Your SlideShare is downloading. ×
  • Like
Network Virtualization with quantum
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Network Virtualization with quantum

  • 1,490 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,490
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
61
Comments
0
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Network Virtualization with Quantum Chandan Dutta Chowdhury Juniper Networks InStackers Meeting
  • 2. Agenda Overview and use case of Network virtualization Quantum Overview Network Isolation at Layer 2 in Quantum Quantum L3 isolation Security groups
  • 3. Overview and use case ofNetwork virtualization“network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.” -Wikipedia
  • 4. Single tier deploymentAll VMs connect to a Linux bridge, which is uplinked to the switch using a physical NIC on the server Physical Server VM Bridge NIC
  • 5. 2 tier deployment Use CaseWe have a web server and a DB server and don’t want to provide direct access to DB server Physical Server Database WWW Bridge Bridge NIC
  • 6. VMs on multiple Physical servers Private Network Physical Server Physical Server Database WWW NIC NIC Bridge Bridge Bridge NIC Bridge NIC Public Network
  • 7. Multi Tenants VMs on multiplePhysical servers Private Network Physical Server Physical Server NIC NIC VM VM VM VM VM VM VM VM VM VM Switch Switch
  • 8. Introduction to QuantumFeatures Implementation Provides network as a service to  Exposes REST APIs connect the VMs in the cloud Self-service API for virtual  provides plug-in based network creation architecture to support different vendor provided networking It provides features like equipments.  L2 isolation L3 isolation   Extensions are supported to add Firewalls functionality in addition to core   Load Balancer etc. APIs Supports various networking modes
  • 9. OpenStack big picture
  • 10. Quantum Architecture Quantum REST API Extensions Plug-in Network Device Agents Message Queue Database
  • 11. Quantum network modes Single Flat Network Mixed Flat and Private Network
  • 12. Quantum network modes Provider Router with Private Networks
  • 13. Quantum Core APIs Network  Network. An isolated virtual  Create network layer-2 domain. A network can  Update network also be a virtual, or logical, switch  Delete network  List network  Show network  Subnet. An IP version 4 or version 6 address block from Subnet which IP addresses that are  Create Subnet assigned to VMs on a specified  Update Subnet network are selected.  Delete Subnet  List Subnet  Port. A virtual, or logical, switch  Show Subnet port on a specified network Port  Create Port  Update Port  Delete Port  List Port  Show Port
  • 14. Network Isolation at Layer 2 inQuantum Quantum creates a isolated L2 domain per virtual network On the backend it uses a combination of the following to provide the isolated l2 domain  VLANs  GRE tunnels  Linux Bridges  OVS CLI  quantum net-create net1  quantum subnet-create net1 10.0.0.0/24  quantum port-create --fixed-ip subnet_id=<subnet- id>,ip_address=192.168.57.101 <net-id>
  • 15. Linux Bridge based virtualnetworks A sub interface is created per virtual network (virtual network being represented by vlan) A separate bridge is used to connect the VMs to each other VLAN Sub-Interface Nova Compute Nova Compute Linux Bridge vlan10 Linux Bridge vlan10 Linux Bridge vlan20 NIC Linux Bridge vlan20 NIC vlan30 Linux Bridge vlan30 Linux Bridge
  • 16. OVS based virtual network A vlan is created in OVS per virtual network Nova Compute Nova Compute OVS OVS Vlan 10 NIC Vlan 10 NIC Vlan 20 Vlan 20 Vlan 30 Vlan 30
  • 17. Quantum Plug-in and ExtensionsPlug-ins Extensions Quantum plug-ins are used  Extensions provide a way to to configure vendor provided extend the APIs provided by switch for virtual networking. quantum. E.g. L3 functionality in quantum is provided as extension. Extensions are used to provide new/ experimental functionality in quantum.
  • 18. Advanced Networking Concepts
  • 19. Quantum L3 networking extension  L3 extension allows to creation of routers to connect 2 or more networks NICLayer 3 Router1 GatewayLayer 2 Net1 Net2 Net3 VM VM VM
  • 20. Quantum L3 isolation Layer 3 networking :Virtual  Default implementation of Routers router is done using Linux network namespaces  Router can also be used to Physical Server provide external Database connectivity and NAT functionality WWWBridge Router NIC Bridge
  • 21. Quantum L3 CLI CLI  quantum router-create router1  quantum router-interface-add router1 <subnet1-uuid>  quantum router-interface-add router1 <subnet2-uuid>
  • 22. Security group Security groups and security group rules allows administrators and tenants the ability to specify the type of traffic and direction (ingress/egress) that is allowed to pass through a port. A Security Group is a named set of rules that get applied to the incoming packets for the instances By default this group will drop all ingress traffic and allow all egress Physical Server Database WWWBridge Router NIC Bridge
  • 23. Security Groups CLI quantum security-group-list quantum security-group-rule-create --direction ingress - -protocol tcp --port_range_min 80 --port_range_max 80 <security_group_uuid> quantum port-create <network_id> --security_groups list=true <security_group_id> <security_group_id> quantum port-update <port_id> --security_groups=None quantum security-group-rule-list quantum security-group-rule-delete <security_group_rule_uuid>
  • 24. THANK YOU ALL