5 cisco open_stack

1 © 2013 Cisco and/or its affiliates. All rights reserved.

Srinivas Kavuri Sr. Director, Engineering

Sept 21, 2013

© 2013 Cisco and/or its affiliates. All rights reserved. 2 2 © 2013 Cisco and/or its affiliates. All rights reserved.

FORWARD-LOOKING STATEMENTS

This presentation contains projections and other forward-looking statements regarding future events or the future financial performance of Cisco, including future operating results. These projections and statements are only predictions. Actual events or results may differ materially from those in the projections or other forward-looking statements. Please see Cisco’s filings with the SEC, including its most recent filings on Form 10-K and 10-Q, for a discussion of important risk factors that could cause actual events or results to differ materially from those in the projections or other forward-looking statements


Build Point Solutions Build Infrastructure Offering

Emergence of Public/Private Clouds

Business Need

Silo Silo Silo

Applications

Servers

Network

Storage

Ethernet, FC, Ip

Manual

Project-

based

Vertical

solutions

Business Need

Virtualization-

Aware Network

Auto

matio

n

Applications

IT Service

Holistic Solution

Virtualized Shared Resource Pool

Storage

Cisco UCS

Cisco Nexus

IT as a Service Model ….

© 2013 Cisco and/or its affiliates. All rights reserved. 4

PHYSICAL

WORKLOAD

VIRTUAL

WORKLOAD

CLOUD

WORKLOAD

• One app per Server

• Static

• Manual provisioning

• Many apps per Server

• Mobile

• Dynamic provisioning

• Multi-tenant per Server

• Elastic

• Automated Scaling

HYPERVISOR VDC-1 VDC-2

CONSISTENCY: Policy, Features, Security, Management

Nexus 1000V, VM-FEX

Virtual WAAS, VSG*, ASA 1000V**

UCS for Virtualized Workloads

Nexus 7K/5K/3K/2K

WAAS, ASA, NAM

UCS for Bare Metal

* Virtual only, ** Announced

Cloud Services Router (CSR) ASR

Switching

Routing

Services

Compute


System Center Open Source vCloud Director/

DynamicOps

Cisco Multi-Hypervisor and Multi-Orchestrator Strategy Cloud Infrastructure Stacks Supported

Hypervisor

Virtualized

Infrastructure

CIAC

vSphere, Hyper-V, Xen, KVM

Integrated Stacks

COMPUTE NETWORK STORAGE

UCS Blades

UCS Racks

Nexus 1K

Nexus 2/3/5/6/7K

MDS

Partner Products (EMC,

NetApp)

NSM

Nexus 1KV

vPath

vSphere

NSM

Nexus 1KV

vPath

Hyper-V

NSM

Nexus 1KV

vPath

Open Source (Xen, KVM)

NSM

Nexus 1KV

vPath Virtual Network

Infrastructure

Cloud

Management


• IT organizations choose OpenStack to avoid vendor lock-in

• Ideal for Internal Software teams

• Almost all major IT companies participating

• More than 180 companies, 6000 individuals

• Foundational element of a Software Defined Infrastructure

• Extends Software Defined Networks in to the cloud

Open source software that allows anyone to build a public or private cloud

• Cisco is a board member

• Cisco’s Cloud CTO, Lew Tucker is Vice-Chair

SDI

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=xYijklN6dhxCfM&tbnid=tDpeBm-hqpwuAM:&ved=0CAgQjRwwADiFAQ&url=http://www.varigence.com/Biml&ei=hl-_UZa-IOP-igKoqoHQDQ&psig=AFQjCNFXRrPQRnfAx56hylnpKd52XcQn7A&ust=1371582726594861

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=NSjxEaJJ-Y6e_M&tbnid=Bx8ahV4D3JueAM:&ved=0CAgQjRwwADhB&url=http://membershipexpert.com/growing-your-community/&ei=kWS_UbynM8T8iwLuv4HoCw&psig=AFQjCNEX_o_WB37FP_3HMsHvkxjOdJOV8Q&ust=1371584017872546

