 How y'all doing? So my name is Scott and I get the privilege of following that awesome magician The Intel magic show Kind of wishing because I'm a rock-and-roll musician back home I wish I would have brought a guitar and maybe sung you a song But instead we're gonna talk about network virtualization software-defined networking those sorts of things Again, yeah, so my name is Scott Snedden. That's me on Twitter. Please follow I'll post these slides to slide share I'm not sure how this works at open stack and how we get these things published on the site So I'll make sure I put them on slide share and I will tweet the link as soon as they're posted I'm gonna talk about network policy some of the activity that's happening in the You know open-stack area in the neutron networking area around this policy abstraction framework and why that's important And then I'm gonna do a really short demo because this is the demo theater And if I didn't do a demo one of the other guys of my team was gonna kick my ass So I've got a really short just short and sweet demo showing a new watch network Virtualization between an open-stack cluster and a couple of networks So I'll be doing routing and switching and then I'm gonna show connecting those networks to a VMware cluster So I've got vSphere and ESX and all of that I'm gonna start a VM there and I'm gonna attach it to that open-stack neutron network that I created and Show routing and switching between ESX and neutron. So new watch networks has been around for about two years We launched our product a year ago. We just shipped 2.1 Week week and a half ago. So, you know, we've got some experience in this space now We're talking to a lot of customers around the world Really the thing that is important to these customers and why they care about Network virtualization and things like neutron is this change in consumption, you know The cloud as we all know has really shifted the way Consumers consume these compute resources and by consumers. I mean IT departments or you know public cloud Customers and things like that. They've really gotten away from this order-and-weight model into an instant gratification mode where they can easily Select from a catalog of tools and quickly deploy virtual machines and compute resources on demand When they want and generally where they want and so their expectation is really shifted And so we've we've addressed that requirement and they've need or maybe we've created that need by introducing cloud computing by virtualizing the the infrastructure the Compute infrastructure into a certain extent the storage infrastructure and we've partially virtualized the network So maybe I can start to automate my v-switch configuration But I'm probably still going through a help desk or some change control to change my v-lands or change a router or affect a firewall rule and And and so you know that's Process that's a trouble ticket to a help desk and it takes days or weeks to deploy those things So the network configuration hasn't really shifted enough to match this compute This new compute model or this virtualized on-demand compute model So, you know the service velocity and the rate at which I can deploy new services is really hindered by network process manual processes manual review processes We've seen a lot of SDN solutions come on the market and network virtualization sorts of things that start to virtualize some of the resources So now maybe I can auto provision You know a v-switch and maybe do some vx land things between a couple of v-switches But I'm not virtualizing or I'm not automating everything just yet if I need to talk to a WAN router Well, that's probably another team and another trouble ticket request The security policies are all probably still audited by some security team and that takes time So we're starting to address some of these things, but we really haven't tackled the whole problem We've accelerated, but we haven't addressed all these requirements, you know committees are still building networks even in this SDN mode I've still probably got to go through some steps to obtain IP addresses to obtain the right v-lands I need to connect to so while I can start to automate some of these things I'm still touching a lot of stuff, and I haven't really shifted away from the old paradigm of how I provision network services And even worse I have I'm actually taking some of that Configuration step out of the network team and placing it in the DevOps teams hands So now I'm forcing my DevOps teams to understand things like subnets and networks and IP routes And you know, that's not necessarily their expertise and not necessarily where I want to be wasting their time So what those DevOps teams want what the compute teams want are just a sandbox of network They don't care that it's VLAN or VXLAN They don't necessarily care even how those things are connected together as long as they meet some SLA You know, they just want to be able to place their applications into a group I want my database applications grouped together appropriately. I want my Application tier and my web tier grouped together appropriately with the required security policy applied automatically Without having to force them to worry about the specifics of how that gets implemented So the whole idea of this network policy is to really abstract away all of those detailed configuration knobs Away from that app team and just present a really simple