Upload
sdnparis
View
289
Download
3
Embed Size (px)
Citation preview
Copyright 2013 Alcatel-Lucent. All rights reserved.CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW
PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTIONNuage Networks
Nuage NetworksFlexible and agile Software Defined Networking
March 2015 Matthieu Texier
The “Consumption shift”
Applications are pushing new requirements to IT infrastructure
New Virtualization scheme are changing the way IT resources are acquired
Smooth Transition from legacy 3 tiers model to new models IT and network services are shifting
Public Cloud
Private Cloud
Devops development
3 tiers model
?
Application development velocity
Applications have to follow market demand Reduce application life cycles,
increase customer satisfaction
Build and run automation DevOps, Continuous Integration,
Continuous Testing, Continuous Delivery
New dynamics in IT infrastructure
T0 Y1 Y2 Y3 Y4
ContinuousIntegration
ContinuousTesting
ContinuousDelivery
T0 Y1 Y2 Y3 Y4
Application scalability and QoE
Applications scalability Content rich web application
(streaming tutorials, Apps, …)
Robust and optimal performances and responsiveness
Scale out automation CDN rapid deployment, Web
proxies, Expend share nothing application design
Predictable cost, Reduce initial investment
# Users
# App servers
Virtualization, infrastructure profusion
Various virtualization technologies Hypervisors : Vmware,
QEMU/KVM, Hyper-V
CMS and Openstack
Cloud and hosting provider: IaaS, PaaS, bare metal
Consistent networking across those technology Take advantage being over the top Re-use existing IP backbone, Internet OTT
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 3
HYPERVISOR 3
HYPERVISOR 3
Orchestrated overlay network services
IP fabric
Virtual IT and network provisioning
Compute and storage automation Available in
Minutes
Network is partially or not orchestrated Configuration takes
Days/Weeks
NetworkConfiguration
Compute Management
New Tenant / Application Request
Auto-instantiation
Compute Request completed in
Minutes
Help DeskChange Control
IP Address
VLAN Address
FirewallConfiguration
LAN (VLAN)Configuration
WAN (IP)Configuration
Security / QATeam
ProjectCoordinator
Network Changecompleted in days/Weeks
Network provisioning delays is show stopper (WEB APP)
00:01
Nuage solution Overview
Nuage Virtualized Services Platform (VSP)Network Virtualization and Automation
Cloud Service Management Plane
Datacenter Control Plane
DatacenterData Plane
VirtualRouting & Switching
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1
Virtualized Services Directory (VSD)• Network Policy Engine – abstracts complexity• Service templates and analytics
Virtualized Services Controller (VSC)• SDN Controller, programs the network• Rich routing feature set
Virtual Routing & Switching (VRS)• Distributed switch / router – L2-4 rules• Integration of bare metal assets
Nuage NetworksVirtualized Services Platform (VSP)
IP Fabric
Edge Router
MP-BGPMP-BGP
Hardware GW for Bare Metal
Virtualized Services Directory (VSD)
OpenFlow
XMPP
Virtualized Services Directory(VSD)
• VIRTUAL MACHINE BASED• SERVICE DEFINITION• POLICY ESTABLISHMENT• SERVICE TEMPLATING• ANALYTICS ENGINE &
REPORTING
NETWORKS
SECURITY
QOS
STATISTICS
ZONE POLICIES:WEB ACCESSBACKEND LOGICETC.
CRM APP :- VM“80MBPS – REAL TIME”
THRESHHOLD ALARM
UI
UI
REST API
MessageBus
Domain
Zones
Subnets
Policies
VPNPublic Internet
VirtualizedServicesDirectory
VirtualizedServicesController
Virtual Routing &Switching
Hypervisor
Virtualized Services Controller (VSC)
• VIRTUAL MACHINE BASED• SDN CONTROLLER• POWERED BY SERVICE
ROUTER OPERATING SYSTEM (SROS)
• PEERING & FEDERATION• AUTO-DISCOVERY• TENANT SLICING
Virtualized Services Controller(VSC)
SROS BASEDSMNP/CLIBGP/IGP
SERVICE MGRForwarding dBRIB/FIB
XMPP
OPENFLOWControl pathto VRS
Message bus for:Event NotificationsPolicy Push
Security
Load Balance
OpenFlow
XMPP
VirtualizedServicesDirectory
VirtualizedServicesController
Virtual Routing &Switching
Hypervisor
L2 or L3
(VLAN, VXLAN, GRE)
Virtual Routing & Switching (VRS)Virtual Routing and Switching
(VRS)
VRS-H*
VRS-G
VRS-X
VRS-V
Citrix XEN Hypervisors
VMware vSphere Hypervisors
Microsoft Hyper-V Hypervisors
Gateway for Bare Metal Servers &Appliances
KVM Hypervisors
VRS-K
Docker agentVRS for Docker
L2-L4 VIRTUAL SWITCH• OPEN V-SWITCH BASED • PROVIDES BOTH VXLAN
AND MPLSoGRE TUNNEL ENCAPSULATION OPTIONS
• PROGRAMMED THROUGH OPENFLOW FROM VSC, ENCAPSULATES VM FLOW INTO PREFERRED PROTOCOL (L2 OR L3)
• DETECTS VM INSTANTIATION AND TEARDOWN
OpenFlow
XMPP
VirtualizedServicesDirectory
VirtualizedServicesController
Virtual Routing &Switching
Hypervisor
Virtual Routing &Switching
Hypervisor
*Hyper-V Supported in the Future
Cloud Service Network Instantiation with Nuage NetworksFederated Inter Datacenter Services (multiple CMS)
Cloud Service Management Plane
Datacenter Control Plane
DatacenterData Plane
Brooklyn Datacenter - Zone 1
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to H
