SlideShare a Scribd company logo

Cloudstack collab talk

Download as PPTX, PDF
Midokura
Midokura

This document discusses the requirements and challenges of networking in an Infrastructure as a Service (IaaS) cloud environment. It proposes using distributed overlay-based network virtualization as a solution. Key points include: - Traditional networking devices do not scale well for IaaS clouds with high churn and micro-granularity needs. - An overlay-based approach using encapsulation can build a virtual network that decouples from the physical network and handles network intelligence at the edge. - The Midokura solution presented uses this approach with a distributed control plane, centralized database, and packet processing at ingress points. - It integrates with popular cloud stacks like OpenStack and CloudStack to provide scalable L

Technology
1 of 37
Making a case for distributed overlay-based network virtualization Ben Cherian Chief Strategy Officer @bencherian Midokura
So, you’re building a cloud?
Requirements
1 2 3 4 5 vs 1 New 1 Horizontal scaling
Building blocks of an IaaS cloud
Cloud management system
Compute
Storage
Networking
Traditional networking devices scale up
Service interruptions
High churn, micro granularity
Limitations of VLANs
Traffic trombones
Human costs don’t scale
Additional Requirements
IaaS Cloud Networking Requirements • Multi-tenancy • ACLs • L2 isolation • Stateful (L4) Firewall  Security Groups • L3 routing isolation  VPC • VPN  Like VRF (virtual  IPSec routing and forwarding) • BGP gateway • Scalable control • REST API plane • Integration with CMS  ARP, DHCP, ICMP  CloudStack • NAT (Floating IP)  OpenStack
IaaS Cloud Networking Requirements Typical Network Topology uplink - Creat e one provider rout er upon deployment - Link to uplink - Creat e a rout er f or a t enant - BGP multi-homing - M ap a bridge f or a quant um net work - Global NAT/route settings, e.g. for floating ip Provider Virtual Router (L3) - Tenant router for FW, LB, DHCP and NAT Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network
Solution: Distributed overlay-based network virtualization
Use encapsulation to build a virtual network
Handle network intelligence / network state at the edge
Require less of the physical network
Edge to Edge IP Overlays • Isolation not using VLANs  IP encapsulation • Decouple from physical network • Provisioning VM doesn’t change underlay state • Underlay delivers to destination host IP • Use scalable IGP (iBGP, OSPF) to build multi-path underlay • Inspired by VL2 from MSR
Market trends supporting overlay model • Packet processing on x86 CPUs (at edge) – Intel DPDK facilitates packet processing – Number of cores in servers increasing fast • Clos Networks (for underlay) – Spine and Leaf architecture with IP – Economical and high E-W bandwidth • Merchant silicon (cheap IP switches) – Broadcom, Intel (Fulcrum Micro), Marvell – ODMs (Quanta, Accton) starting to sell directly – Switches are becoming just like Linux servers • Optical intra-DC Networks
The MidoNet Solution • Virtual L2 Distributed Switching • Virtual L2 Isolation • Virtual L3 Distributed Routing • Virtual L3 Isolation • L4 Services (Load Balancing, Firewall) • NAT • Access Control Lists (ACLs) • Virtual port and device monitoring • Restful API • Web based management control panel
The MidoNet Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 vPort Router Tenant B vPort Virtual Virtual Router Switch B1 vPort VM MN MN VM BGP BGP Multi To ISP1 Homing Internet Private IP VM MN Network MN VM BGP To ISP2 Tunnel BGP To ISP3 VM MN MN VM MN MN MN Network State Database Physical Topology
The MidoNet Solution • Distributed and scalable control plane  Handle all control packets at local MidoNet agent adjacent to VM • Scalable and fault tolerant central database  Stores virtual network configuration  Dynamic network state  MAC learning, ARP cache, etc  Cached at edges on demand • All packet modifications at ingress Packet Tunnel Ingress  One virtual hop MN  No travel through middle boxes Encapsulated  Drop at ingress Drop/Block
Scale out model
The MidoNet Solution • Scalable edge gateway interface to external networks – Multihomed BGP to ISP • REST API and GUI • Integration with popular open source cloud stacks – OpenStack • Removes SPOF of network node • Scalable and fault tolerant NAT for floating IP • Implements security groups efficiently – CloudStack (in progress)
CloudStack integration • Currently have L2 integration • Full integration is slated for Q1, 2013 – L3 isolation (without VM / appliance) – Security groups (stateful firewall) – Floating IP (NAT) – Load balancing (L4)
Questions? Slides: http://www.slideshare.net/midokura
Backup slides
Candidate Models • Traditional network • Centrally controlled OpenFlow based hop- by-hop switching fabric • Edge to edge overlays
Traditional Netowrk • Ethernet VLANs for L2 isolation  4096 limit  VLANs will have large spanning trees terminating on many hosts  High churn in switch control planes doing MAC learning non-stop  Need MLAG for L2 multi-path  Vendor specific • MPLS VPN? • VRFs for L3 isolation  Not scalable to cloud scale  Expensive hardware  Not fault tolerant
OpenFlow Fabric • State in switches  Proportional to virtual network state  Need to update all switches in path when provisioning  Not scalable, not fast enough to update, no atomicity of updates • Not good for IaaS cloud virtual networking
Spine and Leaf Network Architecture
Deep OpenStack Integration • Quantum Plugin – L2 isolation, of course • Also… – L3 isolation (without VM / appliance) – Security groups (stateful firewall) – Floating IP (NAT) – Load balancing (L4) 37

