Hong kongopenstack2013 sdn_bluehost

810 views

Published on

Used for my talk in the OpenStack summit 2013 at Hong Kong. http://www.youtube.com/watch?v=BOAvDHOo6U4

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
810
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
27
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Hong kongopenstack2013 sdn_bluehost

  1. 1. Towards Truly Open And Commoditized SDN In OpenStack Jun Park (Ph.D.) Senior Systems Architect EIG/Bluehost OpenStack Summit 2013 at Hong Kong
  2. 2. • OpenStack Meets Software-Defined-Networking • Why Does OpenStack need SDN? • Why Does SDN need OpenStack? EIG/Bluehost 2
  3. 3. L2 Fabric VM1 Keep Public IP Address, Rack MAC Address VM2 Rack QoS, Isolation, ACL, Firewall Tenant isolated networks Rack VM3 Rack This is exactly a killer app of SDN! EIG/Bluehost 3
  4. 4. Key Points of L2 Fabric Simple Data Forwarding No L3 Agent, No NAT No Unknown Traffic Plane Avoid Performance Overhead Seamless & Straightforward VM Migration EIG/Bluehost High Entropy in Packets : Desired for multipath 4
  5. 5. # neutron port-list For 20,000 ports EIG/Bluehost 5
  6. 6. Now 3 Seconds With Optimization EIG/Bluehost 6
  7. 7. SDN Controller When Something Closed… NOX/POX NEC 3? BigSwitch Onix Ryu Nicira 4? FloodLight OpenDayLight EIG/Bluehost 7
  8. 8. General SDN Architecture • Open Flow rules – Forwarding plane – No Src MAC learning • Timing – Reactive vs. Proactive • Transition – Traditional ports -> Open Flow ports – Pure Open Flow vs. Hybrid port • Max # of Open Flow rules – 4K – 120K, more or less – How many rules bundled up EIG/Bluehost External Entity Northbound API SDN Controllers SDN Application Control Logic Network Topology • Distributed vs. Single Southbound API OpenFlow Switch 8
  9. 9. Current OpenStack SDN Approach 1. Request to create a virtual interface (vif) Neutron-server SDN Controller(s) 3. Call rest api to SDN controller 2. Create a vif in DB Neutron DB • Intended to be minimal functionality on agent • SDN controllers own control logic • No RPC from Neutron server to agent • Who creates OVS vif and externalids? Answer: Nova-compute, why? EIG/Bluehost SDN Application Network Info Base (NIB) 4. Deploy OpenFlow Rules Compute node Openvswitch (OVS) Neutron agent 0. Agent prepares basic OVS structure 9
  10. 10. Current OpenStack SDN Approach 1. Request to create a vif 3. Call rest api to SDN controller Neutron-server SDN Controller(s) SDN Application Network Info Base (NIB) 2. Create a vif in DB Neutron DB Doesn’t Scale! node node node node Compute node Node > 18,000 OpenvSwitch EIG/Bluehost Hundreds of TOR physical switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches 10
  11. 11. OK, Questions We Got! Q: What is a truly scalable SDN solution now? Q: Can you use a different approach? A: Not yet, but will be. A: Nope. Q: When? Q: Why not? A: Who knows! A: Vendors working on it. EIG/Bluehost 11
  12. 12. Observations & Ideas Compute node VM1 Openvswitch Neutron agent VM2 VM3 • Observations – Neutron agent already fully distributed on compute nodes – OpenFlow rules on a compute node specific to its own VMs only • Ideas – Why not add SDN controller functionality to Neutron agent? – Deploy necessary OpenFlow rules in a right time via Neutron agent EIG/Bluehost 12
