Midokura has made the source code for MidoNet freely available at www.midonet.org, delivering the truly open, vendor-agnostic network virtualization solution available for the OpenStack and the Docker community.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
FOSDEM 2015
Presenters: Antonio Sagliocco, Alex Bikfalvi in Midokura Engineering
Technical Presentation about the MidoNet architecture and in-depth discussion about MidoNet features like Distributed Layer 2 Switching, Distributed Layer 3 Routing, Firewall, NAT and Distributed Flow State.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
Presenter: Taku Fukushima, Midokura Engineering
Technical Deep Dive into MidoNet - Taku Fukushima, Developer at MidokuraMidoNet
This is a technical deep-dive into the MidoNet components and how to contribute code into the open source MidoNet project.
Presenter: Taku Fukushima, Developer at Midokura
This presentation focuses on a set of problems that MidoNet intends to solve. For each problem, we describe the problem and explain today's capabilities as well as future improvements.
Technical Presentation about the MidoNet architecture and in-depth discussion about MidoNet features like Distributed Layer 2 Switching, Distributed Layer 3 Routing, Firewall, NAT and Distributed Flow State.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
Presenter: Taku Fukushima, Midokura Engineering
Technical Deep Dive into MidoNet - Taku Fukushima, Developer at MidokuraMidoNet
This is a technical deep-dive into the MidoNet components and how to contribute code into the open source MidoNet project.
Presenter: Taku Fukushima, Developer at Midokura
This presentation focuses on a set of problems that MidoNet intends to solve. For each problem, we describe the problem and explain today's capabilities as well as future improvements.
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
Tutorial at ONUG Spring 2015 on Network and Service Virtualization. The tutorial covers three converging trends 1) Network virtualization, 2) Service virtualization, 3) overlay networking for Docker and OpenStack. The talk concludes with pointers to the hands-on portion of the tutorial that uses LorisPack, and the operational lessons learned.
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
Learn the production pros and cons of operating Neutron legacy and HA routers on compute nodes in your production cloud. Not ready for DVR or third-party network overhauls? Virtual router network “hot spots” got you down? Large virtual router failure domains keeping you up late at night? Neutron reference architectures not providing a scalable routing solution? If you answered yes to any of these questions then this talk is for you.
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
A look at cloud network virtualization requirements, several implementation options, a retrospective on Neutron, and a presentation of the state of the art of Network Virtualization Overlays.
Nicolai van der Smagt has been in the business of designing, implementing and running SP networks for over 15 years. He has worked with DOCSIS, DSL and FTTH operators. Nowadays, Nicolai is helping Infradata’s pan-European customers build better access, aggregation and core networks, but his focus is on the data center, SDN, NFV and the whitebox switching revolution. His motto: “Simplicity is sophistication”.
Topic of Presentation: SDN
Language: English
Abstract:
Open source SDN that actually works -today
OpenContrail is an open source (Apache 2.0 licensed) project that provides network virtualization in the data center, using tried and tested open standards. It provides northbound APIs, integrates in Openstack or Cloudstack and is available today!
In this slot we’ll show you the architecture and ideas behind the technology and how OpenContrail enables you to avoid the pitfalls that other (closed) SDN solutions bring. If time permits we’ll also demo the technology.
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingAdam Johnson
OpenStack Neutron Networking OVS Plugin Overview. Improve networking scale and performance with a third party distributed overlay solution, such as MidoNet.
Understanding and deploying Network VirtualizationSDN Hub
Analogous to server virtualization, Network Virtualization decouples and isolates virtual networks (i.e. tenant) from the underlying network hardware. One of the key value propositions of Software-Defined Networking (SDN) is to enable the provisioning and operation of virtual networks. This tutorial motivates the need for network virtualization, describes the high-level requirements, provides an overview of all architectural approaches, and gives you a clear picture of the vendor landscape.
Previously presented at ONUG Fall 2013 and Spring 2014.
VMworld 2013
Archish Dalal, VMware
Nikhil Kelshikar, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
Tutorial at ONUG Spring 2015 on Network and Service Virtualization. The tutorial covers three converging trends 1) Network virtualization, 2) Service virtualization, 3) overlay networking for Docker and OpenStack. The talk concludes with pointers to the hands-on portion of the tutorial that uses LorisPack, and the operational lessons learned.
