orchestration: accelerate deployments and reduce

Orchestration: Accelerate Deployments and Reduce Operational RiskNathan Pearce, Product Development SA Programmability & Orchestration Team

© 2016 F5 Networks

Industry Trends

Customer Journey

Use Cases

Agenda

3

1

2

3

F5 Programmability& Orchestration

© 2016 F5 Networks

Programmability and Orchestration Portfolio

5

iControl SOAP (BIG-IP)

iControl REST (BIG-IP & iWorkflow)

REST Framework Extensibility iApps

iApps

TMSH

iCall

Management/Orchestration Plane

iWorkflow

Key Trends

Customers Need a New Answer

+

Customers Need a New Answer

Agile Dev

Driver: Rapid development of customer desired applications.

Driver: Rapid deployment. Accelerate time to market.

DevOps

Driver: Operationalize the Network. Accelerate time to market.

SDN

Driver: Production deployment of L2–7 Services

+Programmable Infrastructure

Failed to Address:Rapid deployment and network operations.

Failed to Address:Network operations.

Failed to Address:L4–7 Services. ✓

Many Moving Parts

Many Moving Parts

ConnectivityServices FabricRouterSwitch

Connectivity ServicesL2–L3

Many Moving Parts



ADC ADC ADC

Application Services FabricACCESS &

IDENTITY FIREWALL CONTEXT

LOAD-BALANCING

GATEWAY SERVICES SECURITY

OPTIMIZATIONDDoSMOBILITY

ADC

Performance, Resilience, and Security Services

L4–L7

Many Moving Parts



Compute/Runtime PlatformVirtual

ServerVirtual Server

Linux Container

Linux Container

Virtualization/Abstraction ServicesCompute

ADC ADC ADC



LOAD-BALANCING



ADC


L4–L7

Many Moving Parts

StackApp

ServerWeb

ServerMicro-

servicesMicro-

services

App Server, Web Servers, Micro-ServicesApp Stack





Linux Container

Linux Container


ADC ADC ADC



LOAD-BALANCING



ADC


L4–L7

Many Moving Parts

Enterprise Platform

StackApp

ServerWeb

ServerMicro-

servicesMicro-

services

App Server, Web Servers, Micro-ServicesApp Stack





Linux Container

Linux Container


ADC ADC ADC



LOAD-BALANCING



ADC


L4–L7

Shifting Influence

Application

Cloud

Infrastructure

© 2016 F5 Networks

Increasing Collaboration

10

Paula Marco

Data Center(s)

Load BalancingDDoS Protection

Firewall

RBAC

ITSM

© 2016 F5 Networks


10

Paula MarcoIS MY APP HEALTHY?

Data Center(s)


Firewall

RBAC

ITSM

© 2016 F5 Networks


10

Paula MarcoIS MY APP HEALTHY? N/W SERVICES HEALTHY?

Data Center(s)


Firewall

RBAC

ITSM

© 2016 F5 Networks


10

Paula

NEW APP DEPLOYMENT

APP CLONING

APP SERVER OPERATIONS

REPORTING/PLANNING

MarcoIS MY APP HEALTHY? N/W SERVICES HEALTHY?

Data Center(s)


Firewall

RBAC

ITSM

© 2016 F5 Networks


10

Paula

NEW APP DEPLOYMENT

APP CLONING


REPORTING/PLANNING

Marco

N/W INFRA MGMT

L4-L7 N/W SVC MGMT

ACCESS CONTROL

CONFIG & CHANGE MGMT

IS MY APP HEALTHY? N/W SERVICES HEALTHY?

Data Center(s)


Firewall

RBAC

ITSM

© 2016 F5 Networks


10

Paula

NEW APP DEPLOYMENT

APP CLONING


REPORTING/PLANNING

Marco

N/W INFRA MGMT

L4-L7 N/W SVC MGMT

ACCESS CONTROL


IS MY APP HEALTHY? N/W SERVICES HEALTHY?

