nuage networks at china sdn/nfv conference 2014 with scott sneddon
Post on 15-Jan-2015
203 Views
Preview:
DESCRIPTION
TRANSCRIPT
Copyright 2013 Alcatel-Lucent. All rights reserved.
A Policy Driven Approach to Software Defined NetworkingScott Sneddon@ssneddon
@nuagenetworks
SDN in 2014
OpenFlow Controllers
Network Virtualization
White Box Switching
Open Source Projects
Network as a Service
Plenty of Innovation and Disruption…
Why SDN?
Reduce Cost
Asset Utilization
Self Service
Automation
Make the network more “Cloud” like
We’re making great progress
The “Consumption shift”
Cloud is changing the way technology is being consumed
From “order and wait”
To “instant gratification”
Consumer expectations are shifting
Multiple personas
Single user
On-demand personalized catalogue
Compute is Virtualized
Available in Minutes
Network is Partially Virtualized
Configuration takes Days/Weeks
NetworkConfiguration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request completed in
Minutes
Help DeskChange Control
IP Address
VLAN Address
FirewallConfiguration
LAN (VLAN)Configuration
WAN (IP)Configuration
Security / QATeam
ProjectCoordinator
Network Changecompleted in days/Weeks
00:01
Datacenter Network
Service velocity is hindered by manual network process
Network is “more” virtualized
Some things available in minutes – Some not so much
Many network elements are manually configured
Manual per-tenant network configurations
NetworkConfiguration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request completed in
Minutes
SDN Controller
Some Network Change completed In Minutes
00:01 00:01
Software Defined Datacenter Network
Service velocity accelerated, but…
Committees still build “networks”
Audits/reviews
In a NaaS environment (AWS, etc) this is delegated to the tenant
Is this what your DevOps team should be doing?
NetworkConfiguration
Software Defined Network Configuration
We’ve only addressed part of the automation problem
Security / QATeam
VLAN Address
IPAddress
WAN (IP)Configuration
FirewallConfiguration
Network Configurationcreated in days/Weeks
Application = Web
Application = SAP
Application = Database
Network Virtualization solutions…
Group applications into “network sandboxes”
Policy approach to networking
Policy Templates
Users
Application Types
Business Rules
Policy Evaluation
Firewall
Firewall
W
BLBL
W
FirewallW W
Firewall
Firewall
W
BLBL
W
Firewall
Firewall
W
BLBL
W
BLBL
Design once, re-use multiple times
Application Networks
What is a network Policy?
OpenStack Group Based Policy Abstractions for Neutronhttps://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
• An Application-centric approach to networking• Moving away from traditional network constructs
• ports, subnets, routers, etc• Aiming for a highly abstracted interface for application developers to
• express desired connectivity of application components• and express high-level policies governing that connectivity
• Without imposing constraints on the underlying implementation
What is a network Policy?
OpenStack Group Based Policy Abstractions for Neutronhttps://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
What is a network Policy?
Application will first create policy rules:neutron policy-rule-create web-rule --direction ingress --protocol tcp --port 80neutron policy-rule-create all-rule --direction ingress --protocol tcp --port allneutron policy-rule-create db-rule --direction ingress --protocol tcp --port 3306
Next, the application will create policies:neutron policy-create web --policy-rule web-ruleneutron policy-create app --policy-rule all-ruleneutron policy-create db --policy-rule db-rule
Next, Connectivity Groups are created, specifying how things are connected:neutron connectivitygroup-create DB --provide dbneutron connectivitygroup-create APP --provide app --consume dbneutron connectivitygroup-create WEB --provide web --consume appneutron connectivitygroup-create OUTSIDE --consume web
OpenStack Group Based Policy Abstractions for Neutronhttps://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
Conclusions
• Creation of distributed virtual switches and virtual routers - great for virtual networks and better than VLAN’s, but …
• Creates a distributed virtual configuration and management challenge
• Provisioning and management of these endpoints can not be done with traditional methodology
• Policy abstraction is a proven framework
• Successfully shipping since May 2013
For more information…
• OpenStack Neutron Group Based Policy Abstraction
• https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
• OpenDaylight Application Policy Plugin
• https://wiki.opendaylight.org/view/Project_Proposals:Application_Policy_Plugin
• Matt Oswalt’s blog post on “OpenDaylight and Those Pesky Southbound APIs”
• http://keepingitclassless.net/2013/10/opendaylight-and-those-pesky-southbound-apis/
• Nuage Networks Virtualized Services Platform
• http://www.nuagenetworks.net/solutions/
157/16/14
Network Policy NOW
@nuagenetworks
@ssneddon
top related