 Good afternoon folks. This is Somic. I'm the product manager at VMware for Networking and Cloud OpenSack integration I was the co-founding member of OpenSack Quantum project and I'm really glad that we have come to a stage today that we have real quantum users using quantum in production It's very heartwarming and with that I just wanted to thank our panelists for their taking the time out of their day and our moderator Anil Lakhani from Gardner for For taking the time to monitor this panel and I'll let them introduce themselves and once again. Thanks for coming Everyone so this is a panel about people who are actually using quantum. That's these people here Just out of curiosity. Can we get a show of hands for the number of people here who are developers? People working on developing OpenSack. Okay users people trying to implement Oh, look at that. All right and Vendors people trying to sell something. Oh Fair number of those too. Okay, so what I'm going to do is have these people introduce themselves We'll talk about what they're doing with Quantum and go from there. Is there anybody here who doesn't know what quantum is? No, okay, so I can skip this one. Yeah. Okay. Good. All right. Let's do some introductions Let's start with JC Hi, I'm JC Martin. I'm from eBay. I've been a cloud architect at eBay for the past five years and we've developed our cloud based on OpenStack and using quantum For the past Maybe more than a year now So we've been in production with this code for at least six months. Okay, Jack Yeah, so hi Jack McCann from HP cloud services The technical lead for the engineering team that's bringing OpenStack networking into HP's public cloud And this is not Mike Hi, I'm Chad Norgan. I work at Rackspace on the public cloud do Basically our SDN and our cloud networking for public cloud Mike was unable to make it. That's Mike Eskelman So Chad has gladly stepped in everyone give him a round of applause because he had no prep All right, so what I'm gonna do is Go down the road starting eBay then HP then Rackspace and ask you guys to describe What it is that you're doing particularly with quantum and I'll put up the slides that you sent me So we'll start with eBay. Okay, so In the diagram, there's two parts The upper part is what a user is going to see and the lower part is the implementation of how we are realizing What the user is Exposed to so on the top part you could imagine that what we call cost a class of service is like a VPC in Amazon and We developed multiple of those VPCs that we allow Our users to share and create environments virtual environments which maps to the OpenStack projects So what we are using this for so for example, we have one class of service which is for developers So every developer at eBay can get VMs in this VPC that they are all sharing together. They can get their own environment They can define security groups for their VMs and in addition in the future a few weeks We are going to allow them to create Virtual networks private networks in that environment all the VMs in that class of service or VPC is sharing The same shared network, which is like a provider network, but it's a virtual network and We modified the scheduler in Nova so that based on the class of service that a user is The project is part of a class of service and based on the project class of service We can select which network each user has access to and we created one for our Developer cloud if you want developer class of service. We are creating one for our Public or external Experimentation so where people can have access to the internet so each one of those VPC if you want as different Capabilities based on what network they have access to what so there's the virtual network that is shared between all the VMs But that virtual network is getting out on our corporate network or on the internet and based on the class of service that we defined You we filter out the traffic or we enable feature or disable features So we created one like that for the developer one for experimentation that has full access to the internet from and to the internet and We can allow also other organizations in eBay because we have like many startups or Groups that we acquired over the time that want to have their own isolated virtual private cloud So we allow them to create this Environment for themselves and define what type of access or control they want to put for their Users so that's if you want a way for us to implement The equivalent of physical environments on top of a shared infrastructure So all the infrastructure is the same below but this allows us to replicate what people usually do with physical environments Where they have isolated networks with firewalls and then they define policies like that So that's a way for us to avoid having to do that. So in term of implementation. We are using Nova The Folsom version we just upgraded last week in fact We are using quantum so the upgrade between sx and Folsom was kind of a forklift and we had to move the VMs manually Then the quantum is using the MVP controller plug-in and all the virtual networks are from the VMware and NSX product. Does anybody not know what MVP is? No, okay. I was just checking. Okay, so then to go to the physical side of the network we have a gateway that basically bridge virtual to physical networks and This exists to a VLAN that exists only on those two between those two device So in nowhere in our infrastructure, we have VLANs. We have kind of a Shared infrastructure that is based