 Hey, good morning everybody this thing on you guys hear me. Okay. Okay. Good. Um, I Was hoping the warm-up music would have rocked a little more. It's kind of early and everybody's little hungover I don't even drink and I feel like crap this morning, but we had a pretty good party last night. So Appreciate everybody for coming along maybe sneaking out of the keynote a bit early the CERN presentation was fascinating I thought that was a really cool stuff. So it's it's good to be here. This is my sixth open stack summit myself I've been with new lodging networks for about a year and a half You're in three quarters, but uh with viata before that and juniper before that And so I've been around these things for a little while and it's just it's amazing to see how it's grown and and How it's gone global and and how it's gone beyond the what three or four hundred people we had in San Francisco at the first event I went to so anyway I'm a networking guy and and and I've been passionate about networking and data center networks and and worked on some Networking fabric things and have kind of evolved that technology and what I've been working on into some network virtualization and SDN things But the really interesting part of that conversation isn't necessarily IP routing and transport and things like that It's about how we start to abstract the network into a really consumable model for DevOps and IT people So that's really what SDN is all about. There's lots of arguments over Open flow and various protocols and what's valid and what's not and is my controller open source or not But really what it comes down to is how I represent that network as a service to users And so this is what newage networks is all about and what we're focused on We do some really cool things at the networking layer that I'll talk about a little bit about how we can kind of enable a higher performance Neutron environment so that Neutron networks become production ready become enterprise ready as we all know as if we've if we've Worked with OpenStack at all the base level neutron things even in Juno is still pretty lacking Has some serious scale issues and and some limitations what I can and can't do when I get into a cloud environment That's very very multi-tenant as we've learned working with a lot of large cloud service providers around the world Those limitations with multiple bridges and namespaces and things like that really starts to affect performance So we're doing some pretty cool things. We think to fix that leveraging a lot of routing technology from our parent company Alcatel Lucent and then Wrapping all that in this nice framework. That's really well aligned with the the Policy framework that the network policy for neutron framework that we're also contributing to so I'm gonna do a quick overview of the solution And then a demo of our our application framework our application policy framework that we're shipping today Even in advance of the neutron work being complete. So Really the driver for all this and why SDN exists is that data center network is fundamentally flawed It's it's a bit broken. I've got a virtualized compute and management system that lets me deploy resources quickly I still go through a lot of manual process with trouble tickets and teams and groups of people to have to configure things and Request V lands and have somebody touch the firewall and the router and the switching so This really slows down what I can do This really limits the footprint on where I can deploy my compute environment Dynamically because if I have to wait for a trouble ticket to get completed It's it takes too long. We've done a lot of things with SDN or neutron or other elements where now Maybe my network is represented as an API. I've accelerated things a lot I have a programmatic interface that maybe I can start to incorporate into my DevOps tools But it also could introduce some new complexities Maybe I'm forcing my DevOps guys to worry about networking Like this network is a service environment which neutrons is Amazon Web Services in the VPC context is very similar in that now I'm forcing my DevOps people to learn how to Provision networks. I'm presenting an interface to them like in neutron that says Hey DevOps guy who's really good at deploying applications and servers go create a network Go assign IP addresses go configure a router and assign ports to that router. These are a lot of steps that require Network topology awareness and network configuration awareness that may be a DevOps team is not expert in and so it's not really abstracted into a Consumable bottle and it puts a lot of burden on that DevOps group to learn new concepts and have to manage new things What the DevOps people are good at is understanding their applications and how they need to be grouped together And maybe how they need to talk to each other They don't care that I use a vlan or a subnet or a router a firewall They know my web servers and my app servers and my database servers need to be in different Segments or different groups and I need to have some connectivity model between them with potentially some security policy that defines that So the DevOps team really needs a simpler more abstracted view and the neutron group-based policy extension stuff is Intended to address this and there is a lot of good work happening around that And I believe it's an extension that will be available in a later release of Juno And then it should be much better a little bit later on The new guys have been contributing to this and working this and then delivering product that actually provides these Functionalities for