The document discusses vCloud Networking concepts including external networks, organization networks, vApp networks, and network pools. External networks connect the organization to the physical network, organization networks belong to a tenant organization, and vApp networks are available to a single application. Network pools give users control over layer 2 networks and include port-group, VLAN, and vCD-NI (VMware's proprietary encapsulation protocol) types. The document also covers considerations for the physical network design and configuration of external and organization networks.
Networking in CloudStack is full-featured, full of bells and whistles and by necessity complicated. This session will take cloud operators through the ins-and-outs of CloudStack Networking. Attendees will learn the motivations behind how CloudStack networking is architected, solutions to common networking requirements, gotchas, troubleshooting CloudStack networking and finally some future directions for theses features.
It is assumed that the audience will have some experience administering CloudStack clouds.
Gaetano Borgione's presentation from the 2017 Open Networking Summit.
Networking is vital for cloud-native apps where distributed computing and development models require speed, simplicity, and scale for massive number of ephemeral containers. Two of the most prevalent container networking models are CNI and CNM for developers using Docker, Mesos, or Kubernetes. This session will present an overview of distributed development, how CNI and CNM models work, and how container frameworks use these models for networking. Gaetano will also discuss the additional functions users need to consider in the control plane and data plane to achieve operational scale and efficiency.
A brief overview of VMWare Network Interfaces i.e virtual/physical used in vSphere and NSX. Difference between vNIC, vmnic and vmk. what is port group?
Networking in CloudStack is full-featured, full of bells and whistles and by necessity complicated. This session will take cloud operators through the ins-and-outs of CloudStack Networking. Attendees will learn the motivations behind how CloudStack networking is architected, solutions to common networking requirements, gotchas, troubleshooting CloudStack networking and finally some future directions for theses features.
It is assumed that the audience will have some experience administering CloudStack clouds.
Gaetano Borgione's presentation from the 2017 Open Networking Summit.
Networking is vital for cloud-native apps where distributed computing and development models require speed, simplicity, and scale for massive number of ephemeral containers. Two of the most prevalent container networking models are CNI and CNM for developers using Docker, Mesos, or Kubernetes. This session will present an overview of distributed development, how CNI and CNM models work, and how container frameworks use these models for networking. Gaetano will also discuss the additional functions users need to consider in the control plane and data plane to achieve operational scale and efficiency.
A brief overview of VMWare Network Interfaces i.e virtual/physical used in vSphere and NSX. Difference between vNIC, vmnic and vmk. what is port group?
XenServer Virtualization In Cloud EnvironmentsTim Mackey
= As presented at the CloudStack Silicon Valley Meetup in September 2015. =
XenServer is a virtualization platform which has been deployed in a variety of industries and to support a multitude of workloads. In this session we discuss some of the components which make it valuable not just for traditional server and desktop virtualization, but also within "the cloud". This includes discussion of VM density, network scalability, containers (such as Docker) and GPU virtualization. We end with coverage of how XenServer templates are represented within Apache CloudStack.
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)Scott Lowe
This presentation provides a definition of cloud computing (using NIST SP800-145), then builds on that definition to show why cloud networking has specific needs and how VMware NSX was built to meet those needs.
Presented at the CloudStack Silicon Valley User Group in September 2015 at Nuage Networks. Discussed impact of containers, emerging software defined networking platforms, NFV, IPv6 and performance.
SDN, Network Virtualization, and the Right AbstractionScott Lowe
This presentation, given at the 2013 Indianapolis VMware User Conference on July 25, discusses the relationship between SDN and network virtualization, and highlights the value of the right abstraction in network virtualization.
Microservices Architectures with Docker Swarm, etcd, Kuryr and NeutronFawad Khaliq
Microservices architectures are revolutionizing the way software is envisioned and built. OpenStack has started to play a key role in enabling the microservices architectures and focused groups inside OpenStack community are working towards this goal: Magnum, Kuryr etc.
Docker is one of the key components here and combining them all, we get to build microservices architectures using tools like Docker Swarm, Etcd, Kuryr and Neutron. This workshop will provide attendees with the opportunity to gain experience with various Docker features and uses cases integrated with the OpenStack ecosystem. The lab will cover wide range of topics:
Introduction to Docker and OpenStack
Docker Swarm: Architecture and usage
Etcd
Kuryr and Neutron: Architecture and usage with DevStack
Deploying Microservices
Breaking Docker, Kuryr and debugging it!
