SlideShare a Scribd company logo

CloudStack Networking

Download as PPTX, PDF
CloudStack - Open Source Cloud Computing Project
CloudStack - Open Source Cloud Computing Project

This document summarizes CloudStack networking features and architecture. CloudStack provides orchestration of network services like IPAM, DNS, firewalls, load balancing, and VPN. It supports various network isolation techniques including VLANs, L3 isolation, and overlay networks. The CloudStack virtual router provides default network services, and external devices can also be integrated. CloudStack networking supports advanced configurations including multi-tier networks, bring your own services, and software defined networking.

Technology
1 of 38
CloudStack Networking Chiradeep Vittal May 2 2012
Outline • CloudStack Networking Features • CloudStack Networking Configuration • CloudStack Networking APIs • CloudStack Network Architecture • Virtual Router deep dive
Feature overview • Orchestration of L2 – L7 network services – IPAM, DNS, Gateway, Firewall, NAT, LB, VPN, etc • Mix-and-match services and providers • Out-of-the-box integration with automated deployment of virtual routers – Highly available network services using CloudStack HA and VRRP • Orchestrate external providers such as hardware firewalls and load balancers – Devices can provide multiple services – Admin API to configure external devices – Plugin-based extensions for network behavior and admin API extensions • Multiple multi-tenancy [network isolation] options • Integrated traffic accounting • Access control • Software Defined Networking too
Basic vs Advanced Networking • Segmentation based on feature set and ease-of- deployment • Both are feature-rich • Basic implements true AWS-style L3-isolation – Tenants do not get contiguous IP addresses or subnets – Network segmentation based on Security Groups – Tremendous scale (tens of thousands) • Advanced Zone offers full L3 subnets – VLANs are default implementation (4K limit) – More features (source NAT, PF, VPN)
CloudStack Terminology • Guest network – The tenant network to which instances are attached • Storage network – The physical network which connects the hypervisor to primary storage • Management network – Control Plane traffic between CloudStack management server and hypervisor clusters • Public network – “Outside” the cloud *usually Internet+ – Shared public VLANs trunked down to all hypervisors • All traffic can be multiplexed on to the same underlying physical network using VLANs – Usually Management network is untagged – Storage network usually on separate nic (or bond) • Admin informs CloudStack how to map these network types to the underlying physical network – Configure traffic labels on the hypervisor – Configure traffic labels on Admin UI
PHYSICAL NETWORK IN A ZONE Core (L3) Network Pod 1 Pod 2 Pod N Cloudstack Access Switch(es) Server Cloudstack Servers … CLUSTER 1 Hypervisor 1 VM Traffic … Hypervisor 8 Control Plane Traffic Storage Traffic Storage 2 Storage 1 Public Traffic … CLUSTER 4 Hypervisor N Hypervisor N+1 Storage k
L2 Features • Choice of network isolation – Physical, VLAN, L3 (anti-spoof), Overlay[GRE] – Physical isolation through network labels [limited to # of nics or bonds] • Multi-nic – Deploy instance in multiple networks – Control default route • Access control – Shared networks, project networks – Dedicated VLANs offer MPLS integration • Anti-spoofing for L3-isolated networks • QoS [max rate] • Traffic monitoring • Broadcast & multicast suppression in L3-isolated networks • Hot-plug / detach of nics [upcoming]
L3 Features • IPAM [DHCP], Public IP address management – VR acts as DHCP server – Can request multiple public IPs per tenant • Gateway (default gateway) – Redundant VR (using VRRP) – Inter-subnet routing [upcoming] – Static routing control [upcoming] • Remote Access VPN – L2TP over IPSec using PSK – Virtual Router only • Firewall based on source cidr • Static NAT [1:1] – Including “Elastic IP” in Basic Zone • Source NAT – Per-network, or interface NAT • Public Traffic usage – Monitoring on the Virtual Router / External network device – Integration with sFlow collectors • Site-to-Site VPN [upcoming] – IPSec VPN based on VR • L3 ACLs [upcoming]
L4 Features • Security groups for L3-isolation – “Basic Zone” in docs – Default AWS-style networking – Scales much better than VLANs • Stateful firewall for TCP, UDP and ICMP • Port forwarding *“Advanced Zone”+ – Conserve public Ips
L7 features • Loadbalancer – VR has HAProxy built in – External Loadbalancer support • Netscaler (MPX/SDX/VPX) • F5 BigIP • Can dedicate an LB appliance to an account or share it among tenants – Loadbalancer supported with L3-isolation as well – Stickiness support – SSL support [future] – Health Checks [future] • User-data & meta-data – Fetched from virtual router • Password change server
Physical Network Operations Users Admin and Cloud API CloudStack Mgmt Server Cluster Router MySQL Load Balancer Availability Zone L3 Core Switch Access Layer Switches Secondary Servers … … … … … Storage Pod 1 Pod 2 Pod 3 Pod N
Layer 3 cloud networking Web DB Web VM VM VM Web DB Security Security Group Group Web Web DB VM VM VM … … … Web Web VM VM
Guest Networks with L3 isolation Public Public IP Guest Guest Internet address 1 VM address 65.37.141.11 1 10.1.0.2 10.1.0.1 Guest 65.37.141.24 Pod 1 L2 Guest 65.37.141.36 Switch 2 VM address 65.37.141.80 1 10.1.0.3 Guest Guest 1 VM address L3 Core Pod 2 L2 Switch 10.1.8.1 … 2 10.1.0.4 Switch Guest Guest Load 10.1.16. 2 VM address Pod 3 L2 Balancer 1 2 10.1.16.12 Switch Guest Guest 2 VM address 3 10.1.16.21 … Guest 1 VM Guest address 3 10.1.16.47 Guest Guest 1 VM address 4 10.1.16.85
