bgpvpn for edge cloud
TRANSCRIPT
BGPVPN for Edge Cloud
Hareesh Puthalath, Technical LeadSebastian Jeuk, Senior Consulting EngineerIan Wells, Distinguished EngineerMay 23, 2018
Agenda§ Edge Clouds
§ Service Provider Networks
§ MPLS in OpenStack Today
§ OpenStack BGP-VPN API
§ Our Implementation
§ Conclusion
© 2018 Cisco and/or its affiliates. All rights reserved. 2
Introduction to Edge Cloud§ Edge Cloud provides access to distributed VNFs close to end user
§ Why?§ Reduces Endpoint <-> VNF connection overhead (low latencies)§ Reduces backhaul (traffic from edge to core)
§ Typical Requirements: § Small Footprint§ Reduced Power Consumption§ Seamless Integration into SP Network
© 2018 Cisco and/or its affiliates. All rights reserved. 4
Introduction to Edge Cloud – Cont.
Public Cloud Provider
Central DC
Regional DC
Central DC
Regional DC
Regional DC
CO / Agg / MSO / HE
CO / Agg / MSO / HE
CO / Agg / MSO / HECO / Agg / MSO / HE
Hub
HubHub
Hub
Hub
Hub
Hub
HubHub
Hub
Hub
Hub
Hub
CO / Agg / MSO / HE
Hub Hub
CO / Agg / MSO / HE
Hub
Hub
§ Why does it need to integrate with the SP network?
§ Needs to integrate with services closer to the core, and other locations in the SP network (service chains across the network)
§ Logical location defined by edge cloud service§ Cell Site/Access§ Hub§ Aggregate§ Regional DC
Brief SP WAN Technology Overview§ Common WAN Technology Features:
§ Defining the “how” in reaching a destination – the control plane protocols and interpreting them
§ Defining an overlay independent of SP network transport – division of responsibility
§ Secure Separation to define multi-tenancy – working with cloud networking
§ Traffic Engineering – within the responsibility of the network team
© 2018 Cisco and/or its affiliates. All rights reserved. 7
Brief Introduction to MPLS § Packets are labeled (MPLS Label) and switched across the MPLS cloud
§ It’s not IP
§ MPLS uses existing IP control protocols to exchange label information
§ MPLS Forwarding Operations include: § PUSH§ SWAP§ POP
© 2018 Cisco and/or its affiliates. All rights reserved. 8
Label Swap Label Swap
PE
PE
P
P
P
CE CE
Label Imposition (PUSH) Label disposition (POP)
MPLS Cloud
• It’s hard being an SP• Fibre is expensive• Router interfaces are expensive• They have to get the most value out of the infrastructure they have
• MPLS helps SPs use their network as fully as possible• They can steer traffic down specific links to use the network more fully• They can reserve traffic for specific purposes like enterprise-grade
connectivity
Why MPLS?
© 2018 Cisco and/or its affiliates. All rights reserved.9
Brief Introduction to Segment Routing § Based on Source Routing Concept:
§ Source chooses path § encodes it in packet header§ network executes encoded instructions
§ Two data plane instantiations (MPLS and IPv6)§ Segment (identifier for instruction) == Labels (MPLS) vs IPv6 Address (SRv6)
§ Network path is encoded in packet header; Network no longer holds state
© 2018 Cisco and/or its affiliates. All rights reserved. 10
Brief Introduction to Segment Routing
© 2018 Cisco and/or its affiliates. All rights reserved. 11
A
Z
PE1
PE2101
65
Payload
65 Payload
100
201
300
200
100
Payload
65
201 Payload
65
E-VPN: Next Gen. Overlay SolutionComplementary to the transport layer
We use BGP to find out where a MAC is in the WAN§ Control Plane advertises learned MACs from CE
Addresses shortcomings:§ Network Inefficiency§ Different Operational Models§ Lack of programmability and policy control
© 2018 Cisco and/or its affiliates. All rights reserved. 12
E-VPN: Next Gen. Overlay Solution
VM VM
PEPE
P P
P
All activeMulti-homing
Single activeMulti-homing
IP or MPLS underlayC-MAC: M1
Service Provider Network
Conventional WAN Edge Model
L3VPN PE L3VPN PE
L3VPN PEL3VPN PE
Hand-off to PEs using DC technologies and provider networks
PE converts this to MPLS or SR for use in the SP network
PEs – ‘provider edge’ routers –deal with moving the traffic onto the SP backbone fabric
OpenStack network 1
OpenStack network 2
VNF
WAN-LAN BoundaryPE
PE PE
PE
Border Leaf
© 2018 Cisco and/or its affiliates. All rights reserved.15
Service Provider Network
MPLS Implementations Today
© 2018 Cisco and/or its affiliates. All rights reserved.16
Conventional WAN-Edge Model MPLS over UDP Model
What we see today
Switch
vSwitch
vNF
Switch
vSwitch
vNF
VLAN (L2)
MPLS (L3)
MPLSoUDP
L3L2
Towards an Integrated WAN-Edge Model
© 2018 Cisco and/or its affiliates. All rights reserved.17
Service Provider Network
What we believeis needed
vSwitch
vNF
Converged TOR
MPLS
VLAN (L2)
MPLS
MPLSSRIOV
Service Provider Network
Integrated WAN-Edge Model
L3VPN PE
L3VPN PE
L3VPN PEL3VPN PE
Neutron now manages both L2 networking as well as PE VPN functionality
Hybrid TOR/Router: SP + L2 capabilities within a single entity
Service Provider PE operations are moved into the control of the Cloud SDN
Openstack network 1
Openstack network 2
VNF
PE PE
PE PEWAN-LAN Boundary
© 2018 Cisco and/or its affiliates. All rights reserved.18
Benefits of Integrated WAN-Edge Model
© 2018 Cisco and/or its affiliates. All rights reserved.19
§ Physical Elements go away --> less space, power and cost!
