Post on 06-May-2015
description
OpenStack and the Transformation of the Data Center
Lew Tucker, VP/CTO Cloud Computing, Cisco @lewtucker
OpenStack Summit – Atlanta, May 2014
2© 2014 Cisco and/or its affiliates. All rights reserved. Source: Cisco Visual Networking Index
2016 20202017
71% of apps will run on virtual
machines
2/3 of all mobile
traffic will be video
50 billion connected devices
The Growth of the Internet Is Impacting All Aspects of IT
More data created this year than in the past
50002012
Mobile
Internetof
Things
New Breed of Apps
Cloud
3© 2014 Cisco and/or its affiliates. All rights reserved.
IT World Becoming Increasingly Complex
Systems of
Record to
Systems of
Engagement
- Geoffrey Moore
http://www.slideshare.net/rstrad1/moore-digitalimpact
Devices Collaboration
Software & Apps
NetworkIT Infrastructure
& Platform Services
4© 2014 Cisco and/or its affiliates. All rights reserved.
Internet of Things to Internet of Everything
Smart Grid Smart Buildings
Smart Factories
SF City ParkingSpaces
(open source data)
Connecting, sensing, measuring, and controlling in real time improves reliability, cost, and alignment of supply and demand
5© 2014 Cisco and/or its affiliates. All rights reserved.
New Technologies Driving a Virtuous Cycle of Innovation
CLOUD
BIG DATA
INTERNET OF THINGS
SDN
Volume Velocity Variety
6© 2014 Cisco and/or its affiliates. All rights reserved.
Design It
Code It Where Can We Put It?
Procure It Install It Configure It
Secure It
Push It
The Promise of Cloud ComputingFrom 8 Weeks to 15 Minutes
Continuous Deployment
… with Elastic Scaling
7© 2014 Cisco and/or its affiliates. All rights reserved.
06 07 08 09 10 11 12 130%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%Datacenter Spending (%) Over Time
Server Spending Standalone Servers - Mgnt & AdminVirtual Servers - Mgnt & Admin Power & Cooling Expense
Source: IDC, 2011 “New Economic Model for the Datacenter”
• Operating expenses represent over 80% of data center spending
• OpEx increase driven by server virtualization
• New models are needed
Management (OpEx) Expenses Growing
8© 2014 Cisco and/or its affiliates. All rights reserved. Source: Heavy Reading - Where Networks Meet IT
IT Administrators Face a Tidal Wave of Innovations
Network Functions Virtualization
(NVF)
OpenStack
Programmability
OpenFlow
Virtualization
SDN
Abstraction Orchestration
APIs
Cloudification
Data Centers
Network OS
X86
Hypervisor
Automation
And the Data Centerskeep Growing
10© 2014 Cisco and/or its affiliates. All rights reserved.
OpenStack Heralds the Creation of a New Layer in Software Stack That Spans the Entire Data Centers
Unified Compute, Storage, Networking Infrastructure - Physical + Virtual
OpenStack Network Service
OpenStack Compute Service OpenStack Storage Service
User App-1
User App-2
UserApp-3
PaaS Service
User App-3
11© 2014 Cisco and/or its affiliates. All rights reserved.
Salt
Puppet
Chef
Ansible
Git GerritJenkins
CI/CD
Software and Automation – Driving Speed and Agility
12© 2014 Cisco and/or its affiliates. All rights reserved.
Software-Defined Networking – Overlay Networking
Leaf
Spine
Servers
VPNs/Public Internet
Edge Routers
Scale Out Core
. .. .
Virtual Access Layer
vSwitch
VM
VM
VM
vSwitch
VM
VM
VM
13© 2014 Cisco and/or its affiliates. All rights reserved.
OpenStack Platform: Services and APIs
NovaCompute
HeatOrchestration
Glance Image
Storage
SwiftStorage
NeutronNetworking
KeystoneSecurity
OpenStack Design PrincipleBuilt as a set of loosely coupled, related projects developing advanced cloud services
• Each service driven by community projects with contributions from many companies
• Easier for innovation through addition of new services
• Small number of core services
• Larger number of associated services
Meanwhile, a Revolution Was Happening in Networking…
OpenFlow
• Protocol which would allow software running on servers to direct the flow of packets in a network
• Separation of control and data planes
ServerVirtualization
• Created need
for virtual switches on each server
• Vmware, Cisco Nexus 1000v, Open vSwitch
VirtualizedNetworkServices
• Firewall, load-balancing, VPN
• Network service orchestration
NetworkController
• Lots of activity around creating new SDN controllers
• Open source projects: Open Daylight
15© 2014 Cisco and/or its affiliates. All rights reserved.
Network Functions Virtualization (NFV) Provides Dynamically Scalable Services
AT&T, BT, Orange, Telecom Italia, Telefonica, Telstra, Verizon…
16© 2014 Cisco and/or its affiliates. All rights reserved.
