Copyright 2013 Alcatel-Lucent. All rights reserved.
Policy Driven Networking and
Migration to Openstack
Scott Sneddon
@ssn...
The “Consumption shift”
 Cloud is changing the way
technology is being
consumed
 From “order and wait”
 To “instant gra...
 Compute is Virtualized
 Available in
Minutes
 Network is Partially
Virtualized
 Configuration takes
Days/Weeks
Networ...
 Network is “more”
virtualized
 Some things available
in minutes – Some
not so much
 Many network
elements are manually...
 Committees still build “networks”
 Audits/reviews
 In a NaaS environment (AWS, etc)
this is delegated to the tenant
 ...
Application = Web
Application = SAP
Application = Database
Network Virtualization solutions…
Group applications into “netw...
Policy approach to networking
Policy Templates
Users
Application Types
Business Rules
Policy Evaluation
Firewall
Firewall
...
How to expose network policy in Neutron?
OpenStack Group Based Policy Abstractions for Neutron
https://blueprints.launchpa...
What is a Neutron network Policy?
OpenStack Group Based Policy Abstractions for Neutron
https://blueprints.launchpad.net/n...
Openstack Network Policy becomes more sophisticated
 Nuage has provided policy
abstractions for virtual and
physical netw...
Cloud Service
Management Plane
Datacenter
Control Plane
Datacenter
Data Plane
Virtual
Routing &
Switching
Nuage Networks V...
DATACENTER
NETWORK
. . . .
Any Compute Virtualization Environment
Any Datacenter Networking Hardware
Any Server or Hypervi...
Seamless interconnect between clouds
 Distributed L2 and L3 routing to
each hypervisor
 Within clouds and across clouds
...
Simplified migration to Openstack
Using a hypervisor-agnostic network platform
 How to migrate apps to Openstack
when the...
Demo…
Conclusions
• Creation of distributed virtual switches and virtual routers - great for
virtual networks and better than ol...
For more information…
• Nuage Networks Virtualized Services Platform
• http://www.nuagenetworks.net/solutions/
• OpenStack...
18
5/20/2014
Network Policy NOW
@nuagenetworks
@ssneddon
Upcoming SlideShare
Loading in …5
×

Policy Driven Networking and Migration to Openstack by Scott Sneddon of Nuage Networks

727 views
557 views

Published on

Policy Driven Networking and Migration to Openstack by Scott Sneddon of Nuage Networks.

We were part of a killer Openstack Summit in Atlanta, GA in 2014. If you missed it or want to see the deck from Scott's presentation, check it out here. Thanks for your interest!


twitter: @ssneddon
twitter: @nuagenetworks
http://www.nuagenetworks.net
info at nuagenetworks dot net

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
727
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Policy Driven Networking and Migration to Openstack by Scott Sneddon of Nuage Networks

