Managing Demand Spikesin a highly flexible and agile deployment
Yuki Sato
S2 (Akita, Japan)
Jan Hilberath
Midokura (Tokyo, Japan)
Agenda
● Company Introduction
● Why SUSE® OpenStack with MidoNet?
● MidoNet Introduction
● S2 Use Cases
● Further Resources
● Q and A
Company Introduction
Company Introduction: S2
● Hosting Provider
○ Data Centers
○ Cloud Services
○ Full Managed Services
Company Introduction: Midokura
● Software Engineering and Services
○ Software Defined Networking (SDN)
○ OpenStack Integration
○ Support & Training
Why SUSE OpenStack with MidoNet
Why SUSE OpenStack Cloud with MidoNet?
● Ease of Use
● Reduced complexity
● Scalability
● Fault tolerance
● Open-source Technology
● 24/7 Commercial Support
MidoNet Introduction
MidoNet: Basic Feature Overview
● Virtual L2 Distributed Switching
● Virtual L2 Isolation
● Virtual L3 Distributed Routing
● Virtual L3 Isolation
● L4 Services (Load Balancing, Firewall, VPN, ...)
● RESTful API
● OpenStack Integration
MidoNet vs. Midokura Enterprise MidoNet (MEM)
● 24/7 Commercial Support
● Manager (Browser-based GUI)
● Insights (Visualization, Troubleshooting, Reporting)
● Fabric (Integration between virtual and physical layers)
● VMware vSphere Integration
S2 Use Cases
S2 Use Cases
● Avoid Single Point of Failure
● Linear scale North/South traffic
● Dedicate separate uplinks per Tenant
● Multi-site connection
● Dynamic Routing via Internal BGP (iBGP)
● Secure access via VPNaaS (IPSec)
● L2 VTEP
● Fabric troubleshooting
Use Case: Avoid Single Point of Failure
● No bottleneck Network Node
○ Distributed Architecture
○ Not using router and DHCP namespaces
● Intelligence at the Edge
○ Metadata, DHCP
○ Security Groups
○ FWaaS
○ LBaaS
Physical NW vs OVS vs MidoNet
Physical NW Gears
Router
Neutron
OVS plugin
Network Node
OVS agent
L3 agent
DHCP
agentMidoNet
Switch
Server Server
Switch
Server ServerOVS agent OVS agent MN agent MN agent
Switch
Server Server
VM03 VM02VM01VM03VM03 VM02VM01 VM02VM01
No extra hop required in MidoNet
Handling packets in virtual network
Physical NW Gears
Router
Neutron
OVS plugin
Network Node
OVS agent
L3 agent
DHCP
agentMidoNet
Switch
Server Server
Switch
Server ServerOVS agent OVS agent MN agent MN agent
Switch
Server Server
VM03 VM02VM01VM03VM03 VM02VM01 VM02VM01
There is no Single Point of Failure (SPoF) in MidoNet
Physical NW Gears
Router
Neutron
OVS plugin
Network Node
OVS agent
L3 agent
DHCP
agentMidoNet
Switch
Server Server
Switch
Server ServerOVS agent OVS agent MN agent MN agent
Switch
Server Server
VM03 VM02VM01VM03VM03 VM02VM01 VM02VM01
Handling packets in virtual network
Use Case: Intelligence at the Edge
● Decisions made at the “edge”
● Not transferring packets to the target if not necessary
● Hardware failure has only partial impact
Comparing MidoNet and OVSCompute
OVS agent
Compute
OVS agent
Compute Compute
OVS agent
Controller
node
OVS agent
Neutron Server
OVS
Network Node
OVS agent
L3 agent
DHCP agent
Compute
MN Agent
Compute
MN Agent
Compute Compute
MN AgentMN Agent
Neutron Server
L3/L2
OVS
L3/L2
MidoNet
L2L3
Internet
Controller
node
Gateway
MN Agent
Gateway
MN Agent
L3
L3
Internet
NSDBNSDB
NSDB
Comparing MidoNet and OVSCompute
OVS agent
Compute
OVS agent
Compute Compute
OVS agent
Controller
node
OVS agent
Neutron Server
OVS
Network Node
OVS agent
L3 agent
DHCP agent
Compute
MN Agent
Compute
MN Agent
Compute Compute
MN AgentMN Agent
Neutron Server
L3/L2
OVS
L3/L2
MidoNet
L2L3
Internet
Controller
node
Gateway
MN Agent
Gateway
MN Agent
L3
L3
Internet
NSDBNSDB
NSDB
L3/L2/DHCP/LB/Firewall
L2
Comparing MidoNet and OVSCompute
OVS agent
Compute
OVS agent
Compute Compute
OVS agent
Controller
node
OVS agent
Neutron Server
OVS
Network Node
OVS agent
L3 agent
DHCP agent
Compute
MN Agent
Compute
MN Agent
Compute Compute
MN AgentMN Agent
Neutron Server
L3/L2
OVS
L3/L2
MidoNet
L2L3
Internet
Controller
node
Gateway
MN Agent
Gateway
MN Agent
L3
L3
