SDN in CloudStack

2,848 views

Published on

Presentation by Hugo Trippaers from Schuberg Phillis, he talks about Software Defined Networking and its application in cloud computing. Hugo implemented the integration of the Nicira private gateway in Apache CloudStack. He also covers midonet from Midokura, the BigSwitch virtual wit and the native SDN controller in CloudsStack which uses GRE tunnels. SDN allows to dynamically configure and manage virtual network, this allows for easy provisioning of tenant's network in teh cloud

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,848
On SlideShare
0
From Embeds
0
Number of Embeds
584
Actions
Shares
0
Downloads
94
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

SDN in CloudStack

  1. 1. SDN in CloudStack
  2. 2. About meHugo TrippaersEmail: htrippaers@schubergphilis.comTwitter: @Spark404Freenode: Spark404I’ve been working in IT for over two decades, mainly at ISP ands hosting companiesMission Critical Engineer at Schuberg Philis for almost 6 years.Responsible for the 100% availability of our customers application landscapesCurrently part of the internal development teamPMC member for Apache Cloudstack»–––»»––»
  3. 3. CloudStack networking - the five minute versionCloudStack networkingBasic, isolation using security groups (L3)Advanced, isolation using network isolation (L2)SDN was introduced to create isolated networks in AdvancedzonesBy now it can do much more... (Routing, Firewall, NAT)»––»»3
  4. 4. Isolation with VLAN4CloudStack takes care off the configurationof hypervisor switches.Who takes care of thenetworking gear?
  5. 5. Isolation with VLAN5CloudStack takes care off the configurationof hypervisor switches.Who takes care of thenetworking gear?He does...
  6. 6. Isolation with Software Defined Networking6Who takes care of thenetworking gear?CloudStack takes care off the configurationof hypervisor switches and L2 networking.
  7. 7. Isolation with Software Defined Networking7Who takes care of thenetworking gear?CloudStack takes care off the configurationof hypervisor switches and L2 networking.
  8. 8. Software defined networking - core conceptsDecouples the control plane (what data is going where) from the data plane (how to get datathere)Makes network management easier by abstracting low-level functionality into virtual services.Independent of hardware and/or vendorProvides a Northbound APIAllows administrators to use automated tooling to provision servicesScale?»»–»–»8
  9. 9. Software Defined Networking - advancedWhere can we go if we have a software based network infrastructure.Distributed routing?Integrated security framework?Application controlled networking?Endless possibilities, it’s all software anyway»–––»9
  10. 10. SDN in CloudStackWhere is it?»10
  11. 11. SDN in CloudStackWhere is it?»11Implemented in the core ofCloudStack.“Movable parts” configured perplugin.Controlled by existing offeringmodel.
  12. 12. SDN implementations12Isolation DHCP Firewall NAT SecurityGroups VPCGRE isolation Pre ACS - - - - -
  13. 13. SDN implementations - GRE isolationUses the existing implementation of OpenVSwitch in XenServer andXCPUses the OpenVSwitch GRE tunnels to “link” OpenVSwitch bridgesbetween hypervisorsEntirely controlled by CloudStackProsDoesn’t require external componentsConsBandwidth is limited due to lack of offloadingLarge deployments require a lot of tunnelsLimited set of hypervisors supported (XenServer)»––»–»–––13
  14. 14. SDN implementations14Isolation DHCP Firewall NAT SecurityGroups VPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - - - - -
  15. 15. SDN implementations - Nicira NVPA commercial SDN solution developed byNicira. Uses both OpenVSwitch andOpenFlow to build overlay tunnels on anexisting network.ProsSTT tunnel protocol is optimized forhigh-bandwidthIncludes a gateway to link existing L3or L2 networks to the virtual switchConsRequires custom OpenVSwitch onhypervisors.»»––»–15
  16. 16. SDN Implementations16Isolation DHCP Firewall NAT SecurityGroups VPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1Big Switch VNS >= 4.1 - - - - -
  17. 17. SDN implementations - Nicira NVP (>= ACS 4.1)Nicira NVP plugin is updated to supportL3 functionality. With this functionalitythe existing VRouter can be replaced with aSDN based construct.Several changes have been made to theVPC setup to support SDN based networksin VPCs.»»17
  18. 18. SDN implementations - BigSwitch VNSThe Big Switch Networks plugin is a CloudStack SDNplugin using the BigSwitch VNS platform. WhileBigSwitch VNS is a commercial solution, it iscompletely based on open standards like OpenFlowProsUses open standardsConsRequires hypervisors are switches to supportOpenFlow»»–»–18
  19. 19. SDN Implementations19Isolation DHCP Firewall NATSecurityGroups VPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1Big Switch VNS >= 4.1 - - - - -Midokura Midonet master master master master - -Stratosphere SSP review - - - - -
  20. 20. SDN implementations - Midokura MidonetMidokura Midonet is implemented as aCloudStack plugin. It offeres a complete set ofadvanced features like DHCP, L3 Routing andvarious NAT options.ProsComplete solution for building standardnetworks including L3 functions.ConsCan only be used with the KVM hypervisor.»»–»–20
  21. 21. SDN implementations - StratosphereStratosphre SSP is an SDN controller thatcontrols or brokers physical and or virtual networkdevices. Stratosphere SSP will build a vxlanbacked overlay network. The plugin makes L2connectivity service provided by SSP.Not much information available yet.»»21
  22. 22. SDN implementations - next steps?Support for VPCIncluding private gatewaysCommon configuration and setupSecurity Groups»–»»22
  23. 23. SDN in CloudStack - how does it workPreparing a SDN solution for use requires someconfiguration work up front»23
  24. 24. Preparation - Configure physical networkThe physical network defines the type of L2 isolation used.»24
  25. 25. Preparation - Setup ProvidersThe provider is the place toconfigure the SDN controllerNot used by the GRE tunnels, thatis configured using configurationparameters.»»25
  26. 26. Preparation - Setup network offeringsConnectivity is keyServices define where and how SDN is used inthe offering»»26
  27. 27. SDN in CloudStack - how does it workPreparing a SDN solution for use requires someconfiguration work up frontUsing the SDN solution is as straight forward as anynetworking in CloudStack»»27
  28. 28. Usage - Creating a new networkThe role of Network Guruseach guru supports a specific type of networkselect based on a number of criteria, of whichisolation type is only oneSelected guru is stored in the database for thisparticular network.»––»28
  29. 29. Usage - Creating a new networkThe role of Network Elementstriggered when ever a new NIC is attached to a networkconfigure devices like firewall, routers, etc..Elements are selected based on the network offering used tocreate the network.»––»29
  30. 30. Usage - My first VMMultiple actions happen at the same timenetwork elementshypervisor resourcesThe NIC is the linking pin between a VM and the SDN implementationThe hypervisor sets flags to allow the VIF to be foundThe network element tells the SDN solution what to look forNot a generic way of doing things, depends on the SDN in use.»––»»»»30
  31. 31. Usage - Ready31
  32. 32. Thats all there is to ithttp://apache.cloudstack.orghttp://www.nicira.comhttp://www.bigswitch.comhttp://www.midokura.comhttp://www.iij.ad.jp/en/Email: htrippaers@schubergphilis.comTwitter: @Spark404IRC Freenode: Spark404»»»»»–––32

×