Cisco Blogs


Cisco Blog > Data Center and Cloud

Cisco and OpenStack: Juno Release – Part 2

The tenth OpenStack release codenamed Juno was released on October 16, 2014. This press release provides a good summary of what to expect in Juno. It also discusses important new capabilities included in the 342 new enhancements built in to Juno and highlights different usecases that showcase the diversity of workloads supported on OpenStack.

In the first part of the Cisco and Openstack Juno Release blog, I covered Cisco’s OpenStack team contributions to the Neutron project. Here I’ll provide details of our contributions to other OpenStack projects as well highlight our development efforts on StackForge. Cisco was the sixth top code reviewer for the Juno release across all projects in Juno release and is Foundation’s fifth largest company in terms of OpenStack membership.

This Nova blueprint was completed in Juno and provides support for configuration and provisioning of instances with SR-IOV port connectivity.  The implementation generates SR-IOV specific libvirt domain and network configuration XML for the instances as well as includes the capability to schedule instances based on the compute nodes SR-IOV capabilities.  One of the key use-cases for SR-IOV is Network Function Virtualization (NFV) that requires high performance traffic throughput in and out of a virtual machine providing network services (Virtual Network Function or VNF).

We proposed and implemented support for metering Network Services in Neutron using Ceilometer. This included new pollsters and notification handlers for Load Balancer as a Service (LBaaS), Firewall as a Service (FWaaS) and VPN as a Service (VPNaaS). The metrics are categorized into Provider or Service Level, providing different level of details. Provider level metrics help determine the type of implementation and its feature, whereas the Service level metrics provide more granular metric details on the service health and consumption. Separately, instance metrics were enhanced as part of this blueprint to support read and write metrics per instance disk device.

In the Cinder project, Fibre Channel Zone Manager allows FC SAN Zone/Access control management in conjunction with Fibre Channel block storage.  It has a pluggable architecture and we contributed the Cisco FC Zoning plugin that automates creation, deletion and modification of zones in zonesets.  Zones are configured automatically as part of the active zone set for the specified VSAN in the FC SAN to provide a more flexible and secure way of controlling access.

Enhancements to Horizon to enable configuration of  IPv6 subnet modes is also part of the Juno release. This allows tenants to configure address and Route Advertisement (ra) mode for their subnets through the user dashboard. Neutron supports multiple IPv6 address configuration modes including SLAAC and DHCPv6 (both Stateful and Stateless modes).

StackForge

The Cisco OpenStack team has been actively developing across different projects on StackForge as well. This provides an excellent platform for OpenStack related projects to make use of OpenStack project infrastructure and also continue to collaborate in the open.

OpenStack Services Puppet Modules -- One of challenges that we hear about from our OpenStack customers is how to make OpenStack more manageable and deployable.  There are several different deployment options for OpenStack and we have tremendous experience with automating the underlying system and service configuration via Puppet. We work with customers, partners and the community to enhance Puppet modules for OpenStack services and integrate with Cisco infrastructure as well.  We also recently announced, in collaboration with RedHat, Cisco UCS Integrated Infrastructure that combines Cisco’s server, switching and management technologies with Red Hat’s enterprise-grade OpenStack platform.

Group Based Policy (GBP)– Currently staged on StackForge, this project aims to provide policy abstractions that extend the current Neutron API resources and introduces a declarative policy driven connectivity model that presents application-oriented interfaces to the user. The Group Based Policy framework implementation provides the flexibility for new API resources – End Points, End Point Groups, Contracts and Classifiers – that can be mapped to existing Neutron resources or passed directly to a third party controller.  In addition to a mapping driver that supports all existing Neutron plugins, Cisco will also be releasing a driver to directly integrate GBP with its Application Policy Infrastructure Controller.

Nova Solver Scheduler – For resolving complex constraints based on policies and business rules, we have been collaborating with the community to develop a smart Nova Scheduler driver that models compute placement as a supply and demand problem.  The intent is for the Solver Scheduler to integrate with the Gantt project that is aiming to separate out the Nova scheduler as a standalone project.

