CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
Doordon't-thereisnotry;consistentnetworkingviaSDNinOpenStack–ManchesterUKMeetup
@nuagenetworks
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
Introduc1onWhatisallofthisabout?
17/08/16
2
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
AboutNuageNetworks-SDN§ NuageisaEuropeanstartupwithofficesintheSiliconeValley
§ AnNokiabackedventurefocusedondatacenterandbranchofficenetworkevolu\onfortheSo]wareDefinedCloudCompu\ngWorld
§ Crea\onofanAbstrac\on&Automa\onlayerbetweennetworkingdecouplingHardware
§ APIandPolicynetworkingdesignreflec\ngbusinessdirec\ves,notnetwork
§ Ac\veinmanydiverseNetworkingForumsandOpenSourceProjects
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
NuageispureSo:wareDefinedOverlayNetworkingTunnelsbetweenEndpointsprovideL2andL3services
FullydecoupledfromHW
NaturalfitforCloudandmore
Tunnels“Overlay”thePhysicalnetworkandprovideisola\on
GatewayRouters=OverlayExitpoint
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
CurrentnetworkingArchitecturesinOpenStack
Whatarewetryingtoaddress?
17/08/16
5
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
17/08/16
6
OVSExtensionvs.NuageVRS(insertedonKVMHypervisors)NeutronDatapathonCompute–SDNInser1on
GREEncapsulated
br-int
br-tun
patch-tun
patch-int
PortVLAN:10 PortVLAN:20
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
qbra
qvba
vneta
qvoa
qbrb
qvbb
ventb
qvob
qbrc
qvbc
vnetc
qvo
gre-10.0.0.1
eth0
TAPDevice
vethpair
LinuxBridge
OpenvSwitch
ConfiguredbyNovaCompute
ConfiguredbyNeutronL2Agent
o Tenantswillbe
separatedbyinternalassignedVLANS
o VLANSwillbemappedegresstowardsGREtunnelswhichareuniquebytunnelID
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
tapa tapb tapc
alubr0
VXLANEncapsulated
eth0
PolicyDriven
Configura1onfromNuageVSP
OVSDatapath(supportsL2only)
NuageDatapath(supportsdistributedL2,L3,Floa\ngIP,…)
PHYPort
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
17/08/16
7
OVSDatapathComparetoNeutron+Nuage=SingleBridge
br-intint-br-ext
VM1TenantA
VM2TenantA
VM3TenantB
eth0eth0eth0
qbra
qvba
vneta
qvoa
qbrb
qvbb
vnetb
qvob
qbrc
qvbc
vnetc
qvoc
TAPDevice
vethpair
LinuxBridge
OpenvSwitch
VM3TenantB
eth0
qbrd
qvbd
vnetd
PHYPort
qvod
br-ext
phy-br-ext
InternalRouterNamespace
qr-f qr-g
IP IP IP IP
IP IP
qr-fqrouter-yInternalRouterNamespace
qr-h qr-jIP IP
qr-n qrouter-z
Floa\ngIPNamespace
qfloat-x qf-nqr-m
qf-x
br-tun
int-br-tun1
int-br-tun1
FlowTableentry
FlowTableentry
DVRAGENT(EnhancedL3
Agent)
PrivateNetwork
eth1
PublicNetwork
eth0
Ext-IP
alubr0VRS
(SingleOVSbridge)
o SingleOVSBridgeo IsFlow-Basedo PerformsFirewalling,
Switching,Rou\ng,NAT,…
o ProcessesARP,DHCPLOCALLY
o NoDedicatedNetworkNodeforo non-DVRcase:
Rou\ng,DNAT,SNAT,DHCP
o DVRcase:SNAT,DHCP
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
ComputeNodeComputeNode
ComputeNode NetworkNode
br-int
qbr..
17/08/16
8
Op\misedwith3rdPartySDNNeutronL3Datapath
VM1TenantA
VM2TenantA
A Q
B
C
qbr..
R
S
D T
br-tun
E
F
G
br-tunH
br-intJ
I
M O
dhcprouter
PN
K
br-ext L
ML2OVS/NetworkNode
VM1TenantA
VM2TenantA
A B
VM1TenantA
VM2TenantA
C D
alubr0 alubr0
VRS-GSo]wareGW
alubr0
HardwareGW
alubr0
VXLAN VXLANVXLAN
VXLAN
NuageSDN
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
NeutronServer
RabbitMQ
L3Agent
OVSAgent
MetadataProxy
MetadataAgent
Keepalived
OVS
dnsmasq
NetworkNode
OVSAgent
OVS
ComputeNode
RabbitMQ
MySQL
Nuage3rdPartySDNArchitectureDifferen1a1ono NeutronrequireshighDatabasereadandwriteopera\onsandMessaging(RabbitMQ)
o SincethereisNOseparatecontrolplane,Neutronserverhastodealwitheverycomputenodewithoutanyoffload
o NodatabaseinquirycachesupportedfortheDatabasewhichtremendouslyincreasedDatabasereadpressure
o SQLAlchemyDatabasetoolkitdesigninneutroncodeaddsDatabasepressureandMetadatacachinginefficiency
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
SDNforadiverseApplica1onWorld
ItsnotjusttheVMandOpenStackanymore,or?
17/08/16
10
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
Physicalservers VirtualMachines Containers PublicCloud
VSP=Policy-DrivenVirtualizedNetworkingforallEnvironments
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
Samepoliciesandtemplatescanbeusedacrossanyendpoint:OpenStackVMs,Containers,PaaSorPhysical
L3Service“FrontEnd”withSecurity“High”,NAT,BW=10Mbps,QoS“Silver”
L2Service“SQL”withSecurity“Medium”,nopublicaccess,QoS“Gold+”
DOCKERContainers KVMVirtualMachines Physical&Baremetals
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
SDNREQUIRMENTSFORcontainers§ IntegrateswithDeveloperandOpera\onsworkflows§ Supportshybridapplica\onenvironmentswithcontainers,VMs
andBMSs§ AssignIPaddressestoContainers(no-NATing)§ GranularSecurityPolicyframework§ Highperformancesolu\onthatconvergesquicklyduringpeak
containerac\va\on/deac\va\onevents
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
Nuage3rdPartyArchitectureHowtoimproveallofthat?
17/08/16
14
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
UseCases:
17/08/16
15
CloudInfrastructureFramework
FWaaS
LBaaS
(X)aaSIntegra1onFramework
HybridCloud
Connect
VPNaaS
ProgrammableDataPlane
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
DemoOverview1/2
17/08/16
16
§ SetupbasedonOpenStackLibertytogetherwithNuage4.0
§ NonHASetup
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
Demo/QnA
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
ThenewlyannouncedvspkandassociatedtoolsarenowavailableonGitHubandPIP:hups://github.com/nuagenetworks
NuageNetworksCommunityForums
CONFIDENTIAL-SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY–USEPURSUANTTOCOMPANYINSTRUCTION
©2016Nokia.Allrightsreserved.NuageNetworksisaNokiaventure.
17/08/16
19
THANKYOU