OpenStack and the Transformation of the Data Center - Lew Tucker
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

OpenStack and the Transformation of the Data Center - Lew Tucker

  • 2,117 views
Uploaded on

Presented at OpenStack Summit - Atlanta May 2014 ...

Presented at OpenStack Summit - Atlanta May 2014
Lew Tucker, Cisco

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,117
On Slideshare
2,055
From Embeds
62
Number of Embeds
2

Actions

Shares
Downloads
241
Comments
0
Likes
6

Embeds 62

https://twitter.com 61
https://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. OpenStack and the Transformation of the Data Center Lew Tucker, VP/CTO Cloud Computing, Cisco @lewtucker OpenStack Summit – Atlanta, May 2014
  • 2. 2© 2014 Cisco and/or its affiliates. All rights reserved. Source: Cisco Visual Networking Index 2016 20202017 71% of apps will run on virtual machines 2/3 of all mobile traffic will be video 50 billion connected devices The Growth of the Internet Is Impacting All Aspects of IT More data created this year than in the past 5000 2012 Mobile Internet of Things New Breed of Apps Cloud
  • 3. 3© 2014 Cisco and/or its affiliates. All rights reserved. IT World Becoming Increasingly Complex Systems of to Systems of - Geoffrey Moore http://www.slideshare.net/rstrad1/moore-digitalimpact Devices Collaboration Software & Apps Network IT Infrastructure & Platform Services
  • 4. 4© 2014 Cisco and/or its affiliates. All rights reserved. Internet of Things to Internet of Everything Smart Grid Smart Buildings Smart Factories SF City Parking Spaces (open source data) Connecting, sensing, measuring, and controlling in real time improves reliability, cost, and alignment of supply and demand
  • 5. 5© 2014 Cisco and/or its affiliates. All rights reserved. New Technologies Driving a Virtuous Cycle of Innovation CLOUD BIG DATA INTERNET OF THINGS SDN Volume Velocity Variety
  • 6. 6© 2014 Cisco and/or its affiliates. All rights reserved. Design It Code It Where Can We Put It? Procure It Install It Configure It Secure It Push It The Promise of Cloud Computing From 8 Weeks to 15 Minutes Continuous Deployment … with Elastic Scaling
  • 7. 7© 2014 Cisco and/or its affiliates. All rights reserved. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 06 07 08 09 10 11 12 13 Datacenter Spending (%) Over Time Server Spending Standalone Servers - Mgnt & Admin Virtual Servers - Mgnt & Admin Power & Cooling Expense Source: IDC, 2011 “New Economic Model for the Datacenter” • Operating expenses represent over 80% of data center spending • OpEx increase driven by server virtualization • New models are needed Management (OpEx) Expenses Growing
  • 8. 8© 2014 Cisco and/or its affiliates. All rights reserved. Source: Heavy Reading - Where Networks Meet IT IT Administrators Face a Tidal Wave of Innovations Network Functions Virtualization (NVF) OpenStack Programmability OpenFlow Virtualization SDN Abstraction Orchestration APIs Cloudification Data Centers Network OS X86 Hypervisor Automation
  • 9. And the Data Centers keep Growing
  • 10. 10© 2014 Cisco and/or its affiliates. All rights reserved. OpenStack Heralds the Creation of a New Layer in Software Stack That Spans the Entire Data Centers Unified Compute, Storage, Networking Infrastructure - Physical + Virtual OpenStack Network Service OpenStack Compute Service OpenStack Storage Service User App-1 User App-2 User App-3 PaaS Service User App-3
  • 11. 11© 2014 Cisco and/or its affiliates. All rights reserved. Salt Puppet Chef Ansible Git GerritJenkins CI/CD Software and Automation – Driving Speed and Agility
  • 12. 12© 2014 Cisco and/or its affiliates. All rights reserved. Software-Defined Networking – Overlay Networking Leaf Spine Servers VPNs/Public Internet Edge Routers Scale Out Core. . . . Virtual Access Layer vSwitch V M V M V M vSwitch V M V M V M
  • 13. 13© 2014 Cisco and/or its affiliates. All rights reserved. OpenStack Platform: Services and APIs Nova Compute Heat Orchestration Glance Image Storage Swift Storage Neutron Networking Keystone Security OpenStack Design Principle Built as a set of loosely coupled, related projects developing advanced cloud services • Each service driven by community projects with contributions from many companies • Easier for innovation through addition of new services • Small number of core services • Larger number of associated services
  • 14. Meanwhile, a Revolution Was Happening in Networking… OpenFlow • Protocol which would allow software running on servers to direct the flow of packets in a network • Separation of control and data planes Server Virtualization • Created need for virtual switches on each server • Vmware, Cisco Nexus 1000v, Open vSwitch Virtualized Network Services • Firewall, load- balancing, VPN • Network service orchestration Network Controller • Lots of activity around creating new SDN controllers • Open source projects: Open Daylight
  • 15. 15© 2014 Cisco and/or its affiliates. All rights reserved. Network Functions Virtualization (NFV) Provides Dynamically Scalable Services AT&T, BT, Orange, Telecom Italia, Telefonica, Telstra, V erizon…
  • 16. 16© 2014 Cisco and/or its affiliates. All rights reserved. OpenStack Networking Evolved Nova Networking • Simple, flat networking • Contained within Nova service • Difficult to accommodate rapid changes happening in networking Neutron Networking • Treat networking as a separate service • Designed to hide specific vendor/technology implementation choices from the developer’s APIs and abstractions • Being extended to include network services and heterogeneous environments
  • 17. 17© 2014 Cisco and/or its affiliates. All rights reserved. OpenStack Neutron Networking Service Network Service (Neutron) API Network Service Network abstraction definition and management No actual implementation of abstraction Plugin API API Extensions Vendor Plug-Ins Linux Bridge, Open vSwitch, Cisco, Big Switch, Brocade, Cloudbase, Mellanoz, Midonet, NEX, PLUMgrid, Ryu, Vmware NSX …. Vendor/User Plug-In Implementation of abstractions Virtual or physical Extended APIs
  • 18. OpenStack Neutron ML2 Architecture Neutron Server DHCP Agent L3 Agent Message Queue REST API Neutron Core plugins ML2 Cisco (Nexus,N1Kv) OVS Morevendor plugins Type Drivers Mechanism Drivers VLAN GRE VXLAN CiscoNexus OVS OpenDayLight APIC Neutron Service plugins LoadBalancer Firewall VPN HAProxy IPTables OpenSwan • Core + Extension REST APIs • Message queue for communicating with neutron agents • Core and service plugins • Different vendor core plugins • Different network technology support • ML2 plugin with type and mechanism drivers • Service plugins with backend drivers IPTables on Network Node Core API Network Port Subnet Resource and Attribute Extension API ProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS …. L2 Agent OVS on Compute Node Southbound Interfaces L3ServicesFutures Morevendor drivers
  • 19. OpenStack Neutron ML2 Architecture Neutron Server REST API Neutron Core pluginsML2 Cisco (Nexus,N1Kv) OVS Morevendor plugins Type Drivers Mechanism Drivers VLAN GRE VXLAN CiscoNexus OVS OpenDayLight APIC Neutron Service plugins LoadBalancer Firewall VPN HAProxy IPTables OpenSwan • Core + Extension REST APIs • Message queue for communicating with neutron agents • Core and service plugins • Different vendor core plugins • Different network technology support • ML2 plugin with type and mechanism drivers • Service plugins with backend drivers Core API Network Port Subnet Resource and Attribute Extension API ProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS …. Southbound Interfaces L3ServicesFutures Morevendor drivers
  • 20. 20© 2014 Cisco and/or its affiliates. All rights reserved. Neutron Networking for Tenant Isolation Networks Tenant Networks Admin Provider Networks VLAN VXLAN GRE vSwitch ToR/Fabric vSwitch, ToR vSwitch Network Type Network Segmentation Scheme for Tenant Isolation Device Implementing Network Segmentation Scheme Direct Device Configuration Device Configuration through Controller Neutron Plugin/Driver
  • 21. 21© 2014 Cisco and/or its affiliates. All rights reserved. Neutron Networking for Layer 3 Services Networks Tenant Networks Admin Provider Networks Linux Host Service VM’s Provisioned Externally Network Type Device implementing Advanced Service Direct Device Configuration Device Configuration through Controller Neutron Plugin/Driver vSwitch, To R Routers Neutron Resource
  • 22. 22© 2014 Cisco and/or its affiliates. All rights reserved. Neutron Cisco CSR1000v for Neutron VPN Service VPN VMs on Compute Nodes CSR1Kv VM Neutron Server Neutron Service Plugin (VPN) Cisco VPN Service Driver VPN Agent Cisco VPN Device Driver REST API Benefits • CSR1Kv secure VPN qualified solution • Unlock rich CSR1Kv features into OpenStack Router 10.1.0.4 10.1.0.1 172.24.4.11 VM 10.2.0.4 VM Router Network Network 10.2.0.1 172.24.4.21 CSR1Kv 172.24.4.23 10.2.0.6 Site to Site IPsec Tunnel CSR1Kv 172.24.4.13 Private networkPrivate network Public NetworkPublic Network Site1 Site2