Attendees simply need to come in (with their laptop). Workshop speaker/organizer will provide instructions and will be available to answer any questions.
XenServer Virtualization In Cloud EnvironmentsTim Mackey
= As presented at the CloudStack Silicon Valley Meetup in September 2015. =
XenServer is a virtualization platform which has been deployed in a variety of industries and to support a multitude of workloads. In this session we discuss some of the components which make it valuable not just for traditional server and desktop virtualization, but also within "the cloud". This includes discussion of VM density, network scalability, containers (such as Docker) and GPU virtualization. We end with coverage of how XenServer templates are represented within Apache CloudStack.
The Future of Cloud Networking is VMware NSX (Danish VMUG edition)Scott Lowe
This presentation provides a definition of cloud computing (using NIST SP800-145), then builds on that definition to show why cloud networking has specific needs and how VMware NSX was built to meet those needs.
Presented at the CloudStack Silicon Valley User Group in September 2015 at Nuage Networks. Discussed impact of containers, emerging software defined networking platforms, NFV, IPv6 and performance.
SDN, Network Virtualization, and the Right AbstractionScott Lowe
This presentation, given at the 2013 Indianapolis VMware User Conference on July 25, discusses the relationship between SDN and network virtualization, and highlights the value of the right abstraction in network virtualization.
Microservices Architectures with Docker Swarm, etcd, Kuryr and NeutronFawad Khaliq
Microservices architectures are revolutionizing the way software is envisioned and built. OpenStack has started to play a key role in enabling the microservices architectures and focused groups inside OpenStack community are working towards this goal: Magnum, Kuryr etc.
Docker is one of the key components here and combining them all, we get to build microservices architectures using tools like Docker Swarm, Etcd, Kuryr and Neutron. This workshop will provide attendees with the opportunity to gain experience with various Docker features and uses cases integrated with the OpenStack ecosystem. The lab will cover wide range of topics:
Introduction to Docker and OpenStack
Docker Swarm: Architecture and usage
Etcd
Kuryr and Neutron: Architecture and usage with DevStack
Deploying Microservices
Breaking Docker, Kuryr and debugging it!
Attendees simply need to come in (with their laptop). Workshop speaker/organizer will provide instructions and will be available to answer any questions.
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...ShapeBlue
In recent releases, Apache CloudStack has been evolving towards richer support for Software Defined Networking (SDN) solutions. In ACS 4.18, we introduced integration with Tungsten Fabric SDN, which opened ACS to several long-awaited features such as overlay networks, BGP, MPLS and other sophisticated networking capabilities. We now are working towards integrating VMWare NSX 4 with CloudStack, which will enable agile software-defined infrastructure for building cloud-native micro-segmented application environments on VMWare using CloudStack.
In this talk, Pearl and Alex delve into the expansion of ACS’s SDN ecosystem with the integration of VMWare NSX 4, thus enabling operators to make informed decisions regarding the right SDN platform for their CloudStack deployment. They also look into what it takes to create a new network provider in CloudStack.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
An in-depth look into Docker Networking. We will cover all the networking features natively available in Docker and take you through hands-on exercises designed to help you learn the skills you need to deploy and maintain Docker containers in your existing network environment.
Led by Docker Networking Pros:
Madhu Venugopal
Jana Radhakrishnan
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.Semihalf
Z prezentacji dowiesz się:
Co to są sieci programowalne i wirtualizowane (SDN / NFV)?
Jaką nową jakość wprowadzają one dla operatorów chmur obliczeniowych i centrów danych?
W jaki sposób technologia OpenContrail realizuje sieci nowej generacji?
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
VMworld 2013
Arun Goel, VMware
Serge Maskalik, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
The Future of SDN in CloudStack by Chiradeep Vittalbuildacloud
The core of CloudStack networking has always been software-defined. As the networking industry evolves to a software-defined future, CloudStack will have to evolve with it.
The presentation will examine the present state of SDN in CloudStack, look at some industry directions and attempt to predict the evolution of CloudStack with those trends.
