When Network Meets Apps!Putting networking and application

together

Nati ShalomGigaSpaces @natishalom

Samuel BercoviciRadware@samuelbercovici

Agenda

• Overview of Networking and Apps• What’s Changed?• Putting Networking and Apps by

Example• Future Work

Let’s Start With Some

Basic Definitions..

Application

Application & Tiers

WebTier

MiddleTier

DBTier

Zoom into a Tier

Server (Physical/VM)

Operating System (RHEL 6.5 64bits)

Database System (MySQL)

Schema (Word-press)

IP Address

IP Address

TCP Port

Logical Connectivity

WebTier

MiddleTier

DBTier

Internet

Where is the network?

Backend ZoneDMZ

WebTier

MiddleTier

DBTier

Multicast/Broadcast, Isolation

Personal DataBusiness centerDMZ

WebTier

MiddleTier

DBTier

Multicast/Broadcast, Isolation

WebTier

MiddleTier

DBTier

Layer 3 Services

• Subnet• GW• IPAM – DHCP• DNS

• Subnet• GW• IPAM – DHCP• DNS

• Subnet• GW• IPAM – DHCP• DNS

WebTier

MiddleTier

DBTier

Availability

SLB

WebTier

MiddleTier

DBTier

Availability & Scalability

SLB

SLB

SLB

WebTier

MiddleTier

DBTier

Security, Availability & Scalability

SLB

SLB

SLB

FW

WebTier

MiddleTier

DBTier

Management

SLB

SLB

SLB

FW

VPN Monitoring, CI

Expertise & Responsibilities

• Network / Security Manager– Network (L2, L3)– Network Services (Router, NAT, DHCP, DNS, LB)– Network Security (FW, VPN)

• IT / Application Manager– Server– Operating System– Software Stack– Application Artifacts– Server’s Security

Load Balancer - Management

• Network based– L2 and L3– L4 Load balancing

• Application based– Cookie based, L7 Content

Switching, L7 Content Modifications, etc.

Network Manager

Network Manager ? Application Manager ?

What’s Changed?

Everything is Software Defined

We Can Automate Everything..

Orchestration Networking

Compute

Neutron/Nova APIs

• Layer 2 networks• Layer 3 subnets

– IP address management – DHCP based– Router / gateway / NAT

• Port• Security groups• Floating IP

• Layer 4-7 Services– Load balancing– VPN– Firewall

Putting Network and Apps Together by Example

HEAT

• OpenStack Orchestration

TOSCA

• Topology• Orchestration• Specification of• Cloud• Application

Apache Server DB Server

Apache

WordpressMySQL

WordPress Simple Example• App Network• App Subnet• App Port• Security Group• Apache Floating IP• Router Gateway

• Data Network• Data Subnet• Data Port• Security Group

Router

Network Topology View

Heat Topology View

Heat Template

Apache Server DB Server

NodeJS

NodeCellerMongoDB

TOSCA (Like) Example• App Network• App Subnet• App Port• Security Group• Apache Floating IP• Router Gateway

• Data Network• Data Subnet• Data Port• Security Group

Router

Monitoring, Logging CI

Network View

Topology View

TOSCA (Like) Blueprint

Adding AutoScaling & Avaliability..

Scalability & AvailabilityRouter

L3

Tenant1 Network

Tenant1 Project

VIP1

Management Network

Web VM3

VIP1VIP1

Alteon VA Project

VM4

VM5

AutoScaling - Heat Template

• web_server_group - OS::Heat::AutoScalingGroup• web_server_scaleup_policy - OS::Heat::ScalingPolicy• web_server_scaledown_policy - OS::Heat::ScalingPolicy• cpu_alarm_high - OS::Ceilometer::Alarm• cpu_alarm_low - OS::Ceilometer::Alarm• monitor - OS::Neutron::HealthMonitor• pool - OS::Neutron::Pool• lb - OS::Neutron::LoadBalancer

So far so good, but...

Considering Real Life Scenarios

Continuous Availability Across AZ’s and Regions– Adding Affinity Rules for Compute,

Storage– Auto-Scaling, etc.

Continuous Deployment – Updating policies and workflow– Creating new deployments every day

Real Life Example

(HP Print)

• 30 HP Helion Public Cloud accounts

• 500+ compute instances

• 1400 Peak deployments per day

• 100+ compute instances per management cluster

• 100x developers doing deployments in a consistent fashion

• <2H Move from HP Helion Public Cloud tenant to a fully provisioned and deployed service

Networking and Apps in Real Life...

Future work..

Putting TOSCA and

HEAT Closer..

• TOSCA HEAT Translator Project (IBM, GigaSpaces, Huawei, Vnomic ..)

• TOSCA enablement in Heat Juno• Integrating

Cloudify and Heat

Group Based Policies

• Addressing Network Requirements from the application perspective• Delegation of

Responsibilities

References

• Examples (Step by Step Guide)– Heat Example– TOSCA (like) Example

• TOSCA Translator Project– Git Project

• OpenStack Heat Project• Cloudify – getcloudify.org• Radware Load Balancing as a Service • Group Based Policies – GPB• AutoScaling Policies – Heat Template