Experimenting with software-defined networking (SDN), overlays and container networking is the latest step in PayPal’s journey to build its next generation Enterprise Cloud infrastructure. At Open Networking Summit 2016 (ONS), Jigar Desai, VP of Cloud and Platforms at PayPal, shared the company’s transition over the past three years from a consumer perspective. He covered why and how this SDN journey started, key business use-cases, the current state of SDN, challenges, and its future vision.
“OpenStack for us is not an experimental platform, but it is taking 100 percent of front and mid-tier traffic. So every payment transaction on PayPal is actually hosted on OpenStack,” Desai said at his keynote talk “We wanted to operate SDN through OpenStack Neutron and wanted this access available to both cloud operators as well as cloud users.”
First, Desai provided context on PayPal’s evolution from a monolithic application to a cloud-based robust, reusable, and platform-based architecture to drive developer productivity and business agility.
This architecture has four layers. The Infrastructure & Operations layer at the bottom provides computer, storage, and network and is powered by OpenStack. On top of that is the Platform-as-a-Service (PaaS) layer — the core technology and analytics platform that provides services like messaging, logging, monitoring, analytics, etc. to be leveraged across all PayPal applications. On top of that is the Payments Operating System (POS), which is the foundation for all payments-related microservices and which serves all customer-facing experience through mobile and web apps. Finally, the top layer comprises customer-facing applications.
Desai said a combination of open source software for the infrastructure layer and proprietary software for the PaaS layer has seen PayPal release code in a matter of minutes and days instead of weeks and months. More than 50 percent of developers have already transitioned to this model.
Next, he outlined the motivation for the experimenting with SDN at PayPal, use cases, SDN architecture, current challenges, and future vision.
Motivation for SDN at PayPal:
- Ability to logically isolate cloud resources (compute, storage, network) for different business use cases requiring different security policies while co-existing on shared infrastructure.
- Move computes between security zones as needed
- Programmatic APIs to reduce operational overhead
Two distinct use cases with different security requirements and running on shared infrastructure but isolated by SDN using overlays:
- External zones – hosting beta apps reachable from the Internet but separated from other zones.
- Developer zones – hosting developer tools with no direct access from the Internet but available via corporate network.
SDN Architecture at PayPal
PayPal uses a SDN plugin, accessible via the OpenStack Neutron API, which talks to horizontally scaling SDN controllers to push down security policies and rules to hypervisors and OpenSwitch through Openflow.
PayPal operates SDN and overlays for multiple zones but not yet on production critical workloads. This will occur in due course as the industry overcomes the following challenges:
PayPal’s vision for the future of its cloud stack sees its proprietary PaaS layer being replaced by Mesos and Docker. It also envisions support for stateful applications in addition to stateless and exploring the possibilities for using public cloud for non-critical use cases.
Watch the full talk, ‘PayPal Cloud at Scale’ below.