A look at the project’s progression from Nova-Network to Neutron and Beyond. We will recall the early stages of Nova-Networking and how the functionality evolved to what is Neutron networking today. We will discuss previous default Neutron plugin implementation issues and current solutions with the now open-source SDN solution, MidoNet.
CloudKC: Evolution of Network VirtualizationCynthia Thomas
This document discusses the evolution of network virtualization. It begins with an overview of using VLANs for network virtualization, which provides L2 isolation but has limitations around scalability and management. OpenFlow is presented as an early approach that uses a centralized controller but has performance impacts. The document then introduces network overlays using software-defined networking as a more advanced approach, allowing network services to be decoupled from physical network hardware for improved scalability, agility and fault tolerance. It provides an overview of using the Midokura network virtualization platform with OpenStack Neutron for network automation and management.
The document provides an overview of network virtualization requirements and the evolution of network virtualization in OpenStack. It discusses early approaches using VLANs and OpenFlow that had limitations and outlines how network overlays using encapsulation and tunneling address these by providing scalable, isolated tenant networks decoupled from physical network hardware. It then focuses on OpenStack Neutron and how it has evolved from Nova networking to support network virtualization using plugins like Midokura that provide distributed virtual network functions without relying on physical devices.
The document provides an overview of network virtualization and the Network Virtualization Platform (NVP). It defines network virtualization as decoupling, automating, and making network behavior independent of physical network state. NVP allows for logical networks that are isolated, location-independent and independent of physical network changes. It introduces NVP components and architecture including the control plane, gateways, service nodes, and integration with hypervisors and OpenStack. The document also discusses treating physical networks like compute servers and fabric/pod network designs.
MidoNet Overview - OpenStack and SDN integrationAkhilesh Dhawan
The document provides an overview of MidoNet's network virtualization platform. It discusses MidoNet's distributed architecture as an alternative to the single network node approach of the OpenStack Neutron OVS plugin. MidoNet's distributed logical switching, routing, firewalling and load balancing are performed across multiple nodes for high performance, availability and scalability without relying on hardware appliances. The document also demonstrates MidoNet's integration with OpenStack Neutron and its capabilities for overlay networking, distributed logical topologies and load balancing as a service.
Technical Presentation about the MidoNet architecture and in-depth discussion about MidoNet features like Distributed Layer 2 Switching, Distributed Layer 3 Routing, Firewall, NAT and Distributed Flow State.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
Presenter: Taku Fukushima, Midokura Engineering
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
The document discusses MidoNet, a network virtualization platform that provides a boost to OpenStack Neutron. MidoNet uses a distributed model to avoid single points of failure and bottlenecks seen in the OpenStack OVS plugin. It implements logical L2 and L3 switching, interconnectivity with physical networks, distributed firewalling, load balancing and tunneling using technologies like VxLAN and GRE. MidoNet aligns with Neutron APIs for integration into cloud management software.
CloudKC: Evolution of Network VirtualizationCynthia Thomas
This document discusses the evolution of network virtualization. It begins with an overview of using VLANs for network virtualization, which provides L2 isolation but has limitations around scalability and management. OpenFlow is presented as an early approach that uses a centralized controller but has performance impacts. The document then introduces network overlays using software-defined networking as a more advanced approach, allowing network services to be decoupled from physical network hardware for improved scalability, agility and fault tolerance. It provides an overview of using the Midokura network virtualization platform with OpenStack Neutron for network automation and management.
The document provides an overview of network virtualization requirements and the evolution of network virtualization in OpenStack. It discusses early approaches using VLANs and OpenFlow that had limitations and outlines how network overlays using encapsulation and tunneling address these by providing scalable, isolated tenant networks decoupled from physical network hardware. It then focuses on OpenStack Neutron and how it has evolved from Nova networking to support network virtualization using plugins like Midokura that provide distributed virtual network functions without relying on physical devices.
The document provides an overview of network virtualization and the Network Virtualization Platform (NVP). It defines network virtualization as decoupling, automating, and making network behavior independent of physical network state. NVP allows for logical networks that are isolated, location-independent and independent of physical network changes. It introduces NVP components and architecture including the control plane, gateways, service nodes, and integration with hypervisors and OpenStack. The document also discusses treating physical networks like compute servers and fabric/pod network designs.
MidoNet Overview - OpenStack and SDN integrationAkhilesh Dhawan
The document provides an overview of MidoNet's network virtualization platform. It discusses MidoNet's distributed architecture as an alternative to the single network node approach of the OpenStack Neutron OVS plugin. MidoNet's distributed logical switching, routing, firewalling and load balancing are performed across multiple nodes for high performance, availability and scalability without relying on hardware appliances. The document also demonstrates MidoNet's integration with OpenStack Neutron and its capabilities for overlay networking, distributed logical topologies and load balancing as a service.
Technical Presentation about the MidoNet architecture and in-depth discussion about MidoNet features like Distributed Layer 2 Switching, Distributed Layer 3 Routing, Firewall, NAT and Distributed Flow State.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
Presenter: Taku Fukushima, Midokura Engineering
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
The document discusses MidoNet, a network virtualization platform that provides a boost to OpenStack Neutron. MidoNet uses a distributed model to avoid single points of failure and bottlenecks seen in the OpenStack OVS plugin. It implements logical L2 and L3 switching, interconnectivity with physical networks, distributed firewalling, load balancing and tunneling using technologies like VxLAN and GRE. MidoNet aligns with Neutron APIs for integration into cloud management software.
Technical Deep Dive into MidoNet - Taku Fukushima, Developer at MidokuraMidoNet
Midolman processes network packets in 3 stages:
1. The input stage receives packets from the datapath.
2. The packet processing stage simulates packet forwarding on the virtual topology, determines the egress port, and installs flows.
3. The output stage emits packets and installs flows based on the simulations.
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
Tutorial at ONUG Spring 2015 on Network and Service Virtualization. The tutorial covers three converging trends 1) Network virtualization, 2) Service virtualization, 3) overlay networking for Docker and OpenStack. The talk concludes with pointers to the hands-on portion of the tutorial that uses LorisPack, and the operational lessons learned.
The document summarizes new features in Neutron for the Juno release, including improvements to achieve parity with Nova networking functionality, the addition of distributed virtual routing to improve scalability, L3 high availability using VRRP, full IPv6 support, and enhancements to security group implementation and communication between agents and servers.
