Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Policy Driven Networking and Migration to Openstack by Scott Sneddon of Nuage Networks

953 views

Published on

Policy Driven Networking and Migration to Openstack by Scott Sneddon of Nuage Networks.

We were part of a killer Openstack Summit in Atlanta, GA in 2014. If you missed it or want to see the deck from Scott's presentation, check it out here. Thanks for your interest!


twitter: @ssneddon
twitter: @nuagenetworks
http://www.nuagenetworks.net
info at nuagenetworks dot net

Published in: Technology
  • Be the first to comment

Policy Driven Networking and Migration to Openstack by Scott Sneddon of Nuage Networks

  1. 1. Copyright 2013 Alcatel-Lucent. All rights reserved. Policy Driven Networking and Migration to Openstack Scott Sneddon @ssneddon @nuagenetworks
  2. 2. The “Consumption shift”  Cloud is changing the way technology is being consumed  From “order and wait”  To “instant gratification” Consumer expectations are shifting Multiple personas Single user On-demand personalized catalogue
  3. 3.  Compute is Virtualized  Available in Minutes  Network is Partially Virtualized  Configuration takes Days/Weeks Network Configuration Compute Management New Tenant / Application Request Auto-instantiation Compute Request completed in Minutes Help Desk Change Control IP Address VLAN Address Firewall Configuration LAN (VLAN) Configuration WAN (IP) Configuration Security / QA Team Project Coordinator Network Change completed in days/Weeks 00:01 Datacenter Network Service velocity is hindered by manual network process
  4. 4.  Network is “more” virtualized  Some things available in minutes – Some not so much  Many network elements are manually configured  Manual per-tenant network configurations Network Configuration Compute Management New Tenant / Application Request Auto-instantiation Compute Request completed in Minutes SDN Controller Some Network Change completed In Minutes 00:01 00:01 Software Defined Datacenter Network Service velocity accelerated, but…
  5. 5.  Committees still build “networks”  Audits/reviews  In a NaaS environment (AWS, etc) this is delegated to the tenant  Is this what your DevOps team should be doing? Network Configuration Software Defined Network Configuration We’ve only addressed part of the automation problem Security / QA Team VLAN Address IP Address WAN (IP) Configuration Firewall Configuration Network Configuration created in days/Weeks
  6. 6. Application = Web Application = SAP Application = Database Network Virtualization solutions… Group applications into “network sandboxes”
  7. 7. Policy approach to networking Policy Templates Users Application Types Business Rules Policy Evaluation Firewall Firewall W BLBL W Firewall W W Firewall Firewall W BLBL W Firewall Firewall W BLBL W BLBL Design once, re-use multiple times Application Networks Application- centric
  8. 8. How to expose network policy in Neutron? OpenStack Group Based Policy Abstractions for Neutron https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction • An Application-centric approach to networking • Moving away from traditional network constructs • ports, subnets, routers, etc • Aiming for a highly abstracted interface for application developers to • express desired connectivity of application components • and express high-level policies governing that connectivity • Without imposing constraints on the underlying implementation
  9. 9. What is a Neutron network Policy? OpenStack Group Based Policy Abstractions for Neutron https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction Outside EPG Web EPG App EPG DB EPG VM VM VM VM VM VM VM VM Web Contract App Contract App Contract Public Network Private Networks
  10. 10. Openstack Network Policy becomes more sophisticated  Nuage has provided policy abstractions for virtual and physical networks since first release  ACLs, QoS classification and enforcement  Difficult to express using existing Neutron constructs…  Which is why we’re contributing to Group Based Policy Cleanly express application policy in Neutron
  11. 11. Cloud Service Management Plane Datacenter Control Plane Datacenter Data Plane Virtual Routing & Switching Nuage Networks Virtual Services Platform Network virtualization and automation Virtualized Services Directory Virtualized Services Controller HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR HYPERVISOR Brooklyn Datacenter - Zone 1 Virtualized Services Directory (VSD) • Network Policy Engine – abstracts complexity • Service templates and analytics Virtualized Services Controller (VSC) • SDN Controller, programs the network • Rich routing feature set Virtual Routing & Switching (VRS) • Distributed switch / router – L2-4 rules • Integration of bare metal assets Nuage Networks Virtualized Services Platform (VSP) IP Fabric Edge Router MP-BGPMP-BGP Hardware GW for Bare Metal
  12. 12. DATACENTER NETWORK . . . . Any Compute Virtualization Environment Any Datacenter Networking Hardware Any Server or Hypervisor Open solution Consistent capabilities across
  13. 13. Seamless interconnect between clouds  Distributed L2 and L3 routing to each hypervisor  Within clouds and across clouds  No choke points  Shared L2 and L3 networks across DCs  KVM, LXC, Xen, ESXi  Openstack, Cloudstack Hypervisor Hypervisor Legacy DC Hypervisor Hypervisor Hypervisor Private Cloud Hypervisor Public Cloud IP Fabric (DC & WAN) Virtualized Services Directory Network, Security Admin Application developers XaaS App/Dev Container App/Dev Container App/Dev Container
  14. 14. Simplified migration to Openstack Using a hypervisor-agnostic network platform  How to migrate apps to Openstack when they have network dependencies?  How to migrate while maintaining IP addresses?  How to migrate individual hosts within an application?  Physical to Virtual?  Virtual to Virtual? . . . . ???
  15. 15. Demo…
  16. 16. Conclusions • Creation of distributed virtual switches and virtual routers - great for virtual networks and better than old models, but … • Creates a distributed virtual configuration and management challenge • Provisioning and management of these endpoints can not be done with traditional methodology • Policy abstraction is a proven framework • Successfully shipping since May 2013
  17. 17. For more information… • Nuage Networks Virtualized Services Platform • http://www.nuagenetworks.net/solutions/ • OpenStack Neutron Group Based Policy Abstraction • https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction • OpenDaylight Application Policy Plugin • https://wiki.opendaylight.org/view/Project_Proposals:Application_Policy_Plugin
  18. 18. 18 5/20/2014 Network Policy NOW @nuagenetworks @ssneddon

×