Date post: | 21-Jan-2018 |
Category: |
Technology |
Upload: | steve-roles |
View: | 376 times |
Download: | 1 times |
The Cloud Specialists
NFV & CloudStackShapeBlue.com • @ShapeBlue
Paul Angus, VP Technology • @[email protected]
A n i n t r o d u c t i o n t o
The Cloud Specialists ShapeBlue.com @ShapeBlue
“ShapeBlue are expert builders of public & private clouds. They are the leading
independent global CloudStack services company”
A b o u t S h a p e B l u e
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Paul Angus – VP Technology• Global authority on CloudStack & cloud infrastructure design.
• 15+ years C-Level experience.
• Apache CloudStack project committer & PMC member
• Specialising in deployment of CloudStackand surrounding infrastructure especially the user story
• USP, Georgian Ministry of Justice, Orange, TomTom, PaddyPower, Ascenty, BSkyB, SAP, British Telecom
A b o u t m e
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
S h a p e B l u e c u s t o m e r s
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
S h a p e B l u e c u s t o m e r s
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
S h a p e B l u e c u s t o m e r s
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
• What is NFV ?
• What CloudStack can do in the NFV Space
• What CloudStack can’t do (yet)
• What CloudStack might do
O v e r v i e w
The Cloud Specialists ShapeBlue.com @ShapeBlue
What is NFV Anyway?(The Emperor's New Clothes)What is NFV Anyway?(The Emperor's New Clothes)
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
NetworkFunctions
Virtualization
Taking a network function (like routing or firewalling or a VPN) and creating a virtualised appliance to do it.
W h a t i s N F V ?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Sounds like the CloudStack Virtual Router !?
Yes. It does.(See. It’s not so complicated)
W h a t i s N F V ?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
vFirewall• Cisco® Adaptive Security Virtual Appliance (ASAv)• Juniper® vSRX• BigIP® Virtual Firewall (vFW)
vRouter• Cisco®Integrated Services Virtual Router (ISRv)• Juniper® vMX• Brocade® 5600 vRouter (Formerly Vyatta)
W h a t i s N F V ?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
WAN Acceleration• Cisco® vWAAS (wide‐area‐application‐services)• Riverbed® SteelHead CX
Application Delivery Controllers• Citrix® NetScaler VPX• Virtual Application Delivery Controllers (vADC)• A10 vThunder ADC
W h a t i s N F V ?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
BIG-IP VNFs• Virtual Policy Manager (vPEM)• Virtual DNS (vDNS)
F5 • Virtual Diameter Routing Agent (vDRA)• Virtual Diameter Edge Agent (vDEA)
W h a t i s N F V ?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Other types:
• Brocade vEPC(Evolved Packet Core ‐ Mobile Comms)
• vIPS
• vThunder CGN gateways
• vWebSecurity
W h a t i s N F V ?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
So what’s the big deal?A few orchestration layers are required to create the virtual instances, plumb them into a network and configure them.There quite a few combinations and permutations to deal with.(+ if it weren’t complicated, vendors couldn’t charge through the nose for it – cynical much?)
W h a t i s N F V ?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
How complicated is it then?
ETSI (European Telecommunications Standards Institute) have a special interest group specifically to try to standardise it all.
W h a t i s N F V ?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
W h a t i s N F V ?
ETSI NFV Reference Architecture
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
VNF - Virtualized Network Function(i.e vRouter or vFirewall)
Just a Virtual Instance
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
W h a t i s N F V ?
EM – Element Manager ServiceProvides a standardized interface to a given VNF tomanage internals
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
W h a t i s N F V ?
VNF ManagerManages the internal working of the VNF instances, pushes configuration and ensures availability and performance
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
W h a t i s N F V ?
Virtualised Infrastructure ManagerOrchestrates Virtual Infrastructureto create VNF instances and ‘plumb’ them in
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
W h a t i s N F V ?
