Open stack with_openflowsdn-torii


Published on

Presented in 2012 OSAC, OpenStack with OpenFlow/SDN, by Takashi, Torii, NEC

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Open stack with_openflowsdn-torii

  1. 1. OpenStack with OpenFlow/SDN Takashi Torii NEC Aug. 11, 2012Page 1 © NEC Corporation 2012
  2. 2. INTRO - QUANTUMPage 2 © NEC Corporation 2012
  3. 3. What is QuantumQuantum is an incubatedOpenStack project to provide"network connectivityas a service" betweeninterface devices (e.g.,vNICs) managed by otherOpenstack services (e.g.,nova). “Intro to OpenStack Quantum for Cloud Operators”, Dan WendlandtPage 3 © NEC Corporation 2012
  4. 4. How Quantum works1. Create Network2. Create Port3. Plug Interface Nova VM VM NIC NIC Port Port Cloud User Quantum Network Plugin Attach Port and NIC Create Ports Create specify you can create network on demand, only logical network and virtual NIC.Page 4 © NEC Corporation 2012
  5. 5. Quantum Plugins Nova VM VM NIC NIC Port PortInside OpenStack Cloud User • Cisco UCS/Nexus Plugin (cisco) Quantum • Quantum L2 Linux Bridge Plugin Network (linuxbridge) Plugin • Quantum Plugin for NVP (nicira_nvp) • Open vSwitch Plugin (openvswitch) • Ryu Controller Plugin (ryu)Blueprints • NEC OpenFlow Plugin • Quantum plugin for bigswitch controller • Layer 2 Network driver for Brocade’s Ethernet Fabric Network OS • A Plugin for Infiniband InfrastructurePage 5 © NEC Corporation 2012
  6. 6. INTRO - WHAT IS OPENFLOW/SDNPage 6 © NEC Corporation 2012
  7. 7. Question: How old is the Internet?▌Answer: 40 years old! TCP/IP borned 1970@DARPA World Wide Web borned 1989▌TCP/IP is long life technology▌But, usage of the Internet has chaged in this 40 years... Telephone by the Internet Watching TV by the Internet Shopping, trading, chatting, xxing, xxxing, xxxxxing...
  8. 8. Current Internet New application Gap and Inconvinient 40 years old the Internet
  9. 9. Future Internet▌What is the Internet can not do? PC : new idea or application can do by written software. Innovation! The Internet: new functions will be implemented next renewal. Please wait 10 years... No Innovation!▌How to make innovative technology in the Internet? Several project have started about 2007. GENE@USA, FP7@EU, ... OpenFlow born in Stanford Univ.
  10. 10. Keywords ▌OpenFlow New architecture of network switching Network virtualization and programmability ▌Network virtualization You can create “my network” ▌Programmability You can control network by application program “So, what you want to do?”Page 10 Page 10
  11. 11. Background of OpenFlow/SDN▌2007: Stanford started “Clean Slate Program”▌2009: Stanford established “Clean Slate Laboratory” Contributed to OpenFlow Consortium to specify OpenFlow spec(v0.8.9, v1.0) and campus trial ▌Mar.2011: Open Networking Foundation Founded Industry NEC active from day #1 standard▌May.2012: Open Networking Research Center (ONRC) established Industry Open Source activity NEC Proprietary and Confidential
  12. 12. Open Networking Foundation ▌Established for promotion of Software Defined Networking ▌Definition of OpenFlow protocol 12
  13. 13. OpenFlow Protocol Standard▌OpenFlow Switch Specification 1.0 (2010/3) •Mostly used version 1.1 (2011/2) •MPLS shim header, multiple table, etc 1.2 (2011/12) •IPv6, etc 1.3 (2012/4) •PBB, etc▌OF-Config 1.0 (2012/1) 1.1 (2012?)▌OF-Test 1.0 (2012?)