on spine and leaf and routed So we just need VLANs between those two device to bridge between the physical and virtual and then we have a firewall that Controls what people can do at the edge of those virtual private clouds Jack talks about what HP's got sure so Next few minutes. I just want to go over talk about what we've been doing with the quantum and HP cloud services Why we've been doing what we're doing Talk about some of the key customer requirements that are driving those decisions and then finish with a few thoughts on quantum going forward So in terms of what we've been doing, we've been looking at quantum for about since the Diablo timeframe essentially Evaluating it working with it internally. It's certainly developed and evolved lots of new code lots of new features Couple important architectural shifts the V2 API and the incorporation of the IP address management functionality. That was important And I'm happy to see in grizzly It's finally reached a point of functional completeness where we can think about moving it forward into our production cloud So what's driving our thinking around quantum? It's basically the customer What quantum enables for us is a key use case this the key use case I see is private networks with overlapping IP addresses And that's really what we've had customers asking for and you wrap that up in the quantum API Provide a nice management plane for that and it's really a good story. It's a good story to tell so in terms of The features that have been driving our thinking around quantum I mentioned the basic to private networks overlapping IPs But there's another set of basic features that we currently offer in production Forgot to mention our current production network is based on Nova networking and running a flat DHCP model for about 18 months now in production And there's a key set of features that we offer there that we needed to bring forward Into a quantum-based environment. So those would be Security groups floating IPs EC2 metadata support in DHCP and that all comes together in a picture that looks like this and I believe the quantum admin guide calls this pertinent routers with private networks and it all comes together and grizzly very nicely So that's sort of where we're at at the moment Looking forward. There's certainly some nice new features coming in quantum being talked about this week VPN is an important one for us firewall load balancing as a service Rounding out IPv6 support is going to be important for us as well You know, I think I think the project's team has really laid a strong foundation They've built the house the core of the house People are ready to move in These new features will be nice addition to the house But we've also got to make sure we maintain the foundation maintain a strong foundation that's been built So we'll have to keep an eye on quality improve the API documentation really nail the API specs particularly around the extensions And we've got to remember that we've got people living in the house now So as we consider changes moving forward, we've really got to consider compatibility with the previous versions and provide an upgrade and migration path as needed So I'll wrap it up with that and hand it back to Anil All right, so our setup is pretty pretty similar to eBay's in that we Basically for our we use the quantum with the nicer MVP plugin talks to the MVP controllers all of our instances basically We use a hybrid approach to our networking We bridge the public network for their traffic in and out of the hypervisor to the internet or to our what we call our Service net to reach other racks based services And then we also the big reason we wanted to ploy, you know SDN was to get overlay networks and to get customers the ability to set up their you know own isolated networks Because VLANs don't scale. There's you know, obviously a big cap on how many you can put in there And then you know, we came from a dedicated host of business that we have a tier one backbone So we kind of want we we still can get you know ports very cheaply and We find the hybrid approach is still working best for us right now in terms of Quantum we're still we're on a forked version of quantum be one We're working back to get into V2 or something ahead of that We're kind of like the idea of quantum getting a little smarter and having that a store but for right now Pretty much our setup Okay, so what I'm gonna do is I'm gonna ask a couple of questions and we'll discuss them And then I'll just open it up to everybody. So the first one is Sure, so the first one is so what is quantum doing for you guys that you weren't getting before What's your favorite thing about it? That sort of thing? So I have to say it's You know the use cases that enables for us and the features that it lets us offer our customers that I talked about the private networks the overlapping IPs Things that really our customers been asking for I'm a service for our perspective. There's no way you were doing that before quantum. No true So on our case the main reason why we are using quantum is to provide an abstraction on top of the capabilities of SDN or ovary networks We have a multi-vendor strategy at eBay. So today we are using this era But maybe tomorrow will change providers So we want to make sure that we have an abstraction on top of the features that we are relying on so that we can swap out the vendors as we require and The key thing for us to use quantum was the capability to automate the network provisioning So one of the the main thing that we try to do was to have end-to-end automation our infrastructure and the last mile that we could not automate was the creation of isolated networks and By using a combination of ovary networks and quantum we were able to completely automate the creation of networks Up to the point of the configuration of the firewall which happens only once and then for every new network It's just plugs into the existing firewall configuration. So there's no manual intervention anymore I mean the big thing that's all for us is scale You have that layer there that you can do that automatic provisioning We can you know automate the pushing down of QoS settings We can have you know an abstracted layer to where we you know, you can have very fixed You know things we're trying to achieve and then have quantum and actually worry about implementing that on the back end Where you don't have to have any any you build it once and then from there the software takes care of all the provisioning Okay, keep the mic the next obvious question is What doesn't it do that you needed to do One right now. I think our thing is it right now doesn't have a lot of State in itself It is purely just an abstraction layer and then it's always the plug in behind it that generally does the you know The complex line we would like it to see you get a little smarter Maybe you know not have to reach back so much to the MVP controllers or to whatever is the back-end store Maybe have some of that knowledge, you know right there So you want one be less of a framework and more of an executor In between in between tell us more about in between. I don't know. What do you think? Yeah, sorry, we ran into scaling issues and if Like he said if if quantum didn't have to reach back into MVP as often It would be much more efficient for REITs, which we do a lot of And so that's that's one of the big things we like about moving forward to quantum having a data store is A lot of the the gets can be solved without having to reach back into your vendor back end So what was your question the first one first question again So this question is what doesn't quantum do that you needed to do So we had to implement few things on top of quantum's that it doesn't do out of the box We did not implement it on quantum But on Nova in fact the problem that we have is The network they are not all equivalent So for example when you create a public network in quantum automatically the default policies that your VM is going to get An interface on that network But for example if you have multiple layer two networks you in our case for a one VPC We might have up to 16 virtual networks and if they are all shared public networks Your VMs are going to get 16 interface So what we want to have is an abstraction of a network so that we can label it So for example shared network or public network or internet or whatever and then quantum would do the allocation of the network based on Capacity or some other policy Effectively implementing the same type of scheduler that you have in Nova for selecting an hypervisor So we had to do that in the scheduler in Nova based on two things in our case One was the class of service. So we have networks that are labeled with a class of service So for example in your case you might have like a provider network and a private network Or you have like in our case a production network or a QA network a dev network So we want to be able to label them and based on the class of service that the user Comes in we can select which network they are a part of So that was the main feature for us that was missing And is that something you as a participant in the community are trying to drive into quantum? Yes that's something that we we talked to the the leads about and We are looking at adding at least the label in quantum the part that we do in the scheduler We can still do in the Nova scheduler because there's a lot of context that you need In order to be able to do that that is only available in Nova when it reach quantum It's a bit too late, but there's some resource allocation that quantum could do Based on for example number of ports or number of IP Availables in order to select the networks and be a bit more smart. So I think there's a project to have a Scheduler in in quantum coming up. So that's the right direction. Great. Yeah Yeah, so I realized I missed a point as I was talking a little bit earlier around Our quantum deployment and we've actually moved forward from an evaluation stage with quantum into a pre-production type of testing environment and I was reminded I don't think I mentioned the plug-in that we're using. It's an internal HP plug-in that Has been developed in partnership with HP's research labs and HP's networking division So excuse me for backing up for a minute on that important point In terms of If I had to put my finger on one thing I think the work around VPN as a service that's that's being proposed and worked on here in Havana Is something that'll definitely benefit our customers something they've been asking for Okay, that's what I was gonna ask. So that's are you getting demand for that from your customers as a service provider? Absolutely Right, so we're gonna open up to questions from the audience. We've got a Mike stand here. So I think people are supposed to go to that to ask questions So if you have a question Go ask it over there. It can't be the case that no one has a question I know I know I know more than a few of you in this audience I know more than