Network Virtualization with quantum

  • 1,472 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,472
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
61
Comments
0
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Network Virtualization with Quantum Chandan Dutta Chowdhury Juniper Networks InStackers Meeting
  • 2. Agenda Overview and use case of Network virtualization Quantum Overview Network Isolation at Layer 2 in Quantum Quantum L3 isolation Security groups
  • 3. Overview and use case ofNetwork virtualization“network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.” -Wikipedia
  • 4. Single tier deploymentAll VMs connect to a Linux bridge, which is uplinked to the switch using a physical NIC on the server Physical Server VM Bridge NIC
  • 5. 2 tier deployment Use CaseWe have a web server and a DB server and don’t want to provide direct access to DB server Physical Server Database WWW Bridge Bridge NIC
  • 6. VMs on multiple Physical servers Private Network Physical Server Physical Server Database WWW NIC NIC Bridge Bridge Bridge NIC Bridge NIC Public Network
  • 7. Multi Tenants VMs on multiplePhysical servers Private Network Physical Server Physical Server NIC NIC VM VM VM VM VM VM VM VM VM VM Switch Switch
  • 8. Introduction to QuantumFeatures Implementation Provides network as a service to  Exposes REST APIs connect the VMs in the cloud Self-service API for virtual  provides plug-in based network creation architecture to support different vendor provided networking It provides features like equipments.  L2 isolation L3 isolation   Extensions are supported to add Firewalls functionality in addition to core   Load Balancer etc. APIs Supports various networking modes
  • 9. OpenStack big picture
  • 10. Quantum Architecture Quantum REST API Extensions Plug-in Network Device Agents Message Queue Database
  • 11. Quantum network modes Single Flat Network Mixed Flat and Private Network
  • 12. Quantum network modes Provider Router with Private Networks
  • 13. Quantum Core APIs Network  Network. An isolated virtual  Create network layer-2 domain. A network can  Update network also be a virtual, or logical, switch  Delete network  List network  Show network  Subnet. An IP version 4 or version 6 address block from Subnet which IP addresses that are  Create Subnet assigned to VMs on a specified  Update Subnet network are selected.  Delete Subnet  List Subnet  Port. A virtual, or logical, switch  Show Subnet port on a specified network Port  Create Port  Update Port  Delete Port  List Port  Show Port
  • 14. Network Isolation at Layer 2 inQuantum Quantum creates a isolated L2 domain per virtual network On the backend it uses a combination of the following to provide the isolated l2 domain  VLANs  GRE tunnels  Linux Bridges  OVS CLI  quantum net-create net1  quantum subnet-create net1 10.0.0.0/24  quantum port-create --fixed-ip subnet_id=<subnet- id>,ip_address=192.168.57.101 <net-id>
  • 15. Linux Bridge based virtualnetworks A sub interface is created per virtual network (virtual network being represented by vlan) A separate bridge is used to connect the VMs to each other VLAN Sub-Interface Nova Compute Nova Compute Linux Bridge vlan10 Linux Bridge vlan10 Linux Bridge vlan20 NIC Linux Bridge vlan20 NIC vlan30 Linux Bridge vlan30 Linux Bridge
  • 16. OVS based virtual network A vlan is created in OVS per virtual network Nova Compute Nova Compute OVS OVS Vlan 10 NIC Vlan 10 NIC Vlan 20 Vlan 20 Vlan 30 Vlan 30
  • 17. Quantum Plug-in and ExtensionsPlug-ins Extensions Quantum plug-ins are used  Extensions provide a way to to configure vendor provided extend the APIs provided by switch for virtual networking. quantum. E.g. L3 functionality in quantum is provided as extension. Extensions are used to provide new/ experimental functionality in quantum.
  • 18. Advanced Networking Concepts
  • 19. Quantum L3 networking extension  L3 extension allows to creation of routers to connect 2 or more networks NICLayer 3 Router1 GatewayLayer 2 Net1 Net2 Net3 VM VM VM
  • 20. Quantum L3 isolation Layer 3 networking :Virtual  Default implementation of Routers router is done using Linux network namespaces  Router can also be used to Physical Server provide external Database connectivity and NAT functionality WWWBridge Router NIC Bridge
  • 21. Quantum L3 CLI CLI  quantum router-create router1  quantum router-interface-add router1 <subnet1-uuid>  quantum router-interface-add router1 <subnet2-uuid>
  • 22. Security group Security groups and security group rules allows administrators and tenants the ability to specify the type of traffic and direction (ingress/egress) that is allowed to pass through a port. A Security Group is a named set of rules that get applied to the incoming packets for the instances By default this group will drop all ingress traffic and allow all egress Physical Server Database WWWBridge Router NIC Bridge
  • 23. Security Groups CLI quantum security-group-list quantum security-group-rule-create --direction ingress - -protocol tcp --port_range_min 80 --port_range_max 80 <security_group_uuid> quantum port-create <network_id> --security_groups list=true <security_group_id> <security_group_id> quantum port-update <port_id> --security_groups=None quantum security-group-rule-list quantum security-group-rule-delete <security_group_rule_uuid>
  • 24. THANK YOU ALL