Summary

Cisco’s OpenStack team contributions are across numerous projects in OpenStack. Our aim is to work with the community, with our customers and partners to enable more successful OpenStack User Stories, resulting in a win-win situation. We are going to be presenting several general sessions that were selected as part of the community voting process at the upcoming Kilo Summit in Paris. You can find more details in this blog post and we look forward to seeing you there!

You can also download OpenStack Cisco Validated Designs, White papers, and more at www.cisco.com/go/openstack

 

Tags: , , , , , , , ,

IPv6 First-Hop-Security

If you’ve worked with networking sometime in the last decade, I’m sure you’ve heard of this thing called IPv6. IPv6 has been around for quite a while, but it seems to be growing increasingly more popular as of late.
My focus on this article will be some of the challenges with security and IPv6, primarily those that Cisco IPv6 First-Hop-Security (FHS) solves.

Several times I’ve found myself looking at the network traffic traversing a customer’s network, asking if they use IPv6.
Unfortunately, most of the times the answer is no, even though I can see the Link-local and multicast addresses flying by my screen.
When I proceed to ask if they’ve added any security measurements in the network to protect against IPv6 attacks, the answer is mostly: “Why would we need any IPv6 security if we don’t use IPv6”? Read More »

Tags: , ,

Transform Service Provider Architectures to Support Virtualized Managed Business Services

October 9, 2014 at 11:35 am PST

ginaBy Gina Nienaber, Marketing Manager, SP Product and Solutions Marketing

Cisco estimates over 50 billion new devices will be connected to the Internet by 2020.  To support the Internet of Everything, service providers must undergo an infrastructure transformation.  The network needs to become more open, programmable, automated, adaptive, and agile.  To guide this transformation, the Cisco open network strategy for service providers is depicted as three interwoven layers:  the Evolved Programmable Network (physical and virtual network Infrastructure), the Evolved Services Platform (for orchestration of resources) and Applications and Services layer to enable virtualized services such as Cloud VPN and Security.  With these three layers working together, providers can begin to realize the benefits of an open network that is readily open to new devices, open for quickly enabling new services, and open to endless possibilities.

Last week, Cisco announced two Read More »

Tags: , , , , , , , , , , , , ,

Cisco and OpenStack: Juno Release – Part 1

The next stable OpenStack release codenamed “Juno” is slated to be released October 16, 2014. From improving live upgrades in Nova to enabling easier migration from Nova Network to Neutron, the OpenStack Juno release will address operational challenges in addition to providing many new features and enhancements across all projects.

As indicated in the latest Stackalytics contributor statistics, Cisco has contributed to seven different OpenStack projects including Neutron, Cinder, Nova, Horizon and Ceilometer as part of the Juno development cycle. This is up from five projects in the Icehouse release. Cisco also ranks first in the number of completed blueprints in Neutron as well.

In this blog post, I’ll focus on Neutron contributions, which are the major share of contributions in Juno from Cisco.

blueprint_completed blueprint_completed_neutron

Cisco OpenStack team lead Neutron Community Contributions

An important blueprint that Cisco collaborated on and implemented with the community was to develop the Router Advertisement Daemon (radvd) for IPv6. With this support, multiple IPv6 configuration modes including SLAAC and DHCPv6 (both Stateful and Stateless modes) are now possible in Neutron. The implementation provides for running a radvd process in the router namespace for handling IPv6 auto address configuration.

To support the distributed routing model introduced by Distributed Virtual Router (DVR), this Firewall as a Service (FWaaS) blueprint implementation handles firewalling North–South traffic with DVR. The fix ensures that firewall rules are installed in the appropriate namespaces across the Network and Compute nodes to support perimeter firewall (North-South). However, firewalling East-West traffic with DVR will be handled in the next development cycle as a Distributed Firewall use case.

