Tap-As-A-Service: What You Need to Know Now

PLUMgrid
May. 4, 2016
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
Tap-As-A-Service: What You Need to Know Now
1 of 29

Tap-As-A-Service: What You Need to Know Now

May. 4, 2016
Download to read offline
Technology

Tap-as-a-Service is a relatively new OpenStack project that was designed to provide tenants and service providers a means of monitoring the traffic flowing in their Neutron provisioned virtual networks. A lot of work has been carried out in the last two cycles, with multiple developers from around the world now contributing to the cause. This presentation offers a review of all the progress made to date. We will discuss the primary motivations for monitoring network activity, explore the major challenges one can expect to encounter when attempting to monitor network traffic in a cloud environment and describe the need for a platform oriented solution. Next, an overview of the TaaS architecture and API will be presented, along with an update on current development activities and some of the planned enhancements for the future. We will also demonstrate traffic visibility solutions for a representative set of use cases covering network trouble-shooting, security and analytics.

PLUMgrid

Recommended

Tap as a service: What you need to know nowTap as a service: What you need to know now
Tap as a service: What you need to know nowFawad Khaliq476 views29 slides
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooPLUMgrid411 views25 slides
Design and Deploy Secure Clouds for Financial Services Use CasesDesign and Deploy Secure Clouds for Financial Services Use Cases
Design and Deploy Secure Clouds for Financial Services Use CasesPLUMgrid306 views28 slides
Cloud nfv intro at UoGCloud nfv intro at UoG
Cloud nfv intro at UoGAffan Syed621 views34 slides
Nimbus Concept brochureNimbus Concept brochure
Nimbus Concept brochureNimbus Concept953 views8 slides
Network Monitoring and AnalyticsNetwork Monitoring and Analytics
Network Monitoring and AnalyticsPLUMgrid997 views12 slides

More Related Content

Viewers also liked(13)

Q1 - evaluationQ1 - evaluation
Q1 - evaluation
jjsmaje175 views
ERA_OverviewERA_Overview
ERA_Overview
Mirela Primorac - Computer Recycling Canada265 views
Método de proyecto para la educación en tecnologíaMétodo de proyecto para la educación en tecnología
Método de proyecto para la educación en tecnología
David Ruiz121 views
Building a Scalable Federated Hybrid CloudBuilding a Scalable Federated Hybrid Cloud
Building a Scalable Federated Hybrid Cloud
PLUMgrid672 views
How to grow a vegetable gardenHow to grow a vegetable garden
How to grow a vegetable garden
natalie_0302286 views
Testing the limits of cloud networksTesting the limits of cloud networks
Testing the limits of cloud networks
PLUMgrid638 views
See Your OpenStack Network Like Never BeforeSee Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never Before
PLUMgrid525 views
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
PLUMgrid261 views
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
PLUMgrid317 views
Communicable diseaseCommunicable disease
Communicable disease
frattelo824 views
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack Clouds
PLUMgrid350 views
Tiffanie Pierce VitaeTiffanie Pierce Vitae
Tiffanie Pierce Vitae
Tiffanie Pierce259 views
OpenStack and Application Delivery: Joy and Pain of an Intricate RelationshipOpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
PLUMgrid380 views

More from PLUMgrid(17)

SDN Scale-out Testing at OpenStack Innovation Center (OSIC)SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
PLUMgrid670 views
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
PLUMgrid2K views
Service Discovery and Registration in a Microservices ArchitectureService Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices Architecture
PLUMgrid6.6K views
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile Edge
PLUMgrid608 views
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid328 views
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
PLUMgrid798 views
Implementing vCPE with OpenStack and Software Defined NetworksImplementing vCPE with OpenStack and Software Defined Networks
Implementing vCPE with OpenStack and Software Defined Networks
PLUMgrid1.6K views
Hands-on Lab: Test Drive Your OpenStack NetworkHands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack Network
PLUMgrid746 views
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud Foundry
PLUMgrid385 views
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
PLUMgrid2K views
Unified Underlay and Overlay SDNs for OpenStack CloudsUnified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack Clouds
PLUMgrid2K views
Managing Multi-hypervisor OpenStack Cloud with Single Virtual NetworkManaging Multi-hypervisor OpenStack Cloud with Single Virtual Network
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
PLUMgrid1.8K views
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFVRevolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
PLUMgrid938 views
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
PLUMgrid14.5K views
Federation manager demoFederation manager demo
Federation manager demo
PLUMgrid366 views
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack Networking
PLUMgrid965 views
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
PLUMgrid2.4K views

Recently uploaded(20)

