SlideShare a Scribd company logo

VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue

ShapeBlue, profile picture
ShapeBlue

The document discusses the integration and support of Virtualized Network Functions (VNF) in Apache CloudStack 4.19, highlighting its functionalities such as CRUD operations for VNF images/templates and deployment management for VNF appliances. It covers use cases for VNFs, how to build custom VNF images, and the necessary configurations for VNF templates. The future work section indicates ongoing efforts to enhance VNF integration with aims for automation and improved user experience.

Technology
Related topics:
Cloud Computing Insights
1 of 54
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
Most read
14
15
16
17
18
19
20
Most read
21
22
Most read
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
VNF Integration and Support in CloudStack 4.19 CloudStack Collaboration Conference, 23 - 24 November 2023
Who am I ? Wei Zhou Software Architect @ Shapeblue 2012.12 Joined Apache CloudStack community 2013.05 Became an Apache CloudStack committer 2017.03 Became an Apache CloudStack PMC member Email: weizhou@apache.org Github: @weizhouapache
01 Introduction 02 Use cases 03 Build your own VNF images 04 Work with VNF templates 05 Deploy VNF appliances 06 Summary and Future work Contents
01 Introduction Contents CloudStack Collaboration Conference, 23 - 24 November 2023
What are VNF Virtualized network functions (VNF): • Software applications which implement network functions • Run as virtual machines on top of hypervisors • Replace physical network devices and reduce the costs Network function virtualization (NFV) • An architecture to manage VNF images and instances Network Function Virtualization with Apache Cloudstack (Presented by Alex in CCC 2021 ) https://events.hubilo.com/cloudstack-collaboration-conference/session/95229
What network functions can be virtualized ? Including but not limited to • Gateways (Storage, VOIP, etc) • NAT (SNAT, DNAT) • Firewall • Load balancing • DHCP/DNS • VPN • Tunneling (VXLAN, NVGRE, MPLSoUDP, etc) • Security (IDS, IPS) • WAN Acceleration/Optimization • Transparent proxy • ...
Where/How to get VNF images Get from vendors • service providers (Cisco, etc) • hypervisor marketplace (VMware, etc) • cloud providers (Google cloud, Microsoft Azure, etc) • others (ESTI OSM, etc) Build your own VNF images
Get VNF images from vendors Cisco virtual routers
Get VNF images from vendors VMware
Get VNF images from vendors Google Cloud
Get VNF images from vendors
VNF appliance: CloudStack VR Provided features • SourceNat, StaticNat, • Firewall, PortForwarding, LB (Load balancing) • DHCP, DNS, VPN, etc Tightly coupled with Apache CloudStack • No CLI • No WebUI • No API • Lack of some features (OpenVPN, Dynamic routing, Security, etc) • Limited performance Next-Gen Virtual Router (Presented by Rohit in CCC 2021 ) https://events.hubilo.com/cloudstack-collaboration-conference/session/95287
VNF integration in CloudStack 4.19 Requirements (Stage 1) • Support CRUD operations of VNF images/templates • Configurable nics and details for VNF templates • Support deployment and management for VNF appliances • Automatically program network rules for management interfaces of VNF appliances • Display access information for VNF appliances
02 Use cases of VNF Contents CloudStack Collaboration Conference, 23 - 24 November 2023
Use case 1: Silverpeak (HPE Aruba) SD-WAN Connect some small~medium sites/branches
Use case 2: Riverbed WAN Optimization Connect 2 VPCs in separated zones • Each with a full stack 3-tiers application
Use case 3: PFSense Firewall Connect VMs in MGMT, LAN and DMZ
03 Build your own VNF images Contents CloudStack Collaboration Conference, 23 - 24 November 2023
Build your own VNF images Step 0: Choose a Router OS Options: • pfSense • OpnSense • Vyos • MikroTik • Linux distributions (Alpine Linux, Debian, etc) • ...
Build your own VNF images Steps • Register ISO • Deploy VM from ISO • Configure services via VM Console • Create template from VM
