Presentation is loading. Please wait.

Presentation is loading. Please wait.

Create a dynamic datacenter with software-defined networking

Similar presentations


Presentation on theme: "Create a dynamic datacenter with software-defined networking"— Presentation transcript:

1 Create a dynamic datacenter with software-defined networking
4/25/ :46 PM Create a dynamic datacenter with software-defined networking © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Common Customer Challenges
Agility in deploying new services IT is frequently the bottleneck various Business Groups How do you become the HERO!? Flexibility in deployment Once a workload is deployed, it can be hard to move it around within the datacenter and across clouds How can you unshackle your workloads? Availability Infrastructure issues frequently cause services to go down causing SLAs to get missed How can you provide an even better SLA on the same infrastructure!? Security Attacks frequently gets in through one host (an unpatched one!), and then spreads across the rest of the infrastructure. How can you model your network to make this MUCH harder?

3 We faced the same challenges
At a much higher scale!

4 >5 >50 425 >57% >90,000 >18 1 TRILLION 1,400,000
Fortune 500 using Azure >57% Build 2012 4/25/2017 425 MILLION AAD users 1 TRILLION Event Hubs events/month >90,000 >18 BILLION Azure Active Directory authentications/week New Azure customers a month Azure Scale Momentum >50 TRILLION storage objects 1,400,000 1 out of 5 VMs >5 are Linux VMs SQL databases in Azure MILLION requests/sec © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 So, how did we do it? Start by finding the right abstractions

6 SDN: Building the right abstractions for Scale
Abstract by separating management, control, and data planes Azure Resource Manager Example: ACLs Management plane Create a tenant ACL Control plane Plumb these tenant ACLs to these switches Data plane Apply these ACLs to these flows Management Plane Controller Data plane needs to apply per-flow policy to millions of VMs How do we apply billions of flow policy actions to packets? Control Plane Switch (Host)

7 Solution: Host Networking
If every host performs all packet actions for its own VMs, scale is much more tractable Use a tiny bit of the distributed computing power of millions of servers to solve the SDN problem If millions of hosts work to implement billions of flows, each host only needs thousands Build the controller abstraction to push all SDN to the host

8 Virtual Networks on the Host
Customer Config A Virtual Network is essentially a set of mappings from a customer defined address space (CAs) to provider addresses (PAs) of hosts where VMs are located Separate the interface to specify a Virtual Network from the interface to plumb mappings to switches via a Network Controller All CA<-> PA mappings for a local VM reside on the VM’s host, and are applied there Azure Frontend Northbound API VNet Description (CAs) Controller L3 Forwarding Policy (CAs <-> PAs) Southbound API Hyper-V Hyper-V VMSwitch VMSwitch Green VMs CA Space Blue VMs CA Space

9 Green Enterprise Network
Controllers Customer Config Frontend VNet Description Green Enterprise Network 10.2/16 Consensus Protocol Secondary Controllers Controller VPN GW L3 Forwarding Policy Node1: Blue VM1 Green VM1 Azure VMSwitch Node2: Red VM1 Green VM2 Azure VMSwitch Node3: Green S2S GW Azure VMSwitch

10 Forwarding Policy: Traffic to on-prem
Green Enterpise Network 10.2/16 VPN GW Controller Src: Dst: L3VPN PPP L3 Forwarding Policy Policy lookup: 10.2/16 routes to GW on host with PA Src: Dst: GRE:Green Src: Dst: Node1: Blue VM1 Green VM1 Azure VMSwitch Node3: Green S2S GW Azure VMSwitch Src: Dst: Src: Dst:

11 Site-to-Site VPN Internet S2S connectivity to branch offices
Connecting Virtual Networks in other Azure Sites BGP for route updates Transit routing for resiliency Internet Contoso HQ VPN Gateway (Internet Edge) SQL Farm IIS Servers Services on public IPs Monitoring AD/DNS Contoso virtual networks/VMs Exchange

12 ExpressRoute Predictable performance Security High throughput
Microsoft WAN Corp HQ Branch office 1 Branch office 2 Public internet Predictable performance Security High throughput Lower cost ExpressRoute provides a private, dedicated, high-throughput network connection to Microsoft

13 Cloud Load Balancing All infrastructure runs behind an LB to enable high availability and application scale How do we make application load balancing scale to the cloud? Challenges: Load balancing the load balancers Hardware LBs are expensive, and cannot support the rapid creation/deletion of LB endpoints required in the cloud Support 10s of Gbps per cluster Support a simple provisioning model Internet LB Web Server VM Web Server VM IaaS VM IaaS VM SQL Service SQL Service

14 All-Software Load Balancer: Scale using the Hosts
Client VIP VIP Edge Routers Goal of an LB: Map a Virtual IP (VIP) to a Dynamic IP (DIP) set of a cloud service SDN controller abstracts out LB/vswitch interactions Two steps: Load Balance (select a DIP) and NAT (translate VIP->DIP and ports) Pushing the NAT to the vswitch makes the LBs stateless (ECMP) and enables direct return VIP Tenant Definition: VIPs, # DIPs LB MUX LB MUX Controller NAT NAT Direct Return: VIP Mappings Stateless Tunnel VM DIP Azure VMSwitch VM DIP Azure VMSwitch NAT DIP DIP