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...nvirters
OpenStack is HOT! No doubt about it. A recent survey by The New Stack and The Linux Foundation shows OpenStack as the most popular open source project ahead of other hot projects like Docker and KVM. OpenStack is now taking its rightful place as the open source cloud solution for enterprises and service providers.
To date OpenStack networking has not yet achieved the performance, scalability and reliability that many large enterprises demand. CPLANE NETWORKS solves that problem by delivering secure multi-tenant virtual networking that overcomes the limitations of the standard Neutron networking service. By making all networking services local to the compute node and achieving near line-rate throughput, CPLANE NETWORKS Dynamic Virtual Networks (DVN) delivers mega-scale networking for the most demanding application environments.
In this session John Casey will cover the basics of DVN and explain how CPLANE NETWORKS achieves "at scale" network performance within and across data centers.
About John Casey
John Casey has over 20 years of deep technology leadership. His proven success with a variety of technical leadership roles in Telecom, Enterprise and Government and in software design and development provide the foundation for the system architecture and engineering team.
Previously John led worldwide deployment teams for both IBM’s Software Group and Narus, Inc. His work in large scale, high performance system design at Transarc Labs and Walker Interactive Systems brings leadership to the CPLANE NETWORKS product suite.
Nuage Arista Hardware VTEP. Demoing the integration of Arista switch into Nuage VSP and automatic way of building Vxlan tunnels from virtual to bare metal infrastructure.
MidoNet 101: Face to Face with the Distributed SDNMidoNet
Midokura has made the source code for MidoNet freely available at www.midonet.org, delivering the truly open, vendor-agnostic network virtualization solution available for the OpenStack and the Docker community.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
FOSDEM 2015
Presenters: Antonio Sagliocco, Alex Bikfalvi in Midokura Engineering
The document provides an overview of troubleshooting methodology for VMware NSX. It discusses that NSX implements logical switching and routing services on top of an IP transport network. The key things to check when troubleshooting include validating the IP transport connectivity using tools like ping, and examining the VTEP tables and MAC tables on the NSX controller and hosts for a given virtual network identifier (VNI) to understand virtual machine connectivity and forwarding. An example is provided where pinging between VMs populates the MAC tables on hosts, demonstrating how NSX forwarding works based on these tables.
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
This document discusses troubleshooting VXLAN and network services in a virtualized environment using VMware NSX. It covers VXLAN packet flow, NSX enhancements to the data and control planes, configuration and consumption demos, packet walks in unicast mode, troubleshooting demos using NSX Manager tools, dynamic routing details and demos, and network virtualization operations. The key takeaways are that multicast is not required in the physical network for VXLAN, NSX provides tools to troubleshoot networks and services, and NSX integrates with operations tools for analysis and alerting.
VMware NSX is a network virtualization and security platform that provides logical switching, routing, firewalling, and load balancing capabilities. It emerged from VMware's acquisition of Nicira. NSX for vSphere is deployed most often as it integrates natively with VMware platforms like vCenter. The NSX architecture consists of edge nodes, controllers, and a manager to program the hypervisor kernel modules that implement the distributed data, control, and management planes. Key NSX components provide distributed logical routing, switching, and firewalling at the hypervisor level for scalability. The NSX edge services gateway delivers integrated network functions like firewall, VPN, and load balancing as virtual appliances.
This document introduces programmable virtual networks and discusses their advantages over traditional network slicing. It describes FlowVisor, an early network slicing tool, and its limitations in providing full network virtualization. The document then introduces OpenVirteX, a new system that aims to provide complete programmable virtual networks through topology, address, and policy virtualization. OpenVirteX maps virtual and physical network elements and allows independent control of virtual networks. While still in development, OpenVirteX has the potential to enable more flexible and innovative virtualized networks than previous solutions.
David Lenwell from Akanda will briefly recap basic Neutron topics around network architecture and common features such as security groups, plugins and agents, then dive in deeper, focusing on advanced services such as Routing and Load Balancing. We will then drill down into typical service provider network designs and the specific technologies in use such as Linuxbridge. We will discuss the Neutron Advanced Services driver model and how it can be useful to Service Providers (and Enterprises) based on our team's experience powering DreamCompute’s networking capabilities using Akanda. We will review Akanda, an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack that builds on top of Linux and OpenStack Neutron. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services. Finally, we will provide an update on the latest discussions heading into Tokyo such as the status of LBaaS, FWaaS as well as the newer Neutron projects such as L2 Gateway, the Neutron Stadium effort and the new Lieutenant system.
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNnvirters
Synopsis
We will start with MPLS 101 and then look into MPLS related OpenFlow actions. In the second half we will delve into RouteFlow architecture and extend it to enable Label Distribution Protocol (LDP) and MPLS routing. We will conclude with a mini-net based test bed switching traffic using MPLS labels instead of IP addresses.
This will be a hands on workshop. VM Images for Virtual Box will be provided. Attendees are expected to bring their laptops loaded with Virtual Box.
About Vikram Dham
Vikram is the CTO and co-founder of Kamboi Technologies, LLC where he advises networking companies, switch vendors and early adopters on SDN technology and distributed software development. Also, he is the founder of Bay Area Network Virtualization (BANV) meet-up group, that brings together technologists in the SDN/NFV/NV domain for technical talks, workshops and creates a truly "open" platform for sharing knowledge.
He has used SDN technologies for building software related to traffic engineering, security and routing. In the past, he was the Principal Engineer at Slingbox where he architected & built the distributed networking software for peer to peer connectivity of millions of end points. He holds MS degree in EE with a specialization in Computer Networks from Virginia Tech and has worked on research projects with companies like ECI Telecom, Raytheon and Avaya Research Labs.
6WINDGate™ - Accelerated Data Plane Solution for EPC and vEPC6WIND
The document discusses 6WIND and its 6WINDGate software. It begins by stating that 6WIND aims to replace dedicated networking hardware with commodity servers and virtualization using its software. It then provides facts about 6WIND, including that it has over 150 man years of experience developing 6WINDGate, which supports major hardware platforms. Finally, it outlines the key benefits of 6WINDGate, such as enabling high performance networking on standard platforms for both physical and virtual environments.
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
Architecting a private cloud to meet the use cases of its users can be a daunting task. How do you determine which of the many L2/L3 Neutron plugins and drivers to implement? Does network performance outweigh reliability? Are overlay networks just as performant as VLAN networks? The answers to these questions will drive the appropriate technology choice.