Build your own VNF images Step 2: Deploy VM from ISO
Build your own VNF images Step 3: Configure services via VM Console
Build your own VNF images Step 3: Configure services via VM Console
Build our own VNF images Step 3: Configure services via VM Console
Build your own VNF images Step 4: Create template from VM VNF Template is ready for use !
04 Work with VNF templates Contents CloudStack Collaboration Conference, 23 - 24 November 2023
Register VNF templates
Update a regular template to VNF template
Configure VNF templates
Configure VNF template: Add VNF Nic Device ID: • The device ID of the VNF nic. • The device id must be consecutive and start from 0. • The NIC with deviceId=0 will be the default NIC Name Required Management NIC Description
Configure VNF template: Add VNF Detail Options for access methods
Configure VNF templates: example
05 Deploy VNF appliances Contents CloudStack Collaboration Conference, 23 - 24 November 2023
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
Network rules to be applied Network type Network rules Isolated network - Acquire a public IP - Enable static nat - Create firewall rules for ssh/http/https ports shared network with security groups - Create a new security group - Add rules to allow traffic to ssh/http/https ports L2 network, VPC tier, or Shared network without security groups - No rules
Cluster/Pod/Host Boot type and boot mode Userdata SSH key pairs Affinity groups (HA cluster with primary/secondary nodes) NIC multiqueue number and packed virtqueues enabled (KVM only) IO Thread and driver policy (KVM only)
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VM on L2-001 VM on L2-002
Comparison VPC-based solution pfSense-based solution Networks All VPC tiers are in same parent CIDR All network CIDRs are configurable Existing network cannot be added to a VPC Existing network can be attached to VNF appliance Features Source NAT/Static NAT Source NAT / 1:1 Load balancing haproxy (installed by Package Manager) Port forwarding Port forward L2TP VPN / Site-to-Site VPN IPsec / L2TP / OpenVPN Network ACL Firewall rules (ingress/egress) Private gateways (Attach extra NICs to VNF appliance) Static Routes Static Routes (NOT rely on private gateways) DHCP/DNS DHCP/DNS Userdata (Use ConfigDrive) Others: Virtual IP, DNS Forwarder, Dynamic DNS, Dymamic Routing/BGP/OSPF (via FRR), etc
06 Summary and Future work Contents CloudStack Collaboration Conference, 23 - 24 November 2023
Summary Support VNF templates • CRUD operations • configurations Support VNF applicances • CRUD operations • Automatically program network rules for access
Future work Still in the early stage of VNF integration and support Goal: Allow users to use VNF appliances with little manual intervention. • Ideally VNF applicances are configured automatically. • Like auto-configuration on CloudStack Virtual Routers. Challenges • Access layer: SSH, REST api, unix sockets, etc. (TCP proxy or tunnel may be required) • Data model: json, xml, arguments of shell commands, API parameters, etc • Upgrade
Idea: New network offering
Idea: New network
Idea: new framework and plugins plugin framework for VNF plugins • CloudStack Virtual Router • pfSense • VyOS • ......
Acknowledgement Alex Mattioli Jithin Raju Lucian Burlacu Daan Hoogland Thanks for the design, reviews and testing !
Q & A Email: weizhou@apache.org CloudStack Collaboration Conference, 23 - 24 November 2023
Thank you ! Email: weizhou@apache.org CloudStack Collaboration Conference, 23 - 24 November 2023
References Design document on cwiki • https://cwiki.apache.org/confluence/display/CLOUDSTACK/VNF+Appliance+Integration Cisco VNF images • https://www.cisco.com/c/en/us/solutions/service-provider/network-functions- virtualization-nfv/index.html#~virtual-routers • https://www.cisco.com/c/en/us/solutions/service-provider/network-functions- virtualization-nfv/index.html#~featured-vnfs OpenStack tacker • https://docs.openstack.org/tacker/latest/admin/index.html VNF Templates and Appliances • https://docs.cloudstack.apache.org/en/latest/adminguide/networking/vnf_templates_a ppliances.html