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
Learn the production pros and cons of operating Neutron legacy and HA routers on compute nodes in your production cloud. Not ready for DVR or third-party network overhauls? Virtual router network “hot spots” got you down? Large virtual router failure domains keeping you up late at night? Neutron reference architectures not providing a scalable routing solution? If you answered yes to any of these questions then this talk is for you.
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
A look at cloud network virtualization requirements, several implementation options, a retrospective on Neutron, and a presentation of the state of the art of Network Virtualization Overlays.
Nicolai van der Smagt has been in the business of designing, implementing and running SP networks for over 15 years. He has worked with DOCSIS, DSL and FTTH operators. Nowadays, Nicolai is helping Infradata’s pan-European customers build better access, aggregation and core networks, but his focus is on the data center, SDN, NFV and the whitebox switching revolution. His motto: “Simplicity is sophistication”.
Topic of Presentation: SDN
Language: English
Abstract:
Open source SDN that actually works -today
OpenContrail is an open source (Apache 2.0 licensed) project that provides network virtualization in the data center, using tried and tested open standards. It provides northbound APIs, integrates in Openstack or Cloudstack and is available today!
In this slot we’ll show you the architecture and ideas behind the technology and how OpenContrail enables you to avoid the pitfalls that other (closed) SDN solutions bring. If time permits we’ll also demo the technology.
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingAdam Johnson
OpenStack Neutron Networking OVS Plugin Overview. Improve networking scale and performance with a third party distributed overlay solution, such as MidoNet.
Understanding and deploying Network VirtualizationSDN Hub
Analogous to server virtualization, Network Virtualization decouples and isolates virtual networks (i.e. tenant) from the underlying network hardware. One of the key value propositions of Software-Defined Networking (SDN) is to enable the provisioning and operation of virtual networks. This tutorial motivates the need for network virtualization, describes the high-level requirements, provides an overview of all architectural approaches, and gives you a clear picture of the vendor landscape.
Previously presented at ONUG Fall 2013 and Spring 2014.
VMworld 2013
Archish Dalal, VMware
Nikhil Kelshikar, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Overview of OpenStack nova-networking evolution towards Neutron. Architecture overview of OVS plugin, ML2, and MidoNet Overlay product. Overview and example of Heat templates, along with automation of physical switches using Cumulus
MidoNet is an open, software-only, highly scalable and resilient, network virtualization system. With its distributed architecture it allows enterprises and service providers to build, run, and manage virtual networks at scale with increased control, security and flexibility.
MidoNet allows users to build isolated networks in software and overlays the existing network hardware infrastructure.
http://www.midokura.com/
Enterprise Datacenter Virtualization und Cloud Computing stellen neue Anforderungen an das Netzwerk. Traditionsgemäss wurden virtuelle Workloads über als Bridge fungierende virtuelle Switches mit VLANs auf dem physischen Netzwerk verbunden. Mit dem Wachstum der Anfordungen an Skalierung und Automatisierung stossen diese Modelle an Grenzen.
Thomas Graf bot an diesem OpenTuesday einen Einblick in Protokolle und Technologien wie OpenFlow, VXLAN, OpenStack Neutron und Open vSwitch, die eingesetzt werden, um neue automatisierte Netzwerkkonzepte der nächsten Generation, wie Software Defined Networking oder Network Function Virtualization, umzusetzen.
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
VMworld 2013
Rajiv Krishnamurthy, VMware
Manish Mittal, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
In this workshop VMware will provide a quick reminder of the main contributions of the NSX network virtualization platform: consistent network and security management, increased application resiliency, rapid migration of workloads to and from the cloud.
VMware and OVH will then move on to practical cases with implementation of micro-segmentation, dynamic routing, automatic deployment of an application, load balancing in the OVH Hosted Private Cloud. This workshop is aimed at a technical audience.