OpenStack Networking Evolved
Nova Networking
• Simple, flat networking• Contained within Nova
service• Difficult to accommodate
rapid changes happening in networking
Neutron Networking
• Treat networking as a separate service
• Designed to hide specific vendor/technology implementation choices from the developer’s APIs and abstractions
• Being extended to include network services and heterogeneous environments
17© 2014 Cisco and/or its affiliates. All rights reserved.
OpenStack Neutron Networking Service
Network Service (Neutron) API
Network ServiceNetwork abstraction definition and management
No actual implementation of abstraction
Plugin API
API Extensions
Vendor Plug-InsLinux Bridge, Open vSwitch, Cisco, Big Switch, Brocade, Cloudbase, Mellanoz, Midonet, NEX, PLUMgrid, Ryu, Vmware NSX ….
Vendor/User Plug-In
Implementation of abstractions
Virtual or physical
Extended APIs
OpenStack Neutron ML2 Architecture
Neutron Server
DHCP Agent
L3 Agent
Message Queue
REST API
Neutron Core plugins
ML2
Cis
co (
Nexu
s,
N1
Kv)
OV
S
More
ven
dor
plu
gin
s
Type Drivers Mechanism Drivers
VLA
N
GR
E
VX
LA
N
Cis
co N
exu
s
OV
S
Op
en
DayLi
gh
t
APIC
Neutron Service plugins
Load
B
ala
nce
r
Fire
wall
VPN
HA
Pro
xy
IPTa
ble
s
Op
en
Sw
an
• Core + Extension REST APIs
• Message queue for communicating with neutron agents
• Core and service plugins
• Different vendor core plugins
• Different network technology support
• ML2 plugin with type and mechanism drivers
• Service plugins with backend drivers
IPTables on
Network Node
Core APINetwork Port Subnet
Resource and Attribute Extension APIProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS ….
L2 Agent
OVS on Compute
Node
Southbound Interfaces
L3 S
erv
ices
Futures
More
ven
dor
dri
vers
OpenStack Neutron ML2 Architecture
Neutron Server
REST API
Neutron Core plugins
ML2
Cis
co (
Nexu
s,
N1
Kv)
OV
S
More
ven
dor
plu
gin
s
Type Drivers
Mechanism Drivers
VLA
N
GR
E
VX
LA
N
Cis
co N
exu
s
OV
S
Op
en
DayLi
gh
t
APIC
Neutron Service plugins
Load
B
ala
nce
r
Fire
wall
VPN
HA
Pro
xy
IPTa
ble
s
Op
en
Sw
an
• Core + Extension REST APIs
• Message queue for communicating with neutron agents
• Core and service plugins
• Different vendor core plugins
• Different network technology support
• ML2 plugin with type and mechanism drivers
• Service plugins with backend drivers
Core APINetwork Port Subnet
Resource and Attribute Extension APIProviderNetwork PortBinding Router Quotas SecurityGroups AgentScheduler LBaaS FWaaS VPNaaS ….
Southbound Interfaces
L3 S
erv
ices
Futures
More
ven
dor
dri
vers
20© 2014 Cisco and/or its affiliates. All rights reserved.
Neutron Networking for Tenant Isolation
Networks
Tenant Networks
Admin Provider Networks
VLAN
VXLAN
GRE
vSwitch
ToR/Fabric
vSwitch, ToR
vSwitch
Network Type Network Segmentation Scheme for Tenant Isolation
Device Implementing Network Segmentation Scheme
Direct Device Configuration
Device Configuration
through Controller
Neutron Plugin/Driver
21© 2014 Cisco and/or its affiliates. All rights reserved.
Neutron Networking for Layer 3 Services
Networks
Tenant Networks
Admin Provider Networks
Linux Host
Service VM’s
Provisioned
Externally
Network Type
Device implementing Advanced Service
Direct Device Configuration
Device Configuration
through Controller
Neutron Plugin/Driver
vSwitch, ToR
Routers
Neutron Resource
22© 2014 Cisco and/or its affiliates. All rights reserved.
Neutron Cisco CSR1000v for Neutron VPN Service
VPN
VMs on Compute
Nodes
CSR1Kv VM
Neutron Server
Neutron Service Plugin (VPN)
Cisco VPN Service Driver
VPN Agent
Cisco VPN Device Driver
REST API
Benefits
• CSR1Kv secure VPN qualified solution
• Unlock rich CSR1Kv features into OpenStack
Router
10.1.0.4
10.1.0.1
172.24.4.11
VM
10.2.0.4
VM
Router
Network
Network
10.2.0.1
172.24.4.21
CSR1Kv
172.24.4.23
10.2.0.6
Site to Site IPsec Tunnel
CSR1Kv
172.24.4.13
Private networkPrivate network
Public NetworkPublic Network
Site1 Site2
23© 2014 Cisco and/or its affiliates. All rights reserved.
