CCNA17 CloudStack and NFV

The Cloud Specialists
NFV & CloudStack
ShapeBlue.com • @ShapeBlue
Paul Angus, VP Technology • @CloudyAngus
paul.angus@shapeblue.com
A n i n t r o d u c t i o n t o

ShapeBlue.com @ShapeBlue
“ShapeBlue are expert builders of public
& private clouds. They are the leading
independent global CloudStack services
company”
A b o u t S h a p e B l u e

C l i c k t o e d i t
Paul Angus – VP Technology
• Global authority on CloudStack & cloud infrastructure design.
• 15+ years C-Level experience.
• Apache CloudStack project committer & PMC member
• Specialising in deployment of CloudStack
and surrounding infrastructure especially the user story
• USP, Georgian Ministry of Justice, Orange, TomTom,
PaddyPower, Ascenty, BSkyB, SAP, British Telecom
A b o u t m e

The Cloud Specialists ShapeBlue.com @ShapeBlue
S h a p e B l u e c u s t o m e r s

• What is NFV ?
• What CloudStack can do in the NFV Space
• What CloudStack can’t do (yet)
• What CloudStack might do
O v e r v i e w

What is NFV Anyway?
(The Emperor's New Clothes)

Network
Functions
Virtualization
Taking a network function (like routing or firewalling or
a VPN) and creating a virtualised appliance to do it.
W h a t i s N F V ?

Sounds like the CloudStack
Virtual Router !?
Yes. It does.
(See. It’s not so complicated)
W h a t i s N F V ?

vFirewall
• Cisco® Adaptive Security Virtual Appliance (ASAv)
• Juniper® vSRX
• BigIP® Virtual Firewall (vFW)
vRouter
• Cisco®Integrated Services Virtual Router (ISRv)
• Juniper® vMX
• Brocade® 5600 vRouter (Formerly Vyatta)
W h a t i s N F V ?

WAN Acceleration
• Cisco® vWAAS (wide-area-application-services)
• Riverbed® SteelHead CX
Application Delivery Controllers
• Citrix® NetScaler VPX
• Virtual Application Delivery Controllers (vADC)
• A10 vThunder ADC
W h a t i s N F V ?

BIG-IP VNFs
• Virtual Policy Manager (vPEM)
• Virtual DNS (vDNS)
F5
• Virtual Diameter Routing Agent (vDRA)
• Virtual Diameter Edge Agent (vDEA)
W h a t i s N F V ?

Other types:
• Brocade vEPC
(Evolved Packet Core - Mobile Comms)
• vIPS
• vThunder CGN gateways
• vWebSecurity
W h a t i s N F V ?

So what’s the big deal?
A few orchestration layers are required to create the
virtual instances, plumb them into a network and
configure them.
There quite a few combinations and permutations to
deal with.
(+ if it weren’t complicated, vendors couldn’t charge through the nose for it – cynical much?)
W h a t i s N F V ?

How complicated is it then?
ETSI (European Telecommunications Standards
Institute) have a special interest group specifically to
try to standardise it all.
W h a t i s N F V ?

W h a t i s N F V ?
ETSI NFV Reference
Architecture

VNF - Virtualized Network
Function
(i.e vRouter or vFirewall)
Just a Virtual Instance

W h a t i s N F V ?
EM – Element Manager Service
Provides a standardized
interface to a given VNF to
manage internals

W h a t i s N F V ?
VNF Manager
Manages the internal working of the
VNF instances, pushes configuration
and ensures availability and
performance

W h a t i s N F V ?
Virtualised Infrastructure Manager
Orchestrates Virtual Infrastructure
to create VNF instances and
‘plumb’ them in

W h a t i s N F V ?
NFV Infrastructure
The virtualisation hardware;
compute, storage networking etc

W h a t i s N F V ?
So, about that VR then?

W h a t i s N F V ?
Comparing the NFV
Model with Virtual
Router elements

W h a t i s N F V ?
Virtual Infrastructure
Cloud-
Stack
Kernel
Business Logic
VR1
VR Network Service Mgr Adapter
Comparing the NFV Model
with Virtual Router
elements

To Sum Up
(this part, that’s not the
whole presentation)

C l o u d S t a c k & N F V
The VNF is just a guest instance, which
has a second layer of orchestration
applied to it.

VM
Virtual Infrastructure ACS
This is our bread and butter.

NFV – what’s it FOR
(use cases)

• Users want to be able to be able to recreate
‘enterprise’ topologies in the virtual (cloud) space
• SPs and MSPs want their customers to be able to do
the above and want to be able to sell them the
appliances.

N F V To p o l o g i e s
Recreating ‘Traditional’
Enterprise topologies

‘Specific’ use cases

CloudStack’s Shortfalls
• No way to add a layer 2 network (ie network with no IP
requirements)
• No way to have a range of public IPs presented to the guest
networks without explicit mapping
• VR is a ‘proprietary’ case of NFV
• No way to put ‘alternative’ VRs or Network Appliances in the
guest networks

CloudStack & NFV
(Drumroll plleeease)

• New concept of Topologies
• New concept of Enterprise Topologies
• New VR type ‘Enterprise Topology VR’
• New Network Types
• Layer 2
• Simple User
• UI enhancement to give graphical network building

Topologies
• Isolated/shared
Individual guest networks
• VPC
Contains multiple VPC tiers (neworks)
• Enterprise
Contains multiple ‘simple user’ or ‘Layer2’ networks

Enterprise Topology
Virtual Router
• A simplified (and hidden) VR to pass ALL
designated 'public' IP data through to a hand
off. What happens after this, is the 'users'
problem.
• Pass 'public' traffic to/from the hand-off as
fast as possible (no other services)
• Ensure that a user cannot use a public IP
that has not been assigned to the topology
Public Network
Hand-off
ETVR
Core Router
123.123.123.254/ 24

