Published: 03 Mar 2014
OpenStack, the most popular open source cloud infrastructure platform, has evolved rapidly in a few short years to become a major factor in the growth and adoption of cloud computing. But while much of the attention has been on OpenStack's compute functions, it has also opened up a new world in networking, enabling engineers to automate and orchestrate network resources the way they would virtual machines.
At the heart of these capabilities is OpenStack's Neutron application programming interface (API), which can be used to integrate the provisioning and management of these network resources into the orchestration of the overall IT infrastructure.
Neutron's open networking capabilities handle a wide range of tasks, including the management of both networks and IP addresses. Users can create their own networks, control traffic and connect servers using Neutron, while administrators can apply OpenFlow and similar technologies to deliver software-defined networking, multi-tenancy and high levels of scalability, according to John Igoe, vice president of private cloud at Rackspace, the San Antonio, Texas-based service provider that co-founded the OpenStack project with NASA.
In addition to being among the original contributors to OpenStack, Rackspace was also an early adopter of the technology for internal use. It has since gone on to offer OpenStack-based cloud services to customers, many of whom have gone on to use Neutron in their environments, Igoe said.
"With Neutron, you don't have to do command-line coding in order to get something into your networking environment," he said. "If you think about that capability and about OpenStack with its APIs and about orchestration -- now other open source projects, such as Chef and Puppet, can be brought together too, allowing you to create things like special DevOps environments."
Orchestration hinges on API
Compared to OpenStack's other services, Neutron is a relatively recent addition. Originally introduced as Quantum in September 2012, it was renamed Neutron a year later to avoid confusion with a data storage vendor with the same name.
OpenStack began with a few core elements, including Nova, which handles compute functions. Nova had included some networking capabilities, but as it evolved from prototype to production and then scaled out to very large deployments, Igoe said, developers decided it was time to take networking out of Nova.
"So, that project inside of Nova was replaced by the project that became Neutron," he explained.
Orchestration exists at several levels in OpenStack and Neutron. Some of these capabilities exist in Heat, an OpenStack service that uses templates to orchestrate multiple composite cloud applications. Heat also has an OpenStack-native REST API as well as a query API compatible with Amazon Web Services' (AWS) CloudFormation provisioning tool.
To stay competitive, OpenStack APIs are also compatible with Amazon's Elastic Compute Cloud and Simple Storage Service, potentially allowing applications written for AWS to be used with OpenStack.
"IT folks like APIs that they can write to," Igoe said. So do vendors, which can use Neutron as an abstraction layer that can be embedded inside various controller nodes in an environment.
"You can call [Neutron] and ask for things, and because it was built in an open architecture, vendors can write plug-ins and allow Neutron to access their equipment," Igoe said. For example, using Neutron, a networking vendor could write code for its router or a developer could write an API call to Neutron to connect to a switch.
Networking built for the cloud
At a high level, OpenStack is essentially a cloud operating system meant to provide automated and programmatic control for large pools of computer storage and networking resources throughout a data center, according to Brad Casemore, a research director at Framingham, Mass.-based IDC. It is managed through a dashboard that gives administrative controls to provision resources programmatically.
"As you roll up more apps, it is harder and harder to provision [them] manually, and you also want a way to automate management and orchestration," Casemore said. "From a networking perspective, things that come up again and again with virtualization and cloud are that the traditional network wasn't designed to deal with multi-tenancy and with the levels of virtualization and virtual-machine mobility and motion that occurs with data networking today."
Since existing on-premises and cloud systems have tended to be so "brittle and hand-coded," there is a need for networking to be more acclimated and attuned to virtual networks, he added.
Cloud providers are specifically concerned about the market power of AWS because so many public-cloud workloads have gone to it, according to Casemore, who notes that cloud vendors are looking to counter the perceived hegemony of AWS with OpenStack as the candidate to become a standard public cloud platform. Others see OpenStack as the path to private cloud, but he acknowledged there are many different motivations for adopting OpenStack.
Part of the reason OpenStack has gained so much traction is because the market was looking for an open source, community-managed project that would offer a viable alternative to AWS or other proprietary implementations of cloud over time.
"This is very critical for users," said Nick Barcet, a board member of the OpenStack Foundation and vice president of products at eNovance, a Paris-based service provider that specializes in developing, deploying and managing OpenStack for its customers. "Even though they may not always choose to use it, they need to be able to multisource their infrastructure. I don't think any business wants to have a single provider, though they do want a single way to address the cloud -- and I think OpenStack is becoming that [medium]."
A shared concern is the need to enhance connections. In the early days of OpenStack, there was a plug-in that came with Neutron, Casemore explained. It was intended just to run virtualized network resources like Open vSwitch, however, making the connection to the physical network the missing piece -- one that now comes from vendor-provided plug-ins.
"The catch is if you have a network plug-in right now, [it is] proprietary," Casemore said. "OpenStack is open, but if you want to use a Juniper plug-in, it doesn't work across the board."
In fact, there are some initiatives to create an intermediary between the proprietary plug-ins and Neutron to provide a generic plug-in to manage virtual and physical switching while also providing support for load balancers and firewalls.
"As many people argue, Neutron solves interoperability issues for the operating system but introduces proprietary platforms" in the form of vendor plug-ins, Casemore said.
Although Rackspace runs OpenStack and its components in its own environment, Casemore said most enterprises have yet to cast a ballot for cloud orchestration using the technology, noting that OpenStack isn't the only open source cloud platform available. Other options include CloudStack and Eucalyptus, an open source platform for building AWS-compatible private clouds.
Enterprises will also be looking at "distro developments" like Red Hat's Enterprise Linux OpenStack platform, Casemore added. Red Hat claims the platform provides OpenStack with a stable, reliable and secure foundation, along with hardware and application support that enterprises demand.
Is OpenStack right for you?
Before deciding how to use Neutron's open networking capabilities and Heat's orchestration functions, IT organizations must first decide whether an open source approach -- and OpenStack in particular -- makes sense for them. Without licensing a commercial distribution, open source users must rely on community forums and wikis in place of vendor support.
But the open source model for delivering Infrastructure as a Service holds particular appeal for many enterprises, according to eNovance's Barcet.
Compared to proprietary software, open source software generally offers a very modular approach that provides a clear distinction between API implementation and back-end implementation. That means users don't have a monolithic piece of code that can only be implemented one way; rather, they have a versatile framework they can assemble to meet whatever business requirements they have, Barcet said. For example, one version of OpenStack could be configured to perform big data analytics while another might focus on high-performance computing.
"Each has different requirement, but it is possible to do both because all the components can be assembled or separated as needed, which makes it very powerful," he said.
But OpenStack also stands apart from other open source projects in how quickly its community has grown, Barcet said. For Linux, it took about 10 years to see most of the big names in computing making contributions to the project, he noted. By contrast, OpenStack is entering its fourth year and its contributors already include such big names as IBM, HP, VMware and Intel.
"This is a huge collaboration in terms of the time it took to assemble this," Barcet said. "Of course, there is always politics, but that doesn't affect the way people code."
- How You Can Make Incident Response Faster and More Efficient –CoreLight
- Dramatically Reduce Incident Response Time with Splunk® and Bro –CoreLight
- 5 Ways Bro Gives You Better Data for Incident Response and Threat Hunting –CoreLight
- Universities, Network Security, and Bro: A Roundtable Discussion –CoreLight