OpenStack is HOT! No doubt about it. A recent survey by The New Stack and The Linux Foundation shows OpenStack as the most popular open source project ahead of other hot projects like Docker and KVM. OpenStack is now taking its rightful place as the open source cloud solution for enterprises and service providers.
To date OpenStack networking has not yet achieved the performance, scalability and reliability that many large enterprises demand. CPLANE NETWORKS solves that problem by delivering secure multi-tenant virtual networking that overcomes the limitations of the standard Neutron networking service. By making all networking services local to the compute node and achieving near line-rate throughput, CPLANE NETWORKS Dynamic Virtual Networks (DVN) delivers mega-scale networking for the most demanding application environments.
In this session John Casey will cover the basics of DVN and explain how CPLANE NETWORKS achieves "at scale" network performance within and across data centers.
About John Casey
John Casey has over 20 years of deep technology leadership. His proven success with a variety of technical leadership roles in Telecom, Enterprise and Government and in software design and development provide the foundation for the system architecture and engineering team.
Previously John led worldwide deployment teams for both IBM’s Software Group and Narus, Inc. His work in large scale, high performance system design at Transarc Labs and Walker Interactive Systems brings leadership to the CPLANE NETWORKS product suite.
3. Who We are
Property 10/30/2014 of CPLANE NETWORKS 3
Software only Network Orchestration
• Dynamic Virtual Networks
• Policy and structure network
orchestration
• Physical network integration
and optimization
• Converged Virtual LAN and WAN
• Orchestrate NFV Services
OpenStack Networking
• Production ready Neutron Plugin
SDN Customization and Integration
• Sophisticated SDN platform
allows custom solution - both inside
and outside the data center
POWERFUL
SDN
PLATFORM
DYNAMIC
VIRTUAL
NETWORKING
PRODUCTS
SDNCUSTOMIZATION
& INTEGRATION
HIGH
PERFORMANCE
OpenStack®
NETWORKING
4. CPLANE’s Advantage: Service Orchestration Engine
Property 10/30/2014 of CPLANE NETWORKS 4
Service Orchestration Engine
Northbound Services (RESTful)
Southbound Services (NetConf, CLI, SNMP, API, etc.)
Service Orchestration
Path and Flow
Computation
Policy Management
Topology and State
Cloud Operating Systems
Network Applications
Virtual Network
Services
Physical Network Services
CPLANE NETWORKS
•
Built from the ground up for network services orchestration
•Function-independent scaling
•Full HA
5. Fully Automated End-to-End Networking
End-to-End Networks
Scalable OpenStack network virtualization in the data center
Seamless, interconnected networks between data centers (WAN)
NFV Orchestration
Service Convergence
& Integration
Data Center OVS/VXLAN Networks
MPLS/WAN Service Orchestration
Data Center OVS/VXLAN Networks
WAN (DVNi)
DATA CENTER (DVN)
DATA CENTER (DVN)
EDGE
-
(DVNe)
EDGE
-
(DVNe)
Dynamic
Wide Area Networks
CloudNetworking
Platform
CloudNetworking
Platform
CloudNetworking
Platform
10/30/2014 Property of CPLANE NETWORKS 5
6. Our Products 6
•Dynamic Virtual Network (DVN)
•Operational efficiency, reliability and secure multi-tenancy of OpenStack® networking
•Scale OpenStack network performance through elimination of OpenStack bottlenecks
•Close the gap between NetOpsand DevOpsthrough common Application-aware network
•MPLS/WAN Network Provisioning and Orchestration (DVNi)
•Creates Multi-datacenter Wide Area Networks (WAN)
•Provides L2/L3 VPN with dynamic Class of Service/Quality of Service
•Provides optimal network utilization through patented bandwidth management
•Network Function Virtualization Orchestration and Integration (DNVe)
•Custom integration with 3rdparty hardware and software
•Multi-function gateways, load-balancers, and security Property 10/30/2014 of CPLANE NETWORKS
8. Design goals and philosophy
•
Be networking technology agnostic, but implementation specific –“Technology Evolves, But Customers Migrate Slowly”
–
Hardware technologies (LAN/WAN)
–
Protocols (VXLAN, GRE, MPLS, BGP)
–
Open Virtual Switch / Others?
