Using Docker and SDN for telco-grade applications@NicoJanssens – Bell Labs

@FlorianOtel – Nuage Networks

KEY TAKE-AWAYS

Evolution: Traditional telco -> agile methodologies and micro-service oriented solutions

Use Case: Using Docker as enabling technology to facilitate this transformation

Lesson learned: Advanced SDN support required to facilitate more sophisticated deployment scenarios

3COPYRIGHT © 2014 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

WHO ARE WE? Nico Janssens

Bell Labs researcher @ ALUVirtualization enthusiastHackerUsing Docker since v0.7 (on a raspberry pi …)

Florian Otel

EMEA Director for Business Development and Strategy @ Nuage NetworksFirst time using Docker: Oct 2013

Operational costs pressures push Telcos to virtualize environments while preserving non-functional requirements

• 5 nines availability• Reliability• Performance and response times

MOVING AWAY FROM TRAD TELCO SERVICE DESIGN

Additional non-functional requirements to take into account

• Scalability• Elasticity• Agility• Operability and portability

Low overheadPortabilityMicro-service architecturesActive eco-systemPublic image registriesFacilitates dev-ops methodology

MOVING AWAY FROM TRAD TELCO SERVICE DESIGNBELL LABS VIEW

DOCKER AND TELCO SERVICES BELL LABS PROJECTS

New Network Analytics Service

Next-gen communication services

New Communication ServiceKey Goal: Simplify interactions among people, machines, and their environments

• From transaction-oriented Web model to persistent conversations

• Uniform interaction model for people, machines, and objects

• Rich context-based communications and collaboration

Mobile 5G Network

WIFI Network Edge Cloud

HubDevice

Distributed Cloud Platform

For Heterogeneous

HW infrastructure

Home

High Performance & Predictability

Small footprints

CentralCloud

New Home/IoT Service Platform

Sensor networkWiFi network

Mobile 5G network

USE CASE ARCHITECTUREMICRO-SERVICE CHAT ARCHITECTURE

load balancer

WS servermessage broker

key-value

database

document-oriented

db

Stateless WorkersChat-Thread Mgr

User MgrGroup Mgr

User View Mgr

User Presence MgrPush Notification Adapter

Call Mgr…

TURN/STUN Media Server

SDK

mobile client

web browser

machine buddies

web storage

distributed object store

and FS

RT + batch analytics

HTTP server

location and geo-fencing service

USE-CASE DEVELOPMENT – Why we chose Docker

8

Low overhead ✔Portability ✔Micro-service architectures ✔Active eco-system ✔Public image registries ✔Facilitates dev-ops methodology ✔…

DOCKER TOOLBOX

DOCKER COMPOSE

DOCKER REGISTRY

INITIAL PRODUCTION DESIGN20 node cluster with RANCHER and DOCKER

Datacenter

Host Host Host

…

RancherAgent

RancherAgent

Private IP Net

Server

FirewallNAT, DHCP,

LB,DNS

DockerDaemon

DockerDaemon

VM

RancherAgent

DockerDaemon

WorkerContainer WorkerContainer

ContainerNative Process

Rancher Cluster Manager• Native Docker support• Re-usage of Docker Compose files

• Low entry hurdle• Dashboard• Redundancy

Public Cloud Operator

MISSING: Mature SDN support for federation

Mgmt Server

RancherMgmt

DockerRegistry

Mgmt Server

RancherMgmt

DockerRegistry

Server

FirewallNAT, DHCP,

LB,DNS

TELCO-GRADE SERVICES – Network fabric requirements

Hybrid deployment scenarios Policies Stringent QoS requirements Security constraints

10

12/11/15

Software Defined Networking

VPN

VPN

VPN

VPN Internet

Network Virtualization

Massive IPScale

Policy BasedEndpoint Attachment

Proven technologies of VPNs (network virtualization), IP (scaling) and Mobile ( policy) applied to SDN

Nuage templates and role-based workflow

Compute Management

Tenant / Application Request

Compute Requestcompleted in sub-second

time

Service velocity is not hindered by network-centric operations

Auto-instantiation

00:01

IP Address

WAN interconnect

Policy/Security Zones

L2 /L3 Service AD

Network ChangeCompleted automatically

Service chaining

Template->Instances

Virtualized Services Directory (VSD)

Virtualized Services Controller (VSC)

Virtual Routing & Switching (VRS)

Nuage Networks Virtualized Services Platform (VSP)

