DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with...

43
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS as an Auto-scaling VNF March, 2016 John Belamaric, Principal Architect

Transcript of DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with...

Page 1: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

DNS as an Auto-scaling VNF

March, 2016John Belamaric, Principal Architect

Page 2: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● What is DNS?○ DNS = Domain Name System○ Translates domain names (google.com) into IPs (173.194.206.100)

● What is auto-scaling?○ When demand increases, so does capacity○ When demand decreases, so does capacity○ Service IP address never changes during scaling

● What is a VNF?○ VNF = Virtualized Network Function○ A network service provided via a virtual machine○ An “instance” of Network Function Virtualization (NFV)○ Goal of NFV is to reduce or eliminate specialized network boxes○ Replacing them with VNFs

Introduction

Page 3: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● DNS is critical infrastructure○ When it fails, everything fails

● DNS is vulnerable to distributed denial-of-service (DDoS) attacks

● Traffic surges increase DNS capacity requirements○ At certain times of day○ During special events or seasonally○ At specific venues (trade shows, stadiums)

Why should we autoscale DNS?

Page 4: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● DNS = Domain Name System○ Translates domain names (google.com) into IPs (173.194.206.100)

● UDP-based protocol● Primary Authoritative Server

○ The “master” server with the IPs for a given zone (zone == domain)○ Edits to the zone records are made on the primary server

● Secondary Authoritative Server○ Replicates the primary data○ Still authoritative: it is not just a cache

■ Same administrative control as primary■ There is an NS record for it for the zone

● Caching Server○ Different administrative control than the primary and secondary servers

A mini DNS primer

Page 5: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

DNS Basics

Page 6: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

1. Primary and secondary DNS servers○ And a way to configure / reconfigure them during scaling○ We will scale secondary DNS

2. Shared IP Address

3. OpenStack Compute and Networking - Nova and Neutron○ To run and connect the VMs

4. OpenStack Telemetry - Ceilometer○ Monitors load○ Alarm on specified load conditions

5. OpenStack Orchestrator - Heat○ Responds to alarms○ Launch and configure VM to handle additional load○ Tear down VM when load decreases

Components for Auto-scaling DNS

Page 7: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● Infoblox grid○ Single point-of-control for all servers via the “grid master”○ Primary could be Infoblox, or other server○ Grid master configured with a name server group

■ Defines “primary + list of secondaries”○ In our case:

■ GM is primary■ Replicates to all secondaries in the group

● To add a new secondary server:○ Spin up VM and join grid as a member○ Add member to the name server group○ Grid automatically configures new server with appropriate zones

1. DNS Servers

Page 8: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Grid Members

Page 9: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Name Server Group

Page 10: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

10 | © 2013 Infoblox Inc. All Rights Reserved. 10 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Authoritative Zones

Page 11: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

11 | © 2013 Infoblox Inc. All Rights Reserved. 11 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Name Server Records

Page 12: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

12 | © 2013 Infoblox Inc. All Rights Reserved. 12 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● Option 1: LBaaS○ OpenStack Load Balancer-as-a-Service

● Pros○ Simple - no need to run routing protocols○ Fully integrated with OpenStack and its orchestration tools○ All software solution requires no special physical gear

● Cons○ Capacity limited by network nodes (DVR does not help)

● Showstopper: Only supports TCP, not UDP!

2. Shared IP: How?

Page 13: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

13 | © 2013 Infoblox Inc. All Rights Reserved. 13 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● Option 2: Anycast○ IP Routing method for one-to-nearest routing

● Pros○ No single chokepoint!○ Highly reliable and built into the network○ Actually works best with UDP

● Cons○ Requires appropriate routing infrastructure and configuration○ Requires advertising routes via BGP or OSPF routing protocols

2. Shared IP: How?

Page 14: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

14 | © 2013 Infoblox Inc. All Rights Reserved. 14 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● Option 3: Physical Load Balancer● Pros

○ Relatively simple - no need to run routing protocols● Cons

○ Capacity limited by load balancer○ Needs to be reconfigured on scale up or down○ Needs special physical gear

● But...I happened to have an old one sitting in my lab...

2. Shared IP: How?

Page 15: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

15 | © 2013 Infoblox Inc. All Rights Reserved. 15 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● Chosen for simpler demo○ No need to setup routing infrastructure and protocols

● But how do you automatically reconfigure the LB?○ In theory LBaaS can do this

■ Lack of UDP support is in API as well as reference implementation○ Infoblox NetMRI

■ Execute CLI scripts against network devices■ Jobs can be initiated via a Heat resource

2. Shared IP: Physical Load Balancer

Page 16: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

16 | © 2013 Infoblox Inc. All Rights Reserved. 16 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Load Balancer Pool - Before Auto-scaling

Page 17: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

17 | © 2013 Infoblox Inc. All Rights Reserved. 17 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● OpenStack Nova and Neutron

● Ideally○ Run DVR to avoid network node bottleneck○ Spread load across availability zones○ Spread load across regions

● Lab has only one availability zone and region

● Lab is running legacy routers not DVR

3. Compute and Networking

Page 18: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

18 | © 2013 Infoblox Inc. All Rights Reserved. 18 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Autoscale Project Network Topology

Page 19: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

19 | © 2013 Infoblox Inc. All Rights Reserved. 19 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

So, we still need:- 4. Telemetry- 5. Orchestration

Our story so far...