In this presentation, we will look at many of the common drivers built around the ML2 framework, including LinuxBridge, OVS, OVS+DPDK, SR-IOV, and more, and will provide performance data to help drive decisions around selecting a technology that's right for the situation. We will discuss our experience with some of these technologies, and the pros and cons of one technology over another in a production environment.
L4-L7 services for SDN and NVF by Youcef Laribibuildacloud
In this talk, we will discuss how L4-L7 devices can integrate in various SDN architectures, discuss benefits and some of the challenges that such integration represents. We will also talk about how SDN and NFV relate, and what are the different challenges to successfully deploy L4-L7 devices as Virtual Network Functions (VNFs) or provide such services to the NFV Infrastructure (VIM).
Bio
Youcef Laribi is a Principal Architect in the Delivery Networks BU at Citrix. He is responsible for driving the integration projects of the NetScaler ADC product with several Cloud, SDN and Automation environments including OpenStack, CloudStack, VMware NSX and Cisco ACI. He is also the Citrix representative on the OpenDaylight Technical Steering Committee. His background is mainly in Operating Systems and Distributed Systems, and he worked on several middleware technologies from DCE and CORBA in the early days, to J2EE and .NET to SOA and micro-services today. Youcef speaks 4 languages and holds a PhD and an MSc in Computer Science from the French INPG Institute in Grenoble, France.
The document discusses NSX design and deployment considerations including:
1. Physical and logical infrastructure requirements for NSX including IP connectivity and MTU size.
2. Edge cluster design with options for collapsed or separated edge and infrastructure racks.
3. NSX manager and controller placement and sizing within management clusters.
4. Transport zone, VTEP, and VXLAN switching concepts which are fundamental to the NSX overlay architecture.
From Nova-Network to Neutron and Beyond: A Look at OpenStack NetworkingCynthia Thomas
This document provides an overview of the evolution of network virtualization and OpenStack networking. It describes how networking started with manually configured VLANs, moved to OpenFlow which required programming flows, and then to network overlays using software defined networking. It outlines the requirements for network virtualization. It also details the evolution of OpenStack networking from Nova network to Quantum/Neutron, including the transition to using overlays and supporting plugins. Key features of Neutron are summarized, as well as upcoming features planned for future OpenStack releases.
Technical Deep Dive into MidoNet - Taku Fukushima, Developer at MidokuraMidoNet
Midolman processes network packets in 3 stages:
1. The input stage receives packets from the datapath.
2. The packet processing stage simulates packet forwarding on the virtual topology, determines the egress port, and installs flows.
3. The output stage emits packets and installs flows based on the simulations.
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
Tutorial at ONUG Spring 2015 on Network and Service Virtualization. The tutorial covers three converging trends 1) Network virtualization, 2) Service virtualization, 3) overlay networking for Docker and OpenStack. The talk concludes with pointers to the hands-on portion of the tutorial that uses LorisPack, and the operational lessons learned.
The document summarizes new features in Neutron for the Juno release, including improvements to achieve parity with Nova networking functionality, the addition of distributed virtual routing to improve scalability, L3 high availability using VRRP, full IPv6 support, and enhancements to security group implementation and communication between agents and servers.
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...nvirters
OpenStack is HOT! No doubt about it. A recent survey by The New Stack and The Linux Foundation shows OpenStack as the most popular open source project ahead of other hot projects like Docker and KVM. OpenStack is now taking its rightful place as the open source cloud solution for enterprises and service providers.
To date OpenStack networking has not yet achieved the performance, scalability and reliability that many large enterprises demand. CPLANE NETWORKS solves that problem by delivering secure multi-tenant virtual networking that overcomes the limitations of the standard Neutron networking service. By making all networking services local to the compute node and achieving near line-rate throughput, CPLANE NETWORKS Dynamic Virtual Networks (DVN) delivers mega-scale networking for the most demanding application environments.
In this session John Casey will cover the basics of DVN and explain how CPLANE NETWORKS achieves "at scale" network performance within and across data centers.
About John Casey
John Casey has over 20 years of deep technology leadership. His proven success with a variety of technical leadership roles in Telecom, Enterprise and Government and in software design and development provide the foundation for the system architecture and engineering team.
Previously John led worldwide deployment teams for both IBM’s Software Group and Narus, Inc. His work in large scale, high performance system design at Transarc Labs and Walker Interactive Systems brings leadership to the CPLANE NETWORKS product suite.
Nuage Arista Hardware VTEP. Demoing the integration of Arista switch into Nuage VSP and automatic way of building Vxlan tunnels from virtual to bare metal infrastructure.
MidoNet 101: Face to Face with the Distributed SDNMidoNet
Midokura has made the source code for MidoNet freely available at www.midonet.org, delivering the truly open, vendor-agnostic network virtualization solution available for the OpenStack and the Docker community.
About MidoNet
Taking an overlay-based approach to network virtualization, MidoNet sits on top of any IP-connected network, and pushes the network intelligence to the edge of the network, in software. MidoNet makes it possible to build an IaaS cloud with fully virtualized and distributed scale-out L2-L4 networking.
FOSDEM 2015
Presenters: Antonio Sagliocco, Alex Bikfalvi in Midokura Engineering
The document provides an overview of troubleshooting methodology for VMware NSX. It discusses that NSX implements logical switching and routing services on top of an IP transport network. The key things to check when troubleshooting include validating the IP transport connectivity using tools like ping, and examining the VTEP tables and MAC tables on the NSX controller and hosts for a given virtual network identifier (VNI) to understand virtual machine connectivity and forwarding. An example is provided where pinging between VMs populates the MAC tables on hosts, demonstrating how NSX forwarding works based on these tables.
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
This document discusses troubleshooting VXLAN and network services in a virtualized environment using VMware NSX. It covers VXLAN packet flow, NSX enhancements to the data and control planes, configuration and consumption demos, packet walks in unicast mode, troubleshooting demos using NSX Manager tools, dynamic routing details and demos, and network virtualization operations. The key takeaways are that multicast is not required in the physical network for VXLAN, NSX provides tools to troubleshoot networks and services, and NSX integrates with operations tools for analysis and alerting.