Virtual Networks (L2 isolation) Core (L3) Network Pod K Pod M Pod N Access Switch(es) V Hypervisor V V Hypervisor R … CLUSTER 1 Hypervisor 1 R VM Traffic … Hypervisor 8 Public Traffic … CLUSTER 4 V V Hypervisor N V Tenant VM Hypervisor N+1 V R Tenant Virtual Router
Guest virtual layer-2 network Guest Virtual Network 10.1.1.0/24 Public Public IP Guest Gateway Guest Network address 1 VM address address 65.37.141.11 1 10.1.1.1 10.1.1.2 65.37.141.36 Guest 1 Guest Guest Public Virtual 1 VM address Internet Router 2 10.1.1.3 NAT Guest Guest DHCP 1 VM address Load 3 10.1.1.4 Balancing VPN Guest Guest 1 VM address 4 10.1.1.5 Guest Virtual Network Public IP 10.1.1.0/24 address Gateway Guest Guest 65.37.141.24 address 2 VM address 65.37.141.80 10.1.1.1 1 10.1.1.2 Guest 2 Guest Guest Virtual 2 VM address Router 2 10.1.1.3 NAT Guest Guest DHCP 2 VM address Load 3 10.1.1.4 Balancing VPN
Layer-2 Guest Virtual Network CS Virtual Router provides Network Services External Devices provide Network Services Guest Virtual Network 10.1.1.1/8 Guest Virtual Network 10.1.1.1/8 VLAN 100 VLAN 100 Public Public Network/Intern Network/Intern et Guest et Guest Public IP Private IP 10.1.1.1 10.1.1.1 VM 1 10.1.1.111 VM 1 Gateway 65.37.141.11 Juniper Public IP 1 SRX address 65.37.141.11 CS Firewall 10.1.1.1 Guest Guest Virtual 10.1.1.3 VM 2 10.1.1.3 VM 2 Router Public IP Private IP DHCP, DNS 65.37.141. NetScaler 10.1.1.112 NAT Guest 112 Load Guest Load Balancing 10.1.1.4 VM 3 Blancer VM 3 10.1.1.4 VPN Guest Guest 10.1.1.5 VM 4 10.1.1.5 VM 4 CS DHCP, Virtual Router DNS
Other Topologies No services [Static Ips] Dedicated VLAN with DHCP and DNS User can request specific IP[s] for NIC Guest Virtual Network 10.1.1.0/24 Guest Virtual Network 10.1.1.0/24 VLAN 100 VLAN 100 Guest Guest VM 1 10.1.1.1 VM 1 10.1.1.1 Gateway address 10.1.1.1 Guest Guest 10.1.1.3 VM 2 Gateway 10.1.1.3 VM 2 address 10.1.1.1 Guest Guest Core switch 10.1.1.4 VM 3 VM 3 10.1.1.4 Guest Core switch Guest 10.1.1.5 VM 4 10.1.1.5 VM 4 CS DHCP, Virtual Router DNS User-data
Other topologies MPLS Shared VLAN with DHCP and DNS Guest Virtual Network 10.1.1.0/24 Guest Virtual Network 10.1.1.0/24 VLAN 100 VLAN 100 MPLS VLAN 100 Guest Guest VM 1 10.1.1.1 VM 1 10.1.1.100 Gateway address 10.1.1.1 Guest Guest 10.1.1.200 VM 2 Gateway 10.1.1.3 VM 2 address 10.1.1.1 Guest Guest Core switch 10.1.1.101 VM 3 VM 3 10.1.1.4 Guest Core switch Guest 10.1.1.11 VM 4 10.1.1.5 VM 4 5 CS CS DHCP, Virtual DHCP, Virtual Router Router DNS DNS User-data User-data
Multi-tier network Multi-tier network Virtual Network Virtual Network Virtual Network 10.1.2.0/24 10.1.3.0/24 10.1.1.0/24 VLAN 1001 VLAN 141 Public VLAN 100 Network/Intern App VM 10.1.2.31 1 10.1.3.21 et Web VM Public IP Private IP 10.1.1.1 1 10.1.2.21 65.37.141.11 Juniper 10.1.1.111 1 SRX App VM Firewall 10.1.2.24 10.1.3.45 Web VM 2 10.1.1.3 2 10.1.2.18 Public IP Private IP 65.37.141. Netscaler 10.1.1.112 112 Load Web VM Balancer 10.1.1.4 3 10.1.2.38 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 10.1.2.39 CS DHCP, CS DHCP, Virtual Virtual DNS CS DHCP, DNS, Router Virtual Router User- User- DNS Router data data, User- Source data Public IP -NAT, 65.37.141.115
Bring-your-own Service Public VLAN(s) VR Guest VLAN Customer installs static route to point to his routing Your vm VM VM VM Routing VM Monitoring VLAN (shared)
Bring-your-own Service[site-to-site-vpn] Public VLAN(s) VR Guest VLAN Customer installs static route (manually/au Your tomated VM VM VM Routing config) to VM point to his routing vm. Routing VM provides Site- Shared Public VLAN to-site VPN (configured directly on routing VM, not by CloudStack)
Multi-tier unified [vision] Internet IPSec or SSL site-to-site VPN CS Virtual Router / Customer Loadbalancer Other Premises Monitoring VLAN Virtual Router Services App VM • IPAM 10.1.2.31 1 • DNS 10.1.1.1 Web VM 1 • LB [intra] • S-2-S VPN App VM 10.1.2.24 • Static Routes Web VM 2 • ACLs 10.1.1.3 2 • NAT, PF • FW [ingress & egress] Web VM • BGP 10.1.1.4 3 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 Virtual Network Virtual Network Virtual Network 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 VLAN 100 VLAN 1001 VLAN 141
Multi-tier unified with SDN[vision] Internet IPSec or SSL site-to-site VPN CS Loadbalancer Virtual Router / Customer Other Premises Virtual Appliance Monitoring VLAN Virtual Router Services App VM • IPAM 10.1.2.31 1 • DNS 10.1.1.1 Web VM 1 • LB [intra] • S-2-S VPN App VM 10.1.2.24 • Static Routes Web VM 2 • ACLs 10.1.1.3 2 • NAT, PF • FW [ingress & egress] Web VM • BGP 10.1.1.4 3 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 Overlay Overlay Overlay Network Network Network 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
Network Offerings • Cloud provider defines the feature set for guest networks • Toggle features or service levels – Security groups on/off – Load balancer on/off – Load balancer software/hardware – VPN, firewall, port forwarding • User chooses network offering when creating network • Enables upgrade between network offerings • Default offerings built-in – For classic CloudStack networking
Service Offerings Specify Resource Levels Configure Properties Define Scope Compute Disk Network Name Name Name CPU Cores Custom Disk Size Network Rate CPU (MHz) Disk Size (GB) Redundant VR Storage Tag Firewall Memory (MB) Load balancer Host Tag Enable HA Public Public CPU Cap Public