Enterprise Topology
Hand-off
• Users can create a device, who's outside face is
on an IP between 123.123.123.56 –
123.123.123.62 with a gateway of
123.123.123.254
• No other source IPs will be allowed to pass traffic
• User device eth0:
IPADDR=123.123.123.56
GATEWAY=123.123.123.254
NETMASK=255.255.255.0
• Core router requires route info – groundwork laid
by OSPF work.
Public Network
ETVR
Only traffic from allowed ranges through
Core Router
123.123.123.254/ 24
User Device
LikelyWANAccelerator or vRouter
Gateway: 123.123.123.254
Allowed Ips: 123.123.123.56 –
Netmask: 255.255.255.0
Hand-off

New Network Types
• Layer 2
A new network type that is a pure layer 2 network. It would have a VLAN (assigned by CloudStack), but no
IP addresses assigned to it and no services.
And hence doesn't require VR or IP addresses (DNS/DHCP to be handled 'externally')
Allows ‘service chaining’ and ‘Enterprise Networks’ using say, Active Directory or IPAM.
• Simple User
A network where a user can define the IP address properties, but VLANs are orchestrated by CloudStack.
CloudStack provides DNS and DHCP, but VR in not in-path – a self-service shared network.
A user would likely define the gateway of the network as the vRouter that they created.
*VLAN == any supported isolation method

• User creates endpoints
and networks which
join them.
CloudStack creates
VLANs but applies no
layer 3 restrictions
Public Network
Hand-off:
Gateway: 123.123.123.254
Allowed Ips: 123.123.123.56 –
Netmask: 255.255.255.255
ETVR
Onlytraffic from allowed ranges through
Core Router
123.123.123.254/ 24
User Instance
WAN Accelerator
L2 Network
User Instance
vRouter/ Firewall/ VPN
L2 Network
User Instance
VM
User Instance
VM
User Instance
VM: AD + DHCP+ DNS
L2 Network
User Instance
Web server
DMZ

• Simple services
Network which
provides CloudStack
controlled IP
addressing.
IP space and gateway
defined by the user
Public Network
Gateway: 123.123.123.254
Allowed Ips: 123.123.123.56 –
Netmask: 255.255.255.0
ETVR
Onlytraffic from allowed ranges through
Core Router
123.123.123.254/ 24
User Instance
WAN Accelerator
Simple User Network
User Instance
vRouter/ Firewall/ VPN
L2 Network
CloudStack VR
DHCP+DNS
Hand-off

N e t w o r k
V i s u a l i s a t i o n
- CloudStack equivalent of
‘Forwarding Graph’

N e t w o r k
d e v i c e s v i e w
- New ‘Devices’ view

A d d n e t wo r k d e v i c e t o a c c o u n t

Phase 2

M u l t i p l e V N F
a p p l i a n c e s
- CloudStack equivalent of
‘Forwarding Graph’

N e t w o r k
d e v i c e
s e t t i n g s
- Configuration through
CloudStack UI or appliances’
console

V F N
C o n f i g u r a t i o n
- Option of configuration
through appliances’ native
UI or
Simplified configuration
through CloudStack option

N e t w o r k
p r o v i d e r s
- Add VNF appliances as
network providers

U n d e r l y i n g
t o p o l o g y
Network System VM
Ethernet
Ethernet
Ethernet
Contain
erised
VR
Contain
erised
VR
DNS & DHCP
ala Shared Network
– Gateway on VNF3
Mgmt Network
[Access to VRs
and VNFM(s)]
Public Network
- User configuration via VNF
Mgmt Network only
VNFMgmt Network
Service Chaining Links
(L2 networks)
Service Chaining Links
(L2 networks)
Contain
erised
VR
Container
ised
VNFM(s)
Contain
erised
VR
Container
ised
EM(s)
VNF2 (ie Router)
VNF3 (ie Firewall)
VNF1 (ie WAN ACCELERATION)

H i g h l e v e l p r o c e s s
User adds
appliance(s) to
their account
Operator adds
(VNF) appliance
types to the cloud
User inserts
appliance(s) into
their networks
CloudStack
creates ‘network
system VM’
CloudStack
deploys appliance
in network from
‘VM’ template
User configures
VNF appliance
CloudStack sets base
config of VNF appliance
through VNFM or API
translator
CloudStack
creates L2
networjs
APPLIANCE
‘Direct’ HTTP(s) proxied
through Network System
VM
Direct console
access on appliance
via Console Proxy
Simple configuration ‘in’
CloudStack via API translator
on Network System VM
Simple configuration ‘in’
CloudStack via VNFM on
Network System VM

Device Integration Options
• Console Proxy access to VNF appliance console
• User http(s) connection to device mgmt. port (via containerised
mgmt. VR in network management VM)
• CloudStack management server to containerised VNFM/EM (in
network system VM). [utilising ETSI standards] Simple command
set
• ‘ad-hoc’ API translator (Simple command set to VNF appliance
native API). [where ETSI standards not available]
M a n a g e m e n t p l a n e c o m m u n i c a t i o n s

• Layer 2 networks (service chaining)
• External network device (appliances) abstractions
• Containerised VRs
• Containerised VNFMs & EMs
• Forwarding graph translation (CloudStack <-> ETSI standard)
• ‘Network (management)’ System VM
• UI
E l e m e n t s

Further Enhancements
• Support for VNF fabrics
• Support for auto-scaling
• Support for auto-healing
P h a s e 3

?

CCNA17 CloudStack and NFV

More Related Content

What's hot (20)

Similar to CCNA17 CloudStack and NFV (20)

More from ShapeBlue (20)

Recently uploaded (20)

CCNA17 CloudStack and NFV

Editor's Notes