Murali Reddy, profile picture
Uploaded byMurali Reddy
1,873 views

Distributed routing

This document discusses using SDN and OpenFlow to implement distributed routing in CloudStack. It describes how traditional VPC deployment has issues like traffic trombone effects and single points of failure. The CloudStack solution uses Open vSwitch bridges on each host configured by a CloudStack controller to act as logical routers, performing distributed routing for east-west traffic within a VPC while continuing to use VPC virtual routers for north-south traffic. It explains how the CloudStack controller populates the OpenFlow tables on each host bridge to implement the distributed routing and ACL policies.

Embed presentation

Downloaded 20 times
CloudStack: Distributed routing and ACL’s with SDN
problem statement VM1 VM2 VM3 ● problems with VPC in traditional deployment ○ traffic trombone ○ VPC VR is choke point ○ scale up model ○ single point of failure Blue tier bridge Orange tier bridge Orange tier bridge Blue tier bridge Orange tier bridge VPC VR Public traffic bridge inter tier (east-west) traffic public (north-south) traffic host 1 host 2 host 3
distributed routing VM1 logical router VM2 VM3 SDN controller VM4 VM5 logical router logical router host 1 host 2 host 3 ● HW appliance -> Virtual Appliance -> Hypervisor based L2-L7 services ● intelligence built by controller ● efficient data path but increased complexity (dist configuration) in controller ● topology, policy changes results in updates to hosts ● minimize convergence time inter tier traffic public traffic
distributed routing (contd..) ● SDN controllers implementing distributed routing ○ Vmware NSX ○ Hyper-V HNV ○ Midokura ○ Contrail
What’s in CloudStack ● Leverage OpenFlow capabilities of OVS to do distributed routing ● Implements east-west traffic services in OVS bridge ○ Network ACL’s ○ Inter-tier routing ● For north-south traffic and services VPC VR continues to be gateway and provide services ● implemented for overlay networks, but can be implemented for VLAN’s as well ● premise: east-west traffic is predominant ● CloudStack solution is similar to NSX (DLR for east-west traffic, ESR edge service router for north south traffic)
CloudStack - distributed routing VM1 VM2 VM3 logical router (OVS bridge) VPC VR VM4 VM5 logical router (OVS bridge) logical router (OVS bridge) host 1 host 2 host 3 SDN controller in CloudStack ● OVS bridge configured to act as logical router, performing ○ ingress/egress ACL ○ Inter tier routing ○ L2 switching ● single bridge for all VPC tiers ● bridge no a longer learn-flood switch, data path is software (CloudStack controller) defined
CloudStack traditional VPC inter-tier packet flow VM2 ● Sequence of action for packet flow from VM1 to VM2 VPC VR ○ ARP request for gateway 10.1.1.1 ○ ARP response for 10.1.1.1 ○ packet sent to gateway (src MAC = VM1’s mac, dst MAC = source subnet gateway mac, src IP = VM1 ip, dst IP = VM2 IP) ○ packet routed by VPC VR and sent on destination subnet after modifying packet (src MAC = destination subnet gateway mac, dst MAC =VM2 mac, src IP = VM1 ip, dst IP = VM2 IP) VM1 Blue tier bridge Orange tier bridge Blue tier bridge Orange tier bridge host 1 host 2 1 2 1 2 3 3 4 4
logical router - packet flow B/M traffic L2 switching L2 Flooding From tunnel port no Egress ACL yes Inter-tier traffic IP outort IP outport IP outport Drop Looku p hit Drop yes L3 lookup Ingress ACL Flow action Flow action Flow action yes no yes no yes no IP outort IP outport IP outport Flow action Flow action Flow action yes no Looku p hit inport outorts inport outorts inport outorts yes send on outport/outports no no Modify packet
OpenFlow - pipeline processing Matching fields Action Counters ● Pipeline processing : OpenFlow abstractions to build complex packet processing logic
OVS bridge- logical router- pipeline processing How does CloudStack controller populate forwarding tables?
Populating L2,L3 lookup and ACL tables ● management server has the knowledge ○ Hosts on which VPC spans ○ tiers in the VPC ○ VM in each tier and corresponding IP address of the NIC ○ gateway and CIDR of each tier ○ routing policies (ingress & egress ACL’s) ● management server orchestrates ○ VM Start, Stop, Migrate ○ tier create, destroy etc ○ network ACL replaced ● for each change that affects VPC topology and routing policies triggers the update to OpenFlow tables based on the latest info ● Agent commands ○ OvsVpcRoutingPolicyConfigCommand ○ OvsVpcPhysicalTopologyConfigCommand
OvsVpcPhysicalTopologyConfigCommand ● For each change in VPC topology controller sends JSON representation of VPC topology to each host ● each host process topology to form the knowledge of ○ a MAC is reachable through which VIF/tunnel port ○ an IP address is required packet modification needed to route the packet
OvsVpcRoutingPolicyConfigCommand ● For each change in Network ACL associated with a tier in VPC, controller sends JSON representation of VPC routing policies to each host ● each host process routing policies to add flow rules to permit/deny flows
Sync mechanism ● On host reconnect ○ send physical topology update for each VPC spanned on the host ○ send routing policies update for each VPC spanned on the host ● periodic updates

