Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks Nuage Networks Flexible and agile Software Defined Networking March 2015 Matthieu Texier [email protected]
23
Embed
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Copyright 2013 Alcatel-Lucent. All rights reserved.CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTIONNuage Networks
Nuage NetworksFlexible and agile Software Defined Networking
Virtual Routing & Switching (VRS)Virtual Routing and Switching
(VRS)
VRS-H*
VRS-G
VRS-X
VRS-V
Citrix XEN Hypervisors
VMware vSphere Hypervisors
Microsoft Hyper-V Hypervisors
Gateway for Bare Metal Servers &Appliances
KVM Hypervisors
VRS-K
Docker agentVRS for Docker
L2-L4 VIRTUAL SWITCH• OPEN V-SWITCH BASED • PROVIDES BOTH VXLAN
AND MPLSoGRE TUNNEL ENCAPSULATION OPTIONS
• PROGRAMMED THROUGH OPENFLOW FROM VSC, ENCAPSULATES VM FLOW INTO PREFERRED PROTOCOL (L2 OR L3)
• DETECTS VM INSTANTIATION AND TEARDOWN
OpenFlow
XMPP
VirtualizedServicesDirectory
VirtualizedServicesController
Virtual Routing &Switching
Hypervisor
Virtual Routing &Switching
Hypervisor
*Hyper-V Supported in the Future
Cloud Service Network Instantiation with Nuage NetworksFederated Inter Datacenter Services (multiple CMS)
Cloud Service Management Plane
Datacenter Control Plane
DatacenterData Plane
Brooklyn Datacenter - Zone 1
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to H
ypervisor comm
unications HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 2
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Services
Manhattan Datacenter - Zone 2
Federation of Controllers
EdgeRouter
MPLS(MP-BGP)
Service Provider Control Plane
Service Provider Data Plane
BusinessVPN Service
PrivateDatacenter
MP-BGPMP-BGP
Domain
Subnets
VPNInternet
ZonesPolicies
Cloud Service Management Plane
Datacenter Control Plane
DatacenterData Plane
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to Hypervisor com
munications HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1 Brooklyn Datacenter - Zone 2
Domain
Subnets
VPNInternet
ZonesPolicies
CloudBand
HYPERVISOR
HYPERVISOR
HYPERVISOR
Manhattan Datacenter - Zone 2
VirtualizedServicesController
Network Services
EdgeRouter
MPLS(MP-BGP)
WAN Control Plane
WAN Data Plane
BusinessVPN Service
PrivateDatacenter
MP-BGP
CPE
VPN
CPE
VPN
CPE
VPN
VirtualizedServicesController
Internet
Cloud Service Network Instantiation with Nuage NetworksExtended network services to branch office (VNS solution)
Nuage solution Use casesPrivate Cloud
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
15
Why SDN, why automation
11/25/15
Legacy applications
Intranet Web, Mail, legacy
Digital stackContent and cloud
playerWeb scale
CDN, GSLB…Share nothing appliactions
Big data
Dual DCLAN switching
Multiple DC,WAN extensionInternet peering
Multiple DC,Virtual DMZ,Internet peering and CDN
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
16
Converting a marketing view to your specific needsQuestions to ask to yourself !
• Data centers and applications– Single, multiple regions ?– Multi-hypervisor ?– Applications and resiliency scheme ?– Devops, micro-segmented software design ?
• Network and IP fabric– Just couple of switch’s ?– SPINE/LEAF ?– Multiple DC’s interconnected via a WAN / public AS ?– L2 services / L3 services, security, filtering,
east/west, north/south ?
11/25/15
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 3
HYPERVISOR 3
HYPERVISOR 3
Orchestrated overlay network services
IP fabric
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
17
Challenges that comes with Openstack Openstack is very well suited for very dynamic
infrastructure Devops continuous testing, create, destroy, rebuild via heat
stack or any others scripting or YAML languages How do we make it scalable, reliable, stable…
No easy answer to this question, we propose to share experience
11/25/15
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
18
Openstack networking using Neutron Network Node and optionally DVR Neutron network node (NN) still centralized
SNAT and PAT is still centralized on this node, no real HA and control plane to handle NN failure, Without DVR, NN becomes a SPOF most probably under stress with lots of traffic,
DVR is quiet hungry in terms of resources Multiple agents per compute nodes Each router requires namespace each of them running DVR (could end up with 1000 namespaces per compute node) Poor implementation of ARP and flow mapping generating entries for each VM in a broadcast domain in each
compute SNAT is mandatory to get out of Neutron Network, no way to avoid SNAT
No standard control plane Re-inventing the wheel : does it really make sense ! Ready a good headache :
https://www.youtube.com/watch?v=OpKsXX0bQAo
11/25/15
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
19Copyright 2015 Alcatel-Lucent. All rights reserved.
Openstack “stretch design”
DC 1 DC 2
WAN/Internet
Nuage XMPP traffic (VSD/VSC)
Nuage BGP traffic (VSC/VSC)
Centralized authentication via keystone db backend / proxyComes with challenges like: Installation and maintenance,
HA nodes election process (corum) for “real” HA, Storage network latency, multiple gateway and routers,
HA between network nodes, …
Expend infrastructure VLAN
Nuage overlay network
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
20Copyright 2015 Alcatel-Lucent. All rights reserved.
Example multi-DC / multi-Openstack / single SDN
DC 1 DC 2
WAN/Internet
Nuage XMPP traffic (VSD/VSC)
Nuage BGP peering (VSC/VSC)
Almost all our existing customers in productionFixes many issues like: Corum election of Openstack HA nodes,
Floating IP mobility, Storage network design and latency constraints,Probably the best compromise as of today
(Kilo / Nuage 3.2)
Nuage overlay network
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
21
11/25/15
Netw
ork
serv
ices
OpenStack Cloud Management Platform
OpenStack®
OpenStack Cloud Management Platform
OpenStack®
OpenStack Cloud Management Platform
OpenStack®
Out of the Box Content
HP Cloud Service Automation APIHP DCN
Overlay Network
AZRegion
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Thank You
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION