1) The document discusses the importance of Quantum, OpenStack's networking component, in enabling network services and advanced networking capabilities for cloud deployments. 2) Quantum provides abstractions for virtual networks, ports, subnets and routers that support multi-tenancy and isolation across different networking technologies and vendors. 3) Quantum uses plugins and extensions to interface with different networking backends, and the Cisco plugin interfaces with Cisco devices and managers to configure Cisco networking infrastructure.

1. Kyle Mestery
Technical Leader, Office of the Cloud CTO
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

2. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

3. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

4. • Advantages of cloud computing
On-demand virtualized resources, self-service, lower cost
Resources managed by others
• Ability to create your own isolated private networks
• Extensible
• Challenge!!
Easy-to-use
Minus the complexity of the traditional data center Quantum
Should work with different networking infrastructure Network Service
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

5. • Compute service (EC2): virtual machines
App Svr
• Specify vCPU, Memory, Disk OS
• Launch instance (image, mem_size, disk) VM
• Suspend, clone, migrate
• Storage service (S3, EBS): virtual disks
• Specify storage amount, access rights
• Store object
• Create/attach block
• What to do about networks?
Simplistic implementation
Embedded in the compute component
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

6. 2011 Design Summit
- community-driven merger of proposals
… more
NetworkService NaaS Core Design
NetworkServicePOC NetworkContainers
Citrix/Rackspace/Nicira Intel
NTT/Midokura Cisco
Quantum
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

7. • Compute service (EC2): virtual machines
App Svr
• Launch instance (image, mem_size, disk) OS
• Suspend, clone, migrate VM
• Storage service (S3, EBS): virtual disks
• Store object
• Create/attach block
• Network service (Quantum): virtual networks App Svr
OS
App Svr
OS
• Create/delete private network VM VM
• Attach VM to network resource
• Create subnets and routers
• Work with different networking environments
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8. Quantum Virtual Network Service:
A first class citizen in cloud computing
Portal
(Horizon)
Applications Other
Services
Cloud Platform - Developer API
Compute Storage Network Identity
(Keystone)
(Nova) (Swift) (Quantum)
Servers Disks Networks Images
(Glance)
Folsom Release
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

9. Quantum Abstractions
 Virtual Networks:
 A basic dedicated L2 network segment
 Common realization is a VLAN
 Virtual Ports:
 Attachment point for devices connecting to virtual networks.
 Ports expose configuration and monitoring state via extensions (e.g., ACLs, QoS policies, Packet
Statistics)
 Subnets:
 An IPAM construct to store CIDR
 Also allows to set the Gateway IP and host routes
 Virtual Routers
 Per tenant routers
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

10. Quantum Plugins & Extensions
 Plugin:
 Realization of the Quantum abstractions
 Supports different back-end technologies and vendors
 One plugin per Quantum deployment (there could be sub-plugins managed by
the main plugin)
 Examples: Linux Bridge Plugin, OVS Plugin, Cisco (Nexus)
 Extensions:
 API Extensibility for new or back-end specific features
 Example: Port-profiles, quality-of-service, etc.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

11. Quantum Plug-in Architecture
Quantum Service API API Extensions
Quantum API & Extensions Framework
Quantum Plug-in Framework
Cisco Network Plugin
Cisco Device Managers
Cisco Compute & Networking Infra
• Switching portfolio (Nexus 1k/3k/5k/7k)
• Unified Computing System
• Routing portfolio (e.g. ASR, CRS)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

12. Plugins and Drivers in the Cisco Plugin
 Plugin:
 A plugin registers to handle all Quantum API calls (e.g., all network/port calls)
 Plugins may make decisions that are technology, but not device-specific
(e.g., mapping quantum network ‘HR’ to VLAN 100)
 There needs to be a master entity making/resolving decisions in a
deployment, that entity is the plugin
 Drivers:
 The plugin may use drivers to communicate the results of this decision to
different devices (e.g., it may configure the VLAN on a port on a virtual switch
port, and also tell the upstream physical switch to trunk that VLAN)
 Configurable components which can be shared/reused
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

13. Extending Quantum to support L3 Constructs
 Routing within the Further evolve Quantum to be a multi-tenant network service for
creating virtual data centers (application specific topologies + network
tenant (support multi- services)
tier topologies)
 Overlapping IP
addresses
 Support gateways –
Internet, VPN
 Support other L3
services –
LB, Firewall, Caching,
etc.
 Hybrid Cloud (Public +
Private)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

14. Why is Quantum important to
OpenStack?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

15. Current Infrastructure-as-a-Service has Challenges
Developer API
• Only provides basic Network
Connectivity.
Compute Storage • Difficult to create N-tier apps.
Service Services
User and
System • Limited ability for applications to
(VMs, Memory, (Block, Massive
Local Disk) Key-value Admin take advantage of network
store) services.
Servers Disks Accounts
Basic Network Connectivity
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

16. Network Services Enable Developer Solutions
Developer API
Network APIs
Compute Storage
Network
Service Services
Services
User and
(VMs, Memory, (Block, Massive System Admin
(Subnets, Network
Local Disk) Key-value store)
Svcs, Security)
Virtual
Servers Networks Disks
Network Connectivity
 Create-network(“L2”)
 Attach-vm-to-network(vnet-a)
 Attach-service-to-network(vnet-b)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

17. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

18. Quantum Server Quantum L2
and Plugin Agent
Quantum L2
Agent
Quantum L2
Nova Nova Compute
Agent
Nova Compute
… Nova Compute
ethX
Control Node Compute Node
Control Node
Quantum L2 ethX
Quantum L2 Control Node
Agent
Quantum L2
Agent
AgentQuantum L3
Quantum L3
Agent ethX
Quantum L3
Agent
Quantum DHCP
Agent
br-ex QuantumAgent
DHCP External Network
Quantum Agent
DHCP
Agent
Management Network
Network Node
Network Node Data Network
Network Node
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

19. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

20. VM1 VM1 VM1
Linux Bridge Linux Bridge Linux Bridge Security Groups rules applied here
VLANs used for isolation amongst
br-int tenants here
GRE Keys used to isolate tenant traffic
br-tun in the tunnel
Tenant A Network
bond0 Tenant B Network
eth0 eth1 eth2 Management Network
Data Network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20