This presentation covers the basics about OpenvSwitch and its components. OpenvSwitch is a Open Source implementation of OpenFlow by the Nicira team.
It also also talks about OpenvSwitch and its role in OpenStack Networking
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
This presentation covers the basics about OpenvSwitch and its components. OpenvSwitch is a Open Source implementation of OpenFlow by the Nicira team.
It also also talks about OpenvSwitch and its role in OpenStack Networking
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
The session specifically covers the requirements and approaches for deploying the Underlay, Overlay as well as the inter-Fabric connectivity of Data Center Networks or Fabrics. Within the VXLAN BGP-EVPN based Overlay, we focus on the insights like forwarding and control plane functions which are critical to the simplicity operation of the architecture in achieving scale, small failure domains and consistent configuration. To complete the overlay view on VXLAN BGP-EVPN, we are going to the insides of BGP and its EVPN address-familiy and extend to about how multiple DC Fabric can be interconnected within, either as stretched Fabrics or with true DCI. The session concludes with a brief overview of manageability functions, network orchestration capabilities and multi-tenancy details. This Advanced session is intended for network, design and operation engineers from Enterprises to Service Providers.
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
Network operators are slowly but surely embracing L3-based leaf-spine designs. However, either due to legacy applications or certain multi-tenancy requirements, the need for L2 across racks is still present. How do you solve the problem of providing L2 across multiple racks? EVPN is quickly emerging as the best answer to this question.
In this episode of our 2-part series on EVPN, we start with a discussion of the use cases, a review of the technologies EVPN competes with, and dive into an evaluation of the pros and cons of each.
For a recording of the live event, go to http://go.cumulusnetworks.com/l/32472/2017-09-22/95t27t
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Thomas Graf
Open vSwitch (OVS) has long been a critical component of the Neutron's reference implementation, offering reliable and flexible virtual switching for cloud environments.
Being an early adopter of the OVS technology, Neutron's reference implementation made some compromises to stay within the early, stable featureset OVS exposed. In particular, Security Groups (SG) have been so far implemented by leveraging hybrid Linux Bridging and IPTables, which come at a significant performance overhead. However, thanks to recent developments and ongoing improvements within the OVS community, we are now able to implement feature-complete security groups directly within OVS.
In this talk we will summarize the existing Security Groups implementation in Neutron and compare its performance with the Open vSwitch-only approach. We hope this analysis will form the foundation of future improvements to the Neutron Open vSwitch reference design.
this slide is created for understand open vswitch more easily.
so I tried to make it practical. if you just follow up this scenario, then you will get some knowledge about OVS.
In this document, I mainly use only two command "ip" and "ovs-vsctl" to show you the ability of these commands.
OpenStack 운영을 통해 얻은 교훈을 공유합니다.
목차
1. TOAST 클라우드 지금의 모습
2. OpenStack 선택의 이유
3. 구성의 어려움과 극복 사례
4. 활용 사례
5. 풀어야 할 문제들
대상
- TOAST 클라우드를 사용하고 싶은 분
- WMI를 처음 들어보시는 분
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
Architecting a private cloud to meet the use cases of its users can be a daunting task. How do you determine which of the many L2/L3 Neutron plugins and drivers to implement? Does network performance outweigh reliability? Are overlay networks just as performant as VLAN networks? The answers to these questions will drive the appropriate technology choice.
In this presentation, we will look at many of the common drivers built around the ML2 framework, including LinuxBridge, OVS, OVS+DPDK, SR-IOV, and more, and will provide performance data to help drive decisions around selecting a technology that's right for the situation. We will discuss our experience with some of these technologies, and the pros and cons of one technology over another in a production environment.
Many network operators still struggle with which type of data-plane encoding they should use for segment routing. The world is hyper-connected and we can’t afford to be late to deliver 5G. Using IPv4, IPv6 and MPLS data-plane encoding keeps us moving forward.
지난 2015년 3월 12일 진행된 고신뢰 네트워크사업 수요자평가 및 기술워크숍에서 나임네트웍스 안종석 전무의 발표 자료 입니다.
- 클라우드와 SDN 보안 (나임네트웍스 안종석 전무)
- 2015.03.12 (목) 9:00~18:00
- 대전 ETRI 융합기술연구생산센터 2층 대강당
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
Network operators are slowly but surely embracing L3-based leaf-spine designs. However, either due to legacy applications or certain multi-tenancy requirements, the need for L2 across racks is still present. How do you solve the problem of providing L2 across multiple racks? EVPN is quickly emerging as the best answer to this question.
