Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Defined Networking in Apache CloudStack

Published byMarcel Waln Modified over 10 years ago

Similar presentations

Presentation on theme: "Software Defined Networking in Apache CloudStack"— Presentation transcript:

1 Software Defined Networking in Apache CloudStack
Chiradeep Vittal CloudStack Committer @chiradeep

2 Agenda Introduction to CloudStack and IAAS What is SDN
Why SDN and IAAS? CloudStack’s Network Model Extensible Networking in CloudStack SDN integrations in CloudStack CloudStack’s native SDN approach Future

3 Build your cloud the way the world’s most successful clouds are built
Apache CloudStack History Incubating in the Apache Software Foundation since April 2012 Open Source since May 2010 In production since 2009 Tons of deployments, including large-scale commercial ones Build your cloud the way the world’s most successful clouds are built Need a better slide than this

4 How did Amazon build its cloud?
Amazon eCommerce Platform AWS API (EC2, S3, …) Amazon Orchestration Software Open Source Xen Hypervisor Networking Commodity Servers Commodity Storage

5 How can YOU build a cloud?
Amazon eCommerce Platform Optional Portal AWS API (EC2, S3, …) CloudStack or AWS API Amazon Orchestration Software CloudStack Orchestration Software Open Source Xen Hypervisor Hypervisor (Xen/KVM/VMW/) Networking Servers Storage

6 SDN Definition Separation of Control Plane from the hardware performing the forwarding function Control plane is logically centralized

7 SDN Advantages Centralized control makes it easier to configure, troubleshoot and maintain Eliminates ‘box’ mode of configuration Enables control at a high level

8 Related to SDN API layer over a collection of ‘boxes’ OpenFlow
API layer communicates with boxes using box-level APIs / ssh / telnet OpenFlow Standard protocol for the centralized control plane to talk to the forwarding elements. Tunnels / overlays SDN is valuable for virtual topologies Initial target of SDN implementation

9 Centralized control plane
MySQL/NoSQL Controller Cluster API Openflow/ssh/netconf/other Boxes

10 Defining Cloud Computing (IAAS)
Agility Re-provision complex infrastructure topologies in minutes, not days API Automate complex infrastructure tasks Virtualization Enables workload mobility and load sharing Multi-tenancy Share resources and costs

11 Defining Cloud Computing (IAAS)
Scalability Ability to consume resources limited by budget, not by infrastructure Elasticity Scale up and down on demand Reduce need to engineer for peak load Self-service No IT assistance

12 Cloud Networking Requirements
Agile Complex networking topologies created by non-network engineers API Language to talk with the network infrastructure layer (not CLI) Virtualization Hypervisor-level switches work together with physical infrastructure

13 Cloud Networking Requirements
Scalability Usually means L3 in the physical infrastructure Elasticity Release resources when not in use Introduce new resources on demand Self-service Novices deploying, maintaining, troubleshooting virtual networks

14 IAAS + SDN – made for each other
SDN enables agility API to controller enables easy changes to networks SDN works with virtualization / vSwitches Typical of most SDN controllers SDN controllers are designed for large scale SDN enables virtual networking The illusion of isolated networks on top of shared physical infrastructure

15 SDN issues Discovery of virtual address -> physical address mapping
VxLAN = multicast GRE = programmed by control plane L3 isolation = no mapping, no discovery

16 SDN issues State maintenance Large number of endpoints + flows
High arrival rate of new flows Needs fast and scalable storage and processing Differentiator between vendors

17 SDN issues L4-L7 Service insertion and orchestration
How do endpoints get services such as Firewall Load balancers IDS/IPS Service levels and performance Service Chaining

18 Network Virtualization in IAAS
Tenant 1 Virtual Network /24 Tenant 1 VM 1 Gateway address Tenant 1 VM 2 Internet Tenant 1 VM 3 Tenant 1 VM 4 With VLAN or L2 isolation, each tenant gets a contiguous range of ips in each network they create.

19 Network Virtualization in IAAS
Tenant 1 Virtual Network /24 Public Network Public IP address Tenant 1 VM 1 Gateway address Tenant 1 Edge Services Appliance(s) Tenant 1 VM 2 Internet NAT DHCP FW Tenant 1 VM 3 Tenant 1 VM 4 We can provide NAT, DHCP and FW services for example by starting a virtual appliance to provide gateway services to this network and provide the edge services. The virtual appliance has one NIC on the public VLAN and one nic on the VLAN assigned to the network.

