Download as PDF, PPTX
Uploaded byOpenStack Korea Community
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea User Group)
The document discusses network architectures in OpenStack. It provides diagrams to illustrate the networking components including compute nodes, virtual machines, linux bridges, agents, and routers. MPLS is introduced as a solution to address issues with tenant network separation and performance challenges with other approaches like VxLAN. MPLS uses label switching to encapsulate and forward packets instead of relying on IP routing and overlays, improving east-west traffic performance between tenants.
More Related Content
![[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법](https://cdn.slidesharecdn.com/ss_thumbnails/osck8svsk8sonopenstackkhoj-210310051504-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E6 - OpenInfra monitoring with Prometheus](https://cdn.slidesharecdn.com/ss_thumbnails/e61520monitoringopeninfrawithprometheusv1-180704062709-thumbnail.jpg?width=640&height=640&fit=bounds)
![[오픈소스컨설팅] EFK Stack 소개와 설치 방법](https://cdn.slidesharecdn.com/ss_thumbnails/elasticstack-210712042246-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"](https://cdn.slidesharecdn.com/ss_thumbnails/47openinfradaykorea2018hyun-ha-180705032301-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (Track 3) - CephFS with OpenStack Manila based on...](https://cdn.slidesharecdn.com/ss_thumbnails/36openinfra-2018-naver-cephfs-180704055415-thumbnail.jpg?width=640&height=640&fit=bounds)
![[NYC Meetup] Docker at Nuxeo](https://cdn.slidesharecdn.com/ss_thumbnails/dockermeetupnyc-140605110024-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to [2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea User Group)
![[2018.10.19] 김용기 부장 - IAC on OpenStack (feat. ansible)](https://cdn.slidesharecdn.com/ss_thumbnails/iaconopenstackansible-20181019-ykim-181022130142-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E6: "SONA: ONOS SDN Controller 기반 OpenSta...](https://cdn.slidesharecdn.com/ss_thumbnails/e61610sonaonossdncontroller-180705044922-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...](https://cdn.slidesharecdn.com/ss_thumbnails/e31530kubesprayhelmarmada-180705044520-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E5-1: "Invited Talk: Kubicorn - Building ...](https://cdn.slidesharecdn.com/ss_thumbnails/e60955buildingsimplekubernetes-180705043459-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E5: Mesos to Kubernetes, Cloud Native 서비스...](https://cdn.slidesharecdn.com/ss_thumbnails/e60930openinfraday2018dennis-180705030830-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E1: 딥다이브 - OpenStack 생존기](https://cdn.slidesharecdn.com/ss_thumbnails/e11300openinfradaysizingv1-180705030216-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture](https://cdn.slidesharecdn.com/ss_thumbnails/e41530linuxkit-k8s-180704110158-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E6 - 마이크로서비스를 위한 Istio & Kubernetes [다운로드...](https://cdn.slidesharecdn.com/ss_thumbnails/e61700microserviceswithistioandkubernetesfinal-180704062831-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E5: GPU on Kubernetes](https://cdn.slidesharecdn.com/ss_thumbnails/e51610gpuonkubernetesv1-180704062436-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - CEPH 운영자를 위한 Object Storage Performance T...](https://cdn.slidesharecdn.com/ss_thumbnails/openinfradayobjectstorageperformancefinal2-180704062033-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] Day 2 - E4 - 핸즈온 워크샵: 서버리스가 컨테이너를 만났을 때](https://cdn.slidesharecdn.com/ss_thumbnails/e41300when-180704061740-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (삼성전자) Evolution to Cloud Native](https://cdn.slidesharecdn.com/ss_thumbnails/1130evolutiontocloudnative2-180704060551-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (NetApp) Open Source with NetApp - 전국섭 상무](https://cdn.slidesharecdn.com/ss_thumbnails/1100180628openinfradaynetappkeynotesfinal-180704060407-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (Track 4) - 오픈스택기반 NFV 관리 및 HA (high Availability...](https://cdn.slidesharecdn.com/ss_thumbnails/46openstack-based-nfv-mgmt-and-ha-180704060219-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (Track 4) - FreeIPA와 함께 SSO 구성](https://cdn.slidesharecdn.com/ss_thumbnails/45feeipasso-180704060033-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (Track 4) - Backend.AI: 오픈소스 머신러닝 인프라 프레임워크](https://cdn.slidesharecdn.com/ss_thumbnails/4420180628backend-180704055900-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링](https://cdn.slidesharecdn.com/ss_thumbnails/42openinfraday201820180626grafana-180704055533-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (Track 3) - OpenStack Automation with Ansible](https://cdn.slidesharecdn.com/ss_thumbnails/35redhatopenstackautomationwithansible-180704055300-thumbnail.jpg?width=640&height=640&fit=bounds)
![[OpenInfra Days Korea 2018] (Track 3) - SDN/NFV enabled Openstack Platform : ...](https://cdn.slidesharecdn.com/ss_thumbnails/34attoresearchsdnnfvenabledopenstackplatformatomstack2018-180704055110-thumbnail.jpg?width=640&height=640&fit=bounds)
[2018.10.19] Andrew Kong - Tunnel without tunnel (Seminar at OpenStack Korea User Group)
- 1.
- 2.
- 3.
- 4. kakao Tunneling, without Tunnel 2018What? LoadBalancing, without LoadBalancer 2017 What is LoadBalancer? SDN, without SDN 2015 What is SDN?