If P&C Insurance – Insurtech Innovation Award 2023If P&C Insurance – Insurtech Innovation Award 2023
If P&C Insurance – Insurtech Innovation Award 2023
The Digital Insurer56 views
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Harshana Martin48 views
[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf
[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf
William Caban41 views
Performance Tuning Using oratop Performance Tuning Using oratop
Performance Tuning Using oratop
Sandesh Rao31 views
How SACCOs can increase their memberships AD_compressed (1).pdfHow SACCOs can increase their memberships AD_compressed (1).pdf
How SACCOs can increase their memberships AD_compressed (1).pdf
CoretecDigital39 views
PRISMCRM_ENG_Real-Estate-CRMPRISMCRM_ENG_Real-Estate-CRM
PRISMCRM_ENG_Real-Estate-CRM
Mustafa Kuğu184 views
Securing Your Printing Environment Mitigating Risks and Ensuring Confidential...Securing Your Printing Environment Mitigating Risks and Ensuring Confidential...
Securing Your Printing Environment Mitigating Risks and Ensuring Confidential...
FujifilmFbsg36 views
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
James Anderson52 views
Zapata-Technology-Corporate-Capabilities-Slide-Deck_July-2023-1.pdfZapata-Technology-Corporate-Capabilities-Slide-Deck_July-2023-1.pdf
Zapata-Technology-Corporate-Capabilities-Slide-Deck_July-2023-1.pdf
SeanHay625 views
Why Flutter.pdfWhy Flutter.pdf
Why Flutter.pdf
Randal Schwartz197 views
INASLA_AI and Landscape Architecture.pptxINASLA_AI and Landscape Architecture.pptx
INASLA_AI and Landscape Architecture.pptx
Jonathon Geels46 views
How to use 23c AHF AIOPS to protect Oracle Databases 23c How to use 23c AHF AIOPS to protect Oracle Databases 23c
How to use 23c AHF AIOPS to protect Oracle Databases 23c
Sandesh Rao30 views
PAYDAY – Insurtech Innovation Award 2023PAYDAY – Insurtech Innovation Award 2023
PAYDAY – Insurtech Innovation Award 2023
The Digital Insurer22 views
How to Set Up Your First Crypto WalletHow to Set Up Your First Crypto Wallet
How to Set Up Your First Crypto Wallet
Danielle9510914 views
An Introduction To Using ChatGPT For BusinessAn Introduction To Using ChatGPT For Business
An Introduction To Using ChatGPT For Business
Paul Nguyen24 views
Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...
Oracle AHF Insights 23c - Deeper Diagnostic Insights for your Oracle Database...
Sandesh Rao32 views
Unleashing the Power of GPT & LLM: A Holland & Barrett ExplorationUnleashing the Power of GPT & LLM: A Holland & Barrett Exploration
Unleashing the Power of GPT & LLM: A Holland & Barrett Exploration
Dobo Radichkov49 views
Safe Community Call #11Safe Community Call #11
Safe Community Call #11
LornyPfeifer24 views
Generative AIGenerative AI
Generative AI
All Things Open107 views
Hyperledger FireFly - HYPERLEDGER Workshop, WebXHyperledger FireFly - HYPERLEDGER Workshop, WebX
Hyperledger FireFly - HYPERLEDGER Workshop, WebX
Hyperleger Tokyo Meetup20 views

Tap-As-A-Service: What You Need to Know Now

  1. In Collaboration With April 28, 2016 Tap-as-a-service: What you need to know now

  2. Copyright © PLUMgrid, Inc. 2011-2016 Introduction Speaker(s) Sr. Software Engineer PLUMgrid Inc Khaliq Fawad 2 Distinguished Engineer Gigamon Rao Anil Tech Lead NEC Technologies Banerjee Reedip Experienced Researcher Ericsson Yadhav Vinay Sr. Software Engineer Midokura Yamamoto Takashi

  3. Copyright © PLUMgrid, Inc. 2011-2016 • Tap-as-a-Service Introduction • Motivation for TaaS • Progress so far • TaaS Object Model • Demo • Next Steps • Q&A Agenda 3

  4. Tap-as-a-Service Introduction 4

  5. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service in OpenStack 5 • Advanced networking service in OpenStack to provide traffic mirroring. • API for port mirroring currently. • Facilitates tenants/operators to mirror packets from one or more Neutron ports. • Neutron port could be a VM, container or baremetal based on backend implementation.

  6. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service in OpenStack 6 TaaS Neutron source port 1 source port 2 TaaS dest port 1 TaaS User

  7. Motivation for TaaS 7

  8. Copyright © PLUMgrid, Inc. 2011-2016 Motivation for TaaS 8 Traffic Monitoring Process • Involves placing tap devices at appropriate locations within the network infrastructure and attaching traffic analyzers to them. • These analyzers can then see the same packets passing through those network segments, as if they were also inline. • A logical tap device can be (easily) constructed using the port-mirroring function of a network switching element. • So, why is it [still] not possible to monitor the activity in OpenStack virtual networks?

  9. Copyright © PLUMgrid, Inc. 2011-2016 Motivation for TaaS 9 Architectural Characteristics of Cloud Platforms Multi-tenancy Location Independency • Multi-tenancy allows available resources and services to be shared among different groups of users. • Each group, known as a tenant, is provided with an environment that is completely isolated from the others. • Members of a tenant are oblivious of the fact that other groups may be co-existing with them. • Multi-tenancy promotes delegation of control in a safe and secure manner. • Location independence is primarily concerned with hiding the identities of individual infrastructure components from virtualized workloads. • This has made it possible to relocate running virtual machines from one host to another. • An equally important but less appreciated benefit of location independence is the improved efficiency in resource allocation.