CloudStack Network Service Providers • A Network Service Provider is hardware or virtual appliance that makes a network service possible in CloudStack ; for example, a Citrix NetScaler appliance can be installed in the cloud to provide Load-Balancing services. • Administrators can have multiple instances of the same service provider in a network; for example, more than one Citrix NetScaler or Juniper SRX device can be added to CloudStack • CloudStack supports the following Network Providers: – CloudStack Virtual Router (default) – Citrix NetScaler SDX, VPX and MPX models – Juniper SRX – F5 BigIP
Adding an Additional Network Offerings Network Network Offering Offering Order Status control
Network Service Providers Matrix • Network offerings is basically a definition of what Network Services are available when this offering is used. The available Network Services are: VPN, DHCP, DNS, Firewall, Load Balancer, User Data, Source NAT, Static NAT, Port Forwarding and Security Groups* Feature Virtual Router Citrix Juniper SRX F5 BigIP NetScaler Remote Access VPN YES N/A N/A N/A Firewall YES N/A YES N/A Source NAT YES N/A YES N/A Static NAT YES YES YES N/A Load Balancing YES YES N/A YES Port Forwarding YES N/A YES N/A Elastic IP N/A YES N/A N/A Elastic LB N/A YES N/A N/A DHCP/DNS/User Data YES N/A N/A N/A
CloudStack User APIs [sample] • Networks (L2) – createNetwork [requires network offering id], – deleteNetwork (A), listNetworks, – restartNetwork (A): restarts all devices (if allowed) supporting the network and re-applies configuration – updateNetwork: update network offering and restart network
Adding a Shared Guest Network • Only Administrators can add a Shared Guest Network for an Advanced zone
Adding a Shared Guest Network VLAN required!
Editing Guest Networks When editing a guest network users can change the network offering. They can either upgrade to a “premium” network offering (for example offering that uses hardware Load-balancer) or downgrade to a “cheaper” network.
Restarting and Cleaning Up a Guest Network • Restarting the network will simply resend all the LB, Firewall and Port-Forwarding rules to the network provider • Restarting the Network with “Clean up”: • restarting network elements - virtual routers, DHCP servers • If virtual router is used, it will be destroyed and recreated • Reapplying all public IPs to the network provider • Reapplying load-Balancing/Port- Forwarding/Firewall rules
Deleting a Guest Network • An Isolated Guest Network can only be deleted if no VMs are using these network (e.g. Completely destroyed and expunged) • Deleting a Network will Destroy the Virtual Router (if used) and will release the Public IPs back to the IP Pool
Extending CloudStack Networking 2. prepare (Network, Nic, DeployDestination, VmInfo) 1. prepare (part of start vm) Network Network Element PluggableService Manager Needs to be added as of 5/2/2012 Device Configuration MyDnsDeviceSer Admin API (CRUD) DnsService vice 3. addDnsRecord(ip, fqdn) Demonstrates one way to MyDnsDeviceMa MySQL MyDnsElement inform an external DNS nager server when an instance starts. AgentManag 4.Enqueue AddDnsRecord er Queue Classes shaded blue form a plugin / service bundle to integrate an external DNS MyDnsDeviceRes server. Clients of the ource instance can then use DNS names to access the 5.API call to Dns Device instance.
CloudStack Virtual Router (Virtual Router) • The Virtual Router will be deployed once (when the first instance is deployed in a Zone) when a Shared Network is used providing DHCP and DNS services for the Zone’s Instances (IPs will be allocated from the Public IP Range entered in CloudStack) • When Advanced is used the Router will be deployed Per- Account (and Per Unique Isolated Guest Network) • Virtual Router can serve and isolate VMs even if deployed on a different Hypervisor
CloudStack Virtual Router • The Virtual Router will have 3 NICs: – Eth0 will be connected to the Isolated Guest Network (for Advanced VLAN). It will have the first IP in the CIDR (for example10.1.1.1) and it will be the DNS, DHCP and Gateway for the Instances in the Private Guest Network. – Eth1 resides on local-link network (only for KVM and XenServer) or the Management Network (on VMware) and is used by CloudStack to configure the virtual router. On VMware it will use an IPs from the Management Network IP Range (e.g. Pod Private Range) – Eth2 resides on the Public Network and assigned with a Public IP from the range entered in CloudStack (users can ‘Acquire New IPs’ if needed) • In the default Isolated Mode - Source NAT is automatically configured on the virtual router to forward outbound traffic for all guest VMs and block all incoming traffic (users can manage incoming rules from UI)
Virtual Router Information (applies to all Sys. VMs) • Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security APT repository. No extraneous accounts • 32-bit for enhanced performance on Xen/VMWare • Only essential software packages are installed. Services such as, printing, ftp, telnet, X, kudzu, dns, sendmail are not installed. • SSHd only listens on the private/link-local interface. SSH port has been changed to a non- standard port. SSH logins only using keys (keys are generated at install time and are unique for every customer) • pvops kernel with Xen paravirt drivers + KVM virtio drivers + VMware tools for optimum performance on all hypervisors. Xen tools inclusion allows performance monitoring • Template is built from scratch and is not polluted with any old logs or history • Latest versions of haproxy, iptables, ipsec, apache from debian repository ensures improved security and speed • Latest version of jre from Oracle ensures improved security and speed

