Quantum:What it is and Where it’s

going

Lew TuckerVP/CTO Cloud Computing

Cisco Systems, Inc.@lewtucker

• OpenStack: open source software for building highly scalable public and private clouds

• Designed as a set of services forming the basis of a cloud platform

• Evolving through community process in which all members may contribute

• Quantum is a community project to build a “Network Service” for advanced networking capabilities

+ Quantum

Open Source Is Where “Standard” Cloud Infrastructure Will Be Defined

Open standards [require] multiple providers, access to code and data, and interoperability of services.

The obvious solution is an open source reference model as the standard.

Potential examples of such would be the OpenStack effort.

-Simon Wardley, CSCFrom “A Question of Standards”

http://blog.gardeviance.org/2011/04/question-of-standards.html

Cloud Computing ParadoxCurrent Cloud Computing model is great for application development, self-service, and automation, but is missing the potential programmability of the infrastructure

• Applications and infrastructure could interact with each other to provide the best performance, experience and reliability

• What is missing is the right mechanism to expose networking infrastructure capabilities without bringing all the complexity into the application layer

But I can help (sigh)

I’m a Cloud. I don’t need

you!

Network Technologies in the Data Center and Internet

Internet

Partners

CRS-176006500

Nexus 7000Nexus 7000(w/ Cat 6500as Services

Chassis)

Nexus 5000w/ Nexus 2000Fabric Extender

UCS, MCS 7800 (or Generic

Rack or Blade Servers)

Nexus 1000v MDS 9000 +Consolidated

Storage Arrays (EMC, etc.)

ApplicationSoftware

VirtualMachine VSwitch Access Aggregation Core Peering IP NGN

Backbone

VMWareXen

Hyper-V

CRS-1ASR 9000ASR 1000

7600

Storage and SAN Compute

Applications

IP NGN

Application Control (SLB+)

Service Control

Global Site Selection

Intrusion Detection

Firewall Services

Virtual Device Contexts

Fibre Channel Forwarding

Fabric Extension

Fabric-Hosted Storage

Virtualization

Virtual Contexts for FW and SLB

Port Profiles and VN-Link

Port Profiles and VN-Link

Line-Rate NetFlow

Virtual Device Contexts

Secure Domain Routing

Service Profiles

Virtual Machine Optimization

10G Ethernet10G FCoE4G FC1G EthernetVM to vSwitchvSwitch to HWApp to HW / VM

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

App

OS

Storage Media Encryption

Let’s abstract all this

OpenStack Design Summit April 2011 Compute service (EC2): virtual machines

- Specify vCPU, Memory, Disk- Launch instance (image, mem_size, disk)- Suspend, clone, migrate

Storage service (S3, EBS): virtual disks- Specify storage amount, access rights- Store object- Create/attach block

• What to do about networks?

App Svr

OS

VM

??Networking

OpenStack Today: Nova Compute – Swift Storage

Nova ComputeService

Virtual Machines

SwiftStorageService

Object Store

Basic Network Connectivity

Nova and Swift API

Servers Disks

Networking is embedded inside of Nova compute, and un-accessible to application developers

Details and differences associated with network provisioning complicates a simple compute service

Difficult to track changes in networking as Software-defined Networking (SDN) comes into play

With Quantum - Networking becomes a Service

Nova ComputeService

Virtual Machines

SwiftStorageService

Object Store

Basic Network Connectivity

Nova, Swift, and Quantum API

Servers Disks

Nova becomes simpler, easier to maintain and extend

Developers have ability to create multiple networks for their own purposes (multi-tier apps)

May support provisioning of both virtual and physical networks – differences captured through plugin’s

QuantumService

Virtual Networks

Networks

Virtualization in a multi-tenant environment

Servers are virtualized through partitioning

Storage through aggregation

Networks through slicing/tunnels/tagging…

Networks are a shared resource carrying traffic for all tenants across shared links

Network overlays and virtualization create private networks through tagging, routing, encapsulation (tunneling), and separation of control (openflow, etc.)- VLANS, NVGRE, VXLAN, STT, LISP

Quantum is designed to support private networks

But wait…..

Don’t security groups, and firewalls provide isolation?

Yes

But that’s a topic for another time…..

