Upload
clyde-fitzgerald
View
228
Download
5
Embed Size (px)
Citation preview
+ +
Under the Hood: Network Virtualization with OpenStack Neutron and VMware
NSX
Somik Behera – NSX Product Manager
Dimitri Desmidt - NSX Senior Technical Product Manager
Slide 2Slide 2
Agenda
‣ Intro – VMware philosophy on OpenStack (2 minutes)
‣ Why Neutron + NSX VMware Plugin (20minutes)
‣ Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX VMware Plugin" (10 minutes)
‣ Q&A (10 minutes)
Slide 3Slide 3
Agenda
‣ Intro – VMware philosophy on OpenStack (2 minutes)
‣ Why Neutron + NSX VMware Plugin (20 minutes)
‣ Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX VMware Plugin" (10 minutes)
‣ Q&A (10 minutes)
4
VMware Philosophy on OpenStack
Customer Choice• VMware supports Customer choice.• Our support for OpenStack enables choice
OpenStack• An open framework for building clouds• Assembles a solution from underlying
Compute, Network, Storage components.• Can be managed and automated using
many solutions.
An Opportunity for VMware SDDC• VMware SDDC provides best-in-class
Compute, Network, Storage & management solutions for OpenStack.
• We view OpenStack as an opportunity for VMware SDDC portfolio.
Public CloudsPrivate Clouds
Hybrid CloudSeamlessly extend your data center to the public cloud
Virtual WorkspaceManage access to services, applications and data for any
device
The Foundation for IT: Software Defined Datacenter
Software-Defined Data CenterVirtualize the entire data center
Management and Automation
Storage and Availability
ComputeNetwork and
Security
5
VMware Technologies and OpenStack
Tenant-Side
Operator-Side
Benefits of OpenStack API & Ecosystem
Choice of best-in-class virtualization & management technologies
Horizon( Web Portal )
vSphere & vCenter
CLI Tools & Scripts(DevOps Automation)
vCACApplication Director
Nova(Compute)
Neutron(Network)
Cinder(Block Storage)
Glance(Image Store)
NSX vSANvCenter
(Image Catalog)
Cloud Operator Tools(vCenter, vCOPs, Log Insight etc.)
Third Party Operator tools(Puppet/Chef, scripts, nagios...)
OpenStack or 3rd Party Component
VMware Component
Slide 6Slide 6
Agenda
‣ Intro – VMware philosophy on OpenStack (2 minutes)
‣ Why Neutron + NSX VMware Plugin (20 minutes)
‣ Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX VMware Plugin" (10 minutes)
‣ Q&A (10 minutes)
Slide 7Slide 7
OpenStack main projects
Imagerepo
(glance)
Object Storage(Swift)
Network(Neutron)
BlockStorage(cinder)
Identity(keystone)
Dashboard(horizon)
Provides UIfor other projects
Provides Authentication and Service Catalog for other
Projects
Compute(nova)
Provides
Images
Stores Images
as Objects
Providesvolumes
Provides network
connectivity
Slide 8Slide 8
Why Neutron + NSX VMware Plugin
‣ OpenStack Networking before Neutron
‣ Why people use OpenStack with Neutron?
‣ Why people use OpenStack with Neutron + NSX VMware Plugin?
Slide 9Slide 9
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported
Only Flat,
Flat DHCP
and VLAN DHCP
Slide 10Slide 10
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported
Only Flat,
Flat DHCP
and VLAN DHCP
No 3-tier Network topology supported
Slide 11Slide 11
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported
Limited Scale and Network Services supported
Scale
L2 (using VLAN), DHCP&DNS (using dnsmask), Security (using IPtables on hypervisors)
IP address management (using SQL DB table)
Limited Network Services
No self-tenant L3, no Load Balancer, no VPN.
Slide 12Slide 12
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported
Limited Network Services supported
No integration with 3rd party Network solutions
No ability to use 3rd parties to overcome the limitations of nova-network
Slide 13Slide 13
OpenStack Networking before Neutron
• Nova offers "networking as a service" in OpenStack (nova-network)
Note: It was the only offer before Quantum (old Neutron project name)
Nova-network is still present today, and can be used instead of Neutron
Points to keep in mind: Limited Network Topologies supported
Limited Network Services supported
No integration with 3rd party Network solutions
Complex/Limited HA and management/monitoring
Slide 14Slide 14
Why Neutron + NSX VMware Plugin
‣ OpenStack Networking before Neutron
‣ Why people use OpenStack with Neutron?
