Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Defined Networking in Apache CloudStack Chiradeep Vittal CloudStack

Similar presentations


Presentation on theme: "Software Defined Networking in Apache CloudStack Chiradeep Vittal CloudStack"— Presentation transcript:

1 Software Defined Networking in Apache CloudStack Chiradeep Vittal CloudStack Committer @chiradeep

2 Agenda Introduction to CloudStack and IAAS What is SDN Why SDN and IAAS? CloudStacks Network Model Extensible Networking in CloudStack SDN integrations in CloudStack CloudStacks native SDN approach Future

3 History Incubating in the Apache Software Foundation since April 2012 Open Source since May 2010 In production since 2009 Tons of deployments, including large-scale commercial ones Apache CloudStack Build your cloud the way the worlds most successful clouds are built

4 How did Amazon build its cloud? Commodity Servers Commodity Storage NetworkingNetworking Open Source Xen Hypervisor Amazon Orchestration Software AWS API (EC2, S3, …) Amazon eCommerce Platform

5 How can YOU build a cloud? ServersServers StorageStorageNetworkingNetworking Open Source Xen Hypervisor Amazon Orchestration Software AWS API (EC2, S3, …) Amazon eCommerce Platform Hypervisor (Xen/KVM/VMW/) CloudStack Orchestration Software Optional Portal CloudStack or AWS API

6 SDN Definition Separation of Control Plane from the hardware performing the forwarding function Control plane is logically centralized

7 SDN Advantages Centralized control makes it easier to configure, troubleshoot and maintain Eliminates box mode of configuration Enables control at a high level

8 Related to SDN API layer over a collection of boxes –API layer communicates with boxes using box-level APIs / ssh / telnet OpenFlow –Standard protocol for the centralized control plane to talk to the forwarding elements. Tunnels / overlays –SDN is valuable for virtual topologies –Initial target of SDN implementation

9 Centralized control plane MySQL/NoSQL Controller Cluster API Boxes Openflow/ssh/netconf/other

10 Defining Cloud Computing (IAAS) Agility –Re-provision complex infrastructure topologies in minutes, not days API –Automate complex infrastructure tasks Virtualization –Enables workload mobility and load sharing Multi-tenancy –Share resources and costs

11 Defining Cloud Computing (IAAS) Scalability –Ability to consume resources limited by budget, not by infrastructure Elasticity –Scale up and down on demand –Reduce need to engineer for peak load Self-service –No IT assistance

12 Cloud Networking Requirements Agile –Complex networking topologies created by non- network engineers API –Language to talk with the network infrastructure layer (not CLI) Virtualization –Hypervisor-level switches work together with physical infrastructure

13 Cloud Networking Requirements Scalability –Usually means L3 in the physical infrastructure Elasticity –Release resources when not in use –Introduce new resources on demand Self-service –Novices deploying, maintaining, troubleshooting virtual networks

14 IAAS + SDN – made for each other SDN enables agility – API to controller enables easy changes to networks SDN works with virtualization / vSwitches – Typical of most SDN controllers SDN controllers are designed for large scale SDN enables virtual networking – The illusion of isolated networks on top of shared physical infrastructure

15 SDN issues Discovery of virtual address -> physical address mapping –VxLAN = multicast –GRE = programmed by control plane –L3 isolation = no mapping, no discovery

16 SDN issues State maintenance –Large number of endpoints + flows –High arrival rate of new flows –Needs fast and scalable storage and processing –Differentiator between vendors

17 SDN issues L4-L7 –Service insertion and orchestration –How do endpoints get services such as Firewall Load balancers IDS/IPS –Service levels and performance –Service Chaining

18 Network Virtualization in IAAS Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 Tenant 1 VM 4 Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 Internet

19 Network Virtualization in IAAS Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 Tenant 1 VM 4 Public Network Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 NAT DHCP FW Public IP address 65.37.141.11 65.37.141.36 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 Tenant 1 Edge Services Appliance(s) Internet