Bio
Chiradeep Vittal is a Distinguished Engineer in the Converged Infrastructure Group at Citrix where he has technology leadership responsibilities around Citrix Cloud Platform, Citrix Lifecycle Manager and Citrix Workspace Pod. He is also a Project Management Committee member of the Apache CloudStack Project. At cloud.com (acquired by Citrix), he was a founding engineer, often tasked with the thorny details of virtualized networking and storage. Prior to cloud.com, he worked at several Silicon Valley startups in various architectural roles.
Chiradeep has a B.Tech in Computer Science from IIT, Bombay and a M.Sc from the University of Alberta. He has spoken / presented at several conferences, including CloudStack Collab, LISA, OSCON, ONS, SDN Summit and LinuxCon. His twitter handle is @chiradeep and occasionally blogs at http://cloudierthanthou.wordpress.com
Integrating OpenStack To Existing InfrastructureHui Cheng
1. How to integrate OpenStack environment to our existing infrastructure.
2. How to efficiently interconnect the SAE & SWS, while preserving security properties and seamless connection.
3. The challenges we are facing when building & providing OpenStack-based public cloud service and how we solved it.
http://openstackconferencespring2012.sched.org/event/370f9d74a4e9e938a7f6f1e2af0958fe?iframe=yes&w=990&sidebar=no&bg=no#?iframe=yes&w=990&sidebar=no&bg=no#sched-body-outer
Secure Multi Tenant Cloud with OpenContrailPriti Desai
Building a secure multi-tenant cloud necessitates proper tenant isolation and access control. Key network and security functions must scale independently based on the dynamic resource requirements across each tenant. Additionally, On-demand and self-service provisioning are required for achieving operational efficiencies. Robust, dynamic and elastic software abstractions are imperative to support applications built to run such complex environments.
This slide deck covers:
• Architectural design choices
• Implementation blueprints
• Operational best practices
that have been made to build OpenStack cloud at Symantec.
AWS Summit 2013 | Auckland - Extending your Datacentre with Amazon VPCAmazon Web Services
As more organisations seek to leverage the power and benefits of the cloud, they also need to combine new systems with existing on-premise systems. Services such as Amazon Virtual Private Cloud (VPC) and AWS Direct Connect enable AWS customers to combine on-premise and cloud-based resources easily and effectively. This session will walk customers through the 4 main patterns of connectivity and will include a "real time" demonstration of how easy it is to setup your own VPC and start working in your own private section of the AWS Cloud.
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
As more customers adopt Amazon Virtual Private Cloud architectures, the features and flexibility of the service are squaring off against increasingly complex design requirements. This session follows the evolution of a single regional VPC into a multi-VPC, multi-region design with diverse connectivity into on-premises systems and infrastructure. Along the way, we investigate creative customer solutions for scaling and securing outbound VPC traffic, managing multi-tenant VPCs, conducting VPC-to-VPC traffic, extending corporate federation and name services into VPC, running multiple hybrid environments over AWS Direct Connect, and integrating corporate multiprotocol label switching (MPLS) clouds into multi-region VPCs.
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
Portland VMware User Conference 2013 - Afternoon KeynoteProfessionalVMware
Here is the slide deck for the "Is your career ready for the cloud" talk. This was given as the afternoon Keynote at the 2013 Portland VMware User Conference
This week our illustrious host Damian was joined by Sean Crookston, Chris Wahl, and Bill Hill who Deep-Dived into designing vSphere environments as well as the vSphere Storage Appliance.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
4. Organization Networks
• Organizations describe a tenant
• Networks that belong to an Organization
• 3 Types of Org Network Connections
• Internal and External
• Created by the cloud admin
5. vApp Networks
• Networks available to a single vApp
• Ability to Fence
• vApp Networks connect to Organization’s
Internals or External
Networks
6. Network Pools
• Giving the users control of L2
• Creating the multi-tenant infrastructure
• Declaring what L2 networks are available for
consumption
• 3 Different kinds of Network pools
7. Port-Group Backed
• Pre-provisioned port-groups
• Non-automated
• vSphere Standard Switches
• Currently Nexus 1000v, until 1.5 GA release
17. External Network Creation
• Create portgroup before vCD external creation
• Use Ephemeral binding
• Assign a VLAN
• Layer 2 or Layer 3
• IP Address Range with Gateway
• DNS
• Load Balancing & Failover
This is what mostvSphere admins can relate to. An external network can be anything that an organization or vApp network needs to connect to. Think of it like a VLAN in your environment and how that relates to a portgroup connection for a VM. This could be something as simple as a VLAN that has access to the internet, or perhaps networks that communicate with a dev/test or certain department. Consider it external connectivity to your vCloud. Every external network must be created in vSphere and presented to vCD.
