openstack and the transformation of the data center - lew tucker

OpenStack and the Transformation of the Data Center

Lew Tucker, VP/CTO Cloud Computing, Cisco @lewtucker

OpenStack Summit – Atlanta, May 2014

2© 2014 Cisco and/or its affiliates. All rights reserved. Source: Cisco Visual Networking Index

2016 20202017

71% of apps will run on virtual

machines

2/3 of all mobile

traffic will be video

50 billion connected devices

The Growth of the Internet Is Impacting All Aspects of IT

More data created this year than in the past

50002012

Mobile

Internetof

Things

New Breed of Apps

Cloud

3© 2014 Cisco and/or its affiliates. All rights reserved.

IT World Becoming Increasingly Complex

Systems of

Record to

Systems of

Engagement

- Geoffrey Moore

http://www.slideshare.net/rstrad1/moore-digitalimpact

Devices Collaboration

Software & Apps

NetworkIT Infrastructure

& Platform Services


Internet of Things to Internet of Everything

Smart Grid Smart Buildings

Smart Factories

SF City ParkingSpaces

(open source data)

Connecting, sensing, measuring, and controlling in real time improves reliability, cost, and alignment of supply and demand


New Technologies Driving a Virtuous Cycle of Innovation

CLOUD

BIG DATA

INTERNET OF THINGS

SDN

Volume Velocity Variety


Design It

Code It Where Can We Put It?

Procure It Install It Configure It

Secure It

Push It

The Promise of Cloud ComputingFrom 8 Weeks to 15 Minutes

Continuous Deployment

… with Elastic Scaling


06 07 08 09 10 11 12 130%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%Datacenter Spending (%) Over Time

Server Spending Standalone Servers - Mgnt & AdminVirtual Servers - Mgnt & Admin Power & Cooling Expense

Source: IDC, 2011 “New Economic Model for the Datacenter”

• Operating expenses represent over 80% of data center spending

• OpEx increase driven by server virtualization

• New models are needed

Management (OpEx) Expenses Growing

8© 2014 Cisco and/or its affiliates. All rights reserved. Source: Heavy Reading - Where Networks Meet IT

IT Administrators Face a Tidal Wave of Innovations

Network Functions Virtualization

(NVF)

OpenStack

Programmability

OpenFlow

Virtualization

SDN

Abstraction Orchestration

APIs

Cloudification

Data Centers

Network OS

X86

Hypervisor

Automation

And the Data Centerskeep Growing


OpenStack Heralds the Creation of a New Layer in Software Stack That Spans the Entire Data Centers

Unified Compute, Storage, Networking Infrastructure - Physical + Virtual

OpenStack Network Service

OpenStack Compute Service OpenStack Storage Service

User App-1

User App-2

UserApp-3

PaaS Service

User App-3


Salt

Puppet

Chef

Ansible

Git GerritJenkins

CI/CD

Software and Automation – Driving Speed and Agility


Software-Defined Networking – Overlay Networking

Leaf

Spine

Servers

VPNs/Public Internet

Edge Routers

Scale Out Core

. .. .

Virtual Access Layer

vSwitch

VM

VM

VM

vSwitch

VM

VM

VM


OpenStack Platform: Services and APIs

NovaCompute

HeatOrchestration

Glance Image

Storage

SwiftStorage

NeutronNetworking

KeystoneSecurity

OpenStack Design PrincipleBuilt as a set of loosely coupled, related projects developing advanced cloud services

• Each service driven by community projects with contributions from many companies

• Easier for innovation through addition of new services

• Small number of core services

• Larger number of associated services

Meanwhile, a Revolution Was Happening in Networking…

OpenFlow

• Protocol which would allow software running on servers to direct the flow of packets in a network

• Separation of control and data planes

ServerVirtualization

• Created need

for virtual switches on each server

• Vmware, Cisco Nexus 1000v, Open vSwitch

VirtualizedNetworkServices

• Firewall, load-balancing, VPN

• Network service orchestration

NetworkController

• Lots of activity around creating new SDN controllers

• Open source projects: Open Daylight


Network Functions Virtualization (NFV) Provides Dynamically Scalable Services

AT&T, BT, Orange, Telecom Italia, Telefonica, Telstra, Verizon…


OpenStack Networking Evolved

Nova Networking

• Simple, flat networking• Contained within Nova

service• Difficult to accommodate

rapid changes happening in networking

Neutron Networking

• Treat networking as a separate service

• Designed to hide specific vendor/technology implementation choices from the developer’s APIs and abstractions

