Network Virtualization for Cloud Services Infrastructure

1,941 views
1,877 views

Published on

Published in: Technology, Business
0 Comments
13 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,941
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
35
Comments
0
Likes
13
Embeds 0
No embeds

No notes for slide

Network Virtualization for Cloud Services Infrastructure

  1. 1. Network virtualization for cloud services infrastructure I NDUST RIA L PR OJ E CT WI T H A LCAT E L -LUCENT SHA HR YA R A L I
  2. 2. Problem statement • Cloud computing has increased the requirements on the network infrastructure. • Traditional Data center networks are less scalable, complex and inflexible. • Technologies like VLANs and STP does not meet the requirements of Multitenant virtualized data centers.
  3. 3. Industry solutions • Network Virtualization 1. TRILL (IETF), PBB(IEEE 802.1ah) , SPB (IEEE 802.1aq) 2. VRF, MPLS-VPN 3. VXLAN, NVGRE, STT (recent IETF drafts) • Software defined networks (SDN) 1. OpenFlow 2. OpenStack
  4. 4. Project objectives Investigating multitenant data centers Investigating the limitations of multitenant data centers and solutions Examining recent IETF drafts Use of Software Defined Networks Understanding Data center Networking Understanding the limitations of Multi-tenant data centers Comparative Analysis OpenFlow as control plane for VXLAN Analyzing Multitenant virtualized data centers Analyzing the Network virtualization solutions. Limitations of VXLAN Lab Simulation Proposing an OpenStack based solution
  5. 5. Literature Review : Cloud Computing • Cloud Computing types 1. Public 2. Private 3. Hybrid • Cloud Computing types of service 1. Software as a service (SaaS) 2. Platform as a service (PaaS) 3. Infrastructure as a service (IaaS)
  6. 6. Literature review : Virtualization • Virtualization basics 2. Virtual machine(VM) • Why virtualize? 1. To avoid server sprawl 2. Reduce costs 3. Isolate applications VM2 Application Application Guest OS Virtual Hardware Hypervisor VM1 Guest OS 1. Virtual Hardware Host Operating system or Hypervisor Physical Server (Memory, CPU)
  7. 7. Investigating multi-tenant virtualized Data centers Data center Networking • Data center networking architecture 1. Core layer 2. Aggregation layer 3. Access layer • Networking protocols essentials 1. IP, TCP, UDP 2. ARP, Ethernet 3. VLANs and STP
  8. 8. Multi-tenant virtualized data centers • Multi-tenancy • Multi-tenant data center designs 1. Top of Rack(ToR) 2. End of Row(EoR)
  9. 9. Multi-tenant virtualized data centers Multi-tenant separation Layer 2 network virtualization Layer 3 network virtualization
  10. 10. Understanding the limitations of multi-tenant data centers • VLAN limitations • 12 bit VLAN ID • STP limitations • Limits bandwidth • Multi-tenant address separation • Duplicate IP and MAC addresses • VM mobility • Mobility across subnets • Slow convergence • Complexity • No dynamic provisioning
  11. 11. What is Network virtualization? Faithful reproduction of the physical network . • Use of overlay networks 1. MAC-in-MAC encapsulation 2. MAC-in-IP encapsulation • Dynamic network provisioning, simplified network management. • Symmetry between the compute and Network parts. Network virtualization with L2 overlay over L3 (MAC-in-IP encapsulation) 1. Virtual extensible LANs( VXLAN) 2. Network virtualization with GRE (NVGRE) 3. Stateless transport tunneling protocol (STT)
  12. 12. Virtual extensible LANs( VXLAN) • Backed by VMware, Cisco systems, Arista Networks, Brocade, and Redhat. • Exclusively to address the limitations caused by multi-tenancy. • 24-bit ID called Virtual Network Identifier (VNI). • VXLAN uses UDP encapsulation.
  13. 13. Virtual extensible LANs( VXLAN) • VXLAN segment identified by VNI between tunnel endpoints called Virtual Tunnel End Points (VTEPs). • Ideally each VNI is associated to a seperate multicast group. • VTEPs join a particular multicast group using Internet Group management protocol(IGMP). • Switches learn about groups using IGMP snooping.
  14. 14. NVGRE • Backed by Microsoft, HP, and Dell. STT • STT is VMware’s (originally Nicira’s) proposal. • Addresses the same problems as VXLAN. • Also addresses the problem of large packets size (MTU) which VXLAN and NVGRE does not. • Generic routing encapsulation(GRE) as a tunneling protocol. • STT leverages the advantages of TSO(TCP segmentation offload).
