Transcript VMware Philosophy on OpenStack

Under the Hood: Network Virtualization with
OpenStack Neutron and VMware NSX
+
+
Somik Behera – NSX Product Manager
Dimitri Desmidt - NSX Senior Technical Product Manager
Agenda
Slide 2
‣
Intro – VMware philosophy on OpenStack (2 minutes)
‣
Why Neutron + NSX VMware Plugin (20minutes)
‣
Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX
VMware Plugin" (10 minutes)
‣
Q&A (10 minutes)
Agenda
Slide 3
‣
Intro – VMware philosophy on OpenStack (2 minutes)
‣
Why Neutron + NSX VMware Plugin (20 minutes)
‣
Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX
VMware Plugin" (10 minutes)
‣
Q&A (10 minutes)
VMware Philosophy on OpenStack
OpenStack
The Foundation for IT: Software Defined Datacenter
•
•
Virtual Workspace
Manage access to services, applications and data for any
device
Private
Clouds
•
An open framework for building clouds
Assembles a solution from underlying
Compute, Network, Storage components.
Can be managed and automated using
many solutions.
Public Clouds
Hybrid Cloud
Seamlessly extend your data center to the public cloud
Software-Defined Data Center
Customer Choice
•
•
VMware supports Customer choice.
Our support for OpenStack enables choice
Virtualize the entire data center
Management and Automation
Storage and
Availability
Compute
Network and
Security
An Opportunity for VMware SDDC
•
•
4
VMware SDDC provides best-in-class
Compute, Network, Storage & management
solutions for OpenStack.
We view OpenStack as an opportunity for
VMware SDDC portfolio.
VMware Technologies and OpenStack
Tenant-Side
Horizon
( Web Portal )
Nova
(Compute)
vSphere &
vCenter
CLI Tools & Scripts
(DevOps Automation)
Neutron
(Network)
Cinder
(Block Storage)
NSX
vSAN
Cloud Operator Tools
(vCenter, vCOPs, Log Insight etc.)
OpenStack or 3rd Party Component
VMware Component
5
vCAC
Application Director
Glance
(Image Store)
vCenter
(Image Catalog)
Third Party Operator tools
(Puppet/Chef, scripts, nagios...)
Operator-Side
Benefits of
OpenStack API &
Ecosystem
Choice of best-inclass virtualization &
management
technologies
Agenda
Slide 6
‣
Intro – VMware philosophy on OpenStack (2 minutes)
‣
Why Neutron + NSX VMware Plugin (20 minutes)
‣
Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX
VMware Plugin" (10 minutes)
‣
Q&A (10 minutes)
OpenStack main projects
Dashboard
(horizon)
Network
(Neutron)
Provides UI
for other projects
Provides
network
connectivity
Compute
(nova)
Provides
Images
Provides
volumes
Block
Storage
(cinder)
Provides Authentication and
Service Catalog for other
Projects
Identity
(keystone)
Slide 7
Image
repo
(glance)
Stores
Images
as
Objects
Object
Storage
(Swift)
Why Neutron + NSX VMware Plugin
Slide 8
‣
OpenStack Networking before Neutron
‣
Why people use OpenStack with Neutron?
‣
Why people use OpenStack with Neutron + NSX
VMware Plugin?
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
 Nova-network is still present today, and can be used instead of Neutron
 Points to keep in mind:

Slide 9
Limited Network Topologies supported

Only Flat,

Flat DHCP

and VLAN DHCP
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
 Nova-network is still present today, and can be used instead of Neutron
 Points to keep in mind:

Slide 10
Limited Network Topologies supported

Only Flat,

Flat DHCP

and VLAN DHCP

No 3-tier Network topology supported
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
 Nova-network is still present today, and can be used instead of Neutron
 Points to keep in mind:

Limited Network Topologies supported

Limited Scale and Network Services supported


Scale

L2 (using VLAN), DHCP&DNS (using dnsmask), Security (using IPtables on hypervisors)

IP address management (using SQL DB table)
Limited Network Services

Slide 11
No self-tenant L3, no Load Balancer, no VPN.
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
 Nova-network is still present today, and can be used instead of Neutron
 Points to keep in mind:

Limited Network Topologies supported

Limited Network Services supported

No integration with 3rd party Network solutions

Slide 12
No ability to use 3rd parties to overcome the limitations of nova-network
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
 Nova-network is still present today, and can be used instead of Neutron
 Points to keep in mind:
Slide 13

