OpenStack and the Transformation of the Data Center - Lew Tucker

OpenStack and the Transformation
of the Data Center
Lew Tucker, VP/CTO Cloud Computing, Cisco
@lewtucker
OpenStack Summit – Atlanta, May 2014

2© 2014 Cisco and/or its affiliates. All rights reserved. Source: Cisco Visual Networking Index
2016 20202017
71% of
apps will
run on
virtual
machines
2/3 of all
mobile
traffic will
be video
50 billion
connected
devices
The Growth of the Internet Is Impacting All Aspects of IT
More data
created
this year
than in the
past 5000
2012
Mobile
Internet
of
Things
New
Breed
of Apps
Cloud

3© 2014 Cisco and/or its affiliates. All rights reserved.
IT World Becoming Increasingly Complex
Systems of
to
Systems of
- Geoffrey Moore
http://www.slideshare.net/rstrad1/moore-digitalimpact
Devices Collaboration
Software &
Apps
Network
IT Infrastructure &
Platform Services

Internet of Things to Internet of Everything
Smart Grid Smart Buildings Smart Factories SF City Parking
Spaces
(open source data)
Connecting, sensing, measuring, and controlling in real time improves
reliability, cost, and alignment of supply and demand

New Technologies Driving a Virtuous Cycle of Innovation
CLOUD
BIG DATA
INTERNET
OF THINGS
SDN
Volume
Velocity
Variety

Design It Code It Where
Can We
Put It?
Procure It Install It Configure
It
Secure It Push It
The Promise of Cloud Computing
From 8 Weeks to 15 Minutes
Continuous Deployment
… with Elastic Scaling

0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
06 07 08 09 10 11 12 13
Datacenter Spending (%) Over Time
Server Spending Standalone Servers - Mgnt & Admin
Virtual Servers - Mgnt & Admin Power & Cooling Expense
Source: IDC, 2011 “New Economic Model for the Datacenter”
• Operating expenses
represent over 80%
of data center spending
• OpEx increase driven by
server virtualization
• New models are needed
Management (OpEx) Expenses Growing

Source: Heavy Reading - Where Networks Meet IT
IT Administrators Face a Tidal Wave of Innovations
Network Functions
Virtualization (NVF)
OpenStack
Programmability
OpenFlow
Virtualization
SDN
Abstraction Orchestration
APIs
Cloudification
Data Centers
Network OS
X86
Hypervisor
Automation

And the Data Centers
keep Growing

OpenStack Heralds the Creation of a New Layer in Software
Stack That Spans the Entire Data Centers
Unified Compute, Storage, Networking Infrastructure - Physical + Virtual
OpenStack Network Service
OpenStack Compute Service OpenStack Storage Service
User App-1
User App-2
User
App-3
PaaS Service
User App-3

Salt
Puppet
Chef
Ansible
Git GerritJenkins
CI/CD
Software and Automation – Driving Speed and Agility

Software-Defined Networking – Overlay Networking
Leaf
Spine
Servers
VPNs/Public
Internet
Edge
Routers
Scale Out Core. .
. .
Virtual
Access
Layer
vSwitch
V
M
V
M
V
M
vSwitch
V
M
V
M
V
M

OpenStack Platform: Services and APIs
Nova
Compute
Heat
Orchestration
Glance
Image
Storage
Swift
Storage
Neutron
Networking
Keystone
Security
OpenStack Design Principle
Built as a set of loosely coupled, related
projects developing advanced cloud
services
• Each service driven by community
projects with contributions from many
companies
• Easier for innovation through addition of
new services
• Small number of core services
• Larger number of associated services

Meanwhile, a Revolution Was Happening in Networking…
OpenFlow
• Protocol which
would allow
software running
on servers to
direct the flow of
packets in a
network
• Separation of
control and data
planes
Server
Virtualization
• Created need
for virtual
switches on
each server
• Vmware, Cisco
Nexus
1000v, Open
vSwitch
Virtualized
Network
Services
• Firewall,
load-
balancing, VPN
• Network service
orchestration
Network
Controller
• Lots of activity
around creating
new SDN
controllers
• Open source
projects: Open
Daylight

Network Functions Virtualization (NFV) Provides
Dynamically Scalable Services
AT&T, BT, Orange, Telecom
Italia, Telefonica, Telstra, V
erizon…

