Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon Japan 2013

1,628 views

Published on

Published in: Technology, Travel
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,628
On SlideShare
0
From Embeds
0
Number of Embeds
63
Actions
Shares
0
Downloads
65
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon Japan 2013

  1. 1. Introduction to NetworkVirtualization in IaaS CloudAkane Matsuo, akane@midokura.comMidokura Japan K.K.LinuxCon Japan 2013May 31st, 2013
  2. 2. Copyright ©2012 Midokura All rights reservedAbout myself2l  NTTCommunications:OCN, Verio, Arcstar…got somebackground of network product…But not engineer :pl  Joined Midokura as an employee #9(?)l  Senior Manager= Do everything but codingl  Trying to build the ecosystem ofnetwork virtualization…2011.32001.4
  3. 3. Copyright ©2012 Midokura All rights reservedHow I met network virtualization a.k.a. Midokura?3I don’t know anythingabout Cloud Network…But let’sjump on thebandwagon!!!
  4. 4. My presentation today is about…What isNetwork Virtualizationfor IaaS Cloudand Why it matters?
  5. 5. Copyright ©2012 Midokura All rights reservedWhat I found #1: What is IaaS Cloud?5CPU・Memory Storage NetworkYou can get computer resourcesas much you need, only when necessaryFree from deployment, operation,troubleshooting…Everyone is happy….!?
  6. 6. Copyright ©2012 Midokura All rights reservedWhat I found #26Cloud has been growing...http://blogs-images.forbes.com/louiscolumbus/files/2013/02/Figure-1-Cloud-Computing-Growth.jpgWhich means cloud installation base is growing.
  7. 7. Copyright ©2012 Midokura All rights reservedWhat I found #3:7(1)Source:http://www.datacenterknowledge.com/archives/2009/09/21/ec2-adding-50000-instances-a-day/Who takes care ofthe troublesomenetwork?What happens if more andmore people create Vmswith a click of a bottomeverywhere?l  An article in ‘09 says 50K instances are born inAWS everyday(1).
  8. 8. 8 We need to think abouthow to build a networkfor IaaS Cloud!
  9. 9. Copyright ©2012 Midokura All rights reservedWhat would be the best network for cloud environment?9But you can’t createmulti-tenant environment!Flat L2 network!It’s simple!Management would be so complicated!How aboutVLAN then!?
  10. 10. Copyright ©2012 Midokura All rights reservedWhat is the best network for cloud environment?10Network gets complicatedmore and more…Actually, wewant L3 too…Firewall andLoad Balancer please!
  11. 11. 11Let’s start fromTypical IaaS Cloud NetworkFor example..AWS or OpenStack
  12. 12. Copyright ©2012 Midokura All rights reserved What are the requirements for IaaS Cloud?12 Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetwork
  13. 13. Copyright ©2012 Midokura All rights reserved Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetworkRequirements13Isolated tenantnetwork (virtualdata center)
  14. 14. Copyright ©2012 Midokura All rights reserved Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetworkRequirements14 Isolated L2 networks
  15. 15. Copyright ©2012 Midokura All rights reserved Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetworkRequirements15 L3 isolation (similar toVPC and VRF)
  16. 16. Copyright ©2012 Midokura All rights reserved Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetworkRequirements16 Redundant, optimizedand fault-tolerantpaths to the Internet(e.g. via BGP)
  17. 17. Copyright ©2012 Midokura All rights reserved Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetworkRequirements17 Fault-tolerantdevices and links
  18. 18. Copyright ©2012 Midokura All rights reserved Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetworkRequirements18 NAT, LB, andFilteringNAT, LB, andFirewalls
  19. 19. Copyright ©2012 Midokura All rights reserved Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetworkRequirements19 L3 (and L2)VPNs