Virtualizing the Network to enable a Software Defined Infrastructure (SDI)Odinot Stanislas
Une très intéressante présentation autour de la virtualisation des réseaux contenant des explications détaillées autour des VLAN, VXLAN, mais aussi d'NVGRE et surtout de GENEVE (Generic Network Virtualization Encapsulation) supporté pour la première fois sur la dernière carte 40 GbE d'Intel (XL710)
Samrat Ganguly
NEC
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
Running OpenStack and Midonet - Nobuyuki Tamaoki, Virtual Tech JapanMidoNet
During the MidoNet Community Day in Japan, Nobuyuki discussed his experience with the installer for OpenStack and MidoNet with Docker for multi-node deployment.
https://github.com/midonet/orizuru
Presenter: Nobuyuki Tamaoki, Virtual Tech Japan also writer of @IT article “Tamaoki’s OpenStack Watch"
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
2. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
About Us
• Software engineer at Midokura
• Previously worked at Amazon as SDE in the network
monitoring team
• Currently working on the monitoring infrastructure for
MidoNet
2
• Also a software engineer at Midokura
• Previously a networking researcher in distributed
systems
• Currently working on re-architecting the state
cluster for MidoNet
3. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Agenda
3
Network Virtualization
What is? • Key Advantages • Overlay vs. Underlay
MidoNet 101
Feature • Architecture • Intelligence at the Edge • Under the Hood
I
II
Features
Switching • Routing • Firewall • NAT • Load Balancing • API
III
Open Source Initiative
Project Showcase • Coming Soon
IV
5. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
What Is Network Virtualization?
5
Decoupling an infrastructure/service from the physical hardware
assets on which the service operates
Network Overlay
Physical Underlay
Virtual Private Networks
(VPNs)
Point-to-Point Protocol
(PPP)
IP Fabric
Just a carrier for data
Potentially invariant
Is it a new
concept?
6. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
What Is Network Virtualization?
• Fills the gap between compute and
network introduced by host
virtualization
• Think of it as Network-as-a-Service
6
Network
functions
implemented
in software
Router
Switch
Load Balancer
L3 Switch
NAT
QoS
ACLGateway
Virtualize the Network
to
Network the Virtualization
7. Easy Network Management
• Physical network engineers vs.
virtualization engineers
• Connectivity/capacity monitored
in the underlay
MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Key Advantages
Simplified Physical Network
• Standards
• Cheap
• Easy
Cloud Friendly
• Reduced provisioning time
• Highly programmable
• Automated network infrastructure
• Scales up and down with your
workload
No Topologies Limitation
• Physical topologies are rigid
• Physical topologies have
limitations (e.g. 4096 VLANs)
7
8. Overlay vs. Underlay
8
Virtual Topology
Physical Topology
Border Gateway Nodes Compute NodesPrivate IP Network
VirtualMachines
BGP
BGP
BGP
vPort
vPort
vPort
vPort
vPort
vPort
Virtual Switch A1
Virtual Switch A2
Virtual Switch B1Virtual Tenant
Router B
Virtual Tenant
Router A
Virtual Provider
Router
vPort
MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
10. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
What is MidoNet?
10
Virtual Switching
• Layer 2 over layer 3, decoupled from the physical
network and layer 2 isolation
1
Virtual Routing
• Routing between virtual networks within software
container, layer 3 isolation
2
Network Address Translation
• Stateless and stateful NAT, dynamic NAT and port
masquerading
3
Firewall and Load Balancing
• Kernel integrated for high performance
• Reduces the need for dedicated hardware
4
GRE and VXLAN tunneling
• Requires only layer 3 connectivity between MidoNet
nodes
5
MidoNet and Neutron REST API
• Alignment and integration with the OpenStack cloud
management platform
6
Virtual Networks
Cloud Management Platform
MidoNet Virtualization
Machine Virtualization (KVM, ESXi, XEN, LXC)