VMware NSX is a network virtualization and security platform that provides logical switching, routing, firewalling, and load balancing capabilities. It emerged from VMware's acquisition of Nicira. NSX for vSphere is deployed most often as it integrates natively with VMware platforms like vCenter. The NSX architecture consists of edge nodes, controllers, and a manager to program the hypervisor kernel modules that implement the distributed data, control, and management planes. Key NSX components provide distributed logical routing, switching, and firewalling at the hypervisor level for scalability. The NSX edge services gateway delivers integrated network functions like firewall, VPN, and load balancing as virtual appliances.
This document introduces programmable virtual networks and discusses their advantages over traditional network slicing. It describes FlowVisor, an early network slicing tool, and its limitations in providing full network virtualization. The document then introduces OpenVirteX, a new system that aims to provide complete programmable virtual networks through topology, address, and policy virtualization. OpenVirteX maps virtual and physical network elements and allows independent control of virtual networks. While still in development, OpenVirteX has the potential to enable more flexible and innovative virtualized networks than previous solutions.
David Lenwell from Akanda will briefly recap basic Neutron topics around network architecture and common features such as security groups, plugins and agents, then dive in deeper, focusing on advanced services such as Routing and Load Balancing. We will then drill down into typical service provider network designs and the specific technologies in use such as Linuxbridge. We will discuss the Neutron Advanced Services driver model and how it can be useful to Service Providers (and Enterprises) based on our team's experience powering DreamCompute’s networking capabilities using Akanda. We will review Akanda, an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack that builds on top of Linux and OpenStack Neutron. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services. Finally, we will provide an update on the latest discussions heading into Tokyo such as the status of LBaaS, FWaaS as well as the newer Neutron projects such as L2 Gateway, the Neutron Stadium effort and the new Lieutenant system.
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNnvirters
Synopsis
We will start with MPLS 101 and then look into MPLS related OpenFlow actions. In the second half we will delve into RouteFlow architecture and extend it to enable Label Distribution Protocol (LDP) and MPLS routing. We will conclude with a mini-net based test bed switching traffic using MPLS labels instead of IP addresses.
This will be a hands on workshop. VM Images for Virtual Box will be provided. Attendees are expected to bring their laptops loaded with Virtual Box.
About Vikram Dham
Vikram is the CTO and co-founder of Kamboi Technologies, LLC where he advises networking companies, switch vendors and early adopters on SDN technology and distributed software development. Also, he is the founder of Bay Area Network Virtualization (BANV) meet-up group, that brings together technologists in the SDN/NFV/NV domain for technical talks, workshops and creates a truly "open" platform for sharing knowledge.
He has used SDN technologies for building software related to traffic engineering, security and routing. In the past, he was the Principal Engineer at Slingbox where he architected & built the distributed networking software for peer to peer connectivity of millions of end points. He holds MS degree in EE with a specialization in Computer Networks from Virginia Tech and has worked on research projects with companies like ECI Telecom, Raytheon and Avaya Research Labs.
6WINDGate™ - Accelerated Data Plane Solution for EPC and vEPC6WIND
The document discusses 6WIND and its 6WINDGate software. It begins by stating that 6WIND aims to replace dedicated networking hardware with commodity servers and virtualization using its software. It then provides facts about 6WIND, including that it has over 150 man years of experience developing 6WINDGate, which supports major hardware platforms. Finally, it outlines the key benefits of 6WINDGate, such as enabling high performance networking on standard platforms for both physical and virtual environments.
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
Architecting a private cloud to meet the use cases of its users can be a daunting task. How do you determine which of the many L2/L3 Neutron plugins and drivers to implement? Does network performance outweigh reliability? Are overlay networks just as performant as VLAN networks? The answers to these questions will drive the appropriate technology choice.
In this presentation, we will look at many of the common drivers built around the ML2 framework, including LinuxBridge, OVS, OVS+DPDK, SR-IOV, and more, and will provide performance data to help drive decisions around selecting a technology that's right for the situation. We will discuss our experience with some of these technologies, and the pros and cons of one technology over another in a production environment.
L4-L7 services for SDN and NVF by Youcef Laribibuildacloud
In this talk, we will discuss how L4-L7 devices can integrate in various SDN architectures, discuss benefits and some of the challenges that such integration represents. We will also talk about how SDN and NFV relate, and what are the different challenges to successfully deploy L4-L7 devices as Virtual Network Functions (VNFs) or provide such services to the NFV Infrastructure (VIM).
Bio
Youcef Laribi is a Principal Architect in the Delivery Networks BU at Citrix. He is responsible for driving the integration projects of the NetScaler ADC product with several Cloud, SDN and Automation environments including OpenStack, CloudStack, VMware NSX and Cisco ACI. He is also the Citrix representative on the OpenDaylight Technical Steering Committee. His background is mainly in Operating Systems and Distributed Systems, and he worked on several middleware technologies from DCE and CORBA in the early days, to J2EE and .NET to SOA and micro-services today. Youcef speaks 4 languages and holds a PhD and an MSc in Computer Science from the French INPG Institute in Grenoble, France.
The document discusses NSX design and deployment considerations including:
1. Physical and logical infrastructure requirements for NSX including IP connectivity and MTU size.
2. Edge cluster design with options for collapsed or separated edge and infrastructure racks.
3. NSX manager and controller placement and sizing within management clusters.
4. Transport zone, VTEP, and VXLAN switching concepts which are fundamental to the NSX overlay architecture.
From Nova-Network to Neutron and Beyond: A Look at OpenStack NetworkingCynthia Thomas
This document provides an overview of the evolution of network virtualization and OpenStack networking. It describes how networking started with manually configured VLANs, moved to OpenFlow which required programming flows, and then to network overlays using software defined networking. It outlines the requirements for network virtualization. It also details the evolution of OpenStack networking from Nova network to Quantum/Neutron, including the transition to using overlays and supporting plugins. Key features of Neutron are summarized, as well as upcoming features planned for future OpenStack releases.
Quantum is an OpenStack networking project that provides networking as a service between interfaces managed by other projects like Nova. It uses plugins to support different networking technologies and providers. Quantum provides advanced network topologies and tenant control over networking that was not possible with just Nova networking. The Grizzly release includes improvements to security groups, load balancing as a service, new plugins, and seamless upgrades from Folsom.
