Network Virtualization with quantum


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Network Virtualization with quantum

  1. 1. Network Virtualization with Quantum Chandan Dutta Chowdhury Juniper Networks InStackers Meeting
  2. 2. Agenda Overview and use case of Network virtualization Quantum Overview Network Isolation at Layer 2 in Quantum Quantum L3 isolation Security groups
  3. 3. Overview and use case ofNetwork virtualization“network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.” -Wikipedia
  4. 4. Single tier deploymentAll VMs connect to a Linux bridge, which is uplinked to the switch using a physical NIC on the server Physical Server VM Bridge NIC
  5. 5. 2 tier deployment Use CaseWe have a web server and a DB server and don’t want to provide direct access to DB server Physical Server Database WWW Bridge Bridge NIC
  6. 6. VMs on multiple Physical servers Private Network Physical Server Physical Server Database WWW NIC NIC Bridge Bridge Bridge NIC Bridge NIC Public Network
  7. 7. Multi Tenants VMs on multiplePhysical servers Private Network Physical Server Physical Server NIC NIC VM VM VM VM VM VM VM VM VM VM Switch Switch
  8. 8. Introduction to QuantumFeatures Implementation Provides network as a service to  Exposes REST APIs connect the VMs in the cloud Self-service API for virtual  provides plug-in based network creation architecture to support different vendor provided networking It provides features like equipments.  L2 isolation L3 isolation   Extensions are supported to add Firewalls functionality in addition to core   Load Balancer etc. APIs Supports various networking modes
  9. 9. OpenStack big picture
  10. 10. Quantum Architecture Quantum REST API Extensions Plug-in Network Device Agents Message Queue Database
  11. 11. Quantum network modes Single Flat Network Mixed Flat and Private Network
  12. 12. Quantum network modes Provider Router with Private Networks
  13. 13. Quantum Core APIs Network  Network. An isolated virtual  Create network layer-2 domain. A network can  Update network also be a virtual, or logical, switch  Delete network  List network  Show network  Subnet. An IP version 4 or version 6 address block from Subnet which IP addresses that are  Create Subnet assigned to VMs on a specified  Update Subnet network are selected.  Delete Subnet  List Subnet  Port. A virtual, or logical, switch  Show Subnet port on a specified network Port  Create Port  Update Port  Delete Port  List Port  Show Port
  14. 14. Network Isolation at Layer 2 inQuantum Quantum creates a isolated L2 domain per virtual network On the backend it uses a combination of the following to provide the isolated l2 domain  VLANs  GRE tunnels  Linux Bridges  OVS CLI  quantum net-create net1  quantum subnet-create net1  quantum port-create --fixed-ip subnet_id=<subnet- id>,ip_address= <net-id>
  15. 15. Linux Bridge based virtualnetworks A sub interface is created per virtual network (virtual network being represented by vlan) A separate bridge is used to connect the VMs to each other VLAN Sub-Interface Nova Compute Nova Compute Linux Bridge vlan10 Linux Bridge vlan10 Linux Bridge vlan20 NIC Linux Bridge vlan20 NIC vlan30 Linux Bridge vlan30 Linux Bridge
  16. 16. OVS based virtual network A vlan is created in OVS per virtual network Nova Compute Nova Compute OVS OVS Vlan 10 NIC Vlan 10 NIC Vlan 20 Vlan 20 Vlan 30 Vlan 30
  17. 17. Quantum Plug-in and ExtensionsPlug-ins Extensions Quantum plug-ins are used  Extensions provide a way to to configure vendor provided extend the APIs provided by switch for virtual networking. quantum. E.g. L3 functionality in quantum is provided as extension. Extensions are used to provide new/ experimental functionality in quantum.
  18. 18. Advanced Networking Concepts
  19. 19. Quantum L3 networking extension  L3 extension allows to creation of routers to connect 2 or more networks NICLayer 3 Router1 GatewayLayer 2 Net1 Net2 Net3 VM VM VM
  20. 20. Quantum L3 isolation Layer 3 networking :Virtual  Default implementation of Routers router is done using Linux network namespaces  Router can also be used to Physical Server provide external Database connectivity and NAT functionality WWWBridge Router NIC Bridge
  21. 21. Quantum L3 CLI CLI  quantum router-create router1  quantum router-interface-add router1 <subnet1-uuid>  quantum router-interface-add router1 <subnet2-uuid>
  22. 22. Security group Security groups and security group rules allows administrators and tenants the ability to specify the type of traffic and direction (ingress/egress) that is allowed to pass through a port. A Security Group is a named set of rules that get applied to the incoming packets for the instances By default this group will drop all ingress traffic and allow all egress Physical Server Database WWWBridge Router NIC Bridge
  23. 23. Security Groups CLI quantum security-group-list quantum security-group-rule-create --direction ingress - -protocol tcp --port_range_min 80 --port_range_max 80 <security_group_uuid> quantum port-create <network_id> --security_groups list=true <security_group_id> <security_group_id> quantum port-update <port_id> --security_groups=None quantum security-group-rule-list quantum security-group-rule-delete <security_group_rule_uuid>
  24. 24. THANK YOU ALL