Post on 24-May-2018
Enhancing Apache CloudStack Networking With
Copyright 2015 Alcatel-Lucent. All rights reserved.
Enhancing Apache CloudStack Networking With Nuage Networks SDN Solution
Kris SterckxCloudStack Development Lead at Nuage Networkskris.sterckx@nuagenetworks.net
Dublin, Oct. 9 2015
• Nuage VSP Architecture – Policy Driven SDN
• CloudStack NuageVsp Network Plugin
Apache CloudStack with Nuage Networks
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
2
• CloudStack Vpc Inline Load Balancer Plugin
• Next steps
• Nuage VSP Architecture – Policy Driven SDN
• CloudStack NuageVsp Network Plugin
Apache CloudStack with Nuage Networks
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
3
• CloudStack Vpc Inline Load Balancer Plugin
• Next steps
• Nuage Networks VSP brings Policy-driven SDN to the Cloud
• Multi-Hypervisor support – ESXi, KVM, XenServer• Containers support
Bare-metal support
Nuage Networks Virtualized Services Platform
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
4
• Bare-metal support• Multi-CMS support• OpenStack Icehouse/Juno/Kilo/Liberty/Mitaka support• CloudStack 4.3, 4.5 and 4.6* support
Cloud Service Management Plane
VirtualizedServicesDirectory
VirtualizedServicesController
Virtualized Services Directory (VSD)•Network Policy Engine – abstracts complexity•Service templates and analytics
Nuage NetworksVirtualized Services Platform (VSP)
MP-BGP
Nuage Networks Virtualized Services Platform
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
5
Datacenter Control Plane
ServicesController •Service templates and analytics
Virtual Routing & Switching (VRS)•Distributed switch / router – L2-4 rules•Integration of bare metal assets
Virtualized Services Controller (VSC)• SDN Controller, programs the network• Rich routing feature set
DatacenterData Plane
VirtualRouting & Switching
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
Brooklyn Datacenter - Zone 1
IP Fabric
Hardware GW for
Bare Metal
VXLAN tunneled
OpenFlow
dVRSdVRS dVRSdVRS
VSC VSCVMVM
VMVM
VMVM
VMVM
VMVM
VMVM
ACS HostACS Host ACS HostACS Host
Nuage Networks Virtualized Services Platform
• Distributed switching/routing
• Direct VM to VM communicationeverywhere • on same hypervisor• VXLAN tunneled across hypervisors• VR VM is not involved
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
6
DatacenterIP Underlay Network
Logical Network Drawing
RouterFW/NAT
VMVM
VMVM
VMVM
VLAN 1 VLAN 2 VLAN 3VMVM
VMVM
VMVM
Internet WAN
• VR VM is not involved
• Direct VXLAN(/MPLSoGRE) communicationto the PE/GW router (in the overlay)
• Or directly dropped to underlay
• We want to expose as much as possible the goodies of SDNto CloudStack
• CloudStack engineering team staffing featureswithin cross-functional teams
Nuage Networks CloudStack
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
7
within cross-functional teams
• Extensive test automation• Functional test (incl. Marvin)• Concurrency tests• Scale, Performance, Longevity tests
• Nuage VSP Architecture – Policy Driven SDN
• CloudStack NuageVsp Network Plugin
Apache CloudStack with Nuage Networks
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
8
• CloudStack Vpc Inline Load Balancer Plugin
• Next steps
Cloud Service Management Plane
VirtualizedServicesDirectory
Virtualized MP-BGP
Nu
ageVsp
Clien
tN
uageV
sp C
lient
CloudStack user Nuage VSP user (optional)
REST
Virtu
aliz
ed S
erv
ices P
latfo
rm
VSD
UI, API, cloudmonkey UI, API, vspk
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
9
NuageVspPlugin
NuageVspPlugin
Datacenter Control Plane
VirtualizedServicesController
DatacenterData Plane
VirtualRouting & Switching
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
Brooklyn Datacenter - Zone 1
Hardware GW for
Bare Metal
