Optimising nfv service chains on open stack using docker

Optimizing NFV Service Chains on OpenStack using DockerMeenakshi Sundaram Lakshmanan, Rahul Krishna Upadhyaya, CB Ananth Padmanabhan, Satya Routray.

28 Apr 2016

2© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Docker – What is it ?

Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server. This guarantees that it will always run the same, regardless of the environment it is running in.


Docker Instance vs Virtual Machine


• Better utilization of resources, hence higher density of workloads.

• Hyper-call overhead is reduced since there is no hypervisor layer. With SR-IOV/DPDK near metal perf

• Faster provisioning and easier Devops, easy to replicate, share.

Advantages

Challenges• Docker had issues with mutli-host networking. Solved using overlay since Docker

Version 1.9.

• Docker has security related challenges. VM generally termed as more secure given the isolation.

• Performance of network functions. Many of which have been addressed with DPDK/SR-IOV with some trade-offs

Docker Instance vs Virtual Machine


• They are network appliances other than switches and routers.• Deployed for increasing security and performance• Very effective solution for ServiceAssurance, Traffic Analysis, Traffic filtering

etc.,

Drawbacks

• Hardware middle boxes are difficult to manage• Difficult to scale on demand• Virtual middle boxes (NFV) need an orchestrator to provision them• In a public cloud environment, placement of virtual components may not be

always under control

Middle Boxes


SDN (Software Defined Networking) : It is an approach to computer networking that allows network administrators to manage network services through abstraction of higher-level functionality.

NFV (Network Function Virtualization) :It is a network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create communication services.

SFC (Service Function Chaining) : It consists of a set of network functions, such as firewalls or application delivery controllers (ADCs) that are interconnected through the network to support an application.

SDN, NFV and SFC


• SDN and NFV solve independent problems, and are even more effective when they work together.

• They simplify the service chaining process by reducing the number of devices a data packet needs to travel through

• Answers the questions of ‘who controls what’ from ‘what runs where’

• Allows a Service Provider to create service chains for each type of traffic and provide multitenancy through the cloud infrastructure

SDN or NFV?


Open Networking FoundationAs SDN and NFV gained popularity, there was a need to create a standard way for SDN to control Network functions. Hence ONF was formed

OpenFlowWidely considered the first SDN standard. Defines a model for how traffic is organized into different flows and how it can be controlled centrally.

OpenDayLightAn Opensource SDN project hosted by the Linux Foundation, which supports many protocols including the OpenFlow protocol. Offers a complete functional SDN platform without the need for any other component.

OPNFVLinux Foundation introduced another platform, Open Platform for NFV, an integrated platform that brings together Enterprises, Service Providers, Cloud & Infrastructure vendors and customers to accelerate innovation & deployment of NFV

SDN & NFV today


• Firewalls

• Packet Filters

• Virtual Routers – quagga, openwrt

• Load Balancers

• WAN Optimizers

• Intrusion Detection

• Virtual CPE

Network Functions


NFV in Container and Docker World

• Consistent and quick way of deploying and re-deploying NFVs

• Very easy to scale on demand

• Low latency

• No Hypervisor overload

• Presence of established tools to deploy and manage containers

• There is lot of work underway in bringing NFV and Containers together


• Service chaining the network traffic locally.

• Having faster, re-useable, dynamic NF deployments with low overhead of NFs to the infrastructure.

• Avoiding the loss in performance of the network functions due to virtualization overhead.

What are we trying to achieve


Solution Design – Deployment

k

Host1

Host2

Host3OpenStack Controller

Nova

Neutron

Glance

Cinder

…

Service Controller

Can make admin calls to OS services

Dockerd

Dockerd

Dockerd

Docker Registry

KVM

KVM

KVM

VM VM

VMVM

VMVM

VMVM

VMVM

VMVM

AGENT

AGENT

AGENT

SFC

SFC

SFC

SFC

SFC

SFC

Tenant1

Tenant2

Tenant3


Design – Per Node

Docker Daemon

OVS

Agent

Each Host in OS Cloud

VM

VM

VM

DockerNetworkFunction Docker

NetworkFunction

DockerNetworkFunction

Service Function Chain

KVM

Exteranal Communication via Host NIC

Configures

Man

age

s

Controller

Connection to SDN Controller (Ex. ODL)


How it Flows

Docker Daemon

OVS

Agent

Each Host in OS Cloud

VM

VM

VM

VirtualFirewallDocker

InstancevRouterDocker

Instance

Service Function Chain

KVM

Exteranal Communication via Host NIC

Configures

Man

age

s

Controller

21

3

4

4


How it Service Chains – Routing between VNFs

Switch Match Action

local input port: 1, src ip: VM1 output port: 2



OpenVswitch (local)

VM1

1

2 3

4

FirewallVRouter

Flow Table

External Nic

Depending upon what the VNF needs to do, different kind of routing models could be used.


Advantages of the DesignHigh Density – Better utilization of resources.

Performance – Near metal performance of network functions by using SR-IOV/DPDK. No hyper-call overhead due to usage of containers as Network Functions.

Low Latency – Service chaining completed locally. The packets don’t have to move through lengths of the cloud to get processed.

Docker native advantages – Taking advantage of native docker advantages like quicker build/ship model carried forward.

Public cloud model– Will work well with clouds deployments where you have no control over placement of infrastructure components.


Implementation - Areas of Work

Running Docker and KVM on the same host machine - Changes on the compute-scheduler - Changes on the OVS agent side (Cleanup)

Configuring the OVS - Creating service chains using OVS-OpenFlow Rule Modification - Performance, HA and load-balancing. - Choose the best kind of routing of packets based on type of NFV

Docker Daemon Interactions - Creating network function containers on demand. - Tenant based visibility/segregation of the docker containers. - Storing of Stateful docker images for VNFs Implementation of the Controller & Agent.


Q&A

OpenStack SummitAustin, Texas 2016

Optimising nfv service chains on open stack using docker

Technology

Transcript of Optimising nfv service chains on open stack using docker