SlideShare a Scribd company logo

Multicloud connectivity using OpenNHRP

Download as PPTX, PDF
B
Bob Melander

Lightning talk at OpenStack Summit 2018, Vancouver, Canada.

Presentations & Public Speaking
1 of 30
Multicloud connectivity using OpenNHRP Openstack Summit Lightning talk May 24, 2018 Sridar Kandaswamy, Bob Melander, Shweta Padubidri Cisco Cloud CTO group
Agenda  Problem description  Site to SiteVPNs vs MultipointVPNs  OpenNHRP Packages/Installation/Configuration  Scenarios  Conclusion
Hybrid cloud deployments
Evolution to multiple clouds
VPN options Point-to-point IPSec tunnels  Tunnel interface growth on hub  One per spoke  All traffic transit the hub  Reconfiguration of hub everytime new site is added/removed
VPN options Point-to-point IPSec tunnels  Tunnel interface growth on hub  One per spoke  All traffic transit the hub  Reconfiguration of hub everytime new site is added/removed Dynamic Multi-pointVPN (DMVPN)  Multi-point GRE (mGRE)  Next Hop Resolution Protocol (NHRP)  Redirect  Automatic creation of tunnels  Cisco solution
Open source implementations  OpenNHRP  Quagga NHRP plugin (version >=1.2.0)  VyOS
OpenNHRP - Installation steps (Ubuntu) # Install IKEv2 stuff + IPSec sudo apt-get install racoon sudo apt-get install ipsec-tools # Install development packages and dependencies for OpenNHRP sudo apt-get install build-essential sudo apt-get install libc-ares-dev sudo apt-get install pkg-config # Fetch OpenNHRP, compile and install it # Download & extract tarball from https://sourceforge.net/projects/opennhrp tar xjvf opennhrp-0.14.1.tar.bz2 cd opennhrp-0.14.1 make sudo make install
Configuration steps  Create mGRE interface  Configure IKE  Racoon  Configure IPsec SA  ipsec-tools  Configure OpenNHRP  Enable routing  Static routes or  Dynamic routing, e.g., BGP  Configure firewall / security groups  UDP port 500 — ISAKMP as source and destination  UDP port 4500 — NAT-T as a destination  IP protocol 50 — ESP  IP protocol 51 — AH (if using AH)  IP protocol 47 — GRE  Ports for routing protocol
VMVM VM AWS VPC AZURE VNET Openstac k network HUB SPOKE SPOKE InternetDMVPN 10.100.0.0/24 eth0 10.20.0.96 (Floating IP: 18.216.240.85) mpgre1 10.100.0.2 mpgre0 10.100.0.3 eth0 10.10.0.4 (Public IP: 104.42.54.201) eth0 10.0.2.246 (Elastic IP: 13.58.97.150) mpgre0 10.100.0.1 10.0.2.0/24 10.10.0.0/24 10.20.0.0/24 Configuration example topology CIDR next-hop 0.0.0.0/0 10.0.2.1 10.10.0.0/24 10.100.0.3 10.20.0.0/24 10.100.0.1 CIDR next-hop 0.0.0.0/0 10.20.0.1 10.0.3.0/24 10.100.0.2 10.10.0.0/24 10.100.0.3 CIDR next-hop 0.0.0.0/0 10.10.0.1 10.0.2.0/24 10.100.0.2 10.20.0.0/24 10.100.0.1
Common configuration (mGRE + IPsec) # Create multi-point GRE interface sudo ip tunnel add mpgre0 mode gre key 98701234 ttl 64 sudo ip addr add 10.100.0.1/24 dev mpgre0 sudo ip link set mpgre0 up # Define pre-shared key for IKE negotiation sudo bash -c 'cat << EOF >> /etc/racoon/psk.txt demo@openstack-summit.com rocky-summit EOF' Change address to 10.100.0.2/24 and 10.100.0.3/24, respectively for the spoke nodes Select a GRE key for the DMVPN
Common configuration (IKE + IPsec) # Generate configuration for IKE (racoon daemon) sudo bash -c 'cat << EOF >> /etc/racoon/racoon.conf path pre_shared_key "/etc/racoon/psk.txt"; remote anonymous { exchange_mode aggressive; lifetime time 24 hour; my_identifier user_fqdn "demo@openstack-summit.com"; nat_traversal on; script "/etc/opennhrp/racoon-ph1dead.sh" phase1_dead; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } }
Common configuration (IKE + IPsec) sainfo anonymous { pfs_group 2; lifetime time 12 hour; encryption_algorithm aes, 3des, blowfish 448, rijndael; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; } EOF' # Generate configuration for IPSec sudo bash -c 'cat << EOF >> /etc/ipsec-tools.conf spdflush; # Encrypt all traffic in ESP transport mode spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transport//require; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in ipsec esp/transport//require; EOF'
Hub configuration (OpenNHRP daemon) # Generate configuration for OpenNHRP hub sudo bash -c 'cat << EOF >> /etc/opennhrp/opennhrp.conf interface mpgre0 holding-time 3600 # make this a hub node multicast dynamic # send redirects to enable spoke-to-spoke communication redirect interface eth0 # Create shortcut routes for subnets on this interface shortcut-destinationEOF'
Spoke configuration (OpenNHRP daemon) # Generate configuration for OpenNHRP spoke sudo bash -c 'cat << EOF >> /etc/opennhrp/opennhrp.conf interface mpgre0 # register with hub map 10.100.0.1/24 18.216.240.85 register holding-time 3600 # act as a spoke multicast nhs # Enable shortcut routes shortcut # dynamically create tunnels to other spokes redirect interface eth0 # Create shortcut routes for subnets on this interface shortcut-destination
Configuration (static routing) # Enable IPv4 forwarding sudo sysctl -w net.ipv4.ip_forward=1 # Set static routes (for hub node) sudo ip route add 10.0.2.0/24 nexthop via 10.100.0.2 sudo ip route add 10.10.0.0/24 nexthop via 10.100.0.3 # Set static routes (for spoke node in Azure) sudo ip route add 10.20.0.0/24 nexthop via 10.100.0.1 sudo ip route add 10.0.2.0/24 nexthop via 10.100.0.2 # Set static routes (for spoke node in AWS) sudo ip route add 10.20.0.0/24 nexthop via 10.100.0.1 sudo ip route add 10.10.0.0/24 nexthop via 10.100.0.3
Start services # Restart setkey and racoon services sudo service setkey restart sudo service racoon restart # Start opennhrp service sudo opennhrp -v
VMVM VM AWS VPC AZURE VNET Openstac k network HUB SPOKE SPOKE InternetDMVPN 10.100.0.0/24 eth0 10.20.0.96 (Floating IP: 18.216.240.85) mpgre1 10.100.0.2 mpgre0 10.100.0.3 eth0 10.10.0.4 (Public IP: 104.42.54.201) eth0 10.0.2.246 (Elastic IP: 13.58.97.150) mpgre0 10.100.0.1 10.0.2.0/24 10.10.0.0/24 10.20.0.0/24 After start Statically established spoke-hub GRE/IPsec tunnel Statically established spoke-hub GRE/IPsec tunnel
AzureVM OpenNHRP spoke daemon output ubuntu@vm-B:~$ sudo /usr/sbin/opennhrp –v opennhrp[115081]: OpenNHRP upstream/0.14.1-10-ge6ad153 startingopennhrp [115081]: Adding static 10.100.0.1/24 nbma 18.216.240.85 dev mpgre0 ... opennhrp[115081]: Filter code installed (25 opcodes)Create link from 10.100.0.3 (10.10.0.4) to 10.100.0.1 (18.216.240.85) opennhrp[115081]: [10.100.0.1] Peer up script: success opennhrp[115081]: NL-ARP(mpgre0) 10.100.0.1 is-at 18.216.240.85 opennhrp[115081]: Sending Registration Request to 10.100.0.1 (my mtu=0) opennhrp[115081]: Sending packet 3, from: 10.100.0.3 (nbma 10.10.0.4), to: 10.100.0.1 (nbma 18.216.240.85) ... opennhrp[115081]: Received Registration Reply from 10.100.0.1: success
AzureVM security associations ubuntu@vm-B:~$ sudo racoonctl show-sa isakmp Destination Cookies Created 18.216.240.85.4500 3311c118100b7621:171faacc5400718f 2018-05-21 23:11:19 ubuntu@vm-B:~$ sudo racoonctl show-sa esp 10.10.0.4[4500] 18.216.240.85[4500] esp-udp mode=transport spi=81812847(0x04e05d6f) reqid=0(0x00000000) E: aes-cbc 6508127b ecb0d4fb 200e1fe2 361d20db A: hmac-sha1 89e10ffe e0931d43 54c204e6 0e14a563 0db9a31c seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 21 23:13:26 2018 current: May 21 23:14:26 2018 ... 18.216.240.85[4500] 10.10.0.4[4500] esp-udp mode=transport spi=255020070(0x0f334c26) reqid=0(0x00000000) E: aes-cbc 12460a05 95547561 f0de30e2 6fd022cb A: hmac-sha1 057344d4 1b1e8216 9d7bba03 db73d09b 0753a9ef seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 21 23:13:26 2018 current: May 21 23:14:26 2018 ...
