Your SlideShare is downloading. ×
  • Like
Hong kongopenstack2013 sdn_bluehost
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Hong kongopenstack2013 sdn_bluehost

  • 491 views
Published

Used for my talk in the OpenStack summit 2013 at Hong Kong. http://www.youtube.com/watch?v=BOAvDHOo6U4

Used for my talk in the OpenStack summit 2013 at Hong Kong. http://www.youtube.com/watch?v=BOAvDHOo6U4

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
491
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
20
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Towards Truly Open And Commoditized SDN In OpenStack Jun Park (Ph.D.) Senior Systems Architect EIG/Bluehost OpenStack Summit 2013 at Hong Kong
  • 2. • OpenStack Meets Software-Defined-Networking • Why Does OpenStack need SDN? • Why Does SDN need OpenStack? EIG/Bluehost 2
  • 3. L2 Fabric VM1 Keep Public IP Address, Rack MAC Address VM2 Rack QoS, Isolation, ACL, Firewall Tenant isolated networks Rack VM3 Rack This is exactly a killer app of SDN! EIG/Bluehost 3
  • 4. Key Points of L2 Fabric Simple Data Forwarding No L3 Agent, No NAT No Unknown Traffic Plane Avoid Performance Overhead Seamless & Straightforward VM Migration EIG/Bluehost High Entropy in Packets : Desired for multipath 4
  • 5. # neutron port-list For 20,000 ports EIG/Bluehost 5
  • 6. Now 3 Seconds With Optimization EIG/Bluehost 6
  • 7. SDN Controller When Something Closed… NOX/POX NEC 3? BigSwitch Onix Ryu Nicira 4? FloodLight OpenDayLight EIG/Bluehost 7
  • 8. General SDN Architecture • Open Flow rules – Forwarding plane – No Src MAC learning • Timing – Reactive vs. Proactive • Transition – Traditional ports -> Open Flow ports – Pure Open Flow vs. Hybrid port • Max # of Open Flow rules – 4K – 120K, more or less – How many rules bundled up EIG/Bluehost External Entity Northbound API SDN Controllers SDN Application Control Logic Network Topology • Distributed vs. Single Southbound API OpenFlow Switch 8
  • 9. Current OpenStack SDN Approach 1. Request to create a virtual interface (vif) Neutron-server SDN Controller(s) 3. Call rest api to SDN controller 2. Create a vif in DB Neutron DB • Intended to be minimal functionality on agent • SDN controllers own control logic • No RPC from Neutron server to agent • Who creates OVS vif and externalids? Answer: Nova-compute, why? EIG/Bluehost SDN Application Network Info Base (NIB) 4. Deploy OpenFlow Rules Compute node Openvswitch (OVS) Neutron agent 0. Agent prepares basic OVS structure 9
  • 10. Current OpenStack SDN Approach 1. Request to create a vif 3. Call rest api to SDN controller Neutron-server SDN Controller(s) SDN Application Network Info Base (NIB) 2. Create a vif in DB Neutron DB Doesn’t Scale! node node node node Compute node Node > 18,000 OpenvSwitch EIG/Bluehost Hundreds of TOR physical switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches 10
  • 11. OK, Questions We Got! Q: What is a truly scalable SDN solution now? Q: Can you use a different approach? A: Not yet, but will be. A: Nope. Q: When? Q: Why not? A: Who knows! A: Vendors working on it. EIG/Bluehost 11
  • 12. Observations & Ideas Compute node VM1 Openvswitch Neutron agent VM2 VM3 • Observations – Neutron agent already fully distributed on compute nodes – OpenFlow rules on a compute node specific to its own VMs only • Ideas – Why not add SDN controller functionality to Neutron agent? – Deploy necessary OpenFlow rules in a right time via Neutron agent EIG/Bluehost 12