Limited Network Topologies supported

Limited Network Services supported

No integration with 3rd party Network solutions

Complex/Limited HA and management/monitoring
Why Neutron + NSX VMware Plugin
Slide 14
‣
OpenStack Networking before Neutron
‣
Why people use OpenStack with Neutron?
‣
Why people use OpenStack with Neutron + NSX
VMware Plugin?
Why people use OpenStack with Neutron?
• Neutron improves nova-network in multiple areas
• Larger number of Network Topologies and services supported
Slide 15
•
L3: Self-Tenant provisioning
•
Security (ingress + egress rules support)
•
LBaSS
•
VPNaSS (coming)
Why people use OpenStack with Neutron?
• Neutron improves nova-network in multiple areas
• Larger number of Network Topologies and services supported
•
L3: Self-Tenant provisioning
•
Security (ingress + egress rules support)
•
LBaSS
•
VPNaSS (coming)
• Supports overlay
•
VM
Remove the VLAN limitation (using overlay with GRE)
VM
Hypervisor
Any L2/L3
Fabric
Slide 16
VM
VM
Hypervisor1-IP@ 
Hypervisor2-IP@
[GRE VM1-IP@  VM2IP@]
VM
VM
VM
VM
VM
VM
VM1-IP@ 
VM2-IP@
VM
Why people use OpenStack with Neutron?
• Neutron improves over nova-network in multiple areas
• Larger number of Network Topologies and services supported
•
L3: Self-Tenant provisioning
•
Security (ingress + egress rules support)
•
LBaSS
•
VPNaSS (coming)
• Supports overlay
•
Remove the VLAN limitation (using overlay with GRE)
• Open Solution
•
Slide 17
Open to 3rd party solution:
•
VMware NSX Plugin (Nicira Plugin)
•
LinuxBridge Plugin
•
OVS Plugin
•
Cisco UCS / Nexus 5000 Plugin
•
NEC Ryu Plugin
•
etc
Why Neutron + NSX VMware Plugin
Slide 18
‣
OpenStack Networking before Neutron
‣
Why people use OpenStack with Neutron?
‣
Why people use OpenStack with Neutron + NSX
VMware Plugin?
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale
•
Very high scale (thanks to the distribution "active/active" of the Control elements)
Per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
Active/
Active
NSX
Controller
Cluster
VM VM VM
Hypervisor
Any L2/L3
Fabric
Slide 19
VM VM VM
VM VM VM
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale
•
Very high scale (thanks to the distribution "active/active" of the Control elements)
Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
•
Very high throughput (thanks to the encapsulation off-loaded on the NIC)
Per hypervisor: 20Gbps (with 2x10Gbps NIC bonding)
NSX
Controller
Cluster
VM
VM
Hypervisor
Any L2/L3
Fabric
Slide 20
VM
VM
20Gbps
bi-directional
VM
VM
VM
VM
VM
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale
•
Very high scale (thanks to the distribution "active/active" of the Control elements)
Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
•
Very high throughput (thanks to the distribution "active/active" of the NVP Network Elements)
Per NVP Gateway: 10Gbps++
Physical Layer
NSX
Controller
Cluster
VM VM VM
Hypervisor
Slide 21
Any
L2/L3
Fabric
Active/
Active
VM VM VM
10Gbps++
bi-directional
per NVP-GW
NSX
L2/L3Gateway
NSX
L2/L3Gateway
NSX
L2/L3Gateway
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale
•
Very high scale (thanks to the distribution "active/active" of the Control elements)
Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
•
Very high throughput (thanks to the encapsulation off-loaded on the NIC)
Today per hypervisor: 20Gbps (with 2x10Gbps NIC bonding)
•
Optimized traffic (thanks to the distribution of L3 and Security)
A world without NSX
Web
App
Hypervisor
DB
Web
Hypervisor
x86 Server
DC Fabric
Neutron Router
on Neutron
Server
Slide 22
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale
•
Very high scale (thanks to the distribution "active/active" of the Control elements)
Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
•