AzureVM OpenNHRP DB ubuntu@vm-B:~$ sudo opennhrpctl show Status: ok ... Interface: mpgre0 Type: localProtocol-Address: 10.100.0.3/32 Flags: up Interface: mpgre0 Type: static Protocol-Address: 10.100.0.1/24 NBMA-Address: 18.216.240.85 Flags: up
Traceroute 1: Azure spoke to AWS spoke ubuntu@vm-B:~$ traceroute 10.0.2.246 traceroute to 10.0.2.246 (10.0.2.246), 30 hops max, 60 byte packets 1 10.100.0.1 (10.100.0.1) 78.781 ms 78.724 ms 78.696 ms 2 10.0.2.246 (10.0.2.246) 79.920 ms 79.901 ms 79.879 ms.
VMVM VM AWS VPC AZURE VNET Openstac k network HUB SPOKE SPOKE InternetDMVPN 10.100.0.0/24 eth0 10.20.0.96 (Floating IP: 18.216.240.85) mpgre1 10.100.0.2 mpgre0 10.100.0.3 eth0 10.10.0.4 (Public IP: 104.42.54.201) eth0 10.0.2.246 (Elastic IP: 13.58.97.150) mpgre0 10.100.0.1 10.0.2.0/24 10.10.0.0/24 10.20.0.0/24 What happened behind the scenes? Dynamically established spoke-spoke GRE/IPsec tunnel
AzureVM OpenNHRP spoke daemon output ... opennhrp[115081]: Traffic Indication from proto src 10.100.0.1; about packet to 10.0.2.246 ... opennhrp[115081]: Received Resolution Reply 10.0.2.246/24 is at proto 10.100.0.2 nbma 10.0.2.246 opennhrp[115081]: NAT detected: really at proto 10.100.0.2 nbma 13.58.97.150 ... Create link from 10.100.0.3 (10.10.0.4) to 10.100.0.2 (13.58.97.150) ... opennhrp[115081]: Adding shortcut-route 10.0.2.0/24 nexthop 10.100.0.2 dev mpgre0 expires_in 120:00 ... VPN connexion established Phase 2 established : 10.10.0.4[4500] -> 13.58.97.150[4500] opennhrp[115081]: [10.100.0.2] Peer up script: success ...
AzureVM security associations ubuntu@vm-B:~$ sudo racoonctl show-sa isakmp Destination Cookies Created 18.216.240.85.4500 3311c118100b7621:171faacc5400718f 2018-05-21 23:11:19 13.58.97.150.4500 f4b90dd523121cf7:87f7e521609f9858 2018-05-21 23:24:39 ubuntu@vm-B:~$ sudo racoonctl show-sa esp 10.10.0.4[4500] 13.58.97.150[4500] esp-udp mode=transport spi=139361052(0x084e7b1c) reqid=0(0x00000000) E: aes-cbc 551010c4 130011ad 72d37c5a 1bcce0a1 A: hmac-sha1 91010e1e 0a1bafec 17e7fed9 aa980e0a f0e385b3 seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 21 23:24:40 2018 ... 13.58.97.150[4500] 10.10.0.4[4500] esp-udp mode=transport spi=221059027(0x0d2d17d3) reqid=0(0x00000000) E: aes-cbc e1369de2 8b922555 b9888aa2 56bc628a A: hmac-sha1 50f5abd9 41608f3a 11ae798b bf67c61c 21fc7e46 seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 21 23:24:40 2018 ...
AzureVM OpenNHRP DB ubuntu@vm-B:~$ sudo opennhrpctl show Status: ok ... Interface: mpgre0 Type: localProtocol-Address: 10.100.0.3/32 Flags: up Interface: mpgre0 Type: cached Protocol-Address: 10.100.0.2/32 NBMA-Address: 13.58.97.150 NBMA-NAT-OA-Address: 10.0.2.246 Flags: up Expires-In: 52:38 Interface: mpgre0 Type: static Protocol-Address: 10.100.0.1/24 NBMA-Address: 18.216.240.85 Flags: up
Traceroute 2: Azure spoke to AWS spoke ubuntu@vm-B:~$ traceroute 10.0.2.246 traceroute to 10.0.2.246 (10.0.2.246), 30 hops max, 60 byte packets 1 10.0.2.246 (10.0.2.246) 78.031 ms 77.977 ms 77.948 ms
Conclusion  Open source DMVPN possible for multi-cloud use cases  Before you deploy in production:TEST EXTENSIVELY for  Stability  Performance  Compatibility with vendor implemenations  Caveats  Packages for popular distros  Documentation
References and FutureWork  Links  https://sourceforge.net/projects/opennhrp  http://savannah.nongnu.org/projects/quagga/  https://wiki.vyos.net/wiki/DMVPN  Shannon McFarland  Multicloud Networking – Connecting OpenStack Private Clouds to Public Clouds, (Tuesday 22, 9:00am - 9:40am)  Possible extensions toVPNaaS  Slides available at: https://www.slideshare.net/BobMelander/
Multicloud connectivity using OpenNHRP

