OpenStack Summit Portland April 2013 talk - Quantum and EC2
-
Upload
naveen-joy -
Category
Technology
-
view
987 -
download
1
description
Transcript of OpenStack Summit Portland April 2013 talk - Quantum and EC2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Cisco Confidential 1© 2012 Cisco and/or its affiliates. All rights reserved. 1© 2012 Cisco and/or its affiliates. All rights reserved.
Naveen Joy
Cloud Architect
ANALYZING CLOUD NETWORK ARCHITECTURES(OpenStack and EC2)
© 2012 Cisco and/or its affiliates. All rights reserved. 2
Know your presenter
Name: Naveen Joy
• 17+ years in IT• IT Operations (Networking & Sys Admin) - 15
yrs
• Development/ Python hacking - 2+ yrs
© 2012 Cisco and/or its affiliates. All rights reserved. 3
What is most important thing to all of us?
© 2012 Cisco and/or its affiliates. All rights reserved. 4
Getting to know you
•How many are new to OpenStack networking (Quantum) ?•How many are experts in Quantum?
© 2012 Cisco and/or its affiliates. All rights reserved. 5
Enterprise network architecture is evolving
Aggregation/Access
Compute
4x10GE 4x10GE
Services
Core
WAN Edge / DCI
Storage
TODAY
© 2012 Cisco and/or its affiliates. All rights reserved. 6
THE MOST DESIRABLE
ELASTIC SCALING
APIs FOR PROGRAMMABILITY
REDUCED COMPLEXITY
CONSISTENT POLICIES
CLOUD NETWORK FEATURES
HIGH AVAILABILITY
© 2012 Cisco and/or its affiliates. All rights reserved. 7
Challenges for an architect
What does the conceptual network architecture for a cloud look like?
Is it possible to transform my current network while preserving my existing investment?
How can I implement Networking as a Service reliably using OpenStack Quantum?
© 2012 Cisco and/or its affiliates. All rights reserved. 8
Aggregation/Access
Compute
4x10GE 4x10GE
Services
Core
WAN Edge / DCI
Storage
Application
Conceptual cloud network model
API
Imple
menta
tion
deta
ilAbstractNetwork
Properties
YourNetwork
© 2012 Cisco and/or its affiliates. All rights reserved. 9
Network Abstraction
It’s about
• Simplification – hiding unnecessary details
• Defining two roles – client + implementer
• Implementers can change without causing any changes in the client code
Network abstraction enables programmability
Client APIImplement
er
GENERAL Abstraction MODEL
QuantumClient
QuantumAPIs
Quantum Plugins
Quantum’s Model
© 2012 Cisco and/or its affiliates. All rights reserved. 10
Let’s peek into it!Quantum network abstraction model (tip of the iceberg)
Networkid:uuid-strname:stringadmin_state_up:boolstatus:stringsubnets:list(uuid-str)shared: booltenant_id:uuid-str
Subnetid:uuid-strnetwork_id:uuid-strname:stringip_version:intcidr:stringgateway_ip: stringdns_nameservers:list(str)allocation_pools:list(dict)host_routes:list(dict)enable_dhcp: booltenant_id:uuid-str
Portid:uuid-strnetwork_id:uuid-strname:stringadmin_state_up:boolstatus:stringmac_address:stringfixed_ips: list(dict)device_id:stringdevice_owner: stringtenant_id:uuid-str
*1
*
1
1
*
© 2012 Cisco and/or its affiliates. All rights reserved. 11
Quantum - logical architecture view
Client/Business Applications
API API APIAPI
Quantum Network Service layer
L2 (Folsom)L3 (Folsom)
Firewall (in-progress)
Load Balancer(Grizzly)
Network AbstractionVPN (in-progress) Other Services
PluginDB
[Network state]
plugin – network communication
NetworkInfrastructure Layer
Network Device 3
Network Device nNetwork Device 2
Network Device 1
© 2012 Cisco and/or its affiliates. All rights reserved. 12
Quantum Software ArchitectureOpen vSwitch plugin
QuantumExchange
OpenvSwitch
plugin-agent
dhcp-
agent
L3-agen
t
Performs vSwitchconfiguration on each host
Provides DHCP servicesto tenant networks using dnsmasq
RabbitMQ
Provides L3 routingNAT (SNAT)Floating IP (DNAT)
amqp
Quantum API Server
clientApp
Keystone Auth_toke
n middlewa
re
Keystone
Identity service
Quantum
OpenvSwitch
pluginmodule
DB
API Extension modules
(l3, LbaaS) LB-agen
t
Provides Load BalancingServices to tenantapplications
Queues
Driver
Driver
Driver
Driver
amqp
© 2012 Cisco and/or its affiliates. All rights reserved. 13
Quantum Software ArchitectureSDN model
External
Controller
cluster
Quantum API
Server
API client
Keystone Auth_toke
n middlewar
e
KeystoneIdentity service
Quantum
pluginmodule
DB
API Extenstion modules
(l3, LbaaS)
External Controlle
rclusters
DBnetwork infrastructure
vSwitch vSwitch
..