Additional capabilities in the ML2 and services framework were contributed for enabling better plugin and vendor driver integration. This included the following blueprint implementations -

Cisco device specific contributions in Neutron

Cisco added Application Policy Infrastructure Controller (APIC) ML2 MD and Layer 3 Service Plugin in the Juno development cycle. The ML2 APIC MD translates Neutron API calls into APIC data model specific requests and achieves tenant Layer 2 isolation through End-Point-Groups (EPG).

The APIC MD supports dynamic topology discovery using LLDP, reducing the configuration burden in Neutron for APIC MD and also ensures data is in-sync between Neutron and APIC. Additionally, the Layer 3 APIC service plugin enables configuration of internal and external subnet gateways on routers using Contracts to enable communication between EPGs as well as provide external connectivity. The APIC ML2 MD and Service Plugin have also been made available with OpenStack IceHouse release. Installation and Operation Guide for the driver and plugin is available here.

Enterprise-class virtual networking solution using Cisco Nexus1000v is enabled in OpenStack with its own core plugin. In addition to providing host based overlays using VxLAN (in both unicast and multi-cast mode), it provides Network and Policy Profile extensions for virtual machine policy provisioning.

The Nexus 1000v plugin added support for accepting REST API responses in JSON format from Virtual Supervisor Module (VSM) as well as control for enabling Policy Profile visibility across tenants. More information on features and how it integrates with OpenStack is provided here.

As an alternative to the default Layer 3 service implementations in Neutron, a Cisco router service plugin is now available that delivers Layer 3 services using the Cisco Cloud Services Router(CSR) 1000v.

The Cisco Router Service Plugin introduces a notion of “hosting device” to bind a Neutron router to a device that implements the router configuration. This allows the flexibility to add virtual as well as physical devices seamlessly into the framework for configuring services. Additionally, a Layer 3+ “configuration agent” is available upstream as well that interacts with the service plugin and is responsible for configuring the device for routing and advanced services.  The configuration agent is multi-service capable, supports configuration of hardware or software based L3 service devices via device drivers and also provides device health monitoring statistics.

The VPN as a Service (VPNaaS) driver using the CSR1000v has been available since the Icehouse release, as a proof-of-concept implementation. The Juno release enhances the CSR1000v VPN driver such that it can be used in a more dynamic, semi-automated manner to establish IPSec site-to-site connections, and paves the way for a fully integrated and dynamic implementation with the Layer 3 router plugin planned for the Kilo development cycle.

Summary

The OpenStack team at Cisco has led, implemented and successfully merged upstream numerous blueprints for the Neutron Juno release.  Clearly, some have been critical for the community and others enable customers to better integrate Cisco networking solutions with OpenStack Networking.

Stay tuned for more information on other project contributions in Juno and on Cisco lead sessions at the Kilo Summit in Paris !

You can also download OpenStack Cisco Validated Designs, White papers, and more at www.cisco.com/go/openstack

Tags: , , , , , , ,

Cisco Wins Best of Show IPv6 Product!

The North American IPv6 Summit is the largest annual IPv6 event in North America, designed to educate about IPv6 and the current state of IPv6 adoption. We were honored to receive industry recognition of the Cisco’s IPv6 leadership and continued innovation with the Best of Show Award of Product and Service for the Cisco Wireless Controller.

IPv6-Bestofshow-Award

As you read about earlier this summer, Wireless Release 8.0 added a cornucopia of features to our wireless offering, many of which are targeted specifically for upcoming technologies, including IPv6. Let’s look back to see how far we’ve come:

Anticipating the growing demand of the next generation IP and eyeing the arrival of World IPv6 day, Cisco released the first support for IPv6 in its’ Wireless LAN Controller (WLC) software version 7.0 in 2011. There has been a steady progression of feature support ever since. Client mobility appeared in version 7.2 a year later in time to celebrate the launch of IPv6 on the global Internet.Then came the release of 7.4 and it’s support of First Hop Security tools, enabling organization’s to go beyond the lab and deploy IPv6 in a safe, secure manner. Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,