In this episode of our 2-part series on EVPN, we start with a discussion of the use cases, a review of the technologies EVPN competes with, and dive into an evaluation of the pros and cons of each.
For a recording of the live event, go to http://go.cumulusnetworks.com/l/32472/2017-09-22/95t27t
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Thomas Graf
Open vSwitch (OVS) has long been a critical component of the Neutron's reference implementation, offering reliable and flexible virtual switching for cloud environments.
Being an early adopter of the OVS technology, Neutron's reference implementation made some compromises to stay within the early, stable featureset OVS exposed. In particular, Security Groups (SG) have been so far implemented by leveraging hybrid Linux Bridging and IPTables, which come at a significant performance overhead. However, thanks to recent developments and ongoing improvements within the OVS community, we are now able to implement feature-complete security groups directly within OVS.
In this talk we will summarize the existing Security Groups implementation in Neutron and compare its performance with the Open vSwitch-only approach. We hope this analysis will form the foundation of future improvements to the Neutron Open vSwitch reference design.
this slide is created for understand open vswitch more easily.
so I tried to make it practical. if you just follow up this scenario, then you will get some knowledge about OVS.
In this document, I mainly use only two command "ip" and "ovs-vsctl" to show you the ability of these commands.
OpenStack 운영을 통해 얻은 교훈을 공유합니다.
목차
1. TOAST 클라우드 지금의 모습
2. OpenStack 선택의 이유
3. 구성의 어려움과 극복 사례
4. 활용 사례
5. 풀어야 할 문제들
대상
- TOAST 클라우드를 사용하고 싶은 분
- WMI를 처음 들어보시는 분
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
Architecting a private cloud to meet the use cases of its users can be a daunting task. How do you determine which of the many L2/L3 Neutron plugins and drivers to implement? Does network performance outweigh reliability? Are overlay networks just as performant as VLAN networks? The answers to these questions will drive the appropriate technology choice.
In this presentation, we will look at many of the common drivers built around the ML2 framework, including LinuxBridge, OVS, OVS+DPDK, SR-IOV, and more, and will provide performance data to help drive decisions around selecting a technology that's right for the situation. We will discuss our experience with some of these technologies, and the pros and cons of one technology over another in a production environment.
Many network operators still struggle with which type of data-plane encoding they should use for segment routing. The world is hyper-connected and we can’t afford to be late to deliver 5G. Using IPv4, IPv6 and MPLS data-plane encoding keeps us moving forward.
지난 2015년 3월 12일 진행된 고신뢰 네트워크사업 수요자평가 및 기술워크숍에서 나임네트웍스 안종석 전무의 발표 자료 입니다.
- 클라우드와 SDN 보안 (나임네트웍스 안종석 전무)
- 2015.03.12 (목) 9:00~18:00
- 대전 ETRI 융합기술연구생산센터 2층 대강당
클라우드 상에서 논리적으로 격리된 고객 전용 네트워크를 제공하는 VPC에 대해 살펴보고 스토리지 암호화, 감사 등 보안을 위한 다양한 기능들을 소개해드립니다 | Explore VPC providing a logically siloed customer-only network on the cloud and introduce a range of security features including storage encryption and auditing.
TXGX 2019_Ethan_Horizontal Scaling through Service Chain in KlaytnKlaytn
Horizontal Scaling through Service Chain in Klaytn
Klaytn의 확장성 솔루션인 Service Chain에 대해서 소개합니다. 어떠한 블록체인이라도 Mainnet 자체의 성능적인 한계가 존재하며 이를 확장하기 위한 다양한 시도가 이뤄지고 있습니다. Klaytn에서는 블록체인을 이용한 서비스를 하고 싶지만 Mainnet을 직접 사용하지 못하는 Service Provider를 위해 자체 블록체인인 서비스체인을 원하는 구성으로 운용하면서 Anchroing/Value Transfer 기능을 통해 서비스 구축 할 수 있도록 서비스체인을 개발했습니다. 이 발표에서는 서비스체인의 개발 동기, 기능, 향후 계획 등을 다룰 예정입니다.
3. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
What is VXLAN?
