OPENSTACK Deployment in the Enterprised2zmdbbm9feqrf.cloudfront.net/2014/lat/pdf/BRKDCT-2367.pdf · OPENSTACK Deployment in the Enterprise ... deployment or a hybrid deployment where

OPENSTACK Deployment in the Enterprise

BRKDCT-2367

Miguel Barajas – Senior Solution Architect CITT CoE LATAM

Luis Rueda – Senior Technical Leader CITT CoE LATAM

© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Agenda

•  Introduction

•  Cisco Domain Ten

•  Introduction to OpenStack

•  OpenStack Deployment in the Enterprise

•  Use Cases and Study Cases

•  Cisco Products Integration

•  DEMO TIME!!!

© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public

Cisco Domain Ten® Framework

Customer Interface

4

Organization • Governance • Process 10

Security • Compliance 9

SaaS

Applications 8

PaaS

Platform 7

IaaS

Abstraction • Virtualization 2

Compute Storage Network

Infrastructure • Environmentals 1

Autom

ation • Orchestration

3

Service Catalog

5

6 Financials

Existing S

ystem Integrations


What is OpenStack?

•  OpenStack Fundation

“ OpenStack aims to produce the ubiquitous Open Source Cloud Computing platform that will meet the needs of public and private clouds regardless of size, by being simple to implement and massively scalable.”


What is OpenStack?

•  Wikipedia

“ OpenStack is a cloud computing project aimed at providing an infrastructure as a service (IaaS).”


OpenStack High Level Diagram


OpenStack Capabilities (JUNO)

•  Compute (Nova)

•  Networking (Neutron)

•  Object Storage (Swift)

•  Block Storage (Cinder)

•  Identity (Keystone)

Current Programs/Projects

•  Image Service (Glance)

•  Dashboard (Horizon)

•  Telemetry (Ceilometer)

•  Orchestration (Heat)

•  DBaaS (Trove)


OpenStack Capabilities

•  Bare Metal Provisioning (Ironic)

•  Queue Service (Marconi)

•  Data Processing (Sahara)

Future Programs/Projects


OpenStack Architecture


OpenStack @ Cisco

Community

–  Cisco is the 6th Mayor Contributor to OpenStack Code

–  Code Contributions and bluprints across Core Services

–  Networking Model, Comopute Service and Dasboard, HA, Scheduling

–  OpenStack Funtation Board Member

Customers

–  Private (demo) and Public –  Extend cloud model for

rapid provisioning of network services, bare-metal, intelligent workload placement

–  Drive innovation through real-world use cases

Engineering

–  Automation (Puppet) and Architecture (HA) for production deployment and operational Support

–  Neutron/Nova Plug-ins for Cisco Product lines •  UCS, Nexus, CSR1000v

–  Scalable Neworking services •  FWaaS, LBaaS, VPNaaS

http://www.cisco.com/web/solutions/openstack/index.html

OpenStack Deployment in The Enterprise


Use Cases

•  Test and Dev

•  High Scalable Applications

•  Multi Vendor / Multi Hypervisor environment

•  A lot of Development groups


Why Deploy OpenStack in my Company

•  Easy and fast to Deploy

•  It can be integrated with the current infrastructure

•  Start Small, Scale Up and Out

•  NO VENDOR LOCK IN!

•  Open Source Project


What Really Changes in my Data Center/Internet Edge? •  OpenStack components live South

of the Top-of-Rack switch

•  Your existing DC, Internet Edge and BN architecture stays the same

•  It’s about the compute, storage and orchestration/management tiers

•  Even your apps go largely unchanged

Ser

vice

s

Access Layer

Agg Layer

Core Layer

UC

S C

-Ser

ies

UC

S B

-Series

Enterprise/ Internet


OpenStack Nodes/Roles •  Example on UCS C-

series

•  Active/Active controllers

•  HAProxy/Keepalived or HW SLB for Swift Proxy Nodes

•  Object and block storage –  Images, app data –  Persistent storage

•  Support nodes (Ctrl/Proxy also) often run as VMs or can be baremetal

A/A Controller

Nodes Compute Nodes

Swift Proxy Nodes

Swift Object Storage Nodes

*Support Nodes -Puppet Master -Cobbler -DNS -HAProxy/ Keepalived

Cinder Block Storage Nodes

DC Access Layer

To DC Agg Layer

*Can run as VMs

PM/Cobbler OS VM

HAProxy OS VM

Controller-1 OS VM

Controller-2 OS VM

Proxy-1 OS VM

Proxy-2 OS VM


To Automate or Not and How Much to Automate •  Manually deploy it all? Automate only the OpenStack setup? Automate OpenStack +

Apps?