15 Layered Security, Protection, and Isolation
Cloud Services & Virtual Machines Virtual Network Isolation Internet VM Firewall DDoS Protection DMZ & NSG ACLs

16 Network Security Groups
Segment network to meet security needs 5 tuple ACLs on both directions Can protect Internet and internal traffic Enables DMZ subnets Associated to subnets/VMs and now NICs ACLs can be updated independent of VMs On Premises 10.0/16 Internet ExpressRoute and VPNs VPN GW Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 Virtual Network

17 Network Virtual Functions/Appliances
4/25/2017 Network Virtual Functions/Appliances VMs that perform specific network functions Focus: Security (Firewall, IDS , IPS), Router/VPN, ADC (Application Delivery Controller), WAN Optimization Typically Linux or FreeBSD-based platforms 1st and 3rd Party Appliances Azure Marketplace Available through Azure Certified Program to ensure quality and simplify deployment © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Network Virtual Appliance Ecosystem
Build 2012 4/25/2017 Network Virtual Appliance Ecosystem © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Linux Networking on Hyper-V
Microsoft Ignite 2015 4/25/ :46 PM Linux Networking on Hyper-V Hot-add / hot-remove vNIC Add or remove a virtual NIC in a running Linux virtual machine Linux guest will add or remove the corresponding /dev entry New in Windows Server 2016 Hyper-V Network throughput Implemented vRSS/vSSS and various TCP offloads Instrumented and tightened code paths All improvements are upstream in the main Linux kernel Microsoft partners with distro vendors to get improvements built-in. Feature grids in Linux TechNet docs have version info. iperf3 (16 threads) iperf3 (16 threads) 9.4 Gbps throughput Linux guest (8 vCPUs) Linux guest (8 vCPUs) Hyper-V host #1 Hyper-V host #2 10G Ethernet © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Write Your App Once, Run Anywhere
4/25/2017 Write Your App Once, Run Anywhere Template Microsoft.Compute Resource 1 Resource 2 Microsoft.Storage Resource 3 Microsoft.Network Resource 4 Resource 5 WAP Identical across Azure and other clouds UI Portal ARM Azure Resource Manager Authentication, Authorization, Role Based Access Control (RBAC), Template handling xRP cache for resources SRP Storage Resource Provider CRP Compute Resource Provider NRP Network Resource Provider NC Network Controller © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Azure Stack Demo

22 Storage needs networking as well as compute
Storage needs networking as well as compute! How do we make Azure Storage scale?

23 RDMA: High Performance Transport
Memory Memory Write local buffer at Address A to remote buffer at Address B Buffer B is filled Buffer A Buffer B Application Application Remote DMA primitives (e.g. Read address, Write address) implemented on-NIC Zero Copy (NIC handles all transfers via DMA) Zero CPU Utilization at 40Gbps (NIC handles all packetization) <2μs E2E latency RoCEv2 enables Infiniband RDMA transport over IP/Ethernet network (all L3) Enabled at 40GbE for Azure Storage, achieving massive COGS savings by eliminating many CPUs in the rack All the logic is in the host. Software Defined Storage now scales with the Software Defined Network

24 Just so we’re clear… 40Gbps of I/O with 0% CPU

25 It gets better – Converged Fabric
4/25/2017 It gets better – Converged Fabric © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Network Performance Monitoring
4/25/2017 Network Performance Monitoring Internet Reduce MTTD and time to resolve issues through network performance monitoring, impact assessment, fault localization and health data Capabilities Loss & latency monitoring (Intra/Inter/Subnet to Internet) Impact assessment Advanced algorithms Network visibility SCOM integration Fault domain (Subnet1) Fault domain (Subnet2) © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Infrastructure Demo

28 Back to your challenges
Agility You get a default gallery of applications (eg. SharePoint, Exchange, etc) You get a self-service Portal that your customers/BGs use Customer picks a workload and all the underlying requirements automatically get plumbed into the infrastructure Flexibility Workloads can get instantiated into overlays or virtual networks You can move VMs around in the overlay without changing any IP addresses You can move subnets to different clouds altogether and connect via gateways Your apps can be written such that they work transparently in Azure or Azure Stack! Availability Every component in the underlying system is designed to ensure it remains available If one instance goes down, another one picks up Security Use the Distributed Firewall, Network Security Groups, and Virtual Appliances for more dynamic security Any others? We want to hear from you!

29 Summary As a platforms company, we wanted to create a Cloud platform that would solve for real customer needs. We did – with Microsoft Azure! With Microsoft Azure we faced a lot of the same challenges you currently are. We did not want to take away choice from you. Instead of forcing you into Azure, we instead are bringing Azure to you as well! Now you get to choose where to put your workloads while benefiting from the years of innovation and more to come We would love to hear your use cases and challenges. If you would like to take part in surveys that shape the future of Microsoft SDN. Please drop off a business card or send me contact info at

30 4/25/2017 © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "Create a dynamic datacenter with software-defined networking"

Similar presentations


Ads by Google