Apidays New York 2024 - The value of a flexible API Management solution for O...
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
1. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Nuage Networks
Nuage Networks
Flexible and agile Software Defined Networking
March 2015
Matthieu Texier
matthieu.texier@nuagenetworks.com
2. The “Consumption shift”
Applications are pushing
new requirements to IT
infrastructure
New Virtualization scheme
are changing the way IT
resources are acquired
Smooth Transition from
legacy 3 tiers model to new
models IT and network services are shifting
Public Cloud
Private Cloud
Devops development
3 tiers model
?
3. Application development velocity
Applications have to follow
market demand
Reduce application life cycles,
increase customer satisfaction
Build and run automation
DevOps, Continuous Integration,
Continuous Testing, Continuous
Delivery
New dynamics in IT infrastructure
T0 Y1 Y2 Y3 Y4
Continuous
Integration
Continuous
Testing
Continuous
Delivery
T0 Y1 Y2 Y3 Y4
4. Application scalability and QoE
Applications scalability
Content rich web application
(streaming tutorials, Apps, …)
Robust and optimal
performances and
responsiveness
Scale out automation
CDN rapid deployment, Web
proxies, Expend share nothing
application design
Predictable cost, Reduce initial investment
# Users
# App servers
5. Virtualization, infrastructure profusion
Various virtualization
technologies
Hypervisors : Vmware,
QEMU/KVM, Hyper-V
CMS and Openstack
Cloud and hosting provider:
IaaS, PaaS, bare metal
Consistent networking
across those technology
Take advantage being over the top Re-use existing IP backbone, Internet OTT
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 3
HYPERVISOR 3
HYPERVISOR 3
Orchestrated overlay network services
IP fabric
6. Virtual IT and network
provisioning
Compute and
storage automation
Available in
Minutes
Network is partially
or not orchestrated
Configuration takes
Days/Weeks
Network
Configuration
Compute
Management
New Tenant / Application Request
Auto-instantiation
Compute Request
completed in
Minutes
Help Desk
Change Control
IP
Address
VLAN
Address
Firewall
Configuration
LAN (VLAN)
Configuration
WAN (IP)
Configuration
Security / QA
Team
Project
Coordinator
Network Change
completed in
days/Weeks
Network provisioning delays is show stopper (WEB APP)
00:01
8. Nuage Virtualized Services Platform (VSP)
Network Virtualization and Automation
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Virtual
Routing &
Switching
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1
Virtualized Services Directory (VSD)
• Network Policy Engine – abstracts complexity
• Service templates and analytics
Virtualized Services Controller (VSC)
• SDN Controller, programs the network
• Rich routing feature set
Virtual Routing & Switching (VRS)
• Distributed switch / router – L2-4 rules
• Integration of bare metal assets
Nuage Networks
Virtualized Services Platform (VSP)
IP Fabric
Edge Router
MP-BGPMP-BGP
Hardware
GW for
Bare Metal
9. Virtualized Services Directory (VSD)
OpenFlow
XMPP
Virtualized Services Directory
(VSD)
• VIRTUAL MACHINE BASED
• SERVICE DEFINITION
• POLICY ESTABLISHMENT
• SERVICE TEMPLATING
• ANALYTICS ENGINE &
REPORTING
NETWORKS
SECURITY
QOS
STATISTICS
ZONE POLICIES:
WEB ACCESS
BACKEND LOGIC
ETC.
