Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Quantum virtual network service


Published on

Presentation given by Peter Lee during OpenStack Folsom Design Summit on 4/18/2012.

Presented at the Quantum track: L2/L3 Service Injections

Describes a Logical Abstraction Model for introducing Virtual Network Services into a tenant container and associating service blocks for stitching the virtual network fabric.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Quantum virtual network service

  1. 1. Quantum: Virtual Network Services (L2+)Peter Lee – Upcoming Quantum Contributor
  2. 2. Re-imagine the cloud network· Infinite number of ports· Pure 100% virtualization of entire network· Free from network hardware constraints· Realization of plugin virtual network services Further imagine if you can…· Never deal with ports again (auto-generate on- demand!)· Create pure logical network constructs· Make networks into simple building blocks· Attain true tenant isolationWhat if, IP protocol was optional inside the cloudnetwork?
  3. 3. VM VM Quantum L2 Network VM VMVM Quantum L2 Network Virtual Network Quantum L2 Network Service (VM) EVENT QUEUE · Virtual Network Service is Notification API attached to one or more Quantum L2 Network Quantum L2 Network · Multiple Virtual Network Service can exist for a QUANTUM tenant Manager · Each Virtual Network Service has a unique ID Internet · A given VM can perform function of multiple Virtual Network Services
  4. 4. VM VM VM VM Quantum L2 VM VM VM VM Network Quantum L2 NetworkVMVM VM VM VM VM VM VMQuantum L2 Quantum L2 Router Service Quantum L2 Network Router & Network (VM) Network Firewall Service (VM) Quantum L2 Network VM VM DHCP Service (VM)Quantum L2 VPN Service Network Router Service Legend (VM) Virtual Network Quantum L2 Service (VM) Network Quantum L2 Network Internet Internet
  5. 5. VM VM Quantum L2 Network VM VM VM Quantum L2 Network DHCP Service Quantum L2 Network (VM) EVENT QUEUE · DHCP Service issues IP Notification API addresses to VMs Quantum L2 Network /tenant/X/dhcpDHCP Configuration POST (list of Network IDs) Event Generates a new DHCP ID /tenant/X/dhcp/Y/network/Z/ip (cidr) /tenant/X/dhcp/Y/network/Z/addresses QUANTUM /tenant/X/dhcp/Y/network/Z/gateway_ip Manager Internet /tenant/X/dhcp/Y/network/Z/dns
  6. 6. VM VM Quantum L2 Network VM VM VM Quantum L2 Network Router Service Quantum L2 Network (VM) EVENT QUEUE · Router Service routes all traffic Notification API from all attached L2 Networks Quantum L2 Network /tenant/X/router Router POST (list of Network IDs)Configuration Event Generates a new Router ID /tenant/X/router/Y/network/Z/ip POST (pass in IP address) QUANTUM Manager Internet Becomes Router’s network interface’s IP address (gateway IP)
  7. 7. VM VM · Firewall Service performs rule Quantum L2 Network based actions between L2 networks VM VM /tenant/X/firewall POST (list of Network IDs) Generates a new Firewall ID (Y) Quantum L2 Network Firewall Service /tenant/X/firewall/Y/filter (VM) POST { priority: 1-32768 source: Network ID dest: Network ID source_ip: <cidr> EVENT QUEUE dest_ip: <cidr> Notification API protocol: <string> source_port: <num or range> Quantum L2 Network dest_port: <num or range> action: <ALLOW or DENY or REJECT> Firewall log: <true or false>Configuration Event } /tenant/X/firewall/Y/policy POST { source: Network ID QUANTUM Manager Internet } dest: Network ID
  8. 8. VM VM Continued... Quantum L2 Network /tenant/X/firewall/Y/nat POST { VM source: Network ID VM dest: Network ID source_ip: <cidr> dest_ip: <cidr> Quantum L2 Network Firewall Service masq_ip: <cidr> } (VM) /tenant/X/firewall/Y/forward POST { source: Network ID EVENT QUEUE dest: Network ID Notification API recv_on_ip: <cidr> send_to_ip: <cidr> Quantum L2 Network recv_on_port: <num or range> Firewall send_to_port: <num or range> }Configuration Event * port range iff range == range QUANTUM Manager Internet
  9. 9. · VPN Service provides tunnels VM to remote L2 Networks VM · VPN Service listens on all Quantum L2 Network interfaces · Does not specify underlying VM VM protocol for VPN /tenant/X/vpn Quantum L2 Network POST (list of Network IDs) VPN Service Generates a new VPN ID (VM) * defines list of local networks accessible via VPN /tenant/X/vpn/Y/tunnel POST { local: ip/port remote: ip/port Remote Quantum Quantum L2 Network local_cred: <some credential> L2 Network remote_cred: <some crednetial> Remote Quantum } L2 Network /tenant/X/vpn/Y/tunnel/Z/link Remote Quantum POST { L2 Network source: Network ID dest: Network ID (usuallyVM Internet Remote) } Server
  10. 10. VM VM VM VM VM VM VM VM Network ID 6 Network ID 4 VM VM VM VM VM VM VM VM Network ID 3 Network ID 5 Router ID 3 Network ID 7 Router ID 2 Firewall ID 1 Network ID 1 VM VM DHCP ID 1 Network ID 2 VPN ID 1 Router ID 1 Legend Virtual Network Service (VM) Network ID 8 Network ID 0 Network ID 9 Quantum L2 Network ID 10 NetworkVMVM Internet Internet Server Server
  11. 11. VM VM VM VM VM VM VM VM Network ID 6 Network ID 4 VM VM VM VM VM VM VM VM Network ID 3 Network ID 5 Network ID 7 EVENT QUEUE Network ID 1 Notification API VPN ID 1 DHCP Event for 1 VM VM Router ID 1 Router Event for 3 Firewall Event for 1 Router ID 2 Router ID 3 Network ID 2 DHCP ID 1 Firewall ID 1 QUANTUM Manager Launch ONE VM with all Quantum Virtual Network ID 8 Network ID 0 Network Services for the tenant! Network ID 9 nova create --quantum-service-vpn=1 --quantum- Network ID 10 service-router=1 --quantum-service-router=2 --VMVM Internet Internet quantum-service-router=3 --quantum-service-dhcp=1 -- quantum-service-firewall=1 Server Server
  12. 12. We call this: Virtual Cloud GatewayIt also performs the following Virtual NetworkServices:· QoS· Security Gateway (IDS/IPS, CF, AV)· Universal Application Proxy· VPN (IPSEC/OpenVPN)· Remote Access (Win/Mac/iOS/Android)· Real-time Monitoring100% managed from the cloud, created on-demand
  13. 13. Questions?