Embed Size (px)
Citation preview
Developing, Deploying, and Consuming L4-7 Network Services in an OpenStack Cloud
Hands-On Workshop, OpenStack Summit, Austinhttps://wiki.openstack.org/wiki/GroupBasedPolicy/Austin
Sumit Naiksatam, Igor Duarte Cardoso, Hemanth Ravi, Ivar Lazzaro, Jason Plank, David Grizzanti
Agenda
1. Intro + Workshop logistics - Sumit, 5 mins
2. OpenStack *aaS services and SFC in Neutron and GBP - Igor, 10 mins
3. GBP Intro + Service Chain consumption workflow (tenant API) - Sumit, 20 mins
4. Service Chain deployment workflow (Operator API) - Ivar, 20 mins
5. BYOF - Service Developer workflow - Hemanth, 20 mins
6. HA for Services + Sungard Production setup tour - David, 10 mins
7. Q/A
Logistics
Workshop Resources:
https://wiki.openstack.org/wiki/GroupBasedPolicy/Austin
Workshop Guide:
https://goo.gl/EwAJeg
Contains lab access information
Also, GBP devstack available to practice after workshop
OpenStack *aaS services and SFC in Neutron and GBP
OpenStack *aaS services and SFC in Neutron and GBP
OpenStack *aaS services and SFC in Neutron and GBP
OpenStack *aaS services and SFC in Neutron and GBP
OpenStack *aaS services and SFC in Neutron and GBP
VPNaaS, FWaaS, LBaaS
GBP can easily instantiate them
GBP can also chain them
Instantiation/configuration and chaining/plumbing are not coupled
Other drivers or plumbers can easily be introduced
Policy Based Service Lifecycle Management
Group Based Policy Model
Resource Model
Resource Model
1-2-3 Easy!
1. Define service chains using simple
commands/UI
2. Create Application Policy to redirect
to service chain
3. Groups provide & consume
Application Policy, done!
Consuming - Tenant Workflow
Workshop Goal
Web
FW+ LB
HTTPExternal-World App
LBHTTPDB
FW(3306)TCP
External Group PRS Service
ChainInternal Group
VM
Deploying - Operator Workflow
Separation of ConcernsOperators do this once: So that Users only have to do this:
Operator Workflow
Provide basic infrastructure constructs your cloud’s Tenants, so that they don’t have to worry about them.
● External Connectivity Policies
● Service Chain Policies
● Application Contracts
Operator Workflow
Provide basic infrastructure constructs your cloud’s Tenants, so that they don’t have to worry about them.
● External Connectivity Policies
● Service Chain Policies
● Application Contracts
External Connectivity
Neutron External Network
Neutron Subnet
External Segment
Nat Pool
Service Chain
Network Service Policy
Service Profile
Service Chain Node
Service Chain Spec
Policy Action
Policy Rule
Developing - Service Developer WorkflowBYOF - Bring Your Own Function!
Develop Firewall Service on a VM
fw-consumer
fw-provider
FW(allow icmp + ssh)
TCP
PRS Service Chain
Internal Group
VM
Service VMService
VMService VM
Service Lifecycle Management Framework - NFP
GBPService Chaining
Network Function
Orchestrator
Tenant (Over-the-cloud)
RPCNamespace
Proxy
Network Plugin Framework (NFP)
Infra (Under-the-Cloud)
RPC
REST
NFP Framework Features
Provides orchestration, configuration and visibility for Network Functions
Rendering of Service Chains via GBP NB APIs
NFP orchestrates Network Function Devices
NFP renders Network Functions
Network Function Management South Bound REST APIs
Service Insertion for configuring Interfaces & Routes
Service Configuration
Service Health Monitoring
Any L2, L3, L4-7 Network Function can be supported
BYOF! (“Bring your own Function”)
HA for Services
Sungard Availability Services
Target Market
80% mid-to-large enterprise customers
Typical Customer
Shrink wrapped applications
Looking for a mix of self-managed and Sungard AS managed offerings
Platform Expectations
Cloud Native & Traditional Networking models
Above the hypervisor services (per tenant FW, LB, VPN)
Service-chaining
Thank You
Legal Notices and Disclaimers by Intel Author - Igor Duarte Cardoso
Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at intel.com, or from the OEM or retailer.
No computer system can be absolutely secure.
Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance.
Intel, the Intel logo and others are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others.
© 2016 Intel Corporation.
