Embed Size (px)
Citation preview
Summary of a SDN internship
Development of an ACI device package for as a load-balancer
Fabrice ServaisMaster student in Computer science and engineering at ULg
January 8, 2016
2
Agenda
1. ACI service insertion
2. Goal
3. Development of the Device Package
4. Demo
ACI service insertion
3
4
Today’s network service insertionChallenges of Today’s L4-L7 Services Deployment
Router
Router
Switch
Load balancer
Firewall
Firewall
Servers
Configure Network to insert Firewall
Configure Load Balancer Network Parameters
Configure Network to insert Firewall
Configure Network to insert Firewall Configure Firewall Network Parameters
Configure Network to insert Firewall Configure Firewall Rules required by Application
Configure Network to insert Firewall Configure Load Balancer Network Parameter
Configure Network to insert Firewall Configure Router to steer traffic to/from LB
Configure Network to insert Firewall Configure Load Balancer as required by application
Service insertion takes days. Network configuration is time consuming and error prone.Difficult to track configuration on services
5
Service insertion in ACI
• Automated network provisioning
• Manage both Virtual and Physical
• Easy to manage
• Single point of provisioning : APIC
• GUI, REST API or Python scripts
• Health score ADC
FWV
FW
ADC
FW
FW
6
Service insertion in ACI
• Graph between 2 EPGs
• Service Graph
• Set of functions needed
• APIC does, on the device, either:
• Network and Service configuration
• Network configuration (+ Central manager for Service configuration)
• Network configuration
7
Device PackageDevice Model
Device Script
Goal
8
9
Problem
What if we want to use NGINX as a Load-balancer in an ACI fabric?
Create a Device Package
10
Quick word on NGINX
• Very popular web server
• First release in 2004
• Efficient under load
• Lightweight resource utilisation
• Can also be used as a Load-Balancer
• Change configuration file
• NGINX (free) & NGINX Plus
11
Context
• Device Package as a Proof-Of-Concept
• Open-source development
• Goals:
• Make it work!
• Easy to continue the development
https://github.com/FServais/NGINX-Device-Package
https://github.com/FServais/NGINX-Agent
12
Development of the Device Package
13
NGINX configuration
Block
Directive
Load-balancer
Pool
14
Device PackageDevice Model
Device Script
15
Device Model
• 4 parts:
• Generic part
• Cluster and device configuration part
• Functional part
• Function profiles
Information about the device package (name, version, …)
Interfaces
Credentials
Parameter validation
Faults
Function parameters
Group parameters
Global function device
16
Device Model - Generic part
Information about the device package (name, version, …)
Interfaces
Credentials
Parameter validation
Faults
17
Device Model - Functional part
Function parameters
Group parameters
Global function device
18
Device Model - Functional part
Global function device
18
Device Model - Functional part
Global function device
18
Device Model - Functional part
Global function device
19
Device Model - Functional part
Function configuration
19
Device Model - Functional part
Function configuration
19
Device Model - Functional part
Function configuration
20
Device Model - Function profile
• Set the value to the parameters
21
Device PackageDevice Model
Device Script
22
Device Script - APIs• Device
• deviceModify(device, interfaces, configuration)
• deviceHealth(device, interfaces, configuration)
• Cluster
• Service
• serviceModify(device, interfaces)
• serviceAudit(device, configuration)
• Endpoint and network event
• attachEndpoint(device, configuration, endpoint)
• detachEndpoint(device, configuration, endpoint)
23
Device Script - Configuration argument
24
Device Script - Configuration argument
25
Device Script - APIs• 4 categories
• Device
• deviceModify(device, interfaces, configuration)
• deviceHealth(device, interfaces, configuration)
• Cluster
• Service
• serviceModify(device, interfaces)
• serviceAudit(device, configuration)
• Endpoint and network event
• attachEndpoint(device, configuration, endpoint)
• detachEndpoint(device, configuration, endpoint)
26
Device Script - Flow - serviceAudit
Conversion
Configuration from the APIC NGINX configuration
27
Device Script - Flow - serviceAudit
serviceAudit(device, configuration)
Encapsulate device Encapsulate configuration
device -> Python dictionary configuration -> Python dictionary
device -> API.Device
Parse configuration
Generate list of NginxConfiguration
Generate management configuration
configuration -> API.Configuration
Add or update the configuration on the deviceExport configuration
For each NginxConfiguration:
Device Script - Flow - serviceAudit
serviceAudit(device, configuration)
Encapsulate device Encapsulate configuration
device -> Python dictionary configuration -> Python dictionary
device -> API.Device
Parse configuration
Generate list of NginxConfiguration
Generate management configuration
configuration -> API.Configuration
Add or update the configuration on the deviceExport configuration
For each NginxConfiguration:
29
Device Script - Parsing
Save the names
30
Device Script - Parsing
Create NginxConfiguration.NginxFrontend
(or NginxConfiguration.NginxBackend)
31
Device Script - Flow - serviceAudit
Conversion
NginxConfiguration …
Parsing
Configuration from the APIC NGINX configuration
32
Device Script - Flow - serviceAudit
serviceAudit(device, configuration)
Encapsulate device Encapsulate configuration
device -> Python dictionary configuration -> Python dictionary
device -> API.Device
Parse configuration
Generate list of NginxConfiguration
Generate management configuration
configuration -> API.Configuration
Add or update the configuration on the deviceExport configuration
For each NginxConfiguration:
33
Device Script - Exportation
• Final goal: Generate String with the configuration
• Use Block and Directive
34
Device Script - Exportation
• Examples:
>>> Directive("server", ["10.9.217.1:80", ‘backup’])
server 10.9.217.1:80 backup;
>>> upstream = Block("upstream", ["backend", "option"])server1 = Directive("server", ["10.9.217.1:80", 'backup']) server2 = Directive("server", “10.9.217.2:80") upstream.add_lines(server1, server2)
upstream backend option { server 10.9.217.1:80 backup; server 10.9.217.2:80; }
35
Device Script - Flow - serviceAudit
Configuration from the APIC NGINX configuration
Conversion
NginxConfiguration
Parsing Exportation
Block/Directive
str()
36
Device Script - Flow - serviceAudit
serviceAudit(device, configuration)
Encapsulate device Encapsulate configuration
device -> Python dictionary configuration -> Python dictionary
device -> API.Device
Parse configuration
Generate list of NginxConfiguration
Generate management configuration
configuration -> API.Configuration
For each NginxConfiguration:Add or update the
configuration on the deviceExport configuration
37
Device Script - Communication with the device
• Usage of an Agent on the Load-Balancer
• Provides an API for the script
• Internally, all IO operations are handled in a class
38
Device Script - Communication with the device
• Improvements
• Basic HTTP Authentication
• Possibility to add HTTPS communication
• Compute health from the device
Demo time!
39
40
Network
![Docker 及Kubernetes 基础 · richarvey/nginx-php-fpm Container running Nginx + PHP-FPM capable ... 675 [OK] jrcs/letsencrypt-nginx-proxy-companion LetsEncrypt container ... centos/nginx-18-centos7](https://img.dokumen.tips/doc/110x75/5ec38c3a5e3bae053a7989f8/docker-kubernetes-c-richarveynginx-php-fpm-container-running-nginx-php-fpm.jpg)