More Related Content

PDF
What's Coming in CloudStack 4.19
ShapeBlue
 
PDF
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
ShapeBlue
 
PDF
Volume Encryption In CloudStack
ShapeBlue
 
PDF
Nicolas Vazquez - Open vSwitch with DPDK on CloudStack
ShapeBlue
 
PDF
What's New In Apache CloudStack 4.17
ShapeBlue
 
PDF
VM Autoscaling With CloudStack VR As Network Provider
ShapeBlue
 
PDF
Monitoring in CloudStack
ShapeBlue
 
PDF
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
ShapeBlue
 
What's Coming in CloudStack 4.19
ShapeBlue
 
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
ShapeBlue
 
Volume Encryption In CloudStack
ShapeBlue
 
Nicolas Vazquez - Open vSwitch with DPDK on CloudStack
ShapeBlue
 
What's New In Apache CloudStack 4.17
ShapeBlue
 
VM Autoscaling With CloudStack VR As Network Provider
ShapeBlue
 
Monitoring in CloudStack
ShapeBlue
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
ShapeBlue
 

What's hot (20)

PDF
MinIO January 2020 Briefing
Jonathan Symonds
 
PDF
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Vietnam Open Infrastructure User Group
 
PPTX
Using the KVMhypervisor in CloudStack
ShapeBlue
 
PDF
CloudStack - Top 5 Technical Issues and Troubleshooting
ShapeBlue
 
PPTX
Your 1st Ceph cluster
Mirantis
 
PDF
[2018] 오픈스택 5년 운영의 경험
NHN FORWARD
 
PDF
Velero search & practice 20210609
KAI CHU CHUNG
 
PDF
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
ShapeBlue
 
PDF
Boosting I/O Performance with KVM io_uring
ShapeBlue
 
PDF
OpenStack vs VMware vCloud
Roozbeh Shafiee
 
PDF
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-in
ShapeBlue
 
PDF
Automated CloudStack Deployment
ShapeBlue
 
PDF
[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기
Ian Choi
 
PDF
What CloudStackers Need To Know About LINSTOR/DRBD
ShapeBlue
 
PDF
OpenShift 4 installation
Robert Bohne
 
PDF
Deploying CloudStack with Ceph
ShapeBlue
 
PPTX
OVN 設定サンプル | OVN config example 2015/12/27
Kentaro Ebisawa
 
PDF
Red Hat OpenStack - Open Cloud Infrastructure
Alex Baretto
 
PDF
OpenStackによる、実践オンプレミスクラウド
Masanori Itoh
 
PPTX
Grafana.pptx
Bhushan Rane
 
MinIO January 2020 Briefing
Jonathan Symonds
 
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Vietnam Open Infrastructure User Group
 
Using the KVMhypervisor in CloudStack
ShapeBlue
 
CloudStack - Top 5 Technical Issues and Troubleshooting
ShapeBlue
 
Your 1st Ceph cluster
Mirantis
 
[2018] 오픈스택 5년 운영의 경험
NHN FORWARD
 
Velero search & practice 20210609
KAI CHU CHUNG
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
ShapeBlue
 
Boosting I/O Performance with KVM io_uring
ShapeBlue
 
OpenStack vs VMware vCloud
Roozbeh Shafiee
 
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-in
ShapeBlue
 
Automated CloudStack Deployment
ShapeBlue
 
[OpenStack] 공개 소프트웨어 오픈스택 입문 & 파헤치기
Ian Choi
 
What CloudStackers Need To Know About LINSTOR/DRBD
ShapeBlue
 
OpenShift 4 installation
Robert Bohne
 
Deploying CloudStack with Ceph
ShapeBlue
 
OVN 設定サンプル | OVN config example 2015/12/27
Kentaro Ebisawa
 
Red Hat OpenStack - Open Cloud Infrastructure
Alex Baretto
 
OpenStackによる、実践オンプレミスクラウド
Masanori Itoh
 
Grafana.pptx
Bhushan Rane
 
Ad

Similar to VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue (20)

PDF
New Networking Capabilities In ACS And How To Leverage Them For VNF Deployments
ShapeBlue
 
PDF
Apache CloudStack 101 - Introduction, What’s New and What’s Coming
ShapeBlue
 
PDF
Sicurezza integrate nella tua piattaforma Cloud-Native con VMware NSX (Pivota...
VMware Tanzu
 
PDF
OpenStack Paris Meetup on Nfv 2014/10/07
Nicolas (Nick) Barcet
 
PPTX
Whats New in Apache CloudStack Version 4.5
ShapeBlue
 
PDF
What’s New and What’s Upcoming in Apache CloudStack, Giles Sirett, ShapeBlue
ShapeBlue
 
PDF
Open stack networking_101_update_2014-os-meetups
yfauser
 
PPTX
OpenStack Networking and Automation
Adam Johnson
 
PDF
Network Function Virtualization (NFV) BoF
APNIC
 
PDF
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld
 
PPTX
VIO30 Technical Overview
Julienne Pham
 
PDF
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud
 
PPTX
Self service it with v realizeautomation and nsx
solarisyougood
 
PPTX
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
mestery
 
PPTX
VMUGbe 21 Filip Verloy
Filip Verloy
 
PPTX
Optimising nfv service chains on open stack using docker
Rahul Krishna Upadhyaya
 
