nuage networks presents 'flexible and agile sdn' at octo technology meetup paris on nov...
TRANSCRIPT
Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks
Nuage Networks Flexible and agile Software Defined Networking
March 2015
Matthieu Texier [email protected]
The “Consumption shift”
Applications are pushing new requirements to IT infrastructure
New Virtualization scheme are changing the way IT resources are acquired
Smooth Transition from legacy 3 tiers model to new models
IT and network services are shifting
Public Cloud
Private Cloud
Devops development
3 tiers model
?
Application development velocity
Applications have to follow market demand
Reduce application life cycles, increase customer satisfaction
Build and run automation
DevOps, Continuous Integration, Continuous Testing, Continuous Delivery
New dynamics in IT infrastructure
T0 Y1 Y2 Y3 Y4
Continuous Integration
Continuous Testing
Continuous Delivery
T0 Y1 Y2 Y3 Y4
Application scalability and QoE
Applications scalability
Content rich web application (streaming tutorials, Apps, …)
Robust and optimal performances and responsiveness
Scale out automation
CDN rapid deployment, Web proxies, Expend share nothing application design
Predictable cost, Reduce initial investment
# Users
# App servers
Virtualization, infrastructure profusion
Various virtualization technologies
Hypervisors : Vmware, QEMU/KVM, Hyper-V
CMS and Openstack
Cloud and hosting provider: IaaS, PaaS, bare metal
Consistent networking across those technology
Take advantage being over the top Re-use existing IP backbone, Internet OTT
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 3
HYPERVISOR 3
HYPERVISOR 3
Orchestrated overlay network services
IP fabric
Virtual IT and network provisioning
Compute and storage automation
Available in Minutes
Network is partially or not orchestrated
Configuration takes Days/Weeks
Network Configuration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request
completed in
Minutes
Help Desk
Change Control
IP
Address
VLAN
Address
Firewall
Configuration
LAN (VLAN)
Configuration
WAN (IP)
Configuration
Security / QA
Team
Project
Coordinator
Network Change
completed in
days/Weeks
Network provisioning delays is show stopper (WEB APP)
00:01
Nuage Virtualized Services Platform (VSP) Network Virtualization and Automation
Cloud Service Management Plane
Datacenter Control Plane
Datacenter Data Plane
Virtual Routing & Switching
Virtualized Services Directory
Virtualized Services Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1
Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics
Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set
Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets
Nuage Networks Virtualized Services Platform (VSP)
IP Fabric
Edge Router
MP-BGP
MP-BGP
Hardware GW for Bare Metal
Virtualized Services Directory (VSD)
OpenFlow
XMPP
Virtualized Services Directory (VSD)
• VIRTUAL MACHINE BASED • SERVICE DEFINITION • POLICY ESTABLISHMENT • SERVICE TEMPLATING • ANALYTICS ENGINE &
REPORTING
NETWORKS
SECURITY
QOS
STATISTICS
ZONE POLICIES: WEB ACCESS BACKEND LOGIC ETC.
CRM APP :- VM “80MBPS – REAL TIME”
THRESHHOLD ALARM
UI
UI
REST API
Message Bus
Domain
Zones
Subnets
Policies
VPN Public Internet
Virtualized Services Directory
Virtualized Services Controller
Virtual Routing & Switching
Hypervisor
Virtualized Services Controller (VSC)
• VIRTUAL MACHINE BASED • SDN CONTROLLER • POWERED BY SERVICE
ROUTER OPERATING SYSTEM (SROS)
• PEERING & FEDERATION • AUTO-DISCOVERY • TENANT SLICING
Virtualized Services Controller (VSC)
SROS BASED SMNP/CLI BGP/IGP
SERVICE MGR Forwarding dB RIB/FIB
XMPP
OPENFLOW Control path to VRS
Message bus for: Event Notifications Policy Push
Security
Load Balance
OpenFlow
XMPP
Virtualized Services Directory
Virtualized Services Controller
Virtual Routing & Switching
Hypervisor
L2 or L3
(VLAN, VXLAN, GRE)
Virtual Routing & Switching (VRS) Virtual Routing and Switching
(VRS)
VRS-H*
VRS-G
VRS-X
VRS-V
Citrix XEN Hypervisors
VMware vSphere Hypervisors
Microsoft Hyper-V Hypervisors
Gateway for Bare Metal Servers & Appliances
KVM Hypervisors
VRS-K
Docker agent VRS for Docker
L2-L4 VIRTUAL SWITCH • OPEN V-SWITCH BASED • PROVIDES BOTH VXLAN
AND MPLSoGRE TUNNEL ENCAPSULATION OPTIONS
• PROGRAMMED THROUGH OPENFLOW FROM VSC, ENCAPSULATES VM FLOW INTO PREFERRED PROTOCOL (L2 OR L3)
• DETECTS VM INSTANTIATION AND TEARDOWN
OpenFlow
XMPP
Virtualized Services Directory
Virtualized Services Controller
Virtual Routing & Switching
Hypervisor
Virtual Routing & Switching
Hypervisor
*Hyper-V Supported in the Future
Cloud Service Network Instantiation with Nuage Networks
Federated Inter Datacenter Services (multiple CMS)
Cloud Service Management Plane
