Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Networks
-
Upload
nvirters -
Category
Technology
-
view
477 -
download
0
description
Transcript of Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Networks
October 30, 2014
Presentation for
Agenda
• Company overview• Market focus• Products• High-performance OpenStack® Networking• DVN demo• Bonus session!• High-performance Wide Area Networking• DVNi demo• Q&A
Property of CPLANE NETWORKS 210/30/2014
Who We are
Property of CPLANE NETWORKS 310/30/2014
Software only Network Orchestration• Dynamic Virtual Networks• Policy and structure network
orchestration• Physical network integration
and optimization• Converged Virtual LAN and WAN• Orchestrate NFV Services
OpenStack Networking• Production ready Neutron Plugin
SDN Customization and Integration• Sophisticated SDN platform
allows custom solution - both inside and outside the data center
POWERFULSDN
PLATFORM
DYNAMICVIRTUAL
NETWORKING PRODUCTS
SDNCUSTOMIZATION& INTEGRATION
HIGH PERFORMANCE
OpenStack®NETWORKING
CPLANE’s Advantage: Service Orchestration Engine
Property of CPLANE NETWORKS 410/30/2014
Service Orchestration Engine
Northbound Services (RESTful)
Southbound Services (NetConf, CLI, SNMP, API, etc.)
Service OrchestrationPath and FlowComputationPolicy ManagementTopology and State
Cloud Operating Systems
Network Applications
Virtual NetworkServices
Physical Network Services
CPLANE NETWORKS
• Built from the ground up for network services orchestration
• Function-independent scaling• Full HA
Fully Automated End-to-End Networking
End-to-End NetworksScalable OpenStack network virtualization in the data center
Seamless, interconnected networks between data centers (WAN)
NFV Orchestration
Service Convergence& Integration
Data Center OVS/VXLAN Networks MPLS/WAN Service Orchestration Data Center OVS/VXLAN Networks
WAN (DVNi) DATA CENTER (DVN) DATA CENTER (DVN)
EDGE-
(DVNe)
EDGE-
(DVNe)
DynamicWide Area Networks
CloudNetworkingPlatform
CloudNetworkingPlatform
CloudNetworkingPlatform
10/30/2014 Property of CPLANE NETWORKS 5
Our Products
6
•Dynamic Virtual Network (DVN)
• Operational efficiency, reliability and secure multi-tenancy of OpenStack® networking
• Scale OpenStack network performance through elimination of OpenStack bottlenecks
• Close the gap between NetOps and DevOps through common Application-aware network
•MPLS/WAN Network Provisioning and Orchestration (DVNi)
• Creates Multi-datacenter Wide Area Networks (WAN)
• Provides L2/L3 VPN with dynamic Class of Service/Quality of Service
• Provides optimal network utilization through patented bandwidth management
•Network Function Virtualization Orchestration and Integration (DNVe)
• Custom integration with 3rd party hardware and software
• Multi-function gateways, load-balancers, and security
Property of CPLANE NETWORKS10/30/2014
10/30/2014 Property of CPLANE NETWORKS 7
DynamicVirtualNetworks
Design goals and philosophy
• Be networking technology agnostic, but implementation specific – “Technology Evolves, But Customers Migrate Slowly”
– Hardware technologies (LAN/WAN)– Protocols (VXLAN, GRE, MPLS, BGP)– Open Virtual Switch / Others?
• Scalability in mind– Millions of vms, 10’s thousands of servers– Intra and Inter Data Center
• Make OpenStack Better!– Network node backhaul problem– Better isolation between Nova and
Neutron– Nova scheduler should include other
resources• Manageability, deployment and resiliency
– Must be automatic / maintenance free
• OpenFlowTM is interesting/innovative – still immature
– Connection management – Reactive model – not enough
• Prefer aggregate service event push over reactive – Higher level service knowledge– Steady-state should be fast– Structural changes can take time
• We can enhance/optimize OVS! – Data Plane– Control Plane– Management Plane
• Basis for Virtual Networks as a platform for future– Integrate with the hardware layer– Solve other domain problems
• Application• Security
Property of CPLANE NETWORKS 8
Deliver Multi-tenancy Network Orchestration
10/30/2014
Move to Workloads and DevOps Model• Deploy/Remove apps in minutes• Centralized knowledge of app topology• Policy driven to adhere to Corp Governance• Organization silos provide oversight
Tenant Based Cloud Networking
