Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Similar a Nuage meetup - Flexible and agile Software Defined Networking (SDN) (20)
Último
Último (20)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
- 1. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks Nuage Networks Flexible and agile Software Defined Networking March 2015 Matthieu Texier matthieu.texier@nuagenetworks.com
- 2. The “Consumption shift” Applications are pushing new requirements to IT infrastructure New Virtualization scheme are changing the way IT resources are acquired Smooth Transition from legacy 3 tiers model to new models IT and network services are shifting Public Cloud Private Cloud Devops development 3 tiers model ?
- 3. Application development velocity Applications have to follow market demand Reduce application life cycles, increase customer satisfaction Build and run automation DevOps, Continuous Integration, Continuous Testing, Continuous Delivery New dynamics in IT infrastructure T0 Y1 Y2 Y3 Y4 Continuous Integration Continuous Testing Continuous Delivery T0 Y1 Y2 Y3 Y4
- 4. Application scalability and QoE Applications scalability Content rich web application (streaming tutorials, Apps, …) Robust and optimal performances and responsiveness Scale out automation CDN rapid deployment, Web proxies, Expend share nothing application design Predictable cost, Reduce initial investment # Users # App servers
- 5. Virtualization, infrastructure profusion Various virtualization technologies Hypervisors : Vmware, QEMU/KVM, Hyper-V CMS and Openstack Cloud and hosting provider: IaaS, PaaS, bare metal Consistent networking across those technology Take advantage being over the top Re-use existing IP backbone, Internet OTT HYPERVISOR 1 HYPERVISOR 1 HYPERVISOR 1 HYPERVISOR 2 HYPERVISOR 2 HYPERVISOR 2 HYPERVISOR 3 HYPERVISOR 3 HYPERVISOR 3 Orchestrated overlay network services IP fabric
- 6. Virtual IT and network provisioning Compute and storage automation Available in Minutes Network is partially or not orchestrated Configuration takes Days/Weeks Network Configuration Compute Management New Tenant / Application Request Auto-instantiation Compute Request completed in Minutes Help Desk Change Control IP Address VLAN Address Firewall Configuration LAN (VLAN) Configuration WAN (IP) Configuration Security / QA Team Project Coordinator Network Change completed in days/Weeks Network provisioning delays is show stopper (WEB APP) 00:01
- 8. Nuage Virtualized Services Platform (VSP) Network Virtualization and Automation Cloud Service Management Plane Datacenter Control Plane Datacenter Data Plane Virtual Routing & Switching Virtualized Services Directory Virtualized Services Controller HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR Brooklyn Datacenter - Zone 1 Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets Nuage Networks Virtualized Services Platform (VSP) IP Fabric Edge Router MP-BGPMP-BGP Hardware GW for Bare Metal
- 9. Virtualized Services Directory (VSD) OpenFlow XMPP Virtualized Services Directory (VSD) • VIRTUAL MACHINE BASED • SERVICE DEFINITION • POLICY ESTABLISHMENT • SERVICE TEMPLATING • ANALYTICS ENGINE & REPORTING NETWORKS SECURITY QOS STATISTICS ZONE POLICIES: WEB ACCESS BACKEND LOGIC ETC. CRM APP :- VM “80MBPS – REAL TIME” THRESHHOLD ALARM UI UI REST API Message Bus Domain Zones Subnets Policies VPN Public Internet Virtualized Services Directory Virtualized Services Controller Virtual Routing & Switching Hypervisor
- 10. Virtualized Services Controller (VSC) • VIRTUAL MACHINE BASED • SDN CONTROLLER • POWERED BY SERVICE ROUTER OPERATING SYSTEM (SROS) • PEERING & FEDERATION • AUTO-DISCOVERY • TENANT SLICING Virtualized Services Controller (VSC) SROS BASED SMNP/CLI BGP/IGP SERVICE MGR Forwarding dB RIB/FIB XMPP OPENFLOW Control path to VRS Message bus for: Event Notifications Policy Push Security Load Balance OpenFlow XMPP Virtualized Services Directory Virtualized Services Controller Virtual Routing & Switching Hypervisor
- 11. L2 or L3 (VLAN, VXLAN, GRE) Virtual Routing & Switching (VRS) Virtual Routing and Switching (VRS) VRS-H* VRS-G VRS-X VRS-V Citrix XEN Hypervisors VMware vSphere Hypervisors Microsoft Hyper-V Hypervisors Gateway for Bare Metal Servers & Appliances KVM Hypervisors VRS-K Docker agent VRS for Docker L2-L4 VIRTUAL SWITCH • OPEN V-SWITCH BASED • PROVIDES BOTH VXLAN AND MPLSoGRE TUNNEL ENCAPSULATION OPTIONS • PROGRAMMED THROUGH OPENFLOW FROM VSC, ENCAPSULATES VM FLOW INTO PREFERRED PROTOCOL (L2 OR L3) • DETECTS VM INSTANTIATION AND TEARDOWN OpenFlow XMPP Virtualized Services Directory Virtualized Services Controller Virtual Routing & Switching Hypervisor Virtual Routing & Switching Hypervisor *Hyper-V Supported in the Future