Rest assured, Nova with Quantum supports both

2011 Design Summit - community-driven merger of proposals

NetworkServicePOCNTT/Midokura

NetworkContainersCisco

NetworkServiceCitrix/Rackspace/Nicira

NaaS Core DesignIntel

… and others

Quantum

Abstractions and APIs Compute service (EC2): virtual machines

- Launch instance (image, mem_size, disk)- Suspend, clone, migrate

Storage service (S3, EBS): virtual storage- Store object- Create/attach block

Network service (Quantum): virtual networks- Create/delete private network- Create “ports” and attach VM’s- Assign IP address blocks (DHCP)

App SvrOS

VM

App SvrOS

VM

App Svr

OS

VM

With a simple RESTful API

POST /v1.1/tenants/abc/networks.json

Request: { “network”:

{“name”:”my_db_network”

} }

Response: { “network”:

{“id”: “98bd8391-199f-4440-824d-8659e4906786”

} }

Quantum in Horizon GUI

My Private Network

What you can do with Quantum service Create multiple, virtual, isolated networks per tenant (FE-Net,

DB-Net)

Multiple network interfaces per VM (in-line services)

Create ports on networks (QoS, profiles) and attach VM’s

Have control over your own “private” IP addresses

Access through a user-friendly CLI and GUI (Horizon)

Invoke additional capabilities through extensions

Support different underlying networking implementations (VLANS, L2/L3 tunnels, etc.)

Quantum is built using a plug-in architecture to support different networking technologies

Quantum API

Quantum Service• Network abstraction definition and management• Does NOT do any actual implementation of abstraction

Quantum Plug-in API

API Extensions:For controlled innovation

and experimentation

Vendor/User Plug-In• Maps abstraction to implementation on physical network• Can provide additional features through API extensions

Quantum API interactions

Compute Service(Nova)

Network Service (Quantum)

Tenant API

Internal API Admin API SystemAdmin

Plug-In

User Application – CLI - Horizon Dashboard - Tools

Tenant API

Compute NodeHypervisor vSwitch

PhysicalNetwork Router/Switch

Clustered Network Controller

Plug-in’s available today Open vSwitch

Linux bridge

Nicira NVP

Cisco (Nexus switches and UCS VM-FEX)- WIP: VXLAN

NTT Labs Ryu OpenFlow controller

NEC OpenFlow

Big Switch Floodlight

What application developers want

Keep it simple - hide complexity while exposing capabilities

Provision their own, abstracted networking resources and topologies

Potential to create their own networking services

Isolation and non-interference

Ability to experiment while leveraging all that is provided by lower-level protocols

Application Architecture on a Whiteboard

Architecture grows as you scale-out, some components move to be closer to the internet, others move to the back-end

Different tenants and applications have different needs

App

OS

VM

DataBase

OS

VM

App

OS

VM

Web Svr

OS

VM

Web Svr

OS

VM

Web Svr

OS

VM

App Svr

OS

VM

App Svr

OS

VM

MemCach

OS

VM

MemCach

OS

VM

DataBase

OS

VM

DataBase

OS

VM

Tenant “A” Tenant “B”

DataBase

OS

VM

App

OS

VM

Tenant “C”

Internet Access, Management Network and Multi-tenant ServicesInternet

GatewayVPN

ServiceService Provider Network

10.0.1.0/24

198.133.219.10

10.0.1.0/24

Quantum today and in the near future Quantum 1.0 is available today for Essex as an incubation project

- Supports isolated L2 networks- Multiple plug-in’s available

Folsom release – moving into Core- Quantum V2 API (in development)

- Support tenant-created subnets

- Integrated with Horizon (dashboard) and Keystone (identity/token/policy)

- Includes “Melange” IPAM for IP address management

- Includes DHCP/Dnsmasq functionality

Quantum V2:Introduces Subnets, IP addr mgmt, Gateways, DNS

POST /v2.0/subnets

Request:{ "network_id": "98bd8391-…", "cidr": "10.0.0.0/24",}

Response{ "id": "e76a23fe-…", "network_id": "98bd8391-..", "cidr": "10.0.0.0/24", "gateway_ip": "10.0.0.1", "dns_nameservers": ["8.8.8.8"], "reserved_ranges": [ { "start" : "10.0.0.1", "end": "10.0.0.1"}, { "start": "10.0.0.255", "end" : "10.0.0.255"}], "additional_host_routes": [],}

Create and attach ports to VM interfaces

3

Where we will take Quantum in the future?Purposely started simple with basic abstraction, but with many blueprints expect to see rapid innovation, while maintaining backward compatibility

More plug-in’s for other networking paradigms

Extensions for QoS, port profiles, etc.

Used in the development of new network services

Applied to create virtual data centers spanning multiple sites

New uses in network service provider networks, mobile networks, sensor networks, HPC networks

For more information…

Quantum API- http://docs.openstack.org/api/openstack-network/1.0/content/

Quantum Admin Guide (Essex): - http://docs.openstack.org/trunk/openstack-network/admin/content/

Code on Github:- https://github.com/openstack/quantum

Quantum V2:- http://wiki.openstack.org/QuantumV2APIIntro

QuantumNetwork Service

Lew Tucker, Cisco Systems@lewtucker