Post on 31-Mar-2018
OPENSTACK Deployment in the Enterprise
BRKDCT-2367
Miguel Barajas – Senior Solution Architect CITT CoE LATAM
Luis Rueda – Senior Technical Leader CITT CoE LATAM
© 2014 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Agenda
• Introduction
• Cisco Domain Ten
• Introduction to OpenStack
• OpenStack Deployment in the Enterprise
• Use Cases and Study Cases
• Cisco Products Integration
• DEMO TIME!!!
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
Cisco Domain Ten® Framework
Customer Interface
4
Organization • Governance • Process 10
Security • Compliance 9
SaaS
Applications 8
PaaS
Platform 7
IaaS
Abstraction • Virtualization 2
Compute Storage Network
Infrastructure • Environmentals 1
Autom
ation • Orchestration
3
Service Catalog
5
6 Financials
Existing S
ystem Integrations
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
What is OpenStack?
• OpenStack Fundation
“ OpenStack aims to produce the ubiquitous Open Source Cloud Computing platform that will meet the needs of public and private clouds regardless of size, by being simple to implement and massively scalable.”
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
What is OpenStack?
• Wikipedia
“ OpenStack is a cloud computing project aimed at providing an infrastructure as a service (IaaS).”
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
OpenStack High Level Diagram
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
OpenStack Capabilities (JUNO)
• Compute (Nova)
• Networking (Neutron)
• Object Storage (Swift)
• Block Storage (Cinder)
• Identity (Keystone)
Current Programs/Projects
• Image Service (Glance)
• Dashboard (Horizon)
• Telemetry (Ceilometer)
• Orchestration (Heat)
• DBaaS (Trove)
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
OpenStack Capabilities
• Bare Metal Provisioning (Ironic)
• Queue Service (Marconi)
• Data Processing (Sahara)
Future Programs/Projects
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
OpenStack Architecture
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
OpenStack @ Cisco
Community
– Cisco is the 6th Mayor Contributor to OpenStack Code
– Code Contributions and bluprints across Core Services
– Networking Model, Comopute Service and Dasboard, HA, Scheduling
– OpenStack Funtation Board Member
Customers
– Private (demo) and Public – Extend cloud model for
rapid provisioning of network services, bare-metal, intelligent workload placement
– Drive innovation through real-world use cases
Engineering
– Automation (Puppet) and Architecture (HA) for production deployment and operational Support
– Neutron/Nova Plug-ins for Cisco Product lines • UCS, Nexus, CSR1000v
– Scalable Neworking services • FWaaS, LBaaS, VPNaaS
http://www.cisco.com/web/solutions/openstack/index.html
OpenStack Deployment in The Enterprise
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
Use Cases
• Test and Dev
• High Scalable Applications
• Multi Vendor / Multi Hypervisor environment
• A lot of Development groups
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
Why Deploy OpenStack in my Company
• Easy and fast to Deploy
• It can be integrated with the current infrastructure
• Start Small, Scale Up and Out
• NO VENDOR LOCK IN!
• Open Source Project
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
What Really Changes in my Data Center/Internet Edge? • OpenStack components live South
of the Top-of-Rack switch
• Your existing DC, Internet Edge and BN architecture stays the same
• It’s about the compute, storage and orchestration/management tiers
• Even your apps go largely unchanged
Ser
vice
s
Access Layer
Agg Layer
Core Layer
UC
S C
-Ser
ies
UC
S B
-Series
Enterprise/ Internet
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
OpenStack Nodes/Roles • Example on UCS C-
series
• Active/Active controllers
• HAProxy/Keepalived or HW SLB for Swift Proxy Nodes
• Object and block storage – Images, app data – Persistent storage
• Support nodes (Ctrl/Proxy also) often run as VMs or can be baremetal
A/A Controller
Nodes Compute Nodes
Swift Proxy Nodes
Swift Object Storage Nodes
*Support Nodes -Puppet Master -Cobbler -DNS -HAProxy/ Keepalived
Cinder Block Storage Nodes
DC Access Layer
To DC Agg Layer
*Can run as VMs
PM/Cobbler OS VM
HAProxy OS VM
Controller-1 OS VM
Controller-2 OS VM
Proxy-1 OS VM
Proxy-2 OS VM
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
To Automate or Not and How Much to Automate • Manually deploy it all? Automate only the OpenStack setup? Automate OpenStack +
Apps?
