DEV Community: Muhammad Antar

TelcoCloud 101

Muhammad Antar — Sun, 14 Jul 2024 16:57:03 +0000

- What's TelcoCloud ?

It's a Cloud infrastructure that telecos can deploy its services and applications " IMS , RAN , Core " within cloud infra resources .

let's go back a little bit , Telcocloud was based on Virtualization technology and in the Era of 5G , Telcocloud is mainly depend on Hyprid Cloud Arch , VNF Tchnology , SD-WAN .

- TelcoCloud benefits :-

With high data rates through Mobile generations and continuous increase in Applications and for sure the demand of Automations , Telcocloud became a mendatory to cope with the data high rates and Telco Applications , similar to Cloud IT needs but with different Applications , Architecture and for sure Business Case .

- NFVI Architecture :

1- First Layer is the " physical layer " : Servers , Network and Storage .

2- Second Layer is " Virtual Layer " : converting the physical resources to Virtual Rsources using the Hypervisor .

3- Third Layer is the " VNFs " that host the Telco Apps , machines on top of the hardware networking infrastructure. VNFs include routers, switches, SD-WAN, firewalls

4- Fourth Layer is " MANO Orchestration " : NFV management and network , it's a Framework that provides the core operation functionality in TelcoCloud Network .

5- Last Layer is " OSS/BSS " (Operation Support System/Business Support System) : OSS deals with network management, fault management, configuration management and service management. BSS deals with customer management, product management and order management .

- MANO Orchestration Arhcitecture :-

1- NFV Orchestrator : it's a componenet which you can do onboarding for VNFs and operate it's Life cycle management and Validate NFVI resource requests .

2- VNF Manager : Control Life cycle management for VNF instance even if setting up or maintainning , we can describe it as " VNFs Controller " .

3- Virtual Infrastructure Manager : We can manage NFVI Compute, Storage , Network throug it .

Super-Duper Docker

Muhammad Antar — Tue, 24 May 2022 21:06:57 +0000

1- What’s Docker?

Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications.

This definition will take us to an important definition called Containerization: Containerization is the packaging together of software code with all it’s necessary components like libraries, frameworks, and other dependencies so that they are isolated in their own “ Container “ .

Now we will move into an important question, what’s the difference between Containers and Virtualization?

2- What’s the difference between Containers and Virtual Machines?

If we checked the photo attached we will see that

Containers: Containers create lightweight, isolated logical namespaces on the underlying operating system, usually within the Linux kernel. Popular Container runtimes commonly used in software engineering are Docker and LXC. Every container has its specific network stack and its own process space, including all of the underlying dependencies required to run the application or service.
The contents of a container are held in a binary file. Containers run independently from the operating system and other containers running on the system. Since they don’t contain the entire operating system, containers are very lightweight. Containers are a small computing unit, allowing a single operating system to run hundreds or even thousands of containers.
Virtual Machines: A Virtual Machine (VM) contains and runs a complete operating system on the underlying virtualized hardware resource. Popular Virtual Machine providers or Hypervisors are Citrix, VMWare, and Hyper-V.
These virtualized hardware resources are created and managed by the Hypervisor. Type 1 Hypervisors run directly on the host machine hardware, while Type 2 Hypervisors run on top of the host machine’s operating system. Each Virtual Machine is an image of a complete operating system, so it tends to be a much larger computing unit, usually a couple of gigabytes.

3- Docker Architecture:

Docker uses a client-server architecture. The Docker client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface. Another Docker client is Docker Compose that lets you work with applications consisting of a set of containers.
A- The Docker daemon: The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes.

B- The Docker client: The Docker client (docker) is the primary way that many Docker users interact with Docker.

C- Docker Desktop: Docker Desktop is an easy-to-install application for your Mac or Windows environment that enables you to build and share containerized applications and micro services.

D- Docker registries: A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default.

4- NameSpaces:

Docker uses a technology called namespaces to provide the isolated workspace called the container. When you run a container, Docker creates a set of namespaces for that container.
These namespaces provide a layer of isolation. Each aspect of a container runs in a separate namespace and its access is limited to that namespace.