Recommended

Scale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesScale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesLinuxCon ContainerCon CloudOpen China
 
Ceph with CloudStack
Ceph with CloudStackCeph with CloudStack
Ceph with CloudStackShapeBlue
 
OpenCL Heterogeneous Parallel Computing
OpenCL Heterogeneous Parallel ComputingOpenCL Heterogeneous Parallel Computing
OpenCL Heterogeneous Parallel ComputingJoão Paulo Leonidas Fernandes Dias da Silva
 
How Scylla Make Adding and Removing Nodes Faster and Safer
How Scylla Make Adding and Removing Nodes Faster and SaferHow Scylla Make Adding and Removing Nodes Faster and Safer
How Scylla Make Adding and Removing Nodes Faster and SaferScyllaDB
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFRaphaël PINSON
 
Cilium - overview and recent updates
Cilium - overview and recent updatesCilium - overview and recent updates
Cilium - overview and recent updatesMichal Rostecki
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 
Netflow Protocol
Netflow ProtocolNetflow Protocol
Netflow ProtocolWajid Hassan
 

Recommended

Scale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesScale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesLinuxCon ContainerCon CloudOpen China
 
Ceph with CloudStack
Ceph with CloudStackCeph with CloudStack
Ceph with CloudStackShapeBlue
 
OpenCL Heterogeneous Parallel Computing
OpenCL Heterogeneous Parallel ComputingOpenCL Heterogeneous Parallel Computing
OpenCL Heterogeneous Parallel ComputingJoão Paulo Leonidas Fernandes Dias da Silva
 
How Scylla Make Adding and Removing Nodes Faster and Safer
How Scylla Make Adding and Removing Nodes Faster and SaferHow Scylla Make Adding and Removing Nodes Faster and Safer
How Scylla Make Adding and Removing Nodes Faster and SaferScyllaDB
 
Cloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFCloud Native Networking & Security with Cilium & eBPF
Cloud Native Networking & Security with Cilium & eBPFRaphaël PINSON
 
Cilium - overview and recent updates
Cilium - overview and recent updatesCilium - overview and recent updates
Cilium - overview and recent updatesMichal Rostecki
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 
Netflow Protocol
Netflow ProtocolNetflow Protocol
Netflow ProtocolWajid Hassan
 
vSAN architecture components
vSAN architecture componentsvSAN architecture components
vSAN architecture componentsDavid Pasek
 
Software defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriSoftware defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriVahid Sadri
 
Physical Memory Management.pdf
Physical Memory Management.pdfPhysical Memory Management.pdf
Physical Memory Management.pdfAdrian Huang
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesAkihiro Suda
 
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...ShapeBlue
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopWeaveworks
 
Linux: LVM
Linux: LVMLinux: LVM
Linux: LVMMichal Sedlak
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoOpsta
 
VMware vSphere vsan EN.pptx
VMware vSphere vsan EN.pptxVMware vSphere vsan EN.pptx
VMware vSphere vsan EN.pptxCH431
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-upHungWei Chiu
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveRed_Hat_Storage
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Edureka!
 
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Vietnam Open Infrastructure User Group
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Jaskaran Narula
 
Disaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFDisaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFShapeBlue
 
Management Zabbix with Terraform
Management Zabbix with TerraformManagement Zabbix with Terraform
Management Zabbix with TerraformAécio Pires
 
Mcsa certification 410
Mcsa certification 410Mcsa certification 410
Mcsa certification 410Information Technology
 
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...Edureka!
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchRamses Ramirez
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basicsnshah061
 

More Related Content

What's hot

vSAN architecture components
vSAN architecture componentsvSAN architecture components
vSAN architecture componentsDavid Pasek
 
Software defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriSoftware defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriVahid Sadri
 
Physical Memory Management.pdf
Physical Memory Management.pdfPhysical Memory Management.pdf
Physical Memory Management.pdfAdrian Huang
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesAkihiro Suda
 
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...ShapeBlue
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopWeaveworks
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoOpsta
 
VMware vSphere vsan EN.pptx
VMware vSphere vsan EN.pptxVMware vSphere vsan EN.pptx
VMware vSphere vsan EN.pptxCH431
 
Docker introduction
Docker introductionDocker introduction
Docker introductionPhuc Nguyen
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-upHungWei Chiu
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveRed_Hat_Storage
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Edureka!
 