§ More possibilities for networking
§ Consistent MPLS end-to-end (OAM, TE, etc.)
SP WAN Operations in a cloud world§ Clearly divided responsibility separation between WAN and Cloud teams
– but not the way they used to be divided
© 2018 Cisco and/or its affiliates. All rights reserved.20
CE/PE
P
WAN operators provide BGP peering details
BGP policies to protect WAN integrity
Cloud controls CE/PE elements
Talks BGP
Passes MPLS
API versus implementation § The BGP VPN API today describes network overlays and how they attach
to OpenStack networking
§ It is completely independent of the implementation
§ Changing the implementation as described above doesn’t need us to change the APIs… but we can extend the APIs to add new functionality that we can now offer
WAN-Edge models: a recap
© 2018 Cisco and/or its affiliates. All rights reserved.24
Service Provider Network
vSwitch
vNF
Converged TOR
MPLS
VLAN (L2)
MPLS
MPLSSRIOV
This is a new model
To pass MPLS labels to VMs, we need to find new ways to describe what we’re doing
Modelling API for WAN <-> Edge Cloud
§ VPN modelled as abstract resource
§ Admin/Operator defines key VPN properties§ Route Target§ Route Distinguisher§ VNI etc.
§ Tenant associates VPN with Neutron object§ Network§ Router§ Port
© 2018 Cisco and/or its affiliates. All rights reserved. 25
Modelling API for WAN <-> Edge Cloud – Cont.
© 2018 Cisco and/or its affiliates. All rights reserved. 26
WAN Network
Network: tn01_net1
Network: tn01_net2
VNF1 VNF2
VNF3 VNF4
<<network association>>
<<router association>>
<<port association>>
Coarse-grained
Fine-grained
Asso
ciat
ion
Uniform Representation of Connection TypesCommon API to configure different types of connections across a WAN
L2 Overlays§ Represents a switched connection between two endpoints§ Mostly applicable for DCI
L3 Overlays§ Represents a routed connection
Point-to-Point Overlays – a new connection type§ Used to define a service chain of VNFs located at different locations
© 2018 Cisco and/or its affiliates. All rights reserved. 27
Our thoughts§ Changing APIs is hard - agreeing APIs is hard
§ We want to do further experiments with implementation to ensure we have an API model that works before we propose the details
§ Watch this space
Our ImplementationEdge Cloud defines a set of new requirements:
§ Maximize Compute Resource footprint while keeping physical network resources to a minimum
§ Minimize power/space consumption
How can we realize the Edge Cloud requirements?
© 2018 Cisco and/or its affiliates. All rights reserved. 30
BGP Speaker
Converged TOR Implementation
WAN Network
31
Compute Compute Controller
BGP Speaker
Virtual Switch Virtual Switch
BGP peering
TOR TOR
VNF VNF
Data-Plane
Edge POD
BGP peering
BGPVPN API
BGP Implementation details are handled on converged physical TOR
OpenStack control plane stays with controller node
Neutron Server
Our networking-vpp implementation
VPP
VPP
Agen
tVM VM VM
vhostuser
VPP
VPP
Agen
t
VM VM VM
vhostuser
ML2 VPPMechanism Driver
journaling
HTTP/json
dpdkdpdk
vlan / flat network
Compute Node Compute Node
BGPVPNprovider
PE
PE A
gent
HTTP/json
HTTP/json
Neutron Server
Compute Node Compute Node
Our networking-vpp implementation
VPP Agen
tVM VM VM
vhostuser
VPP
VM VM VM
vhostuser
ML2 VPPMechanism Driver
journaling
HTTP/json
dpdkdpdk
vlan / flat network
Ext.
Agen
tEx
t.
HTTP/json
HTTP/jsonHTTP/json
PE
PE A
gent
BGPVPNprovider
Mapping API ConstructsHardware Router acting as collapsed TOR; controlled by BGP VPN API
Configuration Snippet for router reflect API elements:§ Tenant Network <-> EVPN EVI and BD§ VPN (RD & RT) <-> NONE§ Tenant Router <-> VRF§ Tenant Router attached to Network <-> BVI within Router VRF§ Router associated to VPN <-> RD and RTs configured &
VRF defined in BGP
© 2018 Cisco and/or its affiliates. All rights reserved. 34
An Example Implementation - Cont.
Create VPN construct and define RD and RTneutron bgpvpn-create --name VPN1 --route-targets
16000:100 --route-distinguisher 16000:500
Create OpenStack Router and attach to Networkneutron router-create VPN-ROUTER; neutron
router-interface-add VPN-ROUTER VPN-SUBNET
Associate Router to VPNneutron bgpvpn-router-assoc-create VPN1
--router VPN-ROUTER
© 2018 Cisco and/or its affiliates. All rights reserved. 35
Hardware RouterConfiguration
OpenStack BGPVPN API Operation
No configuration applied on Router
Define VRF and BVIvrf <tenant-router-id>
description <tenant-VRF>interface BVI 100
vrf <tenant-router-id>ipv4 address 100.0.0.1/24
3
2
1
32
1
Fill-in VRF and Define BGP Configurationvrf <tenant-router-id>
description <tenant-VRF>address-family ipv4 unicast
import route-target16000:100
export route-target16000:500
router bgp <BGP-AS>vrf <tenant-router-id>
rd 2704:5000address-family ipv4 unicast
label mode per-vrfredistribute connected
Results in