创新云解决方案

创新云解决方案2OpenStack——

DeliveringAgilityWithAutomation&applicationcentric3WhyOpenStackChallengesinDCandSDNOpenStack@CiscoSummary4Avoidsvendorlock-in•••Opensourcewithmorethan180vendorscontributingRapidbuild-outofPublicorPrivatecloudsEasilycustomizablebyInternalSoftwareteamsReadyformission-criticalprivate/publicclouds•8thmajorrelease–Provensoftware•MarketMomentumsComcastIntelCERNNASABloombergBestBuyPayPalHubSpotOthersHighCiscoContribution••CiscoCloudCTOisVice-chairofboardLewTuckerSupportforCisco’sentireCloudportfolio(UCS&Nexus)SvcsUDCCIN•CiscoAcceleratingInnovation(e.g.ExtendingSDNtoCloud…)5OpenStackDistribution&SupportSoftware&SupportSystemIntegratorsSystems/ITAppliancesLayeredonOpenStack(PaaS&Multi-CloudMgmt)ManagedServices6OpenStackDistribution&SupportSoftware&SupportSystemIntegratorsSystems/ITAppliancesLayeredonOpenStack(PaaS&Multi-CloudMgmt)ManagedServices7解决应用部署的复杂性APPOSAPPOSAPPOSAPPOSAPPLICATIONSAPPOSAPPOSAPPOSAPPOSManysystemstolearn,highcomplexity,highcostOpenStackCloudServicesInfrastructurePhysicalServersStorageSystemsNetworks8NovaComputeSwiftStorageNEUTRONNETWORKINGHorizonWebInterfaceHeatOrchestrationGlanceImageKeystoneSecurity9NetworkService(Neutron)APIAPIExtensionsNetworkServiceNetworkabstractiondefinitionandmanagementNoactualimplementationofabstractionPlug-InAPIVendor/UserPlug-InImplementationofabstractionsVirtualorphysicalExtendedAPIsCiscoPlug-InsNX-OS(VLANs),LinuxBridgeOVS+GRE,VxLANNexus1000v(VLAN,VxLAN,OVS)CiscoONE/APICController10WhyOpenStackChallengesinDCandSDNOpenStack@CiscoSummary11WANEdge/DCICoreAggregation/AccessServicesComputeStorage12Spine新的架构变化：....ScaleOutCore•••计算虚拟化网状的流量模型交换矩阵横向扩展Leaf挑战：ServersEdgeRoutersvSwitchVMVMVirtualAccessLayerVPNs/PublicInternet••••••虚拟化主机的部署VM移动性网络架构scale-out扩展性地址规划和路由寻址的复杂度业务配置和开通的复杂度故障诊断的复杂度13Spine..ScaleOutCoreLeaf..EdgeRoutersServersvSwitchvSwitchVPNs/PublicInternetVMVMVMVMVirtualAccessLayerVMVM14Dev/TestDesignNewReqmts.ApplicationLifecycleKeyMetrics•Performance•Availability•SecurityDeploy•Layout&DescribeDependenciesOperateResolve•Slowresponse•Servicesnotreachable•Scalelimits•CyberthreatsMonitoringDiagnostics•Application-specificconnectivity•InstantiateL4-L7services•ProvisionapplicationcomponentsInfrastructureBring-up&ManagementConnectivityConfiguration•CertifyandTest•FaultManagementComputeFabricStorage15VMVMVMVMLogicalcontainersforeachapplicationinamulti-tenantcloudPlatformsforbuildingscalableappsAPI-drivenOpenCloudPlatformVMVMVMScalableServices(ELB,NoSQL,Bus)PaaSEnvironmentsOpenStackCompute(Nova)OpenStackNetworking(Quantum)OpenStackStorage(Swift)ProgrammableInfrastructurePlatformAPIsaonePKControllersandAgentsVirtualOverlaysNexus1000VVXLAN/LISPNetworkServicesFirewall,etc.ONEController(OpenFlow,onePK)16OpenDaylightProjects:•Controller•YangTools•GUI•IntegrationTesting•VTN•OpenDove•AffinityManagementService•LISPMappingService•Defense4All•BGP-LS/PCEPPlugin•OpenFlowSBPlugin•OVSDBPlugin•SNMP4SDN•OpenStack•OpenFlowProtocol•CiscoOnePK(*)17ServiceSetDataPathPolicyRoutingElementDiscoveryUtilityDeveloperDescriptionProvidespacketdeliveryservicetoapplication:Copy,Punt,InjectProvidesfiltering(NBAR,ACL),classification(Class-maps,Policy-maps),actions(Marking,Policing,Queuing,Copy,Punt)andapplyingpoliciestointerfacesonnetworkelementsReadRIBroutes,add/removeroutes,receiveRIBnotificationsGetelementproperties,CPU/memorystatistics,networkinterfaces,elementandinterfaceeventsL2topologyandlocalservicediscoverySyslogeventsnotification,Pathtracingcapabilities(ingress/egressandinterfacestats,next-hopinfo,etc.)Debugcapability,CLIextensionwhichallowsapplicationtoextend/integrateapplication’sCLIswithnetworkelement18ServiceSetDataPathPolicyRoutingElementDiscoveryUtilityDeveloperDescriptionProvidespacketdeliveryservicetoapplication:Copy,Punt,InjectProvidesfiltering(NBAR,ACL),classification(Class-maps,Policy-maps),actions(Marking,Policing,Queuing,Copy,Punt)andapplyingpoliciestointerfacesonnetworkelementsReadRIBroutes,add/removeroutes,receiveRIBnotificationsGetelementproperties,CPU/memorystatistics,networkinterfaces,elementandinterfaceeventsL2topologyandlocalservicediscoverySyslogeventsnotification,Pathtracingcapabilities(ingress/egressandinterfacestats,next-hopinfo,etc.)Debugcapability,CLIextensionwhichallowsapplicationtoextend/integrateapplication’sCLIswithnetworkelement19OpenStackNeutronNeutronplugin•OpenDaylightexposesasinglecommonOpenStackServiceNorthbound•APIexposedmatchesNeutronAPIprecisely••supportsmultipleimplementationsofNeutronnetworksinOpenDaylightOpenDaylightAPIs(REST)NeutronServiceOpenDaylightOpenStackNeutronPluginlargelypassesthrough••simplifiesOpenStackpluginpushescomplexitytoOpenDaylightVTNProviderDOVEProviderOVSProviderOpenDaylight20OpenStackNeutronOpenPlug-InsApplicationPoliciesQoSSecurityAvailabilityScaleNetworkControllers(APIC,PNSC,XNC/OpenDaylight,…)FirewallWAASLoadBalancerRouterSwitchOpFlexAgentACIOVSExtensionOF/OnePKAgentWebAppVirtualAppliance（NFV）VirtualNetworkPhysicalHardwareAutomaticallyCreate,Deploy,Manage,Modify,TearDownAcrossTHOUSANDSofNetworkNodes21WhyOpenStackChallengesinDCandSDNOpenStack@CiscoSummary22•物理网络设备Nexusswitches(vlans/SVI/etc.)onePKdevice-levelintegrationDFA/ACIFabric(spline-leaf)•虚拟网络设备N1000v/VXLANvirtualoverlaymanagementOVS/GRE•SDN控制器的集成CiscoONEcontroller(OpenDaylight)andAPIC(ACI)提供的北向API•网络服务的集成••••针对NFV应用的配置管理工具：ESCServicechainingvPE虚拟化Overlay(ExternalName:ESP)VNMCfornetworkservicecontainers•自动配置管理•CiscoOpenStackInstaller(puppetautomation,HA,UCSmanagerintegration)23•自动化的VLAN配置ConfigureVLANsontheNexusswitch•三层网关的配置MapNexusSwitchVirtualInterface(SVI)totenantVLANScalabilitywithTopofRack(ToR)NexusasdefaultLayer3GatewayEliminatesconfigurationandbottleneckofhost-basedsoftwareL3forwardingAgent•vPC的配置VirtualPortChannel(vPC)forHighAvailability(HA)andlinkoptimizationtomultipleNexusswitches•物理和虚拟化的网络拓扑Performancebenefitsofhardware-basedToRswitch(Nexus3000,5000,6000,7000)Flexibilityofsoftware-definedNetworkingwithNexus1000V24ManagementNetworkdhcp-agent•FlatNetworkingTraffic•VLANTrafficacrossNodes•GREorVXLANtunnelsacrossNodes*-plugin-agentnova-computenova-computenova-computenova-compute*-plugin-agent*-plugin-agent*-plugin-agentnova-apinova-schedulerneutron-serverkeystoneL2B/OVSL2B/OVSNetworkNodeComputeNodeComputeNodeComputeNodeComputeNodemysql,rabbit...NexusPIDataNetwork•SVIconfiguredonNexusforL3forwardingandexternalGateway•Removesbottleneckofgenericserver-basednetworknodewithLinuxIPtablesExternalNetworkInternetCloudControllerNodeAPINetworkAPINetworkistypicallyL3routabletoenablepublicaccess(Controllersisbeyondofcomputecluster)25ManagementNetwork••NetworkNodefunctionasL3routerandconnectwithexternalphysicalnetworkwithvlanFoundationofVirtualServicesArchitecture:•vPathServiceInsertion/Chaining•VxLANOverlayNetworking•CSR,FW,VPN,Loadbalancingetcdhcp-agentdhcp-agentdhcp-agent*-plugin-agent*-plugin-agent*-plugin-agentl3-agentl3-agentnova-computenova-computenova-computenova-compute*-plugin-agent*-plugin-agent*-plugin-agentnova-apinova-schedulerneutron-serverkeystonemysql,rabbit...VSM/N1000VNetworkNodeNetworkNodeNetworkNodeComputeNodeComputeNodeComputeNodeComputeNodeDataNetworkAPINetworkCloudControllerNodeExternalNetworkInternetAPINetworkistypicallyroutabletoenablepublicaccess26•Enablesfullyautomatedcompute,storageandnetworkControllerNoderesourceorchestration•SupportsinceGrizzlyOpenStackrelease•LeveragesNX-OSNetConf-XMLprogrammaticinterfaceCommunicationwithNeuxsSwitchusingNetconfOpenStackNeutronServerCiscoNexusPluginNexusInterfaceDriverOVSPluginVLAN100eth0eth0VLAN200eth0VLAN100eth0VLAN200Communicationwithpluginagentsonhostsbr-eth0br-eth0br-eth0br-intTenantA–VLAN100VM210.0.0.4br-eth0br-intTenantB–VLAN200VM210.0.1.4br-intTenantA–VLAN100VM110.0.0.3br-intTenantB–VLAN200VM110.0.1.3Host1Host2Host3Host427DCNM(CPoM)ConfigurationProfiles①Segment-ID,IPinformation(GWY,Mask,Org,etc)OrchestratorLogicalOrgNetworkOrchestrationConfigurationQuerytheDCNMDownloadNetworkDB(Segment-IDaskey)③Segment-IDfromVLANtheIDtothevSwitchN1KV/OVSVDPControl