CRM APP :- VM
“80MBPS – REAL TIME”
THRESHHOLD ALARM
UI
UI
REST API
Message
Bus
Domain
Zones
Subnets
Policies
VPN
Public
Internet
Virtualized
Services
Directory
Virtualized
Services
Controller
Virtual
Routing &
Switching
Hypervisor
10. Virtualized Services Controller (VSC)
• VIRTUAL MACHINE BASED
• SDN CONTROLLER
• POWERED BY SERVICE
ROUTER OPERATING
SYSTEM (SROS)
• PEERING & FEDERATION
• AUTO-DISCOVERY
• TENANT SLICING
Virtualized Services Controller
(VSC)
SROS BASED
SMNP/CLI
BGP/IGP
SERVICE MGR
Forwarding dB
RIB/FIB
XMPP
OPENFLOW
Control path
to VRS
Message bus for:
Event Notifications
Policy Push
Security
Load Balance
OpenFlow
XMPP
Virtualized
Services
Directory
Virtualized
Services
Controller
Virtual
Routing &
Switching
Hypervisor
11. L2 or L3
(VLAN, VXLAN, GRE)
Virtual Routing & Switching (VRS)
Virtual Routing and Switching
(VRS)
VRS-H*
VRS-G
VRS-X
VRS-V
Citrix XEN
Hypervisors
VMware vSphere
Hypervisors
Microsoft Hyper-V
Hypervisors
Gateway for Bare
Metal Servers &
Appliances
KVM
Hypervisors
VRS-K
Docker agent
VRS for Docker
L2-L4 VIRTUAL SWITCH
• OPEN V-SWITCH BASED
• PROVIDES BOTH VXLAN
AND MPLSoGRE TUNNEL
ENCAPSULATION OPTIONS
• PROGRAMMED THROUGH
OPENFLOW FROM VSC,
ENCAPSULATES VM FLOW
INTO PREFERRED
PROTOCOL (L2 OR L3)
• DETECTS VM
INSTANTIATION AND
TEARDOWN
OpenFlow
XMPP
Virtualized
Services
Directory
Virtualized
Services
Controller
Virtual
Routing &
Switching
Hypervisor
Virtual
Routing &
Switching
Hypervisor
*Hyper-V Supported in the Future
12. Cloud Service Network Instantiation with Nuage Networks
Federated Inter Datacenter Services (multiple CMS)
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Brooklyn Datacenter - Zone 1
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
CloudManagertoHypervisorcommunications
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 2
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Services
Manhattan Datacenter - Zone 2
Federation of
Controllers
Edge
Router
MPLS
(MP-BGP)
Service Provider
Control Plane
Service Provider
Data Plane
Business
VPN Service
Private
Datacenter
Domain
Subnets
VPNInternet
Zones
Policies
13. Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Virtualized
Services
Directory
Virtualized
Services
Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
CloudManagertoHypervisorcommunications
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1 Brooklyn Datacenter - Zone 2
Domain
Subnets
VPNInternet
Zones
Policies
CloudBand
HYPERVISOR
HYPERVISOR
HYPERVISOR
Manhattan Datacenter - Zone 2
Virtualized
Services
Controller
Network Services
Edge
Router
MPLS
(MP-BGP)
WAN
Control Plane
WAN
Data Plane
Business
VPN Service
Private
Datacenter
MP-BGP
CPE
VPN
CPE
VPN
CPE
VPN
Virtualized
Services
Controller
Internet
Cloud Service Network Instantiation with Nuage Networks
Extended network services to
branch office (VNS solution)
15. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Why SDN, why automation
1/5/2016
15
Legacy
applications
Intranet
Web, Mail,
legacy
Digital stack
Content and cloud
player
Web scale
CDN, GSLB…
Share nothing appliactions
Big data
Dual DC
LAN switching
Multiple DC,
WAN extension
Internet peering
Multiple DC,
Virtual DMZ,
Internet peering and CDN
16. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Converting a marketing view to your specific needs
Questions to ask to yourself !
• Data centers and applications
– Single, multiple regions ?
– Multi-hypervisor ?
– Applications and resiliency scheme ?
– Devops, micro-segmented software design ?
• Network and IP fabric
– Just couple of switch’s ?
– SPINE/LEAF ?
– Multiple DC’s interconnected via a WAN /
public AS ?
– L2 services / L3 services, security, filtering,
east/west, north/south ?
1/5/2016
16
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 3
HYPERVISOR 3
HYPERVISOR 3
Orchestrated overlay network
services
IP fabric
17. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Challenges that comes with Openstack
Openstack is very well suited for very dynamic
infrastructure
Devops continuous testing, create, destroy, rebuild via heat
stack or any others scripting or YAML languages
How do we make it scalable, reliable, stable…
No easy answer to this question, we propose to share
experience
1/5/2016
17
18. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Openstack networking using Neutron Network
Node and optionally DVR
Neutron network node (NN) still centralized
SNAT and PAT is still centralized on this node, no real HA and control plane to handle NN failure,
Without DVR, NN becomes a SPOF most probably under stress with lots of traffic,
DVR is quiet hungry in terms of resources
Multiple agents per compute nodes
Each router requires namespace each of them running DVR (could end up with 1000 namespaces per
compute node)
Poor implementation of ARP and flow mapping generating entries for each VM in a broadcast domain
in each compute
SNAT is mandatory to get out of Neutron Network, no way to avoid SNAT
No standard control plane
Re-inventing the wheel : does it really make sense !
Ready a good headache :
https://www.youtube.com/watch?v=OpKsXX0bQAo
1/5/2016
18
19. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
19
Copyright 2015 Alcatel-Lucent. All rights reserved.
