The presentation at the OpenStack Summit 2016 discusses the operator's experience with Software Defined Networking (SDN) utilizing VLANs and L3 networks, focusing on TCP Cloud's private cloud solutions and their partnerships. It emphasizes the significance of networking in cloud environments, highlights the challenges of choosing the right SDN solutions, and outlines various objectives and key criteria for enterprises. The conclusion asserts that Contrail, available as open source, is a core capability for secure multi-tenancy in cloud platforms, providing strong network isolation and access control.

1. Operator's experience and perspective
on SDN with VLANs and L3 Networks
@tcpcloud
OpenStack Summit Austin 2016

2. Presentation Agenda
• About tcp cloud & workday
• OpenStack Networking/SDN
• SDN key criteria for enterprises
• SDN operation Use Cases
• Comparison of SDN

3. About tcp cloud
❖ Active in global community (OpenStack, OpenContrail, SaltStack, etc…)
❖ Partnership (Canonical, Juniper, Arrow ECS, etc…)
❖ Own Hi-Tech Datacenter (TIER III, 20kW per rack, hundreds 10Gbps ports, etc…)
❖ Focused on private open cloud solutions and services (since 2011)
❖ References (AVG Technologies, Czech Railways, Mall.cz, 100%IT)
❖ Two directions:
➢ Enterprise Private Cloud solutions (OpenStack, Kubernetes)
➢ IoT (SmartCity projects)

4. About Workday
● On-demand (cloud-based) financial
management and human capital management
software vendor.
● Juniper Contrail
● L3 fabric network

5. • All clouds are about networking
• Key and the most controversial component of
OpenStack
• High Availability, Scalability, Migration, Multi-tenancy,
Performance, Security
• LBaaS, FWaaS, VPNaaS, Service Chainning
• Multiple solutions
• 30+ plugin drivers
• It is almost impossible to choose right way
OpenStack Networking/SDN

6. Multiple Openstack Neutron SDN

7. • Provide secure multi-tenancy using strong network isolation
• Policy driven network access control within (and across)
projects/domains
• Support software driven network functions
• LBaaS, DNSaaS, etc.
• Interconnect OpenStack with bare metal storage/analytics
services
• Provide an ability for product engineering teams to define a
network topology via REST APIs
• Associate network objects dynamically with VMs, Projects
• Create and manage network access control policies within
and across projects
• Enable easier integration of applications on partner
infrastructure
General SDN Objectives

8. First step = Overlay or not Overlay
Cloud native way
• Cloud native apps
• No overlapping (callico
can)
• No IP failover
• No Live Migration
• No L2 between VMs
• Suitable for containers
VLANs
• 4k limit
• No failure isolation
domain
• Spanning many ToRs
• Physical device
configuration
Overlay
• Simple physical
network
• L3 between ToRs
• Controllers
orchestrate tunnel
mesh for VM
• Overlapping, NFV, VNF

9. First step = Overlay or not Overlay
Cloud native way
• Cloud native apps
• No overlapping (callico
can)
• No IP failover
• No Live Migration
• No L2 between VMs
• Suitable for containers
VLANs
• 4k limit
• No failure isolation
domain
• Spanning many ToRs
• Physical device
configuration
Overlay
• Simple physical
network
• L3 between ToRs
• Controllers
orchestrate tunnel
mesh for VM
• Overlapping, NFV, VNF
Legacy - not
suitable for
cloud
Future - cloud
native
applications

10. • NFV & VNF - LBaaS, VPNaaS
• Direct traffic datapath - East-West & North-South
• North-South - must be routed on physical routers
• Multiple external networks
• Performance & Scaling
• Bare metal connection (non virtualized servers)
SDN key criterias for enterprise

11. • Open source
• L3VPN, EVPN capabilities
• Multi cloud solution - Kubernetes, KVM, other
hypervisors
• Integration of physical LbaaS
• IPv6 support
• Intel DPDK, SR-IOV
SDN optionals for service providers

12. • Linux bridge, OVS
• External network in
port to each
compute
• L2 underlay only
• No analytics
• Too complex
Neutron DVR Complexity

13. • L3/L2 compatible
• open source
• no too complex
OpenContrail

14. • No network node
• No proprietary gateway node
(appliances)
• MPLSoverGRE or VXLAN termination in
Network devices
• L3VPN, EVPN, OVS-DB
Direct datapath North-South, East-West

15. • depends on encapsulation
• depends on NIC offloading
• 4 % payload overhead
• 9.6 Gbits/s North-South, East-West with MPLSoverGRE
• 5.2 Gbits/s with OVS VXLAN
Data Plane Performance

16. Multi Cloud networking

17. Multi Cloud networking

18. Bare metal integration

19. Physical LbaaS integration

20. IPv6 Integration

21. Openstack Cluster Deployment - sample logical

22. Openstack Cluster Deployment - sample

23. OpenContrail vs Neutron DVR vs Other
OpenContrail Neutron DVR Other SDN
Licensing Fully Open Source
(Commercial
support from
Juniper)
Open Source Depends
Hypervisors
Orchestrator
KVM, VMware,
Kubernetes
KVM, VMware (limited),
Docker
Depends
Gateway
Routing
(South-
North)
Any arbitrary Edge
Router (supports
MPLS, GRE) Juniper
MX, Cisco ASR, etc.
Direct from each
compute.
External routing is
provided at appliances
not network devices.
Performance Near the line speed
for both directions
(9.6 Gbits on
10Gbits)
6 Gbits for East-West
and North-South
6 Gbits for East-West. For
North-South depends on
gateway appliances, but
not more than 6Gbit.

24. • SDN is core capability to us offer a secure multi-
tenant cloud platform
• overlay solutions provide a strong network isolation
and access control
• Overlay provide tight container - VM integration
SDN Conclusion

25. Contrail is available as Open Source
www.opencontrail.org. Commercial support available from Juniper.
www.opentcpcloud.org Reference Architecture for OpenStack
deployment
Same features and scaling as commercial version
Uses proven stable standards. Production-Ready.
Permissive license
Apache 2.0
tcp cloud is main contributor
Join us at OpenContrail Community

26. Questions?
Marek Celoud
marek.celoud@tcpcloud.eu
@MCeloud
Jakub Pavlík
jakub.pavlik@tcpcloud.eu
@JakubPav

27. @tcpcloud
OpenStack Summit Austion 2016