Recommended

Networking in the cloud: An SDN primer
Networking in the cloud: An SDN primerNetworking in the cloud: An SDN primer
Networking in the cloud: An SDN primerMidokura
 
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS CloudsBayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
Adam Johnson
 
Drd700
Drd700Drd700
Drd700ciperi
 
evolution towards NGN
evolution towards NGNevolution towards NGN
evolution towards NGN
AJAL A J
 
Encoder
EncoderEncoder
EncoderTELE-audiovision eng
 
Quality of Experience
Quality of ExperienceQuality of Experience
Quality of Experience
Thomas Kernen
 
Ibc forum 2012-divitel
Ibc forum 2012-divitelIbc forum 2012-divitel
Ibc forum 2012-divitel
Verimatrix
 
Network policies
Network policiesNetwork policies
Network policies
shanj
 

Recommended

Networking in the cloud: An SDN primer
Networking in the cloud: An SDN primerNetworking in the cloud: An SDN primer
Networking in the cloud: An SDN primerMidokura
 
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS CloudsBayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
Adam Johnson
 
Drd700
Drd700Drd700
Drd700ciperi
 
evolution towards NGN
evolution towards NGNevolution towards NGN
evolution towards NGN
AJAL A J
 
Encoder
EncoderEncoder
EncoderTELE-audiovision eng
 
Quality of Experience
Quality of ExperienceQuality of Experience
Quality of Experience
Thomas Kernen
 
Ibc forum 2012-divitel
Ibc forum 2012-divitelIbc forum 2012-divitel
Ibc forum 2012-divitel
Verimatrix
 
Network policies
Network policiesNetwork policies
Network policies
shanj
 
Scalable Video Coding in Content-Aware Networks
Scalable Video Coding in Content-Aware NetworksScalable Video Coding in Content-Aware Networks
Scalable Video Coding in Content-Aware Networks
mgrafl
 
Windows Server 8 Hyper V Networking
Windows Server 8 Hyper V NetworkingWindows Server 8 Hyper V Networking
Windows Server 8 Hyper V Networking
Aidan Finn
 
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLANFlexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Cisco Canada
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixSao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - Verimatrix
Verimatrix
 
2008 EBU Training BBC Scotland Infrastructure
2008 EBU Training BBC Scotland Infrastructure2008 EBU Training BBC Scotland Infrastructure
2008 EBU Training BBC Scotland InfrastructureEuropean Broacasting Union
 
Optical Transport SDN by Peter Landon [APRICOT 2015]
Optical Transport SDN by Peter Landon [APRICOT 2015]Optical Transport SDN by Peter Landon [APRICOT 2015]
Optical Transport SDN by Peter Landon [APRICOT 2015]
APNIC
 
10209
1020910209
10209ronsito
 
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, VerimatrixMulti-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Verimatrix
 
IPv6 in 3G Core Networks
IPv6 in 3G Core NetworksIPv6 in 3G Core Networks
IPv6 in 3G Core Networks
John Loughney
 
Trill and Datacenter Alternatives
Trill and Datacenter AlternativesTrill and Datacenter Alternatives
Trill and Datacenter Alternatives
Aricent
 
Netup dvb-tc-ci
Netup dvb-tc-ciNetup dvb-tc-ci
Netup dvb-tc-ciTELE-audiovision eng
 
Backhaul considerations-ver2
Backhaul considerations-ver2Backhaul considerations-ver2
Backhaul considerations-ver2Rafael Junquera
 
Mobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSMobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLS
Cisco Canada
 
David A. Burgess's Presentation at eComm 2009
David A. Burgess's Presentation at eComm 2009David A. Burgess's Presentation at eComm 2009
David A. Burgess's Presentation at eComm 2009eCommConf
 
Ultra high definition TV over IP networks
Ultra high definition TV over IP networksUltra high definition TV over IP networks
Ultra high definition TV over IP networksThomas Kernen
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01ciperi
 
Unified MPLS
Unified MPLSUnified MPLS
Unified MPLS
Cisco Service Provider
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
オープンソースになったMidoNet
オープンソースになったMidoNetオープンソースになったMidoNet
オープンソースになったMidoNet
Midokura
 
MidoNet US Launch - Oct 15
MidoNet US Launch - Oct 15MidoNet US Launch - Oct 15
MidoNet US Launch - Oct 15
Midokura
 
MidoNet Future -ミドネットの未来-
MidoNet Future -ミドネットの未来-MidoNet Future -ミドネットの未来-
MidoNet Future -ミドネットの未来-
Midokura
 

More Related Content

What's hot

Scalable Video Coding in Content-Aware Networks
Scalable Video Coding in Content-Aware NetworksScalable Video Coding in Content-Aware Networks
Scalable Video Coding in Content-Aware Networks
mgrafl
 
Windows Server 8 Hyper V Networking
Windows Server 8 Hyper V NetworkingWindows Server 8 Hyper V Networking
Windows Server 8 Hyper V Networking
Aidan Finn
 
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLANFlexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Cisco Canada
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixSao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - Verimatrix
Verimatrix
 
Optical Transport SDN by Peter Landon [APRICOT 2015]
Optical Transport SDN by Peter Landon [APRICOT 2015]Optical Transport SDN by Peter Landon [APRICOT 2015]
Optical Transport SDN by Peter Landon [APRICOT 2015]
APNIC
 
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, VerimatrixMulti-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Verimatrix
 
IPv6 in 3G Core Networks
IPv6 in 3G Core NetworksIPv6 in 3G Core Networks
IPv6 in 3G Core Networks
John Loughney
 
Trill and Datacenter Alternatives
Trill and Datacenter AlternativesTrill and Datacenter Alternatives
Trill and Datacenter Alternatives
Aricent
 
Backhaul considerations-ver2
Backhaul considerations-ver2Backhaul considerations-ver2
Backhaul considerations-ver2Rafael Junquera
 
Mobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSMobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLS
Cisco Canada
 
David A. Burgess's Presentation at eComm 2009
David A. Burgess's Presentation at eComm 2009David A. Burgess's Presentation at eComm 2009
David A. Burgess's Presentation at eComm 2009eCommConf
 
Ultra high definition TV over IP networks
Ultra high definition TV over IP networksUltra high definition TV over IP networks
Ultra high definition TV over IP networksThomas Kernen
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01ciperi
 
Unified MPLS
Unified MPLSUnified MPLS
Unified MPLS
Cisco Service Provider
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 

What's hot (19)

Scalable Video Coding in Content-Aware Networks
Scalable Video Coding in Content-Aware NetworksScalable Video Coding in Content-Aware Networks
Scalable Video Coding in Content-Aware Networks
 
Windows Server 8 Hyper V Networking
Windows Server 8 Hyper V NetworkingWindows Server 8 Hyper V Networking
Windows Server 8 Hyper V Networking
 
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLANFlexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixSao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - Verimatrix
 
2008 EBU Training BBC Scotland Infrastructure
2008 EBU Training BBC Scotland Infrastructure2008 EBU Training BBC Scotland Infrastructure
2008 EBU Training BBC Scotland Infrastructure
 
Optical Transport SDN by Peter Landon [APRICOT 2015]
Optical Transport SDN by Peter Landon [APRICOT 2015]Optical Transport SDN by Peter Landon [APRICOT 2015]
Optical Transport SDN by Peter Landon [APRICOT 2015]
 
10209
1020910209
10209
 
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, VerimatrixMulti-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
 
IPv6 in 3G Core Networks
IPv6 in 3G Core NetworksIPv6 in 3G Core Networks
IPv6 in 3G Core Networks
 
Trill and Datacenter Alternatives
Trill and Datacenter AlternativesTrill and Datacenter Alternatives
Trill and Datacenter Alternatives
 