• Being extended to include network services and heterogeneous environments


OpenStack Neutron Networking Service

Network Service (Neutron) API

Network ServiceNetwork abstraction definition and management

No actual implementation of abstraction

Plugin API

API Extensions

Vendor Plug-InsLinux Bridge, Open vSwitch, Cisco, Big Switch, Brocade, Cloudbase, Mellanoz, Midonet, NEX, PLUMgrid, Ryu, Vmware NSX ….

Vendor/User Plug-In

Implementation of abstractions

Virtual or physical

Extended APIs

OpenStack Neutron ML2 Architecture

Neutron Server

DHCP Agent

L3 Agent

Message Queue

REST API

Neutron Core plugins

ML2

Cis

co (

Nexu

s,

N1

Kv)

OV

S

More

ven

dor

plu

gin

s

Type Drivers Mechanism Drivers

VLA

N

GR

E

VX

LA

N

Cis

co N

exu

s

OV

S

Op

en

DayLi

gh

t

APIC

Neutron Service plugins

Load

B

ala

nce

r

Fire

wall

VPN

HA

Pro

xy

IPTa

ble

s

Op

en

Sw

an

• Core + Extension REST APIs

• Message queue for communicating with neutron agents

• Core and service plugins

• Different vendor core plugins

• Different network technology support

• ML2 plugin with type and mechanism drivers

• Service plugins with backend drivers

IPTables on

Network Node

Core APINetwork Port Subnet

Resource and Attribute Extension APIProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS ….

L2 Agent

OVS on Compute

Node

Southbound Interfaces

L3 S

erv

ices

Futures

More

ven

dor

dri

vers

OpenStack Neutron ML2 Architecture

Neutron Server

REST API

Neutron Core plugins

ML2

Cis

co (

Nexu

s,

N1

Kv)

OV

S

More

ven

dor

plu

gin

s

Type Drivers

Mechanism Drivers

VLA

N

GR

E

VX

LA

N

Cis

co N

exu

s

OV

S

Op

en

DayLi

gh

t

APIC

Neutron Service plugins

Load

B

ala

nce

r

Fire

wall

VPN

HA

Pro

xy

IPTa

ble

s

Op

en

Sw

an

• Core + Extension REST APIs

• Message queue for communicating with neutron agents

• Core and service plugins

• Different vendor core plugins

• Different network technology support

• ML2 plugin with type and mechanism drivers

• Service plugins with backend drivers

Core APINetwork Port Subnet

Resource and Attribute Extension APIProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS ….

Southbound Interfaces

L3 S

erv

ices

Futures

More

ven

dor

dri

vers


Neutron Networking for Tenant Isolation

Networks

Tenant Networks

Admin Provider Networks

VLAN

VXLAN

GRE

vSwitch

ToR/Fabric

vSwitch, ToR

vSwitch

Network Type Network Segmentation Scheme for Tenant Isolation

Device Implementing Network Segmentation Scheme

Direct Device Configuration

Device Configuration

through Controller

Neutron Plugin/Driver


Neutron Networking for Layer 3 Services

Networks

Tenant Networks

Admin Provider Networks

Linux Host

Service VM’s

Provisioned

Externally

Network Type

Device implementing Advanced Service

Direct Device Configuration

Device Configuration

through Controller

Neutron Plugin/Driver

vSwitch, ToR

Routers

Neutron Resource


Neutron Cisco CSR1000v for Neutron VPN Service

VPN

VMs on Compute

Nodes

CSR1Kv VM

Neutron Server

Neutron Service Plugin (VPN)

Cisco VPN Service Driver

VPN Agent

Cisco VPN Device Driver

REST API

Benefits

• CSR1Kv secure VPN qualified solution

• Unlock rich CSR1Kv features into OpenStack

Router

10.1.0.4

10.1.0.1

172.24.4.11

VM

10.2.0.4

VM

Router

Network

Network

10.2.0.1

172.24.4.21

CSR1Kv

172.24.4.23

10.2.0.6

Site to Site IPsec Tunnel

CSR1Kv

172.24.4.13

Private networkPrivate network

Public NetworkPublic Network

Site1 Site2


Server Virtualization

Virtual Switches

Storage Virtualization

NetworkVirtualization

Network Function

Virtualization

VMs and Containers

Network Controllers

Object Storage Services

Block Storage Services

OpenStack Platform for the New Data Center

OpenStack Cloud Platform Services

ApplicationsUser Apps System Apps

Orchestration

Provisioning Metering MonitoringIdentity


System administration apps and services orchestrating the infrastructure – YES

User-facing applications?