  10. Copyright © PLUMgrid, Inc. 2011-2016 Motivation for TaaS 10 • Tenants are (typically) unaware of the physical hosts on which their VMs are running. • VMs belonging to different tenants may be placed on the same host. • Tenant virtual networks often extend across multiple hosts. • To avoid the possibility of cross-tenant data leakage, tenants are prevented from directly accessing the controls of the underlying switch fabric. - comprising of host-level virtual switches, top-of-rack switches, etc. • Unfortunately, this means that the port-mirroring capability of those switches is also not available.

  11. Copyright © PLUMgrid, Inc. 2011-2016 Motivation for TaaS 11 Desire: • A tapping service that will enable a tenant and/or the cloud administrator to safely monitor Neutron ports. • The service must ensure that tenant isolation boundaries are not compromised. • Port-mirror sessions should transparently span hosts to preserve location independence. Solution: • Tap-as-a-Service is a platform oriented approach that satisfies the above need. • It has effectively virtualized port-mirroring, which used to be a switch layer function, and made it available to users of Neutron provisioned networks. • TaaS will serve as the basic building block on top of which more complex traffic visibility solutions can be engineered.

  12. Progress So Far 12

  13. Copyright © PLUMgrid, Inc. 2011-2016 Progress So Far 13 • Version 0.1 for TaaS presented in Demo, with successful integration. • Source code resides on Github (https://github.com/openstack/tap-as-a-service). • Application for inclusion as an official OpenStack project in Governance and as a possible participant in Neutron Stadium. • Support for TaaS in Horizon Dashboard (Beta version). • TaaS is now available as a CLI with NeutronClient. • neutron tap-service-create/neutron tap-service-delete/neutron tap-service-show/neutron tap-service-list • neutron tap-flow-create/neutron tap-flow-delete/neutron tap-flow-show/neutron tap-flow-list • Tempest Jobs for TaaS are functional on the gate.

  14. Tap-as-a-service Object Model 14

  15. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Object Model 15 TAP SERVICE Represents the port on which the mirrored traffic is delivered. Any service (VM) that uses the mirrored data is attached to the port. TAP FLOW Represents the port from which the traffic needs to be mirrored. Multiple TAP FLOW instances can be associated with a single TAP SERVICE instance.

  16. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Object Model (cont’d) 16 PortPort Instance Instance

  17. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Object Model (cont’d) 17 TapService PortPort Instance Instance

  18. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Object Model (cont’d) 18 TapFlowTapService PortPort Instance Instance

  19. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Object Model (cont’d) 19 TapFlowTapService PortPort OUT IN Instance Instance

  20. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Object Model (cont’d) 20 TapFlowTapService PortPort Mirror Traffic OUT IN OUT IN Instance Instance

  21. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Object Model (cont’d) 21 TapFlow TapService Port Port Mirror Instance Port TapFlow Instance Instance

  22. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Design (agent based) 22 SWITCHING ELEMENT TaaS Agent Framework Plugin Service DRIVER ABC RPC Communication TaaS API Tenant / Administrator

  23. Copyright © PLUMgrid, Inc. 2011-2016 Tap-as-a-service Design (controller based) 23 SDN controller Plugin Service DRIVER ABC TaaS API Tenant / Administrator

  24. DEMO 24

  25. Copyright © PLUMgrid, Inc. 2011-2016 Demo: Tap-as-a-service Overview Environment Use Cases What to Expect Demonstrate how Tap-as-a-Service can be utilized to monitor network traffic associated with VM instances in an OpenStack cloud. 1. Web traffic analysis. 2. Centralized Intrusion Detection System. The first portion of the demo will show how tap-services and tap- flows can be easily configured via the Horizon Dashboard. Next, we will illustrate how TaaS can play an important role in satisfying the needs of data analytics and security applications. • Multi-node DevStack cloud • 1 Controller node • 1 Network node • 2 Compute nodes • This cloud is hosting multiple web-server VM instances whose traffic will be monitored using TaaS. A special monitoring VM is also running in the cloud to receive mirrored traffic and carry out traffic analysis. • Three Linux desktop systems representing end-users interacting with the cloud.

  26. Next Steps 26

  27. Copyright © PLUMgrid, Inc. 2011-2016 Roadmap 27 - Policy Based Tap - Support external resources like behind L2 Gateway - Quota enforcement - QoS and TaaS integration - Enhance Tempest Testing - Rally Testing - Complete CI support

  28. Copyright © PLUMgrid, Inc. 2011-2016 • Project Launchpad https://launchpad.net/tap-as-a-service • Project Git Repository https://github.com/openstack/tap-as-a-service • Weekly IRC Meeting http://eavesdrop.openstack.org/#Tap_as_a_Service_Meeting • IRC #openstack-neutron @ Freenode Join TaaS! 28

  29. THANK YOU!