Upload
techcet
View
352
Download
6
Tags:
Embed Size (px)
DESCRIPTION
Midokura presents at CloudKC Meetup August 27th, 2014 Hosted by Cavern Technologies and Midokura
Citation preview
Evolu&on of Network Virtualiza&on Cloud KC MeetUp August 2014
Agenda
▪ Network Virtualiza&on Requirements
▪ OpenFlow vs. Overlay
▪ Brief Overview of OpenStack and Neutron Networking (OVS)
▪ Use Cases for Network Virtualiza&on & Midokura Solu&on
1
2
Network Virtualization Requirements#
What is Network Virtualization (NV)?
3
Taking logical (virtual) networks and services, and decoupling them from the underlying network hardware. Well suited for highly virtualized environments.
Any Application
Virtual Networks
MidoNet Virtualiza&on PlaOorm
Logical L2
Existing Network Hardware
Any Cloud Management Platform
Distributed Firewall service
Distributed Load Balancer ser
Logical L3
Distributed VPN Service
KVM, ESXi, Xen LXC
Requirements for NV
4
Requirements
4
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements for NV
5
Requirements
5
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Isolated tenant networks
(virtual data center)
Requirements for NV
6
Requirements
6
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
L3 Isolation (similar to VPC and VRF)
Requirements for NV
7
Requirements
7
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Fault-tolerant devices and links
Redundant, optimized, and fault tolerant paths to to/from external networks (e.g. via eBGP)
Requirements for NV
8 8
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Fault-tolerant devices and links
Fault tolerant devices and links
Requirements for NV
9
Device-agnostic networking services: • Load Balancing • Firewalls • Stateful NAT • VPN
Networks and services must be fault tolerant and scalable
Requirements for NV
10
Single pane of glass to manage it all.
Bonus Requirements for NV
11
Integration with cloud or virtualization management systems. Optimize network by exploiting management configuration. Single virtual hop for networking services Fully distributed control plane (ARP, DHCP, ICMP)
Checklist for Network Virtualization
12
q Multi-tenancy q Scalable, fault-tolerant devices
(or device-agnostic network services).
q L2 isolation q L3 routing isolation
• VPC • Like VRF (virtual routing
and fwd-ing) q Scalable gateways q Scalable control plane
• ARP, DHCP, ICMP q Floating/Elastic Ips
q Stateful NAT • Port masquerading • DNAT
q ACLs q Stateful (L4) Firewalls
• Security Groups q Load Balancing with health checks q Single Pane of Glass (API, CLI, GUI) q Integration with management platforms
• OpenStack, CloudStack • vSphere, RHEV, System Center
q Decoupled from Physical Network
Evolution of Network Virtualization
13
INNOVATION IN NETWORKING AGILITY
VLAN configured on physical switches
• Static • Manual • Complex • Tenant state
maintained in physical network
Manual End-to-End
VLAN APPROACH
13
Using VLANs for NV
14
q Multi-tenancy q Scalable, fault-tolerant devices
(or device-agnostic network services).
ü L2 isolation q L3 routing isolation
• VPC • Like VRF (virtual routing
and fwd-ing) q Scalable gateways q Scalable control plane
• ARP, DHCP, ICMP q Floating/Elastic IPs
q Stateful NAT • Port masquerading • DNAT
q ACLs q Stateful (L4) Firewalls
• Security Groups q Load Balancing with health checks q Single Pane of Glass (API, CLI, GUI) q Integration with management platforms
• OpenStack, CloudStack • vSphere, RHEV, System Center
q Decoupled from Physical Network
Evolution of Network Virtualization
15
INNOVATION IN NETWORKING AGILITY
Reactive End-to-End
Requires programming of flows
• Limited scalability • Hard to manage • Impact to
performance • Still requires tenant
state in physical network
OPENFLOW REACTIVE APPOACH
VLAN configured on physical switches
• Static • Manual • Complex • Tenant state
maintained in physical network
Manual End-to-End
VLAN APPROACH
15
What is OpenFlow?
16
A communication protocol that gives access to the forwarding plane of a network switch over the network.
What is OpenFlow?
17
A centralized remote controller decides the path of packets through the switches
Using OpenFlow for NV
18
ü Multi-tenancy q Scalable, fault-tolerant devices
(or device-agnostic network services).
