Post on 12-May-2015
description
transcript
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Kyle Mestery
Technical Leader, Office of the Cloud CTO
OpenStack Quantum
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 2
Before we start …
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Real Quantum Hackers Code In The Snow
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
OpenStack + Quantum: beginnings of a virtual data center• Advantages of cloud computing
On-demand virtualized resources, self-service, lower cost
Resources managed by others
• Ability to create your own isolated private networks
• Extensible
• Challenge!!Easy-to-use
Minus the complexity of the traditional data center
Should work with different networking infrastructure
QuantumNetwork Service
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
OpenStack Design Summit April 2011
• Compute service (EC2): virtual machines• Specify vCPU, Memory, Disk
• Launch instance (image, mem_size, disk)
• Suspend, clone, migrate
• Storage service (S3, EBS): virtual disks• Specify storage amount, access rights
• Store object
• Create/attach block
• What to do about networks?Simplistic implementation
Embedded in the compute component
App Svr
OS
VM
??
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
2011 Design Summit - community-driven merger of proposals
NetworkServicePOCNTT/Midokura
NetworkContainersCisco
NetworkServiceCitrix/Rackspace/Nicira
NaaS Core DesignIntel
… more
Quantum
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Quantum Network ServiceResource abstractions and service interfaces
• Compute service (EC2): virtual machines• Launch instance (image, mem_size, disk)
• Suspend, clone, migrate
• Storage service (S3, EBS): virtual disks• Store object
• Create/attach block
• Network service (Quantum): virtual networks• Create/delete private network
• Attach VM to network resource
• Create subnets and routers
• Work with different networking environments
App Svr
OS
VM
App Svr
OS
VM
App Svr
OS
VM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Quantum Virtual Network Service: A first class citizen in cloud computing
Cloud Platform - Developer API
Compute(Nova)
Servers
Storage(Swift)
Disks
Network(Quantum)
Networks
Identity(Keystone)
Portal(Horizon)
Images(Glance)
Applications OtherServices
Folsom Release
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Quantum Abstractions Virtual Networks:
A basic dedicated L2 network segment
Common realization is a VLAN
Virtual Ports:
Attachment point for devices connecting to virtual networks.
Ports expose configuration and monitoring state via extensions (e.g., ACLs, QoS policies, Packet Statistics)
Subnets:
An IPAM construct to store CIDR
Also allows to set the Gateway IP and host routes
Virtual Routers
Per tenant routers
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Quantum Plugins & Extensions Plugin:
Realization of the Quantum abstractions
Supports different back-end technologies and vendors
One plugin per Quantum deployment (there could be sub-plugins managed by the main plugin)
Examples: Linux Bridge Plugin, OVS Plugin, Cisco (Nexus)
Extensions:
API Extensibility for new or back-end specific features
Example: Port-profiles, quality-of-service, etc.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Quantum Plug-in Architecture
Quantum Service API
Quantum API & Extensions Framework
Quantum Plug-in Framework
API Extensions
Cisco Network Plugin
Cisco Device Managers
Cisco Compute & Networking Infra• Switching portfolio (Nexus 1k/3k/5k/7k)
• Unified Computing System• Routing portfolio (e.g. ASR, CRS)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Plugins and Drivers in the Cisco Plugin Plugin:
A plugin registers to handle all Quantum API calls (e.g., all network/port calls)
Plugins may make decisions that are technology, but not device-specific (e.g., mapping quantum network ‘HR’ to VLAN 100)
There needs to be a master entity making/resolving decisions in a deployment, that entity is the plugin
Drivers:
The plugin may use drivers to communicate the results of this decision to different devices (e.g., it may configure the VLAN on a port on a virtual switch port, and also tell the upstream physical switch to trunk that VLAN)
Configurable components which can be shared/reused
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Extending Quantum to support L3 Constructs Routing within the
tenant (support multi-tier topologies)
Overlapping IP addresses
Support gateways – Internet, VPN
Support other L3 services – LB, Firewall, Caching, etc.
Hybrid Cloud (Public + Private)
Further evolve Quantum to be a multi-tenant network service for creating virtual data centers (application specific topologies + network services)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Why is Quantum important to OpenStack?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Current Infrastructure-as-a-Service has Challenges
ComputeService
(VMs, Memory, Local Disk)
StorageServices
(Block, Massive Key-value
store)
User and System Admin
Basic Network Connectivity
Developer API
Servers Disks Accounts
• Only provides basic Network Connectivity. • Difficult to create N-tier apps.
• Limited ability for applications to take advantage of network services.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Network Services Enable Developer Solutions
User and System Admin
Network Connectivity
Developer API
ComputeService
(VMs, Memory, Local Disk)
Servers
StorageServices
(Block, Massive Key-value store)
Disks
NetworkServices
(Subnets, Network Svcs, Security)
VirtualNetworks
Network APIs
Create-network(“L2”) Attach-vm-to-network(vnet-a) Attach-service-to-network(vnet-b)
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 17
So what does this all look like?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Quantum L2 Agent
Nova Compute
Control Node
Quantum L2 Agent
Nova Compute
Control Node
Typical Grizzly OpenStack Quantum Deployment w/ OVSQuantum Server
and Plugin
Nova
…
Quantum L2 Agent
Nova Compute
Control Node Compute Node
Quantum L2 Agent
Quantum L3 Agent
Quantum DHCP Agent
Network Node
External Network
Management Network
Data Network
br-ex
ethX
ethX
ethX
Quantum L2 Agent
Quantum L3 Agent
Quantum DHCP Agent
Network Node
Quantum L2 Agent
Quantum L3 Agent
Quantum DHCP Agent
Network Node
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 19
Host Network
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Host Networking: OVS
eth0
Tenant B Network
Management Network
Data Network
eth1 eth2
bond0
VM1 VM1 VM1
br-int
Tenant A Networkbr-tun
Linux Bridge Linux Bridge Linux Bridge Security Groups rules applied here
VLANs used for isolation amongst tenants here
GRE Keys used to isolate tenant traffic in the tunnel