Quantum: What it is and Where it’s going Lew Tucker VP/CTO Cloud Computing Cisco Systems, Inc. @lewtucker
Oct 21, 2014
Quantum:What it is and Where it’s
going
Lew TuckerVP/CTO Cloud Computing
Cisco Systems, Inc.@lewtucker
• OpenStack: open source software for building highly scalable public and private clouds
• Designed as a set of services forming the basis of a cloud platform
• Evolving through community process in which all members may contribute
• Quantum is a community project to build a “Network Service” for advanced networking capabilities
+ Quantum
Open Source Is Where “Standard” Cloud Infrastructure Will Be Defined
Open standards [require] multiple providers, access to code and data, and interoperability of services.
The obvious solution is an open source reference model as the standard.
Potential examples of such would be the OpenStack effort.
-Simon Wardley, CSCFrom “A Question of Standards”
http://blog.gardeviance.org/2011/04/question-of-standards.html
Cloud Computing ParadoxCurrent Cloud Computing model is great for application development, self-service, and automation, but is missing the potential programmability of the infrastructure
• Applications and infrastructure could interact with each other to provide the best performance, experience and reliability
• What is missing is the right mechanism to expose networking infrastructure capabilities without bringing all the complexity into the application layer
But I can help (sigh)
I’m a Cloud. I don’t need
you!
Network Technologies in the Data Center and Internet
Internet
Partners
CRS-176006500
Nexus 7000Nexus 7000(w/ Cat 6500as Services
Chassis)
Nexus 5000w/ Nexus 2000Fabric Extender
UCS, MCS 7800 (or Generic
Rack or Blade Servers)
Nexus 1000v MDS 9000 +Consolidated
Storage Arrays (EMC, etc.)
ApplicationSoftware
VirtualMachine VSwitch Access Aggregation Core Peering IP NGN
Backbone
VMWareXen
Hyper-V
CRS-1ASR 9000ASR 1000
7600
Storage and SAN Compute
Applications
IP NGN
Application Control (SLB+)
Service Control
Global Site Selection
Intrusion Detection
Firewall Services
Virtual Device Contexts
Fibre Channel Forwarding
Fabric Extension
Fabric-Hosted Storage
Virtualization
Virtual Contexts for FW and SLB
Port Profiles and VN-Link
Port Profiles and VN-Link
Line-Rate NetFlow
Virtual Device Contexts
Secure Domain Routing
Service Profiles
Virtual Machine Optimization
10G Ethernet10G FCoE4G FC1G EthernetVM to vSwitchvSwitch to HWApp to HW / VM
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
Storage Media Encryption
Let’s abstract all this
OpenStack Design Summit April 2011 Compute service (EC2): virtual machines
- Specify vCPU, Memory, Disk- Launch instance (image, mem_size, disk)- Suspend, clone, migrate
Storage service (S3, EBS): virtual disks- Specify storage amount, access rights- Store object- Create/attach block
• What to do about networks?
App Svr
OS
VM
??Networking
OpenStack Today: Nova Compute – Swift Storage
Nova ComputeService
Virtual Machines
SwiftStorageService
Object Store
Basic Network Connectivity
Nova and Swift API
Servers Disks
Networking is embedded inside of Nova compute, and un-accessible to application developers
Details and differences associated with network provisioning complicates a simple compute service
Difficult to track changes in networking as Software-defined Networking (SDN) comes into play
With Quantum - Networking becomes a Service
Nova ComputeService
Virtual Machines
SwiftStorageService
Object Store
Basic Network Connectivity
Nova, Swift, and Quantum API
Servers Disks
Nova becomes simpler, easier to maintain and extend
Developers have ability to create multiple networks for their own purposes (multi-tier apps)
May support provisioning of both virtual and physical networks – differences captured through plugin’s
QuantumService
Virtual Networks
Networks
Virtualization in a multi-tenant environment
Servers are virtualized through partitioning
Storage through aggregation
Networks through slicing/tunnels/tagging…
Networks are a shared resource carrying traffic for all tenants across shared links
Network overlays and virtualization create private networks through tagging, routing, encapsulation (tunneling), and separation of control (openflow, etc.)- VLANS, NVGRE, VXLAN, STT, LISP
Quantum is designed to support private networks
But wait…..
Don’t security groups, and firewalls provide isolation?
Yes
But that’s a topic for another time…..
