NVP  “Deep  Dive”
Yves	
  Fauser	
  
Network	
  Virtualiza3on	
  Pla6orm	
  System	
  Engineer	
  
	
  
	
  
(slides	
  pr...
Network  Virtualiza6on
Virtual	
  Network	
  
Virtual	
  Machine	
  

DECOUPLE	
  

AUTOMATE	
  

Logical	
  Routers	
  

...
A  technical  defini6on  of  “network  virtualiza6on”
•  Network	
  virtualiza3on	
  is:	
  	
  
•  A	
  reproducKon	
  of	...
Introducing  NVP
•  NVP	
  “Network	
  Virtualiza3on	
  Pla6orm”	
  
•  Compa3ble	
  with	
  KVM,	
  XenServer,	
  and	
  ...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
Physical  
(Non-­‐virtualized)  
View

Internet	
  

Remote	
  Site	
  
Bare	
  Metal	
  
VLANs	
  
L2	
  Gateway	
  

Ten...
Logical
(Virtualized)
View

World	
  

NAT	
  

World	
  

NAT	
  

World	
  
World	
  

NAT	
  
L	
  Router	
  
NAT	
  
L...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
Treat  your  physical  network  like  you  treat  
your  compute  servers
• 
• 
• 
• 
• 

One	
  big	
  pool	
  of	
  reso...
Fabric  &  POD  Design

World	
  
BGP	
  
Pod	
  Switch	
  

Pod	
  Switch	
  

BGP	
  
OSPF	
  
ISIS	
  

No	
  VM	
  
ad...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
About  Open  vSwitch  
•  Open	
  Source,	
  started	
  with	
  code	
  contributed	
  by	
  Nicira	
  
•  Widespread	
  s...
Hypervisor
Controller	
  
Controller	
  
NVP	
  Controller	
  

TCP	
  6633	
  
OpenFlow	
  

TCP	
  6632	
  
OVSDB	
  

T...
NVP  Tunneling
VM	
  source	
  
MAC	
  
VM	
  source	
  
IP	
  

Logical  Network
Physical  Network
VM	
  source	
  
MAC	
...
A  friendly  note  about  tunneling  
protocols…
•  tunneling	
  protocol	
  !=	
  network	
  virtualiza3on.	
  	
  	
  	
...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
NVP  Controller  Basics
•  x86	
  SoMware	
  
•  Exposes	
  northbound	
  API	
  to	
  
Quantum	
  
•  	
  Southbound	
  A...
NVP  Controller  scale  out
Transport	
  	
  
Network	
  

Controller	
  
Cluster	
  

WebService	
  
API	
  

NVP	
  
Con...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
NVP  API
NVP	
  API	
  
Descrip3on	
  of	
  
physical	
  world	
  

• 

• 
• 
• 

Non-­‐Virtualized	
  Abstrac3ons	
  
Tra...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
Quantum  w/NVP  Architecture
Create	
  
Net	
  1	
  
Create	
  Net	
  1	
  

Quantum	
  
API	
  

NVP	
  
Plugin	
  

Tena...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
L2  Gateways
virtualized	
  
view	
  

Logical	
  Switch	
  1	
  

VLAN	
  10	
  
WEB	
  

WEB	
  

Data	
  

non-­‐virtua...
L3  Gateway  HA  +  Scale-­‐out
L3	
  Gateway	
  Service	
  
Failure	
  Zone	
  2	
  

Failure	
  Zone	
  1	
  

R9	
  

R...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
Service  Node  HA  +  Scale-­‐out
Bcat/Mcast	
  ReplicaKon	
  Service	
  
Failure	
  Zone	
  2	
  

Failure	
  Zone	
  1	
...
The  NVP  “Stack”
Mgmt	
  &	
  Operator	
  
Tools	
  

Quantum	
  &	
  Quantum	
  
API	
  

NVP	
  API	
  
NVP	
  Control	...
Management  &  
Opera6ons
•  Tunnel	
  status	
  
•  Port-­‐to-­‐port	
  
troubleshoo3ng	
  tool	
  
•  Traceflow	
  packet...
Management  &  Opera6ons  (2)
•  Automated	
  deployment	
  
of	
  new	
  Version	
  
•  Built	
  in	
  compa3bility	
  
v...
NVP:  It’s  not  just  about  scale  …
•  Data	
  plane	
  performance	
  
•  Fast	
  +	
  reliable	
  high	
  availabilit...
Thank  You!
Have	
  a	
  great	
  OpenStack	
  CEE	
  Day	
  and	
  check	
  out	
  our	
  booth	
  

OpenStack	
  CEE	
  ...
Upcoming SlideShare
Loading in …5
×

Nvp deep dive_session_cee-day

675 views

Published on

Published in: Self Improvement
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
675
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
64
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Nvp deep dive_session_cee-day

