1 / 39

Software Defined Networking in Apache CloudStack

Software Defined Networking in Apache CloudStack. Chiradeep Vittal CloudStack Committer @ chiradeep. Agenda. Introduction to CloudStack and IAAS What is SDN Why SDN and IAAS? CloudStack’s Network Model Extensible Networking in CloudStack SDN integrations in CloudStack

nenet
Télécharger la présentation

Software Defined Networking in Apache CloudStack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Software Defined Networking in Apache CloudStack Chiradeep Vittal CloudStack Committer @chiradeep

  2. Agenda • Introduction to CloudStack and IAAS • What is SDN • Why SDN and IAAS? • CloudStack’s Network Model • Extensible Networking in CloudStack • SDN integrations in CloudStack • CloudStack’s native SDN approach • Future

  3. Apache CloudStack • History • Incubating in the Apache Software Foundation since April 2012 • Open Source since May 2010 • In production since 2009 • Tons of deployments, including large-scale commercial ones Build your cloud the way the world’s most successful clouds are built

  4. How did Amazon build its cloud? Amazon eCommerce Platform AWS API (EC2, S3, …) Amazon Orchestration Software Open Source Xen Hypervisor Networking Commodity Servers Commodity Storage

  5. How can YOU build a cloud? Amazon eCommerce Platform Optional Portal AWS API (EC2, S3, …) CloudStack or AWS API CloudStack Orchestration Software Amazon Orchestration Software Hypervisor (Xen/KVM/VMW/) Open Source Xen Hypervisor Networking Storage Servers

  6. SDN Definition • Separation of Control Plane from the hardware performing the forwarding function • Control plane is logically centralized

  7. SDN Advantages • Centralized control makes it easier to configure, troubleshoot and maintain • Eliminates ‘box’ mode of configuration • Enables control at a high level

  8. Related to SDN • API layer over a collection of ‘boxes’ • API layer communicates with boxes using box-level APIs / ssh / telnet • OpenFlow • Standard protocol for the centralized control plane to talk to the forwarding elements. • Tunnels / overlays • SDN is valuable for virtual topologies • Initial target of SDN implementation

  9. API Controller Cluster MySQL/NoSQL Centralized control plane Openflow/ssh/netconf/other Boxes

  10. Defining Cloud Computing (IAAS) • Agility • Re-provision complex infrastructure topologies in minutes, not days • API • Automate complex infrastructure tasks • Virtualization • Enables workload mobility and load sharing • Multi-tenancy • Share resources and costs

  11. Defining Cloud Computing (IAAS) • Scalability • Ability to consume resources limited by budget, not by infrastructure • Elasticity • Scale up and down on demand • Reduce need to engineer for peak load • Self-service • No IT assistance

  12. Cloud Networking Requirements • Agile • Complex networking topologies created by non-network engineers • API • Language to talk with the network infrastructure layer (not CLI) • Virtualization • Hypervisor-level switches work together with physical infrastructure

  13. Cloud Networking Requirements • Scalability • Usually means L3 in the physical infrastructure • Elasticity • Release resources when not in use • Introduce new resources on demand • Self-service • Novices deploying, maintaining, troubleshooting virtual networks

  14. IAAS + SDN – made for each other • SDN enables agility • API to controller enables easy changes to networks • SDN works with virtualization / vSwitches • Typical of most SDN controllers • SDN controllers are designed for large scale • SDN enables virtual networking • The illusion of isolated networks on top of shared physical infrastructure

  15. SDN issues • Discovery of virtual address -> physical address mapping • VxLAN = multicast • GRE = programmed by control plane • L3 isolation = no mapping, no discovery

  16. SDN issues • State maintenance • Large number of endpoints + flows • High arrival rate of new flows • Needs fast and scalable storage and processing • Differentiator between vendors

  17. SDN issues • L4-L7 • Service insertion and orchestration • How do endpoints get services such as • Firewall • Load balancers • IDS/IPS • Service levels and performance • Service Chaining

  18. Network Virtualization in IAAS Tenant 1 Virtual Network 10.1.1.0/24 Tenant 1 VM 1 10.1.1.2 Gateway address 10.1.1.1 Tenant 1 VM 2 10.1.1.3 Internet Tenant 1 VM 3 10.1.1.4 Tenant 1 VM 4 10.1.1.5