20 Network Virtualization in IAAS
Tenant 1 Virtual Network /24 Public Network Public IP address Tenant 1 VM 1 Gateway address Tenant 1 Edge Services Appliance(s) Tenant 1 VM 2 Tenant 1 Edge Services Appliance(s) Internet NAT DHCP FW Tenant 1 VM 3 Load Balancing VPN Tenant 1 VM 4 If we wanted additional services like LB and VPN, the same virtual appliance or additional appliances or hardware devices can provide services (for example, load balancer and VPN)

21 Network Virtualization in IAAS
Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 Tenant 1 VM 4 Public Network Tenant 1 Virtual Network /24 Gateway address NAT DHCP FW Public IP address Tenant 1 Edge Services Appliance(s) Tenant 2 VM 2 Tenant 2 VM 3 Tenant 2 VM 1 Tenant 2 Virtual Network /24 VPN DHCP Tenant 2 Edge Services Appliance Public IP address Load Balancing Network Virtualization in IAAS Internet Every network created by any tenant can get its own unique set of services either by sharing hardware devices with other tenants or using dedicated appliances / devices. Each network gets its own VLAN

22 CloudStack Network Model
Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 Tenant 1 VM 4 Public Network Tenant 1 Virtual Network /24 Gateway address NAT DHCP FW Public IP address Tenant 1 Edge Services Appliance(s) Tenant 2 VM 2 Tenant 2 VM 3 Tenant 2 VM 1 Tenant 2 Virtual Network /24 VPN DHCP Tenant 2 Edge Services Appliance Public IP address Load Balancing Map virtual networks to physical infrastructure Define and provision network services in virtual networks Manage elasticity and scale of network services

23 CloudStack Network Model: Network Services
L2 connectivity IPAM DNS Routing ACL Firewall NAT VPN LB IDS IPS

24 CloudStack Network Model: Network Services
Service Providers L2 connectivity IPAM DNS Routing ACL Firewall NAT VPN LB IDS IPS Virtual appliances Hardware firewalls LB appliances SDN controllers IDS /IPS appliances VRF Hypervisor

25 CloudStack Network Model: Network Services
Service Providers Network Isolation L2 connectivity IPAM DNS Routing ACL Firewall NAT VPN LB IDS IPS Virtual appliances Hardware firewalls LB appliances SDN controllers IDS /IPS appliances VRF Hypervisor No isolation VLAN isolation Overlays L3 isolation

26 Service Catalog Cloud users are not exposed to the nature of the service provider Cloud operator designs a service catalog and offers them to end users. Gold = {LB + FW, using virtual appliances} Platinum = {LB + FW + VPN, using hardware appliances} Silver = {FW using virtual appliances, 10Mbps}

27 Service Catalog examples
/24 VLAN 100 DHCP, DNS NAT Load Balancing VPN VM 1 VM 2 VM 3 VM 4 CS Virtual Router L2 network with software appliances /24 VLAN 100 DHCP, DNS CS Virtual Router VM 1 VM 2 VM 3 VM 4 Netscaler Load Balancer Juniper SRX Firewall L2 network with hardware appliances NAT, VPN If some tenants require more performance than that can be offered with a virtual appliance, they can choose a network offering that is backed by more powerful hardware appliances. For example, CloudStack can orchestrate a Juniper SRX and a Citrix Netscaler device together to offer a combination of powerful firewall and load balancing services. Upgrade

28 Multi-tier virtual networking
Internet Loadbalancer (virtual or HW) Customer Premises IPSec or SSL site-to-site VPN Virtual appliance/ Hardware Devices MPLS VLAN Web VM 1 Web VM 2 Web VM 3 Web VM 4 Web subnet /24 VLAN 101 DB Subnet /24 DB VM 1 VLAN 2724 App subnet /24 App VM 1 App VM 2 VLAN 353 Network Services IPAM DNS LB [intra] S-2-S VPN Static Routes ACLs NAT, PF FW [ingress & egress] Additionally you can connect the entire set of networks to a site-to-site VPN using ipsec or an MPLS VLAN.

29 Orchestration Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware and services Wikipedia

30 CloudStack Architecture
Hypervisor Plugins Orchestration Core Plugin Framework Network Plugins Storage Plugins Allocator Plugins

31 CloudStack Architecture
XenServer VMWare KVM OracleVM Hypervisor Plugins Orchestration Core Plugin Framework Nicira Netscaler Brocade MidoNet Network Plugins Allocator Plugins Random User-concentrated Intel TXT Affinity

32 CloudStack Orchestration
Hypervisor Resource 5 4 Hypervisor Plugins Orchestration Core Plugin Framework 6 Network Resource Network Plugins API API 7 API Allocator Plugins Storage Plugins 8 1 2 3 9 Storage Resource Storage Resource Allocator Plugins Allocator Plugins Physical Resources Orchestration steps can be executed in parallel or in sequence