template that they can deploy in a language They understand so this model here is really will you create a Network template or a network policy that defines groupings Subnets zones security policies in between potentially routes out to an internet or an MPLS network or something like that That's stored as a template that template is then given to users to consume There's some policy evaluation that decides if that user is permitted to use that network service And then that network service is deployed in an automated fashion and sort of a rinse and repeat over and over model So this is really what policy-based networking is all about Mike tell me if I'm wrong But it's Mike the vorkan over there's Helping a lot with what we're doing an open stack. So how do we expose this into neutron? Well, there's this activity underway that new edges involved in Cisco's involved in Plexi IBM several others are contributing to this work It's called this open-stack group group based policy abstractions and really the desire here is to present this Application-centric approach to networking moving away from traditional definitions like ports and routers and subnets really into a highly abstracted interface that lets developers just Kind of define and consume API calls that are relevant to their their needs their use cases I need to group my app servers together I need to group my database servers together and then I need to consume the security policy or the traffic control policy between those things Without really imposing constraints on what the implementation details are and so, you know This sort of looks like this where within neutron what we'll say is we'll have some You know some element or some endpoint group or EPG Will group virtual machines or application types into those endpoint groups? We'll just find some sort of contract as to how those endpoint groups connect together And then those these will all be presented as a really simple neutron based API call So this works ongoing This project was is approved and is under development and you'll should see these things coming in June. Oh And then we're all working really hard on this now From New Agis perspective, we've been doing this all along so the New Agis platform and our VSD our virtualized services directory has all of these sorts of policy definitions in place with our own APIs to present these things the work We're doing an open stack is to be exposed those sorts of models into an open source and an open system So, you know really? We can do some of these sort of networking things in neutron today But we want to be able to add to that to add some of the functions that are available in some of the more advanced networking tools And then just express them in a really simple API call So I'll get into the kind of pitch now So New Agis is we deliver a product called the virtualized services platform. There's three pieces to this product. There is a Virtualized services directory or policy engine, which is where all of these policies are created and defined I delegate authority to users to consume those policies There's a really pretty gooey that you'll see in my short demo in a couple minutes that I've got a hurry to get to There's a services controller, which is our SDN controller very very scalable Scaleout model leveraging very very proven routing operating systems to peer with your network tools like BGP and MPLS built in under the covers But abstracted and simplified into these policy templates and they become part of the network service And then we leverage open vSwitch. So we've got a forwarding element that sits on every hypervisor We've got cross-platform open support. We have a neutron plug-in. We have support for VMware We can also support cloud stack. We support ESX, Xen, and KVM And we can work in any data center network with data center hardware We're an overlay solution using VXLAN or GRE or IP tunneling techniques to route packets across the fabric So whatever data center fabric you've got in place will work with just great And then we've got a model here where we can seamlessly interconnect multiple clouds together Leveraging our scale-out approach to these things we can route packets and peer with MPLS and wide area networks and extend across multiple sites in a very very large-scale way and Tackle multi-cloud multi-hypervisor use cases So when I think about migrating to open stack some of the challenges are a consistent networking solution across platforms And so what I'm going to show you is our little demonstration that we pulled together today Demonstrating how we can actually do networking across platforms. So awesome that worked so I've got I've got a horizon screen here. I've got open stack running in a lab Over in Belgium. I think is where we actually logged in around these things I went ahead and pre-created a couple of networks network one and network two you can see the IP addressing on those networks Over on the VSD console, which is the new eyes user interface I see this tenant which is our open stack default enterprise We created and I see that when I created those networks in the open stack neutron interface They were pushed through the API into the new watch system and I had those defined and spelled out on our topology So I went ahead and created a couple of virtual machines here So I'm going to start a VM and I'm going to attach it to that first network And you can watch me fumble around the user interface because I spend more time talking and less time doing these days and So, you know, I've got a network interface. I'm going to attach it to the first network I'll go launch that interface that machine Then I'm going to go launch a second interface You'll watch me make a flub here where I forget to actually assign a network to it and boom error message Thanks, horizon for making me smart Attach that to network to we'll go launch that machine So back over on the new watch VSD interface I'm going to see say I've got IP addresses there assigned 1.1.1 subnet and 2.2.2 subnet On the VSD screen. I see those two virtual machines Attached to those networks that were created before so this is the graphical representation of what's going on at VSD Two different subnets VMs attached to each of them if I drill down in our user interface I can see all of those virtual machines in some detail about them Thanks, humon for tweeting about me in the middle of my presentation. So, um, I You know, so I've got those two VMs there now I'm going to switch over to vSphere and the integration that we've done with VM where you see I've got this little new watch tab that's added to the vSphere user interface I can select that open stack enterprise that I'd created in the new watch solution before The you my user ID select that router that was created collect one of those zones Select one of those subnets within that zone and go start a virtual machine And again, you'll watch my mad skills on the VM work ui where I fumble around to try and remember how the hell to start a virtual machine Wait too much time on airplanes not enough time actually working with things these days So thankfully I have a great team of technical people behind me that makes this stuff work When I'm actually with a customer so I've started that virtual machine that guy's booting over here I'm going to go back over to the VSD screen and show you How that virtual machine is now reflected in in VSD and you'll be able to see that Now awesome. So now I've got a third virtual machine attached to that guy He's up and he's starting If I drill down again on the router, I'll see that I've got that attached to a different hypervisor So new eyes is detecting those virtual machine start events. We have our Virtual routing and switching element installed on each of those hypervisors some KVM hypervisors and some ESX hypervisors And we're able to build networks seamlessly across those. We're just doing VXLan tunneling But we're doing them cross platform but crossed many different You know, I guess humans watching it online or is he here? Yeah anyway So now I'm back logged into that tenant VM that was running on ESX and I'm pinging one of the VMs on I'm going to pause this just for a sec to make sure we catch both of these things So that ESX host is on the 1.1.1 subnet And so he's pinging that open stack VM that was running on 1.1.1.2 So too many ones anyway So I'm switching layer 2 switching. I'm on the same subnet. I'm able to L2 switch between these Two different machines on two different flavors of hypervisor and two different cloud systems doing L2 and then in the second ping here I'm actually pinging that virtual machine that was on that other subnet. So I'm able to do routing between these machines I'm not going through a physical router. I'm not going through a router VM The new watch solution distributes its routing down into every hypervisor Distributed virtual routing and switching at very high-scale at very high performance without all the extra Linux bridges That you need in the base level neutron. So we achieve great performance Commercially available highly available all of these things are delivered today and we're shipping this product now So, you know, I've been able to achieve some connectivity between which is step one from migrating from a VM more environment to an open stack environment I've got a consistent network platform with consistent network policies between each of these So to quickly wrap up. I'm going to show you more slides because I'm a slide guy As you can see my technical skills suck. So I should just stick with PowerPoint. So, you know to kind of wrap up The creation of these distributed networks are good software to find networking is a good important step forward But what we need is a better policy model and a better way for those DevOps teams to consume these network services You know the creating these virtual networks, but not changing the operational paradigm doesn't fix all the problems And so a policy abstraction model is actually a proven framework for managing networks We've been doing it in LTE and carrier networks for decades. Well, not LTE networks for decades, but you know what I mean So we've got a lot of experience with these models let's bring these networking models to the cloud systems and move this forward in the right way and We've been successfully shipping this technology For just over a year now So a little more information again, you'll be able to follow these links in my slides The new watch networks.net is our website. You can find out all kinds of information there the open stack Policy work is and the blueprint is linked here. There is similar work going on in open daylight That's linked there that we're also working with the open daylight team on and I'm over by about a minute and a half. Thanks for your time. I really appreciate it and come by the booth. Thank you