Your SlideShare is downloading. ×
0
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds

632

Published on

Presentation about the various approaches to network virtualization for infrastructure as a service (IaaS) clouds with an overview of MidoNet, an overlay based approach to network virtualization.

Presentation about the various approaches to network virtualization for infrastructure as a service (IaaS) clouds with an overview of MidoNet, an overlay based approach to network virtualization.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
632
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
18
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. MidoNet: Overlay-based Virtual Networking for IaaS Clouds March 21, 2013 Adam Johnson General Manager, Midokura @adjohn
  • 2. Requirements uplink Provider Virtual Router (L3) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 2
  • 3. Requirements uplink Isolated tenant Provider Virtual network (virtual Router (L3) data center)Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual RouterNetwork A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 3
  • 4. Requirements uplink Provider Virtual Router (L3) L3 isolation (similar to VPC and VRF)Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual RouterNetwork A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 4
  • 5. Requirements uplink Provider Virtual Router (L3)Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual RouterNetwork A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Isolated L2 networks Copyright ©2012 Midokura All rights reserved 5
  • 6. Requirements uplink Provider Virtual Redundant, optimized Router (L3) and fault-tolerant paths to the Internet (e.g. via BGP)Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual RouterNetwork A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 6
  • 7. Requirements uplink Provider Virtual Fault-tolerant Router (L3)devices and linksTenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual RouterNetwork A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 7
  • 8. Requirements uplink Provider Virtual Router (L3) NAT, LB, and Firewalls FilteringTenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual RouterNetwork A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 8
  • 9. Requirements uplink Provider Virtual Router (L3)Tenant/Project A Tenant/Project B Tenant B L3 (and L2) VPNs Tenant A Virtual Router Virtual RouterNetwork A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 9
  • 10. RequirementsSolid integration with uplink Minimize ARP broadcasts by leading open CMS: exploiting CMS config OpenStack, CloudStack Provider Virtual DHCP, DNS and other RESTful API for CMS Router (L3) services integration and direct tenant access Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 10
  • 11. Requirements: recapl  Multi-tenancy l Stateful NATl  Scalable, fault-tolerant u  Port masquerading devices (or device- u  DNAT agnostic network l ACLs services). l Stateful (L4) Firewallsl  L2 isolation u  Security Groups l LB health checksl  L3 routing isolation l VPNs at L2 and L3 u  VPC u  Like VRF (virtual u  IPSec routing and fwd-ing) l REST APIl  BGP gateway l Integration with CMSl  Scalable control plane u  OpenStack u  ARP, DHCP, ICMP u  CloudStackl  Floating IP Copyright ©2012 Midokura All rights reserved 11
  • 12. How to build it?1. Virtualized physical devices2. Centrally controlled OpenFlow-based hop-by- hop switching fabric3. Edge to edge overlays Copyright ©2012 Midokura All rights reserved 12
  • 13. 1 Virtualized physical devices VLAN VLAN1 VLAN2l  4096 limit on number of unique tagsl  Large spanning trees terminating on many hostsl  High churn in switch control planes due to MAC learning l Each VM is separate virtual MAC!l  Need MLAG for L2Copyright ©2012 Midokura(vendor specific) multi-path All rights reserved 13
  • 14. 1 Virtualized physical devices VLAN (more) VLAN1 VLAN2l  L2 isolationl  What about L3 and Internet access?l  Use VRF or virtual appliances? Copyright ©2012 Midokura All rights reserved 14
  • 15. 1 Virtualized physical devices VRF VRF VRF VRF Core Product VLAN 20 Sales VLAN 10 VLAN 99 VLAN21 VLAN11 VLAN22 VLAN12 出典:http://infrastructureadventures.com/tag/vrf-lite/l  Not scalable to cloud scalel  Expensive hardwarel  Not fault tolerant (HSRP?)l  L2 and L3 isolation. What about NAT, LB, FW? Copyright ©2012 Midokura All rights reserved 15
  • 16. 2 OpenFlow hop-by-hop switch fabric OpenFlow Controller (Cluster) OpenFlow Switchesl  Fabric extends to the compute host software switch? • State in each switch is proportional to the virtual network state • Need to update all switches in path when provisioning new virtual devices or updating them. • Not scalable, slowCopyright ©2012 Midokura All rights reserved and non-atomic switch updates. 16
  • 17. 2 OpenFlow hop-by-hop switch fabric (more) OpenFlow Controller (Cluster) OpenFlow Switchesl  Flow rules for VM flows (microflows)?l  Flow rules for virtual device simulation? Copyright ©2012 Midokura All rights reserved 17
  • 18. 3  Edge-to-Edge Overlays Edge VM Edge Edge Edge Edge VM Edge Use scalable IGP (iBGP, OSPF) to build multi-path underlay Copyright ©2012 Midokura All rights reserved 18
  • 19. 3  Edge-to-Edge Overlays IP encapsulation provides isolation Edge VM Edge Edge Edge Edge VM Edge Copyright ©2012 Midokura All rights reserved 19
  • 20. 3  Edge-to-Edge Overlays Virtual network processing at ingress host, decoupled from Edge physical network VM Edge Edge Edge Edge VM Edge Copyright ©2012 Midokura All rights reserved 20