- 12. Cloud Service Network Instantiation with Nuage Networks Federated Inter Datacenter Services (multiple CMS) Cloud Service Management Plane Datacenter Control Plane Datacenter Data Plane Brooklyn Datacenter - Zone 1 Virtualized Services Directory Virtualized Services Controller HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR CloudManagertoHypervisorcommunications HYPERVISOR HYPERVISOR HYPERVISOR Brooklyn Datacenter - Zone 2 HYPERVISOR HYPERVISOR HYPERVISOR Network Services Manhattan Datacenter - Zone 2 Federation of Controllers Edge Router MPLS (MP-BGP) Service Provider Control Plane Service Provider Data Plane Business VPN Service Private Datacenter Domain Subnets VPNInternet Zones Policies
- 13. Cloud Service Management Plane Datacenter Control Plane Datacenter Data Plane Virtualized Services Directory Virtualized Services Controller HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR CloudManagertoHypervisorcommunications HYPERVISOR HYPERVISOR HYPERVISOR Brooklyn Datacenter - Zone 1 Brooklyn Datacenter - Zone 2 Domain Subnets VPNInternet Zones Policies CloudBand HYPERVISOR HYPERVISOR HYPERVISOR Manhattan Datacenter - Zone 2 Virtualized Services Controller Network Services Edge Router MPLS (MP-BGP) WAN Control Plane WAN Data Plane Business VPN Service Private Datacenter MP-BGP CPE VPN CPE VPN CPE VPN Virtualized Services Controller Internet Cloud Service Network Instantiation with Nuage Networks Extended network services to branch office (VNS solution)
- 14. Nuage solution Use cases Private Cloud
- 15. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Why SDN, why automation 1/5/2016 15 Legacy applications Intranet Web, Mail, legacy Digital stack Content and cloud player Web scale CDN, GSLB… Share nothing appliactions Big data Dual DC LAN switching Multiple DC, WAN extension Internet peering Multiple DC, Virtual DMZ, Internet peering and CDN
- 16. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Converting a marketing view to your specific needs Questions to ask to yourself ! • Data centers and applications – Single, multiple regions ? – Multi-hypervisor ? – Applications and resiliency scheme ? – Devops, micro-segmented software design ? • Network and IP fabric – Just couple of switch’s ? – SPINE/LEAF ? – Multiple DC’s interconnected via a WAN / public AS ? – L2 services / L3 services, security, filtering, east/west, north/south ? 1/5/2016 16 HYPERVISOR 1 HYPERVISOR 1 HYPERVISOR 1 HYPERVISOR 2 HYPERVISOR 2 HYPERVISOR 2 HYPERVISOR 3 HYPERVISOR 3 HYPERVISOR 3 Orchestrated overlay network services IP fabric
- 17. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Challenges that comes with Openstack Openstack is very well suited for very dynamic infrastructure Devops continuous testing, create, destroy, rebuild via heat stack or any others scripting or YAML languages How do we make it scalable, reliable, stable… No easy answer to this question, we propose to share experience 1/5/2016 17
- 18. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Openstack networking using Neutron Network Node and optionally DVR Neutron network node (NN) still centralized SNAT and PAT is still centralized on this node, no real HA and control plane to handle NN failure, Without DVR, NN becomes a SPOF most probably under stress with lots of traffic, DVR is quiet hungry in terms of resources Multiple agents per compute nodes Each router requires namespace each of them running DVR (could end up with 1000 namespaces per compute node) Poor implementation of ARP and flow mapping generating entries for each VM in a broadcast domain in each compute SNAT is mandatory to get out of Neutron Network, no way to avoid SNAT No standard control plane Re-inventing the wheel : does it really make sense ! Ready a good headache : https://www.youtube.com/watch?v=OpKsXX0bQAo 1/5/2016 18
- 19. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 19 Copyright 2015 Alcatel-Lucent. All rights reserved. Openstack “stretch design” DC 1 DC 2 WAN/Internet Nuage XMPP traffic (VSD/VSC) Nuage BGP traffic (VSC/VSC) Centralized authentication via keystone db backend / proxy Comes with challenges like: Installation and maintenance, HA nodes election process (corum) for “real” HA, Storage network latency, multiple gateway and routers, HA between network nodes, … Expend infrastructure VLAN Nuage overlay network
- 20. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 20 Copyright 2015 Alcatel-Lucent. All rights reserved. Example multi-DC / multi-Openstack / single SDN DC 1 DC 2 WAN/Internet Nuage XMPP traffic (VSD/VSC) Nuage BGP peering (VSC/VSC) Almost all our existing customers in production Fixes many issues like: Corum election of Openstack HA nodes, Floating IP mobility, Storage network design and latency constraints, Probably the best compromise as of today (Kilo / Nuage 3.2) Nuage overlay network
