Policy-Driven Network Service Delivery

Network Service Delivery for Cisco ACI

The joint solution of One Convergence Network Service Delivery (NSD) and Cisco ACI allows for high level of automation of all layers of the networking stack and enables enterprises and service providers to roll out rich set of network services at scale in OpenStack cloud deployments. The solution can support OpenStack deployment with Neutron API / ML2 or with declarative intent based Group-Based Policy.

The solution showcases the following to address the network services challenges faced by OpenStack cloud operators

One Convergence Network Service Delivery controller (NSD)

  • Automating L3-L7 network service deployment
  • Provisioning and operating heterogeneous set of network services
    • Open source
    • Commercial
  • Lifecycle management of network services
  • Visibility and operational interface of the network services

Flexible OpenStack deployment option using

  • Group-Based Policy, and / or,
  • Neutron ML2 Plugin and *aaS APIs

Cisco Application Centric Infrastructure

  • Distributed virtual networking solution using OpFlex Agent and Open vSwitch
  • Integrated physical + virtual telemetry and visibility
  • Ability to insert and chain any type service
    • Tap, L-2, L-3
  • Policy driven model to simplify the deployment for
    • Cloud operator
    • End user
  • Operate networking infrastructure for OpenStack cloud at scale

Benefits

  • Complete automation of all layers (L2-L7) of networking
    • Adaptability to changing conditions
  • Scale and efficiency required by large data centers
    • Fully distributed, scalable virtual networking solution for OpenStack (L2,L3, DHCP, metadata)
  • Simplicity for end user application deployment
    • Policy driven networking
  • Physical + virtual solution
    • Combines bare metal and virtual resources seamlessly
  • Rich differentiated service offering
    • Multi-vendor network services
    • Open-source network services
    • Support for Tap, transparent L-2 & L-3
    • Service chains

 

  • L4-L7 Lifecycle Management
    • Service assurance / high availability
    • Uniform / common model for orchestrating / configuring network services
    • Seamless support for VMs and containers
  • Flexible deployment model
    • Group-Based Policy, and / or,
    • Neutron ML2 Plugin and *aaS APIs
  • Advanced operational visibility and analytics
    • Physical + virtual correlation via APIC
    • Network services

Solution Details

Complete automation of all layers (L2-L7) of networking

The solution uses a common policy model, which is a community driven standard in OpenStack called GBP, to automate all the layers of infrastructure networking in OpenStack. NSD architecture enables L3-L7 services to be quickly integrated and automated in OpenStack on top of Cisco ACI fabric.

Simplicity for end users to deploy their applications securely and optimally

GBP policy model allows end user to specify their application related policies, which can then be overlaid with the infrastructure policies specified by the cloud operator. The policies are then rendered by OpenStack GBP service, APIC controller and NSD controller to configure all the layers of networking within the constraints set by the end-user & cloud operator policies. Further the system adapts to runtime changes, thus automating networking completely. This holistic approach provides a great deal of simplification to operations which translates to a significant reduction in OPEX.

Rich differentiated service offering

NSD along with ACI / APIC provides a comprehensive set of features that are not available otherwise in OpenStack. The ability to insert and chain any type (Tap, L-2, L-3) of network service provided by ACI / APIC combined with the following features provided by NSD takes networking in OpenStack to the next level.

Multi-vendor network services

NSD provides the ability to configure, deploy and operate network services from multiple vendors out of box. It provides a common framework to operate the devices while ensuring the availability of device specific features. Further, the NSD architecture enables relative ease of insertion of a new device into its framework.

Open-source network services

NSD not only provides open-source network services but also extends them by providing assurance, scale and image management.

Support for Tap, Transparent L-2 & L-3

NSD not only provides open-source network services but also extends them by providing assurance, scale and image management.

Service chains

NSD supports a rich and flexible model to compose network services by leveraging capabilities of ACI/APIC and OpenStack GBP. The capabilities include static and dynamic chains, flexible composition of any type of network service and sharing of network services.

L4-L7 lifecycle management

NSD provides comprehensive set of lifecycle management functions for network services that include

  • Network service management
  • Image and upgrade management
  • Network service assurance
  • License management
  • Configuration management
  • Instance management

Flexible deployment model

Though most enterprise cloud operators like the flexibility, simplicity and rich features of the policy driven model, some operators would like to start with base neutron before they move to policy driven model. The solution supports flexible deployment operation mode to have policy only driven model, neutron only or both. This gives ability for the operators to choose any combination during deployment.

Network services operational visibility and analytics

NSD provides a rich operational model for network services by gathering statistics and logs from these services. These not only provide insights into the operations, health and performance characteristics of network services, but also the applications they front. This combined with the insights provided by the ACI/APICI at lower levels for networking, will provide visibility into the entire (L2-L7) networking stack.

Scale and efficiency required by large data centers

While OpenStack provides a reference implementation for networking and may work well for some installations, it does not for enterprise cloud data centers and applications. ACI/APIC in combination with NSD provides the scale and assurance required by enterprises for all layers of networking. While ACI/APIC hardware fabric provides scale and assurance for L2 networking, the distributed routing and NAT capabilities along with distributed OPFLEX control plane of the software scales L3 networking. NSD further provides the scale and assurance for network services with per tenant network service model, elastic scalability and high availability.