NetCloud 2013 Non-Tunneling Edge-Overlay Model using OpenFlow for Cloud Datacenter Networks Nagoya Institute of Technology, Japan Ryota Kawashima and Hiroshi Matsuo

Outlines Backgrounds Edge-Overlay (Distributed Tunnels) Proposed method Evaluation Conclusion 2

Backgrounds – Network Virtualization Multi-tenant Datacenter Networks  Each tenant uses virtual networks  Each virtual network shares the physical network resources Physical network /8 VM Virtual network /24 Virtual network /16 Virtual network /8 Tenant 1 Tenant 2 Tenant 3 3

Backgrounds – VLAN limitations Each virtual network has its own VLAN ID A VLAN tag is inserted into Ethernet frames Ethernet VLAN PayloadFCS Problems with VLAN The maximum number of VLANs is 4094 Physical switches learn VMs' MAC addresses VLAN ID (1 ～ 4094) is included 4 VM's frame

Backgrounds – Edge-Overlay L2-in-L3 tunneling VM Virtual switch Physical server VLAN problems can be addressed Over 16 million virtual networks can be supported VMs' MAC addresses are hidden from physical switches Existing network devices can be used Virtual switches provide many high-level functions 5 Virtual switch

Tunneling protocols Ethernet (Physical) IP (Physical) VXLAN UDP FCS Ethernet (Virtual) Payload VXLAN VM's frame Ethernet (Physical) IP (Physical) NVGRE FCS Ethernet (Virtual) Payload NVGRE VM's frame Ethernet (Physical) IP (Physical) STT TCP-like FCS Ethernet (Virtual) Payload STT VM's frame 24bit ID 64bit ID TCP-like header NIC offloading (TSO) 6

Problems with Tunneling (1 / 2) IP Fragmentation at the physical server Payload Header Payload Header Payload Header VM Physical Server HeaderPayload Header Fragmentation 7

Problems with Tunneling (2 / 2) Compatibility with existing environment  IP Multicasting should be supported (VXLAN)  Load balancing (ECMP) is not supported (NVGRE)  Firewalls, IDS, load balancer may discard the frames (STT)  TSO cannot be used (VXLAN, NVGRE) Practical problem  Supported protocols differs between products (vendor lock-in) 8

Proposed Method Yet another edge-overlay method  Tunneling protocols are not used  No IP fragmentation at the physical server layer  OpenFlow-enabled virtual switches  No VLAN limitations  Compatibility with existing environment 9

Method1 - MAC Address Translation MAC addresses within the frame are replaced  SRC address : VM1's address => SV1's address  DEST address : VM2's address => SV2's address VM 1 VM 2 VM1 => VM2 Physical Server (SV1)Physical Server (SV2) SV1 => SV2 SV1 => VM2 VMs' MAC addresses are hidden from the physical switches Virtual Switch 10

Method2 – Host-based VLAN VM Tenant 1Tenant 2 VID=10 VID=20 Server VM Tenant 1 Tenant 2 VID=20 VID=10 Virtual Network (VID10) Virtual Network (VID20) Traditional VM Tenant 1Tenant 2 VID=10 VID=20 VID=30 Server VM Tenant 1 Tenant 2 VID=20 VID=10 Proposal VID is globally unique VID is unique within a server 11

Feature Comparison 12 ProposalVXLANNVGRESTTVLAN Physical NetworkL2L2 / L3 L2 MAC address hiding ✔✔✔✔ - No. of virtual networksUnlimited16 million 18 quintillion4094 IP Multicasting-Required--- Load balancing (ECMP) ✔✔ - ✔✔ FW, IDS, LB Transparency ✔✔✔ - ✔ IP Fragmentation (Physical) -Occur - TSO support ✔ -- ✔✔

Performance Evaluation VM-to-VM communication 13 Virtual switch Physical server 1 VM1 (Sender) Iperf client VM2 (Receiver) Physical server 2 GbE switching hub Virtual switch OpenFlow Controller Iperf server GRE / VXLAN tunnel

Evaluation Result (UDP) The performance of proposed method was equal to "Optimal" IP fragmentation affected the no. of frames and performance Fragmentation at the VM Fragmentation by GRE encapsulation Fragmentation by VXLAN encapsulation The no. of frames = 3 The no. of frames = 5 14

Conclusion Yet another Edge-overlay method  No tunneling protocols  No IP fragmentation at physical server layer  Higher throughput than tunneling protocols  L2 network Future Work  Further evaluation is necessary 10/40 GbE environment  MPLS support 15