Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attilla de Groot | Sr. Systems Engineer, HCIE #3494 | Cumulus Networks

Published byMorris Webb Modified over 5 years ago

Similar presentations

Presentation on theme: "Attilla de Groot | Sr. Systems Engineer, HCIE #3494 | Cumulus Networks"— Presentation transcript:

1 Attilla de Groot | Sr. Systems Engineer, HCIE #3494 | Cumulus Networks
EVPN to the host Host multitenancy Attilla de Groot Introduction Not a vendor EVPN pitch Attilla de Groot | Sr. Systems Engineer, HCIE #3494 | Cumulus Networks

2 Agenda EVPN to the Host Multi tenancy use cases Deployment issues
Host integration with EVPN Caveats and future work Deployment scenarios from customer (field deployment experience) Issues with theses How to integrate it with EVPN Caveats and Future work

3 Multi tenancy use cases Virtualization environments
VM environments MLAG to hypervisors Vxlan between hosts Double overlay Dedicated network nodes Typical VM environment with either a Vmware NSX or Openstack MLAG to a hypervisor with one or more vlans to this (can also be routing, but not frequently used) Double overlay if multiple vlans Dedicated network nodes that tenant traffic flows through

4 Multi tenancy use cases VM deployment issues
Architecture issues MLAG to hypervisors Vxlan between hosts Double overlay Dedicated network nodes Orchestration problems MLAG to hypervisors, not a standard, still layer2, host configuration? VxLAN between hosts ignores underlay, traffic tromboning etc. If multiple VLANs, double overlay with Vxlan in ”underlay” Dedicated network nodes create their own issues: redundancy, latency, bottleneck Orchestration, who manages what? Network integration and a bare metal host, OVSDB … etc.

5 Multi tenancy use cases Container environments
BGP to hosts Host route advertisement Docker management Container overlay Container deployments already do routing to hosts Advertise the hosts (or container) IPs into the fabric Sometimes a container overlay with VxLAN as well (using dedicated network node again)

6 Multi tenancy use cases Container deployment issues
Architecture issues Host networking Multi-tenancy IP prefix overlap ACL management Who manages the host networking part? Multitenancy on hosts, dedicate host to customer? No IP prefix multi-tenancy ACLs for tenant separation

7 Host integration with EVPN Open standards
EVPN on hosts Vlan aware bridge VRF in Linux kernel VxLAN Free Range Routing with EVPN Ifupdown2 Iproute2 uname -a Linux server generic # SMP Mon Jun 4 19:55:25 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux vrf list VRF              Table mgmt              1001 tenant3           1002 tenant2           1003 tenant1           1004 Quite some changes and updates on the Linux networking over the past few years Vlan aware bridge, mostly an valid for a whitebox environment, but also easier to configure and maintain VRFs natively in the Linux kernel (>= 4.10) Kernel VxLAN support Free range routing has support for EVPN, type 2,3 and 5 Tools like ifupdown2 and iproute2

8 Host integration with EVPN Host connectivity
auto eth1 iface eth1 auto eth2 iface eth2 router bgp 65501  bgp router-id  bgp bestpath as-path multipath-relax  neighbor FABRIC peer-group  neighbor FABRIC remote-as external  neighbor FABRIC timers 1 3  neighbor eth1 interface peer-group FABRIC  neighbor eth2 interface peer-group FABRIC  !  address-family ipv4 unicast   redistribute connected route-map loopbacks  exit-address-family  address-family l2vpn evpn    neighbor FABRIC activate    advertise-all-vni    advertise ipv4 unicast    advertise ipv6 unicast ! route-map loopbacks permit 10  match interface lo Host connectivity Routing to hosts BGP unnumbered RFC5549 Loopback advertisement EVPN address family interface eth1   ipv6 nd ra-interval 10  no ipv6 nd suppress-ra interface eth2  What does it get you? Always routing to hosts with BGP, no more MLAG and Layer2 FRR has support for BGP unnumbered, easy configuration Assuming that network does do EVPN, advertise loopback and enable address family

9 Host integration with EVPN L2 tenancy
Vlan-aware bridge ARP / ND suppression L2VNIs EVPN Type-2 L2 requirement for VMs Build L2VNIs, advertised over EVPN Advertise MAC/IP routes Control over broadcast domain with ARP / ND suppression

10 Host integration with EVPN Distributed routing
Gateway location SVIs on host Anycast gateway Local host routing Where to start routing? Centralized? Solving the networking node issue. EVPN & Distributed routing with anycast gateway Start routing on the host by configuring an SVI in the local vlan

11 Host integration with EVPN L3 tenancy
VRFs on host Prefix advertisement L3VNIs EVPN Type-5 Multiple tenants on hosts with L3 separation Use Linux VRFs in combination with L3VNIs Announce prefixes with EVPN type5

