Your SlideShare is downloading. ×
  • Like
CloudStack Networking Overview - Jan 28, 2014
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

CloudStack Networking Overview - Jan 28, 2014

  • 2,276 views
Published

Used at CloudStack Bay Area Meetup, Jan 28, 2014

Used at CloudStack Bay Area Meetup, Jan 28, 2014

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,276
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
37
Comments
0
Likes
3

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Apache CloudStack Networking Overview Sheng Yang Jan 28, 2014
  • 2. Outline ● Network models – Basic network – Advanced network ● Network Offering ● Virtual Router ● And more
  • 3. Basic Networking ● EC2 Classic-style network – L3 Isolation – Segmentation done by security group – Easy to setup and easy to scale – EIP/ELB supported ● With Netscaler devices
  • 4. Advanced Networking ● Virtual Private Cloud(VPC) supported ● L2 isolation – VLAN by default ● IP Address Management, DNS, Firewall, NAT, VPN, LB ● External hardware firewall/LB supported ● Traffic accounting ● Access control(ACL) ● Software Defined Network(SDN) ● Redundant Virtual Router support – For isolated network only
  • 5. Basic vs Advanced Networking ● Basic: – – Easier to deploy – ● L3 isolation Scalability Advanced: – L2 isolation – Feature rich
  • 6. Basic Networking Public network L2/L3 Core Switch Guest Network Pod L2 Switch Pod L2 Switch Web VM 1 Web VM 2 App VM 2 DB Master Web VM 3 App VM 1 DHCP Server VM Web VM 4 DB Slave DHCP server VM Web security group CloudStack Appliance App security group DB security group
  • 7. Isolated network Road Warrior Remote Access VPN Public network Virtual router VM VLAN 1000 Web 1 App 1 Redundant Virtual router VM Master VLAN 1001 Load Balancing Redundant Virtual router VM Backup CloudStack Appliance App 2 Web 1 Web 2 Web 3 Redundant Virtual Router Firewall, NAT, Remote Access VPN, Load balancing, Password/Userdata
  • 8. Isolated network with external devices Side-by-Side Mode Public network VLAN 1001 Juniper SRX Web 1 Netscaler Load Balancer Web 2 DHCP server VM Load Balancing Inline Mode Public network VLAN 1001 Juniper SRX Netscaler Load Balancer Web 1 Load Balancing CloudStack Appliance Web 2 DHCP server VM Firewall, NAT, Load balancing, Password/Userdata
  • 9. Virtual Private Cloud Road Warrior Web Tier: 10.1.0.1/24 VLAN 1001 Web 1 Remote Access VPN Public network 10.1.0.1/16 VPC router VM Web 2 Web 3 Public Load balancing App Tier: 10.1.1.1/24 VLAN 1000 App 1 App 2 Internal LB VM Internal Load balancing Site-to-site VPN DB Tier: 10.1.2.1/24 VLAN 1002 Remote Network Router CloudStack Appliance DB Master DB Slave ACL, NAT, Load balancing, Remote Access VPN, Site-to-Site VPN, Password/Userdata
  • 10. Virtual Private Cloud with shared network Road Warrior 10.10.10.1/24 Web Tier: 10.1.0.1/24 VLAN 1001 Web 1 Remote Access VPN Public network 10.1.0.1/16 VPC router VM Web 2 App Tier: 10.1.1.1/24 VLAN 1000 App 1 Site-to-site VPN Web 3 App 2 DB Tier: 10.1.2.1/24 VLAN 1002 Remote Network Router DB Master DB Slave Monitor VM DHCP Server VM CloudStack Appliance VLAN 1010
  • 11. Network Offering ● How would user want to define a network ● Type of the network – ● Service needed – ● External network devices e.g. Netscaler can be used for certain services Virtual Router's system offering – ● DHCP, DNS, source NAT, static NAT, port forwarding, load balancing, VPN, etc. The provider of the services – ● VPC, Isolated or Shared network CPU, memory, etc. And various capabilities: – Redundant router, in-line mode or side-by-side mode, etc.
  • 12. Virtual Router ● ● ● A key component of CloudStack networking infrastructure A CloudStack generated VM acting as DHCP server or router in the network Created/destroyed with network/VPC – Automatically shutdown if there is no active VM in the network
  • 13. Virtual Router Internal ● Based on latest Debian stable release – Debian 7 “Wheezy” at this point ● Dnsmasq: DNS, DHCP ● IPtables: firewall, ACL, NAT ● HAproxy: load balancing ● OpenSwan: VPN ● Apache HTTP server: user data, password ● Keepalived: redundant virtual router
  • 14. Virtual Router Mechanism ● All commands to VR would be executed by some scripts in the VR ● NICs: – – Control NIC – ● Public NIC Guest network NIC Configure when VR is booting up – – ● IP of the nics Default state and configuration for services Automatically update the scripts when rebooting – Through a mounted iso file(systemvm.iso)
  • 15. What's more ● IPv6 support ● SDN – ● External Network Devices – ● OpenVSwitch, Nicira NVP, MidoNet, Big Switch VNS, Juniper Contrail, etc. Netscaler, Juniper SRX, F5 Big-IP, Palo Alto Firewall, etc. More and more is coming from community