More Related Content

PDF
Performance Evaluation of GTP-U and SRv6 Stateless Translation
byChunghan Lee
 
PPTX
PLNOG 17 - Leonir Hoxha - Next Generation Network Architecture - Segment Routing
byPROIDEA
 
PPTX
Routing, Network Performance, and Role of Analytics
byAPNIC
 
PPT
Intelligent Network Services through Active Flow Manipulation
byTal Lavian Ph.D.
 
ODP
What's new in Neutron Juno
byJaume Devesa Gomez
 
PPTX
Design and Implementation of a Load Balancing Algorithm for a Clustered SDN C...
byDaniel Gheorghita
 
PPTX
Innovation is back in the transport and network layers
byOlivier Bonaventure
 
PPTX
Barak Perlman, ConteXtream - SFC (Service Function Chaining) Using Openstack ...
byCloud Native Day Tel Aviv
 
Performance Evaluation of GTP-U and SRv6 Stateless Translation
byChunghan Lee
 
PLNOG 17 - Leonir Hoxha - Next Generation Network Architecture - Segment Routing
byPROIDEA
 
Routing, Network Performance, and Role of Analytics
byAPNIC
 
Intelligent Network Services through Active Flow Manipulation
byTal Lavian Ph.D.
 
What's new in Neutron Juno
byJaume Devesa Gomez
 
Design and Implementation of a Load Balancing Algorithm for a Clustered SDN C...
byDaniel Gheorghita
 
Innovation is back in the transport and network layers
byOlivier Bonaventure
 
Barak Perlman, ConteXtream - SFC (Service Function Chaining) Using Openstack ...
byCloud Native Day Tel Aviv
 

What's hot

PPTX
OTV PPT by NETWORKERS HOME
bynetworkershome
 
PPTX
VXLAN
bySAliyev1
 
PPTX
OTV(Overlay Transport Virtualization)
byNetProtocol Xpert
 
PPTX
Fabric Path PPT by NETWORKERS HOME
bynetworkershome
 
PPTX
LISP and NSH in Open vSwitch
bymestery
 
PPTX
Point to-point protocol (ppp), PAP & CHAP
byNetProtocol Xpert
 
PPTX
Cisco OTV 
byNetProtocol Xpert
 
PPTX
VPC PPT @NETWORKERSHOME
bynetworkershome
 
PDF
OPNFV Service Function Chaining
byOPNFV
 
PPTX
Open Flow Protocol
byVishal S M B
 
PPTX
Private VLANs
byNetProtocol Xpert
 
PPTX
DEVNET-1175 OpenDaylight Service Function Chaining
byCisco DevNet
 
PPTX
IPv6 Entreprise Multihoming
byOlivier Bonaventure
 
PDF
Hungary Usergroup - Midonet overlay programming
byMarton Kiss
 
PPTX
PLNOG 13: Michał Dubiel: OpenContrail software architecture
byPROIDEA
 
ODP
Wireless openflow (english)
byHiroaki Kawai
 
PPTX
Otv notes
byKrunal Shah
 
PPT
Design device driver for wireless device using 32 bit microcontroller
bykantha123
 