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=3i8rPB9G0ao6_M&tbnid=S8xjETVp-PzkSM:&ved=0CAgQjRwwAA&url=http://www.cloudconnectevent.com/cloud-computing-conference/keynote-speakers.php&ei=GGW_UarnM6THiwLSpoDoCw&psig=AFQjCNEXR6pqwzzf5eUQrJA0dzNnqg_oIQ&ust=1371584152882372

http://www.google.com/url?sa=i&source=images&cd=&cad=rja&docid=Gs0_amg7NAN4nM&tbnid=I4ypuuerxXWp6M:&ved=0CAgQjRwwADgJ&url=http://www.nmedia.net/chris/2012/10/cisco-bashes-huawei-cuts-ties-with-zte/&ei=Ema_UY-VEuyzigLwooDADw&psig=AFQjCNEBTYKLC2YqIhb-ciiMAw5SWodjHw&ust=1371584402365044


OpenStack Compute (Nova) Software to provision virtual machines on server hardware at massive scale

OpenStack Object Storage (Swift) Software to reliably store billions of objects distributed across

locally attached storage

OpenStack Image Service (Glance) Services for discovering, registering, and retrieving virtual machine images


OpenStack Dashboard (Horizon) A self-service web portal to allow administrators and users to manage OpenStack resources

OpenStack Identity (Keystone) Provides “unified authentication” across all OpenStack projects and integrates with 3rd party authentication systems

OpenStack Network Service (Neutron) Provides “network connectivity as a service” between devices managed by other OpenStack services


Innovation in Cloud Computing through OpenStack’s Network Service and Cisco’s Open Network Environment (SDN)

OpenStack

Compute (Nova)

OpenStack

Networking (Neutron)

OpenStack

Storage (Swift)

a Controllers

and Agents

Cisco ONE Controller SW

Openflow Agents

Virtual

Overlays

VXLAN Gateway, Openstack,

Service Chaining

CSR 1KV

Platform

APIs

One Platform Kit (onePK)

on ISR G2, ASR 1K

Applications each see

their own logical DC

API-driven

Open Cloud Platform

Programmable

Infrastructure

VM VM

VM

VM VM

VM VM


• Public/private clouds

• Extend cloud model for rapid provisioning of network services

• Drive innovation through real-world use cases

Cisco Engineering

Customers

Community Participation

• Cisco OpenStack Installer

• Plug-ins for Cisco networking technology

• Plugins for Cisco Virtual Networking and Services

• UCS systems

• Cisco Intelligent Automation/orchestration

• Cross Cisco collaborations

• OpenStack Foundation Board member

• Neutron Core Community Member

• Focus on Network Service, Compute Service and Dashboard

• HA and automation for large scale production


Cisco Nexus 1000v Neutron plugin

Neutron Client Port and Policy profile extensions

Horizon support for Cisco N1Kv plugin

N1Kv Cisco Neutron plugin multi segment/trunk support

VXLAN and LISP support to OpenvSwitch Plugin

OpenStack TOR L3 Networking using Cisco Nexus plugin (SVI)

Cisco plugin Provider Network support

Modular layer 2 (ML2) plugin mechanism driver for Nexus

Modular layer 2 (ML2) plugin type driver for VXLAN support

Firewall as a Service (FWaaS) Agent

Layer 3 routing agent for routers

VPNaaS Documentation

https://blueprints.launchpad.net/quantum/+spec/cisco-plugin-n1k-support

https://blueprints.launchpad.net/neutron/+spec/cisco-n1k-neutron-client

https://blueprints.launchpad.net/horizon/+spec/horizon-cisco-n1k

https://blueprints.launchpad.net/neutron/+spec/multi-segment-and-trunk-support-cisco-nexus1000v



