cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1335
Views
1
Helpful
0
Comments
pamor
Cisco Employee
Cisco Employee

liberty.pngThe OpenStack community just announced the availability of its twelfth release, code named Liberty. It has been a quick six months since the Liberty OpenStack Design Summit in Vancouver but with each turn of the crank, OpenStack is getting better and better. Customer adoption is increasing and Cisco continues to help make OpenStack the right choice for creating public and private clouds, contributing code to several OpenStack projects.


neutron.pngNeutron, the networking project, continues to evolve and mature. Cisco has always been a leader in making IPv6 viable and easier to, and in Liberty we have driven the community effort to add support for IPv6 Prefix Delegation (PD). PD allows the assignment of tenant subnet CIDRs to be offloaded to an externally managed DHCPv6 server. Once configured, the OpenStack administrator can be sure that all tenant IPv6 subnets are given globally unique and routable CIDRs, with no knowledge of the underlying network required by the tenant.

Cisco has also been helping with additions to the OpenStack Networking Guide. Cloud administrators can now consult a new section describing how to deploy IPv6 enabled instances and take advantage of all the IPv6 networking features that have been added to Neutron in the Kilo and Liberty releases.

We also added some improvements to Neutron’s VPN-as-a-Service layer (VPNaaS) such as the external IP reporting which will allow users to determine the local public IP address for VPN appliances/VMs and endpoint groups which allows users to specify the “what gets connected” separately from the “how it gets connected”. The latter lays the groundwork for the upcoming multiple local subnet feature which will debut in the Mitaka release.

Our Neutron drivers for Nexus and UCS Manager continue to evolve too. We have focused on making them more robust for Liberty and added support for multiple UCS Manager fabrics. We have also contributed the code for our newest L3 plugin for the ASR1000. More details about these can be found on our OpenStack DevNet page along with Technical Briefs, demo recordings and forums.

curvature.pngBeyond Neutron, Cisco is not just another pretty face. In fact, we have given Horizon a new pretty face with a revamp of the network visualization tab. For the Liberty release we successfully completed the project to merge our Curvature network visualization tool into Horizon. This tool makes it much easier to visualize large and complex networks, making administration easier. I consider myself a dyed-in-the-wool command line junkie but I have to admit that I am hooked on Horizon’s new zoom-able fly-over visualization of large and complex networks. Sometime you just have to admit that a picture is worth more than a thousand words and being able to see the connectivity graph of your networks makes the big picture easier to understand.

Security is always a topic of interest in the cloud community. Relatively new to the OpenStack pantheon of projects, Barbican provides a REST api for the provisioning and management of “secrets” such as passwords, encryption keys and certificates. These secrets are stored in Barbican’s datastore, which can be either a secure encrypted database or a hardware security module (HSM). This storage can be expensive so Cisco has worked on implementing Barbican resource quotas so that service administrators can set quotas for tenants, useful in multi-tenant environments.

Cisco has also been working on the Subordinate Certificates feature in Barbican. To enable TLS encrypted connections in the cloud, clients and servers need PKI certificates to authenticate with each other. In Kilo, Barbican added an API that could be used to request certificates that have been signed by a certificate authority defining the identity and scope of trust associated with the certificate. In Liberty, working with colleagues from Red Hat, Cisco evolved that further, allowing project administrators to create subordinate APIs. This will allow users to request certificates with a smaller scope of trust, thus making a more secure OpenStack cloud.

Performance is another operational area where Cisco is helping OpenStack. An example of this is the work recently completed in Ceilometer to address a concern raised by OpenStack operators. Ceilometer was putting a high load on the Nova, Neutron and Keystone APIs so resource metadata caching was added to reduce that load.

Cisco continues to lead in the field of containers and how they can help make OpenStack easier to deploy and manage. Steven Dake, the Project Technical Lead (PTL) for Kolla, has been busy shepherding the project through incubation and acceptance into OpenStack’s “Big Tent” of projects. As of the Liberty release, Kolla is now ready to deploy OpenStack with n-way active high availability. Kolla does not require the operator to be an expert. Default deployments are done with reasonable out-of-the-box defaults to produce a working cloud. Complete customization is available for every OpenStack tunable parameter, permitting automation of even the most complex deployment architectures.

Another container project that has been maturing rapidly is Magnum. Cisco has contributed code in the Liberty cycle to integrate Magnum with the Heat and Horizon projects so that the orchestration and dashboard tools can access Magnum features. In the Magnum container project itself, Cisco has been driving the Container Networking Model (CNM) effort. The goal of CNM is to standardize the process of allocating networking to containers, while providing an abstraction for supporting various networking capabilities through pluggable back-end implementations. Liberty will see the debut of the CNM feature and will include driver support for Flannel and Netplugin. Support for Mesos will follow soon in the Mitaka cycle.

I am often asked, “How is Cisco contributing to OpenStack?” My answer is always an incomplete, run-on sentence. The features listed in this post are not an exhaustive list of Cisco’s contributions to Liberty, rather just some highlights. You could take a look at Stackalytics.com and pore over the details of all the commits, fixes, and code reviews but even those details wouldn’t paint the complete picture. Cisco is committed to making OpenStack successful and to making our customers successful with their applications running on OpenStack, looking at the whole solution and going beyond the stack, which just so happens to be our theme for this summit, “Beyond the Stack – Build, Deploy, Scale, Connect”.

If you are attending the Tokyo summit, be sure to catch our sessions or stop by the Cisco booth and say hello to some of the developers and product managers that helped make the Liberty release. We look forward to meeting you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


Cisco Cloud Native resources: