Cisco Blogs

Cisco Blog > Open at Cisco

Nexus 1000V On Open Source Hypervisors

Last week at Cisco Live, Cisco unveiled the Cisco ONE strategy. I won’t go into detail on Cisco ONE in this blog post, there has been plenty of blog and analyst coverage of this elsewhere. One piece of the announcement I would like to talk about is the Nexus 1000V and it’s move to running on Open Source hypervisors, along with OpenStack Quantum integration.

Nexus 1000V on KVM With OpenStack: The Cisco Live Demo

At Cisco Live, we demonstrated the Nexus 1000V on KVM with integration into OpenStack. The demo included both the Nexus 1000V Virtual Supervisor Module (VSM), as well as the Virtual Ethernet Module (VEM). The VSM is a virtual machine running Cisco NX-OS software. For the demo, the VSM was running on a Nexus 1010 physical appliance. The VEM was running on the Linux host itself, which was running Fedora Linux, version 16. The OpenStack version we demoed was OpenStack Essex. We were running Nova, Glance, Keystone, Horizon and Quantum. We also wrote a Nexus 1000V Quantum plugin which handles interaction between Quantum and the Nexus 1000V VSM. This is done via a REST API on the Nexus 1000V VSM.

What we demonstrated was the ability for providers to create networks using the standard “nova-manage” CLI in OpenStack. These networks were then mapped to port-profiles on the Nexus 1000V VSM. When a tenant then powered up a VM, the VM was placed on the provider network, and ultimately had it’s VIF attached to the port-profile associated with the provider network. The network administrator, through the VSM, is now able to see the virtual interfaces attached to veth ports, and can apply policies on them. We demoed ACLs on the virtual ports, to demonstrate a Nexus 1000V feature in use with OpenStack. What the demo ultimately showed was the Nexus 1000V operational model separating network and server administrator in an OpenStack deployment.

Where To Go From Here

One thing we are planning to do around our Quantum plugin is to expose the port-profile concept as an extension to the standard Quantum API. This allows profiles to be managed by our Quantum plugin, and allows for us to provide the ability to expose profiles to users of Quantum via the extension API. One immediate benefit this allows for is a GUI such as Horizon to expose port-profile information back into their UI, allowing tenants to select port-profiles to map to virtual interfaces when powering up virtual machines. Effectively, this would allow for providers to create port-profiles and make them available for their tenants to select when powering up virtual machines. Providers can then control policy on the virtual interfaces on their networks.

The End Result

The result of integrating Nexus 1000V with Open Source hypervisors is allowing for the continued evolution of advanced virtual machine networking onto these platforms. OpenStack Quantum integration allows for the integration of the concept of network and server administrator separation into the OpenStack deployment model. Both of these are ultimately about providing more control, visibility, and programmability for customers. I think this is something customers will be excited about, just as we are excited about driving to deliver this to those same customers.

Tags: , , , ,

OpenStack Conference Wrapup

It’s been a few weeks since the Spring 2012 OpenStack Conference took place in San Francisco. The semi-annual event allows developers to get together and plan for the upcoming OpenStack release. It also allows for OpenStack users to show how they deploy the software in production. Given that a year ago was when Quantum, the networking component of OpenStack, was born, I thought it was a good time to reflect back on Cisco’s contribution to the 2012 OpenStack Summit. Cisco was a very active participatant at the event, both in the Design Summit as well as the conference. The OpenStack Foundations 19 members were announced just prior to the event, and Cisco is a Gold level contributor.

In the Design Summit, Cisco OpenStack Engineers made the following contributions:

  • Debo Dutta lead sessions on Quantum System Test as well as Scaling OpenStack. The session on scaling was particularly interesting, as it highlighted the gap in understanding what the current scaling limits of OpenStack really are. It also was a forum for some organizations to discuss how far they are scaling OpenStack in production, and for the developers to try and come to an agreement on what scale to shoot for in the Folsom timeframe.
  • Edgar Magana Perdomo lead a track on L2 & L3 Network Services Insertion. The key takeaway from this session is that Edgar was not proposing adding new APIs at this point in time, but rather allowing for a CLI to assist with stitching in network services.
  • Sumit Naiksatam lead a track on L3 topics. The session was called “IPAM/L3-fwding/NAT/Floating IPs II“, and given the name, was a continuing session on discussing how Quantum can provide L3 services. Getting everyone on the same page was the key for both of these sessions.
  • Soren Hansen was responsible for organizing all sessions in the Nova hypervisors track. Soren is a long time OpenStack contributor who recently joined Cisco’s OpenStack team.
  • On top of actively leading the above sessions, Cisco’s OpenStack engineering team were active participants in all of the Quantum related sessions, as well as sessions around scaling OpenStack and Horizon integration with Quantum.

