midonet roadmap
TRANSCRIPT
MidoNet Roadmap & Vision
Jean-François JolyProduct Manager @ Midokura
October 2015
Disclaimer
• This presentation contains product features that are currently under development.
• Features are subject to change.• Technical feasibility and user demand will affect final delivery.
Agenda
Solving problems⚫ Install⚫ Troubleshoot⚫ Security⚫ Multi-sites⚫ Faster delivery
Problem
Today’s solution
Tomorrow’s solution
MidoNet Releases
2016.H1 2016.H22015.H2 2017.H1
MidoNet 5.1 MidoNet 5.3
MidoNet 5.0
MidoNet 5.5
MidoNet 5.2 MidoNet 5.4
InstallingFirst problem
Example install flow# apt-get install figlet
[…]
The following NEW packages will be installed:
figlet
[…]
Setting up figlet (2.2.5-2) ...
# figlet easy
___ __ _ ___ _ _
/ _ \/ _` / __| | | |
| __/ (_| \__ \ |_| |
\___|\__,_|___/\__, |
|___/
Who needs to deployProduction DevOps
Systems and networks adminsSupport
DevOpsSystems and networks adminsQuality assurance
Test
DevOpsSoftware engineers
Development
MidoNet todayProduction Quick start guide
Installers: Puppet, Mirantis Fuel, Juju, TripleO (RDO Manager) ...
quickstart.sh# curl https://www.midonet.org/quickstart-v5.0.sh | sudo bash
Test
devstackDevelopment
MidoNet today - continued
Agents non disruptive upgradesFlows are not interrupted during an upgrade
MidoNet tomorrow
More installers (Liberty , Suse Openstack installer)Less components : distributed flow and topology databaseSeamless upgrades : API is available, topology can change during an upgradeAuto discovery of services
TroubleshootingSecond problem
Lack of visibility
Today : trace
Trace
Use mm-trace to trace the trafficSee every hosts where a packet transitsSee the logical topologySee the security rules that are applied
Today : inspect
Mirroring
Mirror any destination or subnetMirror to multiple portsMirror to a VM or physical applianceUse tcpdump to view the trafficUse an appliance to perform deep packet inspection and prevent advanced persistent threats
Physical switches
Tomorrow
Integration with the fabric⚫ Underlay and overlay trace⚫ Underlay and overlay topology historyCurate the information to show what's most relevant to the operatorsPro-active fault detection
SecurityThird problem
Endless pressure
External: Advanced persistent threats requires protection of every machine and detection mechanismInternal : Compliance and auditors can dictate software choices
Today : security groups
Manage the security per port
Today : mirroring
Use port mirroring with VM appliances to insert additional security systems
Security appliance
Today : perimeter firewall
Perimeter Firewall for traditional rules management and easier audits
Today : distributed agents
Attacks are dropped at the edge with MidoNet being distributed
Tomorrow
Insert network services directly in the network path at L2 or L3This can be done programmatically using APIRetrieve the Firewall logs via the API for monitoring, audits or complianceSupport Neutron Tap as a Service
Multi sitesFourth problem
Expansion and availability
Enterprises outgrow their initial datacenterDisasters, compliances drive the organization’s multi-sites agenda
Today
Run MidoNet distributed over multiple sitesOrchestrate the multiple sites via the API
Tomorrow
Peer several router to establish a private network between data centers and tenantsOn demand VPN using VPNaaSSingle pane of glass to manage multiple sites : same authentication, security rules...
ContainersFifth problem
Faster delivery
Interest for containers is similar to what happened with VMs 10 years agoImprove application delivery time and frequencyContainers enable reproducible delivery at scale with continuous integration and deployment.Faster to deploy and easier to manipulate than VM
Higher density
Containers footprint is smaller than virtual machinesMore applications running on the same hardware brings more density and even higher network port concentration
Micro services
Application architecture is split in small, specialized, services requiring granular security
Virtual Machine
Image treatment
Communication
Authentication
Business workflow
Container
Image treatment
Container
Container
Container
Communication
Authentication
Business workflow
Today
Run docker containers inside physical machine (nova docker)Run kubernetes and mesos on top of Openstack and MidoNet
Tomorrow
Natively connect docker containers to MidoNet (project Kuryr)Integration of containers within Openstack through Openstack MagnumOrchestrate MidoNet with Mesos, Kubernetes, Swarm...
Join us on Slack to discuss these problems and implement great solution inside MidoNetCheck MidoNet Releases page in wiki:https://github.com/midonet/midonet/wiki/Release-Schedule
Read MidoNet documentation for more details:https://docs.midonet.org/
Follow MidoNet roadmap
