Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Networks

October 30, 2014

Presentation for

Agenda

• Company overview• Market focus• Products• High-performance OpenStack® Networking• DVN demo• Bonus session!• High-performance Wide Area Networking• DVNi demo• Q&A

Property of CPLANE NETWORKS 210/30/2014

Who We are


Software only Network Orchestration• Dynamic Virtual Networks• Policy and structure network

orchestration• Physical network integration

and optimization• Converged Virtual LAN and WAN• Orchestrate NFV Services

OpenStack Networking• Production ready Neutron Plugin

SDN Customization and Integration• Sophisticated SDN platform

allows custom solution - both inside and outside the data center

POWERFULSDN

PLATFORM

DYNAMICVIRTUAL

NETWORKING PRODUCTS

SDNCUSTOMIZATION& INTEGRATION

HIGH PERFORMANCE

OpenStack®NETWORKING

CPLANE’s Advantage: Service Orchestration Engine


Service Orchestration Engine

Northbound Services (RESTful)

Southbound Services (NetConf, CLI, SNMP, API, etc.)

Service OrchestrationPath and FlowComputationPolicy ManagementTopology and State

Cloud Operating Systems

Network Applications

Virtual NetworkServices

Physical Network Services

CPLANE NETWORKS

• Built from the ground up for network services orchestration

• Function-independent scaling• Full HA

Fully Automated End-to-End Networking

End-to-End NetworksScalable OpenStack network virtualization in the data center

Seamless, interconnected networks between data centers (WAN)

NFV Orchestration

Service Convergence& Integration

Data Center OVS/VXLAN Networks MPLS/WAN Service Orchestration Data Center OVS/VXLAN Networks

WAN (DVNi) DATA CENTER (DVN) DATA CENTER (DVN)

EDGE-

(DVNe)

EDGE-

(DVNe)

DynamicWide Area Networks

CloudNetworkingPlatform



10/30/2014 Property of CPLANE NETWORKS 5

Our Products

6

•Dynamic Virtual Network (DVN)

• Operational efficiency, reliability and secure multi-tenancy of OpenStack® networking

• Scale OpenStack network performance through elimination of OpenStack bottlenecks

• Close the gap between NetOps and DevOps through common Application-aware network

•MPLS/WAN Network Provisioning and Orchestration (DVNi)

• Creates Multi-datacenter Wide Area Networks (WAN)

• Provides L2/L3 VPN with dynamic Class of Service/Quality of Service

• Provides optimal network utilization through patented bandwidth management

•Network Function Virtualization Orchestration and Integration (DNVe)

• Custom integration with 3rd party hardware and software

• Multi-function gateways, load-balancers, and security

Property of CPLANE NETWORKS10/30/2014


DynamicVirtualNetworks

Design goals and philosophy

• Be networking technology agnostic, but implementation specific – “Technology Evolves, But Customers Migrate Slowly”

– Hardware technologies (LAN/WAN)– Protocols (VXLAN, GRE, MPLS, BGP)– Open Virtual Switch / Others?

• Scalability in mind– Millions of vms, 10’s thousands of servers– Intra and Inter Data Center

• Make OpenStack Better!– Network node backhaul problem– Better isolation between Nova and

Neutron– Nova scheduler should include other

resources• Manageability, deployment and resiliency

– Must be automatic / maintenance free

• OpenFlowTM is interesting/innovative – still immature

– Connection management – Reactive model – not enough

• Prefer aggregate service event push over reactive – Higher level service knowledge– Steady-state should be fast– Structural changes can take time

• We can enhance/optimize OVS! – Data Plane– Control Plane– Management Plane

• Basis for Virtual Networks as a platform for future– Integrate with the hardware layer– Solve other domain problems

• Application• Security

Property of CPLANE NETWORKS 8

Deliver Multi-tenancy Network Orchestration

10/30/2014

Move to Workloads and DevOps Model• Deploy/Remove apps in minutes• Centralized knowledge of app topology• Policy driven to adhere to Corp Governance• Organization silos provide oversight

Tenant Based Cloud Networking


Server1 Server1 Server1192.168.0.2 192.168.0.2 192.168.0.2

Server1 Server1 Server1

192.168.2.2 192.168.2.2 192.168.2.2

Router

InternetOr Other DC

Rout

ing

VM VM VM

VM VM

SpineRouter

LEAF

SpineRouter

SpineRouter

LEAF LEAF LEAF LEAF LEAFRout

ing

VM VM VM

Server1192.168.0.2

VM VM VM

App1L2 & L3

App2 L2

VM VM

VM VM VM

VM VM

App3L2 & L3+ Physical

VM VM

f(n)

