Quantum: What it is and Where it’s going Lew Tucker VP/CTO Cloud Computing Cisco Systems, Inc. @lewtucker
+ Quantum OpenStack: open source software for building highly scalable public and private clouds Designed as a set of services forming the basis of a cloud platform Evolving through community process in which all members may contribute Quantum is a community project to build a “Network Service” for advanced networking capabilities
Open Source Is Where “Standard” Cloud Infrastructure Will Be Defined Open standards [require] multiple providers, access to code and data, and interoperability of services. The obvious solution is an open source reference model as the standard. Potential examples of such would be the OpenStack effort. Simon Wardley, CSC From “A Question of Standards” http://blog.gardeviance.org/2011/04/question-of-standards.html
Cloud Computing Paradox Current Cloud Computing model is great for application development, self-service, and automation, but is missing the potential programmability of the infrastructure But I can help (sigh) I’m a Cloud. I don’t need you! Applications and infrastructure could interact with each other to provide the best performance, experience and reliability What is missing is the right mechanism to expose networking infrastructure capabilities without bringing all the complexity into the application layer
Network Technologies in the Data Center and Internet Partners CRS-1 7600 6500 Nexus 7000 (w/ Cat 6500 as Services Chassis) Nexus 5000 w/ Nexus 2000 Fabric Extender UCS, MCS 7800 (or Generic Rack or Blade Servers) Nexus 1000v MDS 9000 + Consolidated Storage Arrays (EMC, etc.) Application Software Virtual Machine VSwitch Access Aggregation Core Peering IP NGN Backbone VMWare Xen Hyper-V ASR 9000 ASR 1000 Storage and SAN Compute Applications IP NGN Application Control (SLB+) Service Control Global Site Selection Intrusion Detection Firewall Services Virtual Device Contexts Fibre Channel Forwarding Fabric Extension Fabric-Hosted Storage Virtualization Virtual Contexts for FW and SLB Port Profiles and VN-Link Line-Rate NetFlow Secure Domain Routing Service Profiles Virtual Machine Optimization 10G Ethernet 10G FCoE 4G FC 1G Ethernet VM to vSwitch vSwitch to HW App to HW / VM Storage Media Encryption Let’s abstract all this
OpenStack Design Summit April 2011 Compute service (EC2): virtual machines Specify vCPU, Memory, Disk Launch instance (image, mem_size, disk) Suspend, clone, migrate Storage service (S3, EBS): virtual disks Specify storage amount, access rights Store object Create/attach block What to do about networks? App Svr OS VM ?? Networking
OpenStack Today: Nova Compute – Swift Storage Service Virtual Machines Swift Storage Object Store Basic Network Connectivity Nova and Swift API Servers Disks Networking is embedded inside of Nova compute, and un-accessible to application developers Details and differences associated with network provisioning complicates a simple compute service Difficult to track changes in networking as Software-defined Networking (SDN) comes into play
With Quantum - Networking becomes a Service Nova Compute Service Virtual Machines Swift Storage Object Store Basic Network Connectivity Nova, Swift, and Quantum API Servers Disks Nova becomes simpler, easier to maintain and extend Developers have ability to create multiple networks for their own purposes (multi-tier apps) May support provisioning of both virtual and physical networks – differences captured through plugin’s Quantum Service Virtual Networks Networks
Virtualization in a multi-tenant environment Servers are virtualized through partitioning Storage through aggregation Networks through slicing/tunnels/tagging… Networks are a shared resource carrying traffic for all tenants across shared links Network overlays and virtualization create private networks through tagging, routing, encapsulation (tunneling), and separation of control (openflow, etc.) VLANS, NVGRE, VXLAN, STT, LISP Quantum is designed to support private networks
But wait….. Don’t security groups, and firewalls provide isolation?