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Vietnam Open Infrastructure User Group
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Jaskaran Narula
 
Disaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFDisaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFShapeBlue
 
Management Zabbix with Terraform
Management Zabbix with TerraformManagement Zabbix with Terraform
Management Zabbix with TerraformAécio Pires
 
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...Edureka!
 

What's hot (20)

vSAN architecture components
vSAN architecture componentsvSAN architecture components
vSAN architecture components
 
Software defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadriSoftware defined networking(sdn) vahid sadri
Software defined networking(sdn) vahid sadri
 
Physical Memory Management.pdf
Physical Memory Management.pdfPhysical Memory Management.pdf
Physical Memory Management.pdf
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
 
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
KVM High Availability Regardless of Storage - Gabriel Brascher, VP of Apache ...
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
 
Linux: LVM
Linux: LVMLinux: LVM
Linux: LVM
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
 
VMware vSphere vsan EN.pptx
VMware vSphere vsan EN.pptxVMware vSphere vsan EN.pptx
VMware vSphere vsan EN.pptx
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-up
 
Ceph Block Devices: A Deep Dive
Ceph Block Devices: A Deep DiveCeph Block Devices: A Deep Dive
Ceph Block Devices: A Deep Dive
 
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
Linux Tutorial For Beginners | Linux Administration Tutorial | Linux Commands...
 
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
 
Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!Securing Infrastructure with OpenScap The Automation Way !!
Securing Infrastructure with OpenScap The Automation Way !!
 
Disaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFDisaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoF
 
Management Zabbix with Terraform
Management Zabbix with TerraformManagement Zabbix with Terraform
Management Zabbix with Terraform
 
Mcsa certification 410
Mcsa certification 410Mcsa certification 410
Mcsa certification 410
 
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
VMware Tutorial For Beginners | VMware Workstation | VMware Virtualization | ...
 

Similar to Multicloud connectivity using OpenNHRP

Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchRamses Ramirez
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basicsnshah061
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksLaurent Bernaille
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornmentAsif
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center supportKrunal Shah
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
ONOS SDN Controller - Introduction
ONOS SDN Controller - IntroductionONOS SDN Controller - Introduction
ONOS SDN Controller - IntroductionEueung Mulyana
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksLaurent Bernaille
 
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Nat Morris
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVROpenStack Korea Community
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemSneha Inguva
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDocker, Inc.
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
Deep dive in container service discovery
Deep dive in container service discoveryDeep dive in container service discovery
Deep dive in container service discoveryDocker, Inc.
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation ToolsEdwin Beekman
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stablejuet-y
 

Similar to Multicloud connectivity using OpenNHRP (20)

Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
Thebasicintroductionofopenvswitch
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basics
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornment
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
 
nested-kvm
nested-kvmnested-kvm
nested-kvm
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
ONOS SDN Controller - Introduction
ONOS SDN Controller - IntroductionONOS SDN Controller - Introduction
ONOS SDN Controller - Introduction
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
Deep dive in container service discovery
Deep dive in container service discoveryDeep dive in container service discovery
Deep dive in container service discovery
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
 
SR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/StableSR-IOV+KVM on Debian/Stable
SR-IOV+KVM on Debian/Stable
 

Recently uploaded

WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 

Recently uploaded (20)

WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 

Multicloud connectivity using OpenNHRP

  • 1. Multicloud connectivity using OpenNHRP Openstack Summit Lightning talk May 24, 2018 Sridar Kandaswamy, Bob Melander, Shweta Padubidri Cisco Cloud CTO group
  • 2. Agenda  Problem description  Site to SiteVPNs vs MultipointVPNs  OpenNHRP Packages/Installation/Configuration  Scenarios  Conclusion
  • 5. VPN options Point-to-point IPSec tunnels  Tunnel interface growth on hub  One per spoke  All traffic transit the hub  Reconfiguration of hub everytime new site is added/removed
  • 6. VPN options Point-to-point IPSec tunnels  Tunnel interface growth on hub  One per spoke  All traffic transit the hub  Reconfiguration of hub everytime new site is added/removed Dynamic Multi-pointVPN (DMVPN)  Multi-point GRE (mGRE)  Next Hop Resolution Protocol (NHRP)  Redirect  Automatic creation of tunnels  Cisco solution
  • 7. Open source implementations  OpenNHRP  Quagga NHRP plugin (version >=1.2.0)  VyOS
  • 8. OpenNHRP - Installation steps (Ubuntu) # Install IKEv2 stuff + IPSec sudo apt-get install racoon sudo apt-get install ipsec-tools # Install development packages and dependencies for OpenNHRP sudo apt-get install build-essential sudo apt-get install libc-ares-dev sudo apt-get install pkg-config # Fetch OpenNHRP, compile and install it # Download & extract tarball from https://sourceforge.net/projects/opennhrp tar xjvf opennhrp-0.14.1.tar.bz2 cd opennhrp-0.14.1 make sudo make install
  • 9. Configuration steps  Create mGRE interface  Configure IKE  Racoon  Configure IPsec SA  ipsec-tools  Configure OpenNHRP  Enable routing  Static routes or  Dynamic routing, e.g., BGP  Configure firewall / security groups  UDP port 500 — ISAKMP as source and destination  UDP port 4500 — NAT-T as a destination  IP protocol 50 — ESP  IP protocol 51 — AH (if using AH)  IP protocol 47 — GRE  Ports for routing protocol
  • 10. VMVM VM AWS VPC AZURE VNET Openstac k network HUB SPOKE SPOKE InternetDMVPN 10.100.0.0/24 eth0 10.20.0.96 (Floating IP: 18.216.240.85) mpgre1 10.100.0.2 mpgre0 10.100.0.3 eth0 10.10.0.4 (Public IP: 104.42.54.201) eth0 10.0.2.246 (Elastic IP: 13.58.97.150) mpgre0 10.100.0.1 10.0.2.0/24 10.10.0.0/24 10.20.0.0/24 Configuration example topology CIDR next-hop 0.0.0.0/0 10.0.2.1 10.10.0.0/24 10.100.0.3 10.20.0.0/24 10.100.0.1 CIDR next-hop 0.0.0.0/0 10.20.0.1 10.0.3.0/24 10.100.0.2 10.10.0.0/24 10.100.0.3 CIDR next-hop 0.0.0.0/0 10.10.0.1 10.0.2.0/24 10.100.0.2 10.20.0.0/24 10.100.0.1
  • 11. Common configuration (mGRE + IPsec) # Create multi-point GRE interface sudo ip tunnel add mpgre0 mode gre key 98701234 ttl 64 sudo ip addr add 10.100.0.1/24 dev mpgre0 sudo ip link set mpgre0 up # Define pre-shared key for IKE negotiation sudo bash -c 'cat << EOF >> /etc/racoon/psk.txt demo@openstack-summit.com rocky-summit EOF' Change address to 10.100.0.2/24 and 10.100.0.3/24, respectively for the spoke nodes Select a GRE key for the DMVPN
  • 12. Common configuration (IKE + IPsec) # Generate configuration for IKE (racoon daemon) sudo bash -c 'cat << EOF >> /etc/racoon/racoon.conf path pre_shared_key "/etc/racoon/psk.txt"; remote anonymous { exchange_mode aggressive; lifetime time 24 hour; my_identifier user_fqdn "demo@openstack-summit.com"; nat_traversal on; script "/etc/opennhrp/racoon-ph1dead.sh" phase1_dead; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } }
  • 13. Common configuration (IKE + IPsec) sainfo anonymous { pfs_group 2; lifetime time 12 hour; encryption_algorithm aes, 3des, blowfish 448, rijndael; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; } EOF' # Generate configuration for IPSec sudo bash -c 'cat << EOF >> /etc/ipsec-tools.conf spdflush; # Encrypt all traffic in ESP transport mode spdadd 0.0.0.0/0 0.0.0.0/0 gre -P out ipsec esp/transport//require; spdadd 0.0.0.0/0 0.0.0.0/0 gre -P in ipsec esp/transport//require; EOF'
