Apache CloudStack Networking
Overview
Sheng Yang
Jan 28, 2014
Outline
●

Network models
–

Basic network

–

Advanced network

●

Network Offering

●

Virtual Router

●

And more
Basic Networking
●

EC2 Classic-style network
–

L3 Isolation

–

Segmentation done by security group

–

Easy to setup an...
Advanced Networking
●

Virtual Private Cloud(VPC) supported

●

L2 isolation
–

VLAN by default

●

IP Address Management,...
Basic vs Advanced Networking
●

Basic:
–
–

Easier to deploy

–
●

L3 isolation
Scalability

Advanced:
–

L2 isolation

–
...
Basic Networking
Public network
L2/L3 Core Switch

Guest Network

Pod L2 Switch

Pod L2 Switch
Web VM 1
Web VM 2

App VM 2...
Isolated network
Road Warrior

Remote Access VPN

Public network Virtual router
VM

VLAN 1000
Web 1
App 1

Redundant Virtu...
Isolated network
with external devices
Side-by-Side Mode
Public network

VLAN 1001

Juniper SRX

Web 1
Netscaler
Load Bala...
Virtual Private Cloud
Road Warrior

Web Tier: 10.1.0.1/24
VLAN 1001

Web 1

Remote Access VPN

Public network

10.1.0.1/16...
Virtual Private Cloud
with shared network
Road Warrior

10.10.10.1/24

Web Tier: 10.1.0.1/24
VLAN 1001

Web 1

Remote Acce...
Network Offering
●

How would user want to define a network

●

Type of the network
–

●

Service needed
–

●

External ne...
Virtual Router
●

●

●

A key component of CloudStack networking
infrastructure
A CloudStack generated VM acting as DHCP
s...
Virtual Router Internal
●

Based on latest Debian stable release
–

Debian 7 “Wheezy” at this point

●

Dnsmasq: DNS, DHCP...
Virtual Router Mechanism
●

All commands to VR would be executed by some scripts in the VR

●

NICs:
–
–

Control NIC

–
●...
What's more
●

IPv6 support

●

SDN
–

●

External Network Devices
–

●

OpenVSwitch, Nicira NVP, MidoNet, Big Switch
VNS,...
Upcoming SlideShare
Loading in...5
×

CloudStack Networking Overview - Jan 28, 2014

2,509

Published on

Used at CloudStack Bay Area Meetup, Jan 28, 2014

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,509
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
48
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

CloudStack Networking Overview - Jan 28, 2014

  1. 1. Apache CloudStack Networking Overview Sheng Yang Jan 28, 2014
  2. 2. Outline ● Network models – Basic network – Advanced network ● Network Offering ● Virtual Router ● And more
  3. 3. Basic Networking ● EC2 Classic-style network – L3 Isolation – Segmentation done by security group – Easy to setup and easy to scale – EIP/ELB supported ● With Netscaler devices
  4. 4. Advanced Networking ● Virtual Private Cloud(VPC) supported ● L2 isolation – VLAN by default ● IP Address Management, DNS, Firewall, NAT, VPN, LB ● External hardware firewall/LB supported ● Traffic accounting ● Access control(ACL) ● Software Defined Network(SDN) ● Redundant Virtual Router support – For isolated network only
  5. 5. Basic vs Advanced Networking ● Basic: – – Easier to deploy – ● L3 isolation Scalability Advanced: – L2 isolation – Feature rich
  6. 6. Basic Networking Public network L2/L3 Core Switch Guest Network Pod L2 Switch Pod L2 Switch Web VM 1 Web VM 2 App VM 2 DB Master Web VM 3 App VM 1 DHCP Server VM Web VM 4 DB Slave DHCP server VM Web security group CloudStack Appliance App security group DB security group
  7. 7. Isolated network Road Warrior Remote Access VPN Public network Virtual router VM VLAN 1000 Web 1 App 1 Redundant Virtual router VM Master VLAN 1001 Load Balancing Redundant Virtual router VM Backup CloudStack Appliance App 2 Web 1 Web 2 Web 3 Redundant Virtual Router Firewall, NAT, Remote Access VPN, Load balancing, Password/Userdata
  8. 8. Isolated network with external devices Side-by-Side Mode Public network VLAN 1001 Juniper SRX Web 1 Netscaler Load Balancer Web 2 DHCP server VM Load Balancing Inline Mode Public network VLAN 1001 Juniper SRX Netscaler Load Balancer Web 1 Load Balancing CloudStack Appliance Web 2 DHCP server VM Firewall, NAT, Load balancing, Password/Userdata
  9. 9. Virtual Private Cloud Road Warrior Web Tier: 10.1.0.1/24 VLAN 1001 Web 1 Remote Access VPN Public network 10.1.0.1/16 VPC router VM Web 2 Web 3 Public Load balancing App Tier: 10.1.1.1/24 VLAN 1000 App 1 App 2 Internal LB VM Internal Load balancing Site-to-site VPN DB Tier: 10.1.2.1/24 VLAN 1002 Remote Network Router CloudStack Appliance DB Master DB Slave ACL, NAT, Load balancing, Remote Access VPN, Site-to-Site VPN, Password/Userdata
  10. 10. Virtual Private Cloud with shared network Road Warrior 10.10.10.1/24 Web Tier: 10.1.0.1/24 VLAN 1001 Web 1 Remote Access VPN Public network 10.1.0.1/16 VPC router VM Web 2 App Tier: 10.1.1.1/24 VLAN 1000 App 1 Site-to-site VPN Web 3 App 2 DB Tier: 10.1.2.1/24 VLAN 1002 Remote Network Router DB Master DB Slave Monitor VM DHCP Server VM CloudStack Appliance VLAN 1010
  11. 11. Network Offering ● How would user want to define a network ● Type of the network – ● Service needed – ● External network devices e.g. Netscaler can be used for certain services Virtual Router's system offering – ● DHCP, DNS, source NAT, static NAT, port forwarding, load balancing, VPN, etc. The provider of the services – ● VPC, Isolated or Shared network CPU, memory, etc. And various capabilities: – Redundant router, in-line mode or side-by-side mode, etc.
  12. 12. Virtual Router ● ● ● A key component of CloudStack networking infrastructure A CloudStack generated VM acting as DHCP server or router in the network Created/destroyed with network/VPC – Automatically shutdown if there is no active VM in the network
  13. 13. Virtual Router Internal ● Based on latest Debian stable release – Debian 7 “Wheezy” at this point ● Dnsmasq: DNS, DHCP ● IPtables: firewall, ACL, NAT ● HAproxy: load balancing ● OpenSwan: VPN ● Apache HTTP server: user data, password ● Keepalived: redundant virtual router
  14. 14. Virtual Router Mechanism ● All commands to VR would be executed by some scripts in the VR ● NICs: – – Control NIC – ● Public NIC Guest network NIC Configure when VR is booting up – – ● IP of the nics Default state and configuration for services Automatically update the scripts when rebooting – Through a mounted iso file(systemvm.iso)
  15. 15. What's more ● IPv6 support ● SDN – ● External Network Devices – ● OpenVSwitch, Nicira NVP, MidoNet, Big Switch VNS, Juniper Contrail, etc. Netscaler, Juniper SRX, F5 Big-IP, Palo Alto Firewall, etc. More and more is coming from community
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×