Quantum is an OpenStack networking project that provides networking as a service. It uses plugins to support various technologies like SDN, overlay tunneling, and fabric solutions. This allows tenants to create their own network topologies with control over addressing, segmentation, and services. Quantum provides APIs for networks, subnets, and ports that integrate with Nova to attach virtual network interfaces to instances.
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
This document summarizes OpenStack networking (Neutron) and discusses its key components and architecture. It describes how Neutron provides network abstraction and virtualization through pluggable backend drivers. It also outlines some common Neutron features like security groups and highlights new capabilities in the Juno release like IPv6 support and distributed virtual routing. The document concludes by looking ahead to further networking developments in OpenStack.
OpenStack 2012 fall summit observation - Quantum/SDNTe-Yen Liu
- The keynote at the OpenStack 2012 Fall Summit highlighted Rackspace's decreasing contribution to OpenStack commits over time and Rackspace's private cloud which runs OpenStack and sees high usage.
- The Quantum project in OpenStack provides network connectivity as a service and allows different virtualization technologies to be plugged in as backends. It has evolved to add L3 and L4-L7 network services.
- Quantum uses a plugin architecture so that different virtual network backends like Open vSwitch, Linux bridge can be used. Extensions allow for additional network properties and new services like routing, load balancing to be added.
Open stack networking_101_update_2014-os-meetupsyfauser
This is the latest Update to my OpenStack Networking / Neutron 101 Slides with some more Information and caveats on the new DVR and Gateway HA Features
Understanding and deploying Network VirtualizationSDN Hub
Analogous to server virtualization, Network Virtualization decouples and isolates virtual networks (i.e. tenant) from the underlying network hardware. One of the key value propositions of Software-Defined Networking (SDN) is to enable the provisioning and operation of virtual networks. This tutorial motivates the need for network virtualization, describes the high-level requirements, provides an overview of all architectural approaches, and gives you a clear picture of the vendor landscape.
Previously presented at ONUG Fall 2013 and Spring 2014.
Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
This document provides an overview and agenda for a presentation on Red Hat Cloud Infrastructure networking. It discusses challenges with traditional VLAN-based networking and how new technologies like SDN, NFV, and network virtualization are creating exciting opportunities. It covers Red Hat's solutions for hybrid cloud networking which include Red Hat Enterprise Virtualization (RHEV) and Red Hat Enterprise Linux OpenStack Platform with the Neutron networking component. RHEV provides networking functionality within private clouds while Neutron can provide networking for both private and public cloud environments, including integration with RHEV.
- OpenStack provides network virtualization and automation capabilities through projects like Neutron, Heat, and plugins like Midonet.
- Neutron evolved networking in OpenStack to allow pluggable networking models beyond the initial Nova networking. It supports overlay technologies and network automation.
- Heat allows you to define infrastructure like servers, networks, and their relationships in templates that can be deployed through the OpenStack API. This provides automation of virtual network deployment.
- Plugins like Midonet provide distributed virtual networking models to improve scalability and performance over overlay approaches like OVS. They also allow automation of physical network configuration.
Quantum - Virtual networks for Openstacksalv_orlando
An overview of Quantum, the soon-to-be default Openstack network service.
These slides introduce Quantum, its design goals, and discusses the API. It also tries to address how quantum relates to Software Defined Networking (SDN)
Bridges and Tunnels: A Drive Through OpenStack Networkingmarkmcclain
Neutron is OpenStack's networking component that provides network connectivity between interface devices managed by other OpenStack services like Nova. It uses plugins like ML2 to support different networking types (VLAN, GRE, VXLAN) through mechanisms like Open vSwitch. Key components include agents that run on hypervisor and network nodes to implement networking and agents that handle configuration like DHCP and metadata proxy.
This document provides an introduction to software defined networking (SDN). It discusses the history and disadvantages of traditional networking approaches. SDN aims to address these issues by separating the network control and forwarding functions, and enabling programmability of the network. The key components of an SDN architecture are described, including the OpenFlow protocol for communication between the control plane and data plane. Several SDN controllers and their programming languages are also mentioned. The document concludes with the objectives of running an SDN demonstration lab using Mininet to experiment with OpenFlow and SDN controllers like Ryu.
This document provides an overview and update on VMware's NSX network virtualization platform and previews future directions. It discusses expanding NSX capabilities like physical network integration, new encapsulation formats, and multi-site network virtualization. The presentation also explores advanced topics such as distributed logical routing, handling elephant flows, and enabling service chaining through network virtualization. Overall, the document outlines how NSX provides network virtualization and previews exciting new capabilities and use cases for virtualized networking.
Networking is NOT Free: Lessons in Network DesignRandy Bias
An in-depth critique of the existing OpenStack networking approach, with a focus on how the Nova network controller is more of a hindrance than a help. Discusses the gap in Quantum's functionality required to close the gap, and alternative solutions. How can we make networking in OpenStack robust, high performance, and fault tolerant? What do typical large scale networks look like and what lessons can we learn from them? Is there an approach to networking we can take that is the same with a handful of servers as it is with hundreds of racks?
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
This document introduces software defined networking (SDN) and network functions virtualization (NFV) concepts. It discusses challenges with traditional networking and how SDN and NFV address these by decoupling the control and data planes, centralizing network intelligence, and abstracting the underlying network infrastructure. It then provides examples of open source SDN technologies like OpenDaylight, Open vSwitch, and OpenStack that can be used to build programmable software-defined networks and virtualized network functions.
KubeCon NA'22 Lightning Talk: Where did all my IPs go?Cynthia Thomas
Kubernetes cluster planning requires quite a few things to get started. What about IPs? Common IP management hurdles with Kubernetes clusters include IP assignments when building a cluster and challenges faced when deploying in a multi-faceted environment. Kubernetes Admins often need to use IP addressing handed out by Network Admins juggling other non-k8s workload IP assignments and IP exhaustion. In this talk, Cynthia will discuss new and existing KEPs that SIG-network has implemented to help mitigate IP challenges. Such features include discontiguous cluster CIDRs and the journey to IPv6. Cynthia will also discuss how the best practices for Kubernetes IP management are changing with these new capabilities to help scale and grow instead of rebuild.
https://sched.co/184sj
Kernel advantages for Istio realized with CiliumCynthia Thomas
Istio brings a myriad of options to provide routing rules, encryption, and monitoring for microservices, typically in container environments. Cilium provides accelerated network security using a modern kernel technology called BPF. Put the two together and what do you get? A distributed security solution enabling microservices traffic management, security, and monitoring while enforcing policy as close to the microservices as possible.
