OpenStack Summit Portland April 2013 talk - Quantum and EC2

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Cisco Confidential 1© 2012 Cisco and/or its affiliates. All rights reserved. 1© 2012 Cisco and/or its affiliates. All rights reserved.

Naveen Joy

Cloud Architect

ANALYZING CLOUD NETWORK ARCHITECTURES(OpenStack and EC2)

© 2012 Cisco and/or its affiliates. All rights reserved. 2

Know your presenter

Name: Naveen Joy

• 17+ years in IT• IT Operations (Networking & Sys Admin) - 15

yrs

• Development/ Python hacking - 2+ yrs


What is most important thing to all of us?


Getting to know you

•How many are new to OpenStack networking (Quantum) ?•How many are experts in Quantum?


Enterprise network architecture is evolving

Aggregation/Access

Compute

4x10GE 4x10GE

Services

Core

WAN Edge / DCI

Storage

TODAY


THE MOST DESIRABLE

ELASTIC SCALING

APIs FOR PROGRAMMABILITY

REDUCED COMPLEXITY

CONSISTENT POLICIES

CLOUD NETWORK FEATURES

HIGH AVAILABILITY


Challenges for an architect

What does the conceptual network architecture for a cloud look like?

Is it possible to transform my current network while preserving my existing investment?

How can I implement Networking as a Service reliably using OpenStack Quantum?


Aggregation/Access

Compute

4x10GE 4x10GE

Services

Core

WAN Edge / DCI

Storage

Application

Conceptual cloud network model

API

Imple

menta

tion

deta

ilAbstractNetwork

Properties

YourNetwork


Network Abstraction

It’s about

• Simplification – hiding unnecessary details

• Defining two roles – client + implementer

• Implementers can change without causing any changes in the client code

Network abstraction enables programmability

Client APIImplement

er

GENERAL Abstraction MODEL

QuantumClient

QuantumAPIs

Quantum Plugins

Quantum’s Model


Let’s peek into it!Quantum network abstraction model (tip of the iceberg)

Networkid:uuid-strname:stringadmin_state_up:boolstatus:stringsubnets:list(uuid-str)shared: booltenant_id:uuid-str

Subnetid:uuid-strnetwork_id:uuid-strname:stringip_version:intcidr:stringgateway_ip: stringdns_nameservers:list(str)allocation_pools:list(dict)host_routes:list(dict)enable_dhcp: booltenant_id:uuid-str

Portid:uuid-strnetwork_id:uuid-strname:stringadmin_state_up:boolstatus:stringmac_address:stringfixed_ips: list(dict)device_id:stringdevice_owner: stringtenant_id:uuid-str

*1

*

1

1

*


Quantum - logical architecture view

Client/Business Applications

API API APIAPI

Quantum Network Service layer

L2 (Folsom)L3 (Folsom)

Firewall (in-progress)

Load Balancer(Grizzly)

Network AbstractionVPN (in-progress) Other Services

PluginDB

[Network state]

plugin – network communication

NetworkInfrastructure Layer

Network Device 3

Network Device nNetwork Device 2

Network Device 1


Quantum Software ArchitectureOpen vSwitch plugin

QuantumExchange

OpenvSwitch

plugin-agent

dhcp-

agent

L3-agen

t

Performs vSwitchconfiguration on each host

Provides DHCP servicesto tenant networks using dnsmasq

RabbitMQ

Provides L3 routingNAT (SNAT)Floating IP (DNAT)

amqp

Quantum API Server

clientApp

Keystone Auth_toke

n middlewa

re

Keystone

Identity service

Quantum

OpenvSwitch

pluginmodule

DB

API Extension modules

(l3, LbaaS) LB-agen

t

Provides Load BalancingServices to tenantapplications

Queues

Driver

Driver

Driver

Driver

amqp


Quantum Software ArchitectureSDN model

External

Controller

cluster

Quantum API

Server

API client

Keystone Auth_toke

n middlewar

e

KeystoneIdentity service

Quantum

pluginmodule

DB

API Extenstion modules

(l3, LbaaS)

External Controlle

rclusters

DBnetwork infrastructure

vSwitch vSwitch

..

plugin to controller communication e.g. REST API Controller to Switch communication

e.g. OpenFlowAPI


How can Quantum be used to deliver reliable Network-as-a-Service using your existing network infrastructure e.g. Cisco UCS/Nexus gear?

No additional investment is necessary – except your time


Network deployment Models1: Single Flat Network ( Simple & stable deployment for folsom Good option if you are starting off with Quantum)

Quantum Network (name = hosting)5.0.0.0/22

Tenant1VM

5.0.0.3

Tenant2VM

5.0.0.4

gateway

Router

Tenant3VM

5.0.0.4

DHCP servic

e5.0.0.

2

Existing physical Router/L3 switch provides gateway services to VMs (Provider Managed Router)

5.0.0.1 (VLAN 10)

Compute Nodes

gateway

Router

SharedQuantumnetworkmappedto an existingVLAN on OpenvSwitch

Internet


Network Deployment2: Multiple Flat Networks (scale out of the previous model)

Red Net(Vlan Red)

5.1.1.0/24

TenantA

VM5.1.1.3

TenantB

VM5.2.2.3

gateway

Router

TenantCVM

5.3.3.3

L3 Gateway (Provider Managed)

Compute Nodes

gateway

Router

Blue Net(Vlan Blue)

5.2.2.0/24

Green Net(Vlan

Green)5.3.3.0/24

DHCPServic

e5.1.1.2

DHCPServic

e5.2.2.