  14. 14. OPENFLOW BASICSPage 14 © NEC Corporation 2012
  15. 15. OpenFlow Basics: Architecture Separate Data Plane and Control Plane OpenFlow is the protocol between switch and controller L1-L4 field are used for switching OpenFlow Controller OpenFlow Switch OpenFlow Protocol Secure Server Channel Rule Action Statistics Rule Action Statistics Flow Table Packet Traffic management transferPage 15
  16. 16. OpenFlow Basics: Flow Switching Transfer packet based on “Flow” Current Network Transfer packet based on L2/L3 address L2 Switching(MAC) L3 Routing(IP) Firewall etc.Ingress Dst Src Ether VLAN VLAN Dst Src IP IP TCP/UDP TCP/UDP Port MAC MAC Type ID Priority IP IP Proto ToS Src Port Dst Port Data L1 L2 L3 L4 Flow Switching Flow is distinguished by rule of combination through L1(port), L2(MAC), L3(IP), L4(port). Transferring method that use flow is called flow switching. Page 16
  17. 17. How OpenFlow works(1) Packet driven type [Reactive] OpenFlow 3. Route search Controller PC OpenFlow Rule Switch Action OpenFlow Switch 4. Set flow table 5. Packet transfer 2. Inquiry to controller OpenFlow OpenFlow Rule Action Switch Rule Action Switch 1. Pakcet receive packetPage 17
  18. 18. How OpenFlow works(2) Flow table push type [Proactive] OpenFlow 1. Route calculate Controller PC OpenFlow Rule Switch Action OpenFlow Switch 2. Set flow table 4. Packet transfer OpenFlow OpenFlow Rule Action Rule Action Switch Switch 3. Packet receive packetPage 18
  19. 19. Flow examples Unicast 1. Multicast 2. Multipath  Load-balancing 3.  Redundancy Waypoints  Middleware  Intrusion detection 4.  …Page 19
  20. 20. OpenFlow Protocol detail ▌Protocol between OpenFlow Switch and OpenFlow Controller ▌Messages ▌Flow table ▌Match ▌ActionPage 20
  21. 21. OpenFlow Messages▌Packet Packet in : switch to controller Packet out : controller to switch▌Flow entry Flow mod : controller to switch Flow removed : switch to controller (expire)▌Management Port status : switch to controller (port status change notify) Echo request/reply Features request/reply …
  22. 22. Flow Table Difinition Flow 1. Match Fields Counters Instructions (exact & wildcard) Match Fields Flow N. (exact & wildcard) Counters Instructions flow filter Statistics of each flow Instruction to flow(example) (example) (example)Port, VLAN ID, L2, L3, L4, … Packet count, byte count, Unicast, multicast, QoS, Shaping, Load session time... Balance, Fault Recovery, tunneling ...Page 22
  23. 23. Matching Filter▌Ingress port▌Ethernet source/destination address▌Ethernet type▌VLAN ID▌VLAN priority▌IPv4 source/destination address▌IPv4 protocol number▌IPv4 type of service▌TCP/UDP source/destination port▌ICMP type/code 12 tuple through L1 to L4 header field can be used 23
  24. 24. Action▌Forward Various type of transfering rules Physical ports (Required) Virtual ports : All, Controller, Local, Table, IN_PORT (Required) Virtual ports : Normal, Flood (Required)▌Enqueue (Optional)▌Drop (Required)▌Modify Field (Optional) Possible to modify header Set/Add VLAN ID Set VLAN priority Possible to set multi actions Strip VLAN Header Modify Ethernet source/destination address Modify IPv4 source/destionation address Modify IPv4 type of service bits Modify IPv4 TCP/UDP source/destination port