ü L2 isolation △ L3 routing isolation
• VPC • Like VRF (virtual routing
and fwd-ing) q Scalable gateways q Scalable control plane
• ARP, DHCP, ICMP q Floating/Elastic IPs
q Stateful NAT • Port masquerading • DNAT
q ACLs q Stateful (L4) Firewalls
• Security Groups q Load Balancing with health checks △ Single Pane of Glass (API, CLI, GUI) △ Integration with management platforms
• OpenStack, CloudStack • vSphere, RHEV, System Center
q Decoupled from Physical Network
Evolution of Network Virtualization
19
Virtual Network Overlays
Decoupling hardware and software • Cloud-ready agility • Unlimited scalability • Open, standards-based • No impact to physical
network
PROACTIVE SOFTWARE OVERLAY
INNOVATION IN NETWORKING AGILITY
Reactive End-to-End
Requires programming of flows
• Limited scalability • Hard to manage • Impact to
performance • Still requires tenant
state in physical network
OPENFLOW REACTIVE APPOACH
VLAN configured on physical switches
• Static • Manual • Complex • Tenant state
maintained in physical network
Manual End-to-End
VLAN APPROACH
19
20
How do overlays achieve real network
virtualization?
21
Encapsulation and Tunneling Provides isolation
22
Stateless core. Stateful edge.
23
Network processing at the edge
Decoupled from the physical network
24
Virtual network changes don’t affect the physical network
25
Single virtual hop network services avoid “traffic trombones”
26
Centralized state and control for maximum agility
27
Scalable, fault tolerant gateways to external networks
Using Overlays for NV
28
ü Multi-tenancy ü Scalable, fault-tolerant devices
(or device-agnostic network services).
ü L2 isolation ü L3 routing isolation
• VPC • Like VRF (virtual routing
and fwd-ing) ü Scalable Gateways ü Scalable control plane
• ARP, DHCP, ICMP ü Floating/Elastic IPs
ü Stateful NAT • Port masquerading • DNAT
ü ACLs ü Stateful (L4) Firewalls
• Security Groups ü Load Balancing with health checks ü Single Pane of Glass (API, CLI, GUI) ü Integration with management platforms
• OpenStack, CloudStack • vSphere, RHEV, System Center
ü Decoupled from Physical Network
29
Sounds great, but when will it be a reality?
Network Virtualization Overlays Today
30
OpenStack
31
What is OpenStack?
32
33
Before Neutron: Nova Networking
#Nova-Networking was the only option in OpenStack prior to Quantum/Neutron. Still available today as an alternative to Neutron, but will likely be phased out. #Options Available within nova-networking initially: • Only Flat • Flat DHCP #Limitations • No flexibility with topologies (no 3-tier) • Tenants can’t create/manage L3 Routers • Scaling limitations (L2 domain)#• No 3rd party vendors supported • Complex HA model#
34
Nova-‐network slightly evolves
Introduced VLAN DHCP mode Improvements: • L2 Isolation – each project gets a
VLAN assigned to it #Limitations • Need to pre-configure VLANs on
physical network. • Scaling Limitations - VLANs • No L3
• No 3-tier topologies • No 3rd party vendors
Introducing Neutron
35
OpenStack Networking as a first class Service #• Pluggable Architecture • Standard API • Many choices#
#Plugins Available! • MidoNet!• OVS Plugin • Linux Bridges • Flat DHCP • VLAN DHCP#• ML2 #
# • NSX • Plumgrid#• Nuage#• Contrail • Ryu#
#• Supports Overlay Technology • More Services (LBaaS, VPNaaS) • Flexible network topologies#
##
36
OVS Plugin Overview#
37
OVS Agent - receives tunnel/flow setup info from OVS Plugin, and programs Open vSwitch to setup tunnels and send traffic through the tunnel##DHCP Agent - Sets up dnsmasq in a namespace per network/subnet and enters mac/ip into dhcp lease file #L3 Agent – OVS Plugin orchestrates to set up IPTables, Routing, NAT tables#
OVS Open Source Plugin
38
Neutron Network Node is a SPOF#Need to use corosync, etc for active/standby failover. #Challenging at Scale Since there’s a single network node, this becomes a bottleneck fairly quickly. !Inefficient Networking IPTables, L3 Agent, multiple hops for single flow are causing unnecessary traffic and added latency on your physical network !