OpenStack Networking Evolved
Nova Networking
• Simple, flat networking
• Contained within Nova service
• Difficult to accommodate rapid
changes happening in
networking
Neutron Networking
• Treat networking as a separate
service
• Designed to hide specific
vendor/technology implementation
choices from the developer’s APIs
and abstractions
• Being extended to include network
services and heterogeneous
environments

OpenStack Neutron Networking Service
Network Service (Neutron) API
Network Service
Network abstraction definition and management
No actual implementation of abstraction
Plugin API
API Extensions
Vendor Plug-Ins
Linux Bridge, Open vSwitch, Cisco, Big
Switch, Brocade, Cloudbase, Mellanoz, Midonet,
NEX, PLUMgrid, Ryu, Vmware NSX ….
Vendor/User Plug-In
Implementation of abstractions
Virtual or physical
Extended APIs

OpenStack Neutron ML2 Architecture
Neutron Server
DHCP Agent
L3 Agent
Message
Queue
REST API
Neutron Core
plugins
ML2
Cisco
(Nexus,N1Kv)
OVS
Morevendor
plugins
Type Drivers Mechanism Drivers
VLAN
GRE
VXLAN
CiscoNexus
OVS
OpenDayLight
APIC
Neutron Service
plugins
LoadBalancer
Firewall
VPN
HAProxy
IPTables
OpenSwan
• Core + Extension REST APIs
• Message queue for communicating with
neutron agents
• Core and service plugins
• Different vendor core plugins
• Different network technology support
• ML2 plugin with type and mechanism
drivers
• Service plugins with backend drivers
IPTables on
Network
Node
Core API
Network Port Subnet
Resource and Attribute Extension API
ProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS ….
L2 Agent
OVS on
Compute
Node
Southbound Interfaces
L3ServicesFutures
Morevendor
drivers

OpenStack Neutron ML2 Architecture
Neutron Server
REST API
Neutron Core pluginsML2
Cisco
(Nexus,N1Kv)
OVS
Morevendor
plugins
Type Drivers Mechanism Drivers
VLAN
GRE
VXLAN
CiscoNexus
OVS
OpenDayLight
APIC
Neutron Service
plugins
LoadBalancer
Firewall
VPN
HAProxy
IPTables
OpenSwan
• Core + Extension REST APIs
• Message queue for communicating with
neutron agents
• Core and service plugins
• Different vendor core plugins
• Different network technology support
• ML2 plugin with type and mechanism
drivers
• Service plugins with backend drivers
Core API
Network Port Subnet
Resource and Attribute Extension API
ProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS ….
Southbound Interfaces
L3ServicesFutures
Morevendor
drivers

Neutron Networking for Tenant Isolation
Networks
Tenant
Networks
Admin
Provider
Networks
VLAN
VXLAN
GRE
vSwitch
ToR/Fabric
vSwitch, ToR
vSwitch
Network Type Network Segmentation
Scheme for Tenant
Isolation
Device Implementing
Network Segmentation
Scheme
Direct Device
Configuration
Device Configuration
through Controller
Neutron Plugin/Driver

Neutron Networking for Layer 3 Services
Networks
Tenant
Networks
Admin
Provider
Networks
Linux Host
Service
VM’s
Provisioned
Externally
Network
Type
Device implementing
Advanced Service
Direct Device
Configuration
Device Configuration
through Controller
Neutron Plugin/Driver
vSwitch, To
R
Routers
Neutron
Resource

Neutron Cisco CSR1000v for Neutron VPN Service
VPN
VMs on
Compute
Nodes
CSR1Kv VM
Neutron Server
Neutron Service
Plugin (VPN)
Cisco VPN Service
Driver
VPN Agent
Cisco VPN Device
Driver
REST API
Benefits
• CSR1Kv secure VPN qualified solution
• Unlock rich CSR1Kv features into OpenStack
Router
10.1.0.4
10.1.0.1
172.24.4.11
VM
10.2.0.4
VM
Router
Network Network
10.2.0.1
172.24.4.21
CSR1Kv
172.24.4.23
10.2.0.6
Site to Site IPsec Tunnel
CSR1Kv
172.24.4.13
Private networkPrivate network
Public NetworkPublic Network
Site1 Site2

Server
Virtualization
Virtual
Switches
Storage
Virtualization
Network
Virtualization
Network Function
Virtualization
VMs and
Containers
Network
Controllers
Object Storage
Services
Block Storage
Services
OpenStack Platform for the New Data Center
OpenStack Cloud Platform Services
ApplicationsUser Apps System Apps
OrchestrationProvisioning Metering MonitoringIdentity

 System administration apps and services orchestrating the
infrastructure – YES
 User-facing applications?
 Is there an easier way to realize developer’s intent without becoming a
network administrator?
Do Applications Really Want to Program the Network?

