1 © 2013 Cisco and/or its affiliates. All rights reserved. Srinivas Kavuri Sr. Director, Engineering Sept 21, 2013
1 © 2013 Cisco and/or its affiliates. All rights reserved.
Srinivas Kavuri Sr. Director, Engineering
Sept 21, 2013
© 2013 Cisco and/or its affiliates. All rights reserved. 2 2 © 2013 Cisco and/or its affiliates. All rights reserved.
FORWARD-LOOKING STATEMENTS
This presentation contains projections and other forward-looking statements regarding future events or the future financial performance of Cisco, including future operating results. These projections and statements are only predictions. Actual events or results may differ materially from those in the projections or other forward-looking statements. Please see Cisco’s filings with the SEC, including its most recent filings on Form 10-K and 10-Q, for a discussion of important risk factors that could cause actual events or results to differ materially from those in the projections or other forward-looking statements
3 © 2013 Cisco and/or its affiliates. All rights reserved.
Build Point Solutions Build Infrastructure Offering
Emergence of Public/Private Clouds
Business Need
Silo Silo Silo
Applications
Servers
Network
Storage
Ethernet, FC, Ip
Manual
Project-
based
Vertical
solutions
Business Need
Virtualization-
Aware Network
Auto
matio
n
Applications
IT Service
Holistic Solution
Virtualized Shared Resource Pool
Storage
Cisco UCS
Cisco Nexus
IT as a Service Model ….
© 2013 Cisco and/or its affiliates. All rights reserved. 4
PHYSICAL
WORKLOAD
VIRTUAL
WORKLOAD
CLOUD
WORKLOAD
• One app per Server
• Static
• Manual provisioning
• Many apps per Server
• Mobile
• Dynamic provisioning
• Multi-tenant per Server
• Elastic
• Automated Scaling
HYPERVISOR VDC-1 VDC-2
CONSISTENCY: Policy, Features, Security, Management
Nexus 1000V, VM-FEX
Virtual WAAS, VSG*, ASA 1000V**
UCS for Virtualized Workloads
Nexus 7K/5K/3K/2K
WAAS, ASA, NAM
UCS for Bare Metal
* Virtual only, ** Announced
Cloud Services Router (CSR) ASR
Switching
Routing
Services
Compute
© 2013 Cisco and/or its affiliates. All rights reserved. 5
System Center Open Source vCloud Director/
DynamicOps
Cisco Multi-Hypervisor and Multi-Orchestrator Strategy Cloud Infrastructure Stacks Supported
Hypervisor
Virtualized
Infrastructure
CIAC
vSphere, Hyper-V, Xen, KVM
Integrated Stacks
COMPUTE NETWORK STORAGE
UCS Blades
UCS Racks
Nexus 1K
Nexus 2/3/5/6/7K
MDS
Partner Products (EMC,
NetApp)
NSM
Nexus 1KV
vPath
vSphere
NSM
Nexus 1KV
vPath
Hyper-V
NSM
Nexus 1KV
vPath
Open Source (Xen, KVM)
NSM
Nexus 1KV
vPath Virtual Network
Infrastructure
Cloud
Management
© 2013 Cisco and/or its affiliates. All rights reserved. 6
• IT organizations choose OpenStack to avoid vendor lock-in
• Ideal for Internal Software teams
• Almost all major IT companies participating
• More than 180 companies, 6000 individuals
• Foundational element of a Software Defined Infrastructure
• Extends Software Defined Networks in to the cloud
Open source software that allows anyone to build a public or private cloud
• Cisco is a board member
• Cisco’s Cloud CTO, Lew Tucker is Vice-Chair
SDI
© 2013 Cisco and/or its affiliates. All rights reserved. 7
OpenStack Compute (Nova) Software to provision virtual machines on server hardware at massive scale
OpenStack Object Storage (Swift) Software to reliably store billions of objects distributed across
locally attached storage
OpenStack Image Service (Glance) Services for discovering, registering, and retrieving virtual machine images
© 2013 Cisco and/or its affiliates. All rights reserved. 8
OpenStack Dashboard (Horizon) A self-service web portal to allow administrators and users to manage OpenStack resources
OpenStack Identity (Keystone) Provides “unified authentication” across all OpenStack projects and integrates with 3rd party authentication systems
OpenStack Network Service (Neutron) Provides “network connectivity as a service” between devices managed by other OpenStack services
© 2013 Cisco and/or its affiliates. All rights reserved. 9
Innovation in Cloud Computing through OpenStack’s Network Service and Cisco’s Open Network Environment (SDN)
OpenStack
Compute (Nova)
OpenStack
Networking (Neutron)
OpenStack
Storage (Swift)
a Controllers
and Agents
Cisco ONE Controller SW
Openflow Agents
Virtual
Overlays
VXLAN Gateway, Openstack,
Service Chaining
CSR 1KV
Platform
APIs
One Platform Kit (onePK)