  20. 20. Copyright ©2012 Midokura All rights reserved Tenant/Project ANetwork A1VM1 VM3Network A2VM5Tenant/Project BNetwork B1VM2 VM4uplinkProvider VirtualRouter (L3)Tenant AVirtual RouterTenant BVirtual RouterVM6Virtual L2Switch B1Virtual L2Switch A1Virtual L2Switch A2TenantB officeTenant BVPN RouterOfficeNetworkRequirements20 Minimize ARP broadcasts byexploiting CMS config RESTful API for CMSintegration and directtenant access DHCP, DNS and otherservices
  21. 21. 21How we build it?
  22. 22. Copyright ©2012 Midokura All rights reservedHow to build IaaS Cloud Network?2212Virtualized physical devicesOpenFlow-based hop-by-hopswitching fabric
  23. 23. Copyright ©2012 Midokura All rights reserved Virtualized physical devices23l  4096 limit on number of unique tagsl  Large spanning trees terminating on many hostsl  High churn in switch control planes due to MAC learningl  Need MLAG for L2 multi-path (vendor specific)1VLANVLAN1VLAN2
  24. 24. Copyright ©2012 Midokura All rights reserved Virtualized physical devices241MPLS VPNl  Often used by Carriers/Teleco, but technically advanced forIaaSl  Hardwares could be very expensivetagtag
  25. 25. Copyright ©2012 Midokura All rights reserved Virtualized physical devices251l  Not scalable to cloud scalel  Expensive hardwarel  Not fault tolerant (HSRP?)l  L2 and L3 isolation. What about NAT, LB, FW?出典:http://infrastructureadventures.com/tag/vrf-lite/VRFCoreVLAN 10VLAN11VLAN12ProductVLAN 20VLAN21VLAN22SalesVLAN 99VRFVRFVRF
  26. 26. Copyright ©2012 Midokura All rights reserved OpenFlow hop-by-hop switch fabric262OpenFlow SwitchesOpenFlow Controller(Cluster)l  State in each switch is proportional to the virtualnetwork statel  Not scalable, not fast enough to update, and noatomicity of updatesl  Fault tolerant?
  27. 27. 27Can’t we do this better?
  28. 28. Copyright ©2012 Midokura All rights reservedHow to build IaaS Cloud Network?28123Virtualized physical devicesOpenFlow-based hop-by-hopswitching fabricEdge-to-Edge overlays
  29. 29. Copyright ©2012 Midokura All rights reserved Overlays address the issues of IaaS Cloud Network293VMVMEdgeEdgeEdgeEdge EdgeEdgeVirtual networkchanges dont affectunderlay stateUse scalable IGP to build multi-path underlay with cheap HWIP encapsulationprovides isolationwithout using VLANDecoupled fromphysical network.Wired once
  30. 30. Copyright ©2012 Midokura All rights reservedMarket trend that accelerate IP overlay30123Packet processing on x86 CPUs (at edge)Clos Networks (for underlay)Merchant silicon (cheap IP switches)4 Optical intra-DC Networks•  Intel DPDK facilitates packet processing•  Number of cores in servers increasing fast•  Spine and Leaf architecture with IP•  Economical and high E-W bandwidth•  Broadcom, Intel (Fulcrum Micro), Marvell•  ODMs (Quanta, Accton) starting to sell directly•  Switches are becoming just like Linux servers
  31. 31. 31Overlays are the rightapproach!But not sufficient.We need a scalable control plane
  32. 32. Copyright ©2012 Midokura All rights reserved Scalable Control Plane for Overlay32VMVMEdgeEdgeEdgeEdge EdgeEdgeCPCPCPCPCPCPIntelligence at the edge.Scalable and fault tolerantEdgeGatewayInternetDBDBDBStatefulDatabase
  33. 33. Copyright ©2012 Midokura All rights reservedMidoNet33* MidoNet = Overlay + Network FunctionsL2, L3, Firewall, DNS, BGP, etc* Scalable, distributed control plane* No VLAN, easy to manage.Please come talk to us later* Designed for IaaS Cloud from day one
  34. 34. Copyright ©2012 Midokura All rights reservedSummary34* IaaS Cloud needs virtualized networkwhich is designed for IaaS Cloud*There are various technologies such asVLAN, but overlay is the right approach!* Plus, we need scalable control plane!
  35. 35. Questions?info@midokura.com

×