0
Quantum,network services for Openstack            Salvatore Orlando          sorlando@nicira.com    Openstack Quantum core...
Caveats• Quantum is in its teenage years: there are lots  of things that it WILL do, but doesn’t do yet;  – nevertheless i...
Outline• What is OpenStack?• Why Quantum?• What is Quantum?  – API Overview  – Plugin Architecture  – Quantum in Openstack...
What is OpenStack?
What is OpenStack?                        “To produce the ubiquitous                       open source cloud computing    ...
Why is Openstack Compelling?Incredible cross-industry mindshare and momentum        Real resource commitments from many co...
Openstack core                              Credits to Syed Armani                     http://www.youtube.com/watch?v     ...
Who is Deploying OpenStack? Hosting Providers Carrier / Telco Large Enterprise GovernmentMore information: http://www.open...
10,000 ft (3 km) Architecture View• Each service is a separate piece of software, includes:   – A tenant-facing API that e...
Why Quantum?
In the beginning..*-as-a-Service Capability       OpenStack Service         Compute                       Nova      Object...
Why Quantum?• Networking was sub-component of OpenStack  Compute layer (Nova).• Two Key Problems:  #1: No tenant control o...
Problem #1: No Tenant ControlTo move enterprise apps to thecloud, tenants want to “copy andpaste” their existing data cent...
Why Quantum? Reason #1      On-demand Enterprise-Class Networking• Tenants can:   – create multiple private networks   – c...
Problem #2: Technology Limitations• Cloud puts new stresses on  networks:  – High-density multi-tenancy, massive    scale ...
Why Quantum?          #2: Leveraging Advanced Technologies• New networking technologies are emerging  to try and tackle th...
…and finally*-as-a-Service Capability       OpenStack Service         Compute                       Nova      Object Stora...
What is Quantum?
Quantum Architecture                      Generic OpenStack APIs   Operator Selected Backends                           Co...
Basic API Abstractions                      VM1                  VM2                    virtual serverNova                ...
Tenant view vs Provider view                                     VM           VM                        VM           VM   ...
Quantum Model: Dynamic Network     Creation + Association                           TenantA-VM2           TenantA-VM3     ...
Quantum API Extensions• Enables innovation in virtual networking.    – Tenants can query API to programmatically discover ...
Example: Quantum + Extensions                                 TenantA-VM2             TenantA-VM3                TenantA-V...
Quantum Architecture                      Generic OpenStack APIs   Operator Selected Backends                           Co...
Quantum “Plugins”• Different plugin “engines” present different trade-offs:    –   Free vs. Commercially Supported    –   ...
Quantum Architecture (generic)API Clients      Quantum Service                 Backend X                 Quantum          ...
Open Source and Commercial       Quantum PluginsBasic open source plugins based on Open vSwitch, Linux Bridge,and Ryu netw...
Quantum Project Releases• Incubation release (OpenStack Essex, April ‘12)   – v1 API, base L2 API abstractions   – 5 plugi...
New in Folsom – Quantum API v2• “merge” between Quantum v1 and Melange  – API specification draft:    http://wiki.openstac...
New in Folsom – Interaction with nova• Nova-network not invoked anymore• Compute manager calls Quantum directly• Capabilit...
Changes in Nova/Quantum interaction
New in Folsom – DHCP agent• Sends IP configuration to instances  – IP address and default gateway  – DNS nameservers  – Ho...
Quantum Case Study:Quantum Plugin for Nicira NVP
Nicira NVP Network Virt Model• Edge virtualization in hypervisor (open vswitch) with  overlay tunneling decouples logical ...
Quantum w/NVP ArchitectureAPI Clients        Quantum Service          Nicira NVP                                          ...
Thanks!        Questions?        Salvatore Orlando      sorlando@nicira.comOpenStack Quantum core developer       twitter ...
Upcoming SlideShare
Loading in...5
×

Am 04 track1--salvatore orlando--openstack-apac-2012-final

847

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
847
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
75
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Am 04 track1--salvatore orlando--openstack-apac-2012-final"

  1. 1. Quantum,network services for Openstack Salvatore Orlando sorlando@nicira.com Openstack Quantum core developer Twitter- @taturiello
  2. 2. Caveats• Quantum is in its teenage years: there are lots of things that it WILL do, but doesn’t do yet; – nevertheless it has a great potential and energy – however it is a bit unruly and sometimes needs extra patience• The main focus of this talk is on users wishing to deploy Quantum in their cloud
  3. 3. Outline• What is OpenStack?• Why Quantum?• What is Quantum? – API Overview – Plugin Architecture – Quantum in Openstack Folsom• Use Case: Nicira NVP Plugin – Network virtualization model• Questions
  4. 4. What is OpenStack?
  5. 5. What is OpenStack? “To produce the ubiquitous open source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable.” Allow anyone to automate IT provisioning in a public or private IaaS cloud that meets (and exceeds) the capabilities of Amazon EC2.