Organization networks start peeling off another layer of the onion, so to speak. An organization is an object within vCD that is used to define a tenant. If you’re an SP, that could be business names such as Pepsi or Coke, in an enterprise world, that could be defined as HR, Finance, IT, and so on. Organization networks are L2 segments that belong to a particular Organization. There are 3 different types of organization network connections that we will discuss later in the design section. Including direct connect external, NAT/Routed external, and Internal.
We’ve looked at external networks that will give you external connectivity to your cloud. Organization networks which create networks available to a particular organization and now we are going to examine networks that are only available to the vApps. Fencing a vApp allows dev/test environment to deploy a vApp with the same exact MAC address and IP addresses multiple times without having to worry about conflict because a vShield Edge device will take care of NATing and Firewall onto an Organization network.
A network pool is basically a small database of layer 2 network segments available to vCloud Administrators and end-users. This network pool can be consumed by Organation Networks and vApp Networks. We are going to explore real quickly the three different kinds of network pools.
This is about as easy as it comes. This is the same thing as an external network almost. The portgroup backed pool must be pre-provisioned in vSphere prior to vCD and added to vCD for consumption.
This is probably the easiest to understand. Give vCloud Director a range of VLAN like 400-500. Whenever you need to deploy a new layer 2 segment, vCD will create a new portgroup on the fly and assign an available VLAN from the pool. If a Layer 2 segment is ever destroyed, that VLAN gets added back into the network pool for consumption later on.
This is Vmware’s proprietary protocol utilizing mac-in-mac encapsulation to create a layer 2 network without using VLANs. This is extremely useful in environments where VLAN management is hectic because you are reaching that 4000+ VLAN mark. When you create a network pool based on vCD-NI you specify how many networks you want to create off this pool and vCD will will deploy portgroups not based on VLANs but different layer 2 segments.
The great thing about vCloud Director is that you can use the physical properties to differentiate between service offerings. I would say 90% of the time, we use storage as the differentiating factor between a service offering. SSD=Gold, SAS/FC = Silver, SATA = Bronze. But, have you ever thought about the correlation between networking and a service tier? There are a lot of different physical networking designs out there with 4 NICs, 6 NICS, 10 NICs, 12NICS, Fiber Channel, NFS, iSCSI, 10Gb, 1Gb. It’s up to you as the Cloud Admin to try and think of your service tiering approach in a POD like fashion. Perhaps you have an outdated infrastructure that utilized 6 NICs, iSCSI/NFS, and SATA storage. You can offer this up as a Bronze offering with a minimal SLA and be able to continue to use that infrastructure to service resident VMs. Then you can purchase something like a Vblock that utilizes 10Gb and Fiber Channel with SATA drives and offer that up as a Silver or perhaps Bronze+ offering. It’s the same type of drive on the storage, but your POD is more failure resistant and has a lot more available throughput. There are more ways to think about your service offering than storage alone. Think about resiliency of the Pod and what type of SLA you can offer against it.
External networks are going to differ in every company. It all depends on what you are trying to accomplish. Remember that the external network connections are connections that solely make up where vCloud connections need access.
Each external network must have an existing port group defined in vCenter. A best practice is to create these on distributedvSwitches of course. This may have changed with 1.5, but in 1.0, it was a best practice to create these portgroups as ephmeral. Without ephemeral binding, the number of ports is restricted t the port group. A restricted number of ports in the port group might cause problems because the number of connected virtual machine is not precictable. Every NAT-routed organization network needs an available port. Assign a VLAN because you it will isolate this traffic and you can create ACLs on network equipment based on the VLAN for security and provisioning purposes. These external networks can be layer 2 or layer 3 networks depending on where they need to travel. More often than not, it will be a layer 3 network. These external networks also need IP addresses associated with them. During the creation of an external network, vCloud will prompt you for information regarding IP addresses and DNS information. These IP addresses are assigned to VMs during a Direct connect external connection or assigned to vShield Edge devices as a NAT routed IP for External NATed Organization networks. In addition, I would set this portgroup as an Active/Active portgroup utilizing load balancing based on physical NIC load and set the failback option to NO. of course the load balancing mechnism can be changed to fit your environments needs.