Yes But that’s a topic for another time… Yes But that’s a topic for another time….. Rest assured, Nova with Quantum supports both
2011 Design Summit - community-driven merger of proposals … and others NetworkService Citrix/Rackspace/Nicira NetworkServicePOC NTT/Midokura NetworkContainers Cisco NaaS Core Design Intel Quantum
Abstractions and APIs Compute service (EC2): virtual machines Launch instance (image, mem_size, disk) Suspend, clone, migrate Storage service (S3, EBS): virtual storage Store object Create/attach block Network service (Quantum): virtual networks Create/delete private network Create “ports” and attach VM’s Assign IP address blocks (DHCP) App Svr OS VM App Svr OS VM
With a simple RESTful API POST /v1.1/tenants/abc/networks.json Request: { “network”: “name”:”my_db_network” } Response: “id”: “98bd8391-199f-4440-824d-8659e4906786”
Quantum in Horizon GUI My Private Network
What you can do with Quantum service Create multiple, virtual, isolated networks per tenant (FE-Net, DB-Net) Multiple network interfaces per VM (in-line services) Create ports on networks (QoS, profiles) and attach VM’s Have control over your own “private” IP addresses Access through a user-friendly CLI and GUI (Horizon) Invoke additional capabilities through extensions Support different underlying networking implementations (VLANS, L2/L3 tunnels, etc.)
For controlled innovation and experimentation Quantum is built using a plug-in architecture to support different networking technologies Quantum API API Extensions: For controlled innovation and experimentation Quantum Service Network abstraction definition and management Does NOT do any actual implementation of abstraction Vendor/User Plug-In Maps abstraction to implementation on physical network Can provide additional features through API extensions Quantum Plug-in API
Quantum API interactions User Application – CLI - Horizon Dashboard - Tools Tenant API Tenant API Network Service (Quantum) Compute Service (Nova) System Admin Internal API Admin API Plug-In Compute Node Hypervisor vSwitch Physical Network Router/Switch Clustered Network Controller
Plug-in’s available today Open vSwitch Linux bridge Nicira NVP Cisco (Nexus switches and UCS VM-FEX) WIP: VXLAN NTT Labs Ryu OpenFlow controller NEC OpenFlow Big Switch Floodlight
What application developers want Keep it simple - hide complexity while exposing capabilities Provision their own, abstracted networking resources and topologies Potential to create their own networking services Isolation and non-interference Ability to experiment while leveraging all that is provided by lower-level protocols
Application Architecture on a Whiteboard
Architecture grows as you scale-out, some components move to be closer to the internet, others move to the back-end
Different tenants and applications have different needs Tenant “B” Tenant “A” App OS VM DataBase Web Svr OS VM 10.0.1.0/24 10.0.1.0/24 App Svr OS VM App Svr OS VM MemCach OS VM MemCach OS VM Tenant “C” DataBase OS VM DataBase OS VM DataBase OS VM App 198.133.219.10 Internet Access, Management Network and Multi-tenant Services Internet Gateway VPN Service Service Provider Network
Quantum today and in the near future Quantum 1.0 is available today for Essex as an incubation project Supports isolated L2 networks Multiple plug-in’s available Folsom release – moving into Core Quantum V2 API (in development) Support tenant-created subnets Integrated with Horizon (dashboard) and Keystone (identity/token/policy) Includes “Melange” IPAM for IP address management Includes DHCP/Dnsmasq functionality
Quantum V2: Introduces Subnets, IP addr mgmt, Gateways, DNS POST /v2.0/subnets Request: { "network_id": "98bd8391-…", "cidr": "10.0.0.0/24", } Response "id": "e76a23fe-…", "network_id": "98bd8391-..", "gateway_ip": "10.0.0.1", "dns_nameservers": ["8.8.8.8"], "reserved_ranges": [ { "start" : "10.0.0.1", "end": "10.0.0.1"}, { "start": "10.0.0.255", "end" : "10.0.0.255"}], "additional_host_routes": [],
Create and attach ports to VM interfaces 3
Where we will take Quantum in the future? Purposely started simple with basic abstraction, but with many blueprints expect to see rapid innovation, while maintaining backward compatibility More plug-in’s for other networking paradigms Extensions for QoS, port profiles, etc. Used in the development of new network services Applied to create virtual data centers spanning multiple sites New uses in network service provider networks, mobile networks, sensor networks, HPC networks
Lew Tucker, Cisco Systems Quantum Network Service For more information… Quantum API http://docs.openstack.org/api/openstack-network/1.0/content/ Quantum Admin Guide (Essex): http://docs.openstack.org/trunk/openstack-network/admin/content/ Code on Github: https://github.com/openstack/quantum Quantum V2: http://wiki.openstack.org/QuantumV2APIIntro Lew Tucker, Cisco Systems @lewtucker