Upload
fabrice-servais
View
667
Download
1
Embed Size (px)
Citation preview
Summary of a SDN internship
Development of an ACI device package for as a load-balancer
Fabrice ServaisMaster student in Computer science and engineering at ULg
January 8, 2016
4
Today’s network service insertionChallenges of Today’s L4-L7 Services Deployment
Router
Router
Switch
Load balancer
Firewall
Firewall
Servers
Configure Network to insert Firewall
Configure Load Balancer Network Parameters
Configure Network to insert Firewall
Configure Network to insert Firewall Configure Firewall Network Parameters
Configure Network to insert Firewall Configure Firewall Rules required by Application
Configure Network to insert Firewall Configure Load Balancer Network Parameter
Configure Network to insert Firewall Configure Router to steer traffic to/from LB
Configure Network to insert Firewall Configure Load Balancer as required by application
Service insertion takes days. Network configuration is time consuming and error prone.Difficult to track configuration on services
5
Service insertion in ACI
• Automated network provisioning
• Manage both Virtual and Physical
• Easy to manage
• Single point of provisioning : APIC
• GUI, REST API or Python scripts
• Health score ADC
FWV
FW
ADC
FW
FW
6
Service insertion in ACI
• Graph between 2 EPGs
• Service Graph
• Set of functions needed
• APIC does, on the device, either:
• Network and Service configuration
• Network configuration (+ Central manager for Service configuration)
• Network configuration
10
Quick word on NGINX
• Very popular web server
• First release in 2004
• Efficient under load
• Lightweight resource utilisation
• Can also be used as a Load-Balancer
• Change configuration file
• NGINX (free) & NGINX Plus
11
Context
• Device Package as a Proof-Of-Concept
• Open-source development
• Goals:
• Make it work!
• Easy to continue the development
https://github.com/FServais/NGINX-Device-Package
https://github.com/FServais/NGINX-Agent
15
Device Model
• 4 parts:
• Generic part
• Cluster and device configuration part
• Functional part
• Function profiles
Information about the device package (name, version, …)
Interfaces
Credentials
Parameter validation
Faults
Function parameters
Group parameters
Global function device
16
Device Model - Generic part
Information about the device package (name, version, …)
Interfaces
Credentials
Parameter validation
Faults
22
Device Script - APIs• Device
• deviceModify(device, interfaces, configuration)
• deviceHealth(device, interfaces, configuration)
• Cluster
• Service
• serviceModify(device, interfaces)
• serviceAudit(device, configuration)
• Endpoint and network event
• attachEndpoint(device, configuration, endpoint)
• detachEndpoint(device, configuration, endpoint)
25
Device Script - APIs• 4 categories
• Device
• deviceModify(device, interfaces, configuration)
• deviceHealth(device, interfaces, configuration)
• Cluster
• Service
• serviceModify(device, interfaces)
• serviceAudit(device, configuration)
• Endpoint and network event
• attachEndpoint(device, configuration, endpoint)
• detachEndpoint(device, configuration, endpoint)
27
Device Script - Flow - serviceAudit
serviceAudit(device, configuration)
Encapsulate device Encapsulate configuration
device -> Python dictionary configuration -> Python dictionary
device -> API.Device
Parse configuration
Generate list of NginxConfiguration
Generate management configuration
configuration -> API.Configuration
Add or update the configuration on the deviceExport configuration
For each NginxConfiguration:
Device Script - Flow - serviceAudit
serviceAudit(device, configuration)
Encapsulate device Encapsulate configuration
device -> Python dictionary configuration -> Python dictionary
device -> API.Device
Parse configuration
Generate list of NginxConfiguration
Generate management configuration
configuration -> API.Configuration
Add or update the configuration on the deviceExport configuration
For each NginxConfiguration:
30
Device Script - Parsing
Create NginxConfiguration.NginxFrontend
(or NginxConfiguration.NginxBackend)
31
Device Script - Flow - serviceAudit
Conversion
NginxConfiguration …
Parsing
Configuration from the APIC NGINX configuration
32
Device Script - Flow - serviceAudit
serviceAudit(device, configuration)
Encapsulate device Encapsulate configuration
device -> Python dictionary configuration -> Python dictionary
device -> API.Device
Parse configuration
Generate list of NginxConfiguration
Generate management configuration
configuration -> API.Configuration
Add or update the configuration on the deviceExport configuration
For each NginxConfiguration:
33
Device Script - Exportation
• Final goal: Generate String with the configuration
• Use Block and Directive
34
Device Script - Exportation
• Examples:
>>> Directive("server", ["10.9.217.1:80", ‘backup’])
server 10.9.217.1:80 backup;
>>> upstream = Block("upstream", ["backend", "option"])server1 = Directive("server", ["10.9.217.1:80", 'backup']) server2 = Directive("server", “10.9.217.2:80") upstream.add_lines(server1, server2)
upstream backend option { server 10.9.217.1:80 backup; server 10.9.217.2:80; }
35
Device Script - Flow - serviceAudit
Configuration from the APIC NGINX configuration
Conversion
NginxConfiguration
Parsing Exportation
Block/Directive
str()
36
Device Script - Flow - serviceAudit
serviceAudit(device, configuration)
Encapsulate device Encapsulate configuration
device -> Python dictionary configuration -> Python dictionary
device -> API.Device
Parse configuration
Generate list of NginxConfiguration
Generate management configuration
configuration -> API.Configuration
For each NginxConfiguration:Add or update the
configuration on the deviceExport configuration
37
Device Script - Communication with the device
• Usage of an Agent on the Load-Balancer
• Provides an API for the script
• Internally, all IO operations are handled in a class
38
Device Script - Communication with the device
• Improvements
• Basic HTTP Authentication
• Possibility to add HTTPS communication
• Compute health from the device