MidoNet Overview - OpenStack and SDN integration


Published on

MidoNet overview of SDN and OpenStack

Published in: Technology

MidoNet Overview - OpenStack and SDN integration

  1. 1. Confidential MidoNet Overview July 2014
  2. 2. Confidential Agenda  Midokura Introduction  OpenStack Implementation  MidoNet Architecture  Use Cases  MidoNet Demo 1
  3. 3. Confidential About the company • Founded in 2010, Midokura is a global company with offices in Tokyo, San Francisco and Barcelona • Pioneer in network virtualization – provides software for networking using overlay approach. Pedigree derives Amazon, Cisco, VMware and Google • Received $17M first round of funding in April 2013 from Innovation Network Corporation of Japan, NTT and NEC • Named by CRN as amongst the top 10 networking stories of 2013 and also amongst 10 coolest startups in the world 2 “800 pound virtualization gorillas like VMware and Microsoft that have virtual switch deployments and now network virtualization solutions (NSX and HyperV Network Virtualization) will leverage existing relationships to encourage this influence as well as gain access to the network teams. That said, key innovative startups in the network virtualization space like Midokura will also have the potential to help organizations bridge the gap between virtualization and network domains.” – ESG Research “Network virtualization companies such as Midokura offer network virtualization approaches to compete with visions such as Cisco ACI and VMware NSX, and so they will be watched by mid-tier vendors that feel they are missing out on the next network disruption opportunity.” – 451 research, an analyst firm • First in the industry to bring together network virtualization and bare metal networking with the aim of providing an open network – Cliff Grosner, Infonetics Research • Significant contributor to the OpenStack Networking (Neutron) • First SDN vendor to be certified for Red Hat OpenStack environment • Early member of the Open DayLight Project (ODP) • Broad and deep technical partnerships with network switch vendors, software companies and solution providers
  4. 4. Confidential Network Virtualization 3
  5. 5. Confidential Virtual Network Overlays Decoupling hardware and software • Cloud-ready agility • Unlimited scalability • Open, standards-based • No impact to physical network PROACTIVE SOFTWARE OVERLAY EVOLUTION OF NETWORK VIRTUALIZATION INNOVATION IN NETWORKING AGILITY Reactive End-to-End Requires programming of flows • Limited scalability • Hard to manage • Impact to performance • Still requires tenant state in physical network OPENFLOW REACTIVE APPOACH VLAN configured on physical switches • Static • Manual • Complex • Tenant state maintained in physical network Manual End-to-End VLAN APPROACH
  6. 6. Confidential OpenStack 5
  7. 7. Confidential What is OpenStack? 6
  8. 8. Confidential 7 Before Neutron: Nova Networking Nova-Networking was the only networking option in OpenStack prior to Quantum/Neutron Still available today as an alternative to Neutron, but will likely be phased out. Options Available within nova-networking initially: • Only Flat • Flat DHCP Limitations • No flexibility with topologies (no 3-tier) • Tenants can’t create/manage L3 Routers • Scaling limitations (L2 domain) • No 3rd party vendors supported • Complex HA model
  9. 9. Confidential 8 Nova-network slightly evolves Introduced VLAN DHCP mode Improvements: • L2 Isolation – each project gets a VLAN assigned to it Limitations • Need to pre-configure VLANs on physical network. • Scaling Limitations - VLANs • No L3 • No 3-tier topologies • No 3rd party vendors
  10. 10. Confidential Introducing Neutron 9 OpenStack Networking as a first class Service • Pluggable Architecture • Standard API • Many choices Plugins Available • MidoNet • OVS Plugin • Linux Bridges • Flat DHCP • VLAN DHCP • ML2 • ML2 • NSX • PlumGRID • Nuage • Contrail • Ryu • Supports Overlay Technology • More Services (LBaaS, VPNaaS) • Flexible network topologies
  11. 11. Confidential 10 OVS Plugin Overview
  12. 12. Confidential 11 Overlay Networking GRE Tunnels Uses Open vSwitch Project Components: • Neutron OVS Agent • Neutron DHCP Agent • Neutron L3 Agent • IPTables OVS Open Source Plugin
  13. 13. Confidential 12 OVS Agent - receives tunnel/flow setup info from OVS Plugin, and programs Open vSwitch to setup tunnels and send traffic through the tunnel DHCP Agent - Sets up dnsmasq in a namespace per network/subnet and enters mac/ip into dhcp lease file L3 Agent – OVS Plugin orchestrates to set up IPTables, Routing, NAT tables OVS Open Source Plugin
  14. 14. Confidential 13 Neutron Network Node is a SPOF Need to use corosync, etc for active/standby failover. Challenging at Scale Since there’s a single network node, this becomes a bottleneck fairly quickly. Inefficient Networking IPTables, L3 Agent, multiple hops for single flow are causing unnecessary traffic and added latency on your physical network Challenges with OVS Plugin