a few of you have trying to work some things out. So or we can just hand a mic around to What is the role of the physical network All right, so the question is what is the role of the physical network here? Anyway, yeah, I have an answer So there's two parts in the physical network that we are relying on so the first one is as you said just a scalable Transport with minimum latency. So that's why we optimized our network to be scalable And we ended up with an issue around isolation because when you have a very large network Like for example with 5,000 10,000 nodes on the same Domain then you need a way to isolate to create different type of environments so We focus we are focusing on optimizing our network for bandwidth and latency But at the same time we are looking at hardware vendors to help us integrate bare metal machines Which we still have a lot like for bare metal machines like Non-virtual machines right so it's the case for example of all appliances like NetApp or load balancers or this type of appliance which could not run directly natively yet a Virtual network in the future with VXLan they might be able to participate in a virtual network so that's an opportunity and Also, we are looking at switch vendors to terminate the virtual network and bridge to their physical world For example when you want to have a multi-ton and backbone where in our case, let's say that we have a PayPal or an eBay Domain in one data center and the same one in another data center We want to preserve the isolation end-to-end so we need to be able to have this virtual network You extend it across the the one enter enter data centers like for example using MPLS or something like that And have end-to-end isolation for each tenant, but are you also saying that you want coordination between? quantum and Isolation mechanisms being used on the rest of the network, right? So that's a place where this is going to get tricky because either there's one controller that understands the virtual and the physical world and Then quantum would talk to that controller or there's multiple controllers that have to be coordinated to talk to the Provide this end-to-end architecture topology Our big use of physical is a solid layer three fabric for the edge Beyond that I mean most of all the fancy bits are on the edge and then we kind of Yeah, it's the layer three fabric Yeah, I think Primarily as a transport is what we're doing with it now But I think one of the key things that quantum enables is JC pointing out the ability to reach out and do some of that bare metal management down the road So that'll be important and really bring the two worlds together where a lot of the intelligence But pushed the edge right now and we can start to move some of that and integrate it across the physical fabric Anyone else? Yeah So the first question was how do you integrate quantum with naming servers DNS and the second question particularly for HP was What's the thought process behind doing the virtual tenant routing? Let's start with the DNS as anybody So in the case of DNS, there's two aspects of DNS. So are you referring to the names the FQDN for the instance that are created So in our case we had to have a listener Which is also going to be replaced by the project called moniker. There's a session this week about it So it's basically listening to instance creation and instance deletion and based on those We create the entries in our DNS. We have Already an automated system that allows the configuration of the DNS entries So we just invoked who rest API is this service to create the entries Forward and reverse for each VM that we create but by listening to the events that Nova generates for instance creation and instance deletion Yeah, it's real time. There's a slight Delay, but it's almost real time Yeah, and then at rack space. We basically put an API front end for our DNS infrastructure So it's not automatic provisioning, but basically the customer is exposed an API in which they can provision Programming You know, we've got a DNS as a service project underway that will be integrating with our quantum offering I believe that's being discussed That's moniker if or anybody who doesn't In terms of the question about the pertinent routers that's really get gets back to the requirements They're driving some of our decisions there and the key ones are the private networks overlapping IPs and the floating IP functionality and All three of those really come together at that router in front of the private networks Let me ask you a follow-up question because you mentioned IPv6 and you were the only person up here who mentioned IPv6. Why? We're starting to see demand for that from your customer side. Yeah Actually was one of the strong reasons we also went to SDN was actually we tried implementing it with the Linux Bridging and do manually inserting our flows in our first-generation cloud next-gen everyone every instance gets its IPv6 at public address And the ability to have open flow Programmably do all the router block or route announcement blocking and all of the protections on it was pretty much the only way we safely implement it JC is IPv6 important for you not at this point from the internal infrastructure On the excellent infrastructure. We are starting to implementing it. Yes, but today. It's not integrated with this architecture More questions. Okay. The question is about scale challenges, particularly with layer three services So I'll take a crack at that first I'll say essentially in