https://blueprints.launchpad.net/neutron/+spec/ovs-vxlan-lisp-tunnel




https://blueprints.launchpad.net/quantum/+spec/cisco-plugin-svi

https://blueprints.launchpad.net/quantum/+spec/provider-network-extensions-cisco



https://blueprints.launchpad.net/neutron/+spec/ml2-md-cisco-nexus

https://blueprints.launchpad.net/neutron/+spec/ml2-md-cisco-nexus

https://review.openstack.org/

https://review.openstack.org/

https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-agent

https://blueprints.launchpad.net/quantum/+spec/quantum-fwaas-agent

https://blueprints.launchpad.net/neutron/+spec/quantum-l3-routing-plugin

https://bugs.launchpad.net/openstack-api-site/+bug/1203865




• In simple terms, it’s an installer that allows you to quickly set up a manageable OpenStack cloud.

• Includes not only all OpenStack core components, but also tools to help you manage and monitor your cloud.

• Capable of handling bring-up all the way from bare metal.

• Simple installation procedure for novices, full Puppet code available for tweaking/addition by advanced users.

• A solution validated by Cisco testing.


Administrator

Horizon dashboard

Neutron

(network as a service)

Compute-Node • Nova-compute

• Neutron plugin Agent

Glance

(Image repository for VMs)

Build-node

• Cobbler

• Puppet

• NTP server

• Monitoring server

(Nagios, collectd,

Graphite)

Openstack Cluster

Compute-Node • Nova-compute

• Neutron Plugin Agent

Controller-Node • Neutron-server

• Nova-api

• Nova-scheduler

• Keystone

• RobbitMQ

• MySQL


• A delivery vehicle that allows us to provide OpenStack, features & software to customers and app developers

• A reference platform for how to deploy OpenStack in the real world

• An easy way to get started with OpenStack

• A way for customers to learn from our real-world OpenStack experiences

• A way to get:

• OpenStack installation automated by Puppet

• Monitoring tools to help manage your cloud (Nagios, Collectd, Graphite)

• Configuration management via Puppet

• Neutron-enabled multi-node installation tested on Cisco hardware

• New features before an upstream release


NOT • An OpenStack “distribution”

• TAC-supported software

• SKU-able, sellable software

• A version of OpenStack that contains Cisco proprietary add-ons

• A direct competitor to Red Hat RDO, Ubuntu, Rackspace Alamo, etc

• What you should install if you’re developing new OpenStack features (use DevStack for that)


For more Information please visit: http://docwiki.cisco.com/wiki/OpenStack


Clients Neutron Service Backend Networks

Physical and Virtual


• Cisco Nexus plugin amongst the first plugins to be available in OpenStack Networking

• Cisco Nexus Openstack Networking plugin – in Grizzly OpenStack release

• Features:

Orchestration with OpenStack dashboard – Horizon

Works with Nexus 3k/5k/6k/7k

Configures multiple physical Nexus switches

Dynamic VLAN provisioning

Efficient allocation of VLAN resource

VLAN features on Nexus used by plugin (Creation, Deletion Update)

• Datasheet

• Nexus Plugin Installation instructions

• Cisco OpenStack Website

https://github.com/openstack/quantum/tree/stable/grizzly/quantum/plugins/cisco/nexus

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/data_sheet_c78-727737.html

https://wiki.openstack.org/wiki/Cisco-quantum



http://www.cisco.com/web/solutions/openstack/index.html


Host Host

Network

Admin

Server

Admin

Host Host

The rest of the network…

vSwitch vSwitch vSwitch vSwitch

VMs on Wrong

VLANs!

No Network Visibility or

Control!

Unchaperoned VM-

to-VM

communication!

No Policy and

VLAN control!