on ISR G2, ASR 1K
Applications each see
their own logical DC
API-driven
Open Cloud Platform
Programmable
Infrastructure
VM VM
VM
VM VM
VM VM
© 2013 Cisco and/or its affiliates. All rights reserved. 10
• Public/private clouds
• Extend cloud model for rapid provisioning of network services
• Drive innovation through real-world use cases
Cisco Engineering
Customers
Community Participation
• Cisco OpenStack Installer
• Plug-ins for Cisco networking technology
• Plugins for Cisco Virtual Networking and Services
• UCS systems
• Cisco Intelligent Automation/orchestration
• Cross Cisco collaborations
• OpenStack Foundation Board member
• Neutron Core Community Member
• Focus on Network Service, Compute Service and Dashboard
• HA and automation for large scale production
© 2013 Cisco and/or its affiliates. All rights reserved. 11
Cisco Nexus 1000v Neutron plugin
Neutron Client Port and Policy profile extensions
Horizon support for Cisco N1Kv plugin
N1Kv Cisco Neutron plugin multi segment/trunk support
VXLAN and LISP support to OpenvSwitch Plugin
OpenStack TOR L3 Networking using Cisco Nexus plugin (SVI)
Cisco plugin Provider Network support
Modular layer 2 (ML2) plugin mechanism driver for Nexus
Modular layer 2 (ML2) plugin type driver for VXLAN support
Firewall as a Service (FWaaS) Agent
Layer 3 routing agent for routers
VPNaaS Documentation
12 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 13
• In simple terms, it’s an installer that allows you to quickly set up a manageable OpenStack cloud.
• Includes not only all OpenStack core components, but also tools to help you manage and monitor your cloud.
• Capable of handling bring-up all the way from bare metal.
• Simple installation procedure for novices, full Puppet code available for tweaking/addition by advanced users.
• A solution validated by Cisco testing.
© 2013 Cisco and/or its affiliates. All rights reserved. 14
Administrator
Horizon dashboard
Neutron
(network as a service)
Compute-Node • Nova-compute
• Neutron plugin Agent
Glance
(Image repository for VMs)
Build-node
• Cobbler
• Puppet
• NTP server
• Monitoring server
(Nagios, collectd,
Graphite)
Openstack Cluster
Compute-Node • Nova-compute
• Neutron Plugin Agent
Controller-Node • Neutron-server
• Nova-api
• Nova-scheduler
• Keystone
• RobbitMQ
• MySQL
© 2013 Cisco and/or its affiliates. All rights reserved. 15
• A delivery vehicle that allows us to provide OpenStack, features & software to customers and app developers
• A reference platform for how to deploy OpenStack in the real world
• An easy way to get started with OpenStack
• A way for customers to learn from our real-world OpenStack experiences
• A way to get:
• OpenStack installation automated by Puppet
• Monitoring tools to help manage your cloud (Nagios, Collectd, Graphite)
• Configuration management via Puppet
• Neutron-enabled multi-node installation tested on Cisco hardware
• New features before an upstream release
© 2013 Cisco and/or its affiliates. All rights reserved. 16
NOT • An OpenStack “distribution”
• TAC-supported software
• SKU-able, sellable software
• A version of OpenStack that contains Cisco proprietary add-ons
• A direct competitor to Red Hat RDO, Ubuntu, Rackspace Alamo, etc
• What you should install if you’re developing new OpenStack features (use DevStack for that)
© 2013 Cisco and/or its affiliates. All rights reserved. 17
For more Information please visit: http://docwiki.cisco.com/wiki/OpenStack
18 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 19
Clients Neutron Service Backend Networks
Physical and Virtual
© 2013 Cisco and/or its affiliates. All rights reserved. 20
© 2013 Cisco and/or its affiliates. All rights reserved. 21
• Cisco Nexus plugin amongst the first plugins to be available in OpenStack Networking
• Cisco Nexus Openstack Networking plugin – in Grizzly OpenStack release
• Features:
Orchestration with OpenStack dashboard – Horizon
Works with Nexus 3k/5k/6k/7k
Configures multiple physical Nexus switches
Dynamic VLAN provisioning
Efficient allocation of VLAN resource
VLAN features on Nexus used by plugin (Creation, Deletion Update)
• Datasheet
• Nexus Plugin Installation instructions
• Cisco OpenStack Website
22 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 23
Host Host
Network
Admin
Server
Admin
Host Host
The rest of the network…
vSwitch vSwitch vSwitch vSwitch
VMs on Wrong
VLANs!