both places. There's challenges and not a provisor. There's challenges in the physical fabric We're exactly we're exactly the your implementation break When you say add in terms of versus an existing Nova based environment or So I think in terms of the hypervisor there's It's on par with what we see with our existing Nova networking implementation In terms I think in terms of the physical fabric as well It's really not adding a A whole lot more demand than what we're seeing right now with quantum So for us, I think the quantum component itself doesn't add any challenges. It depends what network you are using behind it, right? Because Depending if you are using VLAN or if you are using over a network or some other technology, you will have different challenges So if you are using over a networks When you go from the virtual to physical world, you have to go through a gateway, which is kind of a choke point and You have to design your networks in a way that you can scale that layer and The other limitation is what it's not really a limitation, but it's there's Some additional management that you have to do is for every virtual network you have to manage the number of ports that you can put on each network and Create new virtual network every time you reach the capacity in terms of ports Which is also something that you do with physical networks It's abuse right because when you run out of ports on a switch you use another switch So it's the same concepts or you line add a line card or something like that So it's the same concepts that you port in the virtual space something for the choke point, right? if you have like a router or An edge device it has a limited capacity Maybe the the scale today is better on physical device than it is on virtual networks But we will get there when the integration between virtual and physical happens Say about the same the challenge for our scale is not so been so much quantum as it's been the back-end side in terms of you know MVP you can only manage so many hypervisors or only so many OBS instances because it increases the complexity And then there's only so many ports. It's you know more and more into that data store So we've been chasing pretty close with their development right as they release we're kind of right up on the line Constantly with them on in terms of the layer three. That's why we've kind of attached gone after the hybrid approach We didn't feel right now that choking all of the virtual down to a couple to gateways On that we could adequately scale that for our entire cloud So basically, you know, as soon as the VM we get that packet push it through the integration bridge We put it back on the physical network and use kind of what we've learned in our dedicated hosting business more questions So the question is with the physical infrastructure actually understanding overlays solve some of these problems I don't think it would solve much at our case again the overlay you're you're wanting to decouple The physical network or your virtual network from your physical network so that you can kind of you know Use whatever addressing scheme or whatever, you know layer three technology up Beyond that yeah Troubleshooting is definitely there's you know an overlay adds another layer So you have all of you know the troubleshooting you would have had with the physical layers You now have then the layer up Nice here is at least nice in some of their dashboards and that you actually can step through that entire chain So you can you know do port checks between any two virtual ports and then we've kind of augmented and gathered a lot of stats and other things in the graph Find some of the other troubleshooting so So to follow up on your question about hardware so I mentioned right that there is a choke point in the gateway and If you can make your existing infrastructure Terminate the tunnels instead of having this other device that is doing it then you get basically line rate for your Transition between virtual and physical networks because you are reusing your existing distributions tier for example or spine tier, right? So it's it's not that there will be less components or less complexity because in those device You will have like virtual routers which are terminating VX line or STT tunnels And you still have to manage them and enter the MAC address in their tables and so on But because those device are optimized to do that a bit better than for example an appliance then The goal would be to get parity with physical capabilities in terms of throughput and latency Yeah, I would agree with JC on that one anyone else I think there was one over here So the question is their favorite protocol for this. I have I have one which is the most performant one I mean right right now STT is giving us the both we get hardware acceleration with the TCB off-load So right now STT is our overlay mechanism of choice right now, but as we kind of you know as We start seeing the the new chip sets are starting supporting VX land There's definitely a push that we could switch that out. It's purely a means to an end the tunnel itself We're just look for performance Yeah, it's really not about the format. It's it's about the function and you know watching watching the encapsulation wars over the last year or so Sort of waiting to see who's the winner that emerges VX lands not looking bad at the moment Okay, we are out of time actually ran a little over for which I apologize. Could everyone please give a round of applause? Thank you very much