Recommended

CloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and TroubleshootingCloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and Troubleshooting
ShapeBlue
 
CloudStack networking
CloudStack networkingCloudStack networking
CloudStack networking
ShapeBlue
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
Suraj Deshmukh
 
Implementing CloudStack's VPC feature
Implementing CloudStack's VPC featureImplementing CloudStack's VPC feature
Implementing CloudStack's VPC feature
Marcus L Sorensen
 
Volume Encryption In CloudStack
Volume Encryption In CloudStackVolume Encryption In CloudStack
Volume Encryption In CloudStack
ShapeBlue
 
Building a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir MelnikBuilding a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir Melnik
ShapeBlue
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
ShapeBlue
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 

Recommended

CloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and TroubleshootingCloudStack - Top 5 Technical Issues and Troubleshooting
CloudStack - Top 5 Technical Issues and Troubleshooting
ShapeBlue
 
CloudStack networking
CloudStack networkingCloudStack networking
CloudStack networking
ShapeBlue
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
Suraj Deshmukh
 
Implementing CloudStack's VPC feature
Implementing CloudStack's VPC featureImplementing CloudStack's VPC feature
Implementing CloudStack's VPC feature
Marcus L Sorensen
 
Volume Encryption In CloudStack
Volume Encryption In CloudStackVolume Encryption In CloudStack
Volume Encryption In CloudStack
ShapeBlue
 
Building a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir MelnikBuilding a redundant CloudStack management cluster - Vladimir Melnik
Building a redundant CloudStack management cluster - Vladimir Melnik
ShapeBlue
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
ShapeBlue
 
MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)MP BGP-EVPN 실전기술-1편(개념잡기)
MP BGP-EVPN 실전기술-1편(개념잡기)
JuHwan Lee
 
Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStack
ShapeBlue
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
Mirantis
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
Yoshikazu Nojima
 
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
OpenStack Korea Community
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environments
ShapeBlue
 
VM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network ProviderVM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network Provider
ShapeBlue
 
Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huangbuildacloud
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
NHN FORWARD
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Cloudstack for beginners
Cloudstack for beginnersCloudstack for beginners
Cloudstack for beginners
Joseph Amirani
 
Using the KVMhypervisor in CloudStack
Using the KVMhypervisor in CloudStackUsing the KVMhypervisor in CloudStack
Using the KVMhypervisor in CloudStack
ShapeBlue
 
CloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVCloudStack Best Practice in PPTV
CloudStack Best Practice in PPTV
gavin_lee
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
Prasad Mukhedkar
 
Backup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVMBackup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVM
ShapeBlue
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack ArchitectureCloudStack - Open Source Cloud Computing Project
 
What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17
ShapeBlue
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
Radhika Puthiyetath
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
Aruba, a Hewlett Packard Enterprise company
 
VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
Vepsun Technologies
 
Xen and Apache cloudstack
Xen and Apache cloudstack Xen and Apache cloudstack
Xen and Apache cloudstack
The Linux Foundation
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
Sebastien Goasguen
 

More Related Content

What's hot

Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStack
ShapeBlue
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
Mirantis
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
Yoshikazu Nojima
 
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
OpenStack Korea Community
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environments
ShapeBlue
 
VM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network ProviderVM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network Provider
ShapeBlue
 
Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huangbuildacloud
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
NHN FORWARD
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Cloudstack for beginners
Cloudstack for beginnersCloudstack for beginners
Cloudstack for beginners
Joseph Amirani
 
Using the KVMhypervisor in CloudStack
Using the KVMhypervisor in CloudStackUsing the KVMhypervisor in CloudStack
Using the KVMhypervisor in CloudStack
ShapeBlue
 
CloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVCloudStack Best Practice in PPTV
CloudStack Best Practice in PPTV
gavin_lee
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
Prasad Mukhedkar
 
Backup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVMBackup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVM
ShapeBlue
 
What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17
ShapeBlue
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
Radhika Puthiyetath
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
Aruba, a Hewlett Packard Enterprise company
 
VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
Vepsun Technologies
 

What's hot (20)

Monitoring in CloudStack
Monitoring in CloudStackMonitoring in CloudStack
Monitoring in CloudStack
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
 
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
[OpenInfra Days Korea 2018] (Track 2) Neutron LBaaS 어디까지 왔니? - Octavia 소개
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environments
 
VM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network ProviderVM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network Provider
 
Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huang
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
 
Cloudstack for beginners
Cloudstack for beginnersCloudstack for beginners
Cloudstack for beginners
 
Using the KVMhypervisor in CloudStack
Using the KVMhypervisor in CloudStackUsing the KVMhypervisor in CloudStack
Using the KVMhypervisor in CloudStack
 
CloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVCloudStack Best Practice in PPTV
CloudStack Best Practice in PPTV
 
Demystifying openvswitch
Demystifying openvswitchDemystifying openvswitch
Demystifying openvswitch
 
Backup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVMBackup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVM
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack Architecture
 
What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17What's New In Apache CloudStack 4.17
What's New In Apache CloudStack 4.17
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
 
VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
 

Similar to CloudStack Networking

Xen and Apache cloudstack
Xen and Apache cloudstack Xen and Apache cloudstack
Xen and Apache cloudstack
The Linux Foundation
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
Sebastien Goasguen
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
Adam Johnson
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum openstackindia
 
Technical introduction to MidoNet
Technical introduction to MidoNetTechnical introduction to MidoNet
Technical introduction to MidoNet
MidoNet
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
Miguel Lavalle
 
3.5 SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day3.5 SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day
Kimihiko Kitase
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
tcloudcomputing-tw
 
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Damir Bersinic
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStack
Chiradeep Vittal
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld
 
Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015
SDN Hub
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingBrian Bullard
 
Architectures with Windows Azure
Architectures with Windows AzureArchitectures with Windows Azure
Architectures with Windows Azure
Damir Dobric
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)hypervnu
 
Hyper-V 3.0 Overview
Hyper-V 3.0 OverviewHyper-V 3.0 Overview
Hyper-V 3.0 OverviewTudor Damian
 
Tudor Damian - Hyper-V 3.0 overview
Tudor Damian - Hyper-V 3.0 overviewTudor Damian - Hyper-V 3.0 overview
Tudor Damian - Hyper-V 3.0 overview
ITCamp
 
21.10.09 Microsoft Event, Microsoft Presentation
21.10.09 Microsoft Event, Microsoft Presentation21.10.09 Microsoft Event, Microsoft Presentation
21.10.09 Microsoft Event, Microsoft Presentationdataplex systems limited
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Dan Mihai Dumitriu
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
Microsoft TechNet - Belgium and Luxembourg
 

Similar to CloudStack Networking (20)

Xen and Apache cloudstack
Xen and Apache cloudstack Xen and Apache cloudstack
Xen and Apache cloudstack
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum
 
Technical introduction to MidoNet
Technical introduction to MidoNetTechnical introduction to MidoNet
Technical introduction to MidoNet
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
 
3.5 SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day3.5 SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
 
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStack
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Architectures with Windows Azure
Architectures with Windows AzureArchitectures with Windows Azure
Architectures with Windows Azure
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)
 