  15. 15. Confidential 14 MidoNet
  16. 16. Confidential 15 MidoNet – All network services are distributed Logical L2 Switching - L2 isolation and path optimization with distributed virtual switching Interconnect with VLAN enabled network via L2 Gateway Logical L3 Routing – L3 isolation and routing between virtual networks No need to exit the software container - no hardware required Distributed Firewall – Provides ACLs, high performance kernel integrated firewall via a flexible rule chain system Logical Layer 4 Load Balancer – Provides application load balancing in software form - no need for hardware based firewalls VxLAN/GRE – Provides VxLAN and GRE tunneling Provides L2 connectivity across L3 transport. This is useful when L2 fabric doesn’t reach all the way from the racks hosting the VMs to the physical L2 segment of interest. MidoNet/Neutron API– Alignment with OpenStack Neutron’s API for integration into compatible cloud management software v Applications MidoNet Network Virtualization Platform Networking Hardware OpenStack, Custom Platforms* Firewall Layer 4 Load Balancer VxLAN/GRE Hypervisor Logical L2 Logical L3 NAT MidoNe t/ Neutron API NAT – Provides Dynamic NAT, Port masquerading
  17. 17. Confidential Architecture Overview
  18. 18. Confidential 17 Physical Topology Logical Topology Logical Topology – Overlay Networks
  19. 19. Confidential OpenStack Integration 5 Easy integration with OpenStack: MidoNet provides a plug-in for Neutron. MidoNet Plugin
  20. 20. Copyright ©2013 Midokura All rights reserved MidoNet related components overview 19 Compute DatabaseLayer Neutron Database Network State Database ComputeLayer Neutron API server MidoNet API server MidoNet Plugin MiddleLayer Management Layer Horizon Neutron CLI MidoNet Control Panel MidoNet CLI MidoNet related components overview
  21. 21. Confidential 20 Neutron Network Node is a SPOF Need to use corosync, etc for active/standby failover. Challenging at Scale Since there’s a single network node, this becomes a bottleneck fairly quickly. Inefficient Networking IPTables, L3 Agent, multiple hops for single flow are causing unnecessary traffic and added latency on your physical network Challenges with OVS Plugin
  22. 22. Confidential 21 MidoNet Distributed Model
  23. 23. Confidential 22 Centralized Controller Model
  24. 24. Confidential 23 MidoNet Distributed Model
  25. 25. Confidential 24 Active/Standby GW Model
  26. 26. Confidential 25 Fully Distributed GW Model
  27. 27. Confidential VxLAN Tunneling End Point (VTEP) 26
  28. 28. Confidential 27 MidoNet – Cumulus Linux Solution VxLAN Tunnel Physical Connection OVSDB TCP/IP
  29. 29. Confidential Distributed L4 Load Balancer 28
  30. 30. Confidential Perfect for Load Balancer as a Service 29 VM VM VMVM VM VM VMVM Users setup LB on demand Handle spiky traffic with the LB and VMs flexibly
  31. 31. Confidential Requirements for LB as a Service (1) 30 VM VM VMVM VM VM VMVM LB has to be isolated between users and services! Requirement 1:Multi tenancy
  32. 32. Confidential Requirements for LB as as Service (2) 31 VM VM VMVM VM VM VMVM Handling larger traffic larger than the original estimation! Requirement 2:High Scalability
  33. 33. Confidential How about MidoNet’s Distributed L4LB? 32 ✔️ Multi tenancy support ✔️ Scale-out architecture
  34. 34. Confidential Comparison with other products 33 Product Commodity HW No SPoF Scalability L7 SSL termination MidoNet Distributed L4LB ✔️ ✔️ ✔️ In the roadmap In the roadmap OpenStack LBaaS (HA Proxy) ✔️ ▲ X ✔️ ✔️ HW Appliances X ▲ ▲ ✔️ ✔️
  35. 35. Confidential How MidoNet L4LB works 34 When traffic comes from the external network… Gateway Node becomes the LB!
  36. 36. Confidential 35 Forward the traffic to target VMs via the shortest paths How MidoNet L4LB works
  37. 37. Confidential 36 When traffic comes from VMs inside the cloud…Compute Node becomes the LB! How MidoNet L4LB works
  38. 38. Confidential 37 Forward the traffic to target VMs via the shortest paths How MidoNet L4LB works (1)
  39. 39. Confidential 38 Configuration How MidoNet L4LB works (1)  Intelligence at the Edge  No SPoF
  40. 40. Confidential 39 When Gateway Node becomes a bottleneck… How MidoNet L4LB works (2)
  41. 41. Confidential 40 Add Gateway Node to Scale-out linearly! You could also Scale-up! How MidoNet L4LB works (2)
  42. 42. Confidential 41 How MidoNet L4LB works (2)  Dynamically configurable depending on the size of the traffic!
  43. 43. Confidential Demo 42
  44. 44. Confidential Demo Highlights • Horizon Integration • MidoNet Control Panel • MidoNet CLI • Functionality: –L2 bridging –L3 routing –L4 Load Balancing 43
  45. 45. Confidential 44 MidoNet Advantages Check out our blog: http://blog.midokura.com/ Follow us on Twitter: @midokura
  46. 46. Confidential Thank You