Virtual L2 Virtual L3 Firewall
Layer 4 LB NAT GRE/VXLAN
REST
API
Application
Hardware
11. MidoNet Architecture
11
Cloud Orchestrator
Network State Cluster
VMs
MidoNet Agent
Virtual Server
VMs
MidoNet Agent
Virtual Server
x86 Border Router
MidoNet Agent
BGP Gateway
Private IP Network
MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Internet
REST API
Tunnel
Cluster RPC
12. Overlay vs. Underlay Revisited
12
Virtual Topology
Physical Topology
Border Gateway Nodes Compute NodesPrivate IP Network
VirtualMachines
State Cluster
BGP
BGP
BGP
vPort
vPort
vPort
vPort
vPort
vPort
Virtual Switch A1
Virtual Switch A2
Virtual Switch B1Virtual Tenant
Router B
Virtual Tenant
Router A
Virtual Provider
Router
vPort
MidoNet Agent
MidoNet Agent
MidoNet Agent
MidoNet Agent
MidoNet Agent
MidoNet Agent
MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
13. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Intelligence at the Edge
13
Private IP Network
State ClusterBorder Node
Compute Nodes (Hosts)
Internet
1
VM 1
VM 2
MidoNet Agent
VM 1
MidoNet Agent
Linux Kernel
VM 1 VM 2
Virtual Tenant
Router A
Virtual
Switch A1
Virtual Provider
Router
Virtual
Switch A2
1
2
2
3
4
3
4
VM 1 sends a packet through the virtual network
MN Agent fetches the virtual topology/state
It simulates the packet through the virtual network
It installs a flow rule in the kernel at the ingress host
Tunnel
5 Tunnel packets to egress host
5
MidoNet leverages a distributed architecture where the SDN intelligence is
pushed at the edge
14. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Intelligence at the Edge
14
Scales Better
• Distributes flow computation and resource usage to the edge
• Distributes flow computation vs. flow rules propagation
Easier Debugging
• More robust, no single-point of failure
• Just-in-time flow computation vs. centralized flow pre-computation
Easier Synchronization
• The consistency model is simpler
• Transactional topology updates vs. batches of flow rule updates
1
2
3
15. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Peeking Under the Hood
15
Virtual
Machine
VM1
MidoNet
Agent
OVS Kernel Module
Linux Kernel
Host A
Virtual
Machine
VM1
MidoNet
Agent
OVS Kernel Module
Linux Kernel
Host B
Private IP Network
VXLAN / GREUPDIPv4Outer Ethernet
VM 1 VM 2
Virtual Tenant
Router A
Virtual
Switch A1
Virtual Topology
Physical Topology
Packet
Packet
Virtual
Switch A2
User Mode
Kernel Mode
1
2
3
4
Packet sent by VM1 misses the OVS datapath
Packet sent to the MidoNet Agent via Netlink
The MidoNet Agent processes and simulates the packet
It installs a flow rule in the kernel at the ingress host
5 Tunnel packets to egress host
1
2
3
4
5
16. Virtual
Machine
VM1
MidoNet
Agent
OVS Kernel Module
Linux Kernel
Host A
MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Peeking Under the Hood
16
Virtual
Machine
VM1
MidoNet
Agent
OVS Kernel Module
Linux Kernel
Host B
Private IP Network
VM 1 VM 2
Virtual Tenant
Router B
Virtual Topology
Physical Topology
ARP Request
Virtual
Switch B1
User Mode
Kernel Mode
1
2
3
4
5
ARP Request
What is the L2 MAC address for IP of VM2?
State Cluster
3
4/5
The MidoNet Agent completes the request
Returns ARP reply to the originating VM1
No data transmitted over the wire
18. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Distributed L2 Switching
18
VM 1 VM 2
Virtual Tenant
Router B
Virtual Topology
Physical Topology
ARP Request
Virtual
Switch B1
VM 1 VM 2
State Cluster
Virtual Switch B1
MAC Port Host
AC:CA:BA:00:00:01
AC:CA:BA:00:00:02
vPort 0
vPort 1
Host 0
Host 1
Tunnel Zone
GRE / VXLAN IPv4Host
192.168.0.1
10.0.0.1
Host 0
Host 1
MAC AC:CA:BA:00:00:01
IP 192.168.0.1
MAC AC:CA:BA:00:00:02
IP 10.0.0.1
vPort 1vPort 0
Host 0 Host 1
• State cluster based on ZooKeeper
• Stores the virtual topology
• Topology is cached by the MidoNet Agent
• Agents access data using publish-subscribe
19. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Layer 2 Gateways
19
VM 1 VM 2
Virtual Tenant
Router B
Virtual Topology
Physical Topology
Virtual
Switch B1
vPort 1vPort 0
Virtual Provider
