CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION © 2016 Nokia. All rights reserved. Nuage Networks is a Nokia venture. Do or don't - there is no try ; consistent networking via SDN in OpenStack Andreas Roeder – Nuage; Christoph Torlinsky - Nuage [email protected] ; [email protected] March 17, 2016 @roeder_andreas
Do or don't - there is no try; consistent networking via SDN in OpenStack by Andreas Roeder and Christoph Andreas Torlinsky, Nuage Networks
Apr 16, 2017
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Door don't - there is no try ;consistentnetworking viaSDNinOpenStackAndreasRoeder– Nuage;Christoph Torlinsky - [email protected] ;[email protected],2016
@roeder_andreas
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
IntroductionWhatisallofthisabout?
3/21/16
2
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
AboutNuage Networks§ Nuage isastartupwithHQinSiliconValleyandofficesaround theworld
§ AnNokiabackedventurefocusedondatacenterandbranchofficenetworkevolution
fortheSoftwareDefinedCloudComputingWorld
§ CreationofanAbstraction&Automation layerbetweennetworking decouplingHardware
§ APIandPolicynetworkingdesign reflectingbusinessdirectives,notnetwork
§ ActiveinmanydiverseNetworkingForumsandOpenSourceProjects
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
CurrentstateofnetworkinginOpenStack
Whatarewetryingtoaddress?
3/21/16
4
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/21/16
5
OVSPluginvs.NuageVRS(insertedonKVMHypervisors)NeutronDatapath onCompute– SDNInsertion
GREEncapsulated
br-int
br-tun
patch-tun
patch-int
PortVLAN:10 PortVLAN:20
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
qbra
qvba
vneta
qvoa
qbrb
qvbb
ventb
qvob
qbrc
qvbc
vnetc
qvo
gre-10.0.0.1
eth0
TAPDevice
veth pair
LinuxBridge
Open vSwitch
ConfiguredbyNovaCompute
ConfiguredbyNeutronL2Agent
o TenantswillbeseparatedbyinternalassignedVLANS
o VLANS will bemappedegresstowardsGREtunnelswhichareuniquebytunnelID
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
tapa tapb tapc
alubr0
VXLANEncapsulated
eth0
Policy DrivenConfigurationfrom
Nuage VSP
OVSDatapath(supportsL2only)
NuageDatapath(supportsdistributedL2,L3,FloatingIP,…)
PHYPort
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/21/16
6
DatapathDifferentiationtoNeutronwithNuage
br-intint-br-ext
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
qbra
qvba
vneta
qvoa
qbrb
qvbb
vnetb
qvob
qbrc
qvbc
vnetc
qvoc
TAPDevice
veth pair
LinuxBridge
Open vSwitch
VM3TenantB
eth0
qbrd
qvbd
vnetdPHYPort
qvod
br-ext
phy-br-ext
InternalRouterNamespace
qr-f qr-g
IP IP IP IP
IP IP
qr-fqrouter-yInternalRouterNamespace
qr-h qr-jIP IP
qr-n qrouter-z
FloatingIPNamespace
qfloat-x qf-nqr-m
qf-x
br-tun
int-br-tun1
int-br-tun1
FlowTableentry
FlowTableentry
DVRAGENT(Enhanced L3
Agent)
PrivateNetwork
eth1
Public Network
eth0
Ext-IP
alubr0VRS
(SingleOVSbridge)
o SingleOVSBridgeo IsFlow-Basedo PerformsFirewalling,
Switching,Routing,NAT,…
o ProcessesARP,DHCPLOCALLY
o NoDedicatedNetworkNodeforo non-DVRcase:
Routing,DNAT,SNAT,DHCP
o DVRcase: SNAT,DHCP
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
ComputeNodeComputeNode
ComputeNode NetworkNode
br-int
qbr..
3/21/16
7
NeutronL3Datapath inOpenStack
VM1TenantA
VM2TenantA
A Q
B
C
qbr..
R
S
D T
br-tun
E
F
G br-tunH
br-intJ
I
M O
dhcprouter
PN
Kbr-ext L
ML2OVS/NetworkNode
VM1TenantA
VM2TenantA
A B
VM1TenantA
VM2TenantA
C D
alubr0 alubr0
VRS-GSoftwareGW
alubr0
HardwareGW
alubr0
VXLAN VXLANVXLAN
VXLAN
NuageVSP
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
NeutronServer
RabbitMQ
L3Agent
OVSAgent
MetadataProxy
MetadataAgent
Keepalived
OVS
dnsmasq
NetworkNode
OVSAgent
OVS
ComputeNode
RabbitMQ
MySQL
Nuage ArchitectureDifferentiationo Neutron requireshighDatabasereadandwriteoperations andMessaging(RabbitMQBottlenecks)
o SincethereisNOseparatecontrolplane,Neutronserverhastodealwitheverycomputenodewithoutanyoffload
o Nodatabaseinquirycachesupported fortheDatabasewhichtremendouslyincreasedDatabasereadpressure
o SQLAlchemydesigninneutroncode addsDatabasepressure andMetadatacachinginefficiency
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
SingleSDNAPIfordiverseApplicationsItsnotjusttheVMandOpenStack anymore,isit?
3/21/16
9
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Physicalservers VirtualMachines Containers PublicCloud
VSP=Policy-DrivenVirtualizedNetworkingforallEnvironments
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Same policies andtemplates canbeused across anyendpoint:OpenStack VMs,Containers,PaaS or Physical
DOCKERContainers KVMVirtualMachines Physical &Baremetals
L2Service “SQL”with Security“Medium”,nopublic access,QoS “Gold+”
L3Service “FrontEnd”with Security“High”,NAT,BW=10Mbps,QoS “Silver”
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Nuage SDNArchitectureHowwecandoallofthat?
3/21/16
12
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
VSD
API / REST / Python / GO…
VSDVSD
VSC VSCBGP
XMPP
ESXi KVMVRS VRS
BM
VTEP
DCI
Hyper-VVRS
XENVRS
XLC / Docker
VRS
Nuage DetailedArchitecture
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
TypicalNuage Usecases§ ConvergedDatacenter(MultipleSites,MultipleCMS,
MultipleWorkloadFormfactors)onpremise/offpremise§ Microsegmentation§ Desaster recovery§ P2V/V2Vmigration§ Devops§ NGDataCenter FabricAutomation
3/21/16
14
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
UseCases:
3/21/16
15
CloudInfrastructureFramework
FWaaS
LBaaS
(X)aaSIntegrationFramework
HybridCloudConnect
VPNaaS
ProgrammableDataPlane
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
DemoOverview1/2
3/21/16
16
§ SetupbasedonRedHat OSP6togetherwithNuage 3.2R4
§ NonHASetup
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
DemoOverview2/2§ SetupbasedonCentoswithdocker:1.8.2-7.el7.centos
3/21/16
17
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Demo/QnA
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.
Thevspk and associated tools are available onGitHub andPyPI: https://github.com/nuagenetworks
Nuage NetworksCommunityandForums
+
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/21/16
20
https://www.openstack.org/summit/austin-2016/summit-schedule/
CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/21/16
21
THANKYOU
Related Documents
