MidoNet Roadmap & Vision

Jean-François JolyProduct Manager @ Midokura

October 2015

Disclaimer

• This presentation contains product features that are currently under development.

• Features are subject to change.• Technical feasibility and user demand will affect final delivery.

Agenda

Solving problems⚫ Install⚫ Troubleshoot⚫ Security⚫ Multi-sites⚫ Faster delivery

Problem

Today’s solution

Tomorrow’s solution

MidoNet Releases

2016.H1 2016.H22015.H2 2017.H1

MidoNet 5.1 MidoNet 5.3

MidoNet 5.0

MidoNet 5.5

MidoNet 5.2 MidoNet 5.4

InstallingFirst problem

Example install flow# apt-get install figlet

[…]

The following NEW packages will be installed:

figlet

[…]

Setting up figlet (2.2.5-2) ...

# figlet easy

___ __ _ ___ _ _

/ _ \/ _` / __| | | |

| __/ (_| \__ \ |_| |

\___|\__,_|___/\__, |

|___/

Who needs to deployProduction DevOps

Systems and networks adminsSupport

DevOpsSystems and networks adminsQuality assurance

Test

DevOpsSoftware engineers

Development

MidoNet todayProduction Quick start guide

Installers: Puppet, Mirantis Fuel, Juju, TripleO (RDO Manager) ...

quickstart.sh# curl https://www.midonet.org/quickstart-v5.0.sh | sudo bash

Test

devstackDevelopment

MidoNet today - continued

Agents non disruptive upgradesFlows are not interrupted during an upgrade

MidoNet tomorrow

More installers (Liberty , Suse Openstack installer)Less components : distributed flow and topology databaseSeamless upgrades : API is available, topology can change during an upgradeAuto discovery of services

TroubleshootingSecond problem

Lack of visibility

Today : trace

Trace

Use mm-trace to trace the trafficSee every hosts where a packet transitsSee the logical topologySee the security rules that are applied

Today : inspect

Mirroring

Mirror any destination or subnetMirror to multiple portsMirror to a VM or physical applianceUse tcpdump to view the trafficUse an appliance to perform deep packet inspection and prevent advanced persistent threats

Physical switches

Tomorrow

Integration with the fabric⚫ Underlay and overlay trace⚫ Underlay and overlay topology historyCurate the information to show what's most relevant to the operatorsPro-active fault detection

SecurityThird problem

Endless pressure

External: Advanced persistent threats requires protection of every machine and detection mechanismInternal : Compliance and auditors can dictate software choices

Today : security groups

Manage the security per port

Today : mirroring

Use port mirroring with VM appliances to insert additional security systems

Security appliance

Today : perimeter firewall

Perimeter Firewall for traditional rules management and easier audits

Today : distributed agents

Attacks are dropped at the edge with MidoNet being distributed

Tomorrow

Insert network services directly in the network path at L2 or L3This can be done programmatically using APIRetrieve the Firewall logs via the API for monitoring, audits or complianceSupport Neutron Tap as a Service

Multi sitesFourth problem

Expansion and availability

Enterprises outgrow their initial datacenterDisasters, compliances drive the organization’s multi-sites agenda

Today

Run MidoNet distributed over multiple sitesOrchestrate the multiple sites via the API

Tomorrow

Peer several router to establish a private network between data centers and tenantsOn demand VPN using VPNaaSSingle pane of glass to manage multiple sites : same authentication, security rules...

ContainersFifth problem

Faster delivery

Interest for containers is similar to what happened with VMs 10 years agoImprove application delivery time and frequencyContainers enable reproducible delivery at scale with continuous integration and deployment.Faster to deploy and easier to manipulate than VM

Higher density

Containers footprint is smaller than virtual machinesMore applications running on the same hardware brings more density and even higher network port concentration

Micro services

Application architecture is split in small, specialized, services requiring granular security

Virtual Machine

Image treatment

Communication

Authentication

Business workflow

Container

Image treatment

Container

Container

Container

Communication

Authentication

Business workflow

Today

Run docker containers inside physical machine (nova docker)Run kubernetes and mesos on top of Openstack and MidoNet

Tomorrow

Natively connect docker containers to MidoNet (project Kuryr)Integration of containers within Openstack through Openstack MagnumOrchestrate MidoNet with Mesos, Kubernetes, Swarm...

Join us on Slack to discuss these problems and implement great solution inside MidoNetCheck MidoNet Releases page in wiki:https://github.com/midonet/midonet/wiki/Release-Schedule

Read MidoNet documentation for more details:https://docs.midonet.org/

Follow MidoNet roadmap

Questions

Reach over to me on ⚫ Slack @jfjoly⚫ Mail jf@midokura.com⚫ IRC jfjoly