TRADITIONAL DC PUBLIC CLOUD HYBRID DC, SDDC

Data Center(s)


Firewall

RBAC

ITSM

© 2016 F5 Networks


10

Paula

NEW APP DEPLOYMENT

APP CLONING


REPORTING/PLANNING

Marco

N/W INFRA MGMT

L4-L7 N/W SVC MGMT

ACCESS CONTROL


IS MY APP HEALTHY? N/W SERVICES HEALTHY?COLLABORATION

TRADITIONAL DC PUBLIC CLOUD HYBRID DC, SDDC

Data Center(s)


Firewall

RBAC

ITSM

Operational Evolution

© 2016 F5 Networks

Programmability Evolution Phases

12

Phase 1: Automating Tasks

Automating deployment of services by leveraging APIs/SDKs/Services Templates in order to drastically cut down service/app provisioning time, while reducing exposure to risk.

Phase 2: Collaboration/Integration

Infrastructure teams looking to implement services deployment orchestration leveraging on phase 1 task automation. Introducing orchestration tools/systems. Potentially investigating self-service.

Phase 3: Continuous Delivery

Extending the continuous deployment pipeline to include programmable infrastructure. Deployment using DevOps tools. Full-stack integration. Self-service.

Phase 1: Automating Tasks

Phase 1: Accelerate Configuration

Application Resource consumers

Cloud Resource management/presentation

Infrastructure Hardware: physical/virtual

Phase 1: Large Manufacturer

iWorkflow presents iApps as an API- or GUI-driven catalog of Service Templates for: • Simple instantiation and integration for MANO/SDN

Service Templates (F5 iApps) encapsulate complex configuration policies: • Faster deployments, reduced risk, simple integration

IT mandate: Reduce application instantiation from 90 days to 90 minutes In 10 days without any assistance from F5 • Implemented Service Templates for most applications utilizing the new App Services iApp • Managed solution with the iWorkflow API and Device capabilities

F5.http

Other…

Other…

Other…

Admin

App Services Templates

iApps

iWorkflow ADC ADC ADC

L4–7 App Services

Services Catalogue

Phase 2: Collaboration/Integration

Phase 2: Present Resources




Control Management

Plane

Data Plane

Phase 2: High-Level Controller/Orchestrator Integration

NVGREVXLANLAYER 2–4

Stateless FabricF5 L4–7 SDASStateful Fabric

BIG-IP PLATFORM

iWorkflowOrchestrator/ Controller/Portal

ICONTROL REST

ICONTROL REST

SecurityAccess

and Identity

Mobility

PerformanceAvailability

Control Management

Plane

Data Plane




BIG-IP PLATFORM


ICONTROL REST

1

ICONTROL REST

SecurityAccess

and Identity

Mobility


Control Management

Plane

Data Plane




BIG-IP PLATFORM


ICONTROL REST

1

ICONTROL REST2

SecurityAccess

and Identity

Mobility


Control Management

Plane

Data Plane




BIG-IP PLATFORM


iApps

ICONTROL REST

1

3

3

ICONTROL REST2

F5 iAppCatalog

BIG-IP Operations

RBAC/Self-Serve

Performance Visibility

REST APIs/Connector

Device Package

SecurityAccess

and Identity

Mobility


APCI

F5 BIG-IP and iWorkflow Integration Models with Cisco ACI

ACI Fabric Virtual Edition Appliance Chassis

F5 Fabric

APCI



Device Package

F5 Device Package Release 1.2 Deployment Model

Static Integration via Device Package1: Download device package from F5

downloads.f5.com1

F5 Fabric

APCI




Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC

downloads.f5.com 21

F5 Fabric

Device Package

APCI




Static Integration via Device Package1: Download device package from F52: Admin import device package to APIC3: APIC sends config. to BIG-IP product directly

downloads.f5.com

3

21

F5 Fabric

Device Package

APCI




iWorkflow

iWorkflow Integration with Cisco ACI

1

Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)


downloads.f5.com

3

21

F5 Fabric

Device Package

APCI




iWorkflow


1

2

Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)2: iWorkflow creates custom device package (by modifying the iApp template[s])


downloads.f5.com

3

21

F5 Fabric

Device Package BIG-IQ

Device Package

APCI




iWorkflow


1

2

Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)2: iWorkflow creates custom device package (by modifying the iApp template[s])3: Admin import iWorkflow device package to APIC


downloads.f5.com

3

321

F5 Fabric

Device Package iWorkflow

Device Package

APCI




iWorkflow


1

2

4a

Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)2: iWorkflow creates custom device package (by modifying the iApp template[s])3: Admin import iWorkflow device package to APIC4a: APIC sends iApp config to iWorkflow ! BIG-IP product