PPTX
Reston Virtualization Group 9-18-2014
VMwareJenn
 
PPTX
Modern Networking Unit 3 Network Function virtualization
eticket4403
 
PPTX
Optimising nfv service chains on open stack using docker
Satya Sanjibani Routray
 
PPTX
Optimising nfv service chains on open stack using docker
Ananth Padmanabhan
 
New Networking Capabilities In ACS And How To Leverage Them For VNF Deployments
ShapeBlue
 
Apache CloudStack 101 - Introduction, What’s New and What’s Coming
ShapeBlue
 
Sicurezza integrate nella tua piattaforma Cloud-Native con VMware NSX (Pivota...
VMware Tanzu
 
OpenStack Paris Meetup on Nfv 2014/10/07
Nicolas (Nick) Barcet
 
Whats New in Apache CloudStack Version 4.5
ShapeBlue
 
What’s New and What’s Upcoming in Apache CloudStack, Giles Sirett, ShapeBlue
ShapeBlue
 
Open stack networking_101_update_2014-os-meetups
yfauser
 
OpenStack Networking and Automation
Adam Johnson
 
Network Function Virtualization (NFV) BoF
APNIC
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld
 
VIO30 Technical Overview
Julienne Pham
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud
 
Self service it with v realizeautomation and nsx
solarisyougood
 
OpenStack and OpenDaylight Workshop: ONUG Spring 2014
mestery
 
VMUGbe 21 Filip Verloy
Filip Verloy
 
Optimising nfv service chains on open stack using docker
Rahul Krishna Upadhyaya
 
Reston Virtualization Group 9-18-2014
VMwareJenn
 
Modern Networking Unit 3 Network Function virtualization
eticket4403
 
Optimising nfv service chains on open stack using docker
Satya Sanjibani Routray
 
Optimising nfv service chains on open stack using docker
Ananth Padmanabhan
 
Ad

More from ShapeBlue (20)

PPTX
The Yotta x CloudStack Advantage: Scalable, India-First Cloud
ShapeBlue
 
PPTX
Simplifying End-to-End Apache CloudStack Deployment with a Web-Based Automati...
ShapeBlue
 
PPTX
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
PDF
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
PPTX
Building and Operating a Private Cloud with CloudStack and LINBIT CloudStack ...
ShapeBlue
 
PDF
Ampere Offers Energy-Efficient Future For AI And Cloud
ShapeBlue
 
PDF
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
PDF
Apache CloudStack 201: Let's Design & Build an IaaS Cloud
ShapeBlue
 
PDF
Meetup Kickoff & Welcome - Rohit Yadav, CSIUG Chairman
ShapeBlue
 
PDF
Fully Open-Source Private Clouds: Freedom, Security, and Control
ShapeBlue
 
PPTX
Pushing the Limits: CloudStack at 25K Hosts
ShapeBlue
 
PPTX
Stretching CloudStack over multiple datacenters
ShapeBlue
 
PPTX
Proposed Feature: Monitoring and Managing Cloud Usage Costs in Apache CloudStack
ShapeBlue
 
PPSX
CloudStack + KVM: Your Local Cloud Lab
ShapeBlue
 
PDF
I’d like to resell your CloudStack services, but...
ShapeBlue
 
PDF
Storage Setup for LINSTOR/DRBD/CloudStack
ShapeBlue
 
PDF
Development of an Оbject Storage Plugin for CloudStack, Christian Reichert, s...
ShapeBlue
 
PDF
VM-HA with CloudStack and Linstor, Rene Peinthor
ShapeBlue
 
PDF
How We Use CloudStack to Provide Managed Hosting, Swen Brüseke, proIO
ShapeBlue
 
PDF
Internet Facing VMs and the DDoS Problem, Wido den Hollander, Your.Online
ShapeBlue
 
The Yotta x CloudStack Advantage: Scalable, India-First Cloud
ShapeBlue
 
Simplifying End-to-End Apache CloudStack Deployment with a Web-Based Automati...
ShapeBlue
 
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
Building and Operating a Private Cloud with CloudStack and LINBIT CloudStack ...
ShapeBlue
 
Ampere Offers Energy-Efficient Future For AI And Cloud
ShapeBlue
 
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
Apache CloudStack 201: Let's Design & Build an IaaS Cloud
ShapeBlue
 