‣ Why people use OpenStack with Neutron + NSX VMware Plugin?
Slide 15Slide 15
Why people use OpenStack with Neutron?
• Neutron improves nova-network in multiple areas
• Larger number of Network Topologies and services supported
• L3: Self-Tenant provisioning
• Security (ingress + egress rules support)
• LBaSS
• VPNaSS (coming)
Slide 16Slide 16
Why people use OpenStack with Neutron?
• Neutron improves nova-network in multiple areas
• Larger number of Network Topologies and services supported
• L3: Self-Tenant provisioning
• Security (ingress + egress rules support)
• LBaSS
• VPNaSS (coming)
• Supports overlay
• Remove the VLAN limitation (using overlay with GRE)
VM VM VM VM VM VM VM VM VM
Hypervisor
Any L2/L3Fabric
Hypervisor1-IP@ Hypervisor2-IP@[GRE VM1-IP@
VM2-IP@]VM VM
VM1-IP@ VM2-IP@
Slide 17Slide 17
Why people use OpenStack with Neutron?
• Neutron improves over nova-network in multiple areas
• Larger number of Network Topologies and services supported
• L3: Self-Tenant provisioning
• Security (ingress + egress rules support)
• LBaSS
• VPNaSS (coming)
• Supports overlay
• Remove the VLAN limitation (using overlay with GRE)
• Open Solution
• Open to 3rd party solution:
• VMware NSX Plugin (Nicira Plugin)
• LinuxBridge Plugin
• OVS Plugin
• Cisco UCS / Nexus 5000 Plugin
• NEC Ryu Plugin
• etc
Slide 18Slide 18
Why Neutron + NSX VMware Plugin
‣ OpenStack Networking before Neutron
‣ Why people use OpenStack with Neutron?
‣ Why people use OpenStack with Neutron + NSX VMware Plugin?
Slide 19Slide 19
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale
• Very high scale (thanks to the distribution "active/active" of the Control elements)
Per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
VM VM VM VM VM VM VM VM VM
Hypervisor
Any L2/L3
Fabric
NSXController
Cluster
Active/
Active
Slide 20Slide 20
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale
• Very high scale (thanks to the distribution "active/active" of the Control elements)
Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
• Very high throughput (thanks to the encapsulation off-loaded on the NIC)
Per hypervisor: 20Gbps (with 2x10Gbps NIC bonding)
VM VM VM VM VM VM VM VM VM
Hypervisor
Any L2/L3Fabric
20Gbpsbi-directional
NSXController
Cluster
Slide 21Slide 21
Hypervisor
Any L2/L3
Fabric
NSXControll
erCluster
Physical Layer
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale
• Very high scale (thanks to the distribution "active/active" of the Control elements)
Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
• Very high throughput (thanks to the distribution "active/active" of the NVP Network Elements)
Per NVP Gateway: 10Gbps++
10Gbps++bi-directionalper NVP-GW
Active/
Active
VM VM VM VM VM VM NSXL2/L3GatewayNSX
L2/L3GatewayNSXL2/L3Gateway
Slide 22Slide 22
Hypervisor Hypervisor
x86 Server
DC Fabric
Neutron Router on Neutron Server
A world without NSX
WebApp DBWeb
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale
• Very high scale (thanks to the distribution "active/active" of the Control elements)
Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
• Very high throughput (thanks to the encapsulation off-loaded on the NIC)
Today per hypervisor: 20Gbps (with 2x10Gbps NIC bonding)
• Optimized traffic (thanks to the distribution of L3 and Security)
Choke Point
Slide 23Slide 23
Hypervisor Hypervisor
x86 Server
DC Fabric
NSX "North/South" Router
A world with NSX
WebApp DBWeb
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale
• Very high scale (thanks to the distribution "active/active" of the Control elements)
Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release)
• Very high throughput (thanks to the encapsulation off-loaded on the NIC)
Today per hypervisor: 20Gbps (with 2x10Gbps NIC bonding)
