Upload
nuage-networks
View
273
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Policy Driven Networking and Migration to Openstack by Scott Sneddon of Nuage Networks. We were part of a killer Openstack Summit in Atlanta, GA in 2014. If you missed it or want to see the deck from Scott's presentation, check it out here. Thanks for your interest! twitter: @ssneddon twitter: @nuagenetworks http://www.nuagenetworks.net info at nuagenetworks dot net
Citation preview
Copyright 2013 Alcatel-Lucent. All rights reserved.
Policy Driven Networking and Migration to OpenstackScott Sneddon@ssneddon
@nuagenetworks
The “Consumption shift”
Cloud is changing the way technology is being consumed
From “order and wait”
To “instant gratification”
Consumer expectations are shifting
Multiple personas
Single user
On-demand personalized catalogue
Compute is Virtualized
Available in Minutes
Network is Partially Virtualized
Configuration takes Days/Weeks
NetworkConfiguration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request completed in
Minutes
Help DeskChange Control
IP Address
VLAN Address
FirewallConfiguration
LAN (VLAN)Configuration
WAN (IP)Configuration
Security / QATeam
ProjectCoordinator
Network Changecompleted in days/Weeks
00:01
Datacenter Network
Service velocity is hindered by manual network process
Network is “more” virtualized
Some things available in minutes – Some not so much
Many network elements are manually configured
Manual per-tenant network configurations
NetworkConfiguration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request completed in
Minutes
SDN Controller
Some Network Change completed In Minutes
00:01 00:01
Software Defined Datacenter Network
Service velocity accelerated, but…
Committees still build “networks”
Audits/reviews
In a NaaS environment (AWS, etc) this is delegated to the tenant
Is this what your DevOps team should be doing?
NetworkConfiguration
Software Defined Network Configuration
We’ve only addressed part of the automation problem
Security / QATeam
VLAN Address
IPAddress
WAN (IP)Configuration
FirewallConfiguration
Network Configurationcreated in days/Weeks
Application = Web
Application = SAP
Application = Database
Network Virtualization solutions…
Group applications into “network sandboxes”
Policy approach to networking
Policy Templates
Users
Application Types
Business Rules
Policy Evaluation
Firewall
Firewall
W
BLBL
W
FirewallW W
Firewall
Firewall
W
BLBL
W
Firewall
Firewall
W
BLBL
W
BLBL
Design once, re-use multiple times
Application Networks
Application-centric
How to expose network policy in Neutron?
OpenStack Group Based Policy Abstractions for Neutronhttps://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
• An Application-centric approach to networking• Moving away from traditional network constructs
• ports, subnets, routers, etc• Aiming for a highly abstracted interface for application developers to
• express desired connectivity of application components• and express high-level policies governing that connectivity
• Without imposing constraints on the underlying implementation
What is a Neutron network Policy?
OpenStack Group Based Policy Abstractions for Neutronhttps://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
Openstack Network Policy becomes more sophisticated
Nuage has provided policy abstractions for virtual and physical networks since first release
ACLs, QoS classification and enforcement
Difficult to express using existing Neutron constructs…
Which is why we’re contributing to Group Based Policy Cleanly express application policy in Neutron
Cloud Service Management Plane
Datacenter Control Plane
DatacenterData Plane
VirtualRouting & Switching
Nuage Networks Virtual Services PlatformNetwork virtualization and automation
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1
Virtualized Services Directory (VSD)• Network Policy Engine – abstracts complexity• Service templates and analytics
Virtualized Services Controller (VSC)• SDN Controller, programs the network• Rich routing feature set
Virtual Routing & Switching (VRS)• Distributed switch / router – L2-4 rules• Integration of bare metal assets
Nuage NetworksVirtualized Services Platform (VSP)
IP Fabric
Edge Router
MP-BGPMP-BGP
Hardware GW for Bare Metal
DATACENTERNETWORK
. . . .
Any Compute Virtualization Environment
Any Datacenter Networking Hardware
Any Server or Hypervisor
Open solution
Consistent capabilities across
Seamless interconnect between clouds Distributed L2 and L3 routing to
each hypervisor
Within clouds and across clouds
No choke points
Shared L2 and L3 networks across DCs
KVM, LXC, Xen, ESXi
Openstack, CloudstackHypervisor
Hypervisor
Legacy DC
Hypervisor
Hypervisor
Hypervisor
Private CloudHypervisor
Public Cloud
IP Fabric (DC & WAN)
Virtualized ServicesDirectory
Network, Security Admin Application developers
XaaS
App/Dev Container
App/Dev Container
App/Dev Container
Simplified migration to Openstack
Using a hypervisor-agnostic network platform
How to migrate apps to Openstack when they have network dependencies?
How to migrate while maintaining IP addresses?
How to migrate individual hosts within an application?
Physical to Virtual?
Virtual to Virtual?
. . . .
???
Demo…
Conclusions
• Creation of distributed virtual switches and virtual routers - great for virtual networks and better than old models, but …
• Creates a distributed virtual configuration and management challenge
• Provisioning and management of these endpoints can not be done with traditional methodology
• Policy abstraction is a proven framework
• Successfully shipping since May 2013
For more information…
• Nuage Networks Virtualized Services Platform
• http://www.nuagenetworks.net/solutions/
• OpenStack Neutron Group Based Policy Abstraction• https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
• OpenDaylight Application Policy Plugin• https://wiki.opendaylight.org/view/Project_Proposals:Application_Policy_Plugin
185/14/14
Network Policy NOW
@nuagenetworks
@ssneddon