Server Admin

must handle

network

configuration


Host Host

Network

Admin

Server

Admin

Host Host

Distributed Switch managed by

Network Admin

Server Admin

freed from

networking

configuration

Clear Configuration

Boundaries

Transparent Monitoring

Boundaries


1. When VMs move across physical ports—the network policy must follow them (across racks, PODS, DCs)

2. Must view or apply network/security policy to locally switched traffic

3. Need to maintain segregation of duties while ensuring non-disruptive operations

Port Group

Server Admin

Network Admin

Security

Admin


Modular Switch

… Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Back P

lane

Server 1 Server 2 Server 3

Comparison to a Physical Switch

Network

Admin

Server

Admin


Modular Switch

… Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Back P

lane

Moving to a Virtual Environment

Network

Admin

Server

Admin

Hypervisor Hypervisor Hypervisor



Modular Switch

… Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Back P

lane

Supervisors Virtual Supervisor Modules (VSMs)

VSM1

VSM2

Virtual Appliance

VSM: Virtual Supervisor Module

Network

Admin

Server

Admin



Modular Switch

… Linecard-N

Supervisor-1

Supervisor-2

Linecard-1

Linecard-2

Back P

lane

Linecards Virtual Ethernet Modules (VEMs)

VEM-N VEM-1 VEM-2


VEM: Virtual Ethernet Module

VSM1

VSM2

Virtual Appliance

Network

Admin

Server

Admin



VSM + VEMs = Nexus 1000 Virtual Chassis

VEM-N VEM-1 VEM-2


VEM: Virtual Ethernet Module

vEth: Virtual Ethernet port

• 300+ vEth ports per VEM

• 6K vEths per N1K domain

• 128 VEMs per N1K domain (connected by L2 or L3)

L2 M

ode

L3 M

ode

VSM1

VSM2

Virtual Appliance


WAN

Router

Servers

Tenant A ASA 1000V

Cloud

Firewall

Nexus 1000V Physical Infrastructure

Virtualized/Cloud Data Center

vWAAS

Cisco Virtual

Security

Gateway

Switches

Cloud Network Services

Citrix

NetScaler

VPX

Imperva

SecureSphere

WAF Cloud

Services

Router 1000V

Zone A

Zone B

vPath VXLAN

Multi-Hypervisor (VMware, Microsoft, RedHat*, Citrix*)

Nexus 1000V (Dist. Virtual Switch)

• Distributed switch

• NX-OS consistency

VSG (Zone-based FW)

• VM-level controls

• Zone-based FW

ASA 1000V (Cloud FW)

• Edge firewall, VPN

• Protocol Inspection

vWAAS (WAN Optimization)

• WAN optimization

• Application traffic

8500+ Customers Available Now Available Now Available Now

CSR 1000V (Cloud Router)

• WAN L3 gateway

• Routing and VPN

Available Now

Ecosystem Services

• Citrix NetScaler VPX virtual ADC

• Imperva Web App. FW

Available 2H 2013

vNAM (Network Analytics)

• App Visibility (L2-L7)

• Overlay Intelligence (OTV, VXLAN, FP**)

PoC: 1H 2013

Network

Analysis

Module

(vNAM)


• Dedicated NX-OS appliance for hosting virtual services

Two form factors: 1110-S, 1110-X

Up to 10 virtual services can be hosted

• Simplifies lifecycle management of virtual services

Network/security team can deploy, upgrade, manage

• Virtual services currently supported

Nexus 1000V virtual supervisor modules (VSMs), Network Analysis Module (NAM)

Virtual Security Gateway (VSG), Data Center Network Manager (DCNM)

Nexus 1110: UCS C220/M3 Physical Appliance:

• CPU: 2 * Intel Sandy Bridge, 16 cores total

• RAM: 32 or 64 GB

• HDD: 2 or 4 TB

• Network I/O: 6 x 1 GbE or

6 x 1 GbE + 2 x 10 GbE

VSM VSM

VSM VSG NAM

DCNM

Nexus 1100 Series Announcement: Sept 13th, 2012 (FAQ, Blog, Nexus 1010 EoL notice)

Availability: Later in Nov

(Due to component lead issues)

http://savtg.cisco.com/index.php?option=com_attachments&task=download_unsecure&attachmentid=4166

http://blogs.cisco.com/datacenter/cisco-announces-new-nexus-1100-series-virtual-services-appliances/

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/eol_C51-716591.html





• VEM on KVM Hypervisor

• VSM can run as VM on KVM or on N1110.

