CloudStack Networking Overview - Jan 28, 2014

  • 2,118 views
Uploaded on

Used at CloudStack Bay Area Meetup, Jan 28, 2014

Used at CloudStack Bay Area Meetup, Jan 28, 2014

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,118
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
33
Comments
0
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Apache CloudStack Networking Overview Sheng Yang Jan 28, 2014
  • 2. Outline ● Network models – Basic network – Advanced network ● Network Offering ● Virtual Router ● And more
  • 3. Basic Networking ● EC2 Classic-style network – L3 Isolation – Segmentation done by security group – Easy to setup and easy to scale – EIP/ELB supported ● With Netscaler devices
  • 4. Advanced Networking ● Virtual Private Cloud(VPC) supported ● L2 isolation – VLAN by default ● IP Address Management, DNS, Firewall, NAT, VPN, LB ● External hardware firewall/LB supported ● Traffic accounting ● Access control(ACL) ● Software Defined Network(SDN) ● Redundant Virtual Router support – For isolated network only
  • 5. Basic vs Advanced Networking ● Basic: – – Easier to deploy – ● L3 isolation Scalability Advanced: – L2 isolation – Feature rich
  • 6. Basic Networking Public network L2/L3 Core Switch Guest Network Pod L2 Switch Pod L2 Switch Web VM 1 Web VM 2 App VM 2 DB Master Web VM 3 App VM 1 DHCP Server VM Web VM 4 DB Slave DHCP server VM Web security group CloudStack Appliance App security group DB security group
  • 7. Isolated network Road Warrior Remote Access VPN Public network Virtual router VM VLAN 1000 Web 1 App 1 Redundant Virtual router VM Master VLAN 1001 Load Balancing Redundant Virtual router VM Backup CloudStack Appliance App 2 Web 1 Web 2 Web 3 Redundant Virtual Router Firewall, NAT, Remote Access VPN, Load balancing, Password/Userdata
  • 8. Isolated network with external devices Side-by-Side Mode Public network VLAN 1001 Juniper SRX Web 1 Netscaler Load Balancer Web 2 DHCP server VM Load Balancing Inline Mode Public network VLAN 1001 Juniper SRX Netscaler Load Balancer Web 1 Load Balancing CloudStack Appliance Web 2 DHCP server VM Firewall, NAT, Load balancing, Password/Userdata
  • 9. Virtual Private Cloud Road Warrior Web Tier: 10.1.0.1/24 VLAN 1001 Web 1 Remote Access VPN Public network 10.1.0.1/16 VPC router VM Web 2 Web 3 Public Load balancing App Tier: 10.1.1.1/24 VLAN 1000 App 1 App 2 Internal LB VM Internal Load balancing Site-to-site VPN DB Tier: 10.1.2.1/24 VLAN 1002 Remote Network Router CloudStack Appliance DB Master DB Slave ACL, NAT, Load balancing, Remote Access VPN, Site-to-Site VPN, Password/Userdata
  • 10. Virtual Private Cloud with shared network Road Warrior 10.10.10.1/24 Web Tier: 10.1.0.1/24 VLAN 1001 Web 1 Remote Access VPN Public network 10.1.0.1/16 VPC router VM Web 2 App Tier: 10.1.1.1/24 VLAN 1000 App 1 Site-to-site VPN Web 3 App 2 DB Tier: 10.1.2.1/24 VLAN 1002 Remote Network Router DB Master DB Slave Monitor VM DHCP Server VM CloudStack Appliance VLAN 1010
  • 11. Network Offering ● How would user want to define a network ● Type of the network – ● Service needed – ● External network devices e.g. Netscaler can be used for certain services Virtual Router's system offering – ● DHCP, DNS, source NAT, static NAT, port forwarding, load balancing, VPN, etc. The provider of the services – ● VPC, Isolated or Shared network CPU, memory, etc. And various capabilities: – Redundant router, in-line mode or side-by-side mode, etc.
  • 12. Virtual Router ● ● ● A key component of CloudStack networking infrastructure A CloudStack generated VM acting as DHCP server or router in the network Created/destroyed with network/VPC – Automatically shutdown if there is no active VM in the network
  • 13. Virtual Router Internal ● Based on latest Debian stable release – Debian 7 “Wheezy” at this point ● Dnsmasq: DNS, DHCP ● IPtables: firewall, ACL, NAT ● HAproxy: load balancing ● OpenSwan: VPN ● Apache HTTP server: user data, password ● Keepalived: redundant virtual router
  • 14. Virtual Router Mechanism ● All commands to VR would be executed by some scripts in the VR ● NICs: – – Control NIC – ● Public NIC Guest network NIC Configure when VR is booting up – – ● IP of the nics Default state and configuration for services Automatically update the scripts when rebooting – Through a mounted iso file(systemvm.iso)
  • 15. What's more ● IPv6 support ● SDN – ● External Network Devices – ● OpenVSwitch, Nicira NVP, MidoNet, Big Switch VNS, Juniper Contrail, etc. Netscaler, Juniper SRX, F5 Big-IP, Palo Alto Firewall, etc. More and more is coming from community