Typical 3-Tier Application Design Pattern
Web Tier
Web Server
VM
Web Server
VM
Web Server
VM
Public
Internet
App Server
VM
App Server
VM
MemCache
VM
App-Server Tier
Database
VM
Database
VM
Database Tier
Want to connect web servers to public Internet, while blocking outside
access to application and database servers
Load Balance Across Web Servers Protect VMs with Security Group RulesCreate Networks, Routers

Developer’s Intent: Control Access, Direct Traffic
Web Tier
Web Svr
VM
Web Svr
VM
Web Svr
VM
Public
Internet
App Svr
VM
App Svr
VM
MemCache
VM
App Server Tier
DataBase
VM
DataBase
VM
Database Tier
Policy PolicyPolicy
Performance
Security
Scalability
Availability
Performance
Security
Scalability
Availability
Performance
Security
Scalability
Availability
Consistency, Repeatability

Group-based Policy Abstractions Developed by the Community
https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
Blueprint Contributors:
• Nuage, Juniper, IBM, Big Switch, One Convergence, Red Hat, Mirantis, Midokura, Cisco

28
EXTENDING OPENSTACK NEUTRON API’S
NEUTRON ROUTER
SECURITY
GROUP
NEUTRON NETWORK
Neutron API Group Policy API
NEUTRON
NETWORK
Port
Port
Tenant Tenant
Use Existing Neutron APIs with APIC and Cisco ACI
Contract
GROUP
SERVICE
CHAIN
GROUP
Group Policy introduces a new API that maps to the
ACI policy model

29
SEPARATING TENANT POLICIES FROM OPERATIONS
2
ACI Admin
(Manages Network
Operations and
Infrastructure)
L/B
EPG
APP
EPG DBF/W
L/B
EPG
WEB
Application Network Profile
Create Application Policy
3
5
ACI
Fabric
Push Policy
APIC
OpenStack
Tenant
(Manages Tenant
and Application
State only)
Instantiate VMs
Web WebWebWeb AppApp4
Create Application Network
Profile
1
DB DB
HYPERVISOR HYPERVISOR HYPERVISOR
NOVANEUTRON
Automatically Push
Network Profiles to
AFC
L/B
EPG
APP
EPG DBF/W
L/B
EPG
WEB
Application Network Profile
Application Policy
Infrastructure Controller

30
OPENSTACK + CISCO’S APPLICATION POLICY CONTROLLER
NEUTRON
ROUTER
SECURITY
GROUP
Web WebWebWeb AppApp DB DB
NEUTRON
NETWORK
APIC
Web WebWebWeb AppApp DB DB
Contract Contract Contract
DBAPPWEB
ADC
F/W
ADC
APIC
APIC
Plugin
APIC
Plugin
OVS Plugin
Neutron
Networking
APIC Plugin
Group Policy
Plugin
OVS Plugin
Neutron
Networking
APIC PLUGIN GROUP POLICY PLUGIN

31
https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
Thursday, May 15:
1:30 – 2:10
B309
IBM, Cisco, Midokura
Wednesday, May 14:
3:30-4:10
B309
KEY SESSIONS: NEUTRON NETWORKING IN AN
APPLICATION-CENTRIC WORLD

The Landscape has changed
 We’ve moved from mainframes with dumb terminals to
cloud-based apps, smart phones, and devices
 Cloud-native apps at scale span multiple availability
zones and geographies
 Any app, anywhere, any device
The Vanishing Data Center and the InterCloud

Multi-tenancy, dynamic provisioning, and elasticity is the new normal
 Applications are continuously deployed and released
 DevOps turns infrastructure into code

Data centers are becoming nodes in a larger, global graph
 Computing and distributed storage is moving to the edge
 How will this change the concepts of traditional networks?
 What is meant by a cloud when they themselves become part
of an Intercloud?

OpenStack and the Transformation of the Data Center - Lew Tucker

More Related Content

What's hot

Viewers also liked

Similar to OpenStack and the Transformation of the Data Center - Lew Tucker

More from Lew Tucker

Recently uploaded

OpenStack and the Transformation of the Data Center - Lew Tucker