Neutron Service in OpenStack

Muhammad Antar — Wed, 11 May 2022 17:40:25 +0000

Last Article we talked about storage in cloud and the difference between block, object and file storage. We will talk about network service in openstack that called Neutron.

1- What’s Neutron?

Like openstack said , Neutron allows you to create and attach interface devices managed by other OpenStack services to networks. Plug-ins can be implemented to accommodate different networking equipment and software, providing flexibility to OpenStack architecture and deployment.

2- Neutron Components :

There are 3 main components in Neutron Service

A- Neutron-Server : Routes API requests to the appropriate OpenStack Networking plug-in
B- OpenStack Networking plug-ins and agents: Plug and unplug ports, create networks or subnets, and provide IP addressing. The common agents are L3 (layer 3).
C- Messaging queue: Used by most OpenStack Networking installations to route information between the neutron-server and various agents. Also acts as a database to store networking state for particular plug-ins.

3- Difference between L2 Agent and L3 Agent :

A- L2 Agent : The L2 agent runs on the hypervisor (compute nodes),and its function is simply to wire new devices, which means it provides connections to new servers in appropriate network segments and also provides notifications when a device is attached or removed. In our install, we will use the OVS agent.

B- L3 Agent : The L3 agents run on the network node and are responsible for static routing,
IP forwarding, and other L3 features, such as DHCP.

4- Basic Neutron process : When a new Vm try to booted with neutron , that’s what happen in the back ground
A- Boot VM start.
B- Create a port and notify the DHCP of the new port.
C- Create a new device (virtualization library – libvirt).
D- Wire port (connect the VM to the new port).
E- Complete boot.

KeyStone in OpenStack

Muhammad Antar — Mon, 09 May 2022 18:04:22 +0000

1- Keystone :

Keystone is the identity service in openstack , verifies the user’s identity and provides information about which resources the user has access to.The Keystone project provides authentication, authorization , Provides authentication for other services as we found in last article like authentication for : Nova-Compute , Swift Object Storage , Neutron Networking , Glance Image , Cinder Block Storage and Horizon Dashboard .

2- Keystone Identity Flow :

Requests to the Identity service are made via an API call , Keystone Provides service catalog “Service API URL” which means any service will be added on openstack should be registered on keystone . Keystone saves info of roles , groups , users and these info could be from external identity like LDAP .Keystone also includes WSGI middelware to provide authentication support for Nova and Swift. Keystone has DB .

Flow :

A- User send credentials to the keystone .
B- User gets token from Keystone .
C- User send request + token to openstack services .
D- Keystone check the tokens with openstack services .
E- User recieves response from openstack service .
3- Keystone Architecture Concepts :

A- Services : Keystone is organized as a group of internal services exposed on one or many endpoints .

B- Identity : The Identity service provides auth credential validation and data about users and groups .

C- Users : represent an individual API consumer. A user itself must be owned by a specific domain .

D- Groups : are a container representing a collection of users .

E- Projects : represent the base unit of ownership in OpenStack, in that all resources in OpenStack should be owned by a specific project. A project itself must be owned by a specific domain

F- Domains : are a high-level container for projects, users and groups. Each is owned by exactly one domain. Each domain defines a namespace where an API-visible name attribute exists. Keystone provides a default domain .

G- Roles : dictate the level of authorization the end user can obtain. Roles can be granted at either the domain or project level .

H- Token : Token service validates and manages tokens used for authenticating requests once a user’s credentials have already been verified.

J- Catalog : provides an endpoint registry used for endpoint discovery.

4- Keystone Role in Vm Creation :

A- The identity service (Keystone) authenticate the user with the user credentials and then generates and send back an auth-token, that auth-token which will be used for sending the request to other components through REST-Call .

B- Keystone verifies the user has the correct permissions for the request based on its own policies

C- Keystone replies with the temporary token and the list of tenants the user has access to .

D- Glance-api validates the auth-token with keystone and after that nova-compute gets the image metadata .

E- cinder-api validates the auth-token with keystone and then nova-compute gets the block storage information .