Hyper-V 3.0 Overview
Hyper-V 3.0 OverviewHyper-V 3.0 Overview
Hyper-V 3.0 Overview
 
Tudor Damian - Hyper-V 3.0 overview
Tudor Damian - Hyper-V 3.0 overviewTudor Damian - Hyper-V 3.0 overview
Tudor Damian - Hyper-V 3.0 overview
 
21.10.09 Microsoft Event, Microsoft Presentation
21.10.09 Microsoft Event, Microsoft Presentation21.10.09 Microsoft Event, Microsoft Presentation
21.10.09 Microsoft Event, Microsoft Presentation
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 

More from CloudStack - Open Source Cloud Computing Project

Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
CloudStack - Open Source Cloud Computing Project
 
CloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community works
CloudStack - Open Source Cloud Computing Project
 
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS cloudsCloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack - Open Source Cloud Computing Project
 
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack - Open Source Cloud Computing Project
 
CloudStack technical overview
CloudStack technical overviewCloudStack technical overview
CloudStack technical overview
CloudStack - Open Source Cloud Computing Project
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
CloudStack - Open Source Cloud Computing Project
 
vBACD July 2012 - Apache Hadoop, Now and Beyond
vBACD July 2012 - Apache Hadoop, Now and BeyondvBACD July 2012 - Apache Hadoop, Now and Beyond
vBACD July 2012 - Apache Hadoop, Now and Beyond
CloudStack - Open Source Cloud Computing Project
 
vBACD July 2012 - Scaling Storage with Ceph
vBACD July 2012 - Scaling Storage with CephvBACD July 2012 - Scaling Storage with Ceph
vBACD July 2012 - Scaling Storage with Ceph
CloudStack - Open Source Cloud Computing Project
 
vBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
vBACD July 2012 - Deploying Private PaaS with ActiveState StackatovBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
vBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
CloudStack - Open Source Cloud Computing Project
 
vBACD July 2012 - Xen Cloud Platform
vBACD July 2012 - Xen Cloud PlatformvBACD July 2012 - Xen Cloud Platform
vBACD July 2012 - Xen Cloud Platform
CloudStack - Open Source Cloud Computing Project
 
vBACD- July 2012 - Crash Course in Open Source Cloud Computing
vBACD- July 2012 - Crash Course in Open Source Cloud ComputingvBACD- July 2012 - Crash Course in Open Source Cloud Computing
vBACD- July 2012 - Crash Course in Open Source Cloud Computing
CloudStack - Open Source Cloud Computing Project
 
Build a Cloud Day San Francisco - Ubuntu Cloud
Build a Cloud Day San Francisco - Ubuntu CloudBuild a Cloud Day San Francisco - Ubuntu Cloud
Build a Cloud Day San Francisco - Ubuntu Cloud
CloudStack - Open Source Cloud Computing Project
 
CloudStack Scalability
CloudStack ScalabilityCloudStack Scalability
CloudStack Scalability
CloudStack - Open Source Cloud Computing Project
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
CloudStack - Open Source Cloud Computing Project
 
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
CloudStack - Open Source Cloud Computing Project
 
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
CloudStack - Open Source Cloud Computing Project
 
vBACD - Crash Course in Open Source Cloud Computing - 2/28
vBACD - Crash Course in Open Source Cloud Computing - 2/28vBACD - Crash Course in Open Source Cloud Computing - 2/28
vBACD - Crash Course in Open Source Cloud Computing - 2/28
CloudStack - Open Source Cloud Computing Project
 

More from CloudStack - Open Source Cloud Computing Project (20)

Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
 
CloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community works
 
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS cloudsCloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
 
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
 
CloudStack technical overview
CloudStack technical overviewCloudStack technical overview
CloudStack technical overview
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
 
vBACD July 2012 - Apache Hadoop, Now and Beyond
vBACD July 2012 - Apache Hadoop, Now and BeyondvBACD July 2012 - Apache Hadoop, Now and Beyond
vBACD July 2012 - Apache Hadoop, Now and Beyond
 
vBACD July 2012 - Scaling Storage with Ceph
vBACD July 2012 - Scaling Storage with CephvBACD July 2012 - Scaling Storage with Ceph
vBACD July 2012 - Scaling Storage with Ceph
 
vBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
vBACD July 2012 - Deploying Private PaaS with ActiveState StackatovBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
vBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
 
vBACD July 2012 - Xen Cloud Platform
vBACD July 2012 - Xen Cloud PlatformvBACD July 2012 - Xen Cloud Platform
vBACD July 2012 - Xen Cloud Platform
 
vBACD- July 2012 - Crash Course in Open Source Cloud Computing
vBACD- July 2012 - Crash Course in Open Source Cloud ComputingvBACD- July 2012 - Crash Course in Open Source Cloud Computing
vBACD- July 2012 - Crash Course in Open Source Cloud Computing
 
Virtualization in the cloud
Virtualization in the cloudVirtualization in the cloud
Virtualization in the cloud
 
Build a Cloud Day San Francisco - Ubuntu Cloud
Build a Cloud Day San Francisco - Ubuntu CloudBuild a Cloud Day San Francisco - Ubuntu Cloud
Build a Cloud Day San Francisco - Ubuntu Cloud
 
CloudStack Scalability
CloudStack ScalabilityCloudStack Scalability
CloudStack Scalability
 
Cloudstack UI Customization
Cloudstack UI CustomizationCloudstack UI Customization
Cloudstack UI Customization
 
Management server internals
Management server internalsManagement server internals
Management server internals
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
 
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
 
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
 
vBACD - Crash Course in Open Source Cloud Computing - 2/28
vBACD - Crash Course in Open Source Cloud Computing - 2/28vBACD - Crash Course in Open Source Cloud Computing - 2/28
vBACD - Crash Course in Open Source Cloud Computing - 2/28
 

Recently uploaded

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 

Recently uploaded (20)