20 Network Virtualization in IAAS Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 Tenant 1 VM 4 Public Network Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 NAT DHCP FW Public IP address 65.37.141.11 65.37.141.36 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 Tenant 1 Edge Services Appliance(s) Internet Tenant 1 Edge Services Appliance(s) Load Balancing VPN

21 Network Virtualization in IAAS Internet Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 Tenant 1 VM 4 Public Network Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 NAT DHCP FW Public IP address 65.37.141.11 65.37.141.36 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 Tenant 1 Edge Services Appliance(s) Tenant 2 VM 2 Tenant 2 VM 3 Tenant 2 VM 1 Tenant 2 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 VPN NAT DHCP 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 2 Edge Services Appliance Public IP address 65.37.141.24 65.37.141.80 Tenant 1 Edge Services Appliance(s) Load Balancing

22 Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 Tenant 1 VM 4 Public Network Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 NAT DHCP FW Public IP address 65.37.141.11 65.37.141.36 10.1.1.2 10.1.1.3 10.1.1.4 10.1.1.5 Tenant 1 Edge Services Appliance(s) Tenant 2 VM 2 Tenant 2 VM 3 Tenant 2 VM 1 Tenant 2 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 VPN NAT DHC P 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 2 Edge Services Appliance Public IP address 65.37.141.24 65.37.141.80 Tenant 1 Edge Services Appliance(s) Load Balancing CloudStack Network Model Map virtual networks to physical infrastructure Define and provision network services in virtual networks Manage elasticity and scale of network services

23 CloudStack Network Model: Network Services Network Services L2 connectivity IPAM DNS Routing ACL Firewall NAT VPN LB IDS IPS

24 CloudStack Network Model: Network Services Network Services L2 connectivity IPAM DNS Routing ACL Firewall NAT VPN LB IDS IPS Service Providers Virtual appliances Hardware firewalls LB appliances SDN controllers IDS /IPS appliances VRF Hypervisor

25 CloudStack Network Model: Network Services Network Services L2 connectivity IPAM DNS Routing ACL Firewall NAT VPN LB IDS IPS Network Isolation No isolation VLAN isolation Overlays L3 isolation Service Providers Virtual appliances Hardware firewalls LB appliances SDN controllers IDS /IPS appliances VRF Hypervisor

26 Service Catalog Cloud users are not exposed to the nature of the service provider Cloud operator designs a service catalog and offers them to end users. –Gold = {LB + FW, using virtual appliances} –Platinum = {LB + FW + VPN, using hardware appliances} –Silver = {FW using virtual appliances, 10Mbps}

27 Service Catalog examples 10.1.1.0/24 VLAN 100 10.1.1.1 DHCP, DNS NAT Load Balancing VPN 10.1.1. 2 VM 1 10.1.1. 3 VM 2 10.1.1.4 VM 3 10.1.1.5 VM 4 CS Virtual Router CS Virtual Router L2 network with software appliances 65.37.141.1 11 65.37.141.1 12 10.1.1.0/24 VLAN 100 DHCP, DNS CS Virtual Router CS Virtual Router 10.1.1.112 65.37.141.11 2 10.1.1.2 VM 1 10.1.1.3 VM 2 10.1.1.4 VM 3 10.1.1. 5 VM 4 Netscaler Load Balancer Netscaler Load Balancer 10.1.1.1 65.37.141.11 1 Juniper SRX Firewall Juniper SRX Firewall L2 network with hardware appliances NAT, VPN Upgrade

28 Multi-tier virtual networking Virtual appliance/ Hardware Devices Virtual appliance/ Hardware Devices Customer Premises Customer Premises IPSec or SSL site-to-site VPN Internet Network Services IPAM DNS LB [intra] S-2-S VPN Static Routes ACLs NAT, PF FW [ingress & egress] Loadbalancer (virtual or HW) MPLS VLAN Web VM 1 Web VM 2 Web VM 3 Web VM 4 Web subnet 10.1.1.0/24 VLAN 101 App subnet 10.1.2.0/24 App VM 1 App VM 2 VLAN 353 DB Subnet 10.1.3.0/24 DB VM 1 VLAN 2724