  19. Network Virtualization in IAAS Tenant 1 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.11 65.37.141.36 Public Network Tenant 1 VM 1 10.1.1.2 Gateway address 10.1.1.1 Tenant 1 Edge Services Appliance(s) Tenant 1 VM 2 10.1.1.3 Internet NAT DHCPFW Tenant 1 VM 3 10.1.1.4 Tenant 1 VM 4 10.1.1.5

  20. Network Virtualization in IAAS Tenant 1 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.11 65.37.141.36 Public Network Tenant 1 VM 1 10.1.1.2 Gateway address 10.1.1.1 Tenant 1 Edge Services Appliance(s) Tenant 1 VM 2 10.1.1.3 Tenant 1 Edge Services Appliance(s) NAT DHCPFW Internet Tenant 1 VM 3 10.1.1.4 Load Balancing VPN Tenant 1 VM 4 10.1.1.5

  21. Network Virtualization in IAAS Tenant 1 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.11 65.37.141.36 Public Network Tenant 1 VM 1 10.1.1.2 Gateway address 10.1.1.1 Tenant 1 Edge Services Appliance(s) Tenant 1 VM 2 10.1.1.3 Tenant 1 Edge Services Appliance(s) NAT DHCPFW Internet Tenant 1 VM 3 10.1.1.4 Load Balancing Tenant 1 VM 4 10.1.1.5 Tenant 2 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.24 65.37.141.80 Tenant 2 VM 1 Gateway address 10.1.1.1 10.1.1.2 Tenant 2 Edge Services Appliance Tenant 2 VM 2 10.1.1.3 VPN NAT DHCP Tenant 2 VM 3 10.1.1.4

  22. CloudStack Network Model Tenant 1 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.11 65.37.141.36 Public Network Tenant 1 VM 1 10.1.1.2 Gateway address 10.1.1.1 Tenant 1 Edge Services Appliance(s) Tenant 1 VM 2 10.1.1.3 Tenant 1 Edge Services Appliance(s) NAT DHCPFW Tenant 1 VM 3 10.1.1.4 Load Balancing Tenant 1 VM 4 10.1.1.5 Tenant 2 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.24 65.37.141.80 Tenant 2 VM 1 Gateway address 10.1.1.1 10.1.1.2 • Map virtual networks to physical infrastructure • Define and provision network services in virtual networks • Manage elasticity and scale of network services Tenant 2 Edge Services Appliance Tenant 2 VM 2 10.1.1.3 VPN NAT DHCP Tenant 2 VM 3 10.1.1.4

  23. CloudStack Network Model: Network Services Network Services • L2 connectivity • IPAM • DNS • Routing • ACL • Firewall • NAT • VPN • LB • IDS • IPS

  24. CloudStack Network Model: Network Services Service Providers Network Services • L2 connectivity • IPAM • DNS • Routing • ACL • Firewall • NAT • VPN • LB • IDS • IPS • Virtual appliances • Hardware firewalls • LB appliances • SDN controllers • IDS /IPS appliances • VRF • Hypervisor

  25. CloudStack Network Model: Network Services Service Providers Network Services Network Isolation No isolation VLAN isolation Overlays L3 isolation • L2 connectivity • IPAM • DNS • Routing • ACL • Firewall • NAT • VPN • LB • IDS • IPS • Virtual appliances • Hardware firewalls • LB appliances • SDN controllers • IDS /IPS appliances • VRF • Hypervisor

  26. Service Catalog • Cloud users are not exposed to the nature of the service provider • Cloud operator designs a service catalog and offers them to end users. • Gold = {LB + FW, using virtual appliances} • Platinum = {LB + FW + VPN, using hardware appliances} • Silver = {FW using virtual appliances, 10Mbps}

  27. Service Catalog examples L2 network with software appliances L2 network with hardware appliances 10.1.1.0/24 VLAN 100 10.1.1.0/24 VLAN 100 VM 2 VM 3 VM 4 VM 2 VM 1 VM 3 VM 4 VM 1 10.1.1.2 10.1.1.4 10.1.1.3 10.1.1.2 10.1.1.5 10.1.1.4 10.1.1.3 10.1.1.5 10.1.1.1 65.37.141.111 Juniper SRX Firewall 65.37.141.111 65.37.141.112 10.1.1.1 NAT, VPN CS Virtual Router 10.1.1.112 65.37.141.112 DHCP, DNS NAT Load Balancing VPN Netscaler Load Balancer CS Virtual Router DHCP, DNS Upgrade