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 

CloudStack Networking

  • 1. CloudStack Networking Chiradeep Vittal May 2 2012
  • 2. Outline • CloudStack Networking Features • CloudStack Networking Configuration • CloudStack Networking APIs • CloudStack Network Architecture • Virtual Router deep dive
  • 3. Feature overview • Orchestration of L2 – L7 network services – IPAM, DNS, Gateway, Firewall, NAT, LB, VPN, etc • Mix-and-match services and providers • Out-of-the-box integration with automated deployment of virtual routers – Highly available network services using CloudStack HA and VRRP • Orchestrate external providers such as hardware firewalls and load balancers – Devices can provide multiple services – Admin API to configure external devices – Plugin-based extensions for network behavior and admin API extensions • Multiple multi-tenancy [network isolation] options • Integrated traffic accounting • Access control • Software Defined Networking too
  • 4. Basic vs Advanced Networking • Segmentation based on feature set and ease-of- deployment • Both are feature-rich • Basic implements true AWS-style L3-isolation – Tenants do not get contiguous IP addresses or subnets – Network segmentation based on Security Groups – Tremendous scale (tens of thousands) • Advanced Zone offers full L3 subnets – VLANs are default implementation (4K limit) – More features (source NAT, PF, VPN)
  • 5. CloudStack Terminology • Guest network – The tenant network to which instances are attached • Storage network – The physical network which connects the hypervisor to primary storage • Management network – Control Plane traffic between CloudStack management server and hypervisor clusters • Public network – “Outside” the cloud *usually Internet+ – Shared public VLANs trunked down to all hypervisors • All traffic can be multiplexed on to the same underlying physical network using VLANs – Usually Management network is untagged – Storage network usually on separate nic (or bond) • Admin informs CloudStack how to map these network types to the underlying physical network – Configure traffic labels on the hypervisor – Configure traffic labels on Admin UI
  • 6. PHYSICAL NETWORK IN A ZONE Core (L3) Network Pod 1 Pod 2 Pod N Cloudstack Access Switch(es) Server Cloudstack Servers … CLUSTER 1 Hypervisor 1 VM Traffic … Hypervisor 8 Control Plane Traffic Storage Traffic Storage 2 Storage 1 Public Traffic … CLUSTER 4 Hypervisor N Hypervisor N+1 Storage k
  • 7. L2 Features • Choice of network isolation – Physical, VLAN, L3 (anti-spoof), Overlay[GRE] – Physical isolation through network labels [limited to # of nics or bonds] • Multi-nic – Deploy instance in multiple networks – Control default route • Access control – Shared networks, project networks – Dedicated VLANs offer MPLS integration • Anti-spoofing for L3-isolated networks • QoS [max rate] • Traffic monitoring • Broadcast & multicast suppression in L3-isolated networks • Hot-plug / detach of nics [upcoming]
  • 8. L3 Features • IPAM [DHCP], Public IP address management – VR acts as DHCP server – Can request multiple public IPs per tenant • Gateway (default gateway) – Redundant VR (using VRRP) – Inter-subnet routing [upcoming] – Static routing control [upcoming] • Remote Access VPN – L2TP over IPSec using PSK – Virtual Router only • Firewall based on source cidr • Static NAT [1:1] – Including “Elastic IP” in Basic Zone • Source NAT – Per-network, or interface NAT • Public Traffic usage – Monitoring on the Virtual Router / External network device – Integration with sFlow collectors • Site-to-Site VPN [upcoming] – IPSec VPN based on VR • L3 ACLs [upcoming]
  • 9. L4 Features • Security groups for L3-isolation – “Basic Zone” in docs – Default AWS-style networking – Scales much better than VLANs • Stateful firewall for TCP, UDP and ICMP • Port forwarding *“Advanced Zone”+ – Conserve public Ips
  • 10. L7 features • Loadbalancer – VR has HAProxy built in – External Loadbalancer support • Netscaler (MPX/SDX/VPX) • F5 BigIP • Can dedicate an LB appliance to an account or share it among tenants – Loadbalancer supported with L3-isolation as well – Stickiness support – SSL support [future] – Health Checks [future] • User-data & meta-data – Fetched from virtual router • Password change server
  • 11. Physical Network Operations Users Admin and Cloud API CloudStack Mgmt Server Cluster Router MySQL Load Balancer Availability Zone L3 Core Switch Access Layer Switches Secondary Servers … … … … … Storage Pod 1 Pod 2 Pod 3 Pod N
  • 12. Layer 3 cloud networking Web DB Web VM VM VM Web DB Security Security Group Group Web Web DB VM VM VM … … … Web Web VM VM
  • 13. Guest Networks with L3 isolation Public Public IP Guest Guest Internet address 1 VM address 65.37.141.11 1 10.1.0.2 10.1.0.1 Guest 65.37.141.24 Pod 1 L2 Guest 65.37.141.36 Switch 2 VM address 65.37.141.80 1 10.1.0.3 Guest Guest 1 VM address L3 Core Pod 2 L2 Switch 10.1.8.1 … 2 10.1.0.4 Switch Guest Guest Load 10.1.16. 2 VM address Pod 3 L2 Balancer 1 2 10.1.16.12 Switch Guest Guest 2 VM address 3 10.1.16.21 … Guest 1 VM Guest address 3 10.1.16.47 Guest Guest 1 VM address 4 10.1.16.85
  • 14. Virtual Networks (L2 isolation) Core (L3) Network Pod K Pod M Pod N Access Switch(es) V Hypervisor V V Hypervisor R … CLUSTER 1 Hypervisor 1 R VM Traffic … Hypervisor 8 Public Traffic … CLUSTER 4 V V Hypervisor N V Tenant VM Hypervisor N+1 V R Tenant Virtual Router
  • 15. Guest virtual layer-2 network Guest Virtual Network 10.1.1.0/24 Public Public IP Guest Gateway Guest Network address 1 VM address address 65.37.141.11 1 10.1.1.1 10.1.1.2 65.37.141.36 Guest 1 Guest Guest Public Virtual 1 VM address Internet Router 2 10.1.1.3 NAT Guest Guest DHCP 1 VM address Load 3 10.1.1.4 Balancing VPN Guest Guest 1 VM address 4 10.1.1.5 Guest Virtual Network Public IP 10.1.1.0/24 address Gateway Guest Guest 65.37.141.24 address 2 VM address 65.37.141.80 10.1.1.1 1 10.1.1.2 Guest 2 Guest Guest Virtual 2 VM address Router 2 10.1.1.3 NAT Guest Guest DHCP 2 VM address Load 3 10.1.1.4 Balancing VPN
