SDN in CloudStack
About me» Hugo Trippaers– Email: htrippaers@schubergphilis.com– Twitter: @Spark404– Freenode: Spark404– http://www.schuber...
CloudStack networking - the five minute version» CloudStack networking– Basic, isolation using security groups (L3)– Advan...
Isolation with VLAN4CloudStack takes care off theconfiguration of hypervisor switches.Whotakescareofthenetworkinggear?
Isolation with VLAN5CloudStack takes care off theconfiguration of hypervisor switches.Whotakescareofthenetworkinggear?He do...
Isolation with Software Defined Networking6Whotakescareofthenetworkinggear?CloudStack takes care off theconfiguration of hy...
Isolation with Software Defined Networking7Whotakescareofthenetworkinggear?CloudStack takes care off theconfiguration of hy...
Software defined networking - core concepts» Decouples the control plane (what data is going where) from the data plane (h...
Software Defined Networking - advanced» Where can we go if we have a software based network infrastructure.– Distributed r...
SDN in CloudStack» Whereisit?10
SDN in CloudStack» Whereisit?11Implemented in the core ofCloudStack.“Movable parts”configured perplugin.Controlled by exis...
SDN implementations12Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -
SDN implementations - GRE isolation» Uses the existing implementation of OpenVSwitch in XenServer and XCP– Uses the OpenVS...
SDN implementations14Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - - - - -
SDN implementations - Nicira NVP» A commercial SDN solution developed byNicira. Uses both OpenVSwitch andOpenFlow to build...
SDN Implementations16Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - >= 4.1...
SDN implementations - Nicira NVP (>= ACS 4.1)» Nicira NVP plugin is updated to support L3functionality. With this function...
SDN implementations - BigSwitch VNS» The Big Switch Networks plugin is a CloudStack SDNplugin using the BigSwitch VNS plat...
SDN Implementations19Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - >= 4.1...
SDN implementations - Midokura Midonet» Midokura Midonet is implemented as aCloudStack plugin. It offers a complete set ofa...
SDN implementations - Stratosphere» Stratosphre SSP is an SDN controller that controlsor brokers physical and or virtual n...
SDN implementations - VXLAN» Today at CCC 2013 by Toshiaki Hatano.» Not much information available yet, besure to catch th...
SDN Implementations23Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - >= 4.1...
SDN implementations - next steps?» Support for VPC– Including private gateways» Common configuration and setup» Security» ...
SDN in CloudStack - how does it work» Preparing a SDN solution for use requires someconfiguration work up front25
Preparation - Configure physical network» The physical network defines the type of L2 isolation used.26
Preparation - Setup Providers» The provider is the place toconfigure the SDN controller» Not used by the GRE tunnels, that...
Preparation - Setup network offerings» Connectivity is key» Services define where and how SDN is used in theoffering28
SDN in CloudStack - how does it work» Preparing a SDN solution for use requires someconfiguration work up front» Using the...
Usage - Creating a new network» The role of Network Gurus– each guru supports a specific type of network– select based on ...
Usage - Creating a new network» The role of Network Elements– triggered when ever a new NIC is attached to a network– conf...
Usage - My first VM» Multiple actions happen at the same time– network elements– hypervisor resources» The NIC is the link...
Usage - Ready33
Thats all there is to it» http://apache.cloudstack.org» http://www.nicira.com» http://www.bigswitch.com» http://www.midoku...
Upcoming SlideShare
Loading in …5
×

SDN in CloudStack

1,858 views

Published on

I presented this at the CloudStack collaboration conference 2013 in Santa Clara.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,858
On SlideShare
0
From Embeds
0
Number of Embeds
530
Actions
Shares
0
Downloads
67
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