Meetup Kickoff & Welcome - Rohit Yadav, CSIUG Chairman
ShapeBlue
 
Fully Open-Source Private Clouds: Freedom, Security, and Control
ShapeBlue
 
Pushing the Limits: CloudStack at 25K Hosts
ShapeBlue
 
Stretching CloudStack over multiple datacenters
ShapeBlue
 
Proposed Feature: Monitoring and Managing Cloud Usage Costs in Apache CloudStack
ShapeBlue
 
CloudStack + KVM: Your Local Cloud Lab
ShapeBlue
 
I’d like to resell your CloudStack services, but...
ShapeBlue
 
Storage Setup for LINSTOR/DRBD/CloudStack
ShapeBlue
 
Development of an Оbject Storage Plugin for CloudStack, Christian Reichert, s...
ShapeBlue
 
VM-HA with CloudStack and Linstor, Rene Peinthor
ShapeBlue
 
How We Use CloudStack to Provide Managed Hosting, Swen Brüseke, proIO
ShapeBlue
 
Internet Facing VMs and the DDoS Problem, Wido den Hollander, Your.Online
ShapeBlue
 

Recently uploaded (20)

PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Approach and Philosophy of On baking technology
30anthuong17
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 

VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue

  • 1. VNF Integration and Support in CloudStack 4.19 CloudStack Collaboration Conference, 23 - 24 November 2023
  • 2. Who am I ? Wei Zhou Software Architect @ Shapeblue 2012.12 Joined Apache CloudStack community 2013.05 Became an Apache CloudStack committer 2017.03 Became an Apache CloudStack PMC member Email: weizhou@apache.org Github: @weizhouapache
  • 3. 01 Introduction 02 Use cases 03 Build your own VNF images 04 Work with VNF templates 05 Deploy VNF appliances 06 Summary and Future work Contents
  • 5. What are VNF Virtualized network functions (VNF): • Software applications which implement network functions • Run as virtual machines on top of hypervisors • Replace physical network devices and reduce the costs Network function virtualization (NFV) • An architecture to manage VNF images and instances Network Function Virtualization with Apache Cloudstack (Presented by Alex in CCC 2021 ) https://events.hubilo.com/cloudstack-collaboration-conference/session/95229
  • 6. What network functions can be virtualized ? Including but not limited to • Gateways (Storage, VOIP, etc) • NAT (SNAT, DNAT) • Firewall • Load balancing • DHCP/DNS • VPN • Tunneling (VXLAN, NVGRE, MPLSoUDP, etc) • Security (IDS, IPS) • WAN Acceleration/Optimization • Transparent proxy • ...
  • 7. Where/How to get VNF images Get from vendors • service providers (Cisco, etc) • hypervisor marketplace (VMware, etc) • cloud providers (Google cloud, Microsoft Azure, etc) • others (ESTI OSM, etc) Build your own VNF images
  • 8. Get VNF images from vendors Cisco virtual routers
  • 9. Get VNF images from vendors VMware
  • 10. Get VNF images from vendors Google Cloud
  • 11. Get VNF images from vendors
  • 12. VNF appliance: CloudStack VR Provided features • SourceNat, StaticNat, • Firewall, PortForwarding, LB (Load balancing) • DHCP, DNS, VPN, etc Tightly coupled with Apache CloudStack • No CLI • No WebUI • No API • Lack of some features (OpenVPN, Dynamic routing, Security, etc) • Limited performance Next-Gen Virtual Router (Presented by Rohit in CCC 2021 ) https://events.hubilo.com/cloudstack-collaboration-conference/session/95287
  • 13. VNF integration in CloudStack 4.19 Requirements (Stage 1) • Support CRUD operations of VNF images/templates • Configurable nics and details for VNF templates • Support deployment and management for VNF appliances • Automatically program network rules for management interfaces of VNF appliances • Display access information for VNF appliances
  • 14. 02 Use cases of VNF Contents CloudStack Collaboration Conference, 23 - 24 November 2023
  • 15. Use case 1: Silverpeak (HPE Aruba) SD-WAN Connect some small~medium sites/branches
  • 16. Use case 2: Riverbed WAN Optimization Connect 2 VPCs in separated zones • Each with a full stack 3-tiers application
  • 17. Use case 3: PFSense Firewall Connect VMs in MGMT, LAN and DMZ
  • 18. 03 Build your own VNF images Contents CloudStack Collaboration Conference, 23 - 24 November 2023
  • 19. Build your own VNF images Step 0: Choose a Router OS Options: • pfSense • OpnSense • Vyos • MikroTik • Linux distributions (Alpine Linux, Debian, etc) • ...
