-id/networks/network-id
GET /tenants/tenant-id/networks/network-id/detail
PUT /tenants/tenant-id/networks/network-id Rename a network In body: "network”: "name": ”….”
DELETE /tenants/tenant-id/networks/network-id
Similarly for “port “and “attachment”
For Further Reference: http://docs.openstack.org/api/openstack-network/1.0/content/index.html
Quantum L2 API
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 36 Cisco Public
Quantum & L3
Quantum today
Only L2; Nova currently handles some L3 constructs but this is not desirable
What do we need?
Extend Quantum to support L3 constructs in addition to available L2 constructs
Introduce Subnets and abstracted Routing constructs
Why?
Enable: Intra-tenant routing (multi-tier topologies), Public-Private, Private-Public, VPN, L3 Services (Load-balancer, Firewall, Caching, etc.), Hybrid Cloud, Network Containers
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 37 Cisco Public
The Big Picture
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 38 Cisco Public
Tenant VM
SP resources created for tenant
Project/Tenant
SP managed infrastructure
Public Network
SP-Local Network
Tenant owned network resources
Tenant VM Tenant VM
Plug
Create
Create
Internet Gateway Other Services
Tenant resources
Tenant VM ID, IP Addr
L2 Network L2 Network L2 Network L3 Subnet L3 Subnet L3 Subnet
Create Routes
Route-table
Map
“VPN” (Target) “VPN” (Target) VPN Gateway
VPN VPN VPN
Target Associate Targets
Target Entities
Legend: New resources
proposed for the L3 model in Quantum
Quantum L3 (tenant) Model ( Proposed)
Note: This is proposed and Under active discussions in Openstack community. Model and APIs are subject to change
3rd Party Resources
VM ID, IP Addr
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 39 Cisco Public
Quantum L3 : Usecase 1 (one Private Subnet)
Note: This is proposed and Under active discussions in Openstack community. Model and APIs are subject to change
Private Subnet
(ID: Subnet-A)
10.0.0.0/24
Application 10.0.0.5
Application 10.0.0.8
Source Destination Target
Subnet-A 0.0.0.0 “My VPN Gateway”*
*Refers to the ID of a target resource created by the tenant with the following call:
create_target(tenantID, name=“My VPN Gateway”, type_id=“VPN 1”,
protocol=“IPSec”, version=“1”)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 40 Cisco Public
Quantum L3 : Usecase 2 (Public/Private Subnets)
Public Subnet
(ID: Subnet-A) 10.0.0.0/24
Web Server 10.0.0.5
198.51.100.1 (FIP)
Web Server 10.0.0.8
198.51.100.4 (FIP)
Private Subnet
(ID: Subnet-B) 10.0.1.0/24
DB Server 10.0.1.5
DB Server 10.0.1.6
Source Destination Target
Subnet-A 10.0.1.0/24 Subnet-B
Subnet-B 10.0.0.0/24 Subnet-A
Subnet-A 0.0.0.0 “My Internet Gateway”
Subnet-B 0.0.0.0 “My VPN Gateway”
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 41 Cisco Public
Quantum L3 : Usecase 3 (Public/2 Private Subnets)
Public Subnet
(ID: Subnet-A) 10.0.10.0/24
Web Server 10.0.10.2
198.51.100.1 (FIP)
Web Server 10.0.10.3
198.51.100.4 (FIP)
Private Subnet
(ID: Subnet-B) 10.0.20.0/24
App Server 10.0.20.2
App Server 10.0.20.3
Private Subnet
(ID: Subnet-C) 10.0.30.0/24
DB Server 10.0.30.2
DB Server 10.0.30.3
Source Destination Target
Subnet-A 10.0.20.0/24 Subnet-B
Subnet-B 10.0.30.0/24 Subnet-C
Subnet-A 0.0.0.0 “My Internet Gateway”*
*Refers to the ID of a target resource created by the tenant with the following call:
create_target(tenantID, name=“My Internet Gateway”, type_id=“Public”)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 42 Cisco Public
Agenda
Background
Technical Overview
OpenStack@Cisco – Quantum
API Walk thru – Services Insertion using Quantum APIs
Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 43 Cisco Public
Network Services Insertion
“It defines the way services will be inserted in the network, and the necessary configuration steps to maintain them up and running along all possible changes on the customers cloud infrastructure”
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 44 Cisco Public
Network Services Types 1. Single Side Services: Just require one service instance to provide the
service and they are mostly deployed at the application server side of the network
2. Symmetric Services: Require one server instance running at each side of the edge routers of the network, one for the client side and one for the server application
Network Services Insertion Modes Gateway
Service / Service Clusters
Server
Out-of- Path Insertion (Redirection)
Gateway Service
Server
In-Path Insertion
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 45 Cisco Public
Network Services Insertion Model
1. Network Templates – Orchestration
Building the entire network and all the required components based on templates designed for certain services or a combination of them.