  15. 15. OpenFlow and Network virtualization • Control plane in the controller and Data plane in the switch. • The action of the switch depends on the rule on which the packet header is defined. • Network virtualization through Flowvisor. • OpenFlow in multi-tenant data centers 1. To remove VLAN limitations 2. On-demand tenant network configuration 3. Vendor independence
  16. 16. Comparative analysis • VXLAN versus NVGRE and STT 1. Existing switches does not parse GRE completely. 2. Load balancing, firewalls and ACLs issues with NVGRE. 3. Large and dominant vendor community. 4. Firewalls more likely to block STT. • VXLAN versus MPLS 1. Hypervisor vendors use only layer 2 model. 2. Networking gear in the data centers does not support MPLS. VXLAN NVGRE • VMware ESXi • Cisco Nexus 1000V • OpenvSwitch 1.10.0 • Microsoft Windows Server 2012 • Openvswitch 1.10.0 • Latest additions: • Arista 7150 Series[58] • Nauge Networks DVRS [59] • Brocade ADX Series • F5 Big IP platform • Latest additions: • Arista 7150 Series
  17. 17. OpenFlow as control plane for VXLAN • Limitations of VXLAN 1. IP Multicast 2. No control plane specified • Advantages of OpenFlow based control plane 1. Less processing Load on Hypervisor. 2. On demand flow entries. 3. No control plane protocols in switch.
  18. 18. Lab Simulation: VXLAN with Open vSwitch and Floodlight OpenFlow controller
  19. 19. Lab Simulation Tasks: • Connecting Floodlight controller to Open vSwitch • Pushing static flows in Floodlight controller using REST API Results: • Only point to point tunnels can be created as there is no multicast learning in Open vSwitch. • It is less scalable and no dynamic provisioning of virtual networks is possible. Solution : • Require to build a controller module to enable IGMP snooping. • VXLAN tunnel configuration between two isolated bridges • Integrate a cloud orchestration system like OpenStack to access the VNI to multicast mapping.
  20. 20. Integrating OpenStack with OpenFlow based VXLAN solution • OpenStack can be used to provide a management plane. • OpenStack with Open vSwitch can be directly used to create VXLAN tunnels using the OVS plugin. • OpenFlow can discover the database of virtual networks from OpenStack using the OpenStack APIs.
  21. 21. Conclusion and Recommendations • Traditional data centers networking needs to change to meet the requirements of cloud computing. • Network virtualization using overlays can address most or all of the limitations. • VXLAN is the most viable overlay mechanism . • OpenFlow can work as a potential control plane for VXLAN. • Integrating OpenStack can further optimize the network virtualization solution.
  22. 22. References • “VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks”, working draft, version 4, Network Working Group, IETF, February 2013. • Sridharan, M., "NVGRE: Network Virtualization using Generic Routing Encapsulation", draftsridharan-virtualization-nvgre-02, Feb 2013 • Davie, B., and J. Gross. "A stateless transport tunneling protocol for network virtualization (STT)." draft-davie-stt-03. txt (work in progress) (2013). • “Network Functions Virtualisation”, whitepaper, ETSI. 22 October 2012 • ONF Market Education Committee. "Software-Defined Networking: The New Norm for Networks." ONF White Paper. Palo Alto, US: Open Networking Foundation (2012) • “Problem Statement: Overlays for Network Virtualization draft-ietf-nvo3-overlay-problemstatement-04 ”, working draft, Network Working Group, IETF, May 2013.
  23. 23. References • Network Virtualization Platform”, whitepaper, Nicira, 2013. • “Virtualized services platform release 1.0 , whitepaper, Nuage Networks-An Alcatel-Lucent Venture, 2013 • Sherwood, Rob, et al. "Flowvisor: A network virtualization layer." OpenFlow Switch Consortium, Tech. Rep (2009). • Project Floodlight, Big Switch networks. http://www.projectfloodlight.org/floodlight. • Open source software for building private and public clouds .Available: http://www.openstack.org/. • Neutron plugins, https://wiki.openstack.org/wiki/Neutron.

×