© 2011 Cisco and/or its affiliates. All rights reserved. 1
Network Services Insertion Model
Edgar MaganaFolsom Summit 2012
http://wiki.openstack.org/QuantumServicesInsertionhttps://blueprints.launchpad.net/quantum/+spec/services-insertion-wrapper
© 2011 Cisco and/or its affiliates. All rights reserved. 2
Network Services Insertion
“It defines the way services will be inserted in the network, and the necessary configuration steps to
maintain them up and running along all possible changes on the customers
cloud infrastructure”
© 2011 Cisco and/or its affiliates. All rights reserved. 3
Network Services Insertion Modes
Gateway ServiceServer
Gateway
Service /Service Clusters
Server
In-Path Insertion
Out-of- Path Insertion
(Redirection)
© 2011 Cisco and/or its affiliates. All rights reserved. 4
1. Cloud Service Providers (CSPs) deploy and administrate services
© 2011 Cisco and/or its affiliates. All rights reserved. 5
2. Tenants deploy and administrate services
© 2011 Cisco and/or its affiliates. All rights reserved. 6
3. Cloud Service Providers deploy and maintain services but tenants administrate their functionality
© 2011 Cisco and/or its affiliates. All rights reserved. 7
Use Case:In-Path Service Insertioncreate_network (tenant_id, net_name) network-Xcreate_network (tenant_id, net_name) network-Ycreate_port (net_id, number_ports, tenant_id) Firewall…Creates the new networks and necessary ports nova boot (Firewall)nova boot (Tenant VMs)Instantiate both services from VM images plug_iface (tenent_id, net_id, port_id) From FW to Net-Xplug_iface (tenent_id, net_id, port_id) From FW to Net-Yplug_iface (tenent_id, net_id, port_id) From Net-Y to VMsplug_iface (tenent_id, net_id, port_id) From Net-X to GWRe-connects Network X and V as well as the new services
© 2011 Cisco and/or its affiliates. All rights reserved. 8
Services Insertion Library
Network Library to insert services using Quantum APIsCurrently has these operations:
insert_inpath_service <tenant_id> <service_image_id> <management_net_name> <northbound_net_name> <southbound_net_name>delete_service <tenant_id> <service_instance_id>connect_vm <tenant_id> <vm_image_id> <service_instance_id>disconnect_vm <vm_instance_id>
© 2011 Cisco and/or its affiliates. All rights reserved. 9
Demo Topology:In-Path Services
Client
Client-sideNetwork SouthBound
Network
WAN Emulator
11.10.10.10Web Server11.10.10.13
Wanemu-inNetwork
NorthBoundNetwork
Management Network
VLAN 1010.10.2.0/24
10.10.2.9610.10.2.95
© 2011 Cisco and/or its affiliates. All rights reserved. 10
Open Questions?
• Is there other services insertion modes available?
• Code location?
• Proper Nova APIs calls
• DB extension for persistency support
• Not going beyond simplifying virtual services insertion
• Should work with all plugins
• Horizon Integration ?
Top Related