about a year while we've been shipping this product for about a year and a half But what this gets us to is this policy approach to networking and by policy I really just mean templates, right? I can define my network service as a template Maybe my network administrator actually makes those templates Configures all that specific routing detail because the network administrator knows how to do that and knows what's required I can have my security audit team review the templates to make sure they're compliant And then I just give those templates to my DevOps guys to deploy over and over and over again through a really simple API call or simple API Interface and so this is what our what we think policy-based networking is all about So this gets us to this mode where my tenant or my application request request compute resources that happens instantly there is a call to a network API that New wage would deliver and That network API would just consume those templates that were predefined and all of the networking is done dynamically and automatically and rapidly The new wash solution is is a bunch of software and a couple of pieces of hardware that actually deliver on this to allow you to build infrastructure we start by leveraging open v-switch down here at the base where This is our we use the base kernel level open v-switch on KVM We've also got flavors for ESX and for Zen server and I can mix those together in the same environment But we use open v-switch We do some software on top of open v-switch where we actually replace that user agent with our own code and Turn that thing into a distributed virtual router So we're doing distributed routing and ACL capabilities as well as switching on every host That's all controlled by an SDN controller Which is actually an operating system for a very from a very mature advanced BGP MPLS router so all of my routing functionality is available there today And then that sits on top of that is our policy engine or this policy framework the GUI I'm going to show you in the demo is the user interface to that But there is a full set of REST APIs underneath that GUI that you can use to program There's a neutron plug-in that talks to the VSD the policy engine. There's also some v-center and v-cloud director Integration and we've got a cloud stack plug-in now as well and the thing about the new wash solution is I can blend and mix those things together So we think what the requirements are for a production open stack network Something that I can do in production today with rock solid available stable networking are kind of three things I start with performance and deployability and by performance I mean I need to be able to do security grouping and multi tenancy at scale I need to be able to support lots and lots of high-speed flows I need to be able to saturate that 10 gig length that I bought on that server I don't want to have to choke that thing back to four or five gig if I'm limited by some Multi-level kind of switching layer I need a rapid convergence performance if I'm going to build a large-scale cloud environment And I have a dr scenario I have to be able to stand up tens of thousands of new VMs quickly and not wait hours to do that And I also need a way where I can integrate into existing environments because in the real world in an enterprise Not everything's virtualized. Not everything's open stack. I still have some VM. We're over there I still have a bunch of mainframes over there I have to be able to tile those things together and so to do that I need to be able to leverage some gateways and we deliver on all of these things One of the problems with with open stack is this network node where I can do some simple L2 switching between two common VMs on a common subnet But if I have to route between them, I've got to go back to that network node This creates a lot of congestion issues when I have to go for north-south traffic out to the WAN and also with east-west traffic between VMs the distributed virtual router in Neutron in Juno starts to address this east-west use case It's not all that mature. There's still a lot of work to do there But it is a step in the right direction But the north-south use case of getting in and out of the environment is still not totally addressed Also the multi-tenancy aspects of needing multiple bridges to use IP tables to carve up tenants on a host is not completely addressed by DVR So the new wash solution actually turns that open V switch into a full-blown L2 through L4 router So we do IP routing. We do ACL enforcement. We do VRF So I've got isolation of IP space and routing on the hypervisor itself Controlled by a very very scalable control plane that can manage hundreds of thousands of servers in a single cohesive environment So I eliminate this problem of needing to go out of the server to get between subnets I can do low I can do local routing IP routing and transitioning between subnets Without leaving the host because I have routing on the host itself. I Can go directly and choose the best path for east-west traffic between hosts Just using a VX LAN tunnel in between these two servers and my north-south traffic is directly integrated with the LAN router This control plane that we're using is an OS from a very mature router the Alcatel Lucent 7750 Which is deployed in just about every carrier around the world if you're pinging an LTE network right now You're probably using a 7750 router So this OS is very mature very proven. We're using Multi-protocol BGP and some MPLS EVPN context to advertise these virtual overlay networks to a MPLS PE router at the data center edge So if my data