• Business/IT policy engine (definition of rules)

• Service templates and Analytics

• SDN Controller• Instantaneous programming of the

network

• Virtualized service edge• Event-driven automation• Integration of bare-metal assets

Provide unified IP Fabrics

Unified IP FabricSecure GW Secure GW

VRS

VRS

VirtualizedServices

Controller

Virtualized Services

Directory

VRS

VRS

VirtualizedServices

Controller

Virtualized Services

Directory

Public Cloud Private Cloud

MP-BGPExchange Network information

XMPP (Span of control)Exchange Application Policies

- Home/Visiting Policy approach

Legacy VM

L2 and/or L3

(VLAN, VXLAN, GRE)

Virtual Router and Switch(VRS)

VRS-H*

VRS-G

VRS-X

VRS-V

Citrix XEN Hypervisors

VMware vSphere Hypervisors

Microsoft Hyper-V Hypervisors

SW Gateway for Bare Metal Servers &Appliances

KVM Hypervisors

VRS-K

Hardware gateway for Bare Metal/MaaS

VRS-T

L2-L4 VIRTUAL SWITCH• Open vswitch-based • Provides both VXLAN

and MPLSoGRE tunnel encapsulation options

• Programmed through OpenFlow from VSC, Encapsulates VM flow into preferred protocol (L2 or L3)

• Detects VM instantiation and teardownOpenFlow

XMPP

VirtualizedServicesDirectory

VirtualizedServicesController

Virtual Routing &Switching

Host

Virtual Routing &Switching

Hypervisor

Virtual Router and Switch (VRS)

• VIRTUAL MACHINE BASED

• SDN CONTROLLER• POWERED BY

SERVICE ROUTER OPERATING SYSTEM (SROS)

• PEERING & FEDERATION

• AUTO-DISCOVERY• TENANT SLICING

Virtualized Services Controller

(VSC)SROS BASEDSMNP/CLIBGP/IGP

SERVICE MGRForwarding dBRIB/FIB

XMPP

OPENFLOWControl pathto VRS

Message bus for:Event NotificationsPolicy Push

Security

Load Balancer

OpenFlow

XMPP

VirtualizedServicesDirectory

VirtualizedServicesController

Virtual Routing &Switching

Virtualized Services Controller (VSC)

Host

OpenFlow

XMPP

Virtualized Services Directory

(VSD)

• VIRTUAL MACHINE BASED

• SERVICE DEFINITION• POLICY

ESTABLISHMENT• SERVICE TEMPLATING• ANALYTICS ENGINE &

REPORTING

NETWORKS

SECURITY

QOS

STATISTICS

ZONE POLICIES:WEB ACCESSBACKEND LOGICETC.

CRM APP :- VM“80MBPS – REAL TIME”

THRESHHOLD ALARM

UI

REST API

MessageBus

Domain

Zones

Subnets

Policies

VPNPublic

Internet

VirtualizedServicesDirectory

VirtualizedServicesController

Virtual Routing &Switching

Virtualized Services Director (VSD)

UI

Host

Network virtualization with Nuage NetworksFederated Datacenter Services (multiple CMS)

Cloud Service Management Plane

Datacenter Control Plane

DatacenterData Plane

Brooklyn Datacenter - Zone 1

VirtualizedServicesDirectory

VirtualizedServicesController

HOST

HOST

HOST

HOST

HOST

HOST

Cloud M

anager to Hypervisor com

munications

HOST

HOST

HOST

Brooklyn Datacenter - Zone 2

HOST

HOST

HOST

Network Services

Manhattan Datacenter - Zone 2

Federation of Controllers

EdgeRouter

MPLS(MP-BGP) Service

Provider Control Plane

Service Provider Data Plane

BusinessVPN Service

PrivateDatacenter

MP-BGPMP-BGP

Domain

Subnets

VPNInternet

ZonesPolicies

Live DemoPlease pray the Demo Gods be with us today

… else we will show you slides with screenshots

Additional informationNuage SDN resources -- repos:

* official / stable: github.com/nuagenetworks/* unofficial / “radioactive”:

github.com/FlorianOtel/docker-vsp-plugin github.com/FlorianOtel/gonuageshell

SDN performance metrics: Network connectivity and policy for 100’000 Docker containers in 7.5 minutes

(demonstrated at Network Tech Field Day 2014)

Thank you!Nico Janssens & Florian Otel@NicoJanssens

@FlorianOtel