33 CloudStack and SDN Physical Resources
Hypervisor Resource 5 4 Hypervisor Plugins Orchestration core Plugin Framework 6 Network Resource SDN controller Network Plugins API API 7 API Allocator Plugins Storage Plugins 8 1 2 3 9 Storage Resource Storage Resource Allocator Plugins Allocator Plugins Physical Resources Network plugin is the glue that understands the SDN controller’s API

34 CloudStack SDN Integration
Nicira NVP L2 (STT) isolation in 4.0 Source NAT / Logical Router in 4.2 BigSwitch VLAN isolation in 4.1 VNS in 4.2 Midokura L2-L4 network virtualization Coming in 4.2 CloudStack Native Tech preview (since 4.0) Requires XenServer

35 VM Orchestration Example
Hypervisor Resource Call Hypervisor APIs Hypervisor Plugins Orchestration core Plugin Framework Network Resource SDN controller API Network Plugins API API Allocator Plugins Storage Plugins Storage Resource Storage Resource Start 3 VMs Allocator Plugins Allocator Plugins Allocate hypervisors VM 1 Host 1 Host 3 VM 2 VM 3 VR Host 2 Host 4

36 Built-in (native) controller
Create Full Mesh of GRE tunnels (if they don't already exist) between hosts on which VMs are deployed CloudStack SDN controller programs the Open vSwitch (OVS) on XenServer to configure GRE tunnels CloudStack SDN Controller Host 1 (Pod 2) OVS Host 3 (Pod 3) VM 1 GRE Tunnel Host 2 (Pod 4) OVS Host 4 (Pod 2) OVS VM 2 VM 3 VR GRE Tunnel GRE Tunnel

37 Built-in controller Assign 'Tenant' key for isolation
New tenants can share the established GRE tunnels with separate tenant keys Tenant1 Tenant2 Host 1 Host 3 VM 1 VM 1 VM 3 VR GRE Tunnel Host 2 Host 4 VM 2 VM 2 VM 3 VR GRE Tunnel GRE Tunnel

38 What makes it different
Purpose built for IAAS Not general purpose SDN solution Proactive model Deny all flows except the ones programmed by the end-user API Scaling problem is manageable Part of CloudStack ASF project Uses Virtual Router to provide L3-L7 network services Could change

39 Futures AWS VPC semantics Optimize ARP & DHCP responses
Support security groups, ACL Optimize ARP & DHCP responses Cross-zone networks Optimize inter-subnet routing

Download ppt "Software Defined Networking in Apache CloudStack"

Similar presentations

Elastic Provisioning In Virtual Private Clouds

Elastic Provisioning In Virtual Private Clouds
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
And many others…. Deliver networking as part of pooled, automated infrastructure Ensure multitenant isolation, scale and performance Expand.

And many others…. Deliver networking as part of pooled, automated infrastructure Ensure multitenant isolation, scale and performance Expand.
Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Windows® Deployment Services

Windows® Deployment Services
HetnetIP Ethernet BackHaul Configuration Automation Demo.

HetnetIP Ethernet BackHaul Configuration Automation Demo.
© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.

© 2012 IBM Corporation Architecture of Quantum Folsom Release Yong Sheng Gong ( 龚永生 ) gongysh #openstack-dev Quantum Core developer.
Connect communicate collaborate GN3plus What the network should do for clouds? Christos Argyropoulos National Technical University of Athens (NTUA) Institute.

Connect communicate collaborate GN3plus What the network should do for clouds? Christos Argyropoulos National Technical University of Athens (NTUA) Institute.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle’s Next-Generation SDN Platform Andrew Thomas Architect Corporate Architecture.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle’s Next-Generation SDN Platform Andrew Thomas Architect Corporate Architecture.
CloudStack Scalability Testing, Development, Results, and Futures Anthony Xu Apache CloudStack contributor.

CloudStack Scalability Testing, Development, Results, and Futures Anthony Xu Apache CloudStack contributor.
A 5 minutes intro to Openstack (and a few more minutes on Openstack Networking) Salvatore Orlando 3 rd OSUG Italy Meetup Rome, May 9 th 2013.

A 5 minutes intro to Openstack (and a few more minutes on Openstack Networking) Salvatore Orlando 3 rd OSUG Italy Meetup Rome, May 9 th 2013.
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
Application Centric Infrastructure

Application Centric Infrastructure
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
SDN in Openstack - A real-life implementation Leo Wong.

SDN in Openstack - A real-life implementation Leo Wong.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
SDN Controller Requirement draft-gu-sdnrg-sdn-controller-requirement-00 Rong Gu (Presenter) Chen Li China Mobile.

SDN Controller Requirement draft-gu-sdnrg-sdn-controller-requirement-00 Rong Gu (Presenter) Chen Li China Mobile.
A Survey of Network Orchestration in Cloud

A Survey of Network Orchestration in Cloud

Similar presentations

Ads by Google