Nu
ageVsp
Clien
tN
uageV
sp C
lient
java
(Vpc)VRPlugin
(Vpc)VRPlugin
Virtu
aliz
ed S
erv
ices P
latfo
rm
VSC
VRS
OpenFlow
• Advanced Networking • Isolated Networks• Virtual Private Clouds
• Shared Networks
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
10
(Vpc)VRPlugin
(Vpc)VRPlugin
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing
NuageVspPlugin
NuageVspPlugin
VpcInlineLb PluginVpcInlineLb Plugin
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL
• VSP providing virtualnetworking w/ distributed routing
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
11
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL
• CS does the IP allocation;Plugin provisions VSP;The hypervisor VRS is the DHCP provider to the VM
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
12
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL
• Source NAT provisioningin VSP
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
13
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL
• Static NAT rulesprovisioning in VSP
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
14
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing
Both NAT’ing features are flexibleto be applied in the overlay orin the underlay (~ deployment use case)
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL• ACL Provisioning in VSP
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
15
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing
• ACL Provisioning in VSP
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
16
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing
• VRS forwards request to VR(based on metadata we inject)
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
17
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing
• VR is set as name server,programmed by DHCP options
CloudStack NuageVsp Network Plugin
• Supported Services• Virtual Networking• DHCP • Source NAT• Static NAT • Firewall • Network ACL
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
18
• Network ACL• Extensions to support enhanced networking capabilities
• User Data• DNS
• Public Load balancing• Realized through new plugin (see LB section)
Cloud Service Management Plane
VirtualizedServicesDirectory
Virtualized MP-BGP
Nu
ageVsp
Clien
tN
uageV
sp C
lient
Virtu
aliz
ed S
erv
ices P
latfo
rm
1. Launch instance
VSD
UI, API, cloudmonkey UI, API, vspk
Internal (Guest VM) DNS
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
19
NuageVspPlugin
NuageVspPlugin
Datacenter Control Plane
VirtualizedServicesController
DatacenterData Plane
VirtualRouting & Switching
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
Brooklyn Datacenter - Zone 1
Hardware GW for
Bare Metal
Nu
ageVsp
Clien
tN
uageV
sp C
lient
(Vpc)VRPlugin
(Vpc)VRPlugin
Virtu
aliz
ed S
erv
ices P
latfo
rm
1.2 Plugin provisionsVM interface in VSPw/ DHCP options forhost/domain name & name server = VR IP 1.3 Instance boots & obtains DHCP options
VSC
VRS1.1 VR provisionedw/ DNS entry
Cloud Service Management Plane
VirtualizedServicesDirectory
Virtualized MP-BGP
Nu
ageVsp
Clien
tN
uageV
sp C
lient
NuageVsp Plugin – VSP Audit-Sync
Virtu
aliz
ed S
erv
ices P
latfo
rm
@NuageVsp device : Audit/Sync
VSD
UI, API, cloudmonkey UI, API, vspk
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
20
NuageVspPlugin
NuageVspPlugin
Datacenter Control Plane
VirtualizedServicesController
DatacenterData Plane
VirtualRouting & Switching
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
Brooklyn Datacenter - Zone 1
Hardware GW for
Bare Metal
Nu
ageVsp
Clien
tN
uageV
sp C
lient
(Vpc)VRPlugin
(Vpc)VRPlugin
AUDIT :File inconsistencies
SYNC :Resolve inconsistencies
Virtu
aliz
ed S
erv
ices P
latfo
rm
VSC
VRSyaml
