Cisco Defined Openstack

김형수부장 / hyungsok@cisco.com

Cisco Systems Korea

5th Feb 2015

Cisco Confidential 2

© 2014 Cisco and/or its affiliates. All rights reserved.

• Openstack @ Cisco

• Solutions for Openstack

• Group Based Policy with Openstack

• Demo

Contents

• OpenStack Foundation 골드멤버

• 50명이상의개발자가 Neutron, Nova, Horizon, Cinder, Ceilometer컴포넌트에서적극적으로활동

• 70여개이상의 Blueprints 제안

• Advanced work in:

• Neutron plugins: Nexus, ACI, Open Daylight,

• IPv6, NFV, ML2, SRIOV

• Group Based Policy

• Intelligent Solver Scheduler

• Kolla containers

Cisco’s Commitment and Contributions

Juno: Neutron LOCS

Cisco Confidential 4

© 2014 Cisco and/or its affiliates. All rights reserved.

• Cisco 서비스 (external)

• WebEx

• Project Squared

• Cisco IT 서비스 (internal)

• Cisco Cloud Service

• Cisco 제품에포함된 Openstack

• Cisco Modeling Lab

• APIC Enterprise Module

Cisco’s Openstack use cases

OpenStack Solutions for Cisco Unified Systems

새로운제품 : Cisco UCS Integrated Infrastructure for Red Hat OpenStack Platform

(UCSO 혹은 UCS Openstack)

• Starter

• Advanced

• Advanced ACI얻을수 있는 이점

• 빠른 Openstack 배포

• UCS를통한투자비절약

• 검증된디자인을통한위험감소

• 인터클라우드를 위한준비된환경제공

• 정책기반관리기능(ACI)

www.cisco.com/go/ucsopenstack

Starter Edition, Functional Architecture

Red Hat

Cisco

OpenStack Cloud APIs

Inkta

nk C

ep

h(B

lock S

tora

ge

)Nova(Computing)

Hypervisor(KVM)

Neu

tro

n(N

etw

ork

ing)

Hea

t(O

rch

estr

atio

n)

Ceilo

me

ter

(Te

lem

etr

y)

Cin

de

r(V

olu

me

s)

Ke

ysto

ne

(Id

en

tity

)

Red Hat OpenStack Dashboard (Horizon)

Gla

nce

(Im

age

)

하드웨어인프라 : Cisco UCS C-Series, Cisco UCS Fabric Interconnects,and Cisco Nexus 9000 Series

운영체제 : Red Hat Enterprise Linux 7.0

Hardware Components

제품 설명 Qyt 기능

N9K-C9396PX Cisco Nexus 9396 in

Cisco NX-OS mode

1 L2/L3 TOR스위치

UCS-C220-M3S Cisco UCS C220 랙서버

2 관리노드및네트웍노드

UCS-C220-M3S Cisco UCS C220 랙서버

4 VM을위한컴퓨터노드

UCS-C240-M3S Cisco UCS C240 랙서버

3 Ceph스토리지서버

UCS-FI-6296 Cisco UCS fabric

interconnects, 96-port

model

2 UCS랙서버를위한집중화된관리기능과배포기능을제공함

8

© 2014 Cisco and/or its affiliates. All rights reserved.

• Automation을간단하게하자!

• 의도를선언적으로표현 ( Puppet, Chef 와유사 )

• 정책 : 금연, 주차금지, 서비스제공계약서

Group Based Policy

Group A Policy C Group B제공사용

멤버 멤버

Use Case: 3-Tier App

어플리케이션서버웹서버

어플리케이션DB

사용자DB

결제서비스

모니터링서비스

모니터링서비스v2

기존응용프로그램

외부네트웍

금융 방화벅

로드밸런서방화벽

Group Based Policy Model

Group: 동일한 end point 집합. 보통하나의어플리케이션역할

Policy Rules Set: Classifier와Action들의조합으로 Group이어떻게통신하는지정의

Policy Classifier: 트래픽필터(프로토콜, 포트, 방향)

Policy Action: 조건에맞을때수행하게될행위 ( 허용, 리다이렉트,

복사 )

Service Chains: Group간에연결된네트웍서비스

L2 Policy: L2 스위치범위에서의규정/정책

L3 Policy: L2 Policy나 subnet을포함하는분리된 L3 주소에서적용되는규정/정책

L3 Policy

Policy

Rules Set

Policy Rule

Policy Rule

Service Chain

Classifier Action

Classifier Action

L2 Policy

Group

Policy

Target

Policy

Group

Policy

Target

L2 Policy

provide consume

Node Node

GBP 적용: 3-Tier App

어플리케이션서버

앱서버룰셋

웹서버

웹서버룰셋

어플리케이션DB

앱 DB 룰셋

사용자DB

사용자 DB 룰셋

결제서비스

결제룰셋

모니터링서비스

모니터링룰셋

모니터링서비스v2

기존어플리케이션

외부그룹

금융 서비스 체인

로드밸런서방화벽

GBP가네트웍서비스를

체인으로표현

제공/사용 사용/

제공

사용

Cisco’s Group Based Policy Implementation

ACI 패브릭

Non-Blocking Penalty Free Overlay

App DBWeb

외부(Tenant VRF)

QoS

Filter

QoS

Service

QoS

Filter

Application

Policy

Infrastructure

Controller

APIC

ADCAPP DBF/W

ADCWEB

연결정책보안정책

QOS

대역폭가용성

스토리지컴퓨팅

APP

L4-L7

서비스

SLA

QoS

보안

L4 – L7APPLICATION

NETWORK PROFILE

Extensible Scripting Model

HYPERVISORHYPERVISOR HYPERVISOR

APIC

Cisco APIC - Policy Based Operation

Contract Contract Contract

DBAPPWEBADC

F/W

ADC

Group Policy

OVS Driver

Neutron

Networking

APIC Group Driver

W

ebW

eb

W

eb

W

eb

A

pp

A

ppD

BD

B

HYPERVISOR HYPERVISOR HYPERVISOR

• Openstack Neutron 통한 Policy

API 확장

• Policy API는 Cisco APIC과연동

• 기본 Nexus Plugin 호환성제공

• Juno 버전에서사용가능

• Horizon 내 Group Policy 메뉴추가

GBP with APICAPIC Driver (ML2)

https://wiki.openstack.org/wiki/GroupBasedPolicy/InstallCiscoACI

APIC Integration Live Demo