Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Virtualization in Multi-tenant Datacenters Author: VMware, UC Berkeley and ICSI Publisher: 11th USENIX Symposium on Networked Systems Design and.

Published byJunior Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Virtualization in Multi-tenant Datacenters Author: VMware, UC Berkeley and ICSI Publisher: 11th USENIX Symposium on Networked Systems Design and."— Presentation transcript:

1 Network Virtualization in Multi-tenant Datacenters Author: VMware, UC Berkeley and ICSI Publisher: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14) Presenter: Yi-Tsung Huang Date: 2015/09/30 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

2 Introduction multi-tenant datacenter (MTD) the networking layer would support similar properties as the compute layer, in which arbitrary network topologies and addressing architectures could be overlayed onto the same physical network. Network virtualization allows for the creation of virtual networks, each with independent service models, topologies, and addressing architectures, over the same physical network. National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

3 Introduction In this paper we present NVP, a network virtualization platform that has been deployed in dozens of production environments over the last few years and has hosted tens of thousands of virtual networks and virtual machines. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

4 System Design-Abstraction The network hypervisor is a software layer interposed between the provider’s physical forwarding infrastructure and the tenant control planes. National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

5 System Design-Abstraction Control abstraction must allow tenants to define a set of logical network elements(logical datapaths) that they can configure as they would physical network elements. National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

6 System Design-Abstraction Packet abstraction must enable packets sent by endpoints in the MTD to be given the same switching, routing and filtering service they would have in the tenant’s home network. National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

7 System Design -Virtualization Architecture In our NVP design, we implement the logical datapaths in the software virtual switches on each host, leveraging a set of tunnels between every pair of host-hypervisors. National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

8 System Design -Virtualization Architecture For packet replication, NVP constructs a simple multicast overlay using additional physical forwarding elements called service nodes. Some tenants want to interconnect their logical network with their existing physical one. This is done via gateway appliances. National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

9 System Design -Virtualization Architecture National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

10 System Design-Design Challenges Datapath design and acceleration Declarative programming Scaling the computation National Cheng Kung University CSIE Computer & Internet Architecture Lab 10

11 Virtualization Support at the Edge -Implementing the Logical Datapath NVP uses Open vSwitch (OVS) in all transport nodes to forward packets. OVS is remotely configurable by the NVP controller cluster via two protocols OpenFlow OVSDB management protocol Each logical datapath consists of a series (pipeline) of logical flow tables, each with its own globally- unique identifier. National Cheng Kung University CSIE Computer & Internet Architecture Lab 11

12 Virtualization Support at the Edge -Implementing the Logical Datapath National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

13 Virtualization Support at the Edge -Forwarding Performance To achieve efficient flow lookups on x86, OVS exploits traffic locality. To re-enable hardware offloading for encapsulated traffic with existing NICs, NVP uses an encapsulation method called STT. STT places a standard, but fake, TCP header after the physical IP header. National Cheng Kung University CSIE Computer & Internet Architecture Lab 13

14 Virtualization Support at the Edge -Fast Failovers NVP deployments have multiple service nodes to ensure that any one service node failure does not disrupt logical broadcast and multicast traffic. NVP deployments typically involve multiple gateway nodes for each bridged physical network. NVP must ensure that no loops between the logical and physical networks are possible. National Cheng Kung University CSIE Computer & Internet Architecture Lab 14

15 Forwarding State Computation National Cheng Kung University CSIE Computer & Internet Architecture Lab 15

16 Forwarding State Computation National Cheng Kung University CSIE Computer & Internet Architecture Lab 16 we implemented a domain-specific, declarative language called nlog for computing the network forwarding state. The logic is written in a declarative manner that specifies a function mapping the controller input to output.

17 Forwarding State Computation nlog declarations are Datalog queries: a single declaration is a join over a number of tables that produces immutable tuples for a head table. National Cheng Kung University CSIE Computer & Internet Architecture Lab 17

18 Controller Cluster -Scaling and Availability of Computation Two-layer distributed controller Logical controllers: Compute flows and tunnels for logical datapaths Physical controllers: Communicate with hypervisors, gateways, and service nodes National Cheng Kung University CSIE Computer & Internet Architecture Lab 18

19 Controller Cluster -Scaling and Availability of Computation To provide failover within the cluster, NVP provisions hot standbys at both the logical and physical controller layers by exploiting the sharding mechanism. One controller, acting as a sharding coordinator, ensures that every shard is assigned one master controller and one or more other controllers acting as hot standbys. National Cheng Kung University CSIE Computer & Internet Architecture Lab 19