Rest assured, Nova with Quantum supports both
2011 Design Summit - community-driven merger of proposals
NetworkServicePOCNTT/Midokura
NetworkContainersCisco
NetworkServiceCitrix/Rackspace/Nicira
NaaS Core DesignIntel
… and others
Quantum
Abstractions and APIs Compute service (EC2): virtual machines
- Launch instance (image, mem_size, disk)- Suspend, clone, migrate
Storage service (S3, EBS): virtual storage- Store object- Create/attach block
Network service (Quantum): virtual networks- Create/delete private network- Create “ports” and attach VM’s- Assign IP address blocks (DHCP)
App SvrOS
VM
App SvrOS
VM
App Svr
OS
VM
With a simple RESTful API
POST /v1.1/tenants/abc/networks.json
Request: { “network”:
{“name”:”my_db_network”
} }
Response: { “network”:
{“id”: “98bd8391-199f-4440-824d-8659e4906786”
} }
Quantum in Horizon GUI
My Private Network
What you can do with Quantum service Create multiple, virtual, isolated networks per tenant (FE-Net,
DB-Net)
Multiple network interfaces per VM (in-line services)
Create ports on networks (QoS, profiles) and attach VM’s
Have control over your own “private” IP addresses
Access through a user-friendly CLI and GUI (Horizon)
Invoke additional capabilities through extensions
Support different underlying networking implementations (VLANS, L2/L3 tunnels, etc.)
Quantum is built using a plug-in architecture to support different networking technologies
Quantum API
Quantum Service• Network abstraction definition and management• Does NOT do any actual implementation of abstraction
Quantum Plug-in API
API Extensions:For controlled innovation
and experimentation
Vendor/User Plug-In• Maps abstraction to implementation on physical network• Can provide additional features through API extensions
Quantum API interactions
Compute Service(Nova)
Network Service (Quantum)
Tenant API
Internal API Admin API SystemAdmin
Plug-In
User Application – CLI - Horizon Dashboard - Tools
Tenant API
Compute NodeHypervisor vSwitch
PhysicalNetwork Router/Switch
Clustered Network Controller
Plug-in’s available today Open vSwitch
Linux bridge
Nicira NVP
Cisco (Nexus switches and UCS VM-FEX)- WIP: VXLAN
NTT Labs Ryu OpenFlow controller
NEC OpenFlow
Big Switch Floodlight
What application developers want
Keep it simple - hide complexity while exposing capabilities
Provision their own, abstracted networking resources and topologies
Potential to create their own networking services
Isolation and non-interference
Ability to experiment while leveraging all that is provided by lower-level protocols
Application Architecture on a Whiteboard
Architecture grows as you scale-out, some components move to be closer to the internet, others move to the back-end
Different tenants and applications have different needs
App
OS
VM
DataBase
OS
VM
App
OS
VM
Web Svr
OS
VM
Web Svr
OS
VM
Web Svr
OS
VM
App Svr
OS
VM
App Svr
OS
VM
MemCach
OS
VM
MemCach
OS
VM
DataBase
OS
VM
DataBase
OS
VM
Tenant “A” Tenant “B”
DataBase
OS
VM
App
OS
VM
Tenant “C”
Internet Access, Management Network and Multi-tenant ServicesInternet
GatewayVPN
ServiceService Provider Network
10.0.1.0/24
198.133.219.10
10.0.1.0/24
Quantum today and in the near future Quantum 1.0 is available today for Essex as an incubation project
- Supports isolated L2 networks- Multiple plug-in’s available
Folsom release – moving into Core- Quantum V2 API (in development)
- Support tenant-created subnets
- Integrated with Horizon (dashboard) and Keystone (identity/token/policy)
- Includes “Melange” IPAM for IP address management
- Includes DHCP/Dnsmasq functionality
Quantum V2:Introduces Subnets, IP addr mgmt, Gateways, DNS
POST /v2.0/subnets
Request:{ "network_id": "98bd8391-…", "cidr": "10.0.0.0/24",}
Response{ "id": "e76a23fe-…", "network_id": "98bd8391-..", "cidr": "10.0.0.0/24", "gateway_ip": "10.0.0.1", "dns_nameservers": ["8.8.8.8"], "reserved_ranges": [ { "start" : "10.0.0.1", "end": "10.0.0.1"}, { "start": "10.0.0.255", "end" : "10.0.0.255"}], "additional_host_routes": [],}
Create and attach ports to VM interfaces
3
Where we will take Quantum in the future?Purposely started simple with basic abstraction, but with many blueprints expect to see rapid innovation, while maintaining backward compatibility
More plug-in’s for other networking paradigms
Extensions for QoS, port profiles, etc.
Used in the development of new network services
Applied to create virtual data centers spanning multiple sites
New uses in network service provider networks, mobile networks, sensor networks, HPC networks
For more information…
Quantum API- http://docs.openstack.org/api/openstack-network/1.0/content/
Quantum Admin Guide (Essex): - http://docs.openstack.org/trunk/openstack-network/admin/content/
Code on Github:- https://github.com/openstack/quantum
Quantum V2:- http://wiki.openstack.org/QuantumV2APIIntro
QuantumNetwork Service
Lew Tucker, Cisco Systems@lewtucker