Peter Bandzi, Ahmed Maged @pbandzi @amaged Nov 2015 1 Assembling a - - PowerPoint PPT Presentation

peter bandzi ahmed maged
SMART_READER_LITE
LIVE PREVIEW

Peter Bandzi, Ahmed Maged @pbandzi @amaged Nov 2015 1 Assembling a - - PowerPoint PPT Presentation

Jun 05, 2023 207 likes •432 views

Peter Bandzi, Ahmed Maged @pbandzi @amaged Nov 2015 1 Assembling a VPN in the Cloud Service Learning Experience 2 3 - - - - - - - - - - - - - - - - - - - - - Application Home-grown Python Code Front End Back End /User Portal

slide-1
SLIDE 1

1

Peter Bandzi, Ahmed Maged

@pbandzi @amaged

Nov 2015

slide-2
SLIDE 2
  • Assembling a VPN in the Cloud Service
  • Learning Experience

2

slide-3
SLIDE 3

3

  • - - - - - - - - - -
  • - - - - - - - - -
slide-4
SLIDE 4

Application

Home-grown Python Code Front End Back End /User Portal Sharing VPN Meta- Data over Facebook Orchestration/ Dispatching

slide-5
SLIDE 5

Bootstrap/Get Started (BGS)

  • The main goal of BGS is to assemble and test a base set of infrastructure

components for OPNFV.

  • This project achieved that by supporting two deployers for OPNFV Arno, we

used Fuel for building our infrastructure.

5

slide-6
SLIDE 6

Virtual Infra Manager

REST API RESTConf

SDN Controller

Application

OpenStack OpenDayLight

Front End Back End Sharing VPN Meta- Data over Facebook Orchestration/ Dispatching BGS/OPNFV Deployer /User Portal

slide-7
SLIDE 7

Virtual Infra Manager

REST API RESTConf Netconf/Yang

SDN Controller

VNF

Application

OpenStack OpenDayLight

Front End Back End Sharing VPN Meta- Data over Facebook Orchestration/ Dispatching

VPN Termination

BGS/OPNFV Deployer /User Portal

slide-8
SLIDE 8

8

App/ Portal Open Stack OpenDay Light

1 2 3 4 5 6 7 8 9 Request VPN service

VNF/ Router

Instruct ODL to provision VNF

User Facebook

Peer Picking Peer Picked Spin up VNF Provision IPSec Report addressing and preshared key Post addressing and Password IPSec Tunnel Established

slide-9
SLIDE 9

9

ü Picking Peer from Facebook for rapid, painless setup *

* Inspired by Cedric Dessez, https://www.ietf.org/proceedings/87/slides/slides-87-homenet-6.pdf

slide-10
SLIDE 10

10

App/ Portal Open Stack OpenDay Light

1 2 3 4 5 6 7 8 9 Request VPN service

VNF/ Router

Instruct ODL to provision VNF

User Facebook

Peer Picking Peer Picked Spin up VNF Provision IPSec Report addressing and preshared key Post addressing and Password IPSec Tunnel Established

slide-11
SLIDE 11

11

client_manager.compute.servers.create(’router',

image, flavor, key_name=keypair.name, nics=[{'net-id': network.id}]) http://<api-server>/servers

REST Calls Python SDK

Nova Server

Hypervisor (KVM, etc)

VNF

RESTful API Create a VM

slide-12
SLIDE 12

12

App/ Portal Open Stack OpenDay Light

1 2 3 4 5 6 7 8 9 Request VPN service

VNF/ Router

Instruct ODL to provision VNF

User Facebook

Peer Picking Peer Picked Spin up VNF Provision IPSec Report addressing and preshared key Post addressing and Password IPSec Tunnel Established

slide-13
SLIDE 13

13

Nova Server

Appl/ Portal

ODL

VNF / Router list node-subnets { description "IP and mask behind route"; key "ip inv-mask"; leaf ip {type inet:ipv4-address;} leaf inv-mask {type inet:ipv4-address;} } list shared-key { key shared-key; leaf shared-key {type string;} leaf peer-address {type inet:ip-address;} }

YANG Model

/restconf/data/ipsec-service:ipsec/ <list name>/ <key value(s)>

RESTConf

{ “ipsec-service:node-list” : [ { “node-name”: “vRouter”, “node-ip”: “X.X.X.X” } ] }

JSON

slide-14
SLIDE 14

14

App/ Portal Open Stack OpenDay Light

1 2 3 4 5 6 7 8 9 Request VPN service

VNF/ Router

Instruct ODL to provision VNF

User Facebook

Peer Picking Peer Picked Spin up VNF Provision IPSec Report addressing and preshared key Post addressing and Password IPSec Tunnel Established

slide-15
SLIDE 15

15

Peer 1

crypto isakmp key KEY address x.x.x.x ! crypto ipsec transform-set TS esp-des esp-md5- hmac ! crypto map CRYPTO 10 ipsec-isakmp set peer y.y.y.y set transform-set TS match address Spoke ! interface TenGig0/0 ip address x.x.x.x 255.255.255.0 crypto map CRYPTO

CLI Config Peer 2

slide-16
SLIDE 16
  • Assembling a VPN in the Cloud Service
  • Learning Experience

16

slide-17
SLIDE 17

“Open source propagates to fill all the nooks and crannies that people want it to fill.”

Mitch Kapor Founder of Lotus, Co-Founder EFF

slide-18
SLIDE 18
  • In 1995, I almost lost my hair, building a Slackware server.
  • In 2005, I lost my hair, building/coding a Linux Jumpserver.
  • In 2015, We built a VPN in the Cloud server in a few days.

18

Open Source

Made it possible

slide-19
SLIDE 19

With BGS :

  • Install scripts for automated deployment of

the test setup.

  • Comprehensive source-to-tested-

deployment script for running the entire system start to end.

Task Time Installing Infra(Arno/Fuel) 1 Day

slide-20
SLIDE 20
  • APIs coming to networking, took networking out of its Silo.
  • Now Applications can easily control and interact with Networking.
  • Opening up the possibility to a wide range of use cases.

20

Task Time Write PoC Code* 3 Days

* Without Facebook App/Front End.

I need REST APIs

slide-21
SLIDE 21

Thanks

Q&A

21