1. What’s new with RHOSP10 (Newton) for
NFV
Sandro Mazziotta
NFV Director, Product Management
October 23rd 2016
2. 2
Agenda
Click to add subtitle
● Quick Intro of the solution
● What’s new
● What’s next
INSERT DESIGNATOR, IF NEEDED
3. NFV MANAGEMENT AND ORCHESTRATION (MANO)
ELEMENT MANAGEMENT SYSTEMS (EMS)
OPERATIONS/BUSINESS SUPPORT SYSTEMS (OSS/BSS)
TOOLS AND RUNTIME FOR OSS/BSS INTEGRATION
+
VALIDATED VNF1 CERTIFIED VNF2
CONTAINER3
VNF VNF
OTHER VNF
DPDK4
VNF app
NETWORK FUNCTIONS VIRTUALIZATION INFRASTRUCTURE (NFVI)
NETWORK
Instance HA
SR-IOV6
EPA5 features
CERTIFIED OPENSTACK
PLUGINS4
CERTIFIED HARDWARE
Compute Storage Network
+DPDK
Open vSwitch
(OVS)
SFC7
OpenDaylight
COMPUTE
Real-time
KVM
STORAGE
• Software-defined
networking (SDN)
• Software-defined
storage (SDS)
NFV MANAGEMENT AND
ORCHESTRATION (MANO)
SYSTEMS ADMINISTRATION, AUTOMATION
AND LIFE-CYCLE MANAGEMENT
+
VIRTUAL NETWORK
FUNCTION (VNF)
MANAGER(S)
VIRTUALIZED
INFRASTRUCTURE
MANAGER(S) or VIMs
NFV
ORCHESTRATOR
ENHANCED OPERATIONS AND
HYBRID CLOUD MANAGEMENT
KEY
Red Hat
component
Optional Red
Hat component
Red Hat partner
component8
Other vendor
component
RED
HAT
NFV
PLATFORM
AND
PARTNER
ECOSYSTEM
1 Validated VNFs run on operating systems other than Red Hat
rprise Linux.
2 Certified VNFs are tested, verified, and supported on Red Hat
rprise Linux.
5 Enhanced platform awareness delivers performance improvements through CPU pinning,
memory hugepages, and
non-uniform memory access (NUMA) affinity.
6 Single-root input/output virtualization.
7 Service function chaining with OpenDaylight is in Technology Preview.
5. 5
NFV “OEM” partners + NFV Certified partners
Red Hat
NFV Solution
+ Red Hat Openstack
Certified partners
6. Value of NFV Certification
• NFV Certification is a program we launched late 2015 (Openstack Summit @ Tokyo)
• It is about
– Supportability
– Given Confidence to Customers that an integration with a partner will be supported in
production
• Tools are certification tests, review
• Deliverables are
– Joint testing activity
– Joint Support Flow
7. 7
Agenda
Click to add subtitle
● Quick Intro of the solution
● What’s new
● What’s next
INSERT DESIGNATOR, IF NEEDED
8. 8
SR-IOV & OVS-DPDK Full Support
● Today, configuring SR-IOV or OVS-DPDK (OVS 2.5, DPDK2.2) based NFV platform with
appropriate EPA parameters (CPU pinning, NUMA awareness, huge page allocation, ...)
requires a lot of manual steps
● OSP-d will properly configures the compute nodes in order to enforce resources partitioning
and fine tuning to achieve line rate performance for the guest VNFs
○ CPU pinning
○ Huge pages
○ NUMA topology
○ Host isolation
○ ...
9. 9
● SR-IOV PF Ports Support:
○ Today, a compute node can not allocate an exclusive access to a NIC and request a PF
port
○ With this feature, the same NIC can be used either by multiples VMs (VNFs) using SR-
IOV VF or by a single/exclusive one (SR-IOV PF)
● Nova Device Role Tagging:
○ Today, when there are several NICs (or HD), a VM has no way to know which NIC is
the “management” one and which one is the “data” one.