Cynthia Thomas and Romain Lenglet discuss the architectural and performance benefits of using Cilium with Istio and provide a demo of this BPF-based, Linux kernel technology. Cilium provides an API-aware security solution that can make a decision on every single microservice flow, with the ability to enforce protocols such as HTTP, Kafka, and gRPC. By addressing security policy at the API layer, you can enforce policy efficiently with kernel capabilities while reducing the attack surface in a microservices deployment.
Cilium:: Application-Aware Microservices via BPFCynthia Thomas
Intro to Cilium Microservices Security with Kubernetes Integration
Open Source Cilium website: cilium.io
GH: github.com/cilium/cilium
Join our Slack! cilium.herokuapp.com
Follow us on Twitter!
@ciliumproject
@_techcet_
Cilium: Seattle Kubernetes MeetUp Dec 2017Cynthia Thomas
BPF (Berkeley Packet Filter) is becoming the fastest growing technology in the Linux kernel and is revolutionizing networking, security and tracing. At the same time, the rise of container-based orchestration platforms such as Kubernetes is creating demand for routing, load-balancing & security infrastructure that is highly scalable, application-aware, and resilient.
This talk introduces the open source project Cilium - a modern networking and security platform for microservices. Cilium is built on top of BPF and provides Linux native networking and security services with application protocol awareness. Cilium works hand in hand with application proxies such as Envoy and the services management orchestration layer Istio to provide infrastructure services in a transparent manner and with minimal overhead. This talk will discuss the challenges of exposing services via APIs and the solution that Cilium provides to enforce least privilege security.
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPFCynthia Thomas
We have introduced Cilium at DockerCon US 2017 this year. Cilium provides application-aware network connectivity, security, and load-balancing for containers. This talk will follow up on the introduction and deep dive into recent kernel developments that address two fundamental questions: How can I provide application-aware security and routing efficiently without overhead embedded into every service? How can container hosts protect themselves from internal and external DDoS attacks? The solutions include:
kproxy: a kernel-based socket proxy which allows for application-aware routing and security enforcement with minimal overhead.
XDP: A lightning-fast packet processing datapath using BPF. The technology is intended for DDoS mitigation, load-balancing, and forwarding.
This talk will deep dive into these exciting technologies and show how Cilium makes BPF and these kernel features available on Linux for your Docker containers.
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
This session offers techniques for securing Docker containers and hosts using open source network virtualization technologies to implement microsegmentation. Come learn real tips and tricks that you can apply to keep your production environment secure.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfTechgropse Pvt.Ltd.
In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
CAKE: Sharing Slices of Confidential Data on BlockchainClaudio Di Ciccio
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
4. What is Network Virtualization (NV)?
3
Taking logical (virtual) networks
and services, and decoupling
them from the underlying network
hardware.
Well suited for highly virtualized
environments.
Any Application
Virtual Networks
MidoNet
VirtualizaEon
PlaOorm
Logical
L2
Existing Network Hardware
Any Cloud Management Platform
Distributed
Firewall
service
Distributed
Load
Balancer
ser
Logical
L3
Distributed
VPN
Service
KVM, ESXi, Xen LXC
5. Requirements for NV
4
Requirements
4
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
6. Requirements for NV
5
Requirements
5
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
Isolated tenant
networks
(virtual data center)
7. Requirements for NV
6
Requirements
6
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
L3 Isolation
(similar to VPC and VRF)
8. Requirements for NV
7
Requirements
7
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
Fault-tolerant devices and links
Redundant, optimized, and
fault tolerant paths to to/
from external networks
(e.g. via eBGP)
9. Requirements for NV
8
8
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual
Router (L3)
Tenant A
Virtual Router
Tenant B
Virtual Router
VM6
Virtual L2
Switch B1
Virtual L2
Switch A1
Virtual L2
Switch A2
TenantB office
Tenant B
VPN Router
Office
Network
Fault-tolerant devices and links
Fault tolerant
devices and links
10. Requirements for NV
9
Device-agnostic networking services:
• Load Balancing
• Firewalls
• Stateful NAT
• VPN
Networks and services must be fault
tolerant and scalable
12. Bonus Requirements for NV
11
Integration with cloud or
virtualization management
systems.
Optimize network by exploiting
management configuration.
Single virtual hop for networking
services
Fully distributed control plane
(ARP, DHCP, ICMP)
13. Checklist for Network Virtualization
12
q Multi-tenancy
q Scalable, fault-tolerant devices
(or device-agnostic network
services).
q L2 isolation
q L3 routing isolation
• VPC
• Like VRF (virtual routing
and fwd-ing)
q Scalable gateways
q Scalable control plane
• ARP, DHCP, ICMP
q Floating/Elastic Ips
q Stateful NAT
• Port masquerading
• DNAT
q ACLs
q Stateful (L4) Firewalls
• Security Groups
q Load Balancing with health checks
q Single Pane of Glass (API, CLI, GUI)
q Integration with management platforms
• OpenStack, CloudStack
• vSphere, RHEV, System Center
q Decoupled from Physical Network
14. Evolution of Network Virtualization
13
INNOVATION
IN
NETWORKING
AGILITY
VLAN configured
on physical switches
• Static
• Manual
• Complex
• Tenant state
maintained in
physical network
Manual End-to-End
VLAN
APPROACH
13
15. Using VLANs for NV
14
q Multi-tenancy
q Scalable, fault-tolerant devices
(or device-agnostic network
services).
ü L2 isolation
q L3 routing isolation
• VPC
• Like VRF (virtual routing
and fwd-ing)
q Scalable gateways
q Scalable control plane
• ARP, DHCP, ICMP
q Floating/Elastic IPs
q Stateful NAT
• Port masquerading
• DNAT
q ACLs
q Stateful (L4) Firewalls
• Security Groups
q Load Balancing with health checks
q Single Pane of Glass (API, CLI, GUI)
q Integration with management platforms
• OpenStack, CloudStack
• vSphere, RHEV, System Center
q Decoupled from Physical Network
16. Evolution of Network Virtualization
15
INNOVATION
IN
NETWORKING
AGILITY
Reactive End-to-End
Requires programming
of flows
• Limited scalability
• Hard to manage
• Impact to
performance
• Still requires tenant
state in physical
network
OPENFLOW
REACTIVE
APPOACH
VLAN configured
on physical switches
• Static
• Manual
• Complex
• Tenant state
maintained in
physical network
Manual End-to-End
VLAN
APPROACH
15
17. What is OpenFlow?
16
A communication protocol that gives access to the forwarding
plane of a network switch over the network.