Property of CPLANE NETWORKS 910/30/2014
Server1 Server1 Server1192.168.0.2 192.168.0.2 192.168.0.2
Server1 Server1 Server1
192.168.2.2 192.168.2.2 192.168.2.2
Router
InternetOr Other DC
Rout
ing
VM VM VM
VM VM
SpineRouter
LEAF
SpineRouter
SpineRouter
LEAF LEAF LEAF LEAF LEAFRout
ing
VM VM VM
Server1192.168.0.2
VM VM VM
App1L2 & L3
App2 L2
VM VM
VM VM VM
VM VM
App3L2 & L3+ Physical
VM VM
f(n)
Security Perimeter
Security Perimeter
Security Perimeter
Physical Resource Functions (Workloads)Application workloads
Attributes:• Application workloads• Optimized for east-west traffic• Dynamic VM Topologies• 10ks of VMs, 1000s of VM groups• Minutes to deploy applications• NetOps moves to oversight role
(BM/QoS Managment)
f(n)
Note: Traditional DC Network design ToR/Agg/R-Corecan still be used for small / medium scale deployments
OGR™
Inter-Data CenterTenant Based Cloud Networking
Property of CPLANE NETWORKS 1010/30/2014
Server1 Server1 Server1192.168.0.2 192.168.0.2 192.168.0.2
Server1 Server1 Server1
192.168.2.2 192.168.2.2 192.168.2.2
RouterRo
utin
g
VM VM VM
VM VM
SpineRouter
LEAF
SpineRouter
SpineRouter
LEAF LEAF LEAF LEAF LEAFRout
ing
VM VM VM
Server1192.168.0.2
VM VM VM
App1L2 & L3
App2 L2
VM VM
VM VM VM
VM VM
App3L2 & L3+ Physical
VM VM
f(n)
Security Perimeter
Security Perimeter
Physical Resource Functions (Workloads)Application workloads
OGR™ Overlay Router Extends Tenant Network to Edge Router
f(n)
Note: Traditional DC Network design ToR/Agg/R-Corecan still be used for small / medium scale deployments
OGR™
OGR
BGP
Virtual Extensible Local Area Network (VXLAN)
• IETF VXLAN– Uses multi-cast – High overhead – Low scalability– Switching only (L2)
• CPLANE Controller-Based VXLAN– Common encapsulation– Low overhead– High scalability– Routing (L3) and Switching– Local ARP Resolution
• Ethernet in IP overlay network – Entire L2 frame encapsulated in
UDP– 50 bytes of overhead
• Include 24 bit VXLAN Identifier– 16 M logical networks
• VXLAN is routable • Tunnel between hosts
– VMs do NOT see VXLAN ID
Outer MACDA
Outer MAC
SA
Outer 802.1Q
Outer IP DA
Outer IP SA
Outer UDP
VXLAN ID (24 bits)
Inner MAC DA
InnerMAC
SA
Optional Inner
802.1Q
Original Ethernet Payload
CRC
VXLAN Encapsulation Original Ethernet Frame
10/30/2014 Property of CPLANE NETWORKS 11
Inter-Data Center using MPLSTenant Based Cloud Networking
Property of CPLANE NETWORKS 1210/30/2014
MPLS Core Router
MPLS Core Router
MPLS Core Router
SF Data Center
NY Data Center
Tokyo Data Center
MPLS – Full Mesh LSPsTraffic Engineer CoreBackup path failover
• Easy migration from Carrier Service• Greater flexibility, reduce cost • Integrate with OpenStack Model
Bandwidth guarantees,Resiliency and
Fast Reroute
Inter-Data Center Using MPLSTenant Based Cloud Networking
Property of CPLANE NETWORKS 1310/30/2014
MPLS Core Router
MPLS Core Router
MPLS Core Router
SF Data Center
NY Data Center
Tokyo Data Center
• Per-tenant connectivity via OGR-MPLS• Aggregate or per tenant L3VPN/L2VPN• Supports CoS/QoS over WAN
• Per tenant L2 or L3 VPN• Multiple CoS per VPN• Edge Policy QoS• Application Packet Marking
T1T2
MPLS Edge Router
MPLS Edge Router
MPLS Edge Router
OpenStack Virtual Networking
Property of CPLANE NETWORKS 1410/30/2014
OpenStack™ VXLAN Virtual Overlay Networking– Havana/Icehouse via Neutron plugin
Features:• Autonomous Compute Node Architecture
– Eliminate need for separate Network Node™
– Local ARP resolution proxy– Direct virtual routing and switching– Local Floating IP– Local NAT– Local DHCP
• Near line rate using optimized OVS• Tenant Isolation via efficient VXLAN • Supports 1000s of compute nodes • OGR™ Gateway to physical networks and
MPLS WAN• Hardware Assist GW/LBAAS• Integration with CPLANE’s MPLS WAN
Product
CPLANE VXLANRouting and Autonomous Compute Nodes
Property of CPLANE NETWORKS 1510/30/2014
• DVN eliminates the need for the physical OpenStack Network Node to perform– Tenant Routing– Metadata Proxy– DHCP services– Floating IP– NAT
• VM to VM routed traffic is sent directly to each destination node• OGR™ routes VM traffic to physical networks and MPLS WAN
OpenStack IcehouseDependent on Network Node
CPLANE Autonomous Compute Nodes
MPLS WAN &Physical Workloads
Event Driven, Deterministic Policy Orchestration