Netup dvb-tc-ci
Netup dvb-tc-ciNetup dvb-tc-ci
Netup dvb-tc-ci
 
Backhaul considerations-ver2
Backhaul considerations-ver2Backhaul considerations-ver2
Backhaul considerations-ver2
 
Mobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSMobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLS
 
David A. Burgess's Presentation at eComm 2009
David A. Burgess's Presentation at eComm 2009David A. Burgess's Presentation at eComm 2009
David A. Burgess's Presentation at eComm 2009
 
Ultra high definition TV over IP networks
Ultra high definition TV over IP networksUltra high definition TV over IP networks
Ultra high definition TV over IP networks
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
 
Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01
 
Unified MPLS
Unified MPLSUnified MPLS
Unified MPLS
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 

Viewers also liked

オープンソースになったMidoNet
オープンソースになったMidoNetオープンソースになったMidoNet
オープンソースになったMidoNet
Midokura
 
MidoNet US Launch - Oct 15
MidoNet US Launch - Oct 15MidoNet US Launch - Oct 15
MidoNet US Launch - Oct 15
Midokura
 
MidoNet Future -ミドネットの未来-
MidoNet Future -ミドネットの未来-MidoNet Future -ミドネットの未来-
MidoNet Future -ミドネットの未来-
Midokura
 
Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview
Midokura
 
MidoNet Differentiation and Overview
MidoNet Differentiation and OverviewMidoNet Differentiation and Overview
MidoNet Differentiation and Overview
Midokura
 
クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化
クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化
クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化
Midokura
 

Viewers also liked (6)

オープンソースになったMidoNet
オープンソースになったMidoNetオープンソースになったMidoNet
オープンソースになったMidoNet
 
MidoNet US Launch - Oct 15
MidoNet US Launch - Oct 15MidoNet US Launch - Oct 15
MidoNet US Launch - Oct 15
 
MidoNet Future -ミドネットの未来-
MidoNet Future -ミドネットの未来-MidoNet Future -ミドネットの未来-
MidoNet Future -ミドネットの未来-
 
Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview Midokura Enterprise MidoNet Overview
Midokura Enterprise MidoNet Overview
 
MidoNet Differentiation and Overview
MidoNet Differentiation and OverviewMidoNet Differentiation and Overview
MidoNet Differentiation and Overview
 
クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化
クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化
クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化
 

Similar to Cloudstack collab talk

Networking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN PrimerNetworking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN PrimerOpenStack Foundation
 
Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613OpenStack Foundation
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)hypervnu
 
Advanced network services insertions framework
Advanced network services insertions frameworkAdvanced network services insertions framework
Advanced network services insertions framework
salv_orlando
 
OpenStack Load Balancing Use Cases and Requirements
OpenStack Load Balancing Use Cases and RequirementsOpenStack Load Balancing Use Cases and Requirements
OpenStack Load Balancing Use Cases and RequirementsJohn Gruber
 
Link Virtualization based on Xen
Link Virtualization based on XenLink Virtualization based on Xen
Link Virtualization based on Xen
The Linux Foundation
 
VoIP Connectivity Table
VoIP Connectivity TableVoIP Connectivity Table
VoIP Connectivity Table
Braun Mincher
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
Miguel Lavalle
 
Brokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessBrokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessimec.archive
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network Design
Randy Bias
 
Architecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudArchitecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloud
bradhedlund
 
Technical introduction to MidoNet
Technical introduction to MidoNetTechnical introduction to MidoNet
Technical introduction to MidoNet
MidoNet
 
Ryu: network operating system
Ryu: network operating systemRyu: network operating system
Ryu: network operating systemIsaku Yamahata
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance ChallengeStephen Hemminger
 
Quantum grizzly summit
Quantum grizzly summitQuantum grizzly summit
Quantum grizzly summit
Dan Wendlandt
 
Quantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptxQuantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptx
OpenStack Foundation
 
MFH3 Overview
MFH3 OverviewMFH3 Overview
MFH3 Overviewrorcutt
 
Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programming
Marton Kiss
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
Juniper Networks (日本)
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)
Dan Wendlandt
 

Similar to Cloudstack collab talk (20)

Networking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN PrimerNetworking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN Primer
 
Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)
 
Advanced network services insertions framework
Advanced network services insertions frameworkAdvanced network services insertions framework
Advanced network services insertions framework
 
OpenStack Load Balancing Use Cases and Requirements
OpenStack Load Balancing Use Cases and RequirementsOpenStack Load Balancing Use Cases and Requirements
OpenStack Load Balancing Use Cases and Requirements
 