center is behind a router I can advertise my virtual networks directly to that router and tunnel directly to that router with an automated Advertise kind of control plane interaction So I don't have to manually configure everything on that router to support these services I don't have to go to a VLAN gateway and then out to some trunked interface to get to that router I'm directly integrating with that router. So very powerful in how we handle east-west and north-south traffic When I get to control plane of performance. So in this model I'm tackling that flow and that IP routing we can saturate a pair of 10 gig interfaces pretty easily on this And we're pushing towards 40 gig and then using some of these VX LAN off-load nicks that we see out there 40 gig and potentially 100 gig is well within reach using open v-switch and then of course We're across DPDK and some of these other technologies to look ahead of that on the control plane performance There have been some published studies and reports that say just the raw neutron networking that was in Havana I Would get about if I wanted to start say 75 kvm's in about eight hours I'm seeing about two or I can start about 75 kvm's in eight hours, which is about two and a half vm's per second We ran into a customer on Wall Street in New York City that wanted to test a larger scale than that or wanted to test Some scale where they have 65,000 vm's running and then they restart the network stack And they wanted to measure how long it would take to bring things back up again on the base neutron They saw around two and a half vm's per second They tested one of our competitor solution and that brought that down to about 18 vm's per second But then they tested the new wash solution and we were able to bring up All of those 65 kvm's in eight minutes, which was about 135 vm's per second So in order of magnitude faster, we do that by using Multi-protocol BGP and some some techniques within BGP to advertise security groups across the network Using this federated control plane using the same scaling techniques we use in the internet itself So, you know very very powerful highly available very proven and can support just about any large-scale environment that we've seen so far On the openness front, which is the other thing we one of the other things We think we need for a production ready environment is I need to be able to choose I need to be able to run open stack, but also blend in some vm where I need to maybe use some cloud stack here And there where I need to but I need to have in a cohesive networking system across those I need to be able to choose gateways to connect to vlan based infrastructure that might not be Virtualized and I want to be able to do that with multi vendor hardware So we have our own top of rack device I can also use a Rista and cumulus and a couple of others to enable that kind of environment and I need to be able to provide Security and other services through partners So we've got a very advanced service chaining feature set that lets me connect in third-party firewalls DPI devices building some IPAM integration with some External vendors as well and then the last sorry so more on the open thing on the last thing I need I'm kind of rushing because I do have a six minute video and I have six minutes left in my talk So on the policy abstraction front I need happy users and happy DevOps people using this system And so to do with that I need some sort of really IT focused interface to this environment Supporting the policy framework that that neutrons developing but delivering on that today So I'm actually going to jump real quick into the demo This is recorded because you never know how internet connectivity is going to work What you're seeing on the screen. Sorry. Let's try this again. What I'm seeing on the screen. Are you guys liking that? Let's find there we are Make that big So this is our GUI over here on the right and then I've just got a terminal that we're going to do some neutron commands in a minute This is the new watch VSD user interface. It's multi-tenant multi-user I have a care service provider view or a enterprise administrator view that will let me affect Security rules and network topologies for all my users and then I can allow my users to log in directly to the GUI or give Them direct API access or give them access through the neutron plug-in to go consume the things that the administrator would create So what we're doing here is we're just defining an ACL that says from anything to the enterprise domain I'm going to block tell that and this is an administrator creating this rule So it's going to be enforced on all of my tenants VMs and all of my tenants networks And they're not going to be able to modify that rule. It's it's sort of a master rule that's going to be looked at first so This will get created here and Applied and we'll see I've got this applied on a couple of other domains domains or what we call tenants or user is in the system So I see I've got a couple rules already built here now. I'm going to switch over to the our application designer interface now so Now I'm going to go create this application stack and this is really similar an interface to that policy framework stuff that I was talking about before where I've got a user down here Just created a new website template from that He's going to create an application tier and call it web We're going to create another application tier and call it Logic and then we're going to create another application tier And I think we called it DB But these are just groupings where I'm going to connect servers to and then I have