  • 16. Layer-2 Guest Virtual Network CS Virtual Router provides Network Services External Devices provide Network Services Guest Virtual Network 10.1.1.1/8 Guest Virtual Network 10.1.1.1/8 VLAN 100 VLAN 100 Public Public Network/Intern Network/Intern et Guest et Guest Public IP Private IP 10.1.1.1 10.1.1.1 VM 1 10.1.1.111 VM 1 Gateway 65.37.141.11 Juniper Public IP 1 SRX address 65.37.141.11 CS Firewall 10.1.1.1 Guest Guest Virtual 10.1.1.3 VM 2 10.1.1.3 VM 2 Router Public IP Private IP DHCP, DNS 65.37.141. NetScaler 10.1.1.112 NAT Guest 112 Load Guest Load Balancing 10.1.1.4 VM 3 Blancer VM 3 10.1.1.4 VPN Guest Guest 10.1.1.5 VM 4 10.1.1.5 VM 4 CS DHCP, Virtual Router DNS
  • 17. Other Topologies No services [Static Ips] Dedicated VLAN with DHCP and DNS User can request specific IP[s] for NIC Guest Virtual Network 10.1.1.0/24 Guest Virtual Network 10.1.1.0/24 VLAN 100 VLAN 100 Guest Guest VM 1 10.1.1.1 VM 1 10.1.1.1 Gateway address 10.1.1.1 Guest Guest 10.1.1.3 VM 2 Gateway 10.1.1.3 VM 2 address 10.1.1.1 Guest Guest Core switch 10.1.1.4 VM 3 VM 3 10.1.1.4 Guest Core switch Guest 10.1.1.5 VM 4 10.1.1.5 VM 4 CS DHCP, Virtual Router DNS User-data
  • 18. Other topologies MPLS Shared VLAN with DHCP and DNS Guest Virtual Network 10.1.1.0/24 Guest Virtual Network 10.1.1.0/24 VLAN 100 VLAN 100 MPLS VLAN 100 Guest Guest VM 1 10.1.1.1 VM 1 10.1.1.100 Gateway address 10.1.1.1 Guest Guest 10.1.1.200 VM 2 Gateway 10.1.1.3 VM 2 address 10.1.1.1 Guest Guest Core switch 10.1.1.101 VM 3 VM 3 10.1.1.4 Guest Core switch Guest 10.1.1.11 VM 4 10.1.1.5 VM 4 5 CS CS DHCP, Virtual DHCP, Virtual Router Router DNS DNS User-data User-data
  • 19. Multi-tier network Multi-tier network Virtual Network Virtual Network Virtual Network 10.1.2.0/24 10.1.3.0/24 10.1.1.0/24 VLAN 1001 VLAN 141 Public VLAN 100 Network/Intern App VM 10.1.2.31 1 10.1.3.21 et Web VM Public IP Private IP 10.1.1.1 1 10.1.2.21 65.37.141.11 Juniper 10.1.1.111 1 SRX App VM Firewall 10.1.2.24 10.1.3.45 Web VM 2 10.1.1.3 2 10.1.2.18 Public IP Private IP 65.37.141. Netscaler 10.1.1.112 112 Load Web VM Balancer 10.1.1.4 3 10.1.2.38 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 10.1.2.39 CS DHCP, CS DHCP, Virtual Virtual DNS CS DHCP, DNS, Router Virtual Router User- User- DNS Router data data, User- Source data Public IP -NAT, 65.37.141.115
  • 20. Bring-your-own Service Public VLAN(s) VR Guest VLAN Customer installs static route to point to his routing Your vm VM VM VM Routing VM Monitoring VLAN (shared)
  • 21. Bring-your-own Service[site-to-site-vpn] Public VLAN(s) VR Guest VLAN Customer installs static route (manually/au Your tomated VM VM VM Routing config) to VM point to his routing vm. Routing VM provides Site- Shared Public VLAN to-site VPN (configured directly on routing VM, not by CloudStack)
  • 22. Multi-tier unified [vision] Internet IPSec or SSL site-to-site VPN CS Virtual Router / Customer Loadbalancer Other Premises Monitoring VLAN Virtual Router Services App VM • IPAM 10.1.2.31 1 • DNS 10.1.1.1 Web VM 1 • LB [intra] • S-2-S VPN App VM 10.1.2.24 • Static Routes Web VM 2 • ACLs 10.1.1.3 2 • NAT, PF • FW [ingress & egress] Web VM • BGP 10.1.1.4 3 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 Virtual Network Virtual Network Virtual Network 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 VLAN 100 VLAN 1001 VLAN 141
  • 23. Multi-tier unified with SDN[vision] Internet IPSec or SSL site-to-site VPN CS Loadbalancer Virtual Router / Customer Other Premises Virtual Appliance Monitoring VLAN Virtual Router Services App VM • IPAM 10.1.2.31 1 • DNS 10.1.1.1 Web VM 1 • LB [intra] • S-2-S VPN App VM 10.1.2.24 • Static Routes Web VM 2 • ACLs 10.1.1.3 2 • NAT, PF • FW [ingress & egress] Web VM • BGP 10.1.1.4 3 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 Overlay Overlay Overlay Network Network Network 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
  • 24. Network Offerings • Cloud provider defines the feature set for guest networks • Toggle features or service levels – Security groups on/off – Load balancer on/off – Load balancer software/hardware – VPN, firewall, port forwarding • User chooses network offering when creating network • Enables upgrade between network offerings • Default offerings built-in – For classic CloudStack networking
  • 25. Service Offerings Specify Resource Levels Configure Properties Define Scope Compute Disk Network Name Name Name CPU Cores Custom Disk Size Network Rate CPU (MHz) Disk Size (GB) Redundant VR Storage Tag Firewall Memory (MB) Load balancer Host Tag Enable HA Public Public CPU Cap Public
  • 26. CloudStack Network Service Providers • A Network Service Provider is hardware or virtual appliance that makes a network service possible in CloudStack ; for example, a Citrix NetScaler appliance can be installed in the cloud to provide Load-Balancing services. • Administrators can have multiple instances of the same service provider in a network; for example, more than one Citrix NetScaler or Juniper SRX device can be added to CloudStack • CloudStack supports the following Network Providers: – CloudStack Virtual Router (default) – Citrix NetScaler SDX, VPX and MPX models – Juniper SRX – F5 BigIP
  • 27. Adding an Additional Network Offerings Network Network Offering Offering Order Status control
  • 28. Network Service Providers Matrix • Network offerings is basically a definition of what Network Services are available when this offering is used. The available Network Services are: VPN, DHCP, DNS, Firewall, Load Balancer, User Data, Source NAT, Static NAT, Port Forwarding and Security Groups* Feature Virtual Router Citrix Juniper SRX F5 BigIP NetScaler Remote Access VPN YES N/A N/A N/A Firewall YES N/A YES N/A Source NAT YES N/A YES N/A Static NAT YES YES YES N/A Load Balancing YES YES N/A YES Port Forwarding YES N/A YES N/A Elastic IP N/A YES N/A N/A Elastic LB N/A YES N/A N/A DHCP/DNS/User Data YES N/A N/A N/A