- 5. kakao kakao eth0 Compute node nova-compute neutron- linuxbridge- agent neutron-dhcp- agent Gateway 10.10.100.1 linux bridge vm IP:10.10.100.2/32 RoutingTable 1 10.10.100.2/32 via 192.1.1.201 BGP 192.1.1.202 BGP Virtual Switch block Process block vlan.bgp vlan.0 Virtual Router Service Route Table 1 192.1.1.201
- 6. kakao eth1 Compute node1 linux bridge vm IP:10.10.100.2/32 192.1.1.201 RoutingTable Default GW 192.168.1.1 eth1 Host Route dest 10.10.100.2/32 to 10.10.100.1 connected dest 192.168.100.2 Routing Table 1 10.10.100.2/32 via 192.1.1.201 2 10.10.100.3/32 via 192.168.1.202 3 192.168.100.2/32 via 192.168.1.201, 192.1 68.1.202 192.1.1.202 Switch Namespace global name space IPTable DNAT Dest 192.168.100.2 is for warded to 10.10.100.2 Compute Node Router Veth pair Gateway 10.10.100.1 neutron- linuxbridge-agent neutron-dhcp-agent neutron-l3-agent Host Rout e dest 10.10.100.2/32 to 10.10.100.1 New IP 192.168.100.2 connected dest 192.168.100.2 Neutron Floating IP eth1 Compute node1 linux bridge vm IP:10.10.100.3/32 Routing Table Default GW 192.168.1.1 eth1 Host Route dest 10.10.100.3/32 to 10.10.100.1 connected dest 192.168.100.2 Switch Namespace global name space IPTable DNAT Dest 192.168.100.2 is for warded to 10.10.100.2 Compute Node Router Veth pair Gateway 10.10.100.1 neutron- linuxbridge-agent neutron-dhcp-agent neutron-l3-agent Host Rout e dest 10.10.100.3/32 to 10.10.100.1 New IP 192.168.100.2 connected dest 192.168.100.2 Neutron Floating IP 192.1.1.202
- 7. kakao • • • process • dhcpagent, ml2 agent, l3 agent, metadata agent and nova compute • state • linux bridge connection stage • routing table list • iptable • bgp state kakao eth0 Compute node nova-compute neutron- linuxbridge- agent neutron-dhcp- agent Gateway 10.10.100.1 linux bridge vm IP:10.10.100.2/32 Routing Table 1 10.10.100.2/32 via 192.1.1.201 BGP 192.1.1.202 BGP Virtual Switch block Process block vlan.bgp vlan.0 Virtual Router Service Route Table 1 192.1.1.201
- 8. kakao • • • Consul ishashcorp’s product • Designed for Datacenter level coordination and service discovery consul agent consul server hostname •nova process •neutron process •routing state •etc... process check state check fail? yes Alrams -kakaotalk -URL
- 9.
- 10. kakao broadcast domain2 • Application TCP IPv4 ethernet driver broadcast domain ARP Table SRCIP mac eth0 Router IP mac eth0 Application TCP IPv4 ethernet driver ARP Table dest IP mac eth0 Router IP mac eth0 broadcast termination A.K.A Router client destination
- 11. kakao Application or VM TCP IPv4 ethernet driver broadcast domain ARP Table SRCIP mac eth0 Router IP mac eth0 Application or VM TCP IPv4 ethernet driver ARP Table dest IP mac eth0 Router IP mac eth0 tun nel broadcast domaintun nel
- 12. kakao It solves aproblem • Tenant network link layer(East-West) separation issue. It creates problems • Tennant Network Performance • Latency due to the geographical separation • full mesh between the nodes • Retransmission due to fat(+50bytes) L2 frames • Jumbo frame is not the right solutions if you try to cover datacenter, actually you can’t • Vxlan offloading is also do-able, but needs money • NAT bottleneck • e.g. openstack neutron network node bottle neck issue • DVR can distribute the NAT network but it needs router
- 13. kakao It solves aproblem • Tenant network link layer(East-West) separation issue. It creates problems • Tennant Network Performance • Latency due to the geographical separation • Retransmission due to fat(+50bytes) L2 frames • Jumbo frame is not the right solutions if you try to cover datacenter, actually you can’t • Vxlan offloading is also do-able, but needs money • NAT bottleneck (North-South) • e.g. openstack neutron network node bottle neck issue • DVR can distribute the NAT network but it needs routers
- 14.
- 15.
- 16.
- 17.
- 18. kakao • • IP routinglookup • Attaches labels • Forwards based on label • • Use label to route ( This determined by RR) • • Removes label • Packet is delivered using normal routing Pic. by Qumulus
- 19. kakao • • • à kakao eth0 Compute node nova-compute neutron- linuxbridge- agent neutron-dhcp- agent Gateway 10.10.100.1 linux bridge vm IP:10.10.100.2/32 RoutingTable 1 nexthop as to 200 via inet 192.1.1.201 BGP 192.1.1.202 BGP Virtual Switch block Process block vlan.bgp vlan.0 Virtual Router Label Route Table 1 10.10.100.2/32 encap mpls 200 via 192.1.201 192.1.1.201 Routing Table 1 10.10.100.2/32 via 192.1.1.201 Add mpls info
- 20. kakao • • The importantthing is that Doesn’t touch Packet in L2 • no fat packet • it add label at L3 • • Just thinks about that I didn’t use overlay network IP, only I add label. So, don’’t need NAT at all • Use the legacy IP , So the existing routing and network modeling is just working fine.
- 21. kakao • ßà 0 5 10 15 20 25 router tovm Network Performance L3 routing L3 routing with MPLS Tunnel
- 22.
- 23.