implementing vcpe with openstack and software defined networks
TRANSCRIPT
OpenStack Summit | Austin, TXImplementing vCPE with OpenStack and SDN
Copyright © PLUMgrid, Inc. 2011-20162
IntroductionSpeaker(s)
Sr Director Product & Solution Marketing, PLUMgrid
AlariaValentina
Strategy & Content, Canonical
BaumanBill
Solution Architect,Canonical
GonzalezRafael
3
Intro to Canonical & PLUMgrid Solutions
Copyright © PLUMgrid, Inc. 2011-2016
Reusable operational componentsFaster. Smarter. Better. Everywhere.
Open source application modelling
reuse requires encapsulatione.g. deb, rpm
Copyright © PLUMgrid, Inc. 2011-2016
“provides neutron-api-plumgrid”
“consumes neutron-api-plumgrid”
Charms declare “interfaces”
PLUMgrid/Neutron relationneutron-
api-plumgrid
neutron-api-plumgrid
neutron-api
plumgrid-edge nova-
cloud-controller
mysql
keystone
rabbitmq-server
PLUMgrid Charm
Neutron Charm
Copyright © PLUMgrid, Inc. 2011-2016
NFV-related Juju charms
Telco-specific vendors creating Juju charms of their VNFs
EurecomVantrix6WINDOpenCellTelestaxhSenid Mobile
• PLUMgrid ONS (vCPE)• Affirmed EPC• Expeto EPC• Metaswitch IMS, SDN• Genband• Nokia• Cisco• Spirent
Copyright © PLUMgrid, Inc. 2011-2016
Juju - Open Source Generic VNFM
Bundle
Universal Service Modeling (Juju)Universal Service Modeling (Juju)
generic VNFM (Jujun)
VIM1VIM1
VIM1VIMn
RIFT.io / OSM
App IM (Juju)
Charm(VNFDa)
Charm(VNFDb)
Charm(VNFDc)
NFViNFVi
NFViNFVin
VNFa
vCPE
Catalog
VNFc
EMS
NFV-O
API’sCLI
API’s
API’sCLI
NetOps IM (OSM)
Copyright © PLUMgrid, Inc. 2011-2016
the phase change of modern softwarescale, topology, momentum
this is the age of big software
Copyright © PLUMgrid, Inc. 2011-201610
PLUMgrid – Comprehensive Networking Offering Extensive software-only SDN and NFV solution for OpenStack® Clouds
Security & Compliance Support with built-in isolation, micro-segmentation via Virtual Domains & BYO service
Operational tools with proactive visibility & analytics (powered by CloudApex)
Virtual networks provisioned by users
Scalable, distributed & highly available architecture enables Production Deployments
Copyright © PLUMgrid, Inc. 2011-201611
Behind the covers: IO Visor Project
BPF program written in C
Translated into eBPF instructions (LLVM)
Loaded in kernel and executed
Hooked at different levels of Linux Networking Stack
HW/veth/tap
TAP/Raw
driver
netif_receive_skb()
TC / traffic control
Bridge hook
IP / routing
Socket (TCP/UDP)
BPF
BPF
BPF
Copyright © PLUMgrid, Inc. 2011-201612
Virtual Domain
Dis
tribu
ted
Pol
icy
Enf
orce
men
t Zon
e
Edge Policy
Enforcement Point
Service Insertion Architecture
3rd party Network Function(FW/LB/IPS and others)
1. Firewall in L3 or TRANSPARENT mode, it IS seen from a topology point of view
2. ALL traffic goes through the Firewall
3. Tenant is aware that the Firewall is there
13
vCPE Challenges
Copyright © PLUMgrid, Inc. 2011-201614
Classic CPE modelCustomer Premises Equipment as a standalone device
• CPEs are standalone nodes• Complex software, prone to failure• Cheap hardware, prone to failure• Need to provide IPAM, QoS, FW, NAT, dynamic routing…• Can’t be easily upgraded or serviced
Service Provider’s PoP
15
Cloud vCPE Model
Copyright © PLUMgrid, Inc. 2011-2016
SDN / NFV modelSeparation of control and data planes
Control PlaneDeployed as virtualized software (optionally, in the cloud)
• “Remote control” of service from Telco premises• Easy to troubleshoot, patch or upgrade• CI/CD for Network software• Customer features developed independently of HW cycles
Data PlaneDeployed in a simplified version of the physical CPE
• “Passive” data plane• Commoditized hardware• “Evolved phone jack”• Less prone to failure
Copyright © PLUMgrid, Inc. 2011-2016
Cloud vCPE ModelMove all “VNFs” to the Cloud
• Device at the customer premises is a simple L2 switch• All L3-L7 functions virtualized and moved to the cloud
• Routing• Security• NAT• Multicast• QoS
DNS
Internet
Copyright © PLUMgrid, Inc. 2011-2016
Cloud vCPE Model ChallengesMove all intelligence and service enforcement to the cloud
• Virtualizing network functions brings significant improvements• Software economics and dynamics• Servicing and Operations• Upgrades
• But Metro networks and Home networks are very different: can we send all home traffic to/from the cloud for processing?• Broadcast storms• QoS / Aggregation / Contemption• UPNP, DLNA, NAT, Multicast for video… across the metro network?• Latency, Jitter• Security
• Loss of Internet connectivity anyone ?This is a LANThis is NOT a LAN!
DNS
Internet
19
Tethered Cloud vCPE Model
Copyright © PLUMgrid, Inc. 2011-2016
An improved virtual CPE model“Tethered CPE”: Local enforcement, remote control
Service Provider’s Cloud
• “Common network functions”: Local enforcement, remote control from the Service Provider cloud• (DHCP, IGMP/multicast, FW, NAT, BUM filtering, etc.)
• “Headless operation of data plane” – the CPE can keep working without a WAN connection• Combine with advanced third-party network functions instantiated in the the cloud to form a complete service
graph• Advanced Firewall• DPI• WAN optimization• Captive portal• CDN…
Control and command
Internet
Tethered CPEData Plane
Tethered CPEControl Plane
CDN Portal DPIWAN Op. Adv. FW
DEMO
21
Copyright © PLUMgrid, Inc. 2011-2016
vCPE Demo Logical TopologyCombining “Cloud VNFs” with “SDN VNFs”
Adv. FW
Provider Cloud (Ubuntu Openstack)
Internet
Customer Premises (CPE)
DPI
SDN VNFs: Purple icons represent virtual network functions implemented in the SDN layer. They’re fully distributed and run inside the kernel of the CPE and the Openstack compute nodesCloud VNFs: Orange icons represent third-party network functions implemented as Virtual Machines or Containers in userspace.
DPI
Portal
Access/MetroNetwork
Visit PLUMgrid @ C21 & Canonical @ A20
THANK YOU!