  • 20. Build your own VNF images Steps • Register ISO • Deploy VM from ISO • Configure services via VM Console • Create template from VM
  • 21. Build your own VNF images Step 2: Deploy VM from ISO
  • 22. Build your own VNF images Step 3: Configure services via VM Console
  • 23. Build your own VNF images Step 3: Configure services via VM Console
  • 24. Build our own VNF images Step 3: Configure services via VM Console
  • 25. Build your own VNF images Step 4: Create template from VM VNF Template is ready for use !
  • 26. 04 Work with VNF templates Contents CloudStack Collaboration Conference, 23 - 24 November 2023
  • 28. Update a regular template to VNF template
  • 30. Configure VNF template: Add VNF Nic Device ID: • The device ID of the VNF nic. • The device id must be consecutive and start from 0. • The NIC with deviceId=0 will be the default NIC Name Required Management NIC Description
  • 31. Configure VNF template: Add VNF Detail Options for access methods
  • 33. 05 Deploy VNF appliances Contents CloudStack Collaboration Conference, 23 - 24 November 2023
  • 37. Network rules to be applied Network type Network rules Isolated network - Acquire a public IP - Enable static nat - Create firewall rules for ssh/http/https ports shared network with security groups - Create a new security group - Add rules to allow traffic to ssh/http/https ports L2 network, VPC tier, or Shared network without security groups - No rules
  • 38. Cluster/Pod/Host Boot type and boot mode Userdata SSH key pairs Affinity groups (HA cluster with primary/secondary nodes) NIC multiqueue number and packed virtqueues enabled (KVM only) IO Thread and driver policy (KVM only)
  • 43. VM on L2-001 VM on L2-002
  • 44. Comparison VPC-based solution pfSense-based solution Networks All VPC tiers are in same parent CIDR All network CIDRs are configurable Existing network cannot be added to a VPC Existing network can be attached to VNF appliance Features Source NAT/Static NAT Source NAT / 1:1 Load balancing haproxy (installed by Package Manager) Port forwarding Port forward L2TP VPN / Site-to-Site VPN IPsec / L2TP / OpenVPN Network ACL Firewall rules (ingress/egress) Private gateways (Attach extra NICs to VNF appliance) Static Routes Static Routes (NOT rely on private gateways) DHCP/DNS DHCP/DNS Userdata (Use ConfigDrive) Others: Virtual IP, DNS Forwarder, Dynamic DNS, Dymamic Routing/BGP/OSPF (via FRR), etc
  • 45. 06 Summary and Future work Contents CloudStack Collaboration Conference, 23 - 24 November 2023
  • 46. Summary Support VNF templates • CRUD operations • configurations Support VNF applicances • CRUD operations • Automatically program network rules for access
  • 47. Future work Still in the early stage of VNF integration and support Goal: Allow users to use VNF appliances with little manual intervention. • Ideally VNF applicances are configured automatically. • Like auto-configuration on CloudStack Virtual Routers. Challenges • Access layer: SSH, REST api, unix sockets, etc. (TCP proxy or tunnel may be required) • Data model: json, xml, arguments of shell commands, API parameters, etc • Upgrade
  • 48. Idea: New network offering
  • 50. Idea: new framework and plugins plugin framework for VNF plugins • CloudStack Virtual Router • pfSense • VyOS • ......
  • 51. Acknowledgement Alex Mattioli Jithin Raju Lucian Burlacu Daan Hoogland Thanks for the design, reviews and testing !
  • 52. Q & A Email: weizhou@apache.org CloudStack Collaboration Conference, 23 - 24 November 2023
  • 53. Thank you ! Email: weizhou@apache.org CloudStack Collaboration Conference, 23 - 24 November 2023
  • 54. References Design document on cwiki • https://cwiki.apache.org/confluence/display/CLOUDSTACK/VNF+Appliance+Integration Cisco VNF images • https://www.cisco.com/c/en/us/solutions/service-provider/network-functions- virtualization-nfv/index.html#~virtual-routers • https://www.cisco.com/c/en/us/solutions/service-provider/network-functions- virtualization-nfv/index.html#~featured-vnfs OpenStack tacker • https://docs.openstack.org/tacker/latest/admin/index.html VNF Templates and Appliances • https://docs.cloudstack.apache.org/en/latest/adminguide/networking/vnf_templates_a ppliances.html