NFV InfrastructureThe virtualisation hardware; compute, storage networking etc
The Cloud Specialists ShapeBlue.com @ShapeBlue
W h a t i s N F V ?
So, about that VR then?So, about that VR then?
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
W h a t i s N F V ?
Comparing the NFV Model with Virtual Router elements
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
W h a t i s N F V ?
Virtual Infrastructure
Cloud‐Stack Kernel
Business Logic
VR1
VR Network Service Mgr Adapter
Comparing the NFV Model with Virtual Router elements
The Cloud Specialists ShapeBlue.com @ShapeBlue
To Sum Up(this part, that’s not the
whole presentation)
To Sum Up(this part, that’s not the
whole presentation)
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
C l o u d S t a c k & N F V
The VNF is just a guest instance, which has a second layer of orchestration applied to it.
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
VM
C l o u d S t a c k & N F V
Virtual Infrastructure ACS
This is our bread and butter.
The Cloud Specialists ShapeBlue.com @ShapeBlue
NFV – what’s it FOR(use cases)
NFV – what’s it FOR(use cases)
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
• Users want to be able to be able to recreate ‘enterprise’ topologies in the virtual (cloud) space
• SPs and MSPs want their customers to be able to do the above and want to be able to sell them the appliances.
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
N F V To p o l o g i e s
Recreating ‘Traditional’ Enterprise topologies
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
‘Specific’ use cases
N F V To p o l o g i e s
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
N F V To p o l o g i e s
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
CloudStack’s Shortfalls
• No way to add a layer 2 network (ie network with no IP requirements)
• No way to have a range of public IPs presented to the guest networks without explicit mapping
• VR is a ‘proprietary’ case of NFV• No way to put ‘alternative’ VRs or Network Appliances in the
guest networks
C l o u d S t a c k & N F V
The Cloud Specialists ShapeBlue.com @ShapeBlue
CloudStack & NFV(Drumroll plleeease)
CloudStack & NFV(Drumroll plleeease)
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
• New concept of Topologies• New concept of Enterprise Topologies• New VR type ‘Enterprise Topology VR’• New Network Types
• Layer 2• Simple User
• UI enhancement to give graphical network building
C l o u d S t a c k & N F V
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Topologies• Isolated/shared
Individual guest networks
• VPCContains multiple VPC tiers (neworks)
• EnterpriseContains multiple ‘simple user’ or ‘Layer2’ networks
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Enterprise Topology Virtual Router• A simplified (and hidden) VR to pass ALL
designated 'public' IP data through to a hand off. What happens after this, is the 'users' problem.
• Pass 'public' traffic to/from the hand-off as fast as possible (no other services)
• Ensure that a user cannot use a public IP that has not been assigned to the topology
C l o u d S t a c k & N F V
Public Network
Hand-off
ETVR
Core Router123.123.123.254/24
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Enterprise Topology Hand-off• Users can create a device, who's outside face is
on an IP between 123.123.123.56 –123.123.123.62 with a gateway of 123.123.123.254
• No other source IPs will be allowed to pass traffic
• User device eth0:IPADDR=123.123.123.56GATEWAY=123.123.123.254NETMASK=255.255.255.0
• Core router requires route info – groundwork laid by OSPF work.
C l o u d S t a c k & N F V
Public Network
ETVROnly traffic from allowed ranges through
Core Router123.123.123.254/24
User DeviceLikely WAN Accelerator or vRouter
Gateway: 123.123.123.254Allowed Ips: 123.123.123.56 – 123.123.123.62Netmask: 255.255.255.0
Hand-off
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
New Network Types• Layer 2A new network type that is a pure layer 2 network. It would have a VLAN (assigned by CloudStack), but no IP addresses assigned to it and no services.And hence doesn't require VR or IP addresses (DNS/DHCP to be handled 'externally')Allows ‘service chaining’ and ‘Enterprise Networks’ using say, Active Directory or IPAM.