Link Virtualization based on Xen
Link Virtualization based on XenLink Virtualization based on Xen
Link Virtualization based on Xen
 
VoIP Connectivity Table
VoIP Connectivity TableVoIP Connectivity Table
VoIP Connectivity Table
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
 
Brokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessBrokerage 2007 presentation wireless
Brokerage 2007 presentation wireless
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network Design
 
Architecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudArchitecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloud
 
Technical introduction to MidoNet
Technical introduction to MidoNetTechnical introduction to MidoNet
Technical introduction to MidoNet
 
Ryu: network operating system
Ryu: network operating systemRyu: network operating system
Ryu: network operating system
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance Challenge
 
Quantum grizzly summit
Quantum grizzly summitQuantum grizzly summit
Quantum grizzly summit
 
Quantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptxQuantum PTL Update - Grizzly Summit.pptx
Quantum PTL Update - Grizzly Summit.pptx
 
MFH3 Overview
MFH3 OverviewMFH3 Overview
MFH3 Overview
 
Hungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programmingHungary Usergroup - Midonet overlay programming
Hungary Usergroup - Midonet overlay programming
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)
 

More from Midokura

Journey to an Intelligent Industrial Network - Pino de Candia, CTO Midokura
Journey to an Intelligent Industrial Network - Pino de Candia, CTO MidokuraJourney to an Intelligent Industrial Network - Pino de Candia, CTO Midokura
Journey to an Intelligent Industrial Network - Pino de Candia, CTO Midokura
Midokura
 
ネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリット
ネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリットネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリット
ネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリット
Midokura
 
OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向
OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向
OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向
Midokura
 
OpenStack Havanaのネットワーキング新機能と適用事例
OpenStack Havanaのネットワーキング新機能と適用事例OpenStack Havanaのネットワーキング新機能と適用事例
OpenStack Havanaのネットワーキング新機能と適用事例
Midokura
 
Network Virtualization with MidoNet in CloudStack
Network Virtualization with MidoNet in CloudStackNetwork Virtualization with MidoNet in CloudStack
Network Virtualization with MidoNet in CloudStack
Midokura
 
20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet
20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet
20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet
Midokura
 
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...Midokura
 
OSC Osaka 2013
OSC Osaka 2013OSC Osaka 2013
OSC Osaka 2013
Midokura
 
20130517 midokura-ncc
20130517 midokura-ncc20130517 midokura-ncc
20130517 midokura-nccMidokura
 
12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup
Midokura
 

More from Midokura (10)

Journey to an Intelligent Industrial Network - Pino de Candia, CTO Midokura
Journey to an Intelligent Industrial Network - Pino de Candia, CTO MidokuraJourney to an Intelligent Industrial Network - Pino de Candia, CTO Midokura
Journey to an Intelligent Industrial Network - Pino de Candia, CTO Midokura
 
ネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリット
ネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリットネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリット
ネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリット
 
OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向
OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向
OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向
 
OpenStack Havanaのネットワーキング新機能と適用事例
OpenStack Havanaのネットワーキング新機能と適用事例OpenStack Havanaのネットワーキング新機能と適用事例
OpenStack Havanaのネットワーキング新機能と適用事例
 
Network Virtualization with MidoNet in CloudStack
Network Virtualization with MidoNet in CloudStackNetwork Virtualization with MidoNet in CloudStack
Network Virtualization with MidoNet in CloudStack
 
20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet
20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet
20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet
 
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
 
OSC Osaka 2013
OSC Osaka 2013OSC Osaka 2013
OSC Osaka 2013
 
20130517 midokura-ncc
20130517 midokura-ncc20130517 midokura-ncc
20130517 midokura-ncc
 
12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup
 

Recently uploaded

The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 

Recently uploaded (20)