  6. 6. Why is Openstack Compelling?Incredible cross-industry mindshare and momentum Real resource commitments from many companies:200+ unique developers from 55+ companies in last 6-month release
  7. 7. Openstack core Credits to Syed Armani http://www.youtube.com/watch?v =dD80PDDn6gw&context=C31ba4 d9ADOEgsToPDskJn_HO1uy2BQnr Gy-crqhnz HORIZON KEYSTONE NOVAGLANCE
  8. 8. Who is Deploying OpenStack? Hosting Providers Carrier / Telco Large Enterprise GovernmentMore information: http://www.openstack.org
  9. 9. 10,000 ft (3 km) Architecture View• Each service is a separate piece of software, includes: – A tenant-facing API that exposes logical abstractions for consuming/monitoring the service. – Pluggable backend to choose “best of breed’ implementations (open source or vendor proprietary). Generic OpenStack APIs Operator Selected Backends Compute API KVM XenServer Network API VLANs + IPtables Nicira NVPTenant(GUI, CLI, Storage API EMC NFSAPI code)
  10. 10. Why Quantum?
  11. 11. In the beginning..*-as-a-Service Capability OpenStack Service Compute Nova Object Storage Swift Image Glance Identity Keystone Network ?
  12. 12. Why Quantum?• Networking was sub-component of OpenStack Compute layer (Nova).• Two Key Problems: #1: No tenant control of networking. #2: Limited technology “baked in” to design.
  13. 13. Problem #1: No Tenant ControlTo move enterprise apps to thecloud, tenants want to “copy andpaste” their existing data centernetwork topologies: – Ability to create “multi-tier” networks (e.g., web tier, app tier, db tier) – Control over IP addressing. – Ability to insert and configure your “You can have any color as long as its black.“ own services (e.g., firewall, IPS) - Henry Ford about the Model-T – VPN/Bridge to remote physical hosting or customer premises (“cloudbursting”).
  14. 14. Why Quantum? Reason #1 On-demand Enterprise-Class Networking• Tenants can: – create multiple private networks – control IP addressing – monitor basic network status.• Quantum API extensions provide: – Advanced control + visibility: Security policies, Quality-of-Service, Build rich networks, Monitoring + Troubleshooting. customized to tenant needs. – Advanced Network Services: routers, Firewalls, VPN, IDS, etc.
  15. 15. Problem #2: Technology Limitations• Cloud puts new stresses on networks: – High-density multi-tenancy, massive scale – Strict uptime requirements. – Integrate with legacy hosting environments / remote data centers. – VM mobility Who needs private – On-demand service insertion networks?• But Nova was limited to basic Trunking all VLANs VLAN model + Linux IPtables. is a great idea! - Stone Age Man
  16. 16. Why Quantum? #2: Leveraging Advanced Technologies• New networking technologies are emerging to try and tackle these challenges. – Overlay tunneling: VXLAN, NVGRE, STT – Software-defined Networking (SDN) / OpenFlow – VPN-based solutions (e.g., E-VPN). – L2 Fabric solutions: FabricPath, Qfabric, etc. – Your Own Idea for virtual networking!• Quantum provides a “plugin” mechanism to enable different technologies (more later). Use advanced technologies to reach new heights.• Choice is a good thing!
  17. 17. …and finally*-as-a-Service Capability OpenStack Service Compute Nova Object Storage Swift Image Glance Identity Keystone Network Quantum
  18. 18. What is Quantum?
  19. 19. Quantum Architecture Generic OpenStack APIs Operator Selected Backends Compute API XenServer Network API Nicira NVP Tenant Tools (GUI, CLI, Storage API EMC API code)An eco-system of A generic tenant API A “plugin” architecturetools that leverage to create and with different back-endthe Quantum API. configure “virtual “engines” networks”
  20. 20. Basic API Abstractions VM1 VM2 virtual serverNova 10.0.0.2 10.0.0.3 virtual interface (VIF) virtual portQuantum Net1 L2 virtual network 10.0.0.0/24 Subnet (new!) “virtual networks” are fundamentally multi-tenant, just like virtual servers.
  21. 21. Tenant view vs Provider view VM VM VM VM A1 A2 B1 B2Tenant View Network A Network B Phy Srv 1 Phy Srv 2 Phy Srv 3 VM VM VM VM A1 B1 A2 B2 Hypervisor Hypervisor HypervisorProvider View Data Centre Network
  22. 22. Quantum Model: Dynamic Network Creation + Association TenantA-VM2 TenantA-VM3 TenantA-VM1 10.0.0.3 9.0.0.2 10.0.0.2 9.0.0.3 Tenant-A Net1 Tenant-A Net2 10.0.0.0/24 9.0.0.0/24 Public Net88.0.0.0/18 • Tenant can use API to create many networks. • When booting a VM, define which network(s) it should connect to. • Can even plug-in instances from other services (e.g., a load-balancing service).
