Network Virtualization with        Quantum    Chandan Dutta Chowdhury          Juniper Networks       InStackers Meeting
Agenda Overview and use case of Network    virtualization   Quantum Overview   Network Isolation at Layer 2 in Quantum...
Overview and use case ofNetwork virtualization“network virtualization is the process of combining hardware and  software n...
Single tier deploymentAll VMs connect to a Linux bridge, which is uplinked to the switch using a   physical NIC on the ser...
2 tier deployment Use CaseWe have a web server and a DB server and don’t want to provide direct  access to DB server      ...
VMs on multiple Physical servers                               Private Network   Physical Server         Physical Server  ...
Multi Tenants VMs on multiplePhysical servers                         Private Network Physical Server                     ...
Introduction to QuantumFeatures                               Implementation   Provides network as a service to      Exp...
OpenStack big picture
Quantum Architecture             Quantum      REST API              Extensions                 Plug-in                    ...
Quantum network modes Single Flat Network Mixed Flat and Private Network
Quantum network modes Provider Router with Private Networks
Quantum Core APIs   Network                 Network. An isolated virtual       Create network       layer-2 domain. A n...
Network Isolation at Layer 2 inQuantum Quantum creates a isolated L2 domain per virtual network On the backend it uses a...
Linux Bridge based virtualnetworks   A sub interface is created per virtual network (virtual network being    represented...
OVS based virtual network   A vlan is created in OVS per virtual network      Nova Compute                               ...
Quantum Plug-in and ExtensionsPlug-ins                           Extensions Quantum plug-ins are used         Extensions...
Advanced Networking Concepts
Quantum L3 networking    extension     L3 extension allows to creation of routers to          connect 2 or more networks ...
Quantum L3 isolation Layer 3 networking :Virtual        Default implementation of  Routers                             r...
Quantum L3 CLI CLI   quantum router-create router1   quantum router-interface-add router1    <subnet1-uuid>   quantum ...
Security group    Security groups and security group rules allows administrators and     tenants the ability to specify t...
Security Groups CLI quantum security-group-list quantum security-group-rule-create --direction ingress -    -protocol tc...
THANK YOU ALL
Upcoming SlideShare
Loading in...5
×

Network Virtualization with quantum

1,599

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,599
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
63
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Transcript of "Network Virtualization with quantum "

  1. 1. Network Virtualization with Quantum Chandan Dutta Chowdhury Juniper Networks InStackers Meeting
  2. 2. Agenda Overview and use case of Network virtualization Quantum Overview Network Isolation at Layer 2 in Quantum Quantum L3 isolation Security groups
  3. 3. Overview and use case ofNetwork virtualization“network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.” -Wikipedia
  4. 4. Single tier deploymentAll VMs connect to a Linux bridge, which is uplinked to the switch using a physical NIC on the server Physical Server VM Bridge NIC
  5. 5. 2 tier deployment Use CaseWe have a web server and a DB server and don’t want to provide direct access to DB server Physical Server Database WWW Bridge Bridge NIC
  6. 6. VMs on multiple Physical servers Private Network Physical Server Physical Server Database WWW NIC NIC Bridge Bridge Bridge NIC Bridge NIC Public Network
  7. 7. Multi Tenants VMs on multiplePhysical servers Private Network Physical Server Physical Server NIC NIC VM VM VM VM VM VM VM VM VM VM Switch Switch
  8. 8. Introduction to QuantumFeatures Implementation Provides network as a service to  Exposes REST APIs connect the VMs in the cloud Self-service API for virtual  provides plug-in based network creation architecture to support different vendor provided networking It provides features like equipments.  L2 isolation L3 isolation   Extensions are supported to add Firewalls functionality in addition to core   Load Balancer etc. APIs Supports various networking modes
  9. 9. OpenStack big picture
  10. 10. Quantum Architecture Quantum REST API Extensions Plug-in Network Device Agents Message Queue Database
  11. 11. Quantum network modes Single Flat Network Mixed Flat and Private Network
  12. 12. Quantum network modes Provider Router with Private Networks
  13. 13. Quantum Core APIs Network  Network. An isolated virtual  Create network layer-2 domain. A network can  Update network also be a virtual, or logical, switch  Delete network  List network  Show network  Subnet. An IP version 4 or version 6 address block from Subnet which IP addresses that are  Create Subnet assigned to VMs on a specified  Update Subnet network are selected.  Delete Subnet  List Subnet  Port. A virtual, or logical, switch  Show Subnet port on a specified network Port  Create Port  Update Port  Delete Port  List Port  Show Port
  14. 14. Network Isolation at Layer 2 inQuantum Quantum creates a isolated L2 domain per virtual network On the backend it uses a combination of the following to provide the isolated l2 domain  VLANs  GRE tunnels  Linux Bridges  OVS CLI  quantum net-create net1  quantum subnet-create net1 10.0.0.0/24  quantum port-create --fixed-ip subnet_id=<subnet- id>,ip_address=192.168.57.101 <net-id>
  15. 15. Linux Bridge based virtualnetworks A sub interface is created per virtual network (virtual network being represented by vlan) A separate bridge is used to connect the VMs to each other VLAN Sub-Interface Nova Compute Nova Compute Linux Bridge vlan10 Linux Bridge vlan10 Linux Bridge vlan20 NIC Linux Bridge vlan20 NIC vlan30 Linux Bridge vlan30 Linux Bridge
  16. 16. OVS based virtual network A vlan is created in OVS per virtual network Nova Compute Nova Compute OVS OVS Vlan 10 NIC Vlan 10 NIC Vlan 20 Vlan 20 Vlan 30 Vlan 30
  17. 17. Quantum Plug-in and ExtensionsPlug-ins Extensions Quantum plug-ins are used  Extensions provide a way to to configure vendor provided extend the APIs provided by switch for virtual networking. quantum. E.g. L3 functionality in quantum is provided as extension. Extensions are used to provide new/ experimental functionality in quantum.
  18. 18. Advanced Networking Concepts
  19. 19. Quantum L3 networking extension  L3 extension allows to creation of routers to connect 2 or more networks NICLayer 3 Router1 GatewayLayer 2 Net1 Net2 Net3 VM VM VM
  20. 20. Quantum L3 isolation Layer 3 networking :Virtual  Default implementation of Routers router is done using Linux network namespaces  Router can also be used to Physical Server provide external Database connectivity and NAT functionality WWWBridge Router NIC Bridge
  21. 21. Quantum L3 CLI CLI  quantum router-create router1  quantum router-interface-add router1 <subnet1-uuid>  quantum router-interface-add router1 <subnet2-uuid>
  22. 22. Security group Security groups and security group rules allows administrators and tenants the ability to specify the type of traffic and direction (ingress/egress) that is allowed to pass through a port. A Security Group is a named set of rules that get applied to the incoming packets for the instances By default this group will drop all ingress traffic and allow all egress Physical Server Database WWWBridge Router NIC Bridge
  23. 23. Security Groups CLI quantum security-group-list quantum security-group-rule-create --direction ingress - -protocol tcp --port_range_min 80 --port_range_max 80 <security_group_uuid> quantum port-create <network_id> --security_groups list=true <security_group_id> <security_group_id> quantum port-update <port_id> --security_groups=None quantum security-group-rule-list quantum security-group-rule-delete <security_group_rule_uuid>
  24. 24. THANK YOU ALL
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×