Router
vPort L3GW
vPort L2GW
Layer 2 Network
VM 1 Host 0 Hardware VTEP
State Cluster
Layer 2 Network
VXLAN
L2 gateway for VXLAN tunneling
• The state cluster adds L2 gateway
functions
• Exchange state data with hardware
VXLAN tunnel end-points (VTEPs)
• Leverages virtualization at the edge
to optimize the traffic flow
L2 VXLAN
Gateway
20. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Distributed Layer 2 Networks
20
Private IP Network
Virtual Servers
VM 1
VM 2
Hardware VTEP
L2 Network
Hardware VTEP
Hardware VTEP
State Cluster
Virtual
Switch B1
VM 1 VM 2
vPort 1vPort 0
L2 Network
vPort L2GW 0 vPort L2GW 1 vPort L2GW 2
Physical Topology Virtual Topology
Scalability and High Availability
21. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Distributed Layer 3 Routing
21
Private IP Network
Virtual Servers
VM 1
VM 2
Provider
Network
State Cluster
Virtual
Switch B1
VM 1 VM 2
vPort 1vPort 0
Physical Topology Virtual Topology
Scalability and High Availability
Border Node
Border Node
Border Node
Virtual Tenant
Router B
Virtual Provider
Router
vPort L3GW
vPort L3GW
Provider
Network BGP Peer
BGP Peer
BGP Peer
22. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Firewall
22
• MidoNet supports OpenStack/Neutron Security Groups
• Apply to each network port bound to a VM, inbound or outbound
• Any forward traffic not explicitly allowed by a rule is dropped
• Return traffic is allowed
VM 1 VM 2
Virtual Tenant
Router A
Virtual
Switch A1
Virtual Provider
Router
Virtual
Switch A2
vPort 1vPort 0
Port-level firewall
$ neutron security-group-rule-create --protocol tcp
--port-range-min 22 --port-range-max 22
-—direction ingress security-group-1
SG-1 Allowing SSH inbound traffic
$ neutron security-group-rule-create --protocol icmp
--direction ingress security-group-2
SG-2 Allowing ICMP inbound traffic
Chains
Rules
• Anti-spoofing
• L2 - L4 header fields
• Wildcards
• Ranges
MidoNet Models
23. CHAIN vPort0 ingress
MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Firewall
23
VM 1 VM 2
Virtual Tenant
Router A
Virtual
Switch A1
Virtual Provider
Router
Virtual
Switch A2
vPort 1vPort 0
$ neutron security-group-rule-create --protocol tcp
--port-range-min 22 --port-range-max 22
-—direction ingress security-group-1
SG1 Allowing SSH inbound traffic
$ neutron security-group-rule-create --protocol icmp
--direction ingress security-group-2
SG2 Allowing ICMP inbound traffic
SG-1
SG-1
SG-2
DROP
if not MAC1
MAC1 AC:CA:BA:00:00:01
IP1 192.168.0.1
MAC2 AC:CA:BA:00:00:02
IP2 10.0.0.1
DROP
if not IP1
ACCEPT
return flow
JUMP
SG-1 ingress
DROP
everything
CHAIN SG-1 ingress
ACCEPT
TCP port range [22, 22]
24. • Different agents must exchange flow
information
• Drop not allowed packets at the
ingress host
• Protects the private underlay
MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Network Address Translation
24
Virtual
Switch B1
VM 1 VM 2
Virtual Tenant
Router B
Virtual Provider
Router
Provider
Network
Private Network
Public Network
10.0.0.100:1234
151.16.16.1:37001
Forwardflow
Returnflow
L4 NAT for a TCP connection
Private IP Network
VM 1
Border Router
Virtual Topology Physical Topology
25. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
Distributed Flow State
25
VM 1 VM 2
Virtual
Switch B1
VM 1
VM 2
Virtual Tenant
Router B
Private Network
Public Network
Physical Topology Virtual Topology
Forward flow
Fwd outFwd in
Flow state
Return flow Ret inRet out
Ingress host
Possible return
flow ingress
Possible forward
flow ingress
Egress host
Ingress host Egress host
Forward flow
Fwd out
Fwd in
Ingress host
Possible return
flow ingress
Possible forward
flow ingress
Egress host
1
2
3
• Flow state forwarded to
possible interested hosts
• No delay for simulating flow
ingress packets at other
hosts
• State backup in cluster
State Cluster
27. MidoNet 101! Face-to-Face with the Distributed SDN・FOSDEM 2015
MidoNet Project
Web midonet.org
Wiki wiki.midonet.org
Blog blog.midonet.org
Mailing list lists.midonet.org
GitHub github.com/midonet
GerritHub gerrithub.io/midonet
IRC #midonet on freenode
27