PPTX
Segment Routing & Application Engeering Routing
byBertrand Duvivier
 
PDF
【EPN Seminar Nov.10.2015】 Services Function Chaining Architecture, Standardiz...
byシスコシステムズ合同会社
 
OTV PPT by NETWORKERS HOME
bynetworkershome
 
VXLAN
bySAliyev1
 
OTV(Overlay Transport Virtualization)
byNetProtocol Xpert
 
Fabric Path PPT by NETWORKERS HOME
bynetworkershome
 
LISP and NSH in Open vSwitch
bymestery
 
Point to-point protocol (ppp), PAP & CHAP
byNetProtocol Xpert
 
Cisco OTV 
byNetProtocol Xpert
 
VPC PPT @NETWORKERSHOME
bynetworkershome
 
OPNFV Service Function Chaining
byOPNFV
 
Open Flow Protocol
byVishal S M B
 
Private VLANs
byNetProtocol Xpert
 
DEVNET-1175 OpenDaylight Service Function Chaining
byCisco DevNet
 
IPv6 Entreprise Multihoming
byOlivier Bonaventure
 
Hungary Usergroup - Midonet overlay programming
byMarton Kiss
 
PLNOG 13: Michał Dubiel: OpenContrail software architecture
byPROIDEA
 
Wireless openflow (english)
byHiroaki Kawai
 
Otv notes
byKrunal Shah
 
Design device driver for wireless device using 32 bit microcontroller
bykantha123
 
Segment Routing & Application Engeering Routing
byBertrand Duvivier
 
【EPN Seminar Nov.10.2015】 Services Function Chaining Architecture, Standardiz...
byシスコシステムズ合同会社
 

Viewers also liked

PDF
SDN interfaces and performance analysis of SDN components
bySteffen Gebert
 
PDF
Cv Ebo Bakker 2016
byEbo Bakker
 
PDF
ccna3
byAHMED HASSAN
 
PPTX
Innovation in SDN Tools and Platforms
byUmesh Krishnaswamy
 
PDF
Investigating the Impact of Network Topology on the Processing Times of SDN C...
bySteffen Gebert
 
PDF
Is SDN ready for primetime?
byAPNIC
 
PPTX
Vehicular Delay Tolerant Network (VDTN): Routing Perspectives
bySyed Hassan Ahmed
 
PPTX
Real world hybrid cloud session - OpenStack DACH 2015
byassafleb
 
PDF
Webinar: Hybrid Cloud Integration - Why It's Different and Why It Matters
bySnapLogic
 
PPTX
Cloud Computing #Manoj_Rockstar
byManoj Magatapalli
 
PPTX
Mobile Cloud Computing : The Upcoming Trend !
bySai Natkar
 
PPT
Cloud computing Brief
byJustin Lee
 
SDN interfaces and performance analysis of SDN components
bySteffen Gebert
 
Cv Ebo Bakker 2016
byEbo Bakker
 
ccna3
byAHMED HASSAN
 
Innovation in SDN Tools and Platforms
byUmesh Krishnaswamy
 
Investigating the Impact of Network Topology on the Processing Times of SDN C...
bySteffen Gebert
 
Is SDN ready for primetime?
byAPNIC
 
Vehicular Delay Tolerant Network (VDTN): Routing Perspectives
bySyed Hassan Ahmed
 
Real world hybrid cloud session - OpenStack DACH 2015
byassafleb
 
Webinar: Hybrid Cloud Integration - Why It's Different and Why It Matters
bySnapLogic
 