20 Controller Cluster -Distributed Services NVP is built on the Onix controller platform and thus has access to the elementary distributed services Onix provides. National Cheng Kung University CSIE Computer & Internet Architecture Lab 20

21 Controller Cluster -Distributed Services Leader election Each controller must know which shard it manages, and must also know when to take over responsibility of slices managed by a controller that has disconnected. Label allocation A network packet encapsulated in a tunnel must carry a label that denotes the logical egress port to which the packet is destined, so the receiving hypervisor can properly process it. National Cheng Kung University CSIE Computer & Internet Architecture Lab 21

22 Controller Cluster -API for Service Providers To support integrating with a service provider’s existing cloud management system, NVP exposes an HTTP-based REST API in which network elements, physical or logical, are presented as objects. National Cheng Kung University CSIE Computer & Internet Architecture Lab 22

23 Evaluation-Controller Cluster The configuration in the following tests has 3,000 simulated hypervisors, each with 21 vNICs. There are 7000 logical datapaths, each coupled with a logical control plane modeling a logical switch. The test control cluster has three nodes. Each controller is a bare-metal Intel Xeon 2.4GHz server with 12 cores, 96GB of memory, and 400GB hard disk. National Cheng Kung University CSIE Computer & Internet Architecture Lab 23

24 Evaluation-Controller Cluster Cold start test simulates bringing the entire system back online after a major datacenter disaster in which all servers crash and all volatile memory is lost. Restore test simulates a milder scenario where the whole control cluster crashes and loses all volatile state but the dataplane remains intact. National Cheng Kung University CSIE Computer & Internet Architecture Lab 24

25 Evaluation-Controller Cluster Failover test simulates a failure of a single controller within a cluster. Steady state we start with a converged idle system. We then add 10 logical ports to existing switches through API calls, wait for connectivity correctness on these new ports, and then delete them. National Cheng Kung University CSIE Computer & Internet Architecture Lab 25

26 Evaluation-Controller Cluster National Cheng Kung University CSIE Computer & Internet Architecture Lab 26

27 Evaluation-Controller Cluster National Cheng Kung University CSIE Computer & Internet Architecture Lab 27

28 Evaluation-Controller Cluster National Cheng Kung University CSIE Computer & Internet Architecture Lab 28

29 Evaluation-Controller Cluster National Cheng Kung University CSIE Computer & Internet Architecture Lab 29

30 Evaluation-Transport Nodes National Cheng Kung University CSIE Computer & Internet Architecture Lab 30

Download ppt "Network Virtualization in Multi-tenant Datacenters Author: VMware, UC Berkeley and ICSI Publisher: 11th USENIX Symposium on Networked Systems Design and."

Similar presentations

And many others…. Deliver networking as part of pooled, automated infrastructure Ensure multitenant isolation, scale and performance Expand.

And many others…. Deliver networking as part of pooled, automated infrastructure Ensure multitenant isolation, scale and performance Expand.
PortLand: A Scalable Fault-Tolerant Layer 2 Data Center Network Fabric

PortLand: A Scalable Fault-Tolerant Layer 2 Data Center Network Fabric
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Author : Martín Casado, Teemu Koponen, Scott Shenker, Amin Tootoonchian Publisher : Presenter : Pei-Hua Huang Date : 2013/10/02 Fabric: A Retrospective.

Author : Martín Casado, Teemu Koponen, Scott Shenker, Amin Tootoonchian Publisher : Presenter : Pei-Hua Huang Date : 2013/10/02 Fabric: A Retrospective.
Xen , Linux Vserver , Planet Lab

Xen , Linux Vserver , Planet Lab
Chapter 18. IP: Internet Protocol Addresses

Chapter 18. IP: Internet Protocol Addresses
SDN in Openstack - A real-life implementation Leo Wong.

SDN in Openstack - A real-life implementation Leo Wong.
Network Overlay Framework Draft-lasserre-nvo3-framework-01.

Network Overlay Framework Draft-lasserre-nvo3-framework-01.
Must have static IP address pool and VLANs for Provider Address (PA) network – network on which NVGRE encapsulated packets are sent All subnets.

Must have static IP address pool and VLANs for Provider Address (PA) network – network on which NVGRE encapsulated packets are sent All subnets.
Internet In A Slice Andy Bavier CS461 Lecture.

Internet In A Slice Andy Bavier CS461 Lecture.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Chapter 9 Classification And Forwarding. Outline.

Chapter 9 Classification And Forwarding. Outline.
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
COMPUTER NETWORKS.

COMPUTER NETWORKS.
1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.

1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.
Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.

Network+ Guide to Networks 6 th Edition Chapter 10 Virtual Networks and Remote Access.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.

OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.

Similar presentations

Ads by Google