SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund


IT organizations around the world are transforming data center operations and economics by virtualizing their networks. Much like server virtualization decoupled VMs from the underlying X86 server hardware transforming the operational model of compute, network virtualization decouples software-based virtual networks from the underlying network hardware to enable a new operational model for networking. Deployed non-disruptively on any existing network without change, network virtualization transforms the physical network into a pool of capacity that can be consumed and repurposed on demand.

You will learn how, today, companies like AT&T, NTT, eBay and Rackspace have transformed their operational model and reduced network provisioning time from days/weeks to seconds. You will learn how network virtualization, OpenStack cloud management and Chef automation can be leveraged together and examine the architectural decisions you should be considering now to prepare for this transformation

  1. 1. Network VirtualizationBrad  Hedlund  Brad  Hedlund  -­‐  #ChefConf  2013  
  2. 2. What is VMwareNSX?Brad  Hedlund  -­‐  #ChefConf  2013  Nicira  NVP   VMware  vCNS  NSX  Scale-­‐out  Controller  Next  gen  vSwitch  Logical  switches  Logical  routers  Distributed  statefull  ACL  ü  Edge  Firewall  ü  Load  Balancing  ü  VPN  ü  GSLB  ü  App  Firewall      L2-­‐L4   L4-­‐L7  Full  L2-­‐L7  Network  Virtualiza<on  ü  Any  Hypervisor  ü  Any  Cloud  ü  Any  Network  ü  Common  API  Late  2013  Build  your  own  cloud   Shrink  wrapped  cloud
  3. 3. Networking *is* stuck in the PastCompute  • APIs  • Automa<on  (Chef)  • Mobility  • Distributed  • Templates  &  Cookbooks  Networking  • CLIs  • Human  +  Keyboard  • Rigid  • Choke  points  • Manual  &  Error  prone  Brad  Hedlund  -­‐  #ChefConf  2013  
  4. 4. Network VirtualizationBrad  Hedlund  -­‐  #ChefConf  2013  Hardware  SoQware  Logical  Switches  VIRTUALIZATION  LAYER  Logical  Routers  2001   2012  x86  Machine  NIC   CPU  HD   RAM  Network  VLANs  VRF  ACL  NAT  Security  (Firewall)  Virtual  Network  vCPU  vRAM  vNIC  image  Virtual  Machine  AUTOMATE  REPRODUCE  DECOUPLE  
  5. 5. LAN  segment  LAN  segment  Network Services forAppsBrad  Hedlund  -­‐  #ChefConf  2013  WEB   WEB  World  Router  NAT  Firewall  Load  Balancer  Firewall  APP   APP  My  App   GSLB  North-­‐South  Security  East-­‐West  Security  App  Load  Balancing  MulT-­‐site  Load  Balancing  Shared  Physical  Appliance  BYO  Virtual  Appliance  Full  L2-­‐L7  Network  Virtualiza<RouTng  &  NAT  L2  segments  Monitoring  
  6. 6. Compute  Service  Nodes  OVS  NVP  Manager  Controller  Controller  NVP  Controller   Fabric  Hypervisor   Hypervisor   Hypervisor  L3  Gateway  L2  Gateway  L3  GateOVS   OVS   OVS   OVS  OVS   OVSL2  GateOVSService  Nodes  OVS  Quantum  Web  App  DB  Switch  2   Switch  3  Router  APP  APP  DB  DB  y          QoS            Monitoring  NAT  irtual  Network  NVP Components &ArchitectureNVP  API  World  Physical  EdgeBrad  Hedlund  -­‐  #ChefConf  2013  World  Non-­‐virtual  hosts  /  RemoVirtual  Edge  NVP  Plug-­‐in  
  7. 7. pervisorbr0    Linux  IP  stack  WEB   WEB   APP   APP  Top  of  Rack    Switch(s)  (bond)  Config/State  DB  ovsdb-­‐server  ovs-­‐vswitchd  eth0  MGMT  Controller  Controller  NVP  Controller  eth1   eth2  kernel  user  TCP  6633  OpenFlow  TCP  6632  OVSDB  STT/GRE  Tunnels  br-­‐int  Brad  Hedlund  -­‐  #ChefConf  2013  
  8. 8. NVP  Controller  NVP  Controller  NVP  Controller  NVP  Controller  NVP  Controller  VP Controller scale outNode5  Node4  WebService  API  Persistent  Storage  Logical    Network  Transport    Network  Node1   Node2   Node3  Controller  Cluster  Number  of  NVP  Controller  in  Cluster  3   4   5   7  Majority  Number   2   3   3   4  Number  of  devices  that  can  taken  be  offline  1   1   2   3  l  nodes  AcTve  orkload  sliced  and  shared  ajority  rule  o  split  brain  ve  SoQware  Upgrades  
  9. 9. Logical Network (NVP3.1)br-­‐int  Logical  Switch  2  Logical  Switch  1  br-­‐int   br-­‐int  Service  Node   Service  Node  Hypervisors  OpTonal:  BUM  forwarding  offload  L3  Gateway  L3  Gateway  North-­‐South  L3   L  RoutWEB   WEB   WEB   APP   APP   APP  NVP  Controller  witch   L  Switch  L  Router  HV1   HV2   HV3  Web   App  Allow:  Egress  TCP  80,  443  from  ANY   Allow:  Egress  TCP  6000,  9000  from  WEB_Servers  curity  oups  World  STT/GRE  Tunnels  Distributed  Logical  Router  1   East-­‐WOpTonal:  Source  BUM  forwarding  Brad  Hedlund  -­‐  #ChefConf  2013  NVP  Controller  NVP  Controller  
  10. 10. Chef + NVP + OpenStack  Chef  deploys  OpenStack  nodes    Chef  deploys  OVS  on  Hypervisors    Chef  installs  NVP  Plug-­‐in      Chef  configures  NVP  Plug-­‐in    Chef/Script  configures  NVP  Appliances    Chef/Script  loads  NVP  snapshot  /  configures  virtual  network  Brad  Hedlund  -­‐  #ChefConf  2013  From  Baremetal  to  full  OpenStack  cloud  in  Minutes  At  any  defined  state  
  11. 11. Hypervisors  HV1   HV2  DEMO: NVP SnapshotsBrad  Hedlund  -­‐  #ChefConf  2013  VM1   VM3  VM2   VM4  Logical  Switch  2  Logical  Switch  1  Distributed  Logical  Router    
  12. 12. Confidentialp provisioning at PayPal: From days to minutes with NSXApp Provisioning at PayPal TodayDemand 0 to 14 days 0 to 4 days0 to 21 days 0 to 10 daysApp Provisioning with NSXFrom manual, multi-step, nopredictable SLA IT…To fast, automated, predictabledeployments enabled by NSXDemand 0 to 14 days 0 to 4 days0 days 0 to 7 days