•  Single Shot – Manually setup everything (the best way to learn OpenStack): –  http://docwiki.cisco.com/wiki/OpenStack_Havana_Release:_High-

Availability_Manual_Deployment_Guide

•  Semi-Automatic – Use automation for ‘some’ of the setup and maintain/modify manually: –  http://docwiki.cisco.com/wiki/Openstack:Havana-Openstack-Installer –  http://docwiki.cisco.com/wiki/OpenStack:Havana:All-in-One –  http://puppetlabs.com/ –  http://www.opscode.com/chef/ –  https://juju.ubuntu.com/

•  Automatic – Automate everything with Puppet, Chef, JuJu or turnkey automation stuff


High-Level Planning Summary •  Deploy OpenStack in existing ‘pod’ or a new one?

•  Hardware inventory – All rack servers, all blade servers, HW + VMs

•  What app(s) do you plan to run in the new deployment?

•  To multi-tenant or not? This is a functional and business topic as much as a technical one – Always deploy with multi-tenancy in mind

•  IP address planning – NAT inside OpenStack? No NAT? Overlapping IPs?

•  Automation choices

•  Use a ‘pure’ OpenStack (only OpenStack projects) deployment or a hybrid deployment where you use some of what OpenStack offers and leverage 3rd party applications/management/monitoring services

•  Knowing the limitations of current high-availability/disaster-recovery (HA/DR) models with OpenStack

•  Other stuff we will talk about along the way ….


Network Decisions •  OpenStack Networking

–  http://docs.openstack.org/admin-guide-cloud/content/section_networking-scenarios.html –  Many vendor plugins (OVS, Ryu, etc..) –  Flat, Routers with NAT, VLAN Trunking, GRE, VXLAN

•  Scale –  VLAN number limitations for large tenant + networking environments –  GRE-based –  VPNaaS – Manual configuration in large full-mesh setup

•  Network Tuning – Linux kernel, networking and vSwitch-specific (OVS) tuning is critical: –  libvirt_type: kvm or qemu –  vhost-net (‘modprobe vhost-net’):

http://www.linux-kvm.com/content/how-maximize-virtio-net-performance-vhost-net https://ask.openstack.org/en/question/6140/quantum-neutron-gre-slow-performance/

–  Test Offload settings: ‘ethtool -K eth1 gro off’ - http://www.linuxcommand.org/man_pages/ethtool8.html


Which Networking Model?

•  A few choices: Private Networks with Per-Tenant Routers, Provider Routers, Provider Network Extensions with VLANs (No NAT)

•  Most enterprises use the VLAN model as they have no need for NAT within the OpenStack system – Most of their NAT stuff is on the edge (i.e. edge FW, SLB, Proxy, Routers)

•  Very large enterprise deployments will run into VLAN numbering limitations when the system is deployed in a brownfield design (sharing VLANs with other PODs)

•  Also, know that, today, a Neutron router-free deployment limits capabilities such as VPNaaS and/or LBaaS which depend on the L3-agent (Neutron router)


High Availability Decisions •  Know what you don’t know

•  Pick your release – HA matures on every release: Folsom (sucked for HA) -> Grizzly (getting better) -> Havana (MUCH better)– You may have to use other open source tools to get a complete system highly available

•  Cisco HA design – http://docwiki.cisco.com/wiki/OpenStack_Havana_Release:_High-Availability_Manual_Deployment_Guide

•  Automated using Compressed HA (3 nodes) or Full HA (redundant control nodes, swift proxies, swift storage nodes) - http://docwiki.cisco.com/wiki/Openstack:Havana-Openstack-Installer

•  Many components are: –  Databases: Options include MySQL-WSREP and Galera –  Message Queue: RabbitMQ Clustering and RabbitMQ Mirrored Queues –  API/Web services: HAProxy, Keepalived, traditional SLB –  Swift proxy nodes: HAProxy, Keepalived, traditional SLB –  Swift nodes: Architecturally designed to be available (i.e. multiple copies of objects) –  Compute node: Nothing directly HA, but can use Migration for planned maintenance windows

