Do ordon't- thereis notry; consistentnetworkingvia SDN in ...files.meetup.com/11483872/20160317-Nuage-Munich... · 3/17/2016 · confidential - solely for authorized persons having

CONFIDENTIAL- SOLELYFORAUTHORIZEDPERSONSHAVINGANEEDTOKNOWPROPRIETARY– USEPURSUANTTOCOMPANYINSTRUCTION

©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.

Door don't - there is no try ;consistentnetworking viaSDNinOpenStackAndreasRoeder– Nuage;Christoph Torlinsky - [email protected] ;[email protected],2016

@roeder_andreas



IntroductionWhatisallofthisabout?

3/18/16

2



AboutNuage Networks§ Nuage isaEuropeanstartupwithofficesintheSiliconeValley

§ AnNokiabackedventurefocusedondatacenterandbranchofficenetworkevolution

fortheSoftwareDefinedCloudComputingWorld

§ CreationofanAbstraction&Automation layerbetweennetworking decouplingHardware

§ APIandPolicynetworkingdesign reflectingbusinessdirectives,notnetwork

§ ActiveinmanydiverseNetworkingForumsandOpenSourceProjects



CurrentstateofnetworkinginOpenStack

Whatarewetryingtoaddress?

3/18/16

4


©2016Nokia.Allrightsreserved.Nuage NetworksisaNokiaventure.3/18/16

5

OVSPluginvs.NuageVRS(insertedonKVMHypervisors)NeutronDatapath onCompute– SDNInsertion

GREEncapsulated

br-int

br-tun

patch-tun

patch-int

PortVLAN:10 PortVLAN:20

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

ventb

qvob

qbrc

qvbc

vnetc

qvo

gre-10.0.0.1

eth0

TAPDevice

veth pair

LinuxBridge

Open vSwitch

ConfiguredbyNovaCompute

ConfiguredbyNeutronL2Agent

o TenantswillbeseparatedbyinternalassignedVLANS

o VLANS will bemappedegresstowardsGREtunnelswhichareuniquebytunnelID

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

tapa tapb tapc

alubr0

VXLANEncapsulated

eth0

Policy DrivenConfigurationfrom

Nuage VSP

OVSDatapath(supportsL2only)

NuageDatapath(supportsdistributedL2,L3,FloatingIP,…)

PHYPort



6

DatapathDifferentiationtoNeutronwithNuage

br-intint-br-ext

VM1TenantA

VM2TenantA

VM3TenantB

eth0eth0eth0

qbra

qvba

vneta

qvoa

qbrb

qvbb

vnetb

qvob

qbrc

qvbc

vnetc

qvoc

TAPDevice

veth pair

LinuxBridge

Open vSwitch

VM3TenantB

eth0

qbrd

qvbd

vnetdPHYPort

qvod

br-ext

phy-br-ext

InternalRouterNamespace

qr-f qr-g

IP IP IP IP

IP IP

qr-fqrouter-yInternalRouterNamespace

qr-h qr-jIP IP

qr-n qrouter-z

FloatingIPNamespace

qfloat-x qf-nqr-m

qf-x

br-tun

int-br-tun1

int-br-tun1

FlowTableentry

FlowTableentry

DVRAGENT(Enhanced L3

Agent)

PrivateNetwork

eth1

Public Network

eth0

Ext-IP

alubr0VRS

(SingleOVSbridge)

o SingleOVSBridgeo IsFlow-Basedo PerformsFirewalling,

Switching,Routing,NAT,…

o ProcessesARP,DHCPLOCALLY

o NoDedicatedNetworkNodeforo non-DVRcase:

Routing,DNAT,SNAT,DHCP

o DVRcase: SNAT,DHCP



ComputeNodeComputeNode

ComputeNode NetworkNode

br-int

qbr..

3/18/16

7

NeutronL3Datapath inOpenStack

VM1TenantA

VM2TenantA

A Q

B

C

qbr..

R

S

D T

br-tun

E

F

G br-tunH

br-intJ

I

M O

dhcprouter

PN

Kbr-ext L

ML2OVS/NetworkNode

VM1TenantA

VM2TenantA

A B

VM1TenantA

VM2TenantA

C D

alubr0 alubr0

VRS-GSoftwareGW

alubr0

HardwareGW

alubr0

VXLAN VXLANVXLAN

VXLAN

NuageVSP



NeutronServer

RabbitMQ

L3Agent

OVSAgent

MetadataProxy

MetadataAgent

Keepalived

OVS

dnsmasq

NetworkNode

OVSAgent

OVS

ComputeNode

RabbitMQ

MySQL

Nuage ArchitectureDifferentiationo Neutron requireshighDatabasereadandwriteoperations andMessaging(RabbitMQBottlenecks)

o SincethereisNOseparatecontrolplane,Neutronserverhastodealwitheverycomputenodewithoutanyoffload

o Nodatabaseinquirycachesupported fortheDatabasewhichtremendouslyincreasedDatabasereadpressure

o SQLAlchemydesigninneutroncode addsDatabasepressure andMetadatacachinginefficiency



Sinlge SDNAPIforadiverseApplications

ItsnotjusttheVMandOpenStack anymore,isit?

3/18/16

9



Physicalservers VirtualMachines Containers PublicCloud

VSP=Policy-DrivenVirtualizedNetworkingforallEnvironments



Same policies andtemplates canbeused across anyendpoint:OpenStack VMs,Containers,PaaS or Physical

DOCKERContainers KVMVirtualMachines Physical &Baremetals

L2Service “SQL”with Security“Medium”,nopublic access,QoS “Gold+”

L3Service “FrontEnd”with Security“High”,NAT,BW=10Mbps,QoS “Silver”



Nuage SDNArchitectureHowwecandoallofthat?

3/18/16

12



VSD

API / REST / Python / GO…

VSDVSD

VSC VSCBGP

XMPP

ESXi KVMVRS VRS

BM

VTEP

DCI

Hyper-VVRS

XENVRS

XLC / Docker

VRS

Nuage DetailedArchitecture



TypicalNuage Usecases§ ConvergedDatacenter(MultipleSites,MultipleCMS,

MultipleWorkloadFormfactors)onpremise/offpremise§ Microsegmentation§ Desaster recovery§ P2V/V2Vmigration§ Devops§ NGDataCenter FabricAutomation

3/18/16

14



UseCases:

3/18/16

15

CloudInfrastructureFramework

FWaaS

LBaaS

(X)aaSIntegrationFramework

HybridCloudConnect

VPNaaS

ProgrammableDataPlane



DemoOverview1/2

3/18/16

16

§ SetupbasedonRedHat OSP6togetherwithNuage 3.2R4

§ NonHASetup



DemoOverview2/2§ SetupbasedonCentoswithdocker:1.8.2-7.el7.centos

3/18/16

17



Demo/QnA



Thevspk and associated tools are available onGitHub andPyPI: https://github.com/nuagenetworks

Nuage NetworksCommunityandForums

+



20

https://www.openstack.org/summit/austin-2016/summit-schedule/



21

THANKYOU

Documents

Do ordon't- thereis notry; consistentnetworkingvia SDN in ...files.meetup.com/11483872/20160317-Nuage-Munich... · 3/17/2016 · confidential - solely for authorized persons having