implementing vcpe with openstack and software defined networks
TRANSCRIPT
![Page 1: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/1.jpg)
OpenStack Summit | Austin, TXImplementing vCPE with OpenStack and SDN
![Page 2: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/2.jpg)
Copyright © PLUMgrid, Inc. 2011-20162
IntroductionSpeaker(s)
Sr Director Product & Solution Marketing, PLUMgrid
AlariaValentina
Strategy & Content, Canonical
BaumanBill
Solution Architect,Canonical
GonzalezRafael
![Page 3: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/3.jpg)
3
Intro to Canonical & PLUMgrid Solutions
![Page 4: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/4.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
Reusable operational componentsFaster. Smarter. Better. Everywhere.
Open source application modelling
![Page 5: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/5.jpg)
reuse requires encapsulatione.g. deb, rpm
![Page 6: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/6.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
“provides neutron-api-plumgrid”
“consumes neutron-api-plumgrid”
Charms declare “interfaces”
PLUMgrid/Neutron relationneutron-
api-plumgrid
neutron-api-plumgrid
neutron-api
plumgrid-edge nova-
cloud-controller
mysql
keystone
rabbitmq-server
PLUMgrid Charm
Neutron Charm
![Page 7: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/7.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
NFV-related Juju charms
Telco-specific vendors creating Juju charms of their VNFs
EurecomVantrix6WINDOpenCellTelestaxhSenid Mobile
• PLUMgrid ONS (vCPE)• Affirmed EPC• Expeto EPC• Metaswitch IMS, SDN• Genband• Nokia• Cisco• Spirent
![Page 8: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/8.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
Juju - Open Source Generic VNFM
Bundle
Universal Service Modeling (Juju)Universal Service Modeling (Juju)
generic VNFM (Jujun)
VIM1VIM1
VIM1VIMn
RIFT.io / OSM
App IM (Juju)
Charm(VNFDa)
Charm(VNFDb)
Charm(VNFDc)
NFViNFVi
NFViNFVin
VNFa
vCPE
Catalog
VNFc
EMS
NFV-O
API’sCLI
API’s
API’sCLI
NetOps IM (OSM)
![Page 9: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/9.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
the phase change of modern softwarescale, topology, momentum
this is the age of big software
![Page 10: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/10.jpg)
Copyright © PLUMgrid, Inc. 2011-201610
PLUMgrid – Comprehensive Networking Offering Extensive software-only SDN and NFV solution for OpenStack® Clouds
Security & Compliance Support with built-in isolation, micro-segmentation via Virtual Domains & BYO service
Operational tools with proactive visibility & analytics (powered by CloudApex)
Virtual networks provisioned by users
Scalable, distributed & highly available architecture enables Production Deployments
![Page 11: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/11.jpg)
Copyright © PLUMgrid, Inc. 2011-201611
Behind the covers: IO Visor Project
BPF program written in C
Translated into eBPF instructions (LLVM)
Loaded in kernel and executed
Hooked at different levels of Linux Networking Stack
HW/veth/tap
TAP/Raw
driver
netif_receive_skb()
TC / traffic control
Bridge hook
IP / routing
Socket (TCP/UDP)
BPF
BPF
BPF
![Page 12: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/12.jpg)
Copyright © PLUMgrid, Inc. 2011-201612
Virtual Domain
Dis
tribu
ted
Pol
icy
Enf
orce
men
t Zon
e
Edge Policy
Enforcement Point
Service Insertion Architecture
3rd party Network Function(FW/LB/IPS and others)
1. Firewall in L3 or TRANSPARENT mode, it IS seen from a topology point of view
2. ALL traffic goes through the Firewall
3. Tenant is aware that the Firewall is there
![Page 13: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/13.jpg)
13
vCPE Challenges
![Page 14: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/14.jpg)
Copyright © PLUMgrid, Inc. 2011-201614
Classic CPE modelCustomer Premises Equipment as a standalone device
• CPEs are standalone nodes• Complex software, prone to failure• Cheap hardware, prone to failure• Need to provide IPAM, QoS, FW, NAT, dynamic routing…• Can’t be easily upgraded or serviced
Service Provider’s PoP
![Page 15: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/15.jpg)
15
Cloud vCPE Model
![Page 16: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/16.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
SDN / NFV modelSeparation of control and data planes
Control PlaneDeployed as virtualized software (optionally, in the cloud)
• “Remote control” of service from Telco premises• Easy to troubleshoot, patch or upgrade• CI/CD for Network software• Customer features developed independently of HW cycles
Data PlaneDeployed in a simplified version of the physical CPE
• “Passive” data plane• Commoditized hardware• “Evolved phone jack”• Less prone to failure
![Page 17: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/17.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
Cloud vCPE ModelMove all “VNFs” to the Cloud
• Device at the customer premises is a simple L2 switch• All L3-L7 functions virtualized and moved to the cloud
• Routing• Security• NAT• Multicast• QoS
DNS
Internet
![Page 18: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/18.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
Cloud vCPE Model ChallengesMove all intelligence and service enforcement to the cloud
• Virtualizing network functions brings significant improvements• Software economics and dynamics• Servicing and Operations• Upgrades
• But Metro networks and Home networks are very different: can we send all home traffic to/from the cloud for processing?• Broadcast storms• QoS / Aggregation / Contemption• UPNP, DLNA, NAT, Multicast for video… across the metro network?• Latency, Jitter• Security
• Loss of Internet connectivity anyone ?This is a LANThis is NOT a LAN!
DNS
Internet
![Page 19: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/19.jpg)
19
Tethered Cloud vCPE Model
![Page 20: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/20.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
An improved virtual CPE model“Tethered CPE”: Local enforcement, remote control
Service Provider’s Cloud
• “Common network functions”: Local enforcement, remote control from the Service Provider cloud• (DHCP, IGMP/multicast, FW, NAT, BUM filtering, etc.)
• “Headless operation of data plane” – the CPE can keep working without a WAN connection• Combine with advanced third-party network functions instantiated in the the cloud to form a complete service
graph• Advanced Firewall• DPI• WAN optimization• Captive portal• CDN…
Control and command
Internet
Tethered CPEData Plane
Tethered CPEControl Plane
CDN Portal DPIWAN Op. Adv. FW
![Page 21: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/21.jpg)
DEMO
21
![Page 22: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/22.jpg)
Copyright © PLUMgrid, Inc. 2011-2016
vCPE Demo Logical TopologyCombining “Cloud VNFs” with “SDN VNFs”
Adv. FW
Provider Cloud (Ubuntu Openstack)
Internet
Customer Premises (CPE)
DPI
SDN VNFs: Purple icons represent virtual network functions implemented in the SDN layer. They’re fully distributed and run inside the kernel of the CPE and the Openstack compute nodesCloud VNFs: Orange icons represent third-party network functions implemented as Virtual Machines or Containers in userspace.
DPI
Portal
Access/MetroNetwork
![Page 23: Implementing vCPE with OpenStack and Software Defined Networks](https://reader035.vdocuments.us/reader035/viewer/2022062412/58a159d91a28abbe3c8b6acf/html5/thumbnails/23.jpg)
Visit PLUMgrid @ C21 & Canonical @ A20
THANK YOU!