As OpenStack continues to mature, the interest in Quantum providing the correct network abstractions is very real. An entire track on day 2 was dedicated to Quantum in fact, and all of the sessions had a large number of attendees. The goal for Quantum in the Folsom timeframe is to hit parity with the existing nova-networking, such that Quantum can become the standard networking environment when people deploy OpenStack.

During the conference Cisco participated in the following ways:

  • Lew Tucker, Cisco’s CTO of Cloud and the face of Cisco’s OpenStack participation, gave a keynote at the conference portion of the event. Lew’s slides are available on slideshare here.
  • As a Gold Level sponsor, Cisco had a booth in the main exhibit area not far from the conference entrance. We distributed t-shirts with the “OpenStack@Cisco” logo on them. We were able to engage with fellow OpenStack developers, partners, and customers the entire week.
  • Cisco was a sponsor of both the conference and the summit.

The key take away from the event was around the production deployments of OpenStack announced around the conference timeframe. OpenStack continues to have a lot of momentum going forward, and the announcements by places like Rackspace show the technology is already being deployed at scale in production.  Cisco is actively working with the OpenStack community to help shape the development of Quantum, Nova, Horizon, and other parts of OpenStack. If you are interested in joining the OpenStack@Cisco team, the team is hiring. Please contact Murali Raju (murraju at cisco dot com) for more information about joining the team!


Cisco Open Source Conference 2012

We’ve held our annual Cisco Open Source event this week, on May 1st in San Jose. I’m very impressed to see the large turnout and the ultra positive feedback after the keynote and 5 tracks on Linux, SDN, Big Data, Emerging Technologies and Community Development. Wonderful to see Irving Wladawsky-Berger from IBM, Jim Zemlin from the Linux Foundation, Simon Crosby from Bromium and the great discussions that ensued. Next time we’ll have to open this event up to more than just one afternoon, there is just so much open collaboration that is taking place. My thanks to our track leads, Michael Hein who helped me put together the Linux track, Jan Medved and Dave Ward on SDN, Mark Voelker and Ed Warnicke on Big Data, Fabio Maino and Flavio Bonomi on Emerging Technologies, and Peter Saint-Andre for the Community Management and Tools — these guys have already left their mark on timeless and enduring open standards, but it’s amazing to see how good they are in open source!  We’ll have to post the key takeaways in these next blog entries, for now to all those of you who came, contributed and enjoyed this event, we salute you! Open at Cisco is a vibrant and growing community.

Tags: , , , ,

oVirt Workshop: Beijing

As the oVirt project continues to move forward, a new workshop has been setup in Beijing on March 21st. The workshop page has all the details. If you are in the Asia-Pacific region and are looking to learn more about oVirt, this is a fabulous place to do just that. Interact with developers on the oVirt project, learn about the development process, and get involved. If the oVirt Kickoff Workshop from last fall was any indication, this workshop will be another great event for the oVirt Community. Cisco, as a board member of the oVirt project, is excited to see this community and technology continue to advance forward.

Integrating VXLAN In OpenStack Quantum

Since the announcement of VXLAN last summer, there has been interest in the Open Source community for an open implementation of this. With the increasing number of  Open Source cloud and virtualization technologies out there, where does VXLAN fit into this picture? I think one logical place for it to exist is inside OpenStack Quantum. As a service providing network connectivity between interface devices, this is a logical place for it to exist, especially as it pertains to disparite plugins.

But before I explain how VXLAN could plug into Quantum, some background may be good. Omar Sultan posted a great 3 part blog series on VXLAN (Part 1, Part 2, and Part 3). Reading this will give you a good, relevant background on VXLAN.

An Open Source implementation of VXLAN would require 2 pieces: A data path piece, to implement the protocol and framing format. And a control path piece, to handle orchestration of segment IDs and multicast addresses. For the data path piece, patches were posted to the Open vSwitch mailing list in October 2011, but so far have not been merged into either the Open vSwitch project’s git tree, nor the upstream Open vSwitch kernel code in the Linux tree. Once these patches make it into a public git repository, the data path portion of the equation is complete.

But what about the control path piece? One logical landing spot would be in OpenStack Quantum. Looking at version 1.0 of the Quantum API guide, we can begin to see how to add VXLAN support into Quantum. Quantum networks are created agnostic of their underlying segmentation technology. Currently, VLANs are used. Adding in VXLAN support would be as simple as adding in a type to “Create Network” call. Specifying VXLAN would allow Quantum to provision a Segment ID, and allocate a block of multicast addresses to use. Multiple hosts could still be added to multiple networks with a type of VXLAN. Quantum would work great for handling these types of tasks.

The place where this really begins to shine, however, is in the plugin architecture of Quantum. With Quantum handling the tasks of segment ID allocation, the plugins will have to handle the VXLAN protocol implementation for a network with type VXLAN. Vendors can now implement VXLAN in their plugins, and this buys end users the ability to have a heterogenous VXLAN environment out of the box.