2

DHCPService5.3.3.2

802.1q trunk to a network gatewayQuantum networks mapped to existing vlans

Internet

5.1.1.15.2.2.15.3.3.1


Network Deployment 3: Mixed Flat and tenant created networks (scale out network model with some tenant control)

gateway

Router

Physical Router/L3 switch provides gateway services (Provider Managed)

Compute Nodes

gateway

Router

private tenant created network

802.1q trunk to an external gateway

Red Net5.1.1.0/24

TenantA

VM10.1.1.

15.1.1.3

TenantB

VM5.2.2.3

TenantCVM

5.3.3.3

Blue Net5.2.2.0/24

Green Net5.3.3.0/24

DHCPServic

e5.1.1.

2

DHCPServic

e5.2.2.

2

DHCPServic

e5.3.3.

2TenantANetwork

10.1.1.0/24

TenantPrivate

VM10.1.1.2

Internet


Network Deployment4: Shared provider L3 Routers (Has scalability and availability issues in Folsom)

gateway

Router Physical Router/L3 switch provides gateway services to the virtual network layer (Provider Managed)

gateway

Router

Provider Managed(shared routers and subnets)External Network [L3 uplink]

20.1.1.0/24

Tenant1

VM10.1.1

.5

vRouter2 vRouter3

Tenant1 net10.1.1.0/24

Tenant2 net 10.1.2.0/24




Tenant2

VM10.1.2

.5

Tenant3

VM10.1.3

.5

Tenant1

VM10.1.4

.5

Tenant4

VM10.1.5

.5

vRouter1

network node

Internet


So, how do the previous Quantum network models compare with networking in EC2?

InternetGateway

Router

Default VPC

200.1.1.0/24

Internet

Tenant AInstance

1

200.1.1.1/24

Tenant BInstance

1

200.1.1.2/24

Short Answer: They are similar. Key Idea: Networking is abstracted from tenants


Network Deployment5: Per Tenant Routers (Has scalability and availability issues in Folsom) Tenants have the power to create and manage their routers, subnets and IPs

Tenant1

VM10.1.1.

5

gateway

Router

Physical Router/L3 switch provides gateway services to the virtual network layer (Provider Managed)

gateway

Router

vRouterTenant2

vRouterTenant3

Tenant created and managed vRouters and subnets

Tenant1 Web Net

10.1.1.0/24

Tenant1 DB Net

10.1.2.0/24

Tenant2 net110.1.2.0/24

Tenant3 Web Net

10.1.4.0/24

Tenant3 DB net

10.1.5.0/24

Tenant1

VM210.1.2.

5

Tenant2

VM10.1.2.

1

Tenant3

VM10.1.4.

5

Tenant3

VM10.1.5.

5

vRouterTenant1

network node

External Network [L3 uplink] 20.1.1.0/24

Internet


Is the per tenant router model similar to an Amazon VPC? Yes

InternetGateway

TenantRouter

VPC for tenant A

10.1.1.0/24 (tenant assigned IP network)

Internet

Instance2

10.1.1.3/24

Instance 1

10.1.1.2/24

Tenant has control over networking - Network isolation, subnets, elastic IPs and routing


Network Design• How many networks do we need for deploying Quantum?

Traffic generated by OpenStack components

AMQP and MySQL traffic, Nova to Quantum API calls etc.

Cloud Management traffic

ssh, monitoring, logging, puppet/chef etc.

Application Traffic between VMsvia overlay tunnels or vlans

VM communication with the Internet, floating IPs

Traffic generated by tenants interacting directly with Quantum API

Management network

Data network

API network

External network


Network Diagram

External

API

Data

Mgmt

Provider

gateway

Router /

Firewall

Internet

Tenants

Quantum API

server

Cloud Controllernova-api, nova-schedulerRabbitMQ/ MySQL

ComputeNodes

NetworkNodes


What about LBaaS?

Load Balancer

Front end protocol e.g. SSL

Pool Pool Members (e.g. Instances)

Back end protocol e.g. HTTP

HealthMonitor

ping/TCP/http/https

Tenant

VIP

App

App

App


LBaaS Service Insertion (available in Grizzly)

VM1

gateway

Router

Physical Router/L3 switch provides gateway services to the virtual network layer (Provider Managed)

gateway

Router

vRouterCoke

vRouterPepsi

Web Tier 10.1.1.0/24

External Network [L3 uplink]

App Tier10.1.2.0/24

Tenant2 net1

10.1.2.0/24

Tenant3 Tier1

10.1.4.0/24


Tenant2

VM10.1.2.

1

Tenant3

VM10.1.4.

5

Tenant3

VM10.1.5.

5

vRouterAcme

Network Nodes

LB

LB

VM2 VM3 VM1 VM2 VM3

web pool App pool

Internet

Compute Nodes


Architecting a service for the cloud

These three features are mandatory!• Design to handle failures• Loosely couple your

components• Implement elasticity


Closing thoughts•Quantum is evolving• Production deployment and operations is hard

• Plugins must be architected for the cloud

• Be aware of L3 scalability and reliability issues in Folsom

•Start slowly and do your research• Environments and requirements differe.g. Start off with the basic networking model shown in this deck

•Document your work

•Contribute to the community


Thank You

OpenStack Summit Portland April 2013 talk - Quantum and EC2

Technology

Transcript of OpenStack Summit Portland April 2013 talk - Quantum and EC2