plugin to controller communication e.g. REST API Controller to Switch communication
e.g. OpenFlowAPI
© 2012 Cisco and/or its affiliates. All rights reserved. 14
How can Quantum be used to deliver reliable Network-as-a-Service using your existing network infrastructure e.g. Cisco UCS/Nexus gear?
No additional investment is necessary – except your time
© 2012 Cisco and/or its affiliates. All rights reserved. 15
Network deployment Models1: Single Flat Network ( Simple & stable deployment for folsom Good option if you are starting off with Quantum)
Quantum Network (name = hosting)5.0.0.0/22
Tenant1VM
5.0.0.3
Tenant2VM
5.0.0.4
gateway
Router
Tenant3VM
5.0.0.4
DHCP servic
e5.0.0.
2
Existing physical Router/L3 switch provides gateway services to VMs (Provider Managed Router)
5.0.0.1 (VLAN 10)
Compute Nodes
gateway
Router
SharedQuantumnetworkmappedto an existingVLAN on OpenvSwitch
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. 16
Network Deployment2: Multiple Flat Networks (scale out of the previous model)
Red Net(Vlan Red)
5.1.1.0/24
TenantA
VM5.1.1.3
TenantB
VM5.2.2.3
gateway
Router
TenantCVM
5.3.3.3
L3 Gateway (Provider Managed)
Compute Nodes
gateway
Router
Blue Net(Vlan Blue)
5.2.2.0/24
Green Net(Vlan
Green)5.3.3.0/24
DHCPServic
e5.1.1.2
DHCPServic
e5.2.2.
2
DHCPService5.3.3.2
802.1q trunk to a network gatewayQuantum networks mapped to existing vlans
Internet
5.1.1.15.2.2.15.3.3.1
© 2012 Cisco and/or its affiliates. All rights reserved. 17
Network Deployment 3: Mixed Flat and tenant created networks (scale out network model with some tenant control)
gateway
Router
Physical Router/L3 switch provides gateway services (Provider Managed)
Compute Nodes
gateway
Router
private tenant created network
802.1q trunk to an external gateway
Red Net5.1.1.0/24
TenantA
VM10.1.1.
15.1.1.3
TenantB
VM5.2.2.3
TenantCVM
5.3.3.3
Blue Net5.2.2.0/24
Green Net5.3.3.0/24
DHCPServic
e5.1.1.
2
DHCPServic
e5.2.2.
2
DHCPServic
e5.3.3.
2TenantANetwork
10.1.1.0/24
TenantPrivate
VM10.1.1.2
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. 18
Network Deployment4: Shared provider L3 Routers (Has scalability and availability issues in Folsom)
gateway
Router Physical Router/L3 switch provides gateway services to the virtual network layer (Provider Managed)
gateway
Router
Provider Managed(shared routers and subnets)External Network [L3 uplink]
20.1.1.0/24
Tenant1
VM10.1.1
.5
vRouter2 vRouter3
Tenant1 net10.1.1.0/24
Tenant2 net 10.1.2.0/24
Tenant3 net10.1.3.0/24
Tenant1 net10.1.4.0/24
Tenant4 net10.1.5.0/24
Tenant2
VM10.1.2
.5
Tenant3
VM10.1.3
.5
Tenant1
VM10.1.4
.5
Tenant4
VM10.1.5
.5
vRouter1
network node
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. 19
So, how do the previous Quantum network models compare with networking in EC2?