No Network Visibility or
Control!
Unchaperoned VM-
to-VM
communication!
No Policy and
VLAN control!
Server Admin
must handle
network
configuration
© 2013 Cisco and/or its affiliates. All rights reserved. 24
Host Host
Network
Admin
Server
Admin
Host Host
Distributed Switch managed by
Network Admin
Server Admin
freed from
networking
configuration
Clear Configuration
Boundaries
Transparent Monitoring
Boundaries
© 2013 Cisco and/or its affiliates. All rights reserved. 25
1. When VMs move across physical ports—the network policy must follow them (across racks, PODS, DCs)
2. Must view or apply network/security policy to locally switched traffic
3. Need to maintain segregation of duties while ensuring non-disruptive operations
Port Group
Server Admin
Network Admin
Security
Admin
© 2013 Cisco and/or its affiliates. All rights reserved. 26
Modular Switch
… Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Back P
lane
Server 1 Server 2 Server 3
Comparison to a Physical Switch
Network
Admin
Server
Admin
© 2013 Cisco and/or its affiliates. All rights reserved. 27
Modular Switch
… Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Back P
lane
Moving to a Virtual Environment
Network
Admin
Server
Admin
Hypervisor Hypervisor Hypervisor
© 2013 Cisco and/or its affiliates. All rights reserved. 28
Hypervisor Hypervisor Hypervisor
Modular Switch
… Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Back P
lane
Supervisors Virtual Supervisor Modules (VSMs)
VSM1
VSM2
Virtual Appliance
VSM: Virtual Supervisor Module
Network
Admin
Server
Admin
© 2013 Cisco and/or its affiliates. All rights reserved. 29
Hypervisor Hypervisor Hypervisor
Modular Switch
… Linecard-N
Supervisor-1
Supervisor-2
Linecard-1
Linecard-2
Back P
lane
Linecards Virtual Ethernet Modules (VEMs)
VEM-N VEM-1 VEM-2
VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module
VSM1
VSM2
Virtual Appliance
Network
Admin
Server
Admin
© 2013 Cisco and/or its affiliates. All rights reserved. 30
Hypervisor Hypervisor Hypervisor
VSM + VEMs = Nexus 1000 Virtual Chassis
VEM-N VEM-1 VEM-2
VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module
vEth: Virtual Ethernet port
• 300+ vEth ports per VEM
• 6K vEths per N1K domain
• 128 VEMs per N1K domain (connected by L2 or L3)
L2 M
ode
L3 M
ode
VSM1
VSM2
Virtual Appliance
© 2013 Cisco and/or its affiliates. All rights reserved. 31
WAN
Router
Servers
Tenant A ASA 1000V
Cloud
Firewall
Nexus 1000V Physical Infrastructure
Virtualized/Cloud Data Center
vWAAS
Cisco Virtual
Security
Gateway
Switches
Cloud Network Services
Citrix
NetScaler
VPX
Imperva
SecureSphere
WAF Cloud
Services
Router 1000V
Zone A
Zone B
vPath VXLAN
Multi-Hypervisor (VMware, Microsoft, RedHat*, Citrix*)
Nexus 1000V (Dist. Virtual Switch)
• Distributed switch
• NX-OS consistency
VSG (Zone-based FW)
• VM-level controls
• Zone-based FW
ASA 1000V (Cloud FW)
• Edge firewall, VPN
• Protocol Inspection
vWAAS (WAN Optimization)
• WAN optimization
• Application traffic
8500+ Customers Available Now Available Now Available Now
CSR 1000V (Cloud Router)
• WAN L3 gateway
• Routing and VPN
Available Now
Ecosystem Services
• Citrix NetScaler VPX virtual ADC
• Imperva Web App. FW
Available 2H 2013
vNAM (Network Analytics)
• App Visibility (L2-L7)
• Overlay Intelligence (OTV, VXLAN, FP**)
PoC: 1H 2013
Network
Analysis
Module
(vNAM)
© 2013 Cisco and/or its affiliates. All rights reserved. 32
• Dedicated NX-OS appliance for hosting virtual services
Two form factors: 1110-S, 1110-X
Up to 10 virtual services can be hosted
• Simplifies lifecycle management of virtual services
Network/security team can deploy, upgrade, manage
• Virtual services currently supported
Nexus 1000V virtual supervisor modules (VSMs), Network Analysis Module (NAM)
Virtual Security Gateway (VSG), Data Center Network Manager (DCNM)
Nexus 1110: UCS C220/M3 Physical Appliance:
• CPU: 2 * Intel Sandy Bridge, 16 cores total
• RAM: 32 or 64 GB
• HDD: 2 or 4 TB
• Network I/O: 6 x 1 GbE or
6 x 1 GbE + 2 x 10 GbE
VSM VSM
VSM VSG NAM
DCNM
Nexus 1100 Series Announcement: Sept 13th, 2012 (FAQ, Blog, Nexus 1010 EoL notice)
Availability: Later in Nov
(Due to component lead issues)
© 2013 Cisco and/or its affiliates. All rights reserved. 33
• VEM on KVM Hypervisor
• VSM can run as VM on KVM or on N1110.