12 Host integration with EVPN Container integration
Container IP redistribution Host route advertisement Prefix overlap No ACLs for tenant segregation Container multitenancy, how to do? Redistribute container IPs in specific VRF (typically through the docker API) Allow for prefix overlap and remove the need for ACLs for segregation

13 Host integration with EVPN Bare metal integration
Integration with RFC standard L2 stretching L3 tenancy Distributed routing Integrate bare metal hosts with single protocol and anycast VTEP Allow for distributed routing for both solutions

14 Future work Proof of technology
uname -a Linux server generic # SMP Mon Jun 4 19:55:25 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux Proof of technology Commercial support Software / tools availability Linux kernel FRR Demo bridge vlan port vlan ids bridge 1 PVID Egress Untagged 1010 1011 1012 1013 1014 vrf list VRF              Table mgmt              1001 tenant3           1002 tenant2           1003 tenant1           1004 sudo vtysh -c "show bgp evpn vni"   VNI        Type RD                    Import RT                 Export RT                 Tenant VRF                             *     L2   :5        65501:101010              65501:             tenant1                               *     L2   :3        65501:101012              65501:             tenant2                               *     L2   :7        65501:101014              65501:             tenant3 *     L3   :8         65501:404001              65501:             tenant1                               *     L3   :9         65501:404002              65501:             tenant2                               *     L3   :10        65501:404003              65501:             tenant3  While available right now (demo), this is all quite new No commercial support for FRR, new kernel and FRR Sevaral tools combined

15 Future work Orchestration & Caveats
Openstack neutron Kubernetes / Swarm Host / Network management Head-end replication BUM anycast Merchant silicon limitations Multicast replication PIM-SM Integration with orchestration tools Openstack neutron driver to control FRR, bridge VNI configuration? Who (tools) manages the hosts and network parts? BUM anycast replication with Merchant silicon Multicast replication according to VxLAN RFC Planned to be implemented in FRR … PIM-SM on hosts?

16 Future work Route leaking & Micro segmentation
Inter tenant traffic Service tenant FRR implementation Micro segmentation Host traffic filtering Filtering with BPF Flowspec for ACL distribution If there is the requirement for inter tenant traffic … through router on a stick or firewall “Service” tenant for services like DNS or general tenant services Not yet implemented in FRR Micro segmentation inside a tenant for application security Kernel development for doing filtering with BPF on hosts Using flowspec for distributing the ACLs

17 EVPN to the Host Questions ?

18

Download ppt "Attilla de Groot | Sr. Systems Engineer, HCIE #3494 | Cumulus Networks"

Similar presentations

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Bringing Together Linux-based Switches and Neutron

Bringing Together Linux-based Switches and Neutron
L3 + VXLAN Made Practical

L3 + VXLAN Made Practical
Ethernet VPN (EVPN) - Casos de Uso e Aplicação

Ethernet VPN (EVPN) - Casos de Uso e Aplicação
Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.

Seamless migration from Nova-network to Neutron in eBay production Chengyuan Li, Han Zhou.
Introduction into VXLAN Russian IPv6 day June 6 th, 2012 Frank Laforsch Systems Engineer, EMEA

Introduction into VXLAN Russian IPv6 day June 6 th, 2012 Frank Laforsch Systems Engineer, EMEA
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
OpenContrail Quickstart

OpenContrail Quickstart
MPLS And The Data Center Adrian Farrel Old Dog Consulting / Juniper Networks

MPLS And The Data Center Adrian Farrel Old Dog Consulting / Juniper Networks
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Networking in the cloud: An SDN primer Ben Cherian Chief Strategy Midokura.

Networking in the cloud: An SDN primer Ben Cherian Chief Strategy Midokura.
Linux Networking #2 Dr. Michael L. Collard 1.

Linux Networking #2 Dr. Michael L. Collard 1.
Draft-bitar-nvo3-vpn-applicability-00.txt Page - 1 Cloud Networking: Framework and VPN Applicability draft-bitar-nvo3-vpn-applicability-00.txt Nabil Bitar.

Draft-bitar-nvo3-vpn-applicability-00.txt Page - 1 Cloud Networking: Framework and VPN Applicability draft-bitar-nvo3-vpn-applicability-00.txt Nabil Bitar.
Chapter 8: Virtual LAN (VLAN)

Chapter 8: Virtual LAN (VLAN)
CON8474 - Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.

CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNP 1 v3.0 Module 2 Advanced IP Addressing Management Cisco Networking Academy.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNP 1 v3.0 Module 2 Advanced IP Addressing Management Cisco Networking Academy.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.

Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
VXLAN Nexus 9000 Module 6 – MP-BGP EVPN - Design

VXLAN Nexus 9000 Module 6 – MP-BGP EVPN - Design
VXLAN – Deepdive Module 5

VXLAN – Deepdive Module 5
1 © 2015-2016 OneCloud and/or its affiliates. All rights reserved. VXLAN Overview Module 4.

1 © OneCloud and/or its affiliates. All rights reserved. VXLAN Overview Module 4.

Similar presentations

Ads by Google