  • 14. Hub configuration (OpenNHRP daemon) # Generate configuration for OpenNHRP hub sudo bash -c 'cat << EOF >> /etc/opennhrp/opennhrp.conf interface mpgre0 holding-time 3600 # make this a hub node multicast dynamic # send redirects to enable spoke-to-spoke communication redirect interface eth0 # Create shortcut routes for subnets on this interface shortcut-destinationEOF'
  • 15. Spoke configuration (OpenNHRP daemon) # Generate configuration for OpenNHRP spoke sudo bash -c 'cat << EOF >> /etc/opennhrp/opennhrp.conf interface mpgre0 # register with hub map 10.100.0.1/24 18.216.240.85 register holding-time 3600 # act as a spoke multicast nhs # Enable shortcut routes shortcut # dynamically create tunnels to other spokes redirect interface eth0 # Create shortcut routes for subnets on this interface shortcut-destination
  • 16. Configuration (static routing) # Enable IPv4 forwarding sudo sysctl -w net.ipv4.ip_forward=1 # Set static routes (for hub node) sudo ip route add 10.0.2.0/24 nexthop via 10.100.0.2 sudo ip route add 10.10.0.0/24 nexthop via 10.100.0.3 # Set static routes (for spoke node in Azure) sudo ip route add 10.20.0.0/24 nexthop via 10.100.0.1 sudo ip route add 10.0.2.0/24 nexthop via 10.100.0.2 # Set static routes (for spoke node in AWS) sudo ip route add 10.20.0.0/24 nexthop via 10.100.0.1 sudo ip route add 10.10.0.0/24 nexthop via 10.100.0.3
  • 17. Start services # Restart setkey and racoon services sudo service setkey restart sudo service racoon restart # Start opennhrp service sudo opennhrp -v
  • 18. VMVM VM AWS VPC AZURE VNET Openstac k network HUB SPOKE SPOKE InternetDMVPN 10.100.0.0/24 eth0 10.20.0.96 (Floating IP: 18.216.240.85) mpgre1 10.100.0.2 mpgre0 10.100.0.3 eth0 10.10.0.4 (Public IP: 104.42.54.201) eth0 10.0.2.246 (Elastic IP: 13.58.97.150) mpgre0 10.100.0.1 10.0.2.0/24 10.10.0.0/24 10.20.0.0/24 After start Statically established spoke-hub GRE/IPsec tunnel Statically established spoke-hub GRE/IPsec tunnel
  • 19. AzureVM OpenNHRP spoke daemon output ubuntu@vm-B:~$ sudo /usr/sbin/opennhrp –v opennhrp[115081]: OpenNHRP upstream/0.14.1-10-ge6ad153 startingopennhrp [115081]: Adding static 10.100.0.1/24 nbma 18.216.240.85 dev mpgre0 ... opennhrp[115081]: Filter code installed (25 opcodes)Create link from 10.100.0.3 (10.10.0.4) to 10.100.0.1 (18.216.240.85) opennhrp[115081]: [10.100.0.1] Peer up script: success opennhrp[115081]: NL-ARP(mpgre0) 10.100.0.1 is-at 18.216.240.85 opennhrp[115081]: Sending Registration Request to 10.100.0.1 (my mtu=0) opennhrp[115081]: Sending packet 3, from: 10.100.0.3 (nbma 10.10.0.4), to: 10.100.0.1 (nbma 18.216.240.85) ... opennhrp[115081]: Received Registration Reply from 10.100.0.1: success
  • 20. AzureVM security associations ubuntu@vm-B:~$ sudo racoonctl show-sa isakmp Destination Cookies Created 18.216.240.85.4500 3311c118100b7621:171faacc5400718f 2018-05-21 23:11:19 ubuntu@vm-B:~$ sudo racoonctl show-sa esp 10.10.0.4[4500] 18.216.240.85[4500] esp-udp mode=transport spi=81812847(0x04e05d6f) reqid=0(0x00000000) E: aes-cbc 6508127b ecb0d4fb 200e1fe2 361d20db A: hmac-sha1 89e10ffe e0931d43 54c204e6 0e14a563 0db9a31c seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 21 23:13:26 2018 current: May 21 23:14:26 2018 ... 18.216.240.85[4500] 10.10.0.4[4500] esp-udp mode=transport spi=255020070(0x0f334c26) reqid=0(0x00000000) E: aes-cbc 12460a05 95547561 f0de30e2 6fd022cb A: hmac-sha1 057344d4 1b1e8216 9d7bba03 db73d09b 0753a9ef seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 21 23:13:26 2018 current: May 21 23:14:26 2018 ...