  25. 25. Example of flow tableFlow switching Key Input Port = 2 MAC SA MAC SA = 00:00:4c:11:11:11 MAC DA = 00:00:4c:22:22:22 Flow table MAC DA VLAN ID = 100 OpenFlow switch TYPE = 0x0800 Proto = 6 0 IP SA = IP DA = Src Port = 32000 Dest Port = 80Action 1 OUTPUT = 3 incoming output Packet Packet
  26. 26. Example of flow tableL2 switching Key Input Port = * MAC SA MAC SA = * MAC DA = 00:00:4c:22:22:22 Flow table MAC DA VLAN ID = * OpenFlow switch TYPE = * Proto = * 0 IP SA = * IP DA = * Src Port = * Dest Port = *Action 1 OUTPUT = 3 incoming output Packet Packet
  27. 27. Example of flow tableBroadcast Key Input Port = * MAC SA MAC SA = * MAC DA = FF:FF:FF:FF:FF:FF Flow table MAC DA VLAN ID = * OpenFlow switch TYPE = * Proto = * 0 IP SA = * IP DA = * output output Src Port = * Dest Port = * Packet output output Packet Packet OUTPUT = FLOOD output PacketAction 1 output Packet Packet incoming Packet
  28. 28. Example of flow tablemulticast Key Input Port = 1 MAC SA MAC SA = * MAC DA = * Flow table MAC DA VLAN ID = * OpenFlow switch TYPE = 0x0800 Proto = * 0 IP SA = * IP DA = Src Port = * Dest Port = *Action 1 SET_DL_SRC = 02:00:4c:00:00:01 Incoming Output Output Packet Packet packetAction 2 OUTPUT = 3Action 3 SET_DL_SRC = 02:00:4c:00:00:02Action 4 OUTPUT = 5
  29. 29. Example of flow tableIP Routing Key Input Port = * MAC SA MAC SA = * MAC DA = * Flow table MAC DA VLAN ID = * OpenFlow switch TYPE = * Proto = * 0 IP SA = * IP DA = Src Port = * Dest Port = *Action 1 OUTPUT = 3 Incoming Output Packet Packet
  30. 30. Network virtualization in Data Center1. Interconnect VM and virtual network 2. Traffic isolation between virtual network VM VM Software Software Switch Virtual Network A Switch VM VM Physical Virtual Network B Network VM VM Software Software Switch Virtual Network C Switch VM VM 3. Physical resource management
  31. 31. VLAN Current technology: VLAN VM VLAN A VLAN A VM 2. Max VLAN Software 4K Problem Software Switch Switch VLAN B VLAN B VM VM VLAN A Physical VLAN B1. Configuration frequently Network VLAN C VM VLAN B VLAN B VM Software Software Switch Switch VLAN C 3. Limit of STP C VLAN VM VM
  32. 32. OpenFlow with Overlay type VM VM OpenFlow 2. Traffic isolation by tunneling OpenFlow Switch Switch VM VM Physical Network 1. OpenFlow set relation between VM VM and tunnel VM OpenFlow OpenFlow Switch Switch VM VM
  33. 33. OpenFlow with Hop-by-Hop type VM 2. Flow based switching and VM traffic management OpenFlow OpenFlow Switch Switch VM VM OpenFlow Switches1. OpenFlow set relation between VM VM and flow VM OpenFlow OpenFlow Switch Switch VM VM 3. Shortest path by each flow
  34. 34. Hop-by-Hop implement example – Trema/SliceableSwitch 3. Check the ingress and egress belong to same slice. slice2. Search flow table by 4. Calculate the shortest pathDMAC to get egress switchand port Sliceable Switch fdb Trema topology 1. packet_in 6. packet_out 5. flow_mod Controller dicide the shortest path by each flow and construct the total path.
