The document outlines the architecture and features of CloudStack, focusing on SDN and overlay networks. It discusses VLAN limitations, virtual machine deployment, and the creation of layer-2 networks using GRE tunnels, emphasizing benefits such as scalability and enhanced traffic management. Additionally, it highlights the proactive nature of CloudStack's SDN controller in preventing broadcast storms and managing network services.

1. SDN & CloudStack
Chiradeep Salvatore
@Chiradeep @ taturiello
April, 2012

2. Outline
• CloudStack Cloud Architecture
• VLAN Limitations
• SDN & Overlay Networks
○ Deploy Virtual Machines
○ Create Overlay Layer-2 Network
○ Flow programming
• Benefits

3. CloudStack Cloud Architecture
Internet  Hypervisor is the basic unit of scale.
CloudStack
Management
Server  Cluster consists of one ore more hosts of
Zone 1 same hypervisor
L3 core  All hosts in cluster have access to shared
(primary) storage
Pod 1 Access Layer Pod N  Pod is one or more clusters, usually with
Secondary
L2 switches.
…. Storage
Cluster N  Availability Zone has one or more
pods, has access to secondary storage.
….  One or more zones represent cloud
Cluster 1
Host 1
Primary
Storage
Host 2

4. VLAN Limitations
• Multi-tenancy
○ Tenants are isolated by assigning separate VLANs
○ Tenant can own multiple VLANs. E.g., multi-tier application
• Limitations
○ 4K VLANs maximum
○ VLANs span across the zone (datacenter)
○ All switches are configured with all VLANs
○ See multicast, broadcast traffic even if no associated VM
○ Traffic tromboning across the zone for east-west traffic
Limit few hundred tenants per zone

5. Deploy Virtual Machines
 User requests for isolated layer-
CS Management Server 2 network
 CS follows 'lazy create' model
and stores the request in DB
until VM deployment
Create Network A Create DB Entry
P
I
MySQL DB

6. Deploy Virtual Machines
 User requests for isolated layer-
2 network
Deployment
Planner
 CS follows 'lazy create' model
Pass VM resource
and stores the request in DB
requirements
until VM deployment
Deploy VMs Determines hosts
A
(vm1, vm2, vm3)
P
to deploy VMs
vm1  Host1
 User deploys VMs with specific
I vm2  Host2 resource requirements
vm3  Host4
 CS 'Deployment Planner'
determines the ideal hosts to
place the VMs based on the
MySQL DB resource requirements

7. Deploy Virtual Machines
 User requests for isolated layer-
2 network
 CS follows 'lazy create' model
Host 1 Host 3
and stores the request in DB
until VM deployment
VM
1
 User deploys VMs with specific
resource requirements
 CS 'Deployment Planner'
determines the ideal hosts to
Host 2 Host 4 place the VMs based on the
VM VM resource requirements
2 3 VR
 Place VMs on appropriate hosts

8. Create Overlay L2 Networks
 Create Full Mesh of GRE tunnels
CloudStack
SDN
(if they don't already exist)
Controller between hosts on which VMs
are deployed
Host 1 (Pod 2) Host 3 (Pod 3)
VM
OVS
 CloudStack SDN controller
1 programs the Open vSwitch
(OVS) on XenServer to configure
GRE Tunnel GRE tunnels
Host 2 (Pod 4) Host 4 (Pod 2)
OVS OVS
VM VM
2 3 VR
GRE Tunnel GRE Tunnel

9. Create Overlay L2 Networks
 Create Full Mesh of GRE tunnels
(if they don't already exist)
Tenant1 between hosts on which VMs
Tenant2 are deployed
Host 1 Host 3
VM VM VM
 CloudStack SDN controller
1 1 3 VR programs the Open vSwitch
(OVS) on XenServer to configure
GRE Tunnel GRE tunnels
 Assign 'Tenant' key to the
customer that allows traffic
Host 2 Host 4
isolation from other tenants
VM VM VM
VR
2 2 3
 New customers can share the
established GRE tunnels with
GRE Tunnel GRE Tunnel separate tenant keys

10. Overlay Networks Cross Layer-3 Boundary
Datacenter1 / Zone1 Datacenter2 / Zone2
Host 3
Host 3
Host 1
Host 1
VM
VM
4
1
Host 2 Host 4
Host 2 Host 4
VM
VM VM
2 3 VR 5
GRE Tunnels (overlay L2 networks) can cross L3 (core) routers. This allows customers to seamlessly access resources
across different datacenters

11. Flow Programming to Prevent Broadcast Storms
 CloudStack controller programs
CS MS
SDN
OVS to prevent packet loops
Controller and broadcast storms
Host 1 Host 3
OVS OVS
VM VM
1 4
Host 2
OVS OVS Host 4
VM VM
2 3 VR

12. Flow Programming to Prevent Broadcast Storms
 CloudStack controller programs
OVS to prevent packet loops
and broadcast storms
Host 1 Host 3
 VM sends a broadcast packet.
VM VM It's sent out via all the GRE
1 4
tunnel interfaces
 Hypervisors receive the
broadcast packets and transmit
them to appropriate VMs.
But, these packets are not
Host 2
Host 4 transmitted back onto GRE
tunnel interfaces
VM VM
2 3 VR

13. CloudStack SDN Controller is Proactive
 Controller is complete topology
aware and pre-programs all
CloudStack flow rules
SDN Controller
 No delay for new flows
Program flow rules
 Highly scalable
Host 1
New flow1
VM 1 OVS  OVS is fully functional even in
the event of failure

14. Overlay L2 Networks & Network Services
NW Services
• DNS & DHCP
• NAT
• LB
• VPN
Tenant2 Public Network
Host 1 Host 3
VM VM VR
1 3
CloudStack Virtual Router
supports variety of
GRE Tunnel
Network Services
Host 2 Host 4
VM
2
GRE Tunnel GRE Tunnel

15. Benefits
• 'Unlimited' Scalability
○ Only one GRE tunnel between any pair of hosts. 'Order N' scaling of GRE tunnels w.r.t hosts
in the cloud
○ Tenant key is 32 bits. Can scale up to (2^32 - 1) tenants
• Tunnels can extend to multiple datacenters across core (L3) routers
○ Seamless communication between resources across 'datacenters' in the cloud
• Avoid traffic 'trombooning'

16. Future
• Support for security groups
• Optimize ARP & DHCP responses
• Use Openflow to program OVS
• Integrate with 3rd party SDN controllers
• AWS VPC semantics
16