Another design criteria is going to be the type of network pool design. The only reason we would be choosing port-group backed pools is using a vSphere Standard Switch, and I’m sure no one deploying vCloud Director wants to rely on vSS. Another reason would be for immediate Nexus 1000v integration. Port-group backed pools are the only type supported with the Nexus 1000v until version 1.5 is released, which should be at some point next month. If anyone is planning on deploying with the Nexus 1000v, I would encourage you to read the networking section of the vCloud on Vblock paper that was written by myself, Chris Colotti, and Jeramiah Dooley. We explain how it’s possible to utilize 4 NICs for vCloud by using the 1000v as external portgroups and using the vDS as vCloud Networking. The vShield Edge appliance creates the bridge between the two allowing full network capability. The traditional way most SPs seperated tenants was through the use of VLANs. vCD is a good step forward or SPs wanting to take that traditional approach because external networks can be assigned via tenant and segmented L2 networks can be isolated through the use of VLANs as well. Granted, this isn’t the best approach moving forward because depending on how big you want to become, 4000+ VLANs may creep up very soon. That leads us to vCD-NI based networking.
As we said before, this is Vmware’s proprietary protocol. It uses mac-in-mac encapsulation to accomplish L2 network between hosts. The benefit of using this method is that you can overcome the 4000+ VLAN barrier and it’s essentially a Vmware best practice to use this type of network pool. You now have to think about the design of how many vCD-NI networks are needed. With a port-group or VLAN based approach, you have to think about how many different organization networks are going to be created. The same goes for vCD-NI, but it’s a bit simplified. Instead of saying a single organizational network gets a VLAN, you can now put many different organizations on a single vCD-NI network and they are kept isolaed using the mac-in-mac encapsulation. During the creation of a vCD-NI backed network pool, you have to enter how many isolated networks you want this pool to use. The maximum amount of logical networks is 1000. A logical network in this sense is an organization or vApp network. The vCD maximum is 7000 logical networks. If you don’t plan on having that many tenants you can just keep a single 1000 network pool. It might be beneficial to create multiple pools and assign a vCD-NI network pool to a particular provider vDC. Say HR, Marketing, and Finance can be coupled together and assigned to vCD-NI network pool A, while IT and Engineering as assigned to vCD-NI network pool B. Every single vCD-NI network pool must be given a unique VLAN. If my external network is VLAN 6, I can’t use VLAN 6 as a vCD-NI network pool. Don’t worry about the creation of port-groups using this VLAN because vCloud Director will automatie the provisioning of port-groups for a vCD-NI pool. Another thing to keep in mind is if you want the pool to be L2 or L3. All the vCD-NI traffic going from host to host for communication is L2. The only time you have to decide is you want a L3 connectivity is if you need vApps to route outside to an external network connection. In my own testing I found that VMs can talk to each other on the vApp or organizational network, but if they needed to connect to the internet, then they needed to have a vCD-NI network pool backed by a VLAN that could route.
Since mac-in-mac encapsulation adds an additional header to a packet, you are now forced to use jumbo frames across your network. As of vCloud 1.5, it’s suggested to use an MTU of 1600 or greater when configuring vCD-NI port groups. Every device between a cluster of hosts in a provider vDC must have their networking equipment set to 1600 MTU or greater. IMO opinion, it’s much easier to set any networking equipment to MTU 9000 during initial configuration because changing the MTU globally on a switch usually calls for the need of a switch reboot. Doing this will allow you to set and forget. Now we have to go a bit deeper and actually set the vNetwork distrbuted switch to use an MTU greater than 1600 as well so packets can traverse. This is as simple as going to the dvSwitch , right click properties and changing the maximum MTU to 9000.
