orchestration: accelerate deployments and reduce
TRANSCRIPT
Orchestration: Accelerate Deployments and Reduce Operational RiskNathan Pearce, Product Development SA Programmability & Orchestration Team
© 2016 F5 Networks
Industry Trends
Customer Journey
Use Cases
Agenda
3
1
2
3
F5 Programmability& Orchestration
© 2016 F5 Networks
Programmability and Orchestration Portfolio
5
iControl SOAP (BIG-IP)
iControl REST (BIG-IP & iWorkflow)
REST Framework Extensibility iApps
iApps
TMSH
iCall
Management/Orchestration Plane
iWorkflow
Key Trends
Customers Need a New Answer
+
Customers Need a New Answer
Agile Dev
Driver: Rapid development of customer desired applications.
Driver: Rapid deployment. Accelerate time to market.
DevOps
Driver: Operationalize the Network. Accelerate time to market.
SDN
Driver: Production deployment of L2–7 Services
+Programmable Infrastructure
Failed to Address:Rapid deployment and network operations.
Failed to Address:Network operations.
Failed to Address:L4–7 Services. ✓
Many Moving Parts
Many Moving Parts
ConnectivityServices FabricRouterSwitch
Connectivity ServicesL2–L3
Many Moving Parts
ConnectivityServices FabricRouterSwitch
Connectivity ServicesL2–L3
ADC ADC ADC
Application Services FabricACCESS &
IDENTITY FIREWALL CONTEXT
LOAD-BALANCING
GATEWAY SERVICES SECURITY
OPTIMIZATIONDDoSMOBILITY
ADC
Performance, Resilience, and Security Services
L4–L7
Many Moving Parts
ConnectivityServices FabricRouterSwitch
Connectivity ServicesL2–L3
Compute/Runtime PlatformVirtual
ServerVirtual Server
Linux Container
Linux Container
Virtualization/Abstraction ServicesCompute
ADC ADC ADC
Application Services FabricACCESS &
IDENTITY FIREWALL CONTEXT
LOAD-BALANCING
GATEWAY SERVICES SECURITY
OPTIMIZATIONDDoSMOBILITY
ADC
Performance, Resilience, and Security Services
L4–L7
Many Moving Parts
StackApp
ServerWeb
ServerMicro-
servicesMicro-
services
App Server, Web Servers, Micro-ServicesApp Stack
ConnectivityServices FabricRouterSwitch
Connectivity ServicesL2–L3
Compute/Runtime PlatformVirtual
ServerVirtual Server
Linux Container
Linux Container
Virtualization/Abstraction ServicesCompute
ADC ADC ADC
Application Services FabricACCESS &
IDENTITY FIREWALL CONTEXT
LOAD-BALANCING
GATEWAY SERVICES SECURITY
OPTIMIZATIONDDoSMOBILITY
ADC
Performance, Resilience, and Security Services
L4–L7
Many Moving Parts
Enterprise Platform
StackApp
ServerWeb
ServerMicro-
servicesMicro-
services
App Server, Web Servers, Micro-ServicesApp Stack
ConnectivityServices FabricRouterSwitch
Connectivity ServicesL2–L3
Compute/Runtime PlatformVirtual
ServerVirtual Server
Linux Container
Linux Container
Virtualization/Abstraction ServicesCompute
ADC ADC ADC
Application Services FabricACCESS &
IDENTITY FIREWALL CONTEXT
LOAD-BALANCING
GATEWAY SERVICES SECURITY
OPTIMIZATIONDDoSMOBILITY
ADC
Performance, Resilience, and Security Services
L4–L7
Shifting Influence
Application
Cloud
Infrastructure
© 2016 F5 Networks
Increasing Collaboration
10
Paula Marco
Data Center(s)
Load BalancingDDoS Protection
Firewall
RBAC
ITSM
© 2016 F5 Networks
Increasing Collaboration
10
Paula MarcoIS MY APP HEALTHY?
Data Center(s)
Load BalancingDDoS Protection
Firewall
RBAC
ITSM
© 2016 F5 Networks
Increasing Collaboration
10
Paula MarcoIS MY APP HEALTHY? N/W SERVICES HEALTHY?