Page 20: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

20 | © 2013 Infoblox Inc. All Rights Reserved. 20 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

4. OpenStack Telemetry - Ceilometer

● Periodically polls the cloud and takes measurements

● Custom meters leverage SNMP on Infoblox appliances

● DNS queries-per-second (QPS)

● Polls from host network space

○ Floating IPs required

Page 21: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

21 | © 2013 Infoblox Inc. All Rights Reserved. 21 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Ceilometer CLI - Sample List - No Activity

Page 22: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

22 | © 2013 Infoblox Inc. All Rights Reserved. 22 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Generate Load

Page 23: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

23 | © 2013 Infoblox Inc. All Rights Reserved. 23 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Ceilometer CLI - Sample List - With Activity

Page 24: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

24 | © 2013 Infoblox Inc. All Rights Reserved. 24 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Ceilometer CLI - Alarms

Page 25: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

25 | © 2013 Infoblox Inc. All Rights Reserved. 25 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● Manages “stacks”○ Declarative set of inputs, resources, and outputs○ Captured in a YAML file○ Lifecycle: Create, Update, Delete○ Resource lifecycle mirrors stack lifecycle

● autoscale.yaml defines○ Autoscaling Group: members defined by autoscale-member.yaml○ Ceilometer Alarms: Criteria and action definition○ Scaling Policies: Specific action behavior for alarms

● autoscale-member.yaml defines○ Nova servers, ports, floating IPs for new members○ Gridmaster configuration for new members

■ Member pre-provisioning (GM can expect a member to join)■ Member licensing■ Member name server group entry

5. OpenStack Orchestration - Heat

Page 26: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

26 | © 2013 Infoblox Inc. All Rights Reserved. 26 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Heat Stacks - Before Scaling

Page 27: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

27 | © 2013 Infoblox Inc. All Rights Reserved. 27 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Heat Stack - autoscale

Page 28: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

28 | © 2013 Infoblox Inc. All Rights Reserved. 28 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Heat Stack - autoscale

Page 29: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

29 | © 2013 Infoblox Inc. All Rights Reserved. 29 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

FinalArchitecture

Page 30: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

30 | © 2013 Infoblox Inc. All Rights Reserved. 30 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Where were we….oh, yeah, “scale up alarm”

Page 31: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

31 | © 2013 Infoblox Inc. All Rights Reserved. 31 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Heat Stack - Member Group During Scaling

Page 32: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

32 | © 2013 Infoblox Inc. All Rights Reserved. 32 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Instances During Scaling

Page 33: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

33 | © 2013 Infoblox Inc. All Rights Reserved. 33 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Instance Console - During Scaling

Page 34: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

34 | © 2013 Infoblox Inc. All Rights Reserved. 34 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Grid - During Scaling

Page 35: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

35 | © 2013 Infoblox Inc. All Rights Reserved. 35 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Load Balancer - During Scaling

Page 36: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

36 | © 2013 Infoblox Inc. All Rights Reserved. 36 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

A few minutes later...

Page 37: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

37 | © 2013 Infoblox Inc. All Rights Reserved. 37 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Nova - After Scaling

Page 38: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

38 | © 2013 Infoblox Inc. All Rights Reserved. 38 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Project Topology - After Scaling

Page 39: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

39 | © 2013 Infoblox Inc. All Rights Reserved. 39 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Name Server Group - After Scaling

Page 40: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

40 | © 2013 Infoblox Inc. All Rights Reserved. 40 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Grid - After Scaling

Page 41: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

41 | © 2013 Infoblox Inc. All Rights Reserved. 41 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Load Balancer - After Scaling

Page 42: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

42 | © 2013 Infoblox Inc. All Rights Reserved. 42 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

Lower load per VM...and no more alarm!

Page 43: DNS as an Auto-scaling VNF - Meetupfiles.meetup.com/2979972/DNS Autoscaling with OpenStack...OpenStack Orchestrator - Heat Responds to alarms Launch and configure VM to handle additional

43 | © 2013 Infoblox Inc. All Rights Reserved. 43 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL

● Scripts and Code For this Demo○ https://github.com/infobloxopen/engcloud/tree/master/dns-vnf

● OpenStack, Heat, Ceilometer and LBaaS○ Search Amazon “OpenStack Cloud Application Development”○ http://www.amazon.com/OpenStack-Cloud-Application-Development-Adkins/dp/1119194318○ Autoscaling example using LBaaS in Chapter 6

● Adding Custom Ceilometer Meters○ https://www.packtpub.com/books/content/adding-custom-meter-ceilometer

● Adding Custom Heat Resources○ https://www.packtpub.com/books/content/building-custom-heat-resources

● OpenStack and SDN○ https://www.packtpub.com/books/content/openstack-and-software-defined-networking-0

More Info and Resources