ypervisor comm
unications HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 2
HYPERVISOR
HYPERVISOR
HYPERVISOR
Network Services
Manhattan Datacenter - Zone 2
Federation of Controllers
EdgeRouter
MPLS(MP-BGP)
Service Provider Control Plane
Service Provider Data Plane
BusinessVPN Service
PrivateDatacenter
MP-BGPMP-BGP
Domain
Subnets
VPNInternet
ZonesPolicies
Cloud Service Management Plane
Datacenter Control Plane
DatacenterData Plane
VirtualizedServicesDirectory
VirtualizedServicesController
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
HYPERVISOR
Cloud Manager to Hypervisor com
munications HYPERVISOR
HYPERVISOR
HYPERVISOR
Brooklyn Datacenter - Zone 1 Brooklyn Datacenter - Zone 2
Domain
Subnets
VPNInternet
ZonesPolicies
CloudBand
HYPERVISOR
HYPERVISOR
HYPERVISOR
Manhattan Datacenter - Zone 2
VirtualizedServicesController
Network Services
EdgeRouter
MPLS(MP-BGP)
WAN Control Plane
WAN Data Plane
BusinessVPN Service
PrivateDatacenter
MP-BGP
CPE
VPN
CPE
VPN
CPE
VPN
VirtualizedServicesController
Internet
Cloud Service Network Instantiation with Nuage NetworksExtended network services to branch office (VNS solution)
Nuage solution Use casesPrivate Cloud
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
15
Why SDN, why automation
11/25/15
Legacy applications
Intranet Web, Mail, legacy
Digital stackContent and cloud
playerWeb scale
CDN, GSLB…Share nothing appliactions
Big data
Dual DCLAN switching
Multiple DC,WAN extensionInternet peering
Multiple DC,Virtual DMZ,Internet peering and CDN
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
16
Converting a marketing view to your specific needsQuestions to ask to yourself !
• Data centers and applications– Single, multiple regions ?– Multi-hypervisor ?– Applications and resiliency scheme ?– Devops, micro-segmented software design ?
• Network and IP fabric– Just couple of switch’s ?– SPINE/LEAF ?– Multiple DC’s interconnected via a WAN / public AS ?– L2 services / L3 services, security, filtering,
east/west, north/south ?
11/25/15
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 1
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 2
HYPERVISOR 3
HYPERVISOR 3
HYPERVISOR 3
Orchestrated overlay network services
IP fabric
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
17
Challenges that comes with Openstack Openstack is very well suited for very dynamic
infrastructure Devops continuous testing, create, destroy, rebuild via heat
stack or any others scripting or YAML languages How do we make it scalable, reliable, stable…
No easy answer to this question, we propose to share experience
11/25/15
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
18
Openstack networking using Neutron Network Node and optionally DVR Neutron network node (NN) still centralized
SNAT and PAT is still centralized on this node, no real HA and control plane to handle NN failure, Without DVR, NN becomes a SPOF most probably under stress with lots of traffic,
DVR is quiet hungry in terms of resources Multiple agents per compute nodes Each router requires namespace each of them running DVR (could end up with 1000 namespaces per compute node) Poor implementation of ARP and flow mapping generating entries for each VM in a broadcast domain in each
compute SNAT is mandatory to get out of Neutron Network, no way to avoid SNAT
No standard control plane Re-inventing the wheel : does it really make sense ! Ready a good headache :
https://www.youtube.com/watch?v=OpKsXX0bQAo
11/25/15
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
19Copyright 2015 Alcatel-Lucent. All rights reserved.
Openstack “stretch design”
DC 1 DC 2
WAN/Internet
Nuage XMPP traffic (VSD/VSC)
Nuage BGP traffic (VSC/VSC)
Centralized authentication via keystone db backend / proxyComes with challenges like: Installation and maintenance,
HA nodes election process (corum) for “real” HA, Storage network latency, multiple gateway and routers,
HA between network nodes, …
Expend infrastructure VLAN
Nuage overlay network
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
20Copyright 2015 Alcatel-Lucent. All rights reserved.
Example multi-DC / multi-Openstack / single SDN
DC 1 DC 2
WAN/Internet
Nuage XMPP traffic (VSD/VSC)
Nuage BGP peering (VSC/VSC)
Almost all our existing customers in productionFixes many issues like: Corum election of Openstack HA nodes,
Floating IP mobility, Storage network design and latency constraints,Probably the best compromise as of today
(Kilo / Nuage 3.2)
Nuage overlay network
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
21
11/25/15
Netw
ork
serv
ices
OpenStack Cloud Management Platform
OpenStack®
OpenStack Cloud Management Platform
OpenStack®
OpenStack Cloud Management Platform
OpenStack®
Out of the Box Content
HP Cloud Service Automation APIHP DCN
Overlay Network
AZRegion
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
Thank You
Copyright 2013 Alcatel-Lucent. All rights reserved.
CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION
23
11/25/15