Challenges with OVS Plugin
39
MidoNet Overview#
40
MidoNet Network Virtualiza&on PlaOorm
Logical L2 Switching -‐ L2 isola&on and path op&miza&on with distributed virtual switching Interconnect with VLAN enabled network via L2 Gateway
Logical L3 Rou&ng – L3 isola&on and rou&ng between virtual networks No need to exit the so]ware container -‐ no hardware required
Distributed Firewall – Provides ACLs, high performance kernel integrated firewall via a flexible rule chain system
Logical Layer 4 Load Balancer – Provides applica&on load balancing in so]ware form -‐ no need for hardware based firewalls
VxLAN/GRE – Provides VxLAN and GRE tunneling Provides L2 connec&vity across L3 transport. This is useful when L2 fabric doesn’t reach all the way from the racks hos&ng the VMs to the physical L2 segment of interest.
MidoNet/Neutron API– Alignment with OpenStack Neutron’s API for integra&on into compa&ble cloud management so]ware
v
Any Application
MidoNet Network Virtualiza&on PlaOorm
Any Network Hardware
OpenStack/Cloud Management System
Distributed Firewall
Layer 4 Load Balancer VxLAN/GRE
Any Hypervisor
Logical L2 Logical L3 NAT
MidoNet/
Neutron API
NAT – Provides Dynamic NAT, Port masquerading
OpenStack Integra&on
5
Easy integra&on with OpenStack: MidoNet provides a plugin for Neutron.
MidoNet Plugin
Architecture Overview
Do it Bigger Do it Faster
Va
lue
Agility
Provide rapid provisioning of isolated
network infrastructure for labs and devops.
Logical Network Provisioning
Automated Provisioning
Isolated Sandboxes
Control
Network admins can better secure, control &
view network traffic.
Single Pane of Glass OpsTools
Enhanced Security
Enable Compliance
Do it Better
IaaS Cloud
Build multi-tenant
clouds with visibility into usage.
Tenant Control
Metering
Automated Self Service
Performance
Improve network performance using edge
overlay & complementary technologies.
Single Hop Virtual Networking
VXLAN Hardware Gateway
Massive performance with 40Gb Support
Scale
Add virtual network infra & services simply & resiliently without
hardware & bottlenecks.
Distributed Logical
Networking FW, LB, L2/3, NAT
Limitless “VLANs”
Scale out L3 Gateway
Bridge legacy VLANs
IPv6
Solution for OpenStack Networking
Use MN to overcome
limitations of Neutron for OpenStack users.
Replaces OVS Plugin
Use Cases
44
So what’s next for Network Virtualization?
45
Get more out of the physical network.
46
Network Virtualization decouples the logical
network from the physical network.
NVOs can’t ignore the physical network
47
Dynamic changes to logical network are not dependent on the physical network configuration. Sharing state to and from the physical network can be supplementary. - Monitoring - Traffic Engineering
48
Get more intelligence out of your network
NVOs provide a wealth of information
49
NVOs centralize information on your network We can start taking advantage of this information - Security - Compliance - Optimizing Networks
50
Bridge physical and virtual networks more efficiently
Midokura VTEP Solution
51
MidoNet MidoNet
Virtu
al
Any Cloud Management PlaHorm
MidoNet Network State Database
VM VM VM VM VM VM
IP Fabric
Server Storage Services P
hysi
cal
VM VM
VTEP
OVSDBc
VxLAN Tunnel
Physical Connection
OVSDB
TCP/IP
Key
OVSDBs
52
Break through performance barriers of software networking
40Gb VxLAN Offloading: virtualized environments require high throughput infrastructure
• Integra&on with Mellanox provides 40 Gbps satura&on
• VxLAN offloading improves CPU u&liza&on levels • Scale with performance through HW interconnect • Increase throughput with offloading where no
offloading would otherwise have flat results • High bandwidth can now be achieved in so]ware
Performance
54
Q&A
55
MidoNet Advantages #
Check out our blog: hjp://blog.midokura.com/ Follow us on Twijer: @midokura
Thank You
Cynthia Thomas @_techcet_
56