The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 

Cloudstack collab talk

  • 1. Making a case for distributed overlay-based network virtualization Ben Cherian Chief Strategy Officer @bencherian Midokura
  • 4. 1 2 3 4 5 vs 1 New 1 Horizontal scaling
  • 5. Building blocks of an IaaS cloud
  • 10. Traditional networking devices scale up
  • 12. High churn, micro granularity
  • 13. Limitations of VLANs
  • 17. IaaS Cloud Networking Requirements • Multi-tenancy • ACLs • L2 isolation • Stateful (L4) Firewall  Security Groups • L3 routing isolation  VPC • VPN  Like VRF (virtual  IPSec routing and forwarding) • BGP gateway • Scalable control • REST API plane • Integration with CMS  ARP, DHCP, ICMP  CloudStack • NAT (Floating IP)  OpenStack
  • 18. IaaS Cloud Networking Requirements Typical Network Topology uplink - Creat e one provider rout er upon deployment - Link to uplink - Creat e a rout er f or a t enant - BGP multi-homing - M ap a bridge f or a quant um net work - Global NAT/route settings, e.g. for floating ip Provider Virtual Router (L3) - Tenant router for FW, LB, DHCP and NAT Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network
  • 19. Solution: Distributed overlay-based network virtualization
  • 20. Use encapsulation to build a virtual network
  • 21. Handle network intelligence / network state at the edge
  • 22. Require less of the physical network
  • 23. Edge to Edge IP Overlays • Isolation not using VLANs  IP encapsulation • Decouple from physical network • Provisioning VM doesn’t change underlay state • Underlay delivers to destination host IP • Use scalable IGP (iBGP, OSPF) to build multi-path underlay • Inspired by VL2 from MSR
  • 24. Market trends supporting overlay model • Packet processing on x86 CPUs (at edge) – Intel DPDK facilitates packet processing – Number of cores in servers increasing fast • Clos Networks (for underlay) – Spine and Leaf architecture with IP – Economical and high E-W bandwidth • Merchant silicon (cheap IP switches) – Broadcom, Intel (Fulcrum Micro), Marvell – ODMs (Quanta, Accton) starting to sell directly – Switches are becoming just like Linux servers • Optical intra-DC Networks
  • 25. The MidoNet Solution • Virtual L2 Distributed Switching • Virtual L2 Isolation • Virtual L3 Distributed Routing • Virtual L3 Isolation • L4 Services (Load Balancing, Firewall) • NAT • Access Control Lists (ACLs) • Virtual port and device monitoring • Restful API • Web based management control panel
  • 26. The MidoNet Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 vPort Router Tenant B vPort Virtual Virtual Router Switch B1 vPort VM MN MN VM BGP BGP Multi To ISP1 Homing Internet Private IP VM MN Network MN VM BGP To ISP2 Tunnel BGP To ISP3 VM MN MN VM MN MN MN Network State Database Physical Topology
  • 27. The MidoNet Solution • Distributed and scalable control plane  Handle all control packets at local MidoNet agent adjacent to VM • Scalable and fault tolerant central database  Stores virtual network configuration  Dynamic network state  MAC learning, ARP cache, etc  Cached at edges on demand • All packet modifications at ingress Packet Tunnel Ingress  One virtual hop MN  No travel through middle boxes Encapsulated  Drop at ingress Drop/Block
  • 29. The MidoNet Solution • Scalable edge gateway interface to external networks – Multihomed BGP to ISP • REST API and GUI • Integration with popular open source cloud stacks – OpenStack • Removes SPOF of network node • Scalable and fault tolerant NAT for floating IP • Implements security groups efficiently – CloudStack (in progress)
  • 30. CloudStack integration • Currently have L2 integration • Full integration is slated for Q1, 2013 – L3 isolation (without VM / appliance) – Security groups (stateful firewall) – Floating IP (NAT) – Load balancing (L4)
  • 33. Candidate Models • Traditional network • Centrally controlled OpenFlow based hop- by-hop switching fabric • Edge to edge overlays
  • 34. Traditional Netowrk • Ethernet VLANs for L2 isolation  4096 limit  VLANs will have large spanning trees terminating on many hosts  High churn in switch control planes doing MAC learning non-stop  Need MLAG for L2 multi-path  Vendor specific • MPLS VPN? • VRFs for L3 isolation  Not scalable to cloud scale  Expensive hardware  Not fault tolerant
  • 35. OpenFlow Fabric • State in switches  Proportional to virtual network state  Need to update all switches in path when provisioning  Not scalable, not fast enough to update, no atomicity of updates • Not good for IaaS cloud virtual networking
  • 36. Spine and Leaf Network Architecture
  • 37. Deep OpenStack Integration • Quantum Plugin – L2 isolation, of course • Also… – L3 isolation (without VM / appliance) – Security groups (stateful firewall) – Floating IP (NAT) – Load balancing (L4) 37

Editor's Notes

  1. Cloud ManagementComputeStorageNetworking
  2. The CMS (cloud management system) integration is critically importantWe have built a deep integration with OpenStackL2 isolation is a given!L2 isolation is not enoughL3 isolation (inter-network routing), scalable NAT, scalable security groups are also needed for a complete solution