Is there an easier way to realize developer’s intent without becoming a network administrator?

Do Applications Really Want to Program the Network?


Typical 3-Tier Application Design Pattern

Web Tier

Web ServerVM

Web ServerVM

Web ServerVM

PublicInternet

App ServerVM

App ServerVM

MemCacheVM

App-Server Tier

DatabaseVM

DatabaseVM

Database Tier

Want to connect web servers to public Internet, while blocking outside access to application and database servers

Load Balance Across Web Servers Protect VMs with Security Group Rules

Create Networks, Routers


Developer’s Intent: Control Access, Direct Traffic

Web Tier

Web SvrVM

Web SvrVM

Web SvrVM

PublicInternet

App SvrVM

App SvrVM

MemCacheVM

App Server Tier

DataBaseVM

DataBaseVM

Database Tier

Policy PolicyPolicy

PerformanceSecurityScalabilityAvailability



Consistency, Repeatability


Group-based Policy Abstractions Developed by the Community

https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction

Blueprint Contributors:• Nuage, Juniper, IBM, Big Switch, One Convergence, Red Hat, Mirantis, Midokura,

Cisco

28

EXTENDING OPENSTACK NEUTRON API’S

NEUTRON ROUTER

SECURITY GROUP

NEUTRON NETWORK

Neutron API Group Policy API

NEU

TRO

N

NET

WO

RK

Port

Port

Tenant Tenant

Use Existing Neutron APIs with APIC and Cisco ACI

Contract

GROUP

SERVICE CHAIN

GROUP

Group Policy introduces a new API that maps to the ACI policy model

29

SEPARATING TENANT POLICIES FROM OPERATIONS

2

ACI Admin(Manages Network

Operations and Infrastructure)

L/B

EPG APP

EPG DBF/WL/B

EPG WEB

Application Network Profile

Create Application Policy

3

5 ACI Fabric

Push Policy

APIC

OpenStack Tenant

(Manages Tenant and Application

State only)

Instantiate VMs

Web WebWebWeb AppApp4

Create Application Network Profile

1

DB DB

HYPERVISOR HYPERVISOR HYPERVISOR

NOVANEUTRON

Automatically Push Network Profiles to AFC

L/B

EPG APP

EPG DBF/WL/B

EPG WEB

Application Network Profile

Application Policy Infrastructure Controller

30

OPENSTACK + CISCO’S APPLICATION POLICY CONTROLLER

NEUTRON ROUTER

SECURITY GROUP

Web WebWebWeb AppApp DB DB


NEUTRON NETWORK

APIC

Web WebWebWeb AppApp DB DB


Contract Contract Contract

DBAPPWEBADC

F/WADC

APIC

APIC PluginAPIC Plugin OVS Plugin

NeutronNetworking

APIC PluginGroup Policy

Plugin OVS Plugin

NeutronNetworking

APIC PLUGIN GROUP POLICY PLUGIN

31

https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction

Thursday, May 15: 1:30 – 2:10

B309IBM, Cisco,

Midokura

Wednesday, May 14:3:30-4:10B309

KEY SESSIONS: NEUTRON NETWORKING IN AN APPLICATION-CENTRIC WORLD


The Landscape has changed

We’ve moved from mainframes with dumb terminals to cloud-based apps, smart phones, and devices

Cloud-native apps at scale span multiple availability zones and geographies

Any app, anywhere, any device

The Vanishing Data Center and the InterCloud


Multi-tenancy, dynamic provisioning, and elasticity is the new normal

Applications are continuously deployed and released

DevOps turns infrastructure into code



Data centers are becoming nodes in a larger, global graph

Computing and distributed storage is moving to the edge

How will this change the concepts of traditional networks?

What is meant by a cloud when they themselves become part of an Intercloud?


Thank you.

openstack and the transformation of the data center - lew tucker

Technology