VXLAN (Virtual eXtensible Local Area Network)
Virtual Extensible LAN (VXLAN) is a network virtualization technology that attempts
to ameliorate the scalability problems associate with large cloud computing
deployment. It uses a VLAN-like encapsulation technique to encapsulate MAC-
based OSI layer 2 Ethernet frames within layer 4 UDP packets, using 4789 as the
default IANA-assigned destination UDP port number.
MAC Over IP/UDP Technology
https://en.wikipedia.org/wiki/Virtual_Extensible_LAN
4. Copyright@ 2015 All reserved by KrDAG
#1. REVIEW
What is VXLAN?
VxLAN (Virtual eXtensible Local Area Network)
물리적인 환경 제약 없이 Layer 2 Segment를 확장
Network Overlay – MAC over IP/UDP Encapsulation
Layer 2 12bit VLAN ID 사용 -> VXLAN 24bit VNID 지원
Multicast 기반으로 VTEP Tunneling하기 때문에 별도의 네트워크 구성 필요없음
5. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
VXLAN 등장배경?
전통적인 데이터센터의 문제점
VLAN의 한계 : 4096개를 사용할 수 있으며 Reserve된 VLAN을 제외하면 4000개를 사용 가능
Multi Tenancy 환경 또는 VDC별로 사용할 수 있는 VLAN의 한계점 도달
MAC Table의 한계 : 서버는 과거와 달리 가상화 기반으로 구성하는 경우가 많아지고 있으며
서버당 MAC이 1:1이 아니라 1:N으로 변화되는 시점 (MAC 100K)
Mobility : 일반적으로 Zone / POD별 VLAN Trunk 구성되어 있으며 능동적인 Mobility 환경을
구성하기 어러움
STP : STP 환경에선 대부분 Redundant Disable되어 있음.ECMP 환경 구성이 어려움. 하지만
IP Network에선 ECMP 환경 구성이 쉬워짐
6. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
Why use VXLAN?
VXLAN 특징
VLAN의 한계점 극복 : VXLAN을 사용하면 12bit(4096)의 VLAN에서 24bit(16,000,000)
VLAN을 생성할 수 있다.
MAC Table 한계점 극복 : 불필요한 MAC TABLE을 TOR이 소유하지 않고 하단의 vSwitch가
보유하고 있으며 해당 VXLAN을 통해서 포워딩이 이루어 진다.
VXLAN은 VLAN Trunk가 필요없음 Multicast 기반으로 Tunnel이 구성되어 있음
ECMP : L2 환경에서 구성하기 어려움 ECMP 구성이 용이해짐 (STP Free구조)
7. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
VXLAN Packet Structure
Cisco LIVE BRKDCT-2404
`
8. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
VTEP (VXLAN Tunnel End Point)
http://www.definethecloud.net/vxlan-deep-dive/
- VTEP는 VXLAN Tunnel의 Encapsulation과 Termination의 End Point 역할을 수행한다.
- Multicast 기반으로 VETP 사이에 Direct Unicast Tunnel이 생성된다.
9. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
VTEP (VXLAN Tunnel End Point)
10. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
VXLAN 동작 방식(1)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
Multicast RP
VXLAN Configuration
스위치에 연결되어 있는 서버등 장비의 정보를
가지고와서 VXLAN VTEP Local Table에 등록
각각의 스위치에서 같은 멀티캐스트 그룹에 VNI 조인
멀티캐스트 그룹은 Any-Source Multicast(ASM) 지원
SRV-A Port1/1 SRV-B Port1/2
SRV-3 Port1/3
SVR-A
SVR-B
SVR-C
11. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
VXLAN 동작 방식(2)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
Multicast RP
SRV-A가 SRV-B와 통신이 필요
ARP Request를 통해 SRV-B에 대한 정보를 lookup
Local Table에 정보가 없다면 ARP정보를 VXLAN으로
감싸서 멀티캐스트 RP에 요청
멀티캐스트 RP는 VTEP에 대한 정보를 받아서
멀티캐스트 그룹에 조인되어 있는 모든 VTEP에 정보를
전달
SRV-A Port1/1 SRV-B Port1/2
SRV-3 Port1/3
SVR-A
SVR-B
SVR-C
12. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
VXLAN 동작 방식(3)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
Multicast RP
정보를 받은 각각의 스위치는 VTEP Table을 Update
정보는 받은 스위치의 VTEP은 ARP Request에 대하여
서버에게 전달
SRV-A Port1/1 SRV-B Port1/2
SRV-A VTEP1
SRV-3 Port1/3
SRV-A VTEP1
SVR-A
SVR-B
SVR-C
13. Copyright@ 2015 All reserved by KrDAG
1. REVIEW
VXLAN 동작 방식(4)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
Multicast RP
VTEP에 대한 정보는 받은 SRV-B가 ARP 응답
VXLAN으로 Encapsulation하여 VTEP1에 대하여
Unicast로 응답
VTEP1은 VXLAN패킷을 De-encapsulation하여 SRV-
A에게 전달 SRV-A Port1/1
SRV-B VTEP2
SRV-B Port1/2
SRV-A VTEP1
SRV-3 Port1/3
SRV-A VTEP1
SRV-A
SRV-B
SRV-C
Unicast 응답
14. Copyright@ 2015 All reserved by KrDAG
VXLAN은
Flooding and Learning 방식
(BUM Traffic에 대하여 효과적으로 대응하기가 어려움)
17. Copyright@ 2015 All reserved by KrDAG
2. MP-BGP EVPN
What is MP-GBP EVPN
MP-BGP EVPN Control Plane의 특징
Control plane learning for end host Layer2 and Layer3 reachability information to build more robust and scalable VXLAN
overlay network
Leverages the decade-long MP-BGP VPN technology to support scalable multi-tenant VXLAN overlay network
EVPN address family carries both Layer2 and Layer3 reachability information. This provides integrated bridging and routing
in VXLAN overlay network
Minimizes network flooding through protocol-driven host MAC/IP route distribution and arp suppression on toe local VTEPs.
Provides optimal forwarding for east-west and north-south bound traffic with the distributed anycast function
Provides VTEP peer discovery and authentication which mitigates the risk of rouge VTEPs in the VXLAN overlay network
http://blogs.cisco.com/datacenter/mp-bgp-evpn-control-plane-for-vxlan-sdn-is-growing-up
18. Copyright@ 2015 All reserved by KrDAG
2. MP-BGP EVPN
What is MP-GBP EVPN
MP-BGP EVPN Control Plane의 특징
Early ARP Termination : Unknown Unicast ARP에 대한 Suppression
보안 / 인증 : BGP peer를 통해 VTEP 인증 지원
Distributed Anycast Gateway : 최적의 VM 모빌리티 환경
Ingress 복제시 멀티캐스트뿐 아니라 유니캐스트도 지원
Active/Active Multipathing : Nexus의 VPC를 사용한 Active/Active와 Resilient Multipathing
20. Copyright@ 2015 All reserved by KrDAG
2. MP-BGP EVPN
VXLAN With MP-BGP EVPN Control Plane 동작 방식(1)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
MP-BGP
EVPN RR
VXLAN Configuration with MP-BGP EVPN
스위치에 연결되어 있는 서버등 장비의 정보를
가지고와서 VXLAN VTEP Local Table에 등록
각각의 Entry는 Version 정보를 가지고 있음
VTEP은 자신의 정보를 BGP-RR에 광고
SVR-A
SVR-B
SVR-C
SRV-C Port1/3 0
SRV-B Port1/2 0
SRV-A VTEP1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
SRV-A Port1/1 0
21. Copyright@ 2015 All reserved by KrDAG
2. MP-BGP EVPN
VXLAN With MP-BGP EVPN Control Plane 동작 방식(2)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
