posted

1 Comment

Did you decided that it is time to implement OpenStack to build your Cloud? Have you tested in the lab? Evaluated many distributions available and hired specialized OpenStack resources? However, when the environment goes into production, Neutron is not integrating with the physical network?

If the above story closely resembles what you have faced, this post will unconceal the many challenges of Networking with any OpenStack distribution and how VMware NSX is the missing piece for your Cloud.

Networking and Security Challenges with OpenStack

Since its creation, the biggest challenges of OpenStack Clouds implementations are automation, integration and orchestration of the required networking and security components at the physical infrastructure layer. The main difficulty is that these environments are extremely heterogeneous and most of the devices do not have an open and programmable interface for configuration and, thus, the initial way of running OpenStack was to pre-provisioning the network manually and only use basics functionalities when implementing security services.

With the rise of Network Virtualization solutions and evolution of Open vSwitch, some of these challenges were solved, making it possible to create an abstraction layer from the physical elements of infrastructure and automate the virtual network through the programmable interface of Network Virtualization solutions.

However, the Neutron project (responsible for managing all OpenStack Cloud Security and Network services) has been undergoing constant modifications, especially regarding the need for more advanced functionalities, such as dynamic routing, VPN , firewall functionality and others. With those constant changes, maturity, consistency and resilience were eventually undermined.

If you are interested in how VMware is currently contributing to OpenStack community, please read Scott Lowe‘s post – Making OpenStack Neutron Better for Everyone – on our VMware OpenStack Blog.

The table below, extracted from the 2017 OpenStack Foundation User Survey, exemplifies which features of Neutron that are being used the most or currently required in the majority of OpenStack Clouds.

Growth without planning has brought major challenges to the Neutron project. What is most debated today is whether the architecture of this project needs to be reworked, in order to simplify its use and improve its integration with Network Virtualization Solutions.

VMware NSX Integration with OpenStack

Few companies today are using OpenStack in production without a network virtualization platform, and those that are not, usually face major challenges like the ones mentioned above.

The benefits that VMware NSX brings to Neutron can be listed below:

  • Agility: Create Networks at the same speed as the applications;
  • Mobility: Provision and mobility of instances;
  • Security: Micro-segmentation and chaining of partner services for advanced features;
  • Multi-tenant: Possibility of using shared infrastructure among multiple tenants;
  • Simplified Operations: Centralized control and single monitoring;

As mentioned, the challenges with Neutron can be addressed with NSX as follows:

  • Simplified implementation of Neutron services;
  • Stability, scalability and high availability;
  • Continuous development of new functionalities;
  • Higher performance due to distributed NSX architecture;
  • Management, Day 2 Operations, and native Troubleshooting Tools in NSX;

To perform integration with Neutron, VMware NSX has an open plugin available on the GitHub page that can be used by any OpenStack distribution or implementation.

This plugin translates the Neutron APIs calls into NSX APIs calls at the NSX Manager and thus builds the network and security services. The figure below exemplifies and shows an example of what can be deployed using this approach:

VMware NSX supports OpenStack environments regardless of the underlying hypervisors and has plug-ins available for any OpenStack distribution to use its benefits.

Meet some of our customers who are benefiting not only from NSX, but also from VMware Integrated OpenStack at the links below:

On the Road

If you would like to understand more about this topic, I will be delivering sessions regarding Networking and Security Challenges in the following events:

VMworld’17 – Las Vegas – USA

August 27 – 31, 2017 

Mandalay Bay Hotel & Convention Center
3950 S Las Vegas Blvd
Las Vegas, NV – 89119 – USA

My session will be Tuesday, 29th August at 4pm.

To know more about VMworld’17 click here.

OpenStack Day 2017 – São Paulo – Brazil

Saturday, July 15, 2017, 08:30 a.m. to 8:00 p.m.

Gamaro Theater
Doctor Almeida Lima, 1176 Mooca
São Paulo, SP – 03164-000 – Brazil

My session will be at 2:40pm at the main stage.

To know more about OpenStack Day São Paulo click here.

If you have the opportunity to be in any of these events, don’t hesitate to reach me!

I hope you have enjoyed this post and contact me if you have any questions.