Optimising nfv service chains on open stack using docker
Download as PPTX, PDF2 likes1,227 views
The document discusses optimizing Network Function Virtualization (NFV) service chains on OpenStack using Docker, explaining how Docker containers provide better resource utilization and faster provisioning. It addresses advantages and challenges associated with Docker, such as security and performance issues, and details the integration of Software Defined Networking (SDN), NFV, and Service Function Chaining (SFC). The document also outlines design proposals for integrating Docker with OpenStack to improve network function deployments and service automation.
Optimising nfv service chains on open stack using docker
- 1. Optimizing NFV Service Chains on OpenStack using Docker Meenakshi Sundaram Lakshmanan, Rahul Krishna Upadhyaya, CB Ananth Padmanabhan, Satya Routray. 28 Apr 2016
- 2. Docker – What is it ? Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server. This guarantees that it will always run the same, regardless of the environment it is running in.
- 3. Docker Instance vs Virtual Machine
- 4. • Better utilization of resources, hence higher density of workloads. • Hyper-call overhead is reduced since there is no hypervisor layer. With SR-IOV/DPDK near metal perf • Faster provisioning and easier Devops, easy to replicate, share. Advantages Challenges • Docker had issues with mutli-host networking. Solved using overlay since Docker Version 1.9. • Docker has security related challenges. VM generally termed as more secure given the isolation. • Performance of network functions. Many of which have been addressed with DPDK/SR- IOV with some trade-offs Docker Instance vs Virtual Machine
- 5. • They are network appliances other than switches and routers. • Deployed for increasing security and performance • Very effective solution for ServiceAssurance, Traffic Analysis, Traffic filtering etc., Drawbacks • Hardware middle boxes are difficult to manage • Difficult to scale on demand • Virtual middle boxes (NFV) need an orchestrator to provision them • In a public cloud environment, placement of virtual components may not be always under control Middle Boxes
- 6. SDN (Software Defined Networking) : It is an approach to computer networking that allows network administrators to manage network services through abstraction of higher-level functionality. NFV (Network Function Virtualization) : It is a network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create communication services. SFC (Service Function Chaining) : It consists of a set of network functions, such as firewalls or application delivery controllers (ADCs) that are interconnected through the network to support an application. SDN, NFV and SFC
- 7. • SDN and NFV solve independent problems, and are even more effective when they work together. • They simplify the service chaining process by reducing the number of devices a data packet needs to travel through • Answers the questions of ‘who controls what’ from ‘what runs where’ • Allows a Service Provider to create service chains for each type of traffic and provide multitenancy through the cloud infrastructure SDN or NFV?
- 8. Open Networking Foundation As SDN and NFV gained popularity, there was a need to create a standard way for SDN to control Network functions. Hence ONF was formed OpenFlow Widely considered the first SDN standard. Defines a model for how traffic is organized into different flows and how it can be controlled centrally. OpenDayLight An Opensource SDN project hosted by the Linux Foundation, which supports many protocols including the OpenFlow protocol. Offers a complete functional SDN platform without the need for any other component. OPNFV Linux Foundation introduced another platform, Open Platform for NFV, an integrated platform that brings together Enterprises, Service Providers, Cloud & Infrastructure vendors and customers to accelerate innovation & deployment of NFV SDN & NFV today
- 9. • Firewalls • Packet Filters • Virtual Routers – quagga, openwrt • Load Balancers • WAN Optimizers • Intrusion Detection • Virtual CPE Network Functions
- 10. NFV in Container and Docker World • Consistent and quick way of deploying and re-deploying NFVs • Very easy to scale on demand • Low latency • No Hypervisor overload • Presence of established tools to deploy and manage containers • There is lot of work underway in bringing NFV and Containers together
- 11. • Service chaining the network traffic locally. • Having faster, re-useable, dynamic NF deployments with low overhead of NFs to the infrastructure. • Avoiding the loss in performance of the network functions due to virtualization overhead. What are we trying to achieve
- 12. Solution Design – Deployment k Host1 Host2 Host3 OpenStack Controller Nova Neutron Glance Cinder … Service Controller Can make admin calls to OS services Dockerd Dockerd Dockerd Docker Registry KVM KVM KVM VM VM VMVM VMVM VMVM VMVM VMVM A G E N T A G E N T A G E N T SFC SFC SFC SFC SFC SFC Tenant1 Tenant2 Tenant3
- 13. Design – Per Node Docker Daemon OVS Agent Each Host in OS Cloud VM VM VM Docker Network Function Docker Network Function Docker Network Function Service Function Chain KVM Exteranal Communication via Host NIC Configures Controller Connection to SDN Controller (Ex. ODL)
- 14. How it Flows Docker Daemon OVS Agent Each Host in OS Cloud VM VM VM Virtual Firewall Docker Instance vRouter Docker Instance Service Function Chain KVM Exteranal Communication via Host NIC Configures Controller 2 1 3 4 4
- 15. How it Service Chains – Routing between VNFs Switch Match Action local input port: 1, src ip: VM1 output port: 2 local input port: 2, src ip: VM1 output port: 3 local input port: 3, src ip: VM1 output port: 4 OpenVswitch (local) VM1 1 2 3 4 FirewallVRouter Flow Table External Nic Depending upon what the VNF needs to do, different kind of routing models could be used.
- 16. Advantages of the Design High Density – Better utilization of resources. Performance – Near metal performance of network functions by using SR-IOV/DPDK. No hyper-call overhead due to usage of containers as Network Functions. Low Latency – Service chaining completed locally. The packets don’t have to move through lengths of the cloud to get processed. Docker native advantages – Taking advantage of native docker advantages like quicker build/ship model carried forward. Public cloud model– Will work well with clouds deployments where you have no control over placement of infrastructure components.
- 17. Implementation - Areas of Work Running Docker and KVM on the same host machine - Changes on the compute-scheduler - Changes on the OVS agent side (Cleanup) Configuring the OVS - Creating service chains using OVS-OpenFlow Rule Modification - Performance, HA and load-balancing. - Choose the best kind of routing of packets based on type of NFV Docker Daemon Interactions - Creating network function containers on demand. - Tenant based visibility/segregation of the docker containers. - Storing of Stateful docker images for VNFs Implementation of the Controller & Agent.
- 18. Q&A
- 19. OpenStack Summit Austin, Texas 2016