Very high throughput (thanks to the encapsulation off-loaded on the NIC)
Today per hypervisor: 20Gbps (with 2x10Gbps NIC bonding)
•
Optimized traffic (thanks to the distribution of L3 and Security)
A world with NSX
Web
App
Hypervisor
DB
Web
Hypervisor
x86 Server
DC Fabric
NSX "North/South" Router
Slide 23
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
•
High-Availability of the Network Services is offered by design "for the management"
Management Layer
NSX
Controller
Cluster
Active/
Active
VM VM VM
Hypervisor
Any L2/L3
Fabric
Slide 24
VM VM VM
VM VM VM
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
•
High-Availability of the Network Services is offered by design "for the transport" with stateful
failover for L3 and NAT
Physical Layer
NSX
Controller
Cluster
VM VM VM
Hypervisor
Slide 25
Any
L2/L3
Fabric
Active/
Active
VM VM VM
VM VM VM
NSX
L2/L3Gateway
NSX
L2/L3Gateway
NSX
L2/L3Gateway
802.1q
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
Slide 26
•
High-Availability of the Network Services is offered by design on both management + transport
•
Management and Monitoring tools (statistics, port monitoring, port mirroring, connection tool, seamless
upgrade, etc)
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
•
L3 with static routing
172.16.1.0/24
192.168.10.0/24
Default GW: 10.20.2.1
Default GW: 10.20.2.1
192.168.1.0/24
next-hop
10.20.2.2
Default
GW: 10.20.2.1
192.168.1.0/24
next-hop
10.20.2.2
172.16.1.0/24 action blackhole
.2
Logical
Networks
.1
.11
.12
LS-1A
VM
Slide 27
10.20.2.0/24
LS-2A
LS-1B
VM
VM
VM
VM
VM
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
•
L3 with static routing
•
L2 "logical-physical"
Physical Layer
NSX
Controller
Cluster
VM VM VM
Hypervisor
Slide 28
Any
L2/L3
Fabric
VM VM VM
VM VM VM
NSX
L2/L3Gateway
NSX
L2/L3Gateway
NSX
L2/L3Gateway
802.1q
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
•
L3 with static routing
•
L2 "logical-physical"
•
ACL
Security Groups
applied here
.1
ACL applied here
Logical
Networks
.11
VLAN 10
.12
LS-1A
VM
Slide 29
10.20.2.0/24
VM
LS-2A
LS-1B
VM
VM
VM
VM
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
•
L3 with static routing
•
L2 "logical-physical"
•
ACL
•
QoS
Tenant A
TA
VM1
VM
VM
Hypervisor
Any L2/L3
Fabric
Slide 30
VM
Tenant B
TA
VM2
Logical Switch A
DSCP marking for QoS
on the physical fabric
TB
VM1
VM
VM
TB
VM2
VMLogical Switch
VM B VM
VM
GOLD traffic
VM
VM
Why people use OpenStack with
Neutron + NSX VMware Plugin?
• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
•
L3 with static routing
•
L2 "logical-physical"
•
ACL
•
QoS
•
Optimization of Broadcast/Multicast traffic
VM VM VM
Hypervisor
Any L2/L3
Fabric
Slide 31
VM VM VM
VM VM VM
Agenda
Slide 32
‣
Intro – VMware philosophy on OpenStack (2 minutes)
‣
Why Neutron + NSX VMware Plugin (20 minutes)
‣
Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX
VMware Plugin" (10 minutes)
‣
Q&A (10 minutes)
Demo1
• Demonstrate:
• 2 Tiers-Architecture with "logical/physical" communication L3 and L2
• Mix of KVM and ESXi hypervisors
Slide 33
Demo2
• Demonstrate:
• VMotion
• Port-Mirroring
• Failure of NVP-L3-GW
Slide 34
Demo3
• Demonstrate:
• How to build a 2-tier architecture
Slide 35
Agenda
Slide 36
‣
Intro – VMware philosophy on OpenStack (2 minutes)
‣
Why Neutron + NSX VMware Plugin (20 minutes)
‣
Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX
VMware Plugin" (10 minutes)
‣
Q&A (10 minutes)
Recap: Why OpenStack on VMware NSX
• VMware believes in enabling customer
choice.
• Nicira/VMware was among the founders
of Neutron project.
• VMware NSX with OpenStack is used
by leading Enterprises & Service
Providers.
NSX
Slide 37
• VMware NSX with OpenStack is
supported by many OpenStack
ecosystem companies.
Select OpenStack & VMware NSX customers
Public Clouds
Slide 38
Enterprise Private Clouds