  35. 35. Variation of OpenFlow switch implementation▌L2 switch base Firmware update with commodity L2 switch Instruct L2 through L4 header NEC, HP, Juniper, Quanta, Arista ...▌Software switch Implement OpenFlow switch inside host Open vSwitch, Stanford Reference Switch ...▌Transport node base Path can be configured by OpenFlow protocol Cienna, Fujitsu America ...▌Wireless WiFi-AP or WiMAX-BS/ASNGW that can handle OpenFlow
  36. 36. OpenFlow Controller (1/2) ▌OSS NOX POX SNAC Trema Beacon, Floodlight Ryu, Node Flow, Flow ER, Nettle, Mirage, ovs-controller, Maestro 36
  37. 37. OpenFlow Controller (2/2) ▌Products available Nicira: NVP Network Virtualization Platform BigSwitch: Floodlight based? Midokura: Midonet NTT Data: Travelping: FlowER based NEC: ProgrammableFlowPage 37
  38. 38. WHY OPENFLOW/SDN?Page 38 © NEC Corporation 2012
  39. 39. Network is complicated! “To support a cloud infrastructure, in reality all aspects of the IT infrastructure must be cloud-enabled, including storage, software, and – importantly – networking. Legacy network architectures are designed to support static network configurations and often do not provide the flexibility required to support cloud and data center deployments.” Rohit Mehra, IDC January 2012Page 39 © NEC Corporation 2012
  40. 40. Challenges of Managing a Data Center Network Has your organization experienced any of the following network operations problems? Too many manual processes 40% Difficulties/delays associated with change and/or configuration management 36% Integration and cooperation between network operations and 34% other IT domains Inability to implement new technology in a timely manner due to 29% lack of maintenance windows ▌ Automation Difficulties and/or delays in provisioning network devices such as 28% ▌ Agility servers, switches, and security appliances 26% ▌ Integration Inability to implement new technology due to poor coordination between IT administration teams ▌ Maintainable 26% Manual IP address management using tools like spreadsheets We have a heterogeneous network where different technical 23% elements need their own network operations 20% Limited skills in the networking team Too many tools 17% We have not experienced any network operations problems 7% Percent of respondents (N=280, multiple responses accepted) © 2011 Enterprise Strategy Group
  41. 41. Network Not Keeping Pace with Server Virtualization▌Many protocols to solve Distributed Complexityperformance and scalability • BGP • OSPFrequirements • IGMP • Trill▌Vendor-specific configurations • ICMP • IP▌Software rollouts frequent Manually Experts Configure▌Switch-by-switch configurationmanagement Distributed Vendor Control Proprietary • RIP • IS-IS • VLANs • IPsec • UDP • TCP Server virtualization needs an open, agile network
  42. 42. FAQ: Why OpenFlow? ▌Benefit ? ▌Risk? ▌New technology? ▌Applications? ▌Potential? ▌Open? ▌Let’s see the history of IT system.Page 42 © NEC Corporation 2012
  43. 43. Before Virtualization: BV▌Management of servers and networks are fully separated.▌There are some difficult problem, for example virtual IP address management SV SV SV SV SV SV SV SV L2 Switch L2 Switch Router Page 43
  44. 44. BV: Firewall, LoadBalance▌Switch and routers are redundant▌Firewall or loadbalancer are specialized hardware and clusterd SV SV SV SV SV SV SV SV L2 Switch L2 Switch L2 Switch L2 Switch LB LB LB LB L2 Switch L2 Switch L2 Switch L2 Switch FW FW FW FW Router(L3 Switch) Page 44
  45. 45. VLAN appears▌VLAN can separate subnet▌number of switch port grows, resouce utilization is improved▌Multiple subnets can consolidate on same switch.▌But routing is interchanged by router. SV SV SV SV SV SV SV SV VLAN VLAN L2 Switch L2 Switch L2 Switch L2 Switch LB LB LB LB L2 Switch L2 Switch L2 Switch L2 Switch FW FW FW FW Router(L3 Switch) Page 45
  46. 46. Extension of VLAN▌VLAN can be created crossing router.▌Because subnet can cross router, consistent configurations are necessary SV SV SV SV SV SV SV SV L2 Switch L2 Switch L2 Switch L2 Switch LB LB LB LB L2 Switch L2 Switch L2 Switch L2 Switch FW FW FW FW Router(L3 Switch) Page 46
  47. 47. Hypervisor appears▌Virtual machine appears▌It is impossible to manage by human!▌LB or FW can be Virtual ApplianceVM VM VM VM VM VM LB LB FW VM VM VM VM VM VM VM VM VM VM VM VM VM HyperVisor HyperVisor HV HV HyperVisor HyperVisor HV HV SV SV SV SV SV SV SV SV L2 Switch L2 Switch L2 Switch L2 Switch LB LB LB LB L2 Switch L2 Switch L2 Switch L2 Switch FW FW FW FW Router(L3 Switch) Page 47
  48. 48. vswitch appears▌trafic inside server can not manageable and complicated▌separation between server and network become cloudyVM VM VM VM VM VM LB LB FW VM VM VM VM VM VM VM VM VM VM VM VM VM VLAN Virtual Switch Virtual Switch VS VS Virtual Switch Virtual Switch VS VS HyperVisor HyperVisor HV HV HyperVisor HyperVisor HV HV SV SV SV SV SV SV SV SV Switch Switch R
  49. 49. Live Migration▌Live Migration appears, VM can migrate between servers without stop or suspend.▌VLAN must follow VM migration▌Resource management became on-demand, VLAN configuration change is morefrequently, inventory control of resources is more important.▌Automation of resource management is desired, not only server resources, but alsonetwork resources.VM VM VM VM VM VM LB LB FW VM VM VM VM VM VM VM VM VM VM VM VM VM Virtual Switch Virtual Switch VS VS Virtual Switch Virtual Switch VS VS VLAN HyperVisor HyperVisor HV HV HyperVisor HyperVisor HV HV SV SV SV SV SV SV SV SV Switch Switch VLAN R Page 49
  50. 50. Virtual appliances▌Virtual appliance appears, traffic route is more complicated.▌In past days, Firewall and Load Balancer are managed by network side, but virtual appliancesbelong to server side.In virtualization era, data center operators face various problemsnot only server/storage side but also network side.VM VM VM VM VM VM LB LB FW VM VM VM VM VM VM VM VM VM VM VM VM VM Virtual Switch Virtual Switch VS VS Virtual Switch Virtual Switch VS VS VLAN HyperVisor HyperVisor HV HV HyperVisor HyperVisor HV HV SV SV SV SV SV SV SV SV Switch Switch VLAN R Page 50
  51. 51. Now: Server and Network integrated management Border of Server and Network is not clear. OpenFlow/SDN can be lead of Server and Network integrated management. Server Server AP AP Server Management Before Virtualization Border L2/L3 SW L2/L3 SW Network Management Overlap of Server and Server Server Network Management AP AP AP AP AP AP IntegratedVirtualized VM VM VM VM VM VM Server Management vSwitch vSwitch Network OpenFlow Management L2/L3 SW L2/L3 SW Page 51
  52. 52. OpenFlow Controller Framework TREMAPage 52 © NEC Corporation 2012
  53. 53. OpenFlow Programmability▌OpenFlow Controller software can manage networks▌There are various control methods HPC •Like traditional interconnect Distributed computing •Try to use real network instead of overlay IT and Network integrated management •Authentication, security, operation..“OpenFlow is just one of the tools” -Ivan Pepelnjak
  54. 54. Trema: Full-Stack OpenFlow Framework for Ruby/C▌A software platform for OpenFlow Trema @ developers▌EASY All-in-one package Integrated developing environment Sophisticated APIs for Ruby and C▌Many sample controllers/parts Useful samples @/src/examples/ Practical samples @TremaApps TremaApps▌Fully tested and supported @▌Open community Free software (GPLv2) Community participation (even for commercial product) Page 54
  55. 55. Scope of Trema ▌Trema = OpenFlow framework = controller platform + integrated network emulator + debugger + etc… ▌Why framework? - Tight loop of "coding, testing, and debugging“ results high productivity Routing control, topology discovery, Authentication-driven application OpenFlow TremaAppsUser module User module User module Controller Core modules Trema Basic libraries OpenFlow protocol stack Interactive Shell Debugger OpenFlow Integrated Switch Controller and network network Host emulator configuration Real network Page 55