  • 23. 23© 2014 Cisco and/or its affiliates. All rights reserved. Server Virtualization Virtual Switches Storage Virtualization Network Virtualization Network Function Virtualization VMs and Containers Network Controllers Object Storage Services Block Storage Services OpenStack Platform for the New Data Center OpenStack Cloud Platform Services ApplicationsUser Apps System Apps OrchestrationProvisioning Metering MonitoringIdentity
  • 24. 24© 2014 Cisco and/or its affiliates. All rights reserved.  System administration apps and services orchestrating the infrastructure – YES  User-facing applications?  Is there an easier way to realize developer’s intent without becoming a network administrator? Do Applications Really Want to Program the Network?
  • 25. 25© 2014 Cisco and/or its affiliates. All rights reserved. Typical 3-Tier Application Design Pattern Web Tier Web Server VM Web Server VM Web Server VM Public Internet App Server VM App Server VM MemCache VM App-Server Tier Database VM Database VM Database Tier Want to connect web servers to public Internet, while blocking outside access to application and database servers Load Balance Across Web Servers Protect VMs with Security Group RulesCreate Networks, Routers
  • 26. 26© 2014 Cisco and/or its affiliates. All rights reserved. Developer’s Intent: Control Access, Direct Traffic Web Tier Web Svr VM Web Svr VM Web Svr VM Public Internet App Svr VM App Svr VM MemCache VM App Server Tier DataBase VM DataBase VM Database Tier Policy PolicyPolicy Performance Security Scalability Availability Performance Security Scalability Availability Performance Security Scalability Availability Consistency, Repeatability
  • 27. 27© 2014 Cisco and/or its affiliates. All rights reserved. Group-based Policy Abstractions Developed by the Community https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction Blueprint Contributors: • Nuage, Juniper, IBM, Big Switch, One Convergence, Red Hat, Mirantis, Midokura, Cisco
  • 28. 28 EXTENDING OPENSTACK NEUTRON API’S NEUTRON ROUTER SECURITY GROUP NEUTRON NETWORK Neutron API Group Policy API NEUTRON NETWORK Port Port Tenant Tenant Use Existing Neutron APIs with APIC and Cisco ACI Contract GROUP SERVICE CHAIN GROUP Group Policy introduces a new API that maps to the ACI policy model
  • 29. 29 SEPARATING TENANT POLICIES FROM OPERATIONS 2 ACI Admin (Manages Network Operations and Infrastructure) L/B EPG APP EPG DBF/W L/B EPG WEB Application Network Profile Create Application Policy 3 5 ACI Fabric Push Policy APIC OpenStack Tenant (Manages Tenant and Application State only) Instantiate VMs Web WebWebWeb AppApp4 Create Application Network Profile 1 DB DB HYPERVISOR HYPERVISOR HYPERVISOR NOVANEUTRON Automatically Push Network Profiles to AFC L/B EPG APP EPG DBF/W L/B EPG WEB Application Network Profile Application Policy Infrastructure Controller
  • 30. 30 OPENSTACK + CISCO’S APPLICATION POLICY CONTROLLER NEUTRON ROUTER SECURITY GROUP Web WebWebWeb AppApp DB DB HYPERVISOR HYPERVISOR HYPERVISOR NEUTRON NETWORK APIC Web WebWebWeb AppApp DB DB HYPERVISOR HYPERVISOR HYPERVISOR Contract Contract Contract DBAPPWEB ADC F/W ADC APIC APIC Plugin APIC Plugin OVS Plugin Neutron Networking APIC Plugin Group Policy Plugin OVS Plugin Neutron Networking APIC PLUGIN GROUP POLICY PLUGIN
  • 31. 31 https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction Thursday, May 15: 1:30 – 2:10 B309 IBM, Cisco, Midokura Wednesday, May 14: 3:30-4:10 B309 KEY SESSIONS: NEUTRON NETWORKING IN AN APPLICATION-CENTRIC WORLD
  • 32. 32© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Closing Thoughts
  • 33. 33© 2014 Cisco and/or its affiliates. All rights reserved. The Landscape has changed  We’ve moved from mainframes with dumb terminals to cloud-based apps, smart phones, and devices  Cloud-native apps at scale span multiple availability zones and geographies  Any app, anywhere, any device The Vanishing Data Center and the InterCloud
  • 34. 34© 2014 Cisco and/or its affiliates. All rights reserved. Multi-tenancy, dynamic provisioning, and elasticity is the new normal  Applications are continuously deployed and released  DevOps turns infrastructure into code The Vanishing Data Center and the InterCloud
  • 35. 35© 2014 Cisco and/or its affiliates. All rights reserved. Data centers are becoming nodes in a larger, global graph  Computing and distributed storage is moving to the edge  How will this change the concepts of traditional networks?  What is meant by a cloud when they themselves become part of an Intercloud? The Vanishing Data Center and the InterCloud
  • 36. Thank you.