• Single Shot – Manually setup everything (the best way to learn OpenStack): – http://docwiki.cisco.com/wiki/OpenStack_Havana_Release:_High-
Availability_Manual_Deployment_Guide
• Semi-Automatic – Use automation for ‘some’ of the setup and maintain/modify manually: – http://docwiki.cisco.com/wiki/Openstack:Havana-Openstack-Installer – http://docwiki.cisco.com/wiki/OpenStack:Havana:All-in-One – http://puppetlabs.com/ – http://www.opscode.com/chef/ – https://juju.ubuntu.com/
• Automatic – Automate everything with Puppet, Chef, JuJu or turnkey automation stuff
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
High-Level Planning Summary • Deploy OpenStack in existing ‘pod’ or a new one?
• Hardware inventory – All rack servers, all blade servers, HW + VMs
• What app(s) do you plan to run in the new deployment?
• To multi-tenant or not? This is a functional and business topic as much as a technical one – Always deploy with multi-tenancy in mind
• IP address planning – NAT inside OpenStack? No NAT? Overlapping IPs?
• Automation choices
• Use a ‘pure’ OpenStack (only OpenStack projects) deployment or a hybrid deployment where you use some of what OpenStack offers and leverage 3rd party applications/management/monitoring services
• Knowing the limitations of current high-availability/disaster-recovery (HA/DR) models with OpenStack
• Other stuff we will talk about along the way ….
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
Network Decisions • OpenStack Networking
– http://docs.openstack.org/admin-guide-cloud/content/section_networking-scenarios.html – Many vendor plugins (OVS, Ryu, etc..) – Flat, Routers with NAT, VLAN Trunking, GRE, VXLAN
• Scale – VLAN number limitations for large tenant + networking environments – GRE-based – VPNaaS – Manual configuration in large full-mesh setup
• Network Tuning – Linux kernel, networking and vSwitch-specific (OVS) tuning is critical: – libvirt_type: kvm or qemu – vhost-net (‘modprobe vhost-net’):
http://www.linux-kvm.com/content/how-maximize-virtio-net-performance-vhost-net https://ask.openstack.org/en/question/6140/quantum-neutron-gre-slow-performance/
– Test Offload settings: ‘ethtool -K eth1 gro off’ - http://www.linuxcommand.org/man_pages/ethtool8.html
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
Which Networking Model?
• A few choices: Private Networks with Per-Tenant Routers, Provider Routers, Provider Network Extensions with VLANs (No NAT)
• Most enterprises use the VLAN model as they have no need for NAT within the OpenStack system – Most of their NAT stuff is on the edge (i.e. edge FW, SLB, Proxy, Routers)
• Very large enterprise deployments will run into VLAN numbering limitations when the system is deployed in a brownfield design (sharing VLANs with other PODs)
• Also, know that, today, a Neutron router-free deployment limits capabilities such as VPNaaS and/or LBaaS which depend on the L3-agent (Neutron router)
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
High Availability Decisions • Know what you don’t know
• Pick your release – HA matures on every release: Folsom (sucked for HA) -> Grizzly (getting better) -> Havana (MUCH better)– You may have to use other open source tools to get a complete system highly available
• Cisco HA design – http://docwiki.cisco.com/wiki/OpenStack_Havana_Release:_High-Availability_Manual_Deployment_Guide
• Automated using Compressed HA (3 nodes) or Full HA (redundant control nodes, swift proxies, swift storage nodes) - http://docwiki.cisco.com/wiki/Openstack:Havana-Openstack-Installer
• Many components are: – Databases: Options include MySQL-WSREP and Galera – Message Queue: RabbitMQ Clustering and RabbitMQ Mirrored Queues – API/Web services: HAProxy, Keepalived, traditional SLB – Swift proxy nodes: HAProxy, Keepalived, traditional SLB – Swift nodes: Architecturally designed to be available (i.e. multiple copies of objects) – Compute node: Nothing directly HA, but can use Migration for planned maintenance windows