  • 21. AzureVM OpenNHRP DB ubuntu@vm-B:~$ sudo opennhrpctl show Status: ok ... Interface: mpgre0 Type: localProtocol-Address: 10.100.0.3/32 Flags: up Interface: mpgre0 Type: static Protocol-Address: 10.100.0.1/24 NBMA-Address: 18.216.240.85 Flags: up
  • 22. Traceroute 1: Azure spoke to AWS spoke ubuntu@vm-B:~$ traceroute 10.0.2.246 traceroute to 10.0.2.246 (10.0.2.246), 30 hops max, 60 byte packets 1 10.100.0.1 (10.100.0.1) 78.781 ms 78.724 ms 78.696 ms 2 10.0.2.246 (10.0.2.246) 79.920 ms 79.901 ms 79.879 ms.
  • 23. VMVM VM AWS VPC AZURE VNET Openstac k network HUB SPOKE SPOKE InternetDMVPN 10.100.0.0/24 eth0 10.20.0.96 (Floating IP: 18.216.240.85) mpgre1 10.100.0.2 mpgre0 10.100.0.3 eth0 10.10.0.4 (Public IP: 104.42.54.201) eth0 10.0.2.246 (Elastic IP: 13.58.97.150) mpgre0 10.100.0.1 10.0.2.0/24 10.10.0.0/24 10.20.0.0/24 What happened behind the scenes? Dynamically established spoke-spoke GRE/IPsec tunnel
  • 24. AzureVM OpenNHRP spoke daemon output ... opennhrp[115081]: Traffic Indication from proto src 10.100.0.1; about packet to 10.0.2.246 ... opennhrp[115081]: Received Resolution Reply 10.0.2.246/24 is at proto 10.100.0.2 nbma 10.0.2.246 opennhrp[115081]: NAT detected: really at proto 10.100.0.2 nbma 13.58.97.150 ... Create link from 10.100.0.3 (10.10.0.4) to 10.100.0.2 (13.58.97.150) ... opennhrp[115081]: Adding shortcut-route 10.0.2.0/24 nexthop 10.100.0.2 dev mpgre0 expires_in 120:00 ... VPN connexion established Phase 2 established : 10.10.0.4[4500] -> 13.58.97.150[4500] opennhrp[115081]: [10.100.0.2] Peer up script: success ...
  • 25. AzureVM security associations ubuntu@vm-B:~$ sudo racoonctl show-sa isakmp Destination Cookies Created 18.216.240.85.4500 3311c118100b7621:171faacc5400718f 2018-05-21 23:11:19 13.58.97.150.4500 f4b90dd523121cf7:87f7e521609f9858 2018-05-21 23:24:39 ubuntu@vm-B:~$ sudo racoonctl show-sa esp 10.10.0.4[4500] 13.58.97.150[4500] esp-udp mode=transport spi=139361052(0x084e7b1c) reqid=0(0x00000000) E: aes-cbc 551010c4 130011ad 72d37c5a 1bcce0a1 A: hmac-sha1 91010e1e 0a1bafec 17e7fed9 aa980e0a f0e385b3 seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 21 23:24:40 2018 ... 13.58.97.150[4500] 10.10.0.4[4500] esp-udp mode=transport spi=221059027(0x0d2d17d3) reqid=0(0x00000000) E: aes-cbc e1369de2 8b922555 b9888aa2 56bc628a A: hmac-sha1 50f5abd9 41608f3a 11ae798b bf67c61c 21fc7e46 seq=0x00000000 replay=4 flags=0x00000000 state=mature created: May 21 23:24:40 2018 ...
  • 26. AzureVM OpenNHRP DB ubuntu@vm-B:~$ sudo opennhrpctl show Status: ok ... Interface: mpgre0 Type: localProtocol-Address: 10.100.0.3/32 Flags: up Interface: mpgre0 Type: cached Protocol-Address: 10.100.0.2/32 NBMA-Address: 13.58.97.150 NBMA-NAT-OA-Address: 10.0.2.246 Flags: up Expires-In: 52:38 Interface: mpgre0 Type: static Protocol-Address: 10.100.0.1/24 NBMA-Address: 18.216.240.85 Flags: up
  • 27. Traceroute 2: Azure spoke to AWS spoke ubuntu@vm-B:~$ traceroute 10.0.2.246 traceroute to 10.0.2.246 (10.0.2.246), 30 hops max, 60 byte packets 1 10.0.2.246 (10.0.2.246) 78.031 ms 77.977 ms 77.948 ms
  • 28. Conclusion  Open source DMVPN possible for multi-cloud use cases  Before you deploy in production:TEST EXTENSIVELY for  Stability  Performance  Compatibility with vendor implemenations  Caveats  Packages for popular distros  Documentation
  • 29. References and FutureWork  Links  https://sourceforge.net/projects/opennhrp  http://savannah.nongnu.org/projects/quagga/  https://wiki.vyos.net/wiki/DMVPN  Shannon McFarland  Multicloud Networking – Connecting OpenStack Private Clouds to Public Clouds, (Tuesday 22, 9:00am - 9:40am)  Possible extensions toVPNaaS  Slides available at: https://www.slideshare.net/BobMelander/