This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
1. - Evaluating OpenStack for your cloud services environment: Read more in this section
- A skeptical look at OpenStack architecture
- What can OpenStack Quantum do for cloud providers?
- Martin Casado on OpenStack Quantum and cloud networking
Explore other sections in this guide:
- 2. - Two open source cloud initiatives, lots of decisions
- 3. - How cloud providers are using OpenStack
While OpenStack has had deep functionality for orchestration of compute and storage resources for some time, the networking capabilities of the platform were quite limited before Quantum. Adding this missing piece enables higher-level streamlining of networking and brings the OpenStack community closer to its overall goal of creating an operating system for the cloud that orchestrates compute, storage and networking resources.
"The OpenStack projects were initiated and modified by the builders and users of clouds -- that's the innovation driving it," said OpenStack Foundation Executive Director Jonathan Bryce.
Why the need for OpenStack Quantum?
As cloud providers began to build their services upon server and storage virtualization, they quickly recognized that the complexity of networks required more automation.
"This requires true networks that can broadcast and multitask to manage everything in a much more flexible way than has traditionally happened at the networking layers. That's what OpenStack networking tackles and the value it adds," Bryce said.
Quantum is actually the first functioning software-defined networking (SDN) northbound API, Brent Salisbury, lead network engineer at the University of Kentucky, pointed out. It allows an SDN controller to interact with higher-level management and orchestration systems -- enabling a much greater degree of cloud automation and flexibility. Many SDN vendors have announced support for OpenStack Quantum through their controllers' northbound APIs.
How does OpenStack Quantum work?
Quantum consists of three layers of APIs:
1. The top layer is a RESTful API that sends Quantum API and routing API requests to the correct endpoint within the pluggable infrastructure.
"With this API, you can create virtual ports and networks and attach VMs to the networks -- all the basic networking concepts," Bryce said.
2. The middle layer contains software that provides authentication and authorization control.
3. The bottom layer is a set of driver-based plug-ins that let Quantum connect to and orchestrate network infrastructure. Each plug-in is designed to work with a specific vendor's project or open source project.
"Vendors have created plug-ins to allow you to manage their networking gear using the OpenStack networking framework. This includes traditional networking vendors, like Cisco, and startups like Big Switch and Nicira (acquired by VMware), doing SDN," Bryce said. "It's a flexible framework that gives you a standard API to manage that work. You can do a lot of different networking gear underneath and abstract that way."
Vendors who offer network infrastructure will need to publish their code and provide hooks that everyone can form into a standard API. "It's one of the most unique things about Quantum, because there's never been a standard networking API before," Salisbury said.
Using OpenStack Quantum
Like many new technologies driven by open source communities, both OpenStack Quantum and SDN are still highly complex.
"This complexity needs to be simplified by making it as friendly to install as possible," Salisbury said, although he describes the advanced services -- such as load balancing-- that can be provisioned out with Quantum as "quite impressive."
Quantum also enables flexibility and elasticity for cloud computing, according to Laurent Lachal, senior analyst at Ovum. "Quantum aims to turn network assets into on-demand resources that can be dynamically provisioned the same way compute and storage resources are," he said.
Users can also orchestrate network security resources such as intrusion detection systems via Quantum -- something e-commerce, finance and health care applications require to proactively monitor and detect security breaches. "It's extremely important to have all of these rich networking capabilities that let you network hardware yourself, manage it without intervention, put it all into software and create a standard framework around it," Bryce said.
Value for cloud providers? Give customers control over their networks
OpenStack Quantum enables providers to let customers provision and manage networks in a public cloud environment according to their own requirements, Bryce said.
Now customers will have much deeper control over cloud networks than ever before. In the past, they might have had some load-balancing services, IP management services or services based on a virtual private network (VPN) to use, but now they can provision entire networks. This depth of control will allow customers to create real networks with true separation and segregation -- two things they don't have access to as cloud consumers today.
"The OpenStack networking project has a process of multitasking, and management layers, so providers can delegate different access rights and responsibilities to their users and, within limits, even let them set up their own networks," Bryce said.
Multi-tenancy is another big value of OpenStack Quantum. "With a hypervisor, you can spin up five virtual machines (VMs) and add five different customers," Salisbury said. "To keep traffic separate, Quantum lets you either provision a VLAN between the virtual switch and the host -- all in the same physical box -- or build a 'tunnel.' It's extremely complicated, but it's how we'll get to scale at multi-tenancy. In the future in the data center, orchestration will be API-driven -- Quantum is the first generation."
Today's network traffic is separated by VLANs with a finite limit of 4094. Cloud providers quickly burn through 4094 customers, so companies are pursuing overlays, Salisbury explained. "With Quantum, there's no finite number of tunnels that can be used. It ignores the underlying limitations and enables a lot more flexibility."
Quantum adoption timeframe?
Cloud providers appear to be drifting slowly toward Quantum, but not everyone is waiting.
"The most aggressive deployers of OpenStack -- service providers like Rackspace and enterprises like eBay -- have been running Quantum since the OpenStack Essex release in early 2012," said Dan Wendlendt, team lead for the OpenStack Quantum project and VMware's senior product line manager in the Networking and Security Business Unit.
New updates are issued about every six months, and with its latest release "Folsom" in late 2012, Quantum became a core supported OpenStack project. At that time, Wendlendt saw a huge jump in the number of organizations evaluating it.
"The increased interest is due to the fact that more people have now stood up basic OpenStack, only to realize that limitations in traditional networking technologies are preventing them from building the rich enterprise cloud offering they need," Wendlendt said. "I expect many of these Quantum trial deployments to turn into production deployments during mid to late 2013."