OpenStack

OpenStack is an open-source cloud operating system designed to control large pools of compute, storage, and network resources. OpenStack began in 2010 as a joint project of Rackspace and NASA and is currently managed by the OpenStack Foundation. Hundreds of companies now participate in the project, developing drivers and components to interact with their products as well as contributing new features that benefit the entire OpenStack community. The community collaborates on 6-month release cycles. The latest release that will be used for this lab is named the Juno release.

OpenStack enables application developers to quickly provision the compute, storage, and network resources they need to develop and deploy their application without the need for intervention from the IT organization. In many ways, OpenStack was a direct response to the success of Amazon Web Services for customers who wanted the ability to create a similar development environment without having to use Amazon's services.

Cisco is an active member of the OpenStack foundation and contributes code into the OpenStack source community focused in the area of networking. Cisco has contributed improvements into the core OpenStack in addition to the contributions made for drivers to interact with Cisco products.

Lines of code contributed
Company Lines of Code
Cisco 52306
RedHat 27953
HP 22572
VMware 14501
Mirantis 9505
Big Switch Networks 5766
Yahoo! 5367

One of Cisco's active contributions into OpenStack is the Cisco ACI plugin for OpenStack. ACI (Application Centric Infrastructure) is a platform for the datacenter that is focused on providing network resources via programmatic mechanisms. This architecture plays directly into the hands of OpenStack.

With Cisco ACI, OpenStack makes requests of network requierements to ACI and these are managed by the ACI APIC ( Application Policy Infrastructure Controller ), that configures these network requirements and pushes these policies into hardware for forwarding ( capable of linerate performance ). Cisco has committed resources into developing the latest technology in the OpenStack to ACI integration. This new technology is called OpFlex and establishes a direct connection between the physical compute host in OpenStack and the Cisco ACI leaf switch, making it possible to configure OpenStack OpenVSwitch and OpenFlow directly.

OpFlex

OpFlex is an extensible policy protocol designed to exchange abstract policy between a network controller and a set of smart devices capable of rendering policy. OpFlex relies on a separate information model understood by agents in both the controller and the devices. This information model, which exists outside the OpFlex protocol itself, must be based on abstract policy, giving each device the freedom and flexibility to render policy within the semantic constraints of the abstraction. For this reason, OpFlex can support any device, including hypervisor switches, physical switches, and Layer 4 through 7 network services.

The ODL community has created a new incubated project called the ODL Group Policy plug-in. The goal of this project is to provide a policy-based API that can serve, in practice, as a standard information model in OpFlex implementations. This project includes contributions from Cisco, IBM, Midokura, and Plexxi, and the list of contributors is quickly expanding. Information can be found at http://wiki.opendaylight.org.

The ODL Group Policy API will be supported through several different southbound APIs, including OpFlex. OpFlex essentially serves as a native back end through which policy can be passed to devices directly. The project will also allow policy to be rendered imperatively over existing southbound APIs such as OpenFlow without involving OpFlex.

ACI

One of Cisco's active contributions into OpenStack is the Cisco ACI plugin for OpenStack. ACI (Application Centric Infrastructure) is a platform for the datacenter that is focused on providing network resources via programmatic mechanisms. This architecture plays directly into the hands of OpenStack.

Why ACI for OpenStack
  • Automatic VXLAN tunnels at top-of-rack, lower CPU overhead
  • Anycast distributed gateways
  • ARP suppression in fabric permits larger L3 domains
  • Ability to connect physical servers as well as hypervisors
  • Health scores per tenant network
Why ACI for OpenStack
  • Support for L3 or L2 service insertion
  • Flexible placement of services throughout the fabric
  • Hides low level details

With Cisco ACI, OpenStack makes requests of network requierements to ACI and these are managed by the ACI APIC ( Application Policy Infrastructure Controller ), that configures these network requirements and pushes these policies into hardware for forwarding ( capable of linerate performance ). Cisco has committed resources into developing the latest technology in the OpenStack to ACI integration. This new technology is called OpFlex and establishes a direct connection between the physical compute host in OpenStack and the Cisco ACI leaf switch, making it possible to configure OpenStack OpenVSwitch and OpenFlow directly.

The direct interaction between the ACI Leaf switch and the OpFlex agent that resides on the compute host in the OpenStack network makes it possible to have full integration between OpenStack and ACI. This integration can gather statistics of OpenStack instance traffic (even traffic contained inside the hypervisor OpenFlows ), absorb faults occurring at the leaf layer and represent these inside ACI as an application fault.

This integration flow can be observed as follows:

Key features of OpFlex
  • VLAN or VXLAN per Network / Policy Group to Top of Rack Leaf Node
  • OpFlex Proxy runs in leaf, OpFlex agent manages OpenVSwitch
  • Hypervisor-local traffic has policy, switching, routing handled locally
  • VMM domain, GUI integration with APIC
  • Distributed support for NAT, metadata server proxies, DHCP

There are two separate ACI OpFlex plugins that work with OpenStack. The first plugin is known as the APIC driver plugin and translates policy from OpenStack networks into ACI policies. The second plugin is known as the group based policy plugin. This plugin transforms OpenStack in itself to adopt a policy driven network object structure that equates the ACI application policies.

The ACI Group based policy plugin abstracts the network constructs from the application policy constructs making it easier for developers to design applications. Instead of the developers having to focus on building traditional network constructs like subnets and routers, the developer defines groups of application components and the policies of how each talk with other. The group based policy model in conjunction with ACI translates these, under the hood, to network constructs that are pushed into the hardware switches and host agent OpenFlow components for traffic flow.