After the creation of a vCD-NI backed network pool, you still aren’t done. To complete the final configuration step, you must right click on your newly created vCD-NI pool and change the MTU setting from 1500 to 1600. in vCD 1.0.x, this was set to 1524 to account for the 24 bytes of extra space on the header. Now in 1.5, this is supposed to be set to 1600. I’m not sure if that is for future improvements or VXLAN additions. The penalty associated with utlizingvCD-NI is that your hosts will have to do some extra CPU processing, but it’s probably around 2-5%, not much when you think about it. For most organizations, CPU is hardly ever a taxed resource except in VDI deployments. By not setting the MTU to 1600 or greater you are not going to experience a failure in communication or a failure of the network pool. But instead you will be subject to packet fragmentation which of course leads to higher utilization of your switches and all the networking components in between because you are basically doubling the amount of packets on the pipes.
Now we can create organization vDCs and assign the newly created network pool to them. This is where you must make sure that you ration out vCD-NI networks effectively as a Cloud Admin. You have 1000 networks available to in a single vCD-NI backed network. You can give every Org vDC the ability to create up to 1000 networks, but a limit may hit. Think of it like oversubscription of resources within vSphere. You know what thresholds there are and how much you can oversubscribe, just be conscious of your decisions.
One concept to keep in mind is that you have to create an over arching organization. Something like Pepsi. Within a single Organization like Pepsi, you can create multiple Organization vDCs. These Organization vDCs can be something like Pepsi-Gold and Pepsi-Silver because a single Org vDC can only be paired with a single provider vDC. You don’t have to do create Org vDCs based on tier, but it’s probably the most common. Organization Networks on the other hand play a design role as well. For every external network an Organization needs access to, an Organizational network must be created. When creating a vApp from an organization, you can select where the VMs will rest and it can be in any Organization Network
This is the default behavior when creating an Organizational Network. I can create an internal network with a routed external network. This routed external network will create a vShield Edge device that will take care of NATing to the outside world. This will allow VMs on vApps to be placed on either A) internal networks and allow it to only to other VMs on the same internal network. or B) on an external network and let it talk to the outside world and have it be assigned an IP via NAT from vShield Edge, the VMs are also assigned unique IPs via DHCP from vShield Edge..There are certain use cases for every piece and we’re going to try and take a look at them all.
This would be a simple example of a web based application where you need to have your DB and App servers completely isolated from the outside world. Your Web DB and App servers can all communicate locally on a secured internal network, but now you can also use a secondary NIC on your Web Server and assign that to the external network which has the ability to talk to the outside world and take requests. From the image above we are using the default behavior and placing it behind a vShield Edge device to take care of NATing.
I can create a similar type of network but remove the vShield Edge appliance by selecting a direct connection to the external network. This removes vShield Edge with NATing, but also removes scale at the same. This will allow you to create an internal network that will have a unique IP scheme, and an IP address is used from the Scope for the external network for outside access. In my case, an IP address from 192.168.60.50-200 will be used. In For any VM that is placed on the external network, an IP will be used from that range as well.
Again, like our original example, this will create a secured network for the VMs to communicate, but it removes the vShield Edge device and give the Web VM an IP from the pool on the external network. This would probably be the most common use case for an actual public external facing Web App because mapping to an IP behind a NAT routed device might be a bit tricky. I can also create internal only Org networks and External only Org networks by unchecking the boxes during the creation. I didn’t feel like showing you those because they might be too simple.So you might be wondering what the scalability concerns would be on external networks
When you don’t use a vShield edge device, you are going to start burning up more and more IPs in that range that was given for the external network. Every VM that get’s connected to that external org will be using an IP.
When a vShield Edge device is used, we can now NAT the whole entire External Org network and only burn up a single IP address from the external network. Making the scalability of the vApps and the network go even further.
We can take the scalability a step further and talk about vApp fencing. When you fence a vApp, it gives you the ability to create VMs with the same exact IP and MAC addresses and have them be able to talk on the network without issue. As you can see on the right hand side, both of my vApps have identical IP addresses. The vShieldEdge device sits in front of these vApps and receives an IP via DHCP from the vShield Edge device sitting between the external org and external network. This allows both of these vApps to communicate to the outside world without interference. This is a handy utility for developers that need to constantly do testing for applications but have hardcoded IPs.