• Optimized traffic (thanks to the distribution of L3 and Security)
Slide 24Slide 24
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• High-Availability of the Network Services is offered by design "for the management"
VM VM VM VM VM VM VM VM VM
Hypervisor
Any L2/L3Fabric
NSXController
Cluster
Active/Active
Management Layer
Slide 25Slide 25
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• High-Availability of the Network Services is offered by design "for the transport" with stateful failover for L3 and NAT
Hypervisor
Any L2/L3
Fabric
NSXControll
erCluster
Physical LayerActiv
e/Activ
e
802.1q
VM VM VM VM VM VM VM VM VM NSXL2/L3GatewayNSX
L2/L3GatewayNSXL2/L3Gateway
Slide 26Slide 26
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• High-Availability of the Network Services is offered by design on both management + transport
• Management and Monitoring tools (statistics, port monitoring, port mirroring, connection tool, seamless upgrade, etc)
Slide 27Slide 27
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
• L3 with static routing
VM VM VM VM VM VM
LogicalNetworks
10.20.2.0/24
192.168.10.0/24
.2 .1
.11 .12
Default GW: 10.20.2.1
172.16.1.0/24
Default GW: 10.20.2.1
192.168.1.0/24 next-hop 10.20.2.2
172.16.1.0/24 action blackhole
Default GW: 10.20.2.1
192.168.1.0/24 next-hop 10.20.2.2
LS-1A LS-1B LS-2A
Slide 28Slide 28
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
• L3 with static routing
• L2 "logical-physical"
Hypervisor
Any L2/L3
Fabric
NSXControll
erCluster
Physical Layer
802.1q
VM VM VM VM VM VM VM VM VM NSXL2/L3GatewayNSX
L2/L3GatewayNSXL2/L3Gateway
Slide 29Slide 29
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
• L3 with static routing
• L2 "logical-physical"
• ACL
VM VM VM VM VM VM
LogicalNetworks
.1
.11 .12
VLAN 10 LS-1B LS-2ALS-1A
10.20.2.0/24 ACL applied here
Security Groups
applied here
Slide 30Slide 30
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
• L3 with static routing
• L2 "logical-physical"
• ACL
• QoS
VM VM VM VM VM VM VM VM VM
Hypervisor
Any L2/L3Fabric
DSCP marking for QoS
on the physical fabric
VM VMGOLD traffic
Tenant A
Logical Switch A
Tenant B
Logical Switch B
TAVM1
TAVM2
TBVM1
TBVM2
Slide 31Slide 31
Why people use OpenStack withNeutron + NSX VMware Plugin?• NSX VMware Plugin improves Neutron in multiple areas
• Scale (scale/throughput/optimization)
• HA and management/monitoring
• Advanced popular network services
• L3 with static routing
• L2 "logical-physical"
• ACL
• QoS
• Optimization of Broadcast/Multicast traffic
VM VM VM VM VM VM VM VM VM
Hypervisor
Any L2/L3
Fabric
Slide 32Slide 32
Agenda
‣ Intro – VMware philosophy on OpenStack (2 minutes)
‣ Why Neutron + NSX VMware Plugin (20 minutes)
‣ Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX VMware Plugin" (10 minutes)
‣ Q&A (10 minutes)
Slide 33Slide 33
Demo1
• Demonstrate:• 2 Tiers-Architecture with "logical/physical" communication L3 and L2 • Mix of KVM and ESXi hypervisors
Slide 34Slide 34
Demo2
• Demonstrate:• VMotion• Port-Mirroring• Failure of NVP-L3-GW
Slide 35Slide 35
Demo3
• Demonstrate:• How to build a 2-tier architecture
Slide 36Slide 36
Agenda
‣ Intro – VMware philosophy on OpenStack (2 minutes)
‣ Why Neutron + NSX VMware Plugin (20 minutes)
‣ Demo of OpenStack + "vCenter/KVM" + "Neutron/NSX VMware Plugin" (10 minutes)
‣ Q&A (10 minutes)
Slide 37Slide 37
Recap: Why OpenStack on VMware NSX
• VMware believes in enabling customer choice.
• Nicira/VMware was among the founders of Neutron project.
• VMware NSX with OpenStack is used by leading Enterprises & Service Providers.
• VMware NSX with OpenStack is supported by many OpenStack ecosystem companies.NSX
Slide 38Slide 38
Select OpenStack & VMware NSX customers
Public Clouds Enterprise Private Clouds