  56. 56. Lessons learned OpenFlow iceberg Controller development Scope Debug Debug Debug Debug Network setup Traffic generation Seamless integration of operations and state Diagnose monitoring among controller applications, switches, hosts, etc.Page 56 © NEC Corporation 2012
  57. 57. What is Trema User application OpenFlow Your OpenFlow controller (in Ruby or C) controller Abstraction mechanisms, and high-level APIs Core: OpenFlow controller libraries and modulesTrema Developing environment: Network/host emulator, debugging tool, etc Operation environment: trema commands Trema is “OpenFlow programming framework” for Ruby and C (GPL2)Page 57 © NEC Corporation 2012
  58. 58. Feature 1: easy coding Repeater hub written by Rubyclass RepeaterHub < Controller def packet_in datapath_id, message send_flow_mod_add( datapath_id, Send flow entry add :match => ExactMatch.from( message ), :actions => OFPP_FLOOD ) ) send_packet_out( datapath_id, :packet_in => message, Packet out :actions => OFPP_FLOOD ) ) endend Page 58
  59. 59. Feature 2: network emulator ▌“code, test, debug” in one machineEmulation script Development machine vswitch("sw1") { datapath_id "0x1" } My Controller vswitch("sw2") { Trema datapath_id "0x2" } Secure Channel vhost ("host1") vswitch(sw1) vswitch(sw2) vhost ("host2") vhost(host1) vhost(host2) link "host1", "sw1" link "sw1", "sw2" link "host2", "sw2"
  60. 60. Feature 3: many sample applications▌Trema source tree Repeater hub Learning switch Traffic monitor▌Trema application repository Topology discovery/management Routing switch Sliceable Switch▌Documents published  Page 60
  61. 61. SOLUTIONSPage 61 © NEC Corporation 2012
  62. 62. Our activities around OpenFlow/SDN and OpenStack Distributed Controller Data Center Framework Telecom [Trema] System OpenStack OpenFlow/SDN Cloud Platform OpenFlow Product [Programmable Flow] Storage Orchestration BigData PDCA LifecyclePage 62 © NEC Corporation 2012
  63. 63. Award-winning ProgrammableFlowSimple, scalable, secure, open networking▌First OpenFlow-enabled fabric▌Secure network-wide virtualization▌Drag and drop, programmable networking ProgrammableFlow ProgrammableFlow Controller Switch Family
  64. 64. Quantum OpenFlow Plugin▌ OpenStack Quantum OpenStack sub-project Nova Managing virtual network Quantum OSS Released▌ OpenFlow Plugin OpenFlow Plugin The plugin to use OpenFlow from Quantum Download from openstack/quantum-openflow-plugin OpenFlow Controller▌ Supported OpenFlow Controller platform (PFC/Trema) Trema Flow setting ProgrammableFlow PF6800 VTN1 OpenFlow VTN2 Switches VTN3 VTN4 Page 64
  65. 65. Isolation of networks▌SliceableSwitch (trema application) Create virtual L2 slice on OpenFlow NW L1-L4 filter function enabled OpenFlow Switch
  66. 66. OpenFlow based Firewall / Load Balancer Not OpenFlow OpenFlow based The Internet The Internet Router OFS Firewall OFC FW LB OFC OFS LB FW or LB appliance is high Without appliance equipment costPage 66
  67. 67. Integrated resource management ▌IT and network resource integrated management OpenFlow for network resource virtualization OpenStack for computing resource virtualization Management user portal: -Create multiple VMs and virtual networks Original Portal -Attach VM to network100% Open Source Software! OpenStack System management Quantum Plug-in Row: virtual machines Column: virtual networks OpenFlow Controller SliceableSwitch Trema VM VM VM VM KVM Check box on a intersection: KVM Binding of VM and network Open vSwitch Enabling flexible service provisioning OpenFlow switch and agile service deployment Page 67 © NEC Corporation 2012