Data Center(s)
Load BalancingDDoS Protection
Firewall
RBAC
ITSM
© 2016 F5 Networks
Increasing Collaboration
10
Paula
NEW APP DEPLOYMENT
APP CLONING
APP SERVER OPERATIONS
REPORTING/PLANNING
MarcoIS MY APP HEALTHY? N/W SERVICES HEALTHY?
Data Center(s)
Load BalancingDDoS Protection
Firewall
RBAC
ITSM
© 2016 F5 Networks
Increasing Collaboration
10
Paula
NEW APP DEPLOYMENT
APP CLONING
APP SERVER OPERATIONS
REPORTING/PLANNING
Marco
N/W INFRA MGMT
L4-L7 N/W SVC MGMT
ACCESS CONTROL
CONFIG & CHANGE MGMT
IS MY APP HEALTHY? N/W SERVICES HEALTHY?
Data Center(s)
Load BalancingDDoS Protection
Firewall
RBAC
ITSM
© 2016 F5 Networks
Increasing Collaboration
10
Paula
NEW APP DEPLOYMENT
APP CLONING
APP SERVER OPERATIONS
REPORTING/PLANNING
Marco
N/W INFRA MGMT
L4-L7 N/W SVC MGMT
ACCESS CONTROL
CONFIG & CHANGE MGMT
IS MY APP HEALTHY? N/W SERVICES HEALTHY?
TRADITIONAL DC PUBLIC CLOUD HYBRID DC, SDDC
Data Center(s)
Load BalancingDDoS Protection
Firewall
RBAC
ITSM
© 2016 F5 Networks
Increasing Collaboration
10
Paula
NEW APP DEPLOYMENT
APP CLONING
APP SERVER OPERATIONS
REPORTING/PLANNING
Marco
N/W INFRA MGMT
L4-L7 N/W SVC MGMT
ACCESS CONTROL
CONFIG & CHANGE MGMT
IS MY APP HEALTHY? N/W SERVICES HEALTHY?COLLABORATION
TRADITIONAL DC PUBLIC CLOUD HYBRID DC, SDDC
Data Center(s)
Load BalancingDDoS Protection
Firewall
RBAC
ITSM
Operational Evolution
© 2016 F5 Networks
Programmability Evolution Phases
12
Phase 1: Automating Tasks
Automating deployment of services by leveraging APIs/SDKs/Services Templates in order to drastically cut down service/app provisioning time, while reducing exposure to risk.
Phase 2: Collaboration/Integration
Infrastructure teams looking to implement services deployment orchestration leveraging on phase 1 task automation. Introducing orchestration tools/systems. Potentially investigating self-service.
Phase 3: Continuous Delivery
Extending the continuous deployment pipeline to include programmable infrastructure. Deployment using DevOps tools. Full-stack integration. Self-service.
Phase 1: Automating Tasks
Phase 1: Accelerate Configuration
Application Resource consumers
Cloud Resource management/presentation
Infrastructure Hardware: physical/virtual
Phase 1: Large Manufacturer
iWorkflow presents iApps as an API- or GUI-driven catalog of Service Templates for: • Simple instantiation and integration for MANO/SDN
Service Templates (F5 iApps) encapsulate complex configuration policies: • Faster deployments, reduced risk, simple integration
IT mandate: Reduce application instantiation from 90 days to 90 minutes In 10 days without any assistance from F5 • Implemented Service Templates for most applications utilizing the new App Services iApp • Managed solution with the iWorkflow API and Device capabilities
F5.http
Other…
Other…
Other…
Admin
App Services Templates
iApps
iWorkflow ADC ADC ADC
L4–7 App Services
Services Catalogue
Phase 2: Collaboration/Integration
Phase 2: Present Resources
Application Resource consumers
Cloud Resource management/presentation
Infrastructure Hardware: physical/virtual
Control Management
Plane
Data Plane
Phase 2: High-Level Controller/Orchestrator Integration
NVGREVXLANLAYER 2–4
Stateless FabricF5 L4–7 SDASStateful Fabric
BIG-IP PLATFORM
iWorkflowOrchestrator/ Controller/Portal
ICONTROL REST
ICONTROL REST
SecurityAccess
and Identity
Mobility
PerformanceAvailability
Control Management
Plane
Data Plane
Phase 2: High-Level Controller/Orchestrator Integration
NVGREVXLANLAYER 2–4
Stateless FabricF5 L4–7 SDASStateful Fabric
BIG-IP PLATFORM
iWorkflowOrchestrator/ Controller/Portal
ICONTROL REST
1
ICONTROL REST
SecurityAccess
and Identity
Mobility
PerformanceAvailability
Control Management
Plane
Data Plane
Phase 2: High-Level Controller/Orchestrator Integration
NVGREVXLANLAYER 2–4
Stateless FabricF5 L4–7 SDASStateful Fabric