MP-BGP
EVPN RR
VXLAN Configuration with MP-BGP EVPN
BGP-RR은 각각의 VTEP 정보를 통합
각각의 VTEP에게 Remote host에 대한 정보를 전달
SVR-A
SVR-B
SVR-C
SRV-A Port1/1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
SRV-C Port1/3 0
SRV-A VTEP1 0
SRV-B VTE2 0
SRV-B Port1/2 0
SRV-A VTEP1 0
SRV-C VTEP3 0
SRV-A VTEP1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
22. Copyright@ 2015 All reserved by KrDAG
2. MP-BGP EVPN
VXLAN With MP-BGP EVPN Control Plane 동작 방식(3)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
MP-BGP
EVPN RR
SRV-A가 SRV-B와 통신이 필요
ARP Request에 대한 요청을 Local Table에서 Lookup
SVR-A
SVR-B
SVR-C
SRV-A Port1/1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
SRV-C Port1/3 0
SRV-A VTEP1 0
SRV-B VTE2 0
SRV-B Port1/2 0
SRV-A VTEP1 0
SRV-C VTEP3 0
SRV-A VTEP1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
23. Copyright@ 2015 All reserved by KrDAG
2. MP-BGP EVPN
VXLAN With MP-BGP EVPN Control Plane 동작 방식(4)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
MP-BGP
EVPN RR
Local Table에서 정보는 찾고 Unicast로 Traffic을 전달
SVR-A
SVR-B
SVR-C
SRV-A Port1/1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
SRV-C Port1/3 0
SRV-A VTEP1 0
SRV-B VTE2 0
SRV-B Port1/2 0
SRV-A VTEP1 0
SRV-C VTEP3 0
SRV-A VTEP1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
24. Copyright@ 2015 All reserved by KrDAG
2. MP-BGP EVPN
VXLAN With MP-BGP EVPN Control Plane 동작 방식(5)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
MP-BGP
EVPN RR
SRV-A 가 다른위치로 변경되고 변경된 위치에서 서버가
발견되었을 때
PE는 Local Table에 정보를 업데이트 함
업데이트된 정보의 Version Number를 기존 Version
Number보다 높게 함
새로운 정보에 대해서 BGP-RR이 광고 후 BGP-RR은
각각의 VTEP에게 전달
정보를 받은 VTEP은 Local Table을 업데이트 함
SVR-A
SVR-B
SVR-C
SRV-A Port1/1 1
SRV-B VTEP2 0
SRV-C VTEP3 0
SRV-C Port1/3 0
SRV-A VTEP1 1
SRV-B VTE2 0
SRV-B Port1/2 0
SRV-A VTEP1 1
SRV-C VTEP3 0
SRV-A VTEP1 1
SRV-B VTEP2 0
SRV-C VTEP3 0
서버이동
25. Copyright@ 2015 All reserved by KrDAG
2. MP-BGP EVPN
VXLAN With MP-BGP EVPN Control Plane 동작 방식(6)
Multicast Group
VTEP-1
VTEP-2
VTEP-3
MP-BGP
EVPN RR
BGP-RR에 Join되지 않은 BUM Traffic 발생
VTEP1은 자신의 정보를 COPY하여 각각의 VTEP에게
정보를 전달
각각의 VTEP은 BUM Traffic에 대해서 Flooding
SVR-A
SVR-B
SVR-C
SRV-A Port1/1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
SRV-C Port1/3 0
SRV-A VTEP1 0
SRV-B VTE2 0
SRV-B Port1/2 0
SRV-A VTEP1 0
SRV-C VTEP3 0
SRV-A VTEP1 0
SRV-B VTEP2 0
SRV-C VTEP3 0
SVR-X
26. Copyright@ 2015 All reserved by KrDAG
VXLAN Overlay
2. MP-BGP EVPN
VXLAN / EVPN
RR RR
Host and Subnet Route Distribution
Host Route Distribution decoupled from the
underlay protocol
Use MultiProtocol-BGP(MP-BGP) on the
Leaf nodes to distribute internal
Host/Subnet Routes and external
reachability information
Route-Reflectors deployed for scaling
purposes
27. Copyright@ 2015 All reserved by KrDAG
MP-BGP EVPN는
END-HOST Information Learning 방식
29. Copyright@ 2015 All reserved by KrDAG
3. 비교
VXLAN vs VXLAN with MP-BGP EVPN
Flood-&-Learn EVPN Control Plane
Overlay Services L2+L3 L2+L3
Underlay Network IP network with ECMP IP network with ECMP
Encapsulation MAC in UDP MAC in UDP
Peer Discovery Data-driven flood-&-learn MP-BGP
Peer Authentication Not available MP-BGP
Host Route Learning Local hosts: Data-driven flood-&-learn
Remote hosts: Data-driven flood-&-learn
Local Host: Data-driven
Remote host: MP-BGP
Host Route Distribution No route distribution. MP-BGP
L2/L3 Unicast Forwarding Unicast encap Unicast encap
BUM Traffic forwarding Multicast replication
Unicast/Ingress replication
Multicast replication
Unicast/Ingress replication