29 Orchestration Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware and services – Wikipedia

30 CloudStack Architecture Orchestration Core PluginFramework Hypervisor Plugins Network Plugins Allocator Plugins Storage Plugins

31 CloudStack Architecture Orchestration Core PluginFramework Hypervisor Plugins Network Plugins Allocator Plugins XenServer VMWare KVM OracleVM Random User- concentrated Intel TXT Affinity Nicira Netscaler Brocade MidoNet

32 CloudStack Orchestration Orchestration Core Plugin Framew ork Hypervis or Plugins Network Plugins Allocator Plugins Storage Plugins API Storage Resource Storage Resource Physical Resources Storage Resource Storage Resource Network Resource Network Resource Network Resource Network Resource Hypervisor Resource Hypervisor Resource Hypervisor Resource Hypervisor Resource Allocator Plugins AllocatorPlugins 1 2 3 4 5 6 7 8 9 Orchestration steps can be executed in parallel or in sequence

33 CloudStack and SDN Orchestration core Plugin Framew ork Hypervis or Plugins Network Plugins Allocator Plugins Storage Plugins API Storage Resource Storage Resource Physical Resources Storage Resource Storage Resource Network Resource Network Resource SDN controller Hypervisor Resource Hypervisor Resource Hypervisor Resource Hypervisor Resource Allocator Plugins AllocatorPlugins 1 2 3 4 5 6 7 8 9 Network plugin is the glue that understands the SDN controllers API

34 CloudStack SDN Integration Nicira NVP – L2 (STT) isolation in 4.0 – Source NAT / Logical Router in 4.2 BigSwitch – VLAN isolation in 4.1 – VNS in 4.2 Midokura – L2-L4 network virtualization – Coming in 4.2 CloudStack Native – Tech preview (since 4.0) – Requires XenServer

35 Orchestration core Plugin Framew ork Hypervisor Plugins Network Plugins Allocator Plugins Storage Plugins AP I Storage Resource Storage Resource Storage Resource Storage Resource Network Resource Network Resource SDN controller Hypervisor Resource Hypervisor Resource Hypervisor Resource Hypervisor Resource Allocator Plugins AllocatorPlugins VM 1 VM 3 VM 3 VR Host 1 Host 3 Host 4 VM 2 VM 2 Host 2 Start 3 VMs Allocate hypervisors VM Orchestration Example Call Hypervisor APIs

36 Built-in (native) controller Host 1 (Pod 2) Host 2 (Pod 4) Host 3 (Pod 3) Host 4 (Pod 2) Create Full Mesh of GRE tunnels (if they don't already exist) between hosts on which VMs are deployed CloudStack SDN controller programs the Open vSwitch (OVS) on XenServer to configure GRE tunnels GRE Tunnel VM 1 VM 2 VM 2 VM 3 VM 3 VR OVS CloudStack SDN Controller SDN Controller

37 Built-in controller Host 1 Host 2 Host 3 Host 4 Assign 'Tenant' key for isolation New tenants can share the established GRE tunnels with separate tenant keys GRE Tunnel VM 1 VM 2 VM 2 VM 3 VM 3 VR VM 1 VM 2 VM 3 VM 3 VR Tenant1 Tenant2

38 What makes it different Purpose built for IAAS – Not general purpose SDN solution Proactive model – Deny all flows except the ones programmed by the end-user API – Scaling problem is manageable Part of CloudStack – ASF project Uses Virtual Router to provide L3-L7 network services – Could change

39 Futures AWS VPC semantics – Support security groups, ACL Optimize ARP & DHCP responses Cross-zone networks – Optimize inter-subnet routing


Download ppt "Software Defined Networking in Apache CloudStack Chiradeep Vittal CloudStack"

Similar presentations


Ads by Google