Openstack “stretch design”
DC 1 DC 2
WAN/Internet
Nuage XMPP traffic (VSD/VSC)
Nuage BGP traffic (VSC/VSC)
Centralized authentication via keystone db backend / proxy
Comes with challenges like: Installation and maintenance,
HA nodes election process (corum) for “real” HA,
Storage network latency, multiple gateway and routers,
HA between network nodes, …
Expend infrastructure VLAN
Nuage overlay network
20. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
20
Copyright 2015 Alcatel-Lucent. All rights reserved.
Example multi-DC / multi-Openstack /
single SDN
DC 1 DC 2
WAN/Internet
Nuage XMPP traffic (VSD/VSC)
Nuage BGP peering (VSC/VSC)
Almost all our existing customers in production
Fixes many issues like: Corum election of Openstack HA nodes,
Floating IP mobility, Storage network design and latency constraints,
Probably the best compromise as of today
(Kilo / Nuage 3.2)
Nuage overlay network
21. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 1/5/2016
21
Networkservices
OpenStack Cloud Management Platform
OpenStack®
OpenStack Cloud Management Platform
OpenStack®
OpenStack Cloud Management Platform
OpenStack®
Out of the Box Content
HP Cloud Service Automation APIHP DCN
Overlay Network
AZ
Region
22. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Thank You
23. Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 1/5/2016
23
Notas del editor
Cloud Services are hot, IDC predicts the market will trend significantly over the next three years from $360MUSD in 2013 to 3.7BUSD by 2016, that makes Cloud Services one of the largest drivers for new investments across both the IT enterprise market and the Service Provider in delivering IP based datacenters and wide area services.
Enterprise users: Are looking to the cloud to provide quick and cost effective application deployment. Basically they want the experience and control they have today with their private IT infrastructure but at the economics of a shared infrastructure.
Service Providers: Are investing in datacenters (either building or buying) to meet this enterprise demand. Their goal is to meet the needs of as many customers as possible and to achieve this as cost effective as possible.
The VSD resides in the Management Plane of the datacenter and provides the business and application logic that is distributed to the VSC as network configurations.
It’s the policy engine for the solution; taking the application service definitions and creating network configurations that are template based. The value here is that the application type (example: Oracle11i) is matched to the tenants IT security model and then saved as a template for instantiation on the network; the principle is create once, use many times.
The VSD also contains a powerful ‘Big Data’ analytics engine (optional) that can provide historic and real time information on the network and the VM usage of the network. This is based on an industry leading Hadoop architecture.
The VSD supports RESTful API’s for communicating to the Cloud Providers management systems
The VSD resides in the Control Plane of the datacenter and provides the network control function. It’s the industries most powerful SDN controller with support for both the SDN protocol set (OpenFlow) and IP/MPLS protocol set including MP-BGP.
As the controller, it co-ordinates and federates the setup and teardown of the network paths based on compute triggers received from the VRSs on the Hypervisors.
It efficiently passes these event triggers to the VSD via Extensible Messaging and Presence Protocol (XMPP) to query the authenticity and to get the application/tenant specific network configuration template to instantiate on the VRSs within the application domain.
The VSC has three main communication directions:
Northbound: to the VSD via XMPP
East/West: federation functions to other VSCs or IP / MPLS Provider Edge nodes via MP-BGP
Southbound: to the VRSs via OpenFlow
The VSD resides in the Data Plane of the datacenter and provides the network end-point function. It’s a powerful Layer2-Layer4 switching and routing engine with the capability to perform forwarding with policy based routing intelligence.
It supports a wide range of L2 and L3 encapsulation methods so can communicate with a wide range of external network endpoints (other hypervisors, IP or MPLS based routers).
Key functionality includes listening to the open messaging bus of the Hypervisor to locate compute triggers of VM setup, teardown etc and to pass these to the VSC for processing.
Private VPN networks of major Service Providers utilize MPLS to deliver IP-VPN’s. These IP-VPNs communicate internally (between the SP’s PE routers) using MP-BGP to signal paths and route changes within the VPN instance.
It makes sense for Nuage to use these existing protocols within the wide area to facilitate the seamless extension of services from the datacenter to the tenants IPVPN.
Nuage has implemented the widely deployed Service Router Operating System (SROS) from Alcatel-Lucent to facilitate open communication and protocol interworking between the datacenter and the wide area network.
As compute resources are consumed or moved within the datacenter or even across datacenters the Nuage VSP will instantaneously update the BGP routing information to the tenants VPN so that paths between the cloud hosted resources and the clients within the VPN are maintained and correct at all times; without requiring any network configuration or staffing overheads.
Datacenter networks have limitations imposed to areas called zones or POD’s are even racks of servers. The dotted line between row 2 and three illustrates the boundary that inhibits seamless services…which Nuage Networks resolves.