•  Puppet HA: Search “puppet master redundancy” or “masterless puppet” – you will land plenty of reading choices ;-)


High-Availability Multi-node “Provider Network Extensions” Design

Load-Balancers

Controllers

Compute

Swift Storage (Proxy & Storage nodes)

MGMT/CIMC/API Network

Public Network

Storage Network

CIMC CIMC

CIMC CIMC CIMC

CIMC CIMC CIMC

CIMC CIMC CIMC CIMC CIMC

eth0 eth0 eth0 eth0 eth0

eth0 eth0 eth0


eth1 eth1 eth1


DC/Internet

Service VIPs

23

Cisco Product Integration


Nexus – Support for OpenStack •  Nexus 1000v

–  Red Hat and Ubuntu - KVM –  512 servers per VSM and scaling to future with federations –  VLAN - 4096, VXLAN – 16000 segments, 32000 ports, 300+ veths/vem –  Enhanced VXLAN – No multicast requirement in a VSM and in future across VSMs –  VSM on any hypervisor or Nexus1010 –  NAT is supported/overlapping IP support http://www.cisco.com/c/en/us/support/switches/nexus-1000v-kvm/tsd-products-support-series-home.html

•  Nexus 3000 and Higher –  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/data_sheet_c78-727737.html

•  Cisco OpenStack Installer with Nexus Plugin: http://docwiki.cisco.com/wiki/OpenStack:Grizzly-Nexus-Plugin http://docwiki.cisco.com/wiki/OpenStack:_Havana:_2-Role_Nexus


Nexus Plugin Example Topology

•  Stuff we care about in the user.common.yaml file that are relevant to the diagram: –  Switch ports that connect to the eth1 on

each compute node –  That the appropriate interface on the

controller is configured to trunk all of the same VLANs that will be used by instances (attached to eth1 on compute nodes)

–  That the uplinks from ToR to Agg layer switches has all of the trunks/VLANs configured ahead of time

•  Multiple ToR switches and host FEX setups are supported

compute- server01

compute- server02

Agg Layer

Trunk links: VLAN:500-600

eth0

control-server

eth0

eth1 eth1

eth0

eth1

e1/8

e1/9

Provider Networks(s): VLAN500: 192.168.250.0/24 VLAN501: 192.168.251.0/24 …

Mgmt Network


CISCO ACI & OpenStack Integration


OpenStack & UCS

•  Cisco Unified Computing System™ (Cisco UCS®) running OpenStack technology can be used to build public, private, and hybrid cloud infrastructure.

•  Built-in automation enables configurations to be deployed quickly, easily, and accurately.

•  The Cisco UCS OpenStack Installer provides a validated installation for an active-active, highly scalable architecture for OpenStack services

•  The Cisco UCS architecture allows you to easily add computing and storage resources as demand increases.


OpenStack Services from Cisco Advanced Services Problems Solved Key Deliverables Portfolio

Strategy and Assessment

Validation

Optimization

Design & Deployment

ü  Pre-defined design ü  Rapid installation & Test ü  Lack of OpenStack skillsets

ü  Experiment with OpenStack installation in your data center environment

Key Benefits

ü  Pre-defined design ü  Test plan ü  Knowledge Transfer

ü  Network Scale and High availability design

ü  Storage Integration ü  Cell deployment design

ü  Accelerate production readiness

ü  Optimally deployed on Cisco hardware

ü  Understand role of OpenStack in your DC/Cloud strategy

ü  Strategy Assessment high level roadmap and architecture

ü  Prioritization of use cases

ü  Is OpenStack the correct platform for my business

ü  What are my key requirements for OpenStack?

ü  How to create or add production safety, availability and scale to my openstack deployment.

ü  Custom application assistance ü  Topology and requirements

evolution

ü  Design review ü  Software Upgrade procedures ü  Day 2 Support for Customized

deployments

ü  Ensure deployment evolution ü  Targeted support expertise for

your customized solution

Demo

Thank you.

Documents

OPENSTACK Deployment in the Enterprised2zmdbbm9feqrf.cloudfront.net/2014/lat/pdf/BRKDCT-2367.pdf · OPENSTACK Deployment in the Enterprise ... deployment or a hybrid deployment where