•
Scalability in mind
–
Millions of vms, 10’s thousands of servers
–
Intra and Inter Data Center
•
Make OpenStackBetter!
–
Network node backhaul problem
–
Better isolation between Nova and Neutron
–
Nova scheduler should include other resources
•
Manageability, deployment and resiliency
–
Must be automatic / maintenance free
•
OpenFlowTMis interesting/innovative –still immature
–
Connection management
–
Reactive model –not enough
•
Prefer aggregate service event push over reactive
–
Higher level service knowledge
–
Steady-state should be fast
–
Structural changes can take time
•
We can enhance/optimize OVS!
–
Data Plane
–
Control Plane
–
Management Plane
•
Basis for Virtual Networks as a platform for future
–
Integrate with the hardware layer
–
Solve other domain problems
•
Application
•
Security
Property of CPLANE NETWORKS 8
Deliver Multi-tenancy Network Orchestration
10/30/2014
9. Move to Workloads and DevOpsModel
•
Deploy/Remove apps in minutes
•
Centralized knowledge of app topology
•
Policy driven to adhere to Corp Governance
•
Organization silos provide oversight
Tenant Based Cloud Networking
Property 10/30/2014 of CPLANE NETWORKS 9
Server1 Server1 Server1
192.168.0.2
192.168.0.2
192.168.0.2
Server1
Server1
Server1
192.168.2.2
192.168.2.2
192.168.2.2
Router
Internet
Or Other DC
Routing
VM
VM
VM
VM
VM
Spine
Router
LEAF
Spine
Router
Spine
Router
LEAF
LEAF
LEAF
LEAF
LEAF
Routing
VM
VM
VM
Server1
192.168.0.2
VM
VM
VM
App1
L2 & L3
App2 L2
VM
VM
VM
VM
VM
VM
VM
App3
L2 & L3
+ Physical
VM
VM
f(n)
Security Perimeter
Security Perimeter
Security Perimeter
Physical Resource Functions (Workloads)
Application
workloads
Attributes:
•Application workloads
•Optimized for east-west traffic
•Dynamic VM Topologies
•10ks of VMs, 1000s of VM groups
•Minutes to deploy applications
•NetOpsmoves to oversight role (BM/QoSManagment)
f(n)
Note: Traditional DC Network design ToR/Agg/R-Core
can still be used for small / medium scale deployments
OGR™
10. Inter-Data CenterTenant Based Cloud Networking
Property 10/30/2014 of CPLANE NETWORKS 10
Server1 Server1 Server1
192.168.0.2
192.168.0.2
192.168.0.2
Server1
Server1
Server1
192.168.2.2
192.168.2.2
192.168.2.2
Router
Routing
VM
VM
VM
VM
VM
Spine
Router
LEAF
Spine
Router
Spine
Router
LEAF
LEAF
LEAF
LEAF
LEAF
Routing
VM
VM
VM
Server1
192.168.0.2
VM
VM
VM
App1
L2 & L3
App2 L2
VM
VM
VM
VM
VM
VM
VM
App3
L2 & L3
+ Physical
VM
VM
f(n)
Security Perimeter
Security Perimeter
Physical Resource Functions (Workloads)
Application
workloads
OGR™ Overlay Router
Extends Tenant Network to Edge Router
f(n)
Note: Traditional DC Network design ToR/Agg/R-Core
can still be used for small / medium scale deployments
OGR™
OGR
BGP
11. Virtual Extensible Local Area Network (VXLAN)
•
IETF VXLAN
–
Uses multi-cast
–
High overhead
–
Low scalability
–
Switching only (L2)
•
CPLANE Controller-Based VXLAN
–
Common encapsulation
–
Low overhead
–
High scalability
–
Routing (L3) and Switching
–
Local ARP Resolution
•
Ethernet in IP overlay network
–
Entire L2 frame encapsulated in UDP
–
50 bytes of overhead
•
Include 24 bit VXLAN Identifier
–
16 M logical networks
•
VXLAN is routable
•
Tunnel between hosts
–
VMs do NOT see VXLAN ID
Outer MAC