Cloud Computing #Manoj_Rockstar
byManoj Magatapalli
 
Mobile Cloud Computing : The Upcoming Trend !
bySai Natkar
 
Cloud computing Brief
byJustin Lee
 

Similar to Distributed routing

PPTX
Network and Service Virtualization tutorial at ONUG Spring 2015
bySDN Hub
 
PDF
Understanding network and service virtualization
bySDN Hub
 
PDF
SDN & NFV Introduction - Open Source Data Center Networking
byThomas Graf
 
PDF
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
byShapeBlue
 
PDF
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
byNETWAYS
 
PPT
CloudStack and SDN
bySebastien Goasguen
 
PDF
Directions for CloudStack Networking
byChiradeep Vittal
 
PPTX
Optimising nfv service chains on open stack using docker
byAnanth Padmanabhan
 
PDF
Network Virtualization & Software-defined Networking
byDigicomp Academy AG
 
PPTX
OpenStack MeetUp - OpenContrail Presentation
byStacy Véronneau
 
PDF
Osdc2014 openstack networking yves_fauser
byyfauser
 
PPTX
Hong kongopenstack2013 sdn_bluehost
byJun Park
 
PDF
CloudStack Networking Overview - Jan 28, 2014
bySheng Yang
 
PPTX
Understanding and deploying Network Virtualization
bySDN Hub
 
PPTX
Optimising nfv service chains on open stack using docker
bySatya Sanjibani Routray
 
PPTX
Optimising nfv service chains on open stack using docker
byRahul Krishna Upadhyaya
 
PDF
The Future of SDN in CloudStack by Chiradeep Vittal
bybuildacloud
 
ODP
Cloudstack networking2
byHiroaki Kawai
 
PDF
OpenFlow as a Service from research institute
byVijayaguru Jayaram
 
PDF
OWF12/Open Standards for Cloud - Cs owf
byParis Open Source Summit
 
Network and Service Virtualization tutorial at ONUG Spring 2015
bySDN Hub
 
Understanding network and service virtualization
bySDN Hub
 
SDN & NFV Introduction - Open Source Data Center Networking
byThomas Graf
 
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
byShapeBlue
 
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
byNETWAYS
 
CloudStack and SDN
bySebastien Goasguen
 
Directions for CloudStack Networking
byChiradeep Vittal
 
Optimising nfv service chains on open stack using docker
byAnanth Padmanabhan
 
Network Virtualization & Software-defined Networking
byDigicomp Academy AG
 
OpenStack MeetUp - OpenContrail Presentation
byStacy Véronneau
 
Osdc2014 openstack networking yves_fauser
byyfauser
 
Hong kongopenstack2013 sdn_bluehost
byJun Park
 
CloudStack Networking Overview - Jan 28, 2014
bySheng Yang
 
Understanding and deploying Network Virtualization
bySDN Hub
 
Optimising nfv service chains on open stack using docker
bySatya Sanjibani Routray
 
Optimising nfv service chains on open stack using docker
byRahul Krishna Upadhyaya
 
The Future of SDN in CloudStack by Chiradeep Vittal
bybuildacloud
 
Cloudstack networking2
byHiroaki Kawai
 
OpenFlow as a Service from research institute
byVijayaguru Jayaram
 
OWF12/Open Standards for Cloud - Cs owf
byParis Open Source Summit
 

Recently uploaded

PPTX
Unit II Introduction to C programming ppts
bypawarbhaktiit
 
PDF
Foundations of AI and ML - Mechanical Engineering Perspectives.pdf
byVyankateshBhaurkar1
 
PDF
Finite Automata With Output - Moore and Mealy Machines definitions and Solved...
byNileshPardeshi28
 
PDF
Learn Linux in your Android Phone (Learn on the Go)
byNarendran Solai Sridharan
 