  28. Multi-tier virtual networking Internet IPSec or SSL site-to-site VPN Customer Premises Virtual appliance/ Hardware Devices Loadbalancer (virtual or HW) Web VM 1 Web VM 4 Web VM 2 DB VM 1 App VM 1 App VM 2 Web VM 3 MPLS VLAN • Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress] VLAN 2724 VLAN 353 App subnet 10.1.2.0/24 Web subnet 10.1.1.0/24 DB Subnet 10.1.3.0/24 VLAN 101

  29. Orchestration • Orchestrationdescribes the automated arrangement, coordination, and management of complex computer systems, middleware and services • Wikipedia

  30. Hypervisor Plugins Hypervisor Plugins Network Plugins Network Plugins Allocator Plugins Allocator Plugins Storage Plugins CloudStack Architecture Orchestration Core Plugin Framework

  31. Hypervisor Plugins Hypervisor Plugins Network Plugins Network Plugins Allocator Plugins Allocator Plugins CloudStack Architecture • XenServer • VMWare • KVM • OracleVM Orchestration Core Plugin Framework • Nicira • Netscaler • Brocade • MidoNet • Random • User-concentrated • Intel TXT • Affinity

  32. Hypervisor Plugins Hypervisor Plugins Network Plugins Network Plugins Allocator Plugins Storage Plugins CloudStack Orchestration Hypervisor Resource Hypervisor Resource Orchestration Core 1 4 7 5 6 3 9 2 8 Plugin Framework Network Resource Network Resource API API API Storage Resource Storage Resource Allocator Plugins Allocator Plugins Physical Resources Orchestration steps can be executed in parallel or in sequence

  33. Hypervisor Plugins Hypervisor Plugins Network Plugins Network Plugins Allocator Plugins Storage Plugins CloudStack and SDN Hypervisor Resource Hypervisor Resource Orchestration core 1 4 7 5 6 3 9 2 8 Plugin Framework Network Resource SDN controller API API API Storage Resource Storage Resource Allocator Plugins Allocator Plugins Physical Resources Network plugin is the glue that understands the SDN controller’s API

  34. CloudStack SDN Integration • Nicira NVP • L2 (STT) isolation in 4.0 • Source NAT / Logical Router in 4.2 • BigSwitch • VLAN isolation in 4.1 • VNS in 4.2 • Midokura • L2-L4 network virtualization • Coming in 4.2 • CloudStack Native • Tech preview (since 4.0) • Requires XenServer

  35. Hypervisor Plugins Hypervisor Plugins Network Plugins Network Plugins Allocator Plugins Storage Plugins VM Orchestration Example Call Hypervisor APIs Orchestration core Plugin Framework Hypervisor Resource Hypervisor Resource API API API Storage Resource Storage Resource Network Resource SDN controller Start 3 VMs Allocator Plugins Allocator Plugins Allocate hypervisors VM 1 Host 1 Host 3 VM 3 VM 2 VR Host 2 Host 4

  36. Built-in (native) controller • Create Full Mesh of GRE tunnels (if they don't already exist) between hosts on which VMs are deployed • CloudStack SDN controller programs the Open vSwitch (OVS) on XenServer to configure GRE tunnels CloudStack SDN Controller OVS OVS OVS Host 1 (Pod 2) Host 3 (Pod 3) VM 1 GRE Tunnel Host 2 (Pod 4) Host 4 (Pod 2) VM 2 VM 3 VR GRE Tunnel GRE Tunnel

  37. Built-in controller • Assign 'Tenant' key for isolation • New tenants can share the established GRE tunnels with separate tenant keys Tenant1 Tenant2 Host 1 Host 3 VM 1 VM 1 VM 3 VR GRE Tunnel Host 2 Host 4 VM 2 VM 2 VM 3 VR GRE Tunnel GRE Tunnel

  38. What makes it different • Purpose built for IAAS • Not general purpose SDN solution • Proactive model • Deny all flows except the ones programmed by the end-user API • Scaling problem is manageable • Part of CloudStack • ASF project • Uses Virtual Router to provide L3-L7 network services • Could change

  39. Futures • AWS VPC semantics • Support security groups, ACL • Optimize ARP & DHCP responses • Cross-zone networks • Optimize inter-subnet routing

More Related