Server Virtualization
Virtual Switches
Storage Virtualization
NetworkVirtualization
Network Function
Virtualization
VMs and Containers
Network Controllers
Object Storage Services
Block Storage Services
OpenStack Platform for the New Data Center
OpenStack Cloud Platform Services
ApplicationsUser Apps System Apps
Orchestration
Provisioning Metering MonitoringIdentity
24© 2014 Cisco and/or its affiliates. All rights reserved.
System administration apps and services orchestrating the infrastructure – YES
User-facing applications?
Is there an easier way to realize developer’s intent without becoming a network administrator?
Do Applications Really Want to Program the Network?
25© 2014 Cisco and/or its affiliates. All rights reserved.
Typical 3-Tier Application Design Pattern
Web Tier
Web ServerVM
Web ServerVM
Web ServerVM
PublicInternet
App ServerVM
App ServerVM
MemCacheVM
App-Server Tier
DatabaseVM
DatabaseVM
Database Tier
Want to connect web servers to public Internet, while blocking outside access to application and database servers
Load Balance Across Web Servers Protect VMs with Security Group Rules
Create Networks, Routers
26© 2014 Cisco and/or its affiliates. All rights reserved.
Developer’s Intent: Control Access, Direct Traffic
Web Tier
Web SvrVM
Web SvrVM
Web SvrVM
PublicInternet
App SvrVM
App SvrVM
MemCacheVM
App Server Tier
DataBaseVM
DataBaseVM
Database Tier
Policy PolicyPolicy
PerformanceSecurityScalabilityAvailability
PerformanceSecurityScalabilityAvailability
PerformanceSecurityScalabilityAvailability
Consistency, Repeatability
27© 2014 Cisco and/or its affiliates. All rights reserved.
Group-based Policy Abstractions Developed by the Community
https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
Blueprint Contributors:• Nuage, Juniper, IBM, Big Switch, One Convergence, Red Hat, Mirantis, Midokura,
Cisco
28
EXTENDING OPENSTACK NEUTRON API’S
NEUTRON ROUTER
SECURITY GROUP
NEUTRON NETWORK
Neutron API Group Policy API
NEU
TRO
N
NET
WO
RK
Port
Port
Tenant Tenant
Use Existing Neutron APIs with APIC and Cisco ACI
Contract
GROUP
SERVICE CHAIN
GROUP
Group Policy introduces a new API that maps to the ACI policy model
29
SEPARATING TENANT POLICIES FROM OPERATIONS
2
ACI Admin(Manages Network
Operations and Infrastructure)
L/B
EPG APP
EPG DBF/WL/B
EPG WEB
Application Network Profile
Create Application Policy
3
5 ACI Fabric
Push Policy
APIC
OpenStack Tenant
(Manages Tenant and Application
State only)
Instantiate VMs
Web WebWebWeb AppApp4
Create Application Network Profile
1
DB DB
HYPERVISOR HYPERVISOR HYPERVISOR
NOVANEUTRON
Automatically Push Network Profiles to AFC
L/B
EPG APP
EPG DBF/WL/B
EPG WEB
Application Network Profile
Application Policy Infrastructure Controller
30
OPENSTACK + CISCO’S APPLICATION POLICY CONTROLLER
NEUTRON ROUTER
SECURITY GROUP
Web WebWebWeb AppApp DB DB
HYPERVISOR HYPERVISOR HYPERVISOR
NEUTRON NETWORK
APIC
Web WebWebWeb AppApp DB DB
HYPERVISOR HYPERVISOR HYPERVISOR
Contract Contract Contract
DBAPPWEBADC
F/WADC
APIC
APIC PluginAPIC Plugin OVS Plugin
NeutronNetworking
APIC PluginGroup Policy
Plugin OVS Plugin
NeutronNetworking
APIC PLUGIN GROUP POLICY PLUGIN
31
https://blueprints.launchpad.net/neutron/+spec/group-based-policy-abstraction
Thursday, May 15: 1:30 – 2:10
B309IBM, Cisco,
Midokura
Wednesday, May 14:3:30-4:10B309
KEY SESSIONS: NEUTRON NETWORKING IN AN APPLICATION-CENTRIC WORLD
32© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Closing Thoughts
33© 2014 Cisco and/or its affiliates. All rights reserved.
The Landscape has changed
We’ve moved from mainframes with dumb terminals to cloud-based apps, smart phones, and devices
Cloud-native apps at scale span multiple availability zones and geographies
Any app, anywhere, any device
The Vanishing Data Center and the InterCloud
34© 2014 Cisco and/or its affiliates. All rights reserved.
Multi-tenancy, dynamic provisioning, and elasticity is the new normal
Applications are continuously deployed and released
DevOps turns infrastructure into code
The Vanishing Data Center and the InterCloud
35© 2014 Cisco and/or its affiliates. All rights reserved.
Data centers are becoming nodes in a larger, global graph
Computing and distributed storage is moving to the edge
How will this change the concepts of traditional networks?
What is meant by a cloud when they themselves become part of an Intercloud?
The Vanishing Data Center and the InterCloud
Thank you.