Security Perimeter

Security Perimeter

Security Perimeter

Physical Resource Functions (Workloads)Application workloads

Attributes:• Application workloads• Optimized for east-west traffic• Dynamic VM Topologies• 10ks of VMs, 1000s of VM groups• Minutes to deploy applications• NetOps moves to oversight role

(BM/QoS Managment)

f(n)

Note: Traditional DC Network design ToR/Agg/R-Corecan still be used for small / medium scale deployments

OGR™

Inter-Data CenterTenant Based Cloud Networking


Server1 Server1 Server1192.168.0.2 192.168.0.2 192.168.0.2

Server1 Server1 Server1

192.168.2.2 192.168.2.2 192.168.2.2

RouterRo

utin

g

VM VM VM

VM VM

SpineRouter

LEAF

SpineRouter

SpineRouter

LEAF LEAF LEAF LEAF LEAFRout

ing

VM VM VM

Server1192.168.0.2

VM VM VM

App1L2 & L3

App2 L2

VM VM

VM VM VM

VM VM

App3L2 & L3+ Physical

VM VM

f(n)

Security Perimeter

Security Perimeter

Physical Resource Functions (Workloads)Application workloads

OGR™ Overlay Router Extends Tenant Network to Edge Router

f(n)

Note: Traditional DC Network design ToR/Agg/R-Corecan still be used for small / medium scale deployments

OGR™

OGR

BGP

Virtual Extensible Local Area Network (VXLAN)

• IETF VXLAN– Uses multi-cast – High overhead – Low scalability– Switching only (L2)

• CPLANE Controller-Based VXLAN– Common encapsulation– Low overhead– High scalability– Routing (L3) and Switching– Local ARP Resolution

• Ethernet in IP overlay network – Entire L2 frame encapsulated in

UDP– 50 bytes of overhead

• Include 24 bit VXLAN Identifier– 16 M logical networks

• VXLAN is routable • Tunnel between hosts

– VMs do NOT see VXLAN ID

Outer MACDA

Outer MAC

SA

Outer 802.1Q

Outer IP DA

Outer IP SA

Outer UDP

VXLAN ID (24 bits)

Inner MAC DA

InnerMAC

SA

Optional Inner

802.1Q

Original Ethernet Payload

CRC

VXLAN Encapsulation Original Ethernet Frame


Inter-Data Center using MPLSTenant Based Cloud Networking


MPLS Core Router

MPLS Core Router

MPLS Core Router

SF Data Center

NY Data Center

Tokyo Data Center

MPLS – Full Mesh LSPsTraffic Engineer CoreBackup path failover

• Easy migration from Carrier Service• Greater flexibility, reduce cost • Integrate with OpenStack Model

Bandwidth guarantees,Resiliency and

Fast Reroute

Inter-Data Center Using MPLSTenant Based Cloud Networking


MPLS Core Router

MPLS Core Router

MPLS Core Router

SF Data Center

NY Data Center

Tokyo Data Center

• Per-tenant connectivity via OGR-MPLS• Aggregate or per tenant L3VPN/L2VPN• Supports CoS/QoS over WAN

• Per tenant L2 or L3 VPN• Multiple CoS per VPN• Edge Policy QoS• Application Packet Marking

T1T2

MPLS Edge Router

MPLS Edge Router

MPLS Edge Router

OpenStack Virtual Networking


OpenStack™ VXLAN Virtual Overlay Networking– Havana/Icehouse via Neutron plugin

Features:• Autonomous Compute Node Architecture

– Eliminate need for separate Network Node™

– Local ARP resolution proxy– Direct virtual routing and switching– Local Floating IP– Local NAT– Local DHCP

• Near line rate using optimized OVS• Tenant Isolation via efficient VXLAN • Supports 1000s of compute nodes • OGR™ Gateway to physical networks and

MPLS WAN• Hardware Assist GW/LBAAS• Integration with CPLANE’s MPLS WAN

Product

CPLANE VXLANRouting and Autonomous Compute Nodes


• DVN eliminates the need for the physical OpenStack Network Node to perform– Tenant Routing– Metadata Proxy– DHCP services– Floating IP– NAT

• VM to VM routed traffic is sent directly to each destination node• OGR™ routes VM traffic to physical networks and MPLS WAN