• Puppet HA: Search “puppet master redundancy” or “masterless puppet” – you will land plenty of reading choices ;-)
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
High-Availability Multi-node “Provider Network Extensions” Design
Load-Balancers
Controllers
Compute
Swift Storage (Proxy & Storage nodes)
MGMT/CIMC/API Network
Public Network
Storage Network
CIMC CIMC
CIMC CIMC CIMC
CIMC CIMC CIMC
CIMC CIMC CIMC CIMC CIMC
eth0 eth0 eth0 eth0 eth0
eth0 eth0 eth0
eth0 eth0 eth0 eth0 eth0
eth1 eth1 eth1
eth1 eth1 eth1 eth1 eth1
DC/Internet
Service VIPs
23
Cisco Product Integration
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
Nexus – Support for OpenStack • Nexus 1000v
– Red Hat and Ubuntu - KVM – 512 servers per VSM and scaling to future with federations – VLAN - 4096, VXLAN – 16000 segments, 32000 ports, 300+ veths/vem – Enhanced VXLAN – No multicast requirement in a VSM and in future across VSMs – VSM on any hypervisor or Nexus1010 – NAT is supported/overlapping IP support http://www.cisco.com/c/en/us/support/switches/nexus-1000v-kvm/tsd-products-support-series-home.html
• Nexus 3000 and Higher – http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/data_sheet_c78-727737.html
• Cisco OpenStack Installer with Nexus Plugin: http://docwiki.cisco.com/wiki/OpenStack:Grizzly-Nexus-Plugin http://docwiki.cisco.com/wiki/OpenStack:_Havana:_2-Role_Nexus
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
Nexus Plugin Example Topology
• Stuff we care about in the user.common.yaml file that are relevant to the diagram: – Switch ports that connect to the eth1 on
each compute node – That the appropriate interface on the
controller is configured to trunk all of the same VLANs that will be used by instances (attached to eth1 on compute nodes)
– That the uplinks from ToR to Agg layer switches has all of the trunks/VLANs configured ahead of time
• Multiple ToR switches and host FEX setups are supported
compute- server01
compute- server02
Agg Layer
Trunk links: VLAN:500-600
eth0
control-server
eth0
eth1 eth1
eth0
eth1
e1/8
e1/9
Provider Networks(s): VLAN500: 192.168.250.0/24 VLAN501: 192.168.251.0/24 …
Mgmt Network
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
CISCO ACI & OpenStack Integration
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
OpenStack & UCS
• Cisco Unified Computing System™ (Cisco UCS®) running OpenStack technology can be used to build public, private, and hybrid cloud infrastructure.
• Built-in automation enables configurations to be deployed quickly, easily, and accurately.
• The Cisco UCS OpenStack Installer provides a validated installation for an active-active, highly scalable architecture for OpenStack services
• The Cisco UCS architecture allows you to easily add computing and storage resources as demand increases.
© 2014 Cisco and/or its affiliates. All rights reserved. BRKDCT-2367 Cisco Public
OpenStack Services from Cisco Advanced Services Problems Solved Key Deliverables Portfolio
Strategy and Assessment
Validation
Optimization
Design & Deployment
ü Pre-defined design ü Rapid installation & Test ü Lack of OpenStack skillsets
ü Experiment with OpenStack installation in your data center environment
Key Benefits
ü Pre-defined design ü Test plan ü Knowledge Transfer
ü Network Scale and High availability design
ü Storage Integration ü Cell deployment design
ü Accelerate production readiness
ü Optimally deployed on Cisco hardware
ü Understand role of OpenStack in your DC/Cloud strategy
ü Strategy Assessment high level roadmap and architecture
ü Prioritization of use cases
ü Is OpenStack the correct platform for my business
ü What are my key requirements for OpenStack?
ü How to create or add production safety, availability and scale to my openstack deployment.
ü Custom application assistance ü Topology and requirements
evolution
ü Design review ü Software Upgrade procedures ü Day 2 Support for Customized
deployments
ü Ensure deployment evolution ü Targeted support expertise for
your customized solution
Demo
Thank you.