• Leverages OVS (open vSwitch) for flow-based traffic switching

• Openstack for creating, managing Virtual Machines

• Puppet for installing VEMs

• VXLAN-VLAN Gateway : to bridge traditional networks to virtual networks


Quantum VM-Network (PortID)

OpenStack Neutron

Admin

Port is created in VSM

VLAN 1-4095

VLAN 100

VLAN 100 Policy

Profile

(VSM)

Project/Tenant A

Compute Node + VEM

Nexus 1000V – VSM

VM-Network

192.168.10.0/24 for

VLAN 100

Create Network Profile Type

VXLAN | VLAN (Pool created and

assigned to tenant)

Create Network (Tenant Self Create)

Create Subnet (Assign IP Pool)

Create Port using network and

policy (Created when VM

is instantiated)


• Allows YOU to define the “to-be” server, NOT settle for the “as is” server

• Configure once then reuse

• Templates as Best practices

• Created through Cisco UCS Manager

NIC MACs

HBA WWNs

Server UUID

VLAN Assignments

VLAN Tagging

FC Fabrics Assignments

FC Boot Parameters

Number of vNICs

Boot order

PXE settings

IPMI Settings

Number of vHBAs

QoS

Call Home

Template Association

Org & Sub Org Assoc.

Server Pool Association

Statistic Thresholds

BIOS scrub actions

Disk scrub actions

BIOS firmware

Adapter firmware

BMC firmware

RAID settings

Advanced NIC settings

Serial over LAN settings

BIOS Settings

More….

SERVICE PROFILE

LAN

SAN


C-Series Rack Optimized Servers

B-Series Blade Servers

Service Profile: HR_App1

VNIC1

MAC: 08:00:69:02:01:2E

HR_WEB_VLAN (ID=50)

VNIC2

MAC: 08:00:69:02:01:2F

HR_DB_VLAN (ID=210)

HBA 1 and 2

WWN: 5080020000075740

WWN: 5080020000075741

VSAN ID: 12

Boot Order: SAN

BIOS Settings:

Turbo On

HyperThreading On

UCS Service Profile Unified Device Management

Network Policy

Storage Policy

Server Policy

UCS Manager

Policy Driven Compute Provisioning + Open XML API


Chassis/Server Discovery Service Profile Association PXE boot devices deployed

Cobbler database update

Register Nodes Provision UCS Servers

Updates the newly added node info in puppet Puppet apply Add hosts/system in OpenStack

Event Listener

PXE boot for initial OS install RHEL 6.4 installation on bare-metal servers Sync all the plugins from Puppet Master

Host OS Install

Inventory of nova nodes on controller VM Provisioning OpenStack Services Deployment

OpenStack Handover

Hostname / IP address Logical credentials Resource allocation preferences Only Point of User Touch

Pre-configure UCS


4. PXE Boot 5. Puppet sync

1. Read conf file

2. Apply policies

3. Update Puppet/Cobbler DB

Build Node

Control

Node

Compute Nodes (nova-

compute, libvirtd)

(glance, scheduler,

API-deamons)


Policy Driven, Automated bare metal bring up of OpenStack setup

Seamless integration with existing UCSM tools

Scripted configuration of OpenStack components using UCSM Python SDK

Puppet, Cobbler driven configuration of OpenStack services

Easy deployment of multi-node OpenStack systems across UCS chassis

Dynamic provisioning of compute nodes via UCSM based Event Listener

Physical and Virtual Network Services with Nexus

More information at www.cisco.com/go/OpenStack

5 cisco open_stack

Technology

Transcript of 5 cisco open_stack