Property of CPLANE NETWORKS 1610/30/2014
OpenStack®Controller
NeutronReSTAPI
Compute Node
CP Agent OVS
VM VM VMCompute Node
CP Agent OVS
VM VM VMCompute Node
CP Agent OVS
VM VM VNF
OpenStackUser Events
• Create VM(s)• Connect VMs to Network• Route VMs together
CPLANE SDN/DVN Controller
• Turns Neutron Events into Flows Models
• Calculates which OVS will be affected by which Flow Model based on the VM topology
• Sends Flow Models to the appropriate OVS via CP-Agent
Flow Models: A sequence of OVS flow table entries designed to perform a specific routing or switching function
OGR NodeCP Agent OVS
FLOWS MODELS• Base Flows• Base Subnet Flows• Base L2 Flows• L2 Local Flows• L2 Remote Flows• L3 Remote Flows• FloatingIP Flows• NAT Flows• OGR Compute Flows
SwitchMF-Dev
T1 ORCHESTRATION• PNF and NFV• QoS Policies• LB Policies• ACL/ Firewall
Controller
CPLANE OVS Component Architecture
Property of CPLANE NETWORKS 1710/30/2014
NIC Card
• CPLANE AGENT– Handles all management needed for on
compute node (OVS)– Registration/recovery– Caching, health, logging– OS Functions
• CLI management still exist but NOT needed for managing compute node– ovs-vsctl– ovs-dptl– ovs-ofctl – still maybe used for deep
debugging– ovs-appctl – still maybe used for deep
debugging
CPLANE AGENT
Communication with DVN Controller
Manageability Single Pane of Glass
Property of CPLANE NETWORKS 1810/30/2014
Graphical Topology Element (EMS) View – Bridges / ARP Tables
Service Assurance – Connectivity Validation Service Detail – Drill Down
Version 1.2
• Fully Autonomous Compute node
– Localized DHCP per Network
• Enhanced UI display
– New per-node network ARP table view
• Keystone Integration – Authentication/Authorization
– Controller users authenticate with keystone
– Role based authorization limits views to network services
Property of CPLANE NETWORKS 1910/30/2014
10/30/2014 Property of CPLANE NETWORKS 20
Dynamic Virtual NetworksInterconnect
Dynamic Virtual Networks Interconnect (DVNi)Transit Layer (MPLS-TE)
Build End-to-Edge or Full Mesh LSPs– Graphically draw, generate, pre-validate and
apply configurations
Automatic topology discovery– Computed from existing LSP configuration
Multi-vendor LER/LSR router support– Juniper, Cisco and others
Automatic computation of backup Paths– No single point of failure in network
LSP Computation using with CSPF
– Bandwidth awareFull support for path coloring constraints. i.e.:
– Resource class affinities
Transactional control provisioning – With full roll-back capability
Property of CPLANE NETWORKS 2110/30/2014
Dynamic Virtual Networks Interconnect (DVNi)VPN Service Layer
Property of CPLANE NETWORKS 2210/30/2014
Northbound Services (RESTful)
Southbound Services (NetConf, CLI, SNMP, API, etc.)
Service Orchestration
Path and FlowComputation
Policy ManagementTopology and State
Cloud Operating Systems
Network Applications
• Automated L3 (2547) and L2 (PW, VPLS) Multi-site VPN
• Provides CoS and protects service SLAs with built-in admission control
• Reviews, stores and audits all network element changes along with current service state and VPN topology
• Automation and control of network resources such as bandwidth, VRFs, queues and access control lists
• Supports Hub-and-spoke and full-mesh VPN topologies
• Easily integrates with OpenStack for complete end-to-end provisioning
MPLS Multi-site Data Center Interconnectivity
Demo Environment
• Management Network – SNMP discovery – Management Plane (cli)
Property of CPLANE NETWORKS 2310/30/2014
• Physical Equipment – Cisco (PE, P)– Juniper (PE)
• Configuration– OSPF IGP (also support ISIS) – MPLS RSVP-TE protocol on all NN links– MP-BGP on all PE Routers– L2/3 VPN Services on PE Access Points
Cisco 7204core1
lo0 10.255.255.1
Cisco 7204core3
lo0 10.255.255.3
Cisco 7204edge1
lo0 10.255.255.11
Cisco 7204core2
lo0 10.255.255.2
Juniper M5edge3
lo0 10.255.255.13
Cisco 7204edge4
lo0 10.255.255.14 fa1/0 10.10.1.1/29
fa3/0 10.10.1.2/29
fa3/010.10.1.17/29
fa3/0 10.10.1.18/29
fa4/0 10.10.1.25/29
fa1/0 10.10.1.26/29
fa2/0 10.5.1.1/29
fa1/0 10.5.1.2/29
fa2/0 10.5.1.9/29
Fa0/0/0 10.5.1.10/29
fa1/0 10.5.1.25/29
fa4/0 10.5.1.26/29
fa2/010.7.1.1/29
fa3/010.7.1.9/29
fa2/0 10.7.1.25/29
fa3/0 10.7.1.33/29
Fa0/0/2 10.7.1.57/29