PPTX
review of transistor circuit and applications
bysophieshuqinghuang
 
PPTX
Power Circuit Breakers and Substations .pptx
byJawadAmjad16
 
PDF
BOE 2.1 Inch LCD 1600X1600 For VR AR Headset Smart Device
bySyluxdisplay
 
PPTX
CFP_Unit 3 Decision Control and Looping Statements
bypawarbhaktiit
 
PDF
UNIT02_TRE_GEOMETRIC DESIGN.pdf_________
byAaquib Ansari
 
PPTX
Hospital Management System Project- 220180107010.pptx
bypravjo279
 
PDF
SURAJIT PARAMANIK_ME_3RD_THERMODYNAMICS.pdf
byastikparamanik1970
 
PDF
Basic Laws of Introduction to Electrical Engineering
byshukiganewolfgang
 
PPTX
CFP_Unit 5. Structure and Functions pptx
bypawarbhaktiit
 
PDF
Yes, we put AI agents in production. No, don't try this at home
byMarie-Alice Blete
 
PPTX
analog communication part two lecture note
byhirutfanta1212
 
PDF
Lec1a-infinite square well-particle in a box.pdf
byb17052006bhuvanasent
 
PDF
Interaction with IIT Khatragpur for Infrastructure Development
byHARSIMRAN SINGH
 
PDF
-الشهادة وعتماد 2.pdf كلريوس الهندسة المدنية والعمارية تخصص هندسة المساحة
byqp123qp12320
 
PPTX
Two Unethical Issue Engineers Practice.pptx
byhehbe481
 
PPTX
The Most Dangerous Asset in Your Plant Is the One You Ignore | CXO Guide to H...
byMaintWiz Technologies Private Limited
 
Unit II Introduction to C programming ppts
bypawarbhaktiit
 
Foundations of AI and ML - Mechanical Engineering Perspectives.pdf
byVyankateshBhaurkar1
 
Finite Automata With Output - Moore and Mealy Machines definitions and Solved...
byNileshPardeshi28
 
Learn Linux in your Android Phone (Learn on the Go)
byNarendran Solai Sridharan
 
review of transistor circuit and applications
bysophieshuqinghuang
 
Power Circuit Breakers and Substations .pptx
byJawadAmjad16
 
BOE 2.1 Inch LCD 1600X1600 For VR AR Headset Smart Device
bySyluxdisplay
 
CFP_Unit 3 Decision Control and Looping Statements
bypawarbhaktiit
 
UNIT02_TRE_GEOMETRIC DESIGN.pdf_________
byAaquib Ansari
 
Hospital Management System Project- 220180107010.pptx
bypravjo279
 
SURAJIT PARAMANIK_ME_3RD_THERMODYNAMICS.pdf
byastikparamanik1970
 
Basic Laws of Introduction to Electrical Engineering
byshukiganewolfgang
 
CFP_Unit 5. Structure and Functions pptx
bypawarbhaktiit
 
Yes, we put AI agents in production. No, don't try this at home
byMarie-Alice Blete
 
analog communication part two lecture note
byhirutfanta1212
 
Lec1a-infinite square well-particle in a box.pdf
byb17052006bhuvanasent
 
Interaction with IIT Khatragpur for Infrastructure Development
byHARSIMRAN SINGH
 
-الشهادة وعتماد 2.pdf كلريوس الهندسة المدنية والعمارية تخصص هندسة المساحة
byqp123qp12320
 
Two Unethical Issue Engineers Practice.pptx
byhehbe481
 
The Most Dangerous Asset in Your Plant Is the One You Ignore | CXO Guide to H...
byMaintWiz Technologies Private Limited
 

