Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Santa Clara


Published on

Presentation used for "Linux Native VXLAN Integration" in Apache Cloudstack Collaboration Conference 2013 in Santa Clara

Published in: Technology
  • Dating direct: ❶❶❶ ❶❶❶
    Are you sure you want to  Yes  No
    Your message goes here
  • Follow the link, new dating source: ♥♥♥ ♥♥♥
    Are you sure you want to  Yes  No
    Your message goes here
  • might you tell your experience with
    cloudstack + vmware (with vxlan support by vmware onboard sw-switch and/or an cisco nx1000v) ?
    Are you sure you want to  Yes  No
    Your message goes here

Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Santa Clara

  1. 1. 6/24/2013 1Linux Native VXLAN IntegrationToshiaki HatanoVerio Inc.
  2. 2. 6/24/2013 2• Toshiaki Hatano• Network Engineer, and Technical Account Manager at Verio• Employee of NTT Communicationso a leading telecommunication company in JapanAbout me
  3. 3. 6/24/2013 3• We’re using CloudStack• As core component ofour Public Cloud ServiceCloudStack and UsCloudn•• We’re providing bothBasic and Advanced zone.• Planning to provide VPC.
  4. 4. 6/24/2013 4• Advanced Zoneo have more functionality• NAT, FW, LB, VPN• VPCo Isolation required• For each guest network• For each VPC tier• Isolation Method: VLANo VLAN ID is limited• Only 4096• Should be identical in a zoneo # of Domains are limited by VLAN• A domain require at least one VIDProblem: VLAN ID limitVPCPublic NetworkVirtualRouterVPCTierVM VM VM VMVPCTierGuestNetworkVM VMVirtualRouterIsolatedAdvancedZone
  5. 5. 6/24/2013 5• VXLAN• VLAN like Layer 2 encapsulation over UDP• being standardized in IETF• 16M isolated network• Why?• Open source implementation exists in Linux kernel• Work in distributed manner, just like VLAN• Learning bridge• 1:N tunneling• UDP encapsulation• No need of expensive network device to supportVXLAN and Why?
  6. 6. 6/24/2013 6VXLAN 1:N tunnelHostVMvxlanYethXbrethX-YvnetUnderlying NetworkVMVM(not associatedwith VXLAN Y)(1)(2)① If multicast or broadcast or Unicast but host (Src) doesn’t know mapping VXLAN uses MulticastHost (Dst) learn mapping between VM and Host (Src)② If Unicast and Host (Src) learned mapping between VM and Host (Dst) VXLAN uses Unicast*1*1: If underlying Network supports IGMP/MLD snooping and/or Multicast routing.
  7. 7. 6/24/2013 7• Initial target• KVM hypervisor with “Bridge” (not Open vSwitch)• Only for Guest Network• Share logic/UI-flow with VLAN as much as possible1. Assign VNI range for zone while zone creation2. Allocate VNI for network while network creation3. Automatically create VXLAN interface and connect it to bridgewhen first VM in network created• To handle difference• Add isolation method “VXLAN”• Add Guru “VxlanGuestNetworkGuru”• Add code like “if( isolationmethod == “VXLAN” ) …”to every code assuming VLAN, outside GuruImplementation strategy
  8. 8. 6/24/2013 8CloudStack KVM VLAN – bridging OverviewKVMHostPublic NetworkInternetcloudbrXethXVRvnetXvnetXbrethX-YVMvnetX brethX-YKVMHostGuest Network (VLAN encap)ethX.Y ethX.YVMvnetXethX ethX
  9. 9. 6/24/2013 9CloudStack KVM VXLAN– bridging OverviewKVMPublic NetworkInternetcloudbrXethXVRvnetXvnetXbrethX-YVMvnetX brethX-YKVMVXLAN encapsulatedVMvnetXcloudbrX cloudbrXethX ethXvxlanY vxlanY
  10. 10. 6/24/201310Requirement:KVM/Bridge (not Open vSwitch)Linux kernel 3.7 or laterVXLAN kernel module and iproute2 supportingRecent Linux distribution satisfy this.Fedora 17Ubuntu 13Etc.User flow – (1) Setup KVM
  11. 11. 6/24/201311User flow – (2) Adding Zone
  12. 12. 6/24/201312User flow – (2) Adding Zone* UI is MockupvNet
  13. 13. 6/24/201313User flow – (3) Adding Network* UI is MockupvNet
  14. 14. 6/24/201314Packet captureKVM 1vxlanXKVM 2 KVM 3vxlanX vxlanXeth eth ethVM 1VRVM 2 VM 31) Ping from VM1 to VM2(captured from vxlanX on KVM1)2) Ping from VM1 to broadcast address(captured from vxlanX on KVM1)
  15. 15. 6/24/201315unicastping.pcapLeft: Outer packet Right: Decode inner frame
  16. 16. 6/24/201316bcastping.pcapLeft: Outer packet Right: Decode inner frame
  17. 17. 6/24/201317• We’re adding new network isolation method: “VXLAN”• The goal is to provide bigger substitute of VLAN• And make as little change in UI/UX as possibleSummarySpecial Thanks:Jamie Gritton: Verio Inc.Junji Arakawa: NTT Communications Corp.
  18. 18. 6/24/201318QUESTIONS?Design Doc: