More Related Content Similar to Implementing vCPE with OpenStack and Software Defined Networks (20) Implementing vCPE with OpenStack and Software Defined Networks2. Copyright © PLUMgrid, Inc. 2011-2016
Introduction
Speaker(s)
Sr Director Product &
Solution Marketing,
PLUMgrid
Alaria
Valentina
2
Strategy & Content,
Canonical
Bauman
Bill
Solution Architect,
Canonical
Gonzalez
Rafael
4. Copyright © PLUMgrid, Inc. 2011-2016
Reusable operational components
Faster. Smarter. Better. Everywhere.
Open source application modelling
6. Copyright © PLUMgrid, Inc. 2011-2016
“provides neutron-api-plumgrid”
“consumes neutron-
api-plumgrid”
Charms declare “interfaces”
PLUMgrid/Neutron relationneutron-api-
plumgrid
neutron-api-
plumgrid
neutron-api
plumgrid-edge
nova-cloud-
controller
mysql
keystone
rabbitmq-
server
PLUMgrid Charm Neutron Charm
7. Copyright © PLUMgrid, Inc. 2011-2016
NFV-related Juju charms
Telco-specific vendors creating Juju charms of their VNFs
• Eurecom
• Vantrix
• 6WIND
• OpenCell
• Telestax
• hSenid Mobile
• PLUMgrid ONS (vCPE)
• Affirmed EPC
• Expeto EPC
• Metaswitch IMS, SDN
• Genband
• Nokia
• Cisco
• Spirent
8. Copyright © PLUMgrid, Inc. 2011-2016
Juju - Open Source Generic VNFM
Bundle
Universal Service Modeling (Juju)
Universal Service Modeling (Juju)
generic VNFM (Jujun)
VIM1
VIM1
VIM1
VIMn
RIFT.io / OSM
App IM (Juju)
Charm
(VNFDa)
Charm
(VNFDb)
Charm
(VNFDc)
NFVi
NFVi
NFVi
NFVin
VNFa
vCPE
Catalog
VNFc
EMS
NFV-O
API’s
CLI
API’s
API’s
CLI
NetOps IM (OSM)
9. Copyright © PLUMgrid, Inc. 2011-2016
the phase change of modern software
scale, topology, momentum
this is the age of big software
10. Copyright © PLUMgrid, Inc. 2011-2016
PLUMgrid – Comprehensive Networking Offering
Extensive software-only SDN and NFV solution for OpenStack® Clouds
10
Security & Compliance Support with built-
in isolation, micro-segmentation via Virtual
Domains & BYO service
Operational tools with proactive visibility &
analytics (powered by CloudApex)
Virtual networks provisioned by users
Scalable, distributed & highly available
architecture enables Production
Deployments
11. Copyright © PLUMgrid, Inc. 2011-2016
Behind the covers: IO Visor Project
11
BPF program written in C
Translated into eBPF
instructions (LLVM)
Loaded in kernel and
executed
Hooked at different levels
of Linux Networking Stack
HW/veth/tap
TAP/Raw
driver
netif_receive_skb()
TC / traffic control
Bridge hook
IP / routing
Socket (TCP/UDP)
BPF
BPF
BPF
12. Copyright © PLUMgrid, Inc. 2011-2016
Virtual Domain
DistributedPolicy
EnforcementZone
Edge Policy
Enforcement Point
Service Insertion Architecture
12
3rd party Network Function
(FW/LB/IPS and others)
1. Firewall in L3 or TRANSPARENT
mode, it IS seen from a topology
point of view
2. ALL traffic goes through the Firewall
3. Tenant is aware that the Firewall is
there
14. Copyright © PLUMgrid, Inc. 2011-2016
Classic CPE model
Customer Premises Equipment as a standalone device
14
• CPEs are standalone nodes
• Complex software, prone to failure
• Cheap hardware, prone to failure
• Need to provide IPAM, QoS, FW, NAT, dynamic routing…
• Can’t be easily upgraded or serviced
Service Provider’s PoP
16. Copyright © PLUMgrid, Inc. 2011-2016
SDN / NFV model
Separation of control and data planes
Control Plane
Deployed as virtualized software (optionally, in the cloud)
• “Remote control” of service from Telco premises
• Easy to troubleshoot, patch or upgrade
• CI/CD for Network software
• Customer features developed independently of HW cycles
Data Plane
Deployed in a simplified version of the physical CPE
• “Passive” data plane
• Commoditized hardware
• “Evolved phone jack”
• Less prone to failure
17. Copyright © PLUMgrid, Inc. 2011-2016
Cloud vCPE Model
Move all “VNFs” to the Cloud
• Device at the customer premises is a simple L2 switch
• All L3-L7 functions virtualized and moved to the cloud
• Routing
• Security
• NAT
• Multicast
• QoS
DNS
Internet
18. Copyright © PLUMgrid, Inc. 2011-2016
Cloud vCPE Model Challenges
Move all intelligence and service enforcement to the cloud
• Virtualizing network functions brings significant improvements
• Software economics and dynamics
• Servicing and Operations
• Upgrades
• But Metro networks and Home networks are very different: can we send all home traffic to/from the cloud for processing?
• Broadcast storms
• QoS / Aggregation / Contemption
• UPNP, DLNA, NAT, Multicast for video… across the metro network?
• Latency, Jitter
• Security
• Loss of Internet connectivity anyone ?
This is a LANThis is NOT a LAN!
DNS
Internet
20. Copyright © PLUMgrid, Inc. 2011-2016
An improved virtual CPE model
“Tethered CPE”: Local enforcement, remote control
Service Provider’s Cloud
• “Common network functions”: Local enforcement, remote control from the Service Provider cloud
• (DHCP, IGMP/multicast, FW, NAT, BUM filtering, etc.)
• “Headless operation of data plane” – the CPE can keep working without a WAN connection
• Combine with advanced third-party network functions instantiated in the the cloud to form a complete service
graph
• Advanced Firewall
• DPI
• WAN optimization
• Captive portal
• CDN…
Internet
Tethered CPE
Data Plane
Tethered CPE
Control Plane
CDN Portal DPIWAN Op. Adv. FW
22. Copyright © PLUMgrid, Inc. 2011-2016
vCPE Demo Logical Topology
Combining “Cloud VNFs” with “SDN VNFs”
Adv. FW
Provider Cloud
(Ubuntu Openstack)
Internet
Customer Premises (CPE)
DPI
SDN VNFs: Purple icons represent virtual network functions implemented in the SDN layer.
They’re fully distributed and run inside the kernel of the CPE and the Openstack compute
nodes
Cloud VNFs: Orange icons represent third-party network functions implemented as Virtual
Machines or Containers in userspace.
DPI
Portal
Access/Metro
Network