Post on 26-Mar-2023
transcript
Mirantis Confidential
Agenda
● Company Overview and intro to Mirantis OpenStack (MOS)
● MOS 9 and future of MOS 10
● Why Juniper Contrail?
● MOS and Juniper Contrail integration
● Use cases● Fuel and Fuel Contrail plugin demo (time permitting)● Contrail plugin lifecycle management (time permitting)
Mirantis Confidential
Mirantis UnlocksOpenStack
Mirantis empowers Fortune 1000 enterprises to focus on faster delivery of software solutions
Mirantis is the pure play OpenStack company
Mirantis builds and manages private clouds without vendor lock-in and transfers ops to you on your own terms
What? Who? How?
Mirantis Confidential
Mirantis OpenStackOffering
● Leading OpenStack platform
● Plan, architect, implement cloud with focus on business outcomes
● Fully managed OpenStack with up to 99.99% SLA guarantee
● Clouds, tooling, and Ops Team 100% focused on OpenStack success
● Co-manage for a fixed period
● Train and certify customer ops team on your terms
● Transfer to customer support
Build Operate Transfer
Demonstrating business value through all phases of the journey
Mirantis Confidential
Build:WeAre theSourceoftheSourceCode
#1 by committers (327)
#1 by core contributors (87)
#1 by bugs resolved (3,770)
#1 by lines of code (1.37M)
#1 by reviews (52K)
#1 by commits (7,404)
#1 in though leading projects e.g. Heat, Murano, Fuel, Rally
#1Top Mitaka Contributor
Mirantis Confidential
Build:MOS 9.0
Easy to OperateOpenStack lifecycle via extensive SaltStack automation
Resilient-at-ScaleHardened, support, HA
Easy to Onboard ApplicationsMurano & Application integration
Continuous InnovationGet the latest innovation via our CI/ CD approach
Pure PlaySupport for multiple hypervisors (Ubuntu, RHEL), storage, SDNs, CMP, PaaS etc.
Mirantis Confidential
LifecycleManagement&Mirantis OpenStack9.x
Initial Deployment Excellent
Post deployment changes Very limited
Updates Bug fixes only
Upgrades Complex
Monitoring/ diagnosis Excellent via StackLight add-on
Mirantis Confidential
NewRequirements- DriveaBrandNewMirantisCloudPlatform(MCP)Architecture
Dynamically scalable infrastructure to meet changing workload and business demands
(Containerized Control Plane)
“Infrastructure as Code”Continuously Delivered -
no forklift upgrades (Continuous Delivery)
++
Integrate OpenStack and related open source
continuously (Continuous Integration)
has all three technologies and accelerates Mirantis toward MCP
Mirantis Confidential
MCPArchitecture
●AllOpenStackandrelatedservicesarecontainerized
●ContainersareregularlyupdatedbyMirantis
●ContainersorchestratedusingKubernetes(fromGoogle)
●NeutronOVSreplacedwithOpenContrail SDN
Mirantis Confidential
Build:Mirantis CloudPlatform(MCP)akaMOS10Operations-CentricFabricforBM,VMandContainers
Host Host Host Host Host Host Host Host
Kubernetes
Host Host Host
K8s master K8s minionsBMaaS pool
Ironic
OpenStack Control Plane
OpenStack Computes
K8s workloads
Mon
itorin
g an
d Lo
ggin
g
Bare Metal VMs Containers
Life
cycl
e M
anag
emen
t
Mirantis Confidential
BenefitsoftheMCPApproach
• Integrate,validate,deliverandscalecontinuously(notevery6months)
• Addnewservices,upgrade,rollback,changeconfigurationsafely
• OnesolutionforVM,baremetalandcontainer
Mirantis Confidential
WhatisNeutron?
Default OpenStack Network orchestration framework (OpenStack core project) that provides essential and supporting network services to OpenStack cloud
Core functionality• Network connectivity• SDN: user defined arbitrary topologies• Basic IPAM
• Supporting services such as DHCP, DNS, Perimeter FW, Security Groups • Consists of multiple plugins and drivers both commercial and open source• Unified northbound API.