  23. 23. Quantum API Extensions• Enables innovation in virtual networking. – Tenants can query API to programmatically discover supported extensions. – Overtime, extensions implemented by many plugins can become “core”.• Add properties on top of existing network/port abstractions: – QoS/SLA guarantees / limits – Security Filter Policies – port statistics / netflow• New Services – L3 forwarding, ACLs + NAT (“elastic” or “floating” IPs) – VPN connectivity between cloud and customer site, or another cloud datacenter.
  24. 24. Example: Quantum + Extensions TenantA-VM2 TenantA-VM3 TenantA-VM1 10.0.0.3 10.0.1.2 10.0.0.2 9.0.0.3 TenantA-VM4 Tenant-A Net1 Tenant-A Net2 172.16.0.30 10.0.0.0/24 10.0.1.0/24 Tenant-A Net3 172.16.0.0/24 Not VPN necessarily a Tenant-A On VM! Premise Net Public Net172.16.0.0/24 88.0.0.0/18
  25. 25. Quantum Architecture Generic OpenStack APIs Operator Selected Backends Compute API XenServer Network API Nicira NVP Tenant Tools (GUI, CLI, Storage API EMC API code)An eco-system of A generic tenant API A “plugin” architecturetools that leverage to create and with different back-endthe Quantum API. configure “virtual “engines” networks”
  26. 26. Quantum “Plugins”• Different plugin “engines” present different trade-offs: – Free vs. Commercially Supported – Advanced Features (exposed as API extensions) – Scalability – High Availability (control & data plane) – Hypervisor Compatibility – Network HW Compat (vendor specific? Allow L3 scale-out?) – Manageability / troubleshooting• Cloud Operators weigh trade-offs, choose a plugin.• Note: Back-end technology hidden behind core Quantum API – Example: VLANs vs. tunneling
  27. 27. Quantum Architecture (generic)API Clients Quantum Service Backend X Quantum API Tenant Create-net Scripts . Horizon . Plugin GUI . X Create- Orchestration Physical port virtual switch Code Network Nova Compute API Extensions Interfaces from Nova plug into a switch manages by Uniform API the Quantum plugin. for all clients
  28. 28. Open Source and Commercial Quantum PluginsBasic open source plugins based on Open vSwitch, Linux Bridge,and Ryu network operating system existThe following vendors have publicly stated that they already haveor are developing a Quantum plugin (others exist as well)
  29. 29. Quantum Project Releases• Incubation release (OpenStack Essex, April ‘12) – v1 API, base L2 API abstractions – 5 plugins available. – In production at early adopters.• First “core” release (OpenStack Folsom, Oct. ‘12) – v2 API, with L2 + L3 API abstractions – Additional plugins available. – Quantum becomes “default” networking option for OpenStack.
  30. 30. New in Folsom – Quantum API v2• “merge” between Quantum v1 and Melange – API specification draft: http://wiki.openstack.org/Quantum/APIv2- specification• New resource: Subnet – IP address blocks for instances, IP gateway, dns nameservers, host routes and IP allocation pools• IP and MAC allocation for ports• Shared networks• “Provider” networks (API extension)
  31. 31. New in Folsom – Interaction with nova• Nova-network not invoked anymore• Compute manager calls Quantum directly• Capabilities exposed by the “Quantum Manager” for nova network now provided by Quantum
  32. 32. Changes in Nova/Quantum interaction
  33. 33. New in Folsom – DHCP agent• Sends IP configuration to instances – IP address and default gateway – DNS nameservers – Host Routes• Configuration info fetched from Quantum database• Attaches to Quantum networks and listens for DHCP requests
  34. 34. Quantum Case Study:Quantum Plugin for Nicira NVP
  35. 35. Nicira NVP Network Virt Model• Edge virtualization in hypervisor (open vswitch) with overlay tunneling decouples logical + physical topology. – Flexibility designing Fabric (requires only IP unicast) • Can use traditional design, or Fat-tree/Clos • No requirement for L2 adjacency, large MAC/ACL tables in HW – Place/move any workload anywhere in the DC.• Control Plane work is Distributed across nodes within the NVP control cluster to provide scalability & fault tolerance.• Quantum Tenants can dynamically create/modify/monitor rich networks abstractions via Quantum API.
  36. 36. Quantum w/NVP ArchitectureAPI Clients Quantum Service Nicira NVP Controller Quantum NVP Cluster NVP NVP NVP API Controller handles NO Plugin Controller Controller dataplane Tenant Create-net Cluster traffic. Scripts Create- . net . . Horizon . . Create-portOrchestration . Code Create- L3 Fabric OVS API port Extensions Nova Compute
  37. 37. Thanks! Questions? Salvatore Orlando sorlando@nicira.comOpenStack Quantum core developer twitter - @taturiello
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×