BIG-IP PLATFORM
iWorkflowOrchestrator/ Controller/Portal
ICONTROL REST
1
ICONTROL REST2
SecurityAccess
and Identity
Mobility
PerformanceAvailability
Control Management
Plane
Data Plane
Phase 2: High-Level Controller/Orchestrator Integration
NVGREVXLANLAYER 2–4
Stateless FabricF5 L4–7 SDASStateful Fabric
BIG-IP PLATFORM
iWorkflowOrchestrator/ Controller/Portal
iApps
ICONTROL REST
1
3
3
ICONTROL REST2
F5 iAppCatalog
BIG-IP Operations
RBAC/Self-Serve
Performance Visibility
REST APIs/Connector
Device Package
SecurityAccess
and Identity
Mobility
PerformanceAvailability
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
F5 Fabric
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
Device Package
F5 Device Package Release 1.2 Deployment Model
Static Integration via Device Package1: Download device package from F5
downloads.f5.com1
F5 Fabric
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
F5 Device Package Release 1.2 Deployment Model
Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC
downloads.f5.com 21
F5 Fabric
Device Package
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
F5 Device Package Release 1.2 Deployment Model
Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC3: APIC sends config. to BIG-IP product directly
downloads.f5.com
3
21
F5 Fabric
Device Package
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
F5 Device Package Release 1.2 Deployment Model
iWorkflow
iWorkflow Integration with Cisco ACI
1
Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)
Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC3: APIC sends config. to BIG-IP product directly
downloads.f5.com
3
21
F5 Fabric
Device Package
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
F5 Device Package Release 1.2 Deployment Model
iWorkflow
iWorkflow Integration with Cisco ACI
1
2
Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)2: iWorkflow creates custom device package (by modifying the iApp template[s])
Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC3: APIC sends config. to BIG-IP product directly
downloads.f5.com
3
21
F5 Fabric
Device Package BIG-IQ
Device Package
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
F5 Device Package Release 1.2 Deployment Model
iWorkflow
iWorkflow Integration with Cisco ACI
1
2
Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)2: iWorkflow creates custom device package (by modifying the iApp template[s])3: Admin import iWorkflow device package to APIC
Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC3: APIC sends config. to BIG-IP product directly
downloads.f5.com
3
321
F5 Fabric
Device Package iWorkflow
Device Package
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
F5 Device Package Release 1.2 Deployment Model
iWorkflow
iWorkflow Integration with Cisco ACI
1
2
4a
Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)2: iWorkflow creates custom device package (by modifying the iApp template[s])3: Admin import iWorkflow device package to APIC4a: APIC sends iApp config to iWorkflow ! BIG-IP product
Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC3: APIC sends config. to BIG-IP product directly
downloads.f5.com
3
321
F5 Fabric
Device Package iWorkflow
Device Package
APCI
F5 BIG-IP and iWorkflow Integration Models with Cisco ACI
ACI Fabric Virtual Edition Appliance Chassis
F5 Device Package Release 1.2 Deployment Model
iWorkflow
iWorkflow Integration with Cisco ACI
1
2
4a
Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)2: iWorkflow creates custom device package (by modifying the iApp template[s])3: Admin import iWorkflow device package to APIC4a: APIC sends iApp config to iWorkflow ! BIG-IP product 4b: APIC sends Device config. to BIG-IP product
Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC3: APIC sends config. to BIG-IP product directly
downloads.f5.com