  • 21. 3  Edge-to-Edge Overlays Edge VM Edge Edge Edge Edge VM Edge Virtual network changes dont affect underlay state Copyright ©2012 Midokura All rights reserved 21
  • 22. 3  Edge-to-Edge Overlays • Packet processing on x86 CPUs (at edge) •  Intel DPDK facilitates packet processing •  Number of cores in servers increasing fast • Clos Networks (for underlay) •  Spine and Leaf architecture with IP •  Economical and high E-W bandwidth • Merchant silicon (cheap IP switches) •  Broadcom, Intel (Fulcrum Micro), Marvell •  ODMs (Quanta, Accton) starting to sell directly •  Switches are becoming just like Linux servers Copyright ©2012 Midokura All rights reserved 22
  • 23. Overlays are the right approach! But not sufficient... We still need a scalable control plane. Copyright ©2012 Midokura All rights reserved 23
  • 24. MidoNet SDN Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 Router vPort Tenant B vPort Virtual Virtual Router Switch B1 vPort Copyright ©2012 Midokura All rights reserved 24
  • 25. MidoNet SDN Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 Router vPort Tenant B vPort Virtual Virtual Router Switch B1 vPort VM MN MN VM BGP BGP Multi To ISP1 Homing VM Internet BGP Private IP Network MN VM MN To ISP2 Tunnel BGP To ISP3 VM MN MN VM MN MN MN Network State Database Physical Topology Copyright ©2012 Midokura All rights reserved 25
  • 26. MidoNet SDN Solution Distributed State MidoNet REST API Dashboard Copyright ©2012 Midokura All rights reserved 26
  • 27. MidoNet SDN Solution Lazy state propagation Distributed State Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 27
  • 28. MidoNet SDN Solution VM sends first packet; table Distributed State miss; NetLinkupcall to MidoNet Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 28
  • 29. MidoNet SDN Solution MidoNet agent locallyprocesses packet (virtual Distributed Statelayer simulation); installs local flow (drop/mod/ fwd) Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 29
  • 30. MidoNet SDN Solution Packet tunneled to Distributed State peer host; decap; kflow table miss; Netlink notifies peer MidoNet agent Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 30
  • 31. MidoNet SDN Solution Distributed State MN agent maps tun-key to kernel datapath port#; installs fwd flow rule Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 31
  • 32. MidoNet SDN SolutionSubsequent packets Distributed Statematched by flow rules at both ingress and egress hosts Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 32
  • 33. MidoNet SDN Solution•  Distributed and scalable control plane Ø Handle all control packets at local MidoNet agent adjacent to VM•  Scalable and fault tolerant central database Ø Stores virtual network configuration Ø Dynamic network state ² MAC learning, ARP cache, etc Ø Cached at edges on demand•  All packet modifications at ingress Ø One virtual hop ² No travel through middle boxes Ø Drop at ingress Copyright ©2012 Midokura All rights reserved 33
  • 34. MidoNet SDN Solution• Scalable edge gateway interface to external networks •  Multihomed BGP to ISP•  REST API and GUI•  Integration with popular open source cloud stacks •  OpenStack •  Removes SPOF of network node •  Scalable and fault tolerant NAT for floating IP •  Implements security groups efficiently •  CloudStack Copyright ©2012 Midokura All rights reserved 34
  • 35. MidoNet SDN SolutionDeep OpenStack Integration• Quantum Plugin •  L2 isolation, of course• Also… •  L3 isolation (without VM / appliance) •  Security groups (stateful firewall) •  Floating IP (NAT) •  Load balancing (L4) Copyright ©2012 Midokura All rights reserved 35
  • 36. OpenStack Integration Horizon MidoNet Nova API Web GUI Manager (Web GUI) INTERNET Quantum PluginRabbitMQ - Passing Keystone Queue MidoNet Edge Authentication MidoNet Edge MidoNet API MidoNet Edge Agent Agent Agent Compute Host API MidoNet MidoNet MidoNet Distributed Instance A1 Distributed Instance B1 Nova Quantum Distributed State Compute State State MidoNet Plugin MidoNet VIF Driver Libvirt driver MidoNet Datapath Agent Copyright ©2012 Midokura All rights reserved
  • 37. MidoNet SDN SolutionFuture Directions• Scalable L7 virtual appliances • Content aware load balancer• MPLS VPN termination Ø Interconnect with carrier backbones• multiple data center federation Ø Virtual L2 between sites• LISP Ø Global IP mobility between sites Copyright ©2012 Midokura All rights reserved 37
  • 38. MidoNet SDN SolutionConclusions• IaaS clouds require new networking model• Edge to edge overlays are the right approach• Servers are good enough at packet processing Ø  Can use them for edge gateways• Multipath IP network fabric is cheap and easy to build Copyright ©2012 Midokura All rights reserved 38
  • 39. Questions? info@midokura.com We’re hiringhttp://midokura.com/careers/
  • 40. MidoNet SDN Solution Backup Slides Copyright ©2012 Midokura All rights reserved 40
  • 41. MidoNet SDN SolutionPacket from VM, VPN,or external BGP peer enters kernel Tunnel datapath MN Packet Encapsulated Drop/Block Copyright ©2012 Midokura All rights reserved 41
  • 42. MidoNet SDN Solution Tunnel MN Packet Encapsulated Drop/Block One flow rule reflecting the outcome of the virtual layer simulation AND the mapping of egress vport to peer host decides to drop or Copyright ©2012 Midokura All rights reserved fwd 42
  • 43. Spine and Leaf Network Architecture e.g Force10 Z9000 Spine L3 Switch L3 Switch L3 Switch L3 Switch x4IBGP and ECMP 4x40G Leaf L3 Switch L3 Switch L3 Switch x32 48x10G 1536 x 10G e.g Arista 7050T Copyright ©2012 Midokura All rights reserved 43

×