18. What is OpenFlow?
17
A centralized remote controller
decides the path of packets
through the switches
19. Using OpenFlow for NV
18
ü Multi-tenancy
q Scalable, fault-tolerant devices
(or device-agnostic network
services).
ü L2 isolation
△ L3 routing isolation
• VPC
• Like VRF (virtual routing
and fwd-ing)
q Scalable gateways
q Scalable control plane
• ARP, DHCP, ICMP
q Floating/Elastic IPs
q Stateful NAT
• Port masquerading
• DNAT
q ACLs
q Stateful (L4) Firewalls
• Security Groups
q Load Balancing with health checks
△ Single Pane of Glass (API, CLI, GUI)
△ Integration with management platforms
• OpenStack, CloudStack
• vSphere, RHEV, System Center
q Decoupled from Physical Network
20. Evolution of Network Virtualization
19
Virtual Network
Overlays
Decoupling hardware
and software
• Cloud-ready agility
• Unlimited scalability
• Open, standards-based
• No impact to physical
network
PROACTIVE
SOFTWARE OVERLAY
INNOVATION
IN
NETWORKING
AGILITY
Reactive End-to-End
Requires programming
of flows
• Limited scalability
• Hard to manage
• Impact to
performance
• Still requires tenant
state in physical
network
OPENFLOW
REACTIVE
APPOACH
VLAN configured
on physical switches
• Static
• Manual
• Complex
• Tenant state
maintained in
physical network
Manual End-to-End
VLAN
APPROACH
19
21. 20
How do overlays achieve
real network
virtualization?
34. OpenStack
Releases
33
Release schedule: time-based scheme with major release ~ every 6 months
Codenames are alphabetical:
• Austin: The first design summit took place in Austin, TX
• Bexar: The second design summit took place in San Antonio, TX (Bexar county).
• Cactus: Cactus is a city in Texas
• Diablo: Diablo is a city in the bay area near Santa Clara, CA
• Essex: Essex is a city near Boston, MA
• Folsom: Folsom is a city near San Francisco, CA
• Grizzly: Grizzly is an element of the state flag of California (design summit takes
place in San Diego, CA)
• Havana: Havana is an unincorporated community in Oregon
• Icehouse: Ice House is a street in Hong Kong
• Juno: Juno is a locality in Georgia
• Kilo: Paris (Sèvres, actually, but that's close enough) is home to the Kilogram,
the only remaining SI unit tied to an artifact
35. 34
Before
Neutron:
Nova
Networking
• Nova-Networking was the only option in OpenStack prior to Quantum/Neutron
• Original project from A release
• No IPv6 in first release but eventually introduced
• Still available today as an alternative to Neutron, but will be phased out
Options Available within nova-networking initially:
• Only Flat
• Flat DHCP
Limitations
• No flexibility with topologies (no 3-tier)
• Tenants can’t create/manage L3 Routers
• Scaling limitations (L2 domain)
• No 3rd party vendors supported
• Complex HA model
36. 35
Nova-‐network
slightly
evolves
Introduced VLAN DHCP mode
Improvements:
• L2 Isolation – each project gets a
VLAN assigned to it
Limitations
• Need to pre-configure VLANs on
physical network
• Scaling Limitations - VLANs
• No L3
• No 3-tier topologies
• No 3rd party vendors
37. 36
Nova-‐network
slightly
evolves
C & D Releases had two general categories:
• Flat Networking
• VLAN Networking
Limitations
• Need to pre-configure VLANs on physical network
• Scaling Limitations - VLANs
• No L3
• No 3-tier topologies
• No 3rd party vendors
38. Quantum
37
OpenStack Networking branches out of the Nova project
• Tech Preview of Quantum appeared in D release
• Brought ability to have a multi-tiered network, with isolated network
segments for various applications or customers
• Quantum-server allowed for Python daemon to expose the OpenStack
Networking API and passes requests to 3rd party plugins
• Officially released in Folsom Release
39. Introducing Neutron
38
• Pluggable Architecture
• Standard API
• Many choices
Plugins Available
• MidoNet
• OVS Plugin
• Linux Bridges
• Flat DHCP
• VLAN DHCP
• ML2
• More Services (LBaaS, VPNaaS)
• Flexible network topologies
• NSX
• Plumgrid
• Nuage
• Contrail
• Ryu
• Name Change from Quantum to Neutron was announced in April 2013
• Legal Agreement to phase out code name “Quantum” due to
trademark of Quantum Corporation
OpenStack Networking as a First Class Service
40. Evolution of Neutron
39
Release
Name
Release
Date
Included
Components
AusEn
21
October
2010
Nova,
Swi]
Bexar
3
February
2011
Nova,
Glance,
Swi]
Cactus
15
April
2011
Nova,
Glance,
Swi]
Diablo
22
September
2011
Nova,
Glance,
Swi]
Essex
5
April
2012
Nova,
Glance,
Swi],
Horizon,
Keystone
Folsom
27
September
2012
Nova,
Glance,
Swi],
Horizon,
Keystone,
Quantum,
Cinder
Grizzly
4
April
2013
Nova,
Glance,
Swi],
Horizon,
Keystone,
Quantum,
Cinder
Havana
17
October
2013
Nova,
Glance,
Swi],
Horizon,
Keystone,
Neutron,
Cinder
Icehouse
April
2014
Nova,
Glance,
Swi],
Horizon,
Keystone,
Neutron,
Cinder
Juno
October
2014
Nova,
Glance,
Swi],
Horizon,
Keystone,
Neutron,
Cinder,
Heat,
Trove,
Sahara
41. Latest
Neutron
Features
40
Havana Release Brought:
• LBaaS: shipped an updated API and HAProxy driver support
• VPNaaS: supports IPSec and L3 agent ships with an OpenSwan driver
• FWaaS: enables tenant to configure security at the edge and on VIFs
• New ML2 plugin: supports local, flat, VLAN, GRE and VXLAN network
types via a type drivers and different mechanism drivers
Icehouse Release:
• New vendor plugins, LBaaS drivers and VPNaaS drivers
• OVS plugin and Linux Bridge plugin are deprecated: The ML2 plugin
combines OVS and Linux Bridge support into one plugin
• Neutron team has extended support for legacy Quantum configuration
file options for one more release
42. Latest