downloads.f5.com

3

321

F5 Fabric


Device Package

APCI




iWorkflow


1

2

4a

Dynamic Integration: iWorkflow integration with APIC1: BIG-IP products expose iApps templates to iWorkflow (iApps reside on BIG-IP platform)2: iWorkflow creates custom device package (by modifying the iApp template[s])3: Admin import iWorkflow device package to APIC4a: APIC sends iApp config to iWorkflow ! BIG-IP product 4b: APIC sends Device config. to BIG-IP product


downloads.f5.com

3

32

4b

1

F5 Fabric


Device Package

F5 BIG-IP and iWorkflow Integration with VMware NSX

Challenges • Operational agility at the network services (Application Delivery

Networking [ADN]) layer • Operational agility for application-specific services for

acceleration, availability, and security (a rich layer 7 protocol) • Delivering a consistent consumer experience without

consuming IT resources better spent on strategic projects

Solution • Rapidly deliver layer 2–7 network and software-defined

application services in the software-defined data center (SDDC)

• Integration between F5 and VMware NSX eliminates the disconnect between network service management and application delivery service management

• Simplify operations for a single management solution • Increase efficiency by pooling and optimizing resources • Speed time to market and automate repeatable tasks

Application Workloads

Deploying L3–L7 Services

Cloud Management & Orchestration

Application Services

NSX Manager

NSX Management

Generic Platform

iApps

User

Generic Platform

Admin

BIG-IP

Platform

iWorkflow

NSX Edge

NSX vSwitch

LBaaSv1.0.10Functionality Overview

F5 LBaaS Agent

iControl ADC Provisioning

Throughput Total Throughput (in)

Throughput (out) Connections

Tenants Nodes

Route Domains VLANs Tunnels

SSL TPS Profile Count

Capacity Metrics

Cap

acity

Pol

icy

Inte

lligen

t Loa

d P

lace

men

t

Tena

nt

AD

C P

aram

eter

s D

ev/T

est/P

rod

Heat(Orchestration)

CLI

Horizon (GUI)

LBaa

S A

PI

TEST

ScaleN Cluster

TEST

ScaleN Cluster

DEV

HA Pair

PRODUCTION

ScaleN VIPRION Cluster

PRODUCTION

ScaleN VIPRION Cluster

Cap

acity

Mea

sure

men

t

API Scope • VIP/Pool/Pool members • Health monitors (ICMP, TCP, HTTP, HTTPS) • Session persistence (source IP, HTTP cookie, app-provided cookie) • Method (least connections, round robin) • Statistics (bytes in/out, active connections, total connections)

F5 Extensions • Differentiated environments (production, test or dev)

Global Routed ModeFor Edge Routed Networks—Multi-Tenant from L4–L7 Only

• Simplest form of deployment • BIG-IP platform assumes that all layer 3 and layer 2 is already provisioned • Each tenant can create LBaaS services and provide VIPs and pool members • Designed for environments, typically without VXLAN or GRE

LBaaS Agent

Compute Nodes VIPRION 4480

iControl VIP, pool and monitor CRUD. Multi-tenant.

Layer 2 Adjacent ModeBIG-IP platform with support for VLANs, GRE, and VXLAN

• BIG-IP platform participates in the tenant VLAN or tunnel (using VXLAN or GRE) • Automatic population with tunnel information when an LBaaS service is created for a tenant • Most typical use case for an SDDC

Native layer 2 for each tenant using VXLAN/GRE.

Compute Nodes VIPRION 4480

LBaaS Agent

iControl VIP, pool and monitor CRUD. Multi-tenant.

Tenant Network Data (Layer 2 Endpoints, SNI, Tunnel type, etc.)

Phase 3: Continuous Delivery

Phase 3: Self-Service




Enterprise Platform

StackApp

ServerWeb

ServerMicro-

servicesMicro-

services

App Stack


L2–L3



Linux Container

Linux Container

Compute

ADC ADC ADC



LOAD-BALANCING



ADC

L4–L7

Phase 3: Integrated Management

Policy

Admin

Orchestrator iWorkflow

Questions?

Recap

Take a look at iWorkflow:https://DevCentral.f5.com/iWorkflow

Identify/understand the shift in influenceApplication

Cloud

Infrastructure

• Add class to your personal schedule.

• Survey will pop up in Mobile App. • Answer the multiple choice. • Submit your question to complete. • Receive 5 points!

Give Feedback – Get Points!

orchestration: accelerate deployments and reduce

Documents