OpenStack IcehouseDependent on Network Node

CPLANE Autonomous Compute Nodes

MPLS WAN &Physical Workloads

Event Driven, Deterministic Policy Orchestration


OpenStack®Controller

NeutronReSTAPI

Compute Node

CP Agent OVS

VM VM VMCompute Node

CP Agent OVS

VM VM VMCompute Node

CP Agent OVS

VM VM VNF

OpenStackUser Events

• Create VM(s)• Connect VMs to Network• Route VMs together

CPLANE SDN/DVN Controller

• Turns Neutron Events into Flows Models

• Calculates which OVS will be affected by which Flow Model based on the VM topology

• Sends Flow Models to the appropriate OVS via CP-Agent

Flow Models: A sequence of OVS flow table entries designed to perform a specific routing or switching function

OGR NodeCP Agent OVS

FLOWS MODELS• Base Flows• Base Subnet Flows• Base L2 Flows• L2 Local Flows• L2 Remote Flows• L3 Remote Flows• FloatingIP Flows• NAT Flows• OGR Compute Flows

SwitchMF-Dev

T1 ORCHESTRATION• PNF and NFV• QoS Policies• LB Policies• ACL/ Firewall

Controller

CPLANE OVS Component Architecture


NIC Card

• CPLANE AGENT– Handles all management needed for on

compute node (OVS)– Registration/recovery– Caching, health, logging– OS Functions

• CLI management still exist but NOT needed for managing compute node– ovs-vsctl– ovs-dptl– ovs-ofctl – still maybe used for deep

debugging– ovs-appctl – still maybe used for deep

debugging

CPLANE AGENT

Communication with DVN Controller

Manageability Single Pane of Glass


Graphical Topology Element (EMS) View – Bridges / ARP Tables

Service Assurance – Connectivity Validation Service Detail – Drill Down

Version 1.2

• Fully Autonomous Compute node

– Localized DHCP per Network

• Enhanced UI display

– New per-node network ARP table view

• Keystone Integration – Authentication/Authorization

– Controller users authenticate with keystone

– Role based authorization limits views to network services



Dynamic Virtual NetworksInterconnect

Dynamic Virtual Networks Interconnect (DVNi)Transit Layer (MPLS-TE)

Build End-to-Edge or Full Mesh LSPs– Graphically draw, generate, pre-validate and

apply configurations

Automatic topology discovery– Computed from existing LSP configuration

Multi-vendor LER/LSR router support– Juniper, Cisco and others

Automatic computation of backup Paths– No single point of failure in network

LSP Computation using with CSPF

– Bandwidth awareFull support for path coloring constraints. i.e.:

– Resource class affinities

Transactional control provisioning – With full roll-back capability


Dynamic Virtual Networks Interconnect (DVNi)VPN Service Layer


Northbound Services (RESTful)

Southbound Services (NetConf, CLI, SNMP, API, etc.)

Service Orchestration

Path and FlowComputation

Policy ManagementTopology and State

Cloud Operating Systems

Network Applications

• Automated L3 (2547) and L2 (PW, VPLS) Multi-site VPN

• Provides CoS and protects service SLAs with built-in admission control

• Reviews, stores and audits all network element changes along with current service state and VPN topology

• Automation and control of network resources such as bandwidth, VRFs, queues and access control lists

• Supports Hub-and-spoke and full-mesh VPN topologies

• Easily integrates with OpenStack for complete end-to-end provisioning

MPLS Multi-site Data Center Interconnectivity

Demo Environment

• Management Network – SNMP discovery – Management Plane (cli)


• Physical Equipment – Cisco (PE, P)– Juniper (PE)

• Configuration– OSPF IGP (also support ISIS) – MPLS RSVP-TE protocol on all NN links– MP-BGP on all PE Routers– L2/3 VPN Services on PE Access Points

Cisco 7204core1

lo0 10.255.255.1

Cisco 7204core3

lo0 10.255.255.3

Cisco 7204edge1

lo0 10.255.255.11

Cisco 7204core2

lo0 10.255.255.2

Juniper M5edge3

lo0 10.255.255.13

Cisco 7204edge4

lo0 10.255.255.14 fa1/0 10.10.1.1/29

fa3/0 10.10.1.2/29

fa3/010.10.1.17/29

fa3/0 10.10.1.18/29

fa4/0 10.10.1.25/29

fa1/0 10.10.1.26/29

fa2/0 10.5.1.1/29

fa1/0 10.5.1.2/29

fa2/0 10.5.1.9/29

Fa0/0/0 10.5.1.10/29

fa1/0 10.5.1.25/29

fa4/0 10.5.1.26/29

fa2/010.7.1.1/29

fa3/010.7.1.9/29

fa2/0 10.7.1.25/29

fa3/0 10.7.1.33/29

Fa0/0/2 10.7.1.57/29

Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Networks

Technology

Transcript of Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Networks