  13. 13. Bluehost OpenStack SDN Approach 1. Request to create a vif 3. Call rest api to SDN controller Neutron-server 2. Create a vif in DB Neutron DB Compute node Openvswitch 4. Deploy OpenFlow rules Neutron agent SDN Controller(s) SDN Application Network Info Base (NIB) Hundreds of TOR physical switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches 4. SDN controllers deploy OpenFlow rules on physical switches. 3. Agent receives RPC calls EIG/Bluehost 13
  14. 14. Edge vs. Fabric § Separation of Control: “The fabric is responsible for packet transport across the network, while the edge is responsible for providing more semantically rich services such as network security, isolation, and mobility.” HotSDN’12, “Fabric: A Retrospective on Evolving SDN” Martín Casado, Teemu Koponen, Scott Shenker, Amin Tootoonchian EIG/Bluehost 14
  15. 15. Key Services Achieved Via Neutron Only Tenant3 Tenant1 Tenant2 Isolated on flat network vif1 Firewall Rules 11.22.33.8 11.22.33.4 11.22.33.5 vif2 vif3 QoS: Bandwidth EIG/Bluehost 11.22.33.7 Multiple IPs per vif 11.22.33.6 Anti-IP spoofing per vif 15
  16. 16. Under The Hood QoS, Anti-IP Spoofing, VM-to-VM • Deploy QoS for • DMAC matching for incoming packets outgoing packets • TPA matching in ARP query VM1 vif1 br-int-eth0 10 Mbps For VM1, VM2, … VMn, src_mac, dst_mac -> VM vif => O(n^2) pair of veth • Anti-IP spoofing: SRC IP matching for outgoing packets phy-br-eth0 Public Networks br-int br-eth0 eth0 50 Mbps VM2 EIG/Bluehost vif2 16
  17. 17. Reduce OpenFlow Rules For VM-to-VM Traffic VM1 vif1 br-int-eth0 10 Mbps pair of veth phy-br-eth0 Public Networks br-int vif2 eth0 dst_mac -> phy-loopback => O(n) 50 Mbps VM2 br-eth0 Int-loopback pair of veth phy-loopback dst_mac -> VM vif => O(n) EIG/Bluehost 17
  18. 18. Firewall Rules ~= Security Group • • • Firewall Rules for Incoming packets • Protocol (TCP, UDP, ICMP) & Ports VM1 vif1 br-int-eth0 pair of veth br-int Firewall Rules for outgoing packets Protocol (TCP, UDP, ICMP) & Ports phy-br-eth0 br-eth0 eth0 Public Networks VM2 EIG/Bluehost vif2 Int-loopback pair of veth phy-loopback 18
  19. 19. Tenant Networks Unicast: AMAC <-> PMAC External SDN Controller(s) Bundle Up PMAC Core Switches Only See PMAC Only See PMAC ToR Switches L2 Fabric ToR Switches Neutron Actual MAC -> Neutron PMAC -> AMAC Positional MAC Agent Agent Host Host Open vSwitch ARP Proxy or Not? VM VM Open vSwitch EIG/Bluehost Path Determination 19
  20. 20. Tenant Networks Unicast: Overlay Networks External SDN Controller(s) Core Switches See Normal UDP/TCP ToR Switches L2 or L3 Fabric Neutron Overlay Network Agent Tunnels Host VM Open vSwitch EIG/Bluehost See Normal UDP/TCP ToR Switches Overlay Network Neutron Tunnels Agent Host Open vSwitch VM VXLAN, STT, GRE 20
  21. 21. Tenant Networks Multicast/Broadcast Core Switches ToR Switches ToR Switches ToR Switches VM VM EIG/Bluehost VM VM 21
  22. 22. Tenant Networks Multicast/Broadcast Core Switches ToR Switches ToR Switches Generate Multiple Unicast Packets VM ToR Switches VM VM VM EIG/Bluehost 22
  23. 23. We Need Truly Open, Commoditized SDN Solutions! EIG/Bluehost Willing To Contribute! EIG/Bluehost 23
  24. 24. Thanks! • Design Summit for Neutron – http://summit.openstack.org/cfp/details/311 EIG/Bluehost 24

×