• Provide capabilities to the user which are present in VSP butnot yet in CloudStack
• Provides ability to customer to ‘customize’ their SDN experience
• VSP template used to instantiate L3 domain from CloudStack
Consuming advanced SDN
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
21
• Cloud Service Provider has the ability to turn on/off capabilities at the template level
• This behavior is pushed down to the network level
Cloud Service Management Plane
VirtualizedServicesDirectory
Virtualized MP-BGP
Nu
ageVsp
Clien
tN
uageV
sp C
lient
Virtu
aliz
ed S
erv
ices P
latfo
rm
1.2 Define SDN customization2. ACS provisioning
1. 1 Provision SDN template
VSD
UI, API, cloudmonkey UI, API, vspk
CloudStack user Nuage VSP user
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
22
NuageVspPlugin
NuageVspPlugin
Datacenter Control Plane
VirtualizedServicesController
DatacenterData Plane
VirtualRouting & Switching
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
HYPERVISORHYPERVISOR
Brooklyn Datacenter - Zone 1
Hardware GW for
Bare Metal
Nu
ageVsp
Clien
tN
uageV
sp C
lient
(Vpc)VRPlugin
(Vpc)VRPlugin
Virtu
aliz
ed S
erv
ices P
latfo
rm
2.1 VSPprovisioning*by plugin
2.2 Advanced functionality @control/data path
VSC
VRS
• Nuage VSP Architecture – Policy Driven SDN
• CloudStack NuageVsp Network Plugin
Apache CloudStack with Nuage Networks
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
23
• CloudStack Vpc Inline Load Balancer Plugin
• Next steps
Web tier
App tier
Public
InternetInternet
WS1WS1 WS2WS2
VRVR
lblb
Public Load Balancing – VR based
Public IPPublic IP
Copyright 2015 Alcatel-Lucent. All rights reserved.
24
10/11/2015
App tier
DB tier1. Allocate public IP2. Assign LB rules & VM’s
Public LB by HAproxy,
fixed
VRVR
Web tier
App tier
Public
InternetInternet
WS1WS1 WS2WS2
VRVR
LBLB
lblb
HAproxybut customizable
Public Load Balancing – VpcInlineLb based
Public IPPublic IP
vipvip
Copyright 2015 Alcatel-Lucent. All rights reserved.
25
10/11/2015
App tier
DB tier1. Allocate public IP2. Assign LB rules & VM’s
VRVR
>Orchestration of - Public IP to secondary IP static NAT- LB rule provisioning (vip = secondary IP)
Web tier
App tier
Public
InternetInternet
WS1WS1 WS2WS2HAproxybut customizable
LBLB
lblb
Public Load Balancing – SDN + VpcInlineLb based
vipvip
NuageNuagePublic IPPublic IP
Copyright 2015 Alcatel-Lucent. All rights reserved.
26
10/11/2015
App tier
DB tier1. Allocate public IP2. Assign LB rules & VM’s>Orchestration of
- Public IP to secondary IP static NAT- LB rule provisioning (vip = secondary IP)
NuageVRS
NuageVRS
Web tier
App tier
Public
InternetInternet
WS1WS1 WS2WS2
NuageNuage
lblb
Public Load Balancing – SDN + VpcInlineLb based
Public IPPublic IP
Copyright 2015 Alcatel-Lucent. All rights reserved.
27
10/11/2015
App tier
DB tier1. Allocate public IP2. Assign LB rules & VM’s
NuageVRS
NuageVRS
extra-VPC LB system tier
Allocating vip’sout of VPC CIDR LBLB
vipvip
• Nuage VSP Architecture – Policy Driven SDN
• CloudStack NuageVsp Network Plugin
Apache CloudStack with Nuage Networks
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
28
• CloudStack Vpc Inline Load Balancer Plugin
• Next steps
Next steps
• CS 4.6 support• CLOUDSTACK-8832 / PR #801 updates the NuageVsp plugin for the
latest Nuage VSP 3.2 release - pls review !
• Features on the Roadmap include :
Copyright 2015 Alcatel-Lucent. All rights reserved.
29
10/11/2015
• Features on the Roadmap include :• (Internal Load Balancer)• Port Forwarding• Remote Access VPN• Site-to-Site VPN• … and happy to hear your input!
Q&AApache CloudStack with Nuage Networks
Copyright 2015 Alcatel-Lucent. All rights reserved. 10/11/2015
30
Q&A
THANK YOU
Copyright 2015 Alcatel-Lucent. All rights reserved.
THANK YOU
Copyright 2015 Alcatel-Lucent. All rights reserved.