SDN in CloudStack

  1. 1. SDN in CloudStack
  2. 2. About me» Hugo Trippaers– Email: htrippaers@schubergphilis.com– Twitter: @Spark404– Freenode: Spark404– http://www.schubergphilis.com»
  3. 3. CloudStack networking - the five minute version» CloudStack networking– Basic, isolation using security groups (L3)– Advanced, isolation using network isolation (L2)» SDN was introduced to create isolated networks in Advancedzones» By now it can do much more... (Routing, Firewall, NAT)3
  4. 4. Isolation with VLAN4CloudStack takes care off theconfiguration of hypervisor switches.Whotakescareofthenetworkinggear?
  5. 5. Isolation with VLAN5CloudStack takes care off theconfiguration of hypervisor switches.Whotakescareofthenetworkinggear?He does...
  6. 6. Isolation with Software Defined Networking6Whotakescareofthenetworkinggear?CloudStack takes care off theconfiguration of hypervisor switches andL2 networking.
  7. 7. Isolation with Software Defined Networking7Whotakescareofthenetworkinggear?CloudStack takes care off theconfiguration of hypervisor switches andL2 networking.
  8. 8. Software defined networking - core concepts» Decouples the control plane (what data is going where) from the data plane (how to get datathere)» Makes network management easier by abstracting low-level functionality into virtual services.– Independent of hardware and/or vendor» Provides a Northbound API– Allows administrators to use automated tooling to provision services» Scale?8
  9. 9. Software Defined Networking - advanced» Where can we go if we have a software based network infrastructure.– Distributed routing?– Integrated security framework?– Application controlled networking?» Endless possibilities, it’s all software anyway9
  10. 10. SDN in CloudStack» Whereisit?10
  11. 11. SDN in CloudStack» Whereisit?11Implemented in the core ofCloudStack.“Movable parts”configured perplugin.Controlled by existing offeringmodel.
  12. 12. SDN implementations12Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -
  13. 13. SDN implementations - GRE isolation» Uses the existing implementation of OpenVSwitch in XenServer and XCP– Uses the OpenVSwitch GRE tunnels to“link”OpenVSwitch bridgesbetween hypervisors– Entirely controlled by CloudStack» Pros– Doesn’t require external components» Cons– Bandwidth is limited due to lack of offloading– Large deployments require a lot of tunnels– Limited set of hypervisors supported (XenServer)13
  14. 14. SDN implementations14Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - - - - -
  15. 15. SDN implementations - Nicira NVP» A commercial SDN solution developed byNicira. Uses both OpenVSwitch andOpenFlow to build overlay tunnels on anexisting network.» Pros– STT tunnel protocol is optimized forhigh-bandwidth– Includes a gateway to link existing L3 orL2 networks to the virtual switch» Cons– Requires custom OpenVSwitch onhypervisors.15
  16. 16. SDN Implementations16Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1Big Switch VNS >= 4.1 - - - - -
  17. 17. SDN implementations - Nicira NVP (>= ACS 4.1)» Nicira NVP plugin is updated to support L3functionality. With this functionality theexisting VRouter can be replaced with aSDN based construct.» Several changes have been made to theVPC setup to support SDN based networksin VPCs.17
  18. 18. SDN implementations - BigSwitch VNS» The Big Switch Networks plugin is a CloudStack SDNplugin using the BigSwitch VNS platform. WhileBigSwitch VNS is a commercial solution, it is completelybased on open standards like OpenFlow» Pros– Uses open standards» Cons– Requires hypervisors and switches to supportOpenFlow18
  19. 19. SDN Implementations19Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1Big Switch VNS >= 4.1 - - - - -MidokuraMidonetmaster master master master - masterStratosphere SSP review - - - - -VXLAN announced
  20. 20. SDN implementations - Midokura Midonet» Midokura Midonet is implemented as aCloudStack plugin. It offers a complete set ofadvanced features like DHCP, L3 Routing andvarious NAT options.» Pros– Complete solution for building standardnetworks including L3 functions.» Cons– Can only be used with the KVM hypervisor.20
  21. 21. SDN implementations - Stratosphere» Stratosphre SSP is an SDN controller that controlsor brokers physical and or virtual networkdevices. Stratosphere SSP will build a vxlanbacked overlay network. The plugin makes L2connectivity service provided by SSP.» Not much information available yet.21
  22. 22. SDN implementations - VXLAN» Today at CCC 2013 by Toshiaki Hatano.» Not much information available yet, besure to catch the recording of the talk ofthis morning.22
  23. 23. SDN Implementations23Isolation DHCP Firewall NATSecurityGroupsVPCGRE isolation Pre ACS - - - - -Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1Big Switch VNS >= 4.1 - - - - -MidokuraMidonetmaster master master master - masterStratosphere SSP review - - - - -VXLAN announced
  24. 24. SDN implementations - next steps?» Support for VPC– Including private gateways» Common configuration and setup» Security» Configurable on-ramp/off-ramp» IPv624
  25. 25. SDN in CloudStack - how does it work» Preparing a SDN solution for use requires someconfiguration work up front25
  26. 26. Preparation - Configure physical network» The physical network defines the type of L2 isolation used.26
  27. 27. Preparation - Setup Providers» The provider is the place toconfigure the SDN controller» Not used by the GRE tunnels, thatis configured using configurationparameters.27
  28. 28. Preparation - Setup network offerings» Connectivity is key» Services define where and how SDN is used in theoffering28
  29. 29. SDN in CloudStack - how does it work» Preparing a SDN solution for use requires someconfiguration work up front» Using the SDN solution is as straight forward as anynetworking in CloudStack29
  30. 30. Usage - Creating a new network» The role of Network Gurus– each guru supports a specific type of network– select based on a number of criteria, of whichisolation type is only one» Selected guru is stored in the database for thisparticular network.30
  31. 31. Usage - Creating a new network» The role of Network Elements– triggered when ever a new NIC is attached to a network– configure devices like firewall, routers, etc..» Elements are selected based on the network offering used tocreate the network.31
  32. 32. Usage - My first VM» Multiple actions happen at the same time– network elements– hypervisor resources» The NIC is the linking pin between a VM and the SDN implementation» The hypervisor sets flags to allow the VIF to be found» The network element tells the SDN solution what to look for» Not a generic way of doing things, depends on the SDN in use.32
  33. 33. Usage - Ready33
  34. 34. Thats all there is to it» http://apache.cloudstack.org» http://www.nicira.com» http://www.bigswitch.com» http://www.midokura.com» http://www.iij.ad.jp/en/– Email: htrippaers@schubergphilis.com– Twitter: @Spark404– IRC Freenode: Spark40434

×