Enhancing Apache CloudStack Networking With Nuage … · • Next steps • Nuage VSP ... Cloud Service ManagementPlane Virtualized Services ... ACS provisioning 1. 1Provision SDN

Enhancing Apache CloudStack Networking With

Copyright 2015 Alcatel-Lucent. All rights reserved.

Enhancing Apache CloudStack Networking With Nuage Networks SDN Solution

Kris SterckxCloudStack Development Lead at Nuage [email protected]

Dublin, Oct. 9 2015

• Nuage VSP Architecture – Policy Driven SDN

• CloudStack NuageVsp Network Plugin

Apache CloudStack with Nuage Networks

Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015

2

• CloudStack Vpc Inline Load Balancer Plugin

• Next steps





3


• Next steps

• Nuage Networks VSP brings Policy-driven SDN to the Cloud

• Multi-Hypervisor support – ESXi, KVM, XenServer• Containers support

Bare-metal support

Nuage Networks Virtualized Services Platform


4

• Bare-metal support• Multi-CMS support• OpenStack Icehouse/Juno/Kilo/Liberty/Mitaka support• CloudStack 4.3, 4.5 and 4.6* support

Cloud Service Management Plane

VirtualizedServicesDirectory

VirtualizedServicesController

Virtualized Services Directory (VSD)•Network Policy Engine – abstracts complexity•Service templates and analytics

Nuage NetworksVirtualized Services Platform (VSP)

MP-BGP



5

Datacenter Control Plane

ServicesController •Service templates and analytics

Virtual Routing & Switching (VRS)•Distributed switch / router – L2-4 rules•Integration of bare metal assets

Virtualized Services Controller (VSC)• SDN Controller, programs the network• Rich routing feature set

DatacenterData Plane

VirtualRouting & Switching

HYPERVISORHYPERVISOR






Brooklyn Datacenter - Zone 1

IP Fabric

Hardware GW for

Bare Metal

VXLAN tunneled

OpenFlow

dVRSdVRS dVRSdVRS

VSC VSCVMVM

VMVM

VMVM

VMVM

VMVM

VMVM

ACS HostACS Host ACS HostACS Host


• Distributed switching/routing

• Direct VM to VM communicationeverywhere • on same hypervisor• VXLAN tunneled across hypervisors• VR VM is not involved


6

DatacenterIP Underlay Network

Logical Network Drawing

RouterFW/NAT

VMVM

VMVM

VMVM

VLAN 1 VLAN 2 VLAN 3VMVM

VMVM

VMVM

Internet WAN

• VR VM is not involved

• Direct VXLAN(/MPLSoGRE) communicationto the PE/GW router (in the overlay)

• Or directly dropped to underlay

• We want to expose as much as possible the goodies of SDNto CloudStack

• CloudStack engineering team staffing featureswithin cross-functional teams

Nuage Networks CloudStack


7

within cross-functional teams

• Extensive test automation• Functional test (incl. Marvin)• Concurrency tests• Scale, Performance, Longevity tests





8


• Next steps



Virtualized MP-BGP

Nu

ageVsp

Clien

tN

uageV

sp C

lient

CloudStack user Nuage VSP user (optional)

REST

Virtu

aliz

ed S

erv

ices P

latfo

rm

VSD

UI, API, cloudmonkey UI, API, vspk


9

NuageVspPlugin

NuageVspPlugin












Hardware GW for

Bare Metal

Nu

ageVsp

Clien

tN

uageV

sp C

lient

java

(Vpc)VRPlugin

(Vpc)VRPlugin

Virtu

aliz

ed S

erv

ices P

latfo

rm

VSC

VRS

OpenFlow

• Advanced Networking • Isolated Networks• Virtual Private Clouds

• Shared Networks

CloudStack NuageVsp Network Plugin

• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL


10

(Vpc)VRPlugin

(Vpc)VRPlugin

• Network ACL• Extensions to support enhanced networking capabilities

• User Data• DNS

• Public Load balancing

NuageVspPlugin

NuageVspPlugin

VpcInlineLb PluginVpcInlineLb Plugin



• VSP providing virtualnetworking w/ distributed routing


11






• CS does the IP allocation;Plugin provisions VSP;The hypervisor VRS is the DHCP provider to the VM


12






• Source NAT provisioningin VSP


13






• Static NAT rulesprovisioning in VSP


14




Both NAT’ing features are flexibleto be applied in the overlay orin the underlay (~ deployment use case)


• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL• ACL Provisioning in VSP


15




• ACL Provisioning in VSP




16




• VRS forwards request to VR(based on metadata we inject)




17




• VR is set as name server,programmed by DHCP options




18



• Public Load balancing• Realized through new plugin (see LB section)



Virtualized MP-BGP

Nu

ageVsp

Clien

tN

uageV

sp C

lient

Virtu

aliz

ed S

erv

ices P

latfo

rm

1. Launch instance

VSD


Internal (Guest VM) DNS


19

NuageVspPlugin

NuageVspPlugin












Hardware GW for

Bare Metal

Nu

ageVsp

Clien

tN

uageV

sp C

lient

(Vpc)VRPlugin

(Vpc)VRPlugin

Virtu

aliz

ed S

erv

ices P

latfo

rm

1.2 Plugin provisionsVM interface in VSPw/ DHCP options forhost/domain name & name server = VR IP 1.3 Instance boots & obtains DHCP options

VSC

VRS1.1 VR provisionedw/ DNS entry



Virtualized MP-BGP

Nu

ageVsp

Clien

tN

uageV

sp C

lient

NuageVsp Plugin – VSP Audit-Sync

Virtu

aliz

ed S

erv

ices P

latfo

rm

@NuageVsp device : Audit/Sync

VSD



20

NuageVspPlugin

NuageVspPlugin












Hardware GW for

Bare Metal

Nu

ageVsp

Clien

tN

uageV

sp C

lient

(Vpc)VRPlugin

(Vpc)VRPlugin

AUDIT :File inconsistencies

SYNC :Resolve inconsistencies

Virtu

aliz

ed S

erv

ices P

latfo

rm

VSC

VRSyaml

• Provide capabilities to the user which are present in VSP butnot yet in CloudStack

• Provides ability to customer to ‘customize’ their SDN experience

• VSP template used to instantiate L3 domain from CloudStack

Consuming advanced SDN


21

• Cloud Service Provider has the ability to turn on/off capabilities at the template level

• This behavior is pushed down to the network level



Virtualized MP-BGP

Nu

ageVsp

Clien

tN

uageV

sp C

lient

Virtu

aliz

ed S

erv

ices P

latfo

rm

1.2 Define SDN customization2. ACS provisioning

1. 1 Provision SDN template

VSD


CloudStack user Nuage VSP user


22

NuageVspPlugin

NuageVspPlugin












Hardware GW for

Bare Metal

Nu

ageVsp

Clien

tN

uageV

sp C

lient

(Vpc)VRPlugin

(Vpc)VRPlugin

Virtu

aliz

ed S

erv

ices P

latfo

rm

2.1 VSPprovisioning*by plugin

2.2 Advanced functionality @control/data path

VSC

VRS





23


• Next steps

Web tier

App tier

Public

InternetInternet

WS1WS1 WS2WS2

VRVR

lblb

Public Load Balancing – VR based

Public IPPublic IP


24

10/11/2015

App tier

DB tier1. Allocate public IP2. Assign LB rules & VM’s

Public LB by HAproxy,

fixed

VRVR

Web tier

App tier

Public

InternetInternet

WS1WS1 WS2WS2

VRVR

LBLB

lblb

HAproxybut customizable

Public Load Balancing – VpcInlineLb based

Public IPPublic IP

vipvip


25

10/11/2015

App tier


VRVR

>Orchestration of - Public IP to secondary IP static NAT- LB rule provisioning (vip = secondary IP)

Web tier

App tier

Public

InternetInternet

WS1WS1 WS2WS2HAproxybut customizable

LBLB

lblb

Public Load Balancing – SDN + VpcInlineLb based

vipvip

NuageNuagePublic IPPublic IP


26

10/11/2015

App tier

DB tier1. Allocate public IP2. Assign LB rules & VM’s>Orchestration of

- Public IP to secondary IP static NAT- LB rule provisioning (vip = secondary IP)

NuageVRS

NuageVRS

Web tier

App tier

Public

InternetInternet

WS1WS1 WS2WS2

NuageNuage

lblb

Public Load Balancing – SDN + VpcInlineLb based

Public IPPublic IP


27

10/11/2015

App tier


NuageVRS

NuageVRS

extra-VPC LB system tier

Allocating vip’sout of VPC CIDR LBLB

vipvip





28


• Next steps

Next steps

• CS 4.6 support• CLOUDSTACK-8832 / PR #801 updates the NuageVsp plugin for the

latest Nuage VSP 3.2 release - pls review !

• Features on the Roadmap include :


29

10/11/2015

• Features on the Roadmap include :• (Internal Load Balancer)• Port Forwarding• Remote Access VPN• Site-to-Site VPN• … and happy to hear your input!

Q&AApache CloudStack with Nuage Networks


30

Q&A

THANK YOU


THANK YOU


Documents

Enhancing Apache CloudStack Networking With Nuage … · • Next steps • Nuage VSP ... Cloud Service ManagementPlane Virtualized Services ... ACS provisioning 1. 1Provision SDN