Neutron
Features
41
Juno Features:
• DVR functionality: Define API to create and deploy DVRs to improve the
performance
• Group-based Policy Abstractions for Neutron: API extensions for easier
consumption of the networking resources by separate organizations and
management systems
• IPv6 advancements:
• Add RADVD to namespace to handle RAs
• SLAAC
• Stateful and stateless DHCP for IPv6
• LBaaS new API driver and object model improvement for complex cases
• Quotas extension support in MidoNet plugin
• Incubator system:
• Instead of only using the summit for developing new features,
features can be developed and gestate over time
43. Upcoming
Neutron
Features
42
Expectations for Kilo:
• Neutron Core and Vendor Code decompositions
• Remove bottlenecks from contribution process
• Allows vendors to develop and control their own code at their own pace
• Allows different levels of engagement in Neutron community
• Promotes lightweight plugins and drivers with external libraries for
backend implementations
• Allow Floating IP to be specified
• Agent child process status
• ARP spoof filtering using ebtables
• Conntrack Zones support
• DHCP Service LoadBalancing Support and Options for IPv4 and IPv6
• New Iptables driver to improve performance of IptablesManager and reduce
complexity of IptablesFirewall and IptablesManager relations
• LBaaS Layer 7 Rules and TLS Specification
• MTU Selection and advertisement
45. 44
OVS Agent - receives tunnel/flow setup info from OVS Plugin, and programs Open
vSwitch to setup tunnels and send traffic through the tunnel
DHCP Agent - Sets up dnsmasq in a namespace per network/subnet and enters mac/
ip into dhcp lease file
L3 Agent – OVS Plugin orchestrates to set up IPTables, Routing, NAT tables
OVS
Open
Source
Plugin
46. 45
Neutron Network Node is a SPOF
Need to use corosync, etc for active/standby failover.
Challenging at Scale
Since there’s a single network node, this becomes a bottleneck fairly quickly.
Inefficient Networking
IPTables, L3 Agent, multiple hops for single flow are causing unnecessary traffic
and added latency on your physical network
Challenges
with
OVS
Plugin
48. 47
MidoNet
Network
VirtualizaEon
PlaOorm
Logical
L2
Switching
-‐
L2
isolaEon
and
path
opEmizaEon
with
distributed
virtual
switching
Interconnect
with
VLAN
enabled
network
via
L2
Gateway
Logical
L3
RouEng
–
L3
isolaEon
and
rouEng
between
virtual
networks
No
need
to
exit
the
so]ware
container
-‐
no
hardware
required
Distributed
Firewall
–
Provides
ACLs,
high
performance
kernel
integrated
firewall
via
a
flexible
rule
chain
system
Logical
Layer
4
Load
Balancer
–
Provides
applicaEon
load
balancing
in
so]ware
form
-‐
no
need
for
hardware
based
firewalls
VxLAN/GRE
–
Provides
VxLAN
and
GRE
tunneling
Provides
L2
connecEvity
across
L3
transport.
This
is
useful
when
L2
fabric
doesn’t
reach
all
the
way
from
the
racks
hosEng
the
VMs
to
the
physical
L2
segment
of
interest.
MidoNet/Neutron
API–
Alignment
with
OpenStack
Neutron’s
API
for
integraEon
into
compaEble
cloud
management
so]ware
v
Any Application
MidoNet
Network
VirtualizaEon
PlaOorm
Any Network Hardware
OpenStack/Cloud Management System
Distributed
Firewall
Layer
4
Load
Balancer
VxLAN/GRE
Any Hypervisor
Logical
L2
Logical
L3
NAT
MidoNet
/
Neutron
API
NAT
–
Provides
Dynamic
NAT,
Port
masquerading
49. OpenStack
IntegraEon
5
Easy
integraEon
with
OpenStack:
MidoNet
provides
a
plugin
for
Neutron.
Neutron MidoNet Plugin
51. 50
Neutron Network Node is a SPOF
Need to use corosync, etc for active/standby failover.
Challenging at Scale
Since there’s a single network node, this becomes a bottleneck fairly quickly.
Inefficient Networking
IPTables, L3 Agent, multiple hops for single flow are causing unnecessary traffic
and added latency on your physical network
Challenges
with
OVS
Plugin
60. NVOs can’t ignore the physical network
59
Dynamic changes to logical
network are not dependent on the
physical network configuration.
Sharing state to and from the
physical network can be
supplementary.
- Monitoring
- Coordination
- Traffic Engineering
62. NVOs provide a wealth of information
61
NVOs centralize information on
your network
We can start taking advantage of
this information
- Security
- Compliance
- Optimizing Networks
64. Midokura VTEP Solution
63
MidoNet MidoNet
Virtual
Any
Cloud
Management
PlaLorm
MidoNet
Network
State
Database
VM VM VM VM VM VM
IP Fabric
Server
Storage
Services
Physical
VM VM
VTEP
OVSDBc
VxLAN Tunnel
Physical Connection
OVSDB
TCP/IP
Key
OVSDBs
66. 40Gb
VxLAN
Offloading:
virtualized
environments
require
high
throughput
infrastructure
• IntegraEon
with
Mellanox
provides
40
Gbps
saturaEon
• VxLAN
offloading
improves
CPU
uElizaEon
levels
• Scale
with
performance
through
HW
interconnect
• Increase
throughput
with
offloading
where
no
offloading
would
otherwise
have
flat
results
• High
bandwidth
can
now
be
achieved
in
so]ware
Performance
68. MidoNet Unleashed
• Apache 2 Licensed
• Build a truly open and
neutral community of users
and vendors
• Heavily focused on
providing a networking
solution that functions well
for production environments
• Available since OpenStack
Paris at midonet.org
67
70. How can you contribute to MidoNet?
69
• Check out the website:
www.midonet.org
• Join the MidoNet community! Wiki, Jenkins, Gerrit,
Ask, IRC, ML, Github
• Packages are available; easy to install with MidoStack
• Sign Legal to Contribute
• Midokurians on hand to support community
71. 70
MidoNet
Advantages
Check
out
our
blog:
hjp://blog.midokura.com/
Follow
us
on
Twijer:
@midokura
@midonet