InternetGateway
Router
Default VPC
200.1.1.0/24
Internet
Tenant AInstance
1
200.1.1.1/24
Tenant BInstance
1
200.1.1.2/24
Short Answer: They are similar. Key Idea: Networking is abstracted from tenants
© 2012 Cisco and/or its affiliates. All rights reserved. 20
Network Deployment5: Per Tenant Routers (Has scalability and availability issues in Folsom) Tenants have the power to create and manage their routers, subnets and IPs
Tenant1
VM10.1.1.
5
gateway
Router
Physical Router/L3 switch provides gateway services to the virtual network layer (Provider Managed)
gateway
Router
vRouterTenant2
vRouterTenant3
Tenant created and managed vRouters and subnets
Tenant1 Web Net
10.1.1.0/24
Tenant1 DB Net
10.1.2.0/24
Tenant2 net110.1.2.0/24
Tenant3 Web Net
10.1.4.0/24
Tenant3 DB net
10.1.5.0/24
Tenant1
VM210.1.2.
5
Tenant2
VM10.1.2.
1
Tenant3
VM10.1.4.
5
Tenant3
VM10.1.5.
5
vRouterTenant1
network node
External Network [L3 uplink] 20.1.1.0/24
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. 21
Is the per tenant router model similar to an Amazon VPC? Yes
InternetGateway
TenantRouter
VPC for tenant A
10.1.1.0/24 (tenant assigned IP network)
Internet
Instance2
10.1.1.3/24
Instance 1
10.1.1.2/24
Tenant has control over networking - Network isolation, subnets, elastic IPs and routing
© 2012 Cisco and/or its affiliates. All rights reserved. 22
Network Design• How many networks do we need for deploying Quantum?
Traffic generated by OpenStack components
AMQP and MySQL traffic, Nova to Quantum API calls etc.
Cloud Management traffic
ssh, monitoring, logging, puppet/chef etc.
Application Traffic between VMsvia overlay tunnels or vlans
VM communication with the Internet, floating IPs
Traffic generated by tenants interacting directly with Quantum API
Management network
Data network
API network
External network
© 2012 Cisco and/or its affiliates. All rights reserved. 23
Network Diagram
External
API
Data
Mgmt
Provider
gateway
Router /
Firewall
Internet
Tenants
Quantum API
server
Cloud Controllernova-api, nova-schedulerRabbitMQ/ MySQL
ComputeNodes
NetworkNodes
© 2012 Cisco and/or its affiliates. All rights reserved. 24
What about LBaaS?
Load Balancer
Front end protocol e.g. SSL
Pool Pool Members (e.g. Instances)
Back end protocol e.g. HTTP
HealthMonitor
ping/TCP/http/https
Tenant
VIP
App
App
App
© 2012 Cisco and/or its affiliates. All rights reserved. 25
LBaaS Service Insertion (available in Grizzly)
VM1
gateway
Router
Physical Router/L3 switch provides gateway services to the virtual network layer (Provider Managed)
gateway
Router
vRouterCoke
vRouterPepsi
Web Tier 10.1.1.0/24
External Network [L3 uplink]
App Tier10.1.2.0/24
Tenant2 net1
10.1.2.0/24
Tenant3 Tier1
10.1.4.0/24
Tenant3 net10.1.5.0/24
Tenant2
VM10.1.2.
1
Tenant3
VM10.1.4.
5
Tenant3
VM10.1.5.
5
vRouterAcme
Network Nodes
LB
LB
VM2 VM3 VM1 VM2 VM3
web pool App pool
Internet
Compute Nodes
© 2012 Cisco and/or its affiliates. All rights reserved. 26
Architecting a service for the cloud
These three features are mandatory!• Design to handle failures• Loosely couple your
components• Implement elasticity
© 2012 Cisco and/or its affiliates. All rights reserved. 27
Closing thoughts•Quantum is evolving• Production deployment and operations is hard
• Plugins must be architected for the cloud
• Be aware of L3 scalability and reliability issues in Folsom
•Start slowly and do your research• Environments and requirements differe.g. Start off with the basic networking model shown in this deck
•Document your work
•Contribute to the community
© 2012 Cisco and/or its affiliates. All rights reserved. 28
Thank You