• Leverages OVS (open vSwitch) for flow-based traffic switching
• Openstack for creating, managing Virtual Machines
• Puppet for installing VEMs
• VXLAN-VLAN Gateway : to bridge traditional networks to virtual networks
© 2013 Cisco and/or its affiliates. All rights reserved. 34
Quantum VM-Network (PortID)
OpenStack Neutron
Admin
Port is created in VSM
VLAN 1-4095
VLAN 100
VLAN 100 Policy
Profile
(VSM)
Project/Tenant A
Compute Node + VEM
Nexus 1000V – VSM
VM-Network
192.168.10.0/24 for
VLAN 100
Create Network Profile Type
VXLAN | VLAN (Pool created and
assigned to tenant)
Create Network (Tenant Self Create)
Create Subnet (Assign IP Pool)
Create Port using network and
policy (Created when VM
is instantiated)
35 © 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. 36
• Allows YOU to define the “to-be” server, NOT settle for the “as is” server
• Configure once then reuse
• Templates as Best practices
• Created through Cisco UCS Manager
NIC MACs
HBA WWNs
Server UUID
VLAN Assignments
VLAN Tagging
FC Fabrics Assignments
FC Boot Parameters
Number of vNICs
Boot order
PXE settings
IPMI Settings
Number of vHBAs
QoS
Call Home
Template Association
Org & Sub Org Assoc.
Server Pool Association
Statistic Thresholds
BIOS scrub actions
Disk scrub actions
BIOS firmware
Adapter firmware
BMC firmware
RAID settings
Advanced NIC settings
Serial over LAN settings
BIOS Settings
More….
SERVICE PROFILE
LAN
SAN
© 2013 Cisco and/or its affiliates. All rights reserved. 37
C-Series Rack Optimized Servers
B-Series Blade Servers
Service Profile: HR_App1
VNIC1
MAC: 08:00:69:02:01:2E
HR_WEB_VLAN (ID=50)
VNIC2
MAC: 08:00:69:02:01:2F
HR_DB_VLAN (ID=210)
HBA 1 and 2
WWN: 5080020000075740
WWN: 5080020000075741
VSAN ID: 12
Boot Order: SAN
BIOS Settings:
Turbo On
HyperThreading On
UCS Service Profile Unified Device Management
Network Policy
Storage Policy
Server Policy
UCS Manager
Policy Driven Compute Provisioning + Open XML API
© 2013 Cisco and/or its affiliates. All rights reserved. 38
Chassis/Server Discovery Service Profile Association PXE boot devices deployed
Cobbler database update
Register Nodes Provision UCS Servers
Updates the newly added node info in puppet Puppet apply Add hosts/system in OpenStack
Event Listener
PXE boot for initial OS install RHEL 6.4 installation on bare-metal servers Sync all the plugins from Puppet Master
Host OS Install
Inventory of nova nodes on controller VM Provisioning OpenStack Services Deployment
OpenStack Handover
Hostname / IP address Logical credentials Resource allocation preferences Only Point of User Touch
Pre-configure UCS
© 2013 Cisco and/or its affiliates. All rights reserved. 39
4. PXE Boot 5. Puppet sync
1. Read conf file
2. Apply policies
3. Update Puppet/Cobbler DB
Build Node
Control
Node
Compute Nodes (nova-
compute, libvirtd)
(glance, scheduler,
API-deamons)
© 2013 Cisco and/or its affiliates. All rights reserved. 40
Policy Driven, Automated bare metal bring up of OpenStack setup
Seamless integration with existing UCSM tools
Scripted configuration of OpenStack components using UCSM Python SDK
Puppet, Cobbler driven configuration of OpenStack services
Easy deployment of multi-node OpenStack systems across UCS chassis
Dynamic provisioning of compute nodes via UCSM based Event Listener
Physical and Virtual Network Services with Nexus
More information at www.cisco.com/go/OpenStack
41 © 2013 Cisco and/or its affiliates. All rights reserved.