  • 13. Bluehost OpenStack SDN Approach 1. Request to create a vif 3. Call rest api to SDN controller Neutron-server 2. Create a vif in DB Neutron DB Compute node Openvswitch 4. Deploy OpenFlow rules Neutron agent SDN Controller(s) SDN Application Network Info Base (NIB) Hundreds of TOR physical switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches 4. SDN controllers deploy OpenFlow rules on physical switches. 3. Agent receives RPC calls EIG/Bluehost 13
  • 14. Edge vs. Fabric § Separation of Control: “The fabric is responsible for packet transport across the network, while the edge is responsible for providing more semantically rich services such as network security, isolation, and mobility.” HotSDN’12, “Fabric: A Retrospective on Evolving SDN” Martín Casado, Teemu Koponen, Scott Shenker, Amin Tootoonchian EIG/Bluehost 14
  • 15. Key Services Achieved Via Neutron Only Tenant3 Tenant1 Tenant2 Isolated on flat network vif1 Firewall Rules 11.22.33.8 11.22.33.4 11.22.33.5 vif2 vif3 QoS: Bandwidth EIG/Bluehost 11.22.33.7 Multiple IPs per vif 11.22.33.6 Anti-IP spoofing per vif 15
  • 16. Under The Hood QoS, Anti-IP Spoofing, VM-to-VM • Deploy QoS for • DMAC matching for incoming packets outgoing packets • TPA matching in ARP query VM1 vif1 br-int-eth0 10 Mbps For VM1, VM2, … VMn, src_mac, dst_mac -> VM vif => O(n^2) pair of veth • Anti-IP spoofing: SRC IP matching for outgoing packets phy-br-eth0 Public Networks br-int br-eth0 eth0 50 Mbps VM2 EIG/Bluehost vif2 16
  • 17. Reduce OpenFlow Rules For VM-to-VM Traffic VM1 vif1 br-int-eth0 10 Mbps pair of veth phy-br-eth0 Public Networks br-int vif2 eth0 dst_mac -> phy-loopback => O(n) 50 Mbps VM2 br-eth0 Int-loopback pair of veth phy-loopback dst_mac -> VM vif => O(n) EIG/Bluehost 17
  • 18. Firewall Rules ~= Security Group • • • Firewall Rules for Incoming packets • Protocol (TCP, UDP, ICMP) & Ports VM1 vif1 br-int-eth0 pair of veth br-int Firewall Rules for outgoing packets Protocol (TCP, UDP, ICMP) & Ports phy-br-eth0 br-eth0 eth0 Public Networks VM2 EIG/Bluehost vif2 Int-loopback pair of veth phy-loopback 18
  • 19. Tenant Networks Unicast: AMAC <-> PMAC External SDN Controller(s) Bundle Up PMAC Core Switches Only See PMAC Only See PMAC ToR Switches L2 Fabric ToR Switches Neutron Actual MAC -> Neutron PMAC -> AMAC Positional MAC Agent Agent Host Host Open vSwitch ARP Proxy or Not? VM VM Open vSwitch EIG/Bluehost Path Determination 19
  • 20. Tenant Networks Unicast: Overlay Networks External SDN Controller(s) Core Switches See Normal UDP/TCP ToR Switches L2 or L3 Fabric Neutron Overlay Network Agent Tunnels Host VM Open vSwitch EIG/Bluehost See Normal UDP/TCP ToR Switches Overlay Network Neutron Tunnels Agent Host Open vSwitch VM VXLAN, STT, GRE 20
  • 21. Tenant Networks Multicast/Broadcast Core Switches ToR Switches ToR Switches ToR Switches VM VM EIG/Bluehost VM VM 21
  • 22. Tenant Networks Multicast/Broadcast Core Switches ToR Switches ToR Switches Generate Multiple Unicast Packets VM ToR Switches VM VM VM EIG/Bluehost 22
  • 23. We Need Truly Open, Commoditized SDN Solutions! EIG/Bluehost Willing To Contribute! EIG/Bluehost 23
  • 24. Thanks! • Design Summit for Neutron – http://summit.openstack.org/cfp/details/311 EIG/Bluehost 24