Mirantis Confidential
OpenStack networking service comparison
OVS + Neutron Contrail (OpenContrail) Calico
Control plane protocol Neutron/ML2 MP-BGP, XMPP, Netconf, OVSDB Etcd + confd
Multi-hypervisor KVM, ESXi (DVS) KVM, ESXi, Docker, LXC KVM, Docker, Kubernetes
Hardware dependent? No Yes (Gateways) No
Open Source option? Yes Yes Yes
Underlay network VLANs or it is irrelevant Underlay is irrelevant Underlay is irrelevant except provide access outside of cloud
Overlay network VLAN, VXLAN, GRE VXLAN, MPLSoGRE, MPLSoUDP No overlay or IP in IP
GatewayL3 agentDVR as an option (From Libertyout of experimental)
MX, vMX,Cisco ASR/CSR, Software GW*
Underlay network, require BGP speaker
Gateway HA Active-Standby* Active-Active Any that Gateways support (VRRP, BGP ECMP …)
Compute node OVS vRouter BIRD, IPTables, Felix
Mirantis Confidential
OpenStack networking service comparisonOVS + Neutron Contrail (OpenContrail) Calico
DPDK supported supported not supported
SR-IOV supported supported not supported
Service chaining Service Function Chaining (Mitaka experimental) supported not supported
Monitoring/Metrics Ceilometer onlyAnalytics for collecting informationsand metrics. Extension for ceilometer.
None
Service scaling supported with Heat supported with per flow balance not supported
Tested scalability 400 nodes (is going to be 500 soon) 1000 nodes 1000 nodes
LimitationsRouting is centralized on network node. Possible bottleneck, DVR is addressing it.
65k VRFs (tenant networks) No Floating IP support (during deployment)
Federation N/A supported supported (BGP session between Route Reflectors)
Embedded features DHCP, Metadata, LBaaS (HA proxy)
IPAM, DHCP, vDNS, Metadata, LBaaS, FWaaS (Network polices) DHCP, Metadata
Mirantis Confidential
Contrailarchitecture
ContrailController
Compute
VM VM VM
vRouter
Compute
VM VM VM
vRouter
IPfabric(underlaynetwork)
BGPFederation
BGPClustering
REST
XMPP
SDNCONTROLLER
Control
Internet,WANVPNs,
CampusVLANs
XMPP BGP
ContrailGUI
AnalyticsConfig
ControlControl
DB AnalyticsDBConfig
KeyCriteria- WhyOpenContrail?
OpenStack surveyshowscontrailasmostwidelydeployedextensiontodefaultOpenStacknetworkingbasedonOpenvSwitch
Open source solution with possibility to buy commercial support from Juniper Networks
Licensing
Highavailability
Cloudgatewayrouting
Performance
DetailedKeyCriteria- WhyOpenContrail?
InterconnectionbetweenSDNandFabric
Containers
Nord-South can be routed on physical Edge Routers Juniper MX out-of-the-box interoperability with MPLS core
Native HA support is the most important criterion
pps, bandwidth, scalability, etc. (9.6 Gbps) dpdk support.
Dynamically connect legacy world through EVPN or ToR Switches
Use same platform for containers
Mirantis Confidential
FuelPlugins
●CertifiedforMOS● Largescaleready- testedinscalabilitylab●Multiplepluginsatthesametime
● Contrail● LDAP● Storage● ...
Mirantis Confidential
WhatistheContrailFuelPlugin?
The plugin provides possibility to deploy Mirantis OpenStack with Juniper Contrail SDN as the network backend
● Deploy Contrail Controllers in HA
● Adjust Mirantis OpenStack to work with Contrail
● Deploy additional components like:
● DPDK, SR-IOV support
● ToR Service Node,
● Heat Templates and Ceilometer Contrail extensions
● Deploy Contrail on Compute nodes
● Add/delete Contrail controllers and computes “on the fly”
● Upgrade Contrail* (soon)
Mirantis Confidential
MOSnetwork layout
PUBLIC: MOS API endpointsContrail UI
Admin (PXE): used for provisioning and deployment
MGMT: used for the communication between the OpenStack components
Private: contains tenant-specific virtual networks in overlay
Storage: used for the storage traffic
Mirantis Confidential
MOSandContrail current architecture
Contrailpluginarchitecture
MOSneutronwithContrailextensionsisused
Contrailpluginisloadedinneutron
Loadbalancer(HAproxy)installedontheMOScontrollers
With Contrail extensions
