Network Virtualization with quantum
Upcoming SlideShare
Loading in...5
×
 

Network Virtualization with quantum

on

  • 2,331 views

 

Statistics

Views

Total Views
2,331
Views on SlideShare
2,330
Embed Views
1

Actions

Likes
4
Downloads
61
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Network Virtualization with quantum Network Virtualization with quantum Presentation Transcript

  • Network Virtualization with Quantum Chandan Dutta Chowdhury Juniper Networks InStackers Meeting
  • Agenda Overview and use case of Network virtualization Quantum Overview Network Isolation at Layer 2 in Quantum Quantum L3 isolation Security groups
  • Overview and use case ofNetwork virtualization“network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.” -Wikipedia
  • Single tier deploymentAll VMs connect to a Linux bridge, which is uplinked to the switch using a physical NIC on the server Physical Server VM Bridge NIC
  • 2 tier deployment Use CaseWe have a web server and a DB server and don’t want to provide direct access to DB server Physical Server Database WWW Bridge Bridge NIC
  • VMs on multiple Physical servers Private Network Physical Server Physical Server Database WWW NIC NIC Bridge Bridge Bridge NIC Bridge NIC Public Network
  • Multi Tenants VMs on multiplePhysical servers Private Network Physical Server Physical Server NIC NIC VM VM VM VM VM VM VM VM VM VM Switch Switch
  • Introduction to QuantumFeatures Implementation Provides network as a service to  Exposes REST APIs connect the VMs in the cloud Self-service API for virtual  provides plug-in based network creation architecture to support different vendor provided networking It provides features like equipments.  L2 isolation L3 isolation   Extensions are supported to add Firewalls functionality in addition to core   Load Balancer etc. APIs Supports various networking modes
  • OpenStack big picture
  • Quantum Architecture Quantum REST API Extensions Plug-in Network Device Agents Message Queue Database
  • Quantum network modes Single Flat Network Mixed Flat and Private Network
  • Quantum network modes Provider Router with Private Networks
  • Quantum Core APIs Network  Network. An isolated virtual  Create network layer-2 domain. A network can  Update network also be a virtual, or logical, switch  Delete network  List network  Show network  Subnet. An IP version 4 or version 6 address block from Subnet which IP addresses that are  Create Subnet assigned to VMs on a specified  Update Subnet network are selected.  Delete Subnet  List Subnet  Port. A virtual, or logical, switch  Show Subnet port on a specified network Port  Create Port  Update Port  Delete Port  List Port  Show Port
  • Network Isolation at Layer 2 inQuantum Quantum creates a isolated L2 domain per virtual network On the backend it uses a combination of the following to provide the isolated l2 domain  VLANs  GRE tunnels  Linux Bridges  OVS CLI  quantum net-create net1  quantum subnet-create net1 10.0.0.0/24  quantum port-create --fixed-ip subnet_id=<subnet- id>,ip_address=192.168.57.101 <net-id>
  • Linux Bridge based virtualnetworks A sub interface is created per virtual network (virtual network being represented by vlan) A separate bridge is used to connect the VMs to each other VLAN Sub-Interface Nova Compute Nova Compute Linux Bridge vlan10 Linux Bridge vlan10 Linux Bridge vlan20 NIC Linux Bridge vlan20 NIC vlan30 Linux Bridge vlan30 Linux Bridge
  • OVS based virtual network A vlan is created in OVS per virtual network Nova Compute Nova Compute OVS OVS Vlan 10 NIC Vlan 10 NIC Vlan 20 Vlan 20 Vlan 30 Vlan 30
  • Quantum Plug-in and ExtensionsPlug-ins Extensions Quantum plug-ins are used  Extensions provide a way to to configure vendor provided extend the APIs provided by switch for virtual networking. quantum. E.g. L3 functionality in quantum is provided as extension. Extensions are used to provide new/ experimental functionality in quantum.
  • Advanced Networking Concepts
  • Quantum L3 networking extension  L3 extension allows to creation of routers to connect 2 or more networks NICLayer 3 Router1 GatewayLayer 2 Net1 Net2 Net3 VM VM VM
  • Quantum L3 isolation Layer 3 networking :Virtual  Default implementation of Routers router is done using Linux network namespaces  Router can also be used to Physical Server provide external Database connectivity and NAT functionality WWWBridge Router NIC Bridge
  • Quantum L3 CLI CLI  quantum router-create router1  quantum router-interface-add router1 <subnet1-uuid>  quantum router-interface-add router1 <subnet2-uuid>
  • Security group Security groups and security group rules allows administrators and tenants the ability to specify the type of traffic and direction (ingress/egress) that is allowed to pass through a port. A Security Group is a named set of rules that get applied to the incoming packets for the instances By default this group will drop all ingress traffic and allow all egress Physical Server Database WWWBridge Router NIC Bridge
  • Security Groups CLI quantum security-group-list quantum security-group-rule-create --direction ingress - -protocol tcp --port_range_min 80 --port_range_max 80 <security_group_uuid> quantum port-create <network_id> --security_groups list=true <security_group_id> <security_group_id> quantum port-update <port_id> --security_groups=None quantum security-group-rule-list quantum security-group-rule-delete <security_group_rule_uuid>
  • THANK YOU ALL