  • 29. CloudStack User APIs [sample] • Networks (L2) – createNetwork [requires network offering id], – deleteNetwork (A), listNetworks, – restartNetwork (A): restarts all devices (if allowed) supporting the network and re-applies configuration – updateNetwork: update network offering and restart network
  • 30. Adding a Shared Guest Network • Only Administrators can add a Shared Guest Network for an Advanced zone
  • 31. Adding a Shared Guest Network VLAN required!
  • 32. Editing Guest Networks When editing a guest network users can change the network offering. They can either upgrade to a “premium” network offering (for example offering that uses hardware Load-balancer) or downgrade to a “cheaper” network.
  • 33. Restarting and Cleaning Up a Guest Network • Restarting the network will simply resend all the LB, Firewall and Port-Forwarding rules to the network provider • Restarting the Network with “Clean up”: • restarting network elements - virtual routers, DHCP servers • If virtual router is used, it will be destroyed and recreated • Reapplying all public IPs to the network provider • Reapplying load-Balancing/Port- Forwarding/Firewall rules
  • 34. Deleting a Guest Network • An Isolated Guest Network can only be deleted if no VMs are using these network (e.g. Completely destroyed and expunged) • Deleting a Network will Destroy the Virtual Router (if used) and will release the Public IPs back to the IP Pool
  • 35. Extending CloudStack Networking 2. prepare (Network, Nic, DeployDestination, VmInfo) 1. prepare (part of start vm) Network Network Element PluggableService Manager Needs to be added as of 5/2/2012 Device Configuration MyDnsDeviceSer Admin API (CRUD) DnsService vice 3. addDnsRecord(ip, fqdn) Demonstrates one way to MyDnsDeviceMa MySQL MyDnsElement inform an external DNS nager server when an instance starts. AgentManag 4.Enqueue AddDnsRecord er Queue Classes shaded blue form a plugin / service bundle to integrate an external DNS MyDnsDeviceRes server. Clients of the ource instance can then use DNS names to access the 5.API call to Dns Device instance.
  • 36. CloudStack Virtual Router (Virtual Router) • The Virtual Router will be deployed once (when the first instance is deployed in a Zone) when a Shared Network is used providing DHCP and DNS services for the Zone’s Instances (IPs will be allocated from the Public IP Range entered in CloudStack) • When Advanced is used the Router will be deployed Per- Account (and Per Unique Isolated Guest Network) • Virtual Router can serve and isolate VMs even if deployed on a different Hypervisor
  • 37. CloudStack Virtual Router • The Virtual Router will have 3 NICs: – Eth0 will be connected to the Isolated Guest Network (for Advanced VLAN). It will have the first IP in the CIDR (for example10.1.1.1) and it will be the DNS, DHCP and Gateway for the Instances in the Private Guest Network. – Eth1 resides on local-link network (only for KVM and XenServer) or the Management Network (on VMware) and is used by CloudStack to configure the virtual router. On VMware it will use an IPs from the Management Network IP Range (e.g. Pod Private Range) – Eth2 resides on the Public Network and assigned with a Public IP from the range entered in CloudStack (users can ‘Acquire New IPs’ if needed) • In the default Isolated Mode - Source NAT is automatically configured on the virtual router to forward outbound traffic for all guest VMs and block all incoming traffic (users can manage incoming rules from UI)
  • 38. Virtual Router Information (applies to all Sys. VMs) • Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security APT repository. No extraneous accounts • 32-bit for enhanced performance on Xen/VMWare • Only essential software packages are installed. Services such as, printing, ftp, telnet, X, kudzu, dns, sendmail are not installed. • SSHd only listens on the private/link-local interface. SSH port has been changed to a non- standard port. SSH logins only using keys (keys are generated at install time and are unique for every customer) • pvops kernel with Xen paravirt drivers + KVM virtio drivers + VMware tools for optimum performance on all hypervisors. Xen tools inclusion allows performance monitoring • Template is built from scratch and is not polluted with any old logs or history • Latest versions of haproxy, iptables, ipsec, apache from debian repository ensures improved security and speed • Latest version of jre from Oracle ensures improved security and speed

Editor's Notes

  1. Network OfferingsThe administrator starts off with deciding the network offerings they want to provide throughout their entire cloud offering. Network Offerings group together a set of network services such as firewall, dhcp, dns, etc.Network Offerings allow specific network service providers to be specified.Network Offerings can be tagged to specifically choose the underlying network.Network Offerings have the following states: Disabled, Enabled, Inactive.  All Network Offerings are created in the Disabled state.  Once a network offering has been configured to the correct stateCertain Network Offerings are for used by the system only.  This means end users cannot see them.Network Offerings can be updated to enable/disable services and providers.  Once that is done, it is up to the administrator to reprogram all of the networks that are based on that network offering.Network Offerings tags cannot be updated.  However, the tags on the physical networks can be updated and deleted.CloudStack is deployed with three default network offerings for the end users, virtual network offering and shared network offering without security group and a shared network offering with security group.
  2. * Security Groups “providers” are the hypervisors (only XenServer and KVM)
  3. NOTE: When selecting Project or Account Scope the Service Offering “Isolated Network without Source NAT” will be available.When selecting a Domain Scope, Administrators can decide if Network will be available for the domain only and its sub-domains.
  4. For latest information: http://docs.cloud.com/Knowledge_Base/Domain_Router_Security