Mirantis Confidential
ContrailHAdonebythepluginExternalLoadBalancerforallContrailServices
● ContrailAPI
● ContrailanalyticsAPI
● Discoveryservice
● WebUI
● Neutronserver
Mirantis Confidential
Contrailpluginv5.0 - Control
Contrailcontrolspecificroles(plugin5.0)
ContrailAnalytics node
ContrailControlnode
Contrail-analytics-DBnode
Contrail-TorServiceNodewithToRagents
Eachrolecanbeinstalledonseparatenode
Mirantis Confidential
Contrailpluginv5.0 - Computes
Pluginv5.0
DPDK
Hugepages
SR-IOVsupport
vRouter CPUpinning
Mirantis Confidential
Pluginimprovements
● only one HAproxy (the one on MOS is used)● headless mode enabled by default
● only one rabbit (the one on MOS is used)● extremely simple procedure for adding new contrail components
● separate contrail roles
● bugfixing (based on our experience with real production)● cassandra tuning
● automated tests after deployment● automated monitoring using Zabbix/Stacklight* plugin
● ToR agents HA
Telco- usecases
AT&T● FullyautomateddeploymentviaOpsSimpleandFuel●BasedonContrailandMirantisOpenStack●DPDK,SR-IOV,ServiceChaininginrealproductionfortelcoworkloads
● FueldeliverflexibleComputenodesconfigurationforvariousDPDK/SR-IOVconfiguration
● Fueldeploymentcustomization(e.g.separatenodesforHAProxy)
Telco- usecase
MEAtelcocompany●Cloudsforenterpriseandtelcoworkload● ServiceChaining● LBaaS●QoSandnetworktrafficquotas(usingdatafromContrailAnalyticsandlogicfromOSS/BSS)
●MultiVendorVNFonboardingprocedures●MuranoasVNFapplicationmarket(ResourceOrchestrator)
Financialorganization- usecase
MOSandContrailcloudssupport:●MulticastsinL2andL3●ContrailBareMetalsupportforOracleRAC●MultisitewithContrailFederation●CloudconnectivitywithMPLSnetwork●VPNaaS- OpenVPNandOpenLDAP● LBaaS- ContrailHAProxy●DNSaaS- vDNS
Largesecuritycompany- usecase
●OneofthebiggestContrailcustomer●4DCs●Hundredsofcomputenodes●1k+virtualnetworks●Heavyproductiontraffic●HighSLA●AdvancemonitoringwithContrailfailureprediction:)●0downtimeupgradesprocedures●ContrailLBaaSwithcustomextensions
Mirantis R&D- usecases
●Contrailcontrollersindockers●Multivendorsupportforgateways/ToRs● InterSDN(multiplevendors)routingexchange●Automationsforupgradesonaproductionenvironment●NFVusecaseswithContrail●Contrailmonitoring(Zabbix,StackLight)
Mirantis Confidential
ContrailFuelPluginreleases
FuelContrailpluginversions SupportedFeatures Compatibility
3.0.0DPDK,SRIOV,HTTPStoVNCAPI's,HAofControllernodes(MOSHAProxy) MOS7.0,Contrail3.0.0,Kilo
4.0.0
DPDK,SRIOV,HTTPStoVNCAPI's,HAofControllernodes(MOSHAProxy),vRouterDPDKonVF(experimental),TSNsupport(experimental) MOS8.0,Contrail3.0.2,Liberty
5.0.04.0.0Features+QoS,RBAC,vCenter-as-a-Compute,Minorversionupgradeusingplugin,Mitaka MOS9.0,Contrail3.1,Mitaka
Murano:Get,ShareandRunAppsonDemand
Create Catalog● Easily add new apps● Describe forms, app
dependencies, suggested configurations, billing rules etc.
Deploy Apps● Deploy applications and
services with a push of a button
● Choose apps, specify settings, and deploy
Automatically Manage Apps
● Monitor with Ceilometer● Automatically self-heal,
scale up & down, failover, backup
● Application specific actions● Track usage
Utilized by the OpenStack Community App Catalog
ServicechainingasaMuranoapplication
AvailablebydefaultwithMOS:● Murano● ContrailHeatpackages● CeilometerwithContrailextensions● DPDKandSR-IOVforContrail
DeploymentusingFuel
HA architectures automatically deployed with Fuel
Simultaneously deploy separate clusters of OpenStack and plugins
● Testing, development, production, etc.
Deploy with mixed hypervisors in the same environments
● VMware + KVM/QEMU
Includes Ceph storage deployment, Murano AppCatalog, Sahara BigData, and Ceilometer telemetry
Ecosystem of certified plugins expand the available solution sets and flexible choice
Multiple ClusterMultiple Versions
ExtensiblePluggableFramework
HybridHypervisor
Support
Complimentary OpenStack
Projects