Internet
NSDBNSDB
NSDB
L3/L2/DHCP/LB/Firewall
L3/L2/DHCP/LB/Firewall
L2
Use Case: Linear scale North/South traffic
● Easily increase uplink capacity
● No downtime, dynamic switch-over via BGP
MidoNet GW with BGP (Private AS)
Server01 Server02
MN agentMN agent
Edge
Router
Ext Router 1 Ext Router 2
Physical Virtual
L3/L2SW
Compute01 Compute02 Compute03
Ext Router 2Ext Router 1
MN agent MN agent MN agent
AS65535
AS64512
202.143.95.80/30 202.143.95.116/30
Tenant
Network
Tenant
Router
202.143.95.116/30
Uplink Network
202.143.95.80/30
Uplink Network
AS64512
AS65535
default route
118.67.101.160/27
default route
118.67.101.160/27
External
Network
Use Case: Dedicated Uplinks per Tenant
● some customers require their dedicated uplinks
● security reasons
● billing reasons
● non-Internet connectivity
Use Case: Multi-site Connectivity
● Connect multiple sites
○ Separate OpenStack / MidoNet deployments
○ Spanning multiple locations (data centers)
● Proven Technology
○ VXLAN tunneling
○ Virtual routers act as VTEP
VM VMVM VMVM VM VM VM
10.0.0.0/24 10.0.0.0/24 10.0.1.0/24 10.0.1.0/24
Public Network
Internet
Private
WAN
Peering links carry
private address traffic
Site A Site B
Public Network
Site A
192.168.0.0/24
192.168.0.1
200.200.0.1
10.0.0.0/24
SiteATenantRouter
SiteATenantNetwork
SiteAVtepRouter
registered as
SiteAGatewayDevice
SiteAMultiSiteNetwork
SiteAL2Gateway
L2GatewayConnection
segmentation_id=100
MAC-VTEP table:
6F:E4:5A:FA:8E:09 => 200.200.0.2
192.168.0.0/24
192.168.0.2
200.200.0.2
10.0.1.0/24
SiteBTenantRouter
SiteBTenantNetwork
SiteBVtepRouter
registered as
SiteBGatewayDevice
SiteBMultiSiteNetwork
SiteBL2Gateway
L2GatewayConnection
segmentation_id=100
MAC-VTEP table:
16:B7:B5:A4:57:75 => 200.200.0.1
MAC: 16:B7:B5:A4:57:75 MAC: 6F:E4:5A:FA:8E:09
Site BInter-site connectivity
not explained here.
Extra Routes:
10.0.1.0/24 via 192.168.0.2
Extra Routes:
10.0.0.0/24 via 192.168.0.1
Use Case: Internal BGP (iBGP)
● virtual routers exchange their routes dynamically
● no manual route management necessary
● easy to “auto-connect” virtual networks
Use Case: IPSec VPN-as-a-Service (VPNaaS)
● IPSec secured overlay connectivity
● between multiple private networks
● between different sites (data centers)
● between the cloud and the outside world
Use Case: Hardware L2 VTEP
● not every host in the data center is virtualized
● connect virtual and physical networks
● map physical ports to logical networks
● enable physical switches to communicate with virtual machines
● seamlessly integrate with hardware gateways
(e.g. Dell, HP, Lenovo, Penguin, QCT / running Cumulus
Linux)
MidoNet VTEP Gateway Physical Devices
OVSDB
ServerVTEPd
VXLAN
config
swp1
MidoNet VTEP Gateway
Switch
DriverSwitchd
Bridge
Table
br-vxln1000110.100.0.0/24
Physical Devices
L2VXLAN
OVSDB
Server
MidoNet
OVSDB Client
VTEPdVXLAN
config
swp1
VM VM VM VM
10.100.0.0/24
MidoNet VTEP Gateway
Switch
DriverSwitchd
Bridge
Table
tunnel port
br-vxln1000110.100.0.0/24
Physical Devices
L2VXLAN
OVSDB
Server
MidoNet
OVSDB Client
VTEPdVXLAN
config
swp1
VM VM VM VM
10.100.0.0/24
MidoNet VTEP Gateway
Switch
DriverSwitchd
Bridge
Table
tunnel port
br-vxln1000110.100.0.0/24
Physical Devices
Virtual Network
Use Case: Fabric Troubleshooting
● Integration between virtual and physical layers
● Visualization of physical topology in real-time
● Neighboring information about physical hosts and switches
● Ability of cross-referencing virtual networks and the physical
hosts and switches it runs on top of
Further Information
Developer Community
● GitHub: https://github.com/midonet/
● Wiki: https://wiki.midonet.org/
● Slack: https://slack.midonet.org/
● Mailing Lists: https://lists.midonet.org/
● IRC: #midonet on freenode
End-User Resources
● MidoNet Homepage: https://www.midonet.org/
● MidoNet Documentation: https://docs.midonet.org/
● Midokura Homepage: http://www.midokura.com/
Questions?
Thank You