3
32
4b
1
F5 Fabric
Device Package iWorkflow
Device Package
F5 BIG-IP and iWorkflow Integration with VMware NSX
Challenges • Operational agility at the network services (Application Delivery
Networking [ADN]) layer • Operational agility for application-specific services for
acceleration, availability, and security (a rich layer 7 protocol) • Delivering a consistent consumer experience without
consuming IT resources better spent on strategic projects
Solution • Rapidly deliver layer 2–7 network and software-defined
application services in the software-defined data center (SDDC)
• Integration between F5 and VMware NSX eliminates the disconnect between network service management and application delivery service management
• Simplify operations for a single management solution • Increase efficiency by pooling and optimizing resources • Speed time to market and automate repeatable tasks
Application Workloads
Deploying L3–L7 Services
Cloud Management & Orchestration
Application Services
NSX Manager
NSX Management
Generic Platform
iApps
User
Generic Platform
Admin
BIG-IP
Platform
iWorkflow
NSX Edge
NSX vSwitch
LBaaSv1.0.10Functionality Overview
F5 LBaaS Agent
iControl ADC Provisioning
Throughput Total Throughput (in)
Throughput (out) Connections
Tenants Nodes
Route Domains VLANs Tunnels
SSL TPS Profile Count
Capacity Metrics
Cap
acity
Pol
icy
Inte
lligen
t Loa
d P
lace
men
t
Tena
nt
AD
C P
aram
eter
s D
ev/T
est/P
rod
Heat(Orchestration)
CLI
Horizon (GUI)
LBaa
S A
PI
TEST
ScaleN Cluster
TEST
ScaleN Cluster
DEV
HA Pair
PRODUCTION
ScaleN VIPRION Cluster
PRODUCTION
ScaleN VIPRION Cluster
Cap
acity
Mea
sure
men
t
API Scope • VIP/Pool/Pool members • Health monitors (ICMP, TCP, HTTP, HTTPS) • Session persistence (source IP, HTTP cookie, app-provided cookie) • Method (least connections, round robin) • Statistics (bytes in/out, active connections, total connections)
F5 Extensions • Differentiated environments (production, test or dev)
Global Routed ModeFor Edge Routed Networks—Multi-Tenant from L4–L7 Only
• Simplest form of deployment • BIG-IP platform assumes that all layer 3 and layer 2 is already provisioned • Each tenant can create LBaaS services and provide VIPs and pool members • Designed for environments, typically without VXLAN or GRE
LBaaS Agent
Compute Nodes VIPRION 4480
iControl VIP, pool and monitor CRUD. Multi-tenant.
Layer 2 Adjacent ModeBIG-IP platform with support for VLANs, GRE, and VXLAN
• BIG-IP platform participates in the tenant VLAN or tunnel (using VXLAN or GRE) • Automatic population with tunnel information when an LBaaS service is created for a tenant • Most typical use case for an SDDC
Native layer 2 for each tenant using VXLAN/GRE.
Compute Nodes VIPRION 4480
LBaaS Agent
iControl VIP, pool and monitor CRUD. Multi-tenant.
Tenant Network Data (Layer 2 Endpoints, SNI, Tunnel type, etc.)
Phase 3: Continuous Delivery
Phase 3: Self-Service
Application Resource consumers
Cloud Resource management/presentation
Infrastructure Hardware: physical/virtual
Enterprise Platform
StackApp
ServerWeb
ServerMicro-
servicesMicro-
services
App Stack
ConnectivityServices FabricRouterSwitch
L2–L3
Compute/Runtime PlatformVirtual
ServerVirtual Server
Linux Container
Linux Container
Compute
ADC ADC ADC
Application Services FabricACCESS &
IDENTITY FIREWALL CONTEXT
LOAD-BALANCING
GATEWAY SERVICES SECURITY
OPTIMIZATIONDDoSMOBILITY
ADC
L4–L7
Phase 3: Integrated Management
Policy
Admin
Orchestrator iWorkflow
Questions?
Recap
Take a look at iWorkflow:https://DevCentral.f5.com/iWorkflow
Identify/understand the shift in influenceApplication
Cloud
Infrastructure
• Add class to your personal schedule.
• Survey will pop up in Mobile App. • Answer the multiple choice. • Submit your question to complete. • Receive 5 points!
Give Feedback – Get Points!