  68. 68. Virtualization of mobile core and dynamic SDN controlNew project with NTT DoCoMo to make a mobile core network flexibleand scalable against network congestions due to disaster Virtualization of mobile core network services and dynamic server resource re-allocation for high priority service (Voice/Mail). Central Office Central office High priority Low priority High priority Rich Voice/Mail Rich content Voice/Mail ContentDynamic SDN Control OpenFlow Dynamic SDN Control OpenFlow network network Change Failure resource allocation Failure According to network resource re-allocation for high priority service (Voice/Mail), mobile access network path can be dynamically adjusted. NEC Proprietary and Confidential
  69. 69. Issues in Mobile Networks▌Voice traffic congestion during 3.11 disaster▌Congestion due to popularity of smart phones▌Now, control plane signaling will also increase Smart phones cause spike Design to allocate fixed resources in network traffic each peak is a waste of money High-load states Traffic rate occur periodically Time 13:00 20:00 13:00 20:00 NEC Proprietary and Confidential
  70. 70. Solution▐ Dynamic allocation of mobile network resources to solve various network congestions due to  bursty traffic patterns of smart phones  immediate increase of traffic patterns due to disaster Allocating resources to prioritized services Voice Email Music Video File Normal Rich media Allocation is changed Emergency communication from normal to communications emergency Emergency NEC Proprietary and Confidential
  71. 71. Resource Allocation Control for Inter Central OfficeDynamic resource allocation of virtualized software within Inter central officebefore after Site2 SIP email M2M Movie Site4 Site3 SIP email Packet Packet VMVM VM VM VMVM VMVM SIP email M2M Movie SIP email M2M Movie Real resource Packet Paket SIP SIP SIP SIP Packet Packet VMVM VM VM VMVM VMVM VM VM VM VM VM VM VM VM Network Real resource Real resource Site1 Resource sharing among Congestion SIP email M2M Movie Network distributed sites SIP email M2M Packet VM VM VM VM Site2 VM VM VM VM Site1 Real resource SIP SIP SIP Packet SIP email M2M Movie Site1 SIP SIP SIP Packet SIP SIP Packet Packet VM VM VM VM VMVM VMVM VMVM VMVM Congestion VM VM VM VM SIP email M2M Movie Real resource Real resource SIP SIP SIP Packet VMVM VMVM VMVM VMVM Real resource Resources shortage cannot be compensated Resources shortage can be dynamically from remote central office compensated from remote central office NEC Proprietary and Confidential
  72. 72. Hybrid CloudDemonstration at the Interop TOKYO, June 2012 SDN for private clouds SDN for public clouds WebSAM and ProgrammableFlow OpenStack and ProgrammableFlow Cloud Manager Cloud Manager Enterprise/ IaaS Service users IaaS operator Operator Centralized Centralized Virtual server Virtual server controller controller /Trema Network pool Server pool Network pool Server pool Resource IaaS Programmable Load Programmable Firewall Server Storage Server Storage Manager Flow switch Balancer Flow switch NEC original solutions for sophisticated IaaS operators with their customizations Enterprise users and IaaS operators Page 72
  73. 73. Security▌Quantum extension for network filtering▌Filtering and detecting packet between VMs Internet Internet NAT / Gateway NAT / Gateway Firewall Firewall Virtualized Network Virtualized Network VM VM VM VM VM VM
  74. 74. Bare metal support▌OpenStack bare metal with network isolation OpenFlow switch can isolate network security function by OpenFlow open vSwitch OpenStack provisioning VM Nova hv VM OpenFlow Network Physical Server • Network Isolation Quantum plugin OpenFlow • Firewall Controller • Avoid MAC arrogation
  75. 75. Contribution to OpenStack community OpenFlow Plugin target Folsom-3 Quantum other featuresPage 75 © NEC Corporation 2012
  76. 76. Why OSS? ▌Vender’s products are like “Tower” ▌OSS is like “City” Tokyo SkyTree, 634mPage 76 © NEC Corporation 2012
  77. 77. How to make Innovations? ▌Use potentially technology/platform ▌Open ▌Collaboration OpenStack and OpenFlowPage 77 © NEC Corporation 2012
  78. 78. Thank you! Contact : 78 © NEC Corporation 2012
  79. 79. © NEC Corporation 2012 Page 79