opnfv use case: vpn in the cloud
TRANSCRIPT
Application Home-grown Python Code
Front End Back End /User Portal
Sharing VPN Meta-Data over Facebook
Orchestration/Dispatching
Bootstrap/Get Started (BGS) • The main goal of BGS is to assemble and test a base set of infrastructure
components for OPNFV.
• This project achieved that by supporting two deployers for OPNFV Arno, we used Fuel for building our infrastructure.
5
Virtual Infra Manager
REST API RESTConf
SDN Controller
Application
OpenStack OpenDayLight
Front End Back End
Sharing VPN Meta-Data over Facebook
Orchestration/Dispatching
BGS/OPNFV Deployer
/User Portal
Virtual Infra Manager
REST API RESTConf
Netconf/Yang
SDN Controller
VNF
Application
OpenStack OpenDayLight
Front End Back End
Sharing VPN Meta-Data over Facebook
Orchestration/Dispatching
VPN Termination
BGS/OPNFV Deployer
/User Portal
8
App/ Portal
Open Stack
OpenDayLight
1 2 3 4 5 6 7 8 9
Request VPN service
VNF/Router
Instruct ODL to provision VNF
User Facebook
Peer Picking
Peer Picked
Spin up VNF
Provision IPSec
Report addressing and preshared key
Post addressing and Password
IPSec Tunnel Established
9
ü Picking Peer from Facebook for rapid, painless setup *
* Inspired by Cedric Dessez, https://www.ietf.org/proceedings/87/slides/slides-87-homenet-6.pdf
10
App/ Portal
Open Stack
OpenDayLight
1 2 3 4 5 6 7 8 9
Request VPN service
VNF/Router
Instruct ODL to provision VNF
User Facebook
Peer Picking Peer Picked
Spin up VNF
Provision IPSec
Report addressing and preshared key
Post addressing and Password
IPSec Tunnel Established
11
client_manager.compute.servers.create(’router', image, flavor, key_name=keypair.name, nics=[{'net-id': network.id}])
http://<api-server>/servers REST Calls
Python SDK
Nova Server
Hypervisor (KVM, etc)
VNF
RESTful API
Create a VM
12
App/ Portal
Open Stack
OpenDayLight
1 2 3 4 5 6 7 8 9
Request VPN service
VNF/Router
Instruct ODL to provision VNF
User Facebook
Peer Picking
Peer Picked
Spin up VNF
Provision IPSec
Report addressing and preshared key
Post addressing and Password
IPSec Tunnel Established
13
Nova Server
Appl/ Portal
ODL
VNF / Router
list node-subnets { description "IP and mask behind route"; key "ip inv-mask"; leaf ip {type inet:ipv4-address;} leaf inv-mask {type inet:ipv4-address;} } list shared-key { key shared-key; leaf shared-key {type string;} leaf peer-address {type inet:ip-address;} }
YANG Model
/restconf/data/ipsec-service:ipsec/ <list name>/ <key value(s)>
RESTConf
{ “ipsec-service:node-list” : [ { “node-name”: “vRouter”, “node-ip”: “X.X.X.X” } ] }
JSON
14
App/ Portal
Open Stack
OpenDayLight
1 2 3 4 5 6 7 8 9
Request VPN service
VNF/Router
Instruct ODL to provision VNF
User Facebook
Peer Picking
Peer Picked
Spin up VNF
Provision IPSec
Report addressing and preshared key
Post addressing and Password
IPSec Tunnel Established
15 Peer 1
crypto isakmp key KEY address x.x.x.x ! crypto ipsec transform-set TS esp-des esp-md5-hmac ! crypto map CRYPTO 10 ipsec-isakmp set peer y.y.y.y set transform-set TS match address Spoke ! interface TenGig0/0 ip address x.x.x.x 255.255.255.0 crypto map CRYPTO
CLI Config
Peer 2
“Open source propagates to fill all the nooks and crannies that people want it to fill.”
Mitch Kapor Founder of Lotus, Co-Founder EFF
• In 1995, I almost lost my hair, building a Slackware server.
• In 2005, I lost my hair, building/coding a Linux Jumpserver.
• In 2015, We built a VPN in the Cloud server in a few days.
18
Open Source Made it possible
With BGS : • Install scripts for automated deployment of
the test setup.
• Comprehensive source-to-tested-deployment script for running the entire system start to end.
Task Time Installing Infra(Arno/Fuel)
1 Day
• APIs coming to networking, took networking out of its Silo.
• Now Applications can easily control and interact with Networking.
• Opening up the possibility to a wide range of use cases.
20
Task Time Write PoC Code* 3 Days
* Without Facebook App/Front End.
I need REST APIs