2. On Demand – As Dynamic Virtual Machines (VMs)
Network services are provided on-demand by Cloud Service Providers and Third party entities through Network APIs (Quantum)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 46 Cisco Public
Network Services Insertion - On Demand Model
1. Cloud Service Providers (CSPs) deploy and administrate services
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 47 Cisco Public
Network Services Insertion - On Demand Model
2. Tenants deploy and administrate services
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 48 Cisco Public
Network Services Insertion - On Demand Model
3. Cloud Service Providers deploy and maintain services but tenants administrate their functionality
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 49 Cisco Public
Use Case 1: Single In-Path Service Insertion create_network (tenant_id, net_name) network-X create_network (tenant_id, net_name) network-Y create_multiport (net_id, number_ports, tenant_id) Firewall euca-run-instances (Firewall) euca-run-instances (Tenant VMs) plug_iface (tenent_id, net_id, port_id) From FW to Net-X plug_iface (tenent_id, net_id, port_id) From FW to Net-Y plug_iface (tenent_id, net_id, port_id) From Net-Y to VMs plug_iface (tenent_id, net_id, port_id) From Net-X to GW
Creates the new networks and necessary ports
Instantiate both services from VM images
Re-connects Network X and V as well as the new services
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 50 Cisco Public
Use Case 2: Multiple In-Path Services Insertion
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 51 Cisco Public
create_network (net_name, tenant_id) network-G create_network (net_name, tenant_id) network-F create_multiport (net_id, number_ports, tenant_id) Firewall create_multiport (net_id, number_ports, tenant_id) Wan Opt unplug_iface (tenent_id, net_id, port_id) network-X unplug_iface (tenent_id, net_id, port_id) network-V euca-run-instances (Firewall) euca-run-instances (Wan Opt)
Use Case 2: Multiple In-Path Services Insertion
Creates the new networks and necessary ports
Unplugging interfaces between the GW and Network X and V
Instantiate both services from VM images
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 52 Cisco Public
plug_iface (tenent_id, net_id, port_id) From Net-V to FW plug_iface (tenent_id, net_id, port_id) From Net-F to FW plug_iface (tenent_id, net_id, port_id) From Net-G to FW plug_iface (tenent_id, net_id, port_id) From Net-X to Web Opt plug_iface (tenent_id, net_id, port_id) From Wan Opt to Net-F plug_iface (tenent_id, net_id, port_id) From Net-G to GW Management Best Practices: create_network (net_name, tenant_id) management-network create_multiport (net_id, number_ports, tenant_id)
plug_iface (tenent_id, net_id, port_id) Firewall plug_iface (tenent_id, net_id, port_id) Web Opt
Use Case 2: Multiple In-Path Services Insertion
Re-connects Network X and V as well as the new services
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 53 Cisco Public
Services Insertion Utility
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 54 Cisco Public
Service Insertion Utility
insert_inpath_service <tenant_id> <service_image_id> <management_net_name> <northbound_net_name> <southbound_net_name> delete_service <tenant_id> <service_instance_id> connect_vm <tenant_id> <vm_image_id> <service_instance_id> disconnect_vm <vm_instance_id> Reference: https://github.com/openstack/quantum/blob/master/quantum/plugins/cisco/services/README
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 56 Cisco Public
Complete Your Online Session Evaluation Give us your feedback and you
could win fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit www.ciscolive.com.
56
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 57 Cisco Public
Final Thoughts
Get hands-on experience with the Walk-in Labs located in World of Solutions, booth 1042
Come see demos of many key solutions and products in the main Cisco booth 2924
Visit www.ciscoLive365.com after the event for updated PDFs, on-demand session videos, networking, and more!
Follow Cisco Live! using social media: – Facebook: https://www.facebook.com/ciscoliveus
– Twitter: https://twitter.com/#!/CiscoLive
– LinkedIn Group: http://linkd.in/CiscoLI
57
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 60 Cisco Public
Keystone
OpenStack Authentication Architecture
Nova
Swift object-api
nova-api (EC2, OS, Admin)
Glance
glance-api
Service & Admin API’s
OpenStack
Service Backends (KVS, SQL, PAM, Templated)
identity token Catalog Policy
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 61 Cisco Public
OpenStack Image Service Architecture
Nova
Swift object-api
nova-api (EC2, OS, Admin)
Glance Glance API Server (glace-api)
OpenStack
Registry Server
S3 Store
Store Adapter
Swift Store Filesystem Store HTTP Store
SQL
Keystone
Service API
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 62 Cisco Public
OpenStack Compute Architecture
Nova
nova-api (EC2, OS, Admin)
OpenStack
Users
Computer Programs
Message Queue (RabbitMQ)
Scheduler (nova-scheduler)
Compute Worker(s) (nova-compute)
Network Controller(s) (nova-network)
Volume Worker(s) (nova-volume)
Data Store
Glance Swift
object-api
Keystone
Service API glance-api glance-api
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 63 Cisco Public
OpenStack Software Architecture
Other OpenStack Projects
Nova
Swift
object-api
Glance
glance-api
project-api
nova-api (EC2, OS, Admin)
OpenStack
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 64 Cisco Public
OpenStack Software Architecture
Other OpenStack Projects
Nova
Swift
object-api
Glance
glance-api
project-api
OpenStack
nova-api (EC2, OS, Admin)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKCDN-1006 65 Cisco Public
OpenStack Software Architecture
Other OpenStack Projects
Nova
Swift
object-api
Glance
glance-api
project-api
OpenStack
nova-api (EC2, OS, Admin)