Your SlideShare is downloading. ×
CloudStack Networking Overview - Jan 28, 2014
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CloudStack Networking Overview - Jan 28, 2014


Published on

Used at CloudStack Bay Area Meetup, Jan 28, 2014

Used at CloudStack Bay Area Meetup, Jan 28, 2014

Published in: Technology

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Apache CloudStack Networking Overview Sheng Yang Jan 28, 2014
  • 2. Outline ● Network models – Basic network – Advanced network ● Network Offering ● Virtual Router ● And more
  • 3. Basic Networking ● EC2 Classic-style network – L3 Isolation – Segmentation done by security group – Easy to setup and easy to scale – EIP/ELB supported ● With Netscaler devices
  • 4. Advanced Networking ● Virtual Private Cloud(VPC) supported ● L2 isolation – VLAN by default ● IP Address Management, DNS, Firewall, NAT, VPN, LB ● External hardware firewall/LB supported ● Traffic accounting ● Access control(ACL) ● Software Defined Network(SDN) ● Redundant Virtual Router support – For isolated network only
  • 5. Basic vs Advanced Networking ● Basic: – – Easier to deploy – ● L3 isolation Scalability Advanced: – L2 isolation – Feature rich
  • 6. Basic Networking Public network L2/L3 Core Switch Guest Network Pod L2 Switch Pod L2 Switch Web VM 1 Web VM 2 App VM 2 DB Master Web VM 3 App VM 1 DHCP Server VM Web VM 4 DB Slave DHCP server VM Web security group CloudStack Appliance App security group DB security group
  • 7. Isolated network Road Warrior Remote Access VPN Public network Virtual router VM VLAN 1000 Web 1 App 1 Redundant Virtual router VM Master VLAN 1001 Load Balancing Redundant Virtual router VM Backup CloudStack Appliance App 2 Web 1 Web 2 Web 3 Redundant Virtual Router Firewall, NAT, Remote Access VPN, Load balancing, Password/Userdata
  • 8. Isolated network with external devices Side-by-Side Mode Public network VLAN 1001 Juniper SRX Web 1 Netscaler Load Balancer Web 2 DHCP server VM Load Balancing Inline Mode Public network VLAN 1001 Juniper SRX Netscaler Load Balancer Web 1 Load Balancing CloudStack Appliance Web 2 DHCP server VM Firewall, NAT, Load balancing, Password/Userdata
  • 9. Virtual Private Cloud Road Warrior Web Tier: VLAN 1001 Web 1 Remote Access VPN Public network VPC router VM Web 2 Web 3 Public Load balancing App Tier: VLAN 1000 App 1 App 2 Internal LB VM Internal Load balancing Site-to-site VPN DB Tier: VLAN 1002 Remote Network Router CloudStack Appliance DB Master DB Slave ACL, NAT, Load balancing, Remote Access VPN, Site-to-Site VPN, Password/Userdata
  • 10. Virtual Private Cloud with shared network Road Warrior Web Tier: VLAN 1001 Web 1 Remote Access VPN Public network VPC router VM Web 2 App Tier: VLAN 1000 App 1 Site-to-site VPN Web 3 App 2 DB Tier: VLAN 1002 Remote Network Router DB Master DB Slave Monitor VM DHCP Server VM CloudStack Appliance VLAN 1010
  • 11. Network Offering ● How would user want to define a network ● Type of the network – ● Service needed – ● External network devices e.g. Netscaler can be used for certain services Virtual Router's system offering – ● DHCP, DNS, source NAT, static NAT, port forwarding, load balancing, VPN, etc. The provider of the services – ● VPC, Isolated or Shared network CPU, memory, etc. And various capabilities: – Redundant router, in-line mode or side-by-side mode, etc.
  • 12. Virtual Router ● ● ● A key component of CloudStack networking infrastructure A CloudStack generated VM acting as DHCP server or router in the network Created/destroyed with network/VPC – Automatically shutdown if there is no active VM in the network
  • 13. Virtual Router Internal ● Based on latest Debian stable release – Debian 7 “Wheezy” at this point ● Dnsmasq: DNS, DHCP ● IPtables: firewall, ACL, NAT ● HAproxy: load balancing ● OpenSwan: VPN ● Apache HTTP server: user data, password ● Keepalived: redundant virtual router
  • 14. Virtual Router Mechanism ● All commands to VR would be executed by some scripts in the VR ● NICs: – – Control NIC – ● Public NIC Guest network NIC Configure when VR is booting up – – ● IP of the nics Default state and configuration for services Automatically update the scripts when rebooting – Through a mounted iso file(systemvm.iso)
  • 15. What's more ● IPv6 support ● SDN – ● External Network Devices – ● OpenVSwitch, Nicira NVP, MidoNet, Big Switch VNS, Juniper Contrail, etc. Netscaler, Juniper SRX, F5 Big-IP, Palo Alto Firewall, etc. More and more is coming from community