DA
Outer MAC
SA
Outer 802.1Q
Outer IP DA
Outer IP SA
Outer UDP
VXLAN ID (24 bits)
Inner MAC DA
InnerMAC
SA
Optional Inner 802.1Q
Original Ethernet Payload
CRC
VXLAN Encapsulation
Original Ethernet Frame
10/30/2014 Property of CPLANE NETWORKS 11
12. Inter-Data Center using MPLSTenant Based Cloud Networking
Property 10/30/2014 of CPLANE NETWORKS 12
MPLS Core
Router
MPLS Core
Router
MPLS Core
Router
SF Data Center
NY Data Center
Tokyo Data Center
MPLS –Full Mesh LSPs
Traffic Engineer Core
Backup path failover
•
Easy migration from Carrier Service
•Greater flexibility, reduce cost
•Integrate with OpenStack Model
Bandwidth guarantees,
Resiliency and
Fast Reroute
13. Inter-Data Center Using MPLSTenant Based Cloud Networking
Property 10/30/2014 of CPLANE NETWORKS 13
MPLS Core
Router
MPLS Core
Router
MPLS Core
Router
SF Data Center
NY Data Center
Tokyo Data Center
•
Per-tenant connectivity via OGR-MPLS
•Aggregate or per tenant L3VPN/L2VPN
•Supports CoS/QoSover WAN
•
Per tenant L2 or L3 VPN
•Multiple CoSper VPN
•Edge Policy QoS
•Application Packet Marking
T1
T2
MPLS Edge Router
MPLS Edge Router
MPLS Edge Router
14. OpenStack Virtual Networking Property 10/30/2014 of CPLANE NETWORKS 14
OpenStack™ VXLAN Virtual Overlay Networking
– Havana/Icehouse via Neutron plugin
Features:
• Autonomous Compute Node Architecture
–Eliminate need for separate Network Node™
–Local ARP resolution proxy
–Direct virtual routing and switching
–Local Floating IP
–Local NAT
–Local DHCP • Near line rate using optimized OVS
• Tenant Isolation via efficient VXLAN
• Supports 1000s of compute nodes
• OGR™ Gateway to physical networks and
MPLS WAN
• Hardware Assist GW/LBAAS
• Integration with CPLANE’s MPLS WAN
Product
15. CPLANE VXLANRouting and Autonomous Compute Nodes
Property 10/30/2014 of CPLANE NETWORKS 15
• DVN eliminates the need for the physical OpenStack Network Node to perform
–Tenant Routing
–Metadata Proxy
–DHCP services
–Floating IP
–NAT
• VM to VM routed traffic is sent directly to each destination node
• OGR™ routes VM traffic to physical networks and MPLS WAN
OpenStack Icehouse
Dependent on Network Node
CPLANE
Autonomous Compute Nodes
MPLS WAN &
Physical Workloads
16. Event Driven, Deterministic Policy Orchestration
Property 10/30/2014 of CPLANE NETWORKS 16
OpenStack®
Controller
Neutron
ReST
API
Compute Node
CP Agent
OVS
VM
VM
VM
Compute Node
CP Agent
OVS
VM
VM
VM
Compute Node
CP Agent
OVS
VM
VM
VNF
OpenStack
User Events
•Create VM(s)
•Connect VMs to Network
•Route VMs together
CPLANE SDN/DVN Controller
•Turns Neutron Events into Flows Models
•Calculates which OVS will be affected by which Flow Model based on the VM topology
•Sends Flow Models to the appropriate OVS via CP-Agent
Flow Models: A sequence of OVS flow table entries designed to perform a specific routing or switching function
OGR Node
CP Agent
OVS
FLOWS MODELS
•Base Flows
•Base Subnet Flows
•Base L2 Flows
•L2 Local Flows
•L2 Remote Flows
•L3 Remote Flows
•FloatingIP Flows
•NAT Flows
•OGR Compute Flows
Switch
MF-Dev
T1
ORCHESTRATION
•PNF and NFV
•QoSPolicies
•LB Policies
•ACL/ Firewall
Controller
17. CPLANE OVS Component Architecture
Property 10/30/2014 of CPLANE NETWORKS 17
NIC Card
• CPLANE AGENT
