Peter Bandzi, Ahmed Maged @pbandzi @amaged Nov 2015 1
• Assembling a VPN in the Cloud Service • Learning Experience 2
3 - - - - - - - - - - - - - - - - - - - - -
Application Home-grown Python Code Front End Back End /User Portal Orchestration/ Dispatching Sharing VPN Meta- Data over Facebook
Bootstrap/Get Started (BGS) • The main goal of BGS is to assemble and test a base set of infrastructure components for OPNFV. • This project achieved that by supporting two deployers for OPNFV Arno, we used Fuel for building our infrastructure. 5
Application BGS/OPNFV Front End Back End Deployer /User Portal Orchestration/ Dispatching Sharing VPN Meta- Data over Facebook RESTConf REST API Virtual Infra Manager SDN Controller OpenStack OpenDayLight
Application BGS/OPNFV Front End Back End Deployer /User Portal Orchestration/ Dispatching Sharing VPN Meta- Data over Facebook RESTConf REST API Virtual Infra Manager SDN Controller OpenStack OpenDayLight Netconf/Yang VNF VPN Termination
App/ Open VNF/ OpenDay User Portal Stack Router Facebook Light Request VPN service 1 Peer Picking 2 Peer Picked 3 Spin up VNF 4 Instruct ODL to provision VNF 5 Provision IPSec 6 Report addressing and preshared key 7 Post addressing and Password 8 9 IPSec Tunnel Established 8
ü Picking Peer from Facebook for rapid, painless setup * 9 * Inspired by Cedric Dessez, https://www.ietf.org/proceedings/87/slides/slides-87-homenet-6.pdf
App/ Open VNF/ OpenDay User Portal Stack Router Facebook Light Request VPN service 1 Peer Picking 2 Peer Picked 3 Spin up VNF 4 Instruct ODL to provision VNF 5 Provision IPSec 6 Report addressing and preshared key 7 Post addressing and Password 8 9 IPSec Tunnel Established 10
REST http://<api-server>/servers Calls Nova Server client_manager.compute.servers.create(’router', Python image, flavor, SDK key_name=keypair.name, nics=[{'net-id': network.id}]) VNF Create Hypervisor a VM RESTful (KVM, etc) API 11
App/ Open VNF/ OpenDay User Portal Stack Router Facebook Light Request VPN service 1 Peer Picking 2 Peer Picked 3 Spin up VNF 4 Instruct ODL to provision VNF 5 Provision IPSec 6 Report addressing and preshared key 7 Post addressing and Password 8 9 IPSec Tunnel Established 12
RESTConf Appl/ list node-subnets { Portal /restconf/data/ipsec-service:ipsec/ <list name>/ description "IP and mask behind route"; <key value(s)> key "ip inv-mask"; leaf ip {type inet:ipv4-address;} JSON leaf inv-mask {type inet:ipv4-address;} } { list shared-key { “ipsec-service:node-list” : key shared-key; [ Nova Server ODL leaf shared-key {type string;} { leaf peer-address {type inet:ip-address;} “node-name”: “vRouter”, } “node-ip”: “X.X.X.X” } ] } YANG Model VNF / Router 13
App/ Open VNF/ OpenDay User Portal Stack Router Facebook Light Request VPN service 1 Peer Picking 2 Peer Picked 3 Spin up VNF 4 Instruct ODL to provision VNF 5 Provision IPSec 6 Report addressing and preshared key 7 Post addressing and Password 8 9 IPSec Tunnel Established 14
crypto isakmp key KEY address x.x.x.x ! crypto ipsec transform-set TS esp-des esp-md5- hmac ! crypto map CRYPTO 10 ipsec-isakmp set peer y.y.y.y set transform-set TS match address Spoke Peer 2 ! interface TenGig0/0 ip address x.x.x.x 255.255.255.0 crypto map CRYPTO CLI Config Peer 1 15
• Assembling a VPN in the Cloud Service • Learning Experience 16
“Open source propagates to fill all the nooks and crannies that people want it to fill.” Mitch Kapor Founder of Lotus, Co-Founder EFF
• In 1995, I almost lost my hair, building a Slackware server. • In 2005, I lost my hair, building/coding a Linux Jumpserver. • In 2015, We built a VPN in the Cloud server in a few days . Open Source Made it possible 18
With BGS : Install scripts for automated deployment of • the test setup. Comprehensive source-to-tested- • deployment script for running the entire system start to end. Task Time Installing 1 Day Infra(Arno/Fuel)
• APIs coming to networking, took networking out of its Silo. • Now Applications can easily control and interact with Networking. • Opening up the possibility to a wide range of use cases. I need REST APIs Task Time Write PoC Code* 3 Days 20 * Without Facebook App/Front End.
Q&A Thanks 21
Recommend
More recommend