- 21. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 1/5/2016 21 Networkservices OpenStack Cloud Management Platform OpenStack® OpenStack Cloud Management Platform OpenStack® OpenStack Cloud Management Platform OpenStack® Out of the Box Content HP Cloud Service Automation APIHP DCN Overlay Network AZ Region
- 22. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Thank You
- 23. Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION 1/5/2016 23
Notas del editor
- Cloud Services are hot, IDC predicts the market will trend significantly over the next three years from $360MUSD in 2013 to 3.7BUSD by 2016, that makes Cloud Services one of the largest drivers for new investments across both the IT enterprise market and the Service Provider in delivering IP based datacenters and wide area services. Enterprise users: Are looking to the cloud to provide quick and cost effective application deployment. Basically they want the experience and control they have today with their private IT infrastructure but at the economics of a shared infrastructure. Service Providers: Are investing in datacenters (either building or buying) to meet this enterprise demand. Their goal is to meet the needs of as many customers as possible and to achieve this as cost effective as possible.
- The VSD resides in the Management Plane of the datacenter and provides the business and application logic that is distributed to the VSC as network configurations. It’s the policy engine for the solution; taking the application service definitions and creating network configurations that are template based. The value here is that the application type (example: Oracle11i) is matched to the tenants IT security model and then saved as a template for instantiation on the network; the principle is create once, use many times. The VSD also contains a powerful ‘Big Data’ analytics engine (optional) that can provide historic and real time information on the network and the VM usage of the network. This is based on an industry leading Hadoop architecture. The VSD supports RESTful API’s for communicating to the Cloud Providers management systems
- The VSD resides in the Control Plane of the datacenter and provides the network control function. It’s the industries most powerful SDN controller with support for both the SDN protocol set (OpenFlow) and IP/MPLS protocol set including MP-BGP. As the controller, it co-ordinates and federates the setup and teardown of the network paths based on compute triggers received from the VRSs on the Hypervisors. It efficiently passes these event triggers to the VSD via Extensible Messaging and Presence Protocol (XMPP) to query the authenticity and to get the application/tenant specific network configuration template to instantiate on the VRSs within the application domain. The VSC has three main communication directions: Northbound: to the VSD via XMPP East/West: federation functions to other VSCs or IP / MPLS Provider Edge nodes via MP-BGP Southbound: to the VRSs via OpenFlow
- The VSD resides in the Data Plane of the datacenter and provides the network end-point function. It’s a powerful Layer2-Layer4 switching and routing engine with the capability to perform forwarding with policy based routing intelligence. It supports a wide range of L2 and L3 encapsulation methods so can communicate with a wide range of external network endpoints (other hypervisors, IP or MPLS based routers). Key functionality includes listening to the open messaging bus of the Hypervisor to locate compute triggers of VM setup, teardown etc and to pass these to the VSC for processing.
- Private VPN networks of major Service Providers utilize MPLS to deliver IP-VPN’s. These IP-VPNs communicate internally (between the SP’s PE routers) using MP-BGP to signal paths and route changes within the VPN instance. It makes sense for Nuage to use these existing protocols within the wide area to facilitate the seamless extension of services from the datacenter to the tenants IPVPN. Nuage has implemented the widely deployed Service Router Operating System (SROS) from Alcatel-Lucent to facilitate open communication and protocol interworking between the datacenter and the wide area network. As compute resources are consumed or moved within the datacenter or even across datacenters the Nuage VSP will instantaneously update the BGP routing information to the tenants VPN so that paths between the cloud hosted resources and the clients within the VPN are maintained and correct at all times; without requiring any network configuration or staffing overheads.
- Datacenter networks have limitations imposed to areas called zones or POD’s are even racks of servers. The dotted line between row 2 and three illustrates the boundary that inhibits seamless services…which Nuage Networks resolves.