Distributed routing

  • 1.
    CloudStack: Distributed routingand ACL’s with SDN
  • 2.
    problem statement VM1 VM2 VM3 ● problems with VPC in traditional deployment ○ traffic trombone ○ VPC VR is choke point ○ scale up model ○ single point of failure Blue tier bridge Orange tier bridge Orange tier bridge Blue tier bridge Orange tier bridge VPC VR Public traffic bridge inter tier (east-west) traffic public (north-south) traffic host 1 host 2 host 3
  • 3.
    distributed routing VM1 logical router VM2 VM3 SDN controller VM4 VM5 logical router logical router host 1 host 2 host 3 ● HW appliance -> Virtual Appliance -> Hypervisor based L2-L7 services ● intelligence built by controller ● efficient data path but increased complexity (dist configuration) in controller ● topology, policy changes results in updates to hosts ● minimize convergence time inter tier traffic public traffic
  • 4.
    distributed routing (contd..) ● SDN controllers implementing distributed routing ○ Vmware NSX ○ Hyper-V HNV ○ Midokura ○ Contrail
  • 5.
    What’s in CloudStack ● Leverage OpenFlow capabilities of OVS to do distributed routing ● Implements east-west traffic services in OVS bridge ○ Network ACL’s ○ Inter-tier routing ● For north-south traffic and services VPC VR continues to be gateway and provide services ● implemented for overlay networks, but can be implemented for VLAN’s as well ● premise: east-west traffic is predominant ● CloudStack solution is similar to NSX (DLR for east-west traffic, ESR edge service router for north south traffic)
  • 6.
    CloudStack - distributedrouting VM1 VM2 VM3 logical router (OVS bridge) VPC VR VM4 VM5 logical router (OVS bridge) logical router (OVS bridge) host 1 host 2 host 3 SDN controller in CloudStack ● OVS bridge configured to act as logical router, performing ○ ingress/egress ACL ○ Inter tier routing ○ L2 switching ● single bridge for all VPC tiers ● bridge no a longer learn-flood switch, data path is software (CloudStack controller) defined
  • 7.
    CloudStack traditional VPCinter-tier packet flow VM2 ● Sequence of action for packet flow from VM1 to VM2 VPC VR ○ ARP request for gateway 10.1.1.1 ○ ARP response for 10.1.1.1 ○ packet sent to gateway (src MAC = VM1’s mac, dst MAC = source subnet gateway mac, src IP = VM1 ip, dst IP = VM2 IP) ○ packet routed by VPC VR and sent on destination subnet after modifying packet (src MAC = destination subnet gateway mac, dst MAC =VM2 mac, src IP = VM1 ip, dst IP = VM2 IP) VM1 Blue tier bridge Orange tier bridge Blue tier bridge Orange tier bridge host 1 host 2 1 2 1 2 3 3 4 4
  • 8.
    logical router -packet flow B/M traffic L2 switching L2 Flooding From tunnel port no Egress ACL yes Inter-tier traffic IP outort IP outport IP outport Drop Looku p hit Drop yes L3 lookup Ingress ACL Flow action Flow action Flow action yes no yes no yes no IP outort IP outport IP outport Flow action Flow action Flow action yes no Looku p hit inport outorts inport outorts inport outorts yes send on outport/outports no no Modify packet
  • 9.
    OpenFlow - pipelineprocessing Matching fields Action Counters ● Pipeline processing : OpenFlow abstractions to build complex packet processing logic
  • 10.
    OVS bridge- logicalrouter- pipeline processing How does CloudStack controller populate forwarding tables?
  • 11.
    Populating L2,L3 lookupand ACL tables ● management server has the knowledge ○ Hosts on which VPC spans ○ tiers in the VPC ○ VM in each tier and corresponding IP address of the NIC ○ gateway and CIDR of each tier ○ routing policies (ingress & egress ACL’s) ● management server orchestrates ○ VM Start, Stop, Migrate ○ tier create, destroy etc ○ network ACL replaced ● for each change that affects VPC topology and routing policies triggers the update to OpenFlow tables based on the latest info ● Agent commands ○ OvsVpcRoutingPolicyConfigCommand ○ OvsVpcPhysicalTopologyConfigCommand
  • 12.
    OvsVpcPhysicalTopologyConfigCommand ● Foreach change in VPC topology controller sends JSON representation of VPC topology to each host ● each host process topology to form the knowledge of ○ a MAC is reachable through which VIF/tunnel port ○ an IP address is required packet modification needed to route the packet
  • 13.
    OvsVpcRoutingPolicyConfigCommand ● Foreach change in Network ACL associated with a tier in VPC, controller sends JSON representation of VPC routing policies to each host ● each host process routing policies to add flow rules to permit/deny flows
  • 14.
    Sync mechanism ●On host reconnect ○ send physical topology update for each VPC spanned on the host ○ send routing policies update for each VPC spanned on the host ● periodic updates