some predefined security rules or contracts in the Neutron a policy framework definition that will allow certain traffic types between the web tier and the logic tier in the database tier And so I'm allowing my SQL. I'm going to allow some other things I have a macro that's defining my public internet or my floating IP space and I'm going to assign a rule to that as well I'm going to make a contract here. That's going to allow HTTPS to go in and out of that and Then I'm going to actually create another little network macro that says from my enterprise group I'm going to allow SSH and so these are predefined macros are pre-divine Network zones that the administrator created and then this would be a user of a system just creating these Templates based on their application needs. So I'm allowing SSH here So I've created these as I switch over and go back and look at one of those domains I used I see that I created a few ACLs here So those ACLs show up and I can go and look at those rules and I can reorder them as an administrator if I need to So those things are automatically applied based on what was defined in that previous app designer interface now I'm going to switch over here to the Neutron side to the open stack side. I don't have any VMs running. There aren't any networks Created yet, and I've got some images here We're going to start a we're actually going to use the new edge extension to our neutron plug-in This is some extensions We have where I'm going to bind essentially create a port and bind it to one of those tiers in that app designer thing that I did before so I'm creating a new app called website And I'm going to bind that to the tier of web over here in the app designer And then I'm going to create a you know that tiers called web server And now I'm going to go boot a VM and attach it to that port that just got created through that bind process So booting a web server. I'm actually doing it in a container because I can and We just used a small server to do this demo So it was easy to run that because we do support Docker and Linux containers in our environment as well But so I'm just booting that VM, and I'm attaching it to the web server I'm going to do a Now I see the neutron port list down here. I see I've got that port Created and it created a network and so what just happened is my devops guy didn't have to go create a Network in a subnet and a router and a port all that stuff got created automatically by binding Using the nuage network bind function to just consume one of those one of those Groupings in our app designer function and and so then by starting that VM the network is automatically created The subnet was created or the router was automatically created The devops user didn't have to go step by step by step and design all of those networking things the IP address is automatically assigned and Everything based on the templates that my administrator would have defined now. I can see that that VMs up and running I have an interface on the nuage system to monitor my VMs and see what's where I'm going to speed this up a bit. I've got all kinds of statistics I can monitor on those VMs and on the networks that created we can go collect stats We store them in a Hadoop based database as part of our policy engine so I can do monitoring and billing and threshold alarms on that as well I'm going to go create a couple of more VMs. Those all get started pretty quickly and then Hopefully I can run this through without going too much over my time But so now I've got a couple of other VMs up and running Attached a couple of other ports on the other tiers on this thing What we're going to do in a second here is switch back over to the VSD interface our nuage interface and See that we also have a logical topology view of this network that administrator can use to look at I've got these other VMs up and running. That's what we're showing here Now over on the domain side. I can look at my design I see the logical topology of all those subnets and all of those networks that I created I can look at the VMs I can see which access lists are applied if it Administrator wants to change an access list on a running environment The administrator has a master view of that and can implement that change and then as I go back and start deleting these subnets and deleting these VMs I See them get pulled out of the VSD and everything gets cleaned up automatically so Back to presentation mode here to kind of finish up for you guys So to kind of wrap things up we're actually delivering on this policy-based framework Today we've got abstractions for it users that make them happy. We've got a very high performance very scalable solution That's deployable. We've got a lot of customer references of things that are using it And then it's an open solution that lets me mix environments and choose best-to-breed hardware and also choose multiple cloud systems to work together and finally Directly upstairs from us at 1115. We've got three tracks in a row First numer G is one of our marquee customers here in Europe is going to talk about how they're using new agent open stack together Then Jonas one of the guys from my team here in Europe is going to talk about some use cases and private cloud things and some things We're seeing in the banking environment with SDN and and open stack and then finally Dimitri Stiliatus our CTO is going to talk about scale and kind of the future of networking and SDN for open stack So thanks very much for your time. Follow us and follow me on Twitter We have a booth down at the end of the hall and please attend our sessions this afternoon. Cheers