–Handles all management needed for on compute node (OVS)
–Registration/recovery
–Caching, health, logging
–OS Functions
• CLI management still exist but NOT needed for
managing compute node
–ovs-vsctl
–ovs-dptl
–ovs-ofctl–still maybe used for deep debugging
–ovs-appctl–still maybe used for deep debugging
CPLANE AGENT
Communication with DVN Controller
18. Manageability Single Pane of Glass
Property 10/30/2014 of CPLANE NETWORKS 18
Graphical Topology Element (EMS) View – Bridges / ARP Tables
Service Assurance – Connectivity Validation
Service Detail –Drill Down
19. Version 1.2
•
Fully Autonomous Compute node
–
Localized DHCP per Network
•
Enhanced UI display
–
New per-node network ARP table view
•
Keystone Integration –Authentication/Authorization
–
Controller users authenticate with keystone
–
Role based authorization limits views to network services
Property 10/30/2014 of CPLANE NETWORKS 19
21. Dynamic Virtual Networks Interconnect (DVNi) Transit Layer (MPLS-TE)
Build End-to-Edge or Full Mesh LSPs
–
Graphically draw, generate, pre-validate and apply configurations
Automatic topology discovery
–
Computed from existing LSP configuration
Multi-vendor LER/LSR router support
–
Juniper, Cisco and others
Automatic computation of backup Paths
–
No single point of failure in network
LSP Computation using with CSPF
–
Bandwidth aware
Full support for path coloring constraints. i.e.:
–
Resource class affinities
Transactional control provisioning
–
With full roll-back capability
Property 10/30/2014 of CPLANE NETWORKS 21
22. Dynamic Virtual Networks Interconnect (DVNi) VPN Service Layer
Property 10/30/2014 of CPLANE NETWORKS 22
Northbound Services (RESTful)
Southbound Services (NetConf, CLI, SNMP, API, etc.)
Service
Orchestration
Path and Flow
Computation
Policy Management
Topology and State
Cloud Operating Systems
Network Applications
•
Automated L3 (2547) and L2 (PW, VPLS) Multi-site VPN
•Provides CoSand protects service SLAs with built-in admission control
•Reviews, stores and audits all network element changes along with current service state and VPN topology
•Automation and control of network resources such as bandwidth, VRFs, queues and access control lists
•Supports Hub-and-spoke and full- mesh VPN topologies
•Easily integrates with OpenStack for complete end-to-end provisioning
MPLS Multi-site Data Center
Interconnectivity
23. Demo Environment
•
Management Network
–
SNMP discovery
–
Management Plane (cli)
Property 10/30/2014 of CPLANE NETWORKS 23
• Physical Equipment
–Cisco (PE, P)
–Juniper (PE)
• Configuration
–OSPF IGP (also support ISIS)
–MPLS RSVP-TE protocol on all NN links
–MP-BGP on all PE Routers
–L2/3 VPN Services on PE Access Points
Cisco 7204core1lo0 10.255.255.1Cisco 7204core3lo0 10.255.255.3Cisco 7204edge1lo0 10.255.255.11Cisco 7204core2lo0 10.255.255.2Juniper M5edge3lo0 10.255.255.13Cisco 7204edge4lo0 10.255.255.14fa1/0 10.10.1.1/29fa3/0 10.10.1.2/29fa3/010.10.1.17/29fa3/0 10.10.1.18/29fa4/0 10.10.1.25/29fa1/0 10.10.1.26/29fa2/0 10.5.1.1/29fa1/0 10.5.1.2/29fa2/0 10.5.1.9/29Fa0/0/0 10.5.1.10/29fa1/0 10.5.1.25/29fa4/0 10.5.1.26/29fa2/010.7.1.1/29fa3/010.7.1.9/29fa2/0 10.7.1.25/29fa3/0 10.7.1.33/29Fa0/0/2 10.7.1.57/29