  1. 1. Copyright 2013 Alcatel-Lucent. All rights reserved. Policy Driven Networking and Migration to Openstack Scott Sneddon @ssneddon @nuagenetworks
  2. 2. The “Consumption shift”  Cloud is changing the way technology is being consumed  From “order and wait”  To “instant gratification” Consumer expectations are shifting Multiple personas Single user On-demand personalized catalogue
  3. 3.  Compute is Virtualized  Available in Minutes  Network is Partially Virtualized  Configuration takes Days/Weeks Network Configuration Compute Management New Tenant / Application Request Auto-instantiation Compute Request completed in Minutes Help Desk Change Control IP Address VLAN Address Firewall Configuration LAN (VLAN) Configuration WAN (IP) Configuration Security / QA Team Project Coordinator Network Change completed in days/Weeks 00:01 Datacenter Network Service velocity is hindered by manual network process
  4. 4.  Network is “more” virtualized  Some things available in minutes – Some not so much  Many network elements are manually configured  Manual per-tenant network configurations Network Configuration Compute Management New Tenant / Application Request Auto-instantiation Compute Request completed in Minutes SDN Controller Some Network Change completed In Minutes 00:01 00:01 Software Defined Datacenter Network Service velocity accelerated, but…
  5. 5.  Committees still build “networks”  Audits/reviews  In a NaaS environment (AWS, etc) this is delegated to the tenant  Is this what your DevOps team should be doing? Network Configuration Software Defined Network Configuration We’ve only addressed part of the automation problem Security / QA Team VLAN Address IP Address WAN (IP) Configuration Firewall Configuration Network Configuration created in days/Weeks
  6. 6. Application = Web Application = SAP Application = Database Network Virtualization solutions… Group applications into “network sandboxes”
  7. 7. Policy approach to networking Policy Templates Users Application Types Business Rules Policy Evaluation Firewall Firewall W BLBL W Firewall W W Firewall Firewall W BLBL W Firewall Firewall W BLBL W BLBL Design once, re-use multiple times Application Networks Application- centric
  8. 8. How to expose network policy in Neutron? OpenStack Group Based Policy Abstractions for Neutron https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction • An Application-centric approach to networking • Moving away from traditional network constructs • ports, subnets, routers, etc • Aiming for a highly abstracted interface for application developers to • express desired connectivity of application components • and express high-level policies governing that connectivity • Without imposing constraints on the underlying implementation
  9. 9. What is a Neutron network Policy? OpenStack Group Based Policy Abstractions for Neutron https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction Outside EPG Web EPG App EPG DB EPG VM VM VM VM VM VM VM VM Web Contract App Contract App Contract Public Network Private Networks
  10. 10. Openstack Network Policy becomes more sophisticated  Nuage has provided policy abstractions for virtual and physical networks since first release  ACLs, QoS classification and enforcement  Difficult to express using existing Neutron constructs…  Which is why we’re contributing to Group Based Policy Cleanly express application policy in Neutron
  11. 11. Cloud Service Management Plane Datacenter Control Plane Datacenter Data Plane Virtual Routing & Switching Nuage Networks Virtual Services Platform Network virtualization and automation Virtualized Services Directory Virtualized Services Controller HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR Brooklyn Datacenter - Zone 1 Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets Nuage Networks Virtualized Services Platform (VSP) IP Fabric Edge Router MP-BGPMP-BGP Hardware GW for Bare Metal
  12. 12. DATACENTER NETWORK . . . . Any Compute Virtualization Environment Any Datacenter Networking Hardware Any Server or Hypervisor Open solution Consistent capabilities across
  13. 13. Seamless interconnect between clouds  Distributed L2 and L3 routing to each hypervisor  Within clouds and across clouds  No choke points  Shared L2 and L3 networks across DCs  KVM, LXC, Xen, ESXi  Openstack, Cloudstack Hypervisor Hypervisor Legacy DC Hypervisor Hypervisor Hypervisor Private Cloud Hypervisor Public Cloud IP Fabric (DC & WAN) Virtualized Services Directory Network, Security Admin Application developers XaaS App/Dev Container App/Dev Container App/Dev Container
  14. 14. Simplified migration to Openstack Using a hypervisor-agnostic network platform  How to migrate apps to Openstack when they have network dependencies?  How to migrate while maintaining IP addresses?  How to migrate individual hosts within an application?  Physical to Virtual?  Virtual to Virtual? . . . . ???
  15. 15. Demo…
  16. 16. Conclusions • Creation of distributed virtual switches and virtual routers - great for virtual networks and better than old models, but … • Creates a distributed virtual configuration and management challenge • Provisioning and management of these endpoints can not be done with traditional methodology • Policy abstraction is a proven framework • Successfully shipping since May 2013
  17. 17. For more information… • Nuage Networks Virtualized Services Platform • http://www.nuagenetworks.net/solutions/ • OpenStack Neutron Group Based Policy Abstraction • https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction • OpenDaylight Application Policy Plugin • https://wiki.opendaylight.org/view/Project_Proposals:Application_Policy_Plugin
  18. 18. 18 5/20/2014 Network Policy NOW @nuagenetworks @ssneddon

×