• Simple UserA network where a user can define the IP address properties, but VLANs are orchestrated by CloudStack. CloudStack provides DNS and DHCP, but VR in not in‐path – a self‐service shared network.A user would likely define the gateway of the network as the vRouter that they created.
*VLAN == any supported isolation method
C l o u d S t a c k & N F V
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
• User creates endpoints and networks which join them.CloudStack creates VLANs but applies no layer 3 restrictions
C l o u d S t a c k & N F V
Public Network
Hand-off:Gateway: 123.123.123.254Allowed Ips: 123.123.123.56 – 123.123.123.62Netmask: 255.255.255.255
ETVROnly traffic from allowed ranges through
Core Router123.123.123.254/24
User InstanceWAN Accelerator
L2 Network
User InstancevRouter/Firewall/VPN
L2 Network
User InstanceVM
User InstanceVMUser Instance
VM: AD + DHCP + DNS
L2 Network
User InstanceWeb server
DMZ
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
• Simple services Network which provides CloudStack controlled IP addressing.IP space and gateway defined by the user
C l o u d S t a c k & N F V
Public Network
Gateway: 123.123.123.254Allowed Ips: 123.123.123.56 – 123.123.123.62Netmask: 255.255.255.0
ETVROnly traffic from allowed ranges through
Core Router123.123.123.254/24
User InstanceWAN Accelerator
Simple User Network
User InstancevRouter/Firewall/VPN
L2 Network
CloudStack VRDHCP + DNS
Hand-off
N e t w o r k V i s u a l i s a t i o n
‐ CloudStack equivalent of‘Forwarding Graph’
N e t w o r k d e v i c e s v i e w
‐ New ‘Devices’ view
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
A d d n e t w o r k d e v i c e t o a c c o u n t
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
A d d n e t w o r k d e v i c e t o a c c o u n t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Phase 2
M u l t i p l e V N F a p p l i a n c e s
‐ CloudStack equivalent of‘Forwarding Graph’
N e t w o r k d e v i c e
s e t t i n g s
‐ Configuration through CloudStack UI or appliances’ console
V F N C o n f i g u r a t i o n
‐ Option of configuration through appliances’ native UI orSimplified configuration through CloudStack option
N e t w o r k p r o v i d e r s
‐ Add VNF appliances as network providers
U n d e r l y i n g t o p o l o g y
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
H i g h l e v e l p r o c e s s
User adds appliance(s) to their account
Operator adds (VNF) appliance types to the cloud
User inserts appliance(s) into their networks
CloudStack creates ‘network
system VM’
CloudStack deploys appliance in network from ‘VM’ template
User configures VNF appliance
CloudStack sets base config of VNF appliance through VNFM or API
translator
CloudStack creates L2 networjs
APPLIANCE
‘Direct’ HTTP(s) proxiedthrough Network System VM
Direct console access on appliance via Console Proxy
Simple configuration ‘in’ CloudStack via API translator on Network System VM
Simple configuration ‘in’ CloudStack via VNFM on Network System VM
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Device Integration Options• Console Proxy access to VNF appliance console • User http(s) connection to device mgmt. port (via containerised
mgmt. VR in network management VM)• CloudStack management server to containerised VNFM/EM (in
network system VM). [utilising ETSI standards] Simple command set
• ‘ad‐hoc’ API translator (Simple command set to VNF appliance native API). [where ETSI standards not available]
M a n a g e m e n t p l a n e c o m m u n i c a t i o n s
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
• Layer 2 networks (service chaining)• External network device (appliances) abstractions• Containerised VRs• Containerised VNFMs & EMs• Forwarding graph translation (CloudStack <-> ETSI standard)• ‘Network (management)’ System VM• UI
E l e m e n t s
C l i c k t o e d i t
The Cloud Specialists ShapeBlue.com @ShapeBlue
Further Enhancements
• Support for VNF fabrics• Support for auto-scaling• Support for auto-healing
P h a s e 3
The Cloud Specialists ShapeBlue.com @ShapeBlue
?