○ This feature permits to assign a label per peripheral
○ The mapping peripheral-> label is injected in the VM during its boot via cloud init.
SR-IOV PF Ports Support & Nova Device Role
Tagging
10. 1
0
● Today, some NFV workload (vCPE, VRAN) need to be deployed at the edge of Service
Providers networks on top of limited Hardware footprint.
● Instead of having separate compute and storage nodes, this feature is enabling OSP-d to
configure physical nodes running both compute and storage services. This will limit the
minimum required Hardware to run a small openstack.
● To maximize performance and prevent side effect, we leverage resource fencing techniques like
CPU pinning.
Hyper Converged Infrastructure
TECH PREVIEW
11. 1
1
● In a traditional network, a trunk is a type of interface that carries multiple VLANs, as defined by the 802.1Q
standard
● Certain types of virtual machines and Virtual Network Functions (VNFs) require the ability to pass VLAN
tagged traffic over one interface
● Creating a trunk for use by a virtual machine involves creating a single parent port and one or more sub-ports.
All of the ports and respective networks will be available to the instance. Rather than being connected as
separate virtual interfaces, however, the instance will be able to tag traffic on a single interface
● Neutron is aware of the topology and can dynamically assign IP addresses for the sub-ports using DHCP
VLAN aware VMs
TECH PREVIEW
12. 1
2
● OpenDaylight
○ Based on upstream OpenDaylight Boron release and featuring a new NetVirt architecture
○ OSP-D integration
● RT-KVM
○ Today, Virtual RAN or 5G NFV workloads requires low latency to prevent service
disruption
○ With Real time KVM integration, we can achieve an average low predictable latency
○ This feature requires RHEL for Real Time
Still in Tech Preview
13. 1
3
Agenda
Click to add subtitle
● Quick Intro of the solution
● What’s new
● What’s next
INSERT DESIGNATOR, IF NEEDED
14. RHEL OS:
DPDK (Guest)
Fast Data Path
Containers
SDK
RH CloudForm:
Hybrid Mgmt
Operational Mgmt Orchestration
RHEL, RHOSP:
Numa Awareness, EPA
CPU Pinning, Huge Pages...
OVS-DPDK (Host)
SR-IOV
Service Function Chaining, Security,
Distributed NFV
Reliability, Availability, Serviceability,
VPP(FD.io)
ARM
VNF
NFVI
MANO
Today Tomorrow Future
NFV Solution direction
16. Tools for the NFV Operation
Operational Tools:
• RHOSP10 ships with Log Mgmt and Availability Mgmt
• Ceilometer
• Fast Fault Detection/Fast Failover
• Multi-Site deployment, DR
18. Visible
Invisible
Genesis Custom Product Commodity
(userneed)
EVOLUTION
Compliance
Awareness
Technical Controls
Resolution
Automated
Remediation
Remediation Content
(STIGS, OVAL,
XCCDF)
RHEL
Remediation
Content
Customer
wants
Application &
Interface Security
Change Control &
Config Mgmt
Encryption
& Key Mgmt
Governance
& Risk
Mgmt
Interoperability &
Portability
Identity & Access
Management
Infra & Virt
Security
CloudForms
RH SSO
OpenSCAP
Profiles
Threat and Vuln.
Mgmt
director
Documented
Controls Resolution
Field Input
Security Best
Practices Guide
OpenStack Platform
- Barbican
Security Enhanced
RH OpenStack
- - Denotes control groups from the CSA CCM
Software Vuln.
Management
(See Mark’s Map)
Configuration
Remediation
19. Tools for the VNF ISV
• VNF SDK
– Building a “PaaS” like SDK to design or re-design the VNF
• VNF Onboarding
– Using Red Hat CloudForm & Red Hat Ansible, Proof of Concept of Multi-VIM
(RHOSP, Containers, …) for vIMS, vCPE