Datacenter Control Plane
Datacenter Data Plane
Brooklyn Datacenter - Zone 1
Virtualized Services Directory
Virtualized Services Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Clo
ud
Man
ager to H
yperviso
r com
mu
nicatio
ns
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 2
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Services
Manhattan Datacenter - Zone 2
Federation of Controllers
Edge Router
MPLS (MP-BGP)
Service Provider Control Plane
Service Provider Data Plane
Business VPN Service
Private Datacenter
Domain
Subnets
VPN Internet
Zones
Policies
Cloud Service Management Plane
Datacenter Control Plane
Datacenter Data Plane
Virtualized Services Directory
Virtualized Services Controller
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Clo
ud
Man
ager to H
yperviso
r com
mu
nicatio
ns
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1 Brooklyn Datacenter - Zone 2
Domain
Subnets
VPN Internet
Zones
Policies
CloudBand
HYPERVISOR
HYPERVISOR
HYPERVISOR
Manhattan Datacenter - Zone 2
Virtualized Services Controller
Network Services
Edge Router
MPLS (MP-BGP)
WAN Control Plane
WAN Data Plane
Business VPN Service
Private Datacenter
MP-BGP
CPE
VPN
CPE
VPN
CPE
VPN
Virtualized Services Controller
Internet
Cloud Service Network Instantiation with Nuage Networks
Extended network services to branch office (VNS solution)
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Why SDN, why automation
11/25/2015
15
Legacy applications
Intranet Web, Mail, legacy
Digital stack Content and cloud
player Web scale
CDN, GSLB… Share nothing appliactions
Big data
Dual DC LAN switching
Multiple DC, WAN extension Internet peering
Multiple DC, Virtual DMZ, Internet peering and CDN
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Converting a marketing view to your specific needs Questions to ask to yourself !
• Data centers and applications – Single, multiple regions ? – Multi-hypervisor ? – Applications and resiliency scheme ? – Devops, micro-segmented software design ?
• Network and IP fabric – Just couple of switch’s ? – SPINE/LEAF ? – Multiple DC’s interconnected via a WAN /
public AS ? – L2 services / L3 services, security, filtering,
east/west, north/south ?
11/25/2015
16
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 3
HYPERVISOR 3
HYPERVISOR 3
Orchestrated overlay network services
IP fabric
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Challenges that comes with Openstack
Openstack is very well suited for very dynamic infrastructure
Devops continuous testing, create, destroy, rebuild via heat stack or any others scripting or YAML languages
How do we make it scalable, reliable, stable…
No easy answer to this question, we propose to share experience
11/25/2015
17
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Openstack networking using Neutron Network Node and optionally DVR Neutron network node (NN) still centralized
SNAT and PAT is still centralized on this node, no real HA and control plane to handle NN failure, Without DVR, NN becomes a SPOF most probably under stress with lots of traffic,
DVR is quiet hungry in terms of resources Multiple agents per compute nodes Each router requires namespace each of them running DVR (could end up with 1000 namespaces per
compute node) Poor implementation of ARP and flow mapping generating entries for each VM in a broadcast domain
in each compute SNAT is mandatory to get out of Neutron Network, no way to avoid SNAT
No standard control plane Re-inventing the wheel : does it really make sense ! Ready a good headache :
https://www.youtube.com/watch?v=OpKsXX0bQAo
11/25/2015
18
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
19 Copyright 2015 Alcatel-Lucent. All rights reserved.
Openstack “stretch design”
DC 1 DC 2
WAN/Internet
Nuage XMPP traffic (VSD/VSC)
Nuage BGP traffic (VSC/VSC)
Centralized authentication via keystone db backend / proxy Comes with challenges like: Installation and maintenance,
HA nodes election process (corum) for “real” HA, Storage network latency, multiple gateway and routers,
HA between network nodes, …
Expend infrastructure VLAN
Nuage overlay network
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
20 Copyright 2015 Alcatel-Lucent. All rights reserved.
Example multi-DC / multi-Openstack / single SDN
DC 1 DC 2
WAN/Internet
Nuage XMPP traffic (VSD/VSC)
Nuage BGP peering (VSC/VSC)
Almost all our existing customers in production
Fixes many issues like: Corum election of Openstack HA nodes,
Floating IP mobility, Storage network design and latency constraints,
Probably the best compromise as of today
(Kilo / Nuage 3.2)
Nuage overlay network
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Thank You