  1. 1. NVP  “Deep  Dive” Yves  Fauser   Network  Virtualiza3on  Pla6orm  System  Engineer       (slides  prepared  by  Bad  Hedlund  &  Dan  Wendlandt)   OpenStack  CEE  Day  2013  
  2. 2. Network  Virtualiza6on Virtual  Network   Virtual  Machine   DECOUPLE   AUTOMATE   Logical  Routers   Load  Balancer   VIP   vCPU   Logical  Switches   vNIC   image   vRAM   Security  Profiles   REPRODUCE   SoMware   SOFTWARE  VIRTUALIZATION  LAYER   Hardware   L3  Router   CPU   NIC   Network   x86  Machine   HD   L2  Switch   Load  Balancer   RAM   OpenStack  CEE  Day  2013  
  3. 3. A  technical  defini6on  of  “network  virtualiza6on” •  Network  virtualiza3on  is:     •  A  reproducKon  of  physical  networks:   •  Q:  Do  you  have  L2  broadcast  /  mul3cast,  so  apps  do  not  need  to  be  modified?     •  Q:  Do  you  have  the  same  visibility  and  control  over  network  behavior?     •  A  fully  isolated  environment:   •  Q:  Could  two  tenants  decide  to  use  the  same  RFC  1918  private  IP  space?       •  Q:  Could  you  clone  a  network  (IPs,  MACs,  and  all)  and  deploy  a  second  copy?     •  Physical  network  locaKon  independent:   •  Q:  Can  two  VMs  be  on  the  same  L2  logical  network,  while  in  different  physical  L2  networks?   •  Q:  Can  a  VM  migrate  without  disrup3ng  its  security  policies,  packet  counters,  or  flow  state?     •  Physical  network  state  independent:     •  Q:  Do  physical  devices  need  to  be  updated  when  a  new  network/workloads  is  provisioned?   •  Q:  Does  the  applica3on  depend  on  a  feature  in  the  physical  switch  specific  to  a  vendor?     •  Q:  If  a  physical  device  died  and  was  replaced,  would  applica3on  details  need  to  be  known?     •  Network  virtualiza3on  is  NOT:     •  Running  network  func3onality  in  a  VM  (e.g.,  Router  or  Load-­‐balancer  VM)   OpenStack  CEE  Day  2013  
  4. 4. Introducing  NVP •  NVP  “Network  Virtualiza3on  Pla6orm”   •  Compa3ble  with  KVM,  XenServer,  and  VMware  hypervisors.     •  NVP  1.0  release  in  July  2011  (prod  deployments  for  2  years)   •  Network  pla6orm  for  largest  produc3on  OpenStack  deployment,   and  many  others…   •  4  new  releases  per  year  (soMware  is  ea3ng  the  world…)     •  Current  release  is  NVP  3.1  (Q2  release)   OpenStack  CEE  Day  2013  
  5. 5. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  6. 6. Physical   (Non-­‐virtualized)   View Internet   Remote  Site   Bare  Metal   VLANs   L2  Gateway   Tenants   Operators   L3  Gateway   L3  Gateway   NVP  Manager   OVS   OVS   OVS   L2  Gateway   OVS   Service  Nodes   Service  Nodes   OVS   OVS   L3  Fabric   NVP  API   Controller   Controller   NVP  Controller   OVS   OVS   Hypervisor  1   Hypervisor  2   WEB     APP   WEB   DB   OpenStack  CEE  Day  2013   … OVS   Hypervisor  N   DB   APP   Compute  
  7. 7. Logical (Virtualized) View World   NAT   World   NAT   World   World   NAT   L  Router   NAT   L  Router   L  Router   L  Router   L  Switch   L  Switch   L  Switch   Remote  Site   L  Switch   L  Router   L  Switch   L  Switch   L  Switch   L   L          Monitoring  Switch   Security          QoS    Switch   Security          QoS    Switch          Monitoring  Switch   L  Switch   L   L   Security          QoS            Monitoring   L  Switch   L  Switch   Security          QoS            Monitoring   L  Switch   DB   APP   DB   WEB   Security          QoS            Monitoring   APPDB     DB   WEB     WEB   APP DB   WEB   APP   APP   DB   WEB   DB   WEB   APP   WEB   APP   Virtual  Network   WEB     APP WEB APP     Virtual  Network   Virtual  Network   WEB   APP   Virtual  Network   Virtual  Network   OpenStack  CEE  Day  2013   DB     DB DB  
  8. 8. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  9. 9. Treat  your  physical  network  like  you  treat   your  compute  servers •  •  •  •  •  One  big  pool  of  resource  capacity  to  be  sliced  up  on-­‐demand  for  tenants.     Rely  on  only  commodity  features  (L3  forwarding)  to  enable  vendor  flexibility.   ConfiguraKon  is  done  once  when  the  devices  are  racked,  can  easily  be  automated.   No  human  in  the  loop  when  an  applica3on/workload  is  provisioned.     Flexibility  to  choose/change  architecture  design  without  impac3ng  applica3ons.     OpenStack  CEE  Day  2013  
  10. 10. Fabric  &  POD  Design World   BGP   Pod  Switch   Pod  Switch   BGP   OSPF   ISIS   No  VM   addresses   Spine   Switch   Spine   Switch   Spine   Switch   Spine   Switch   L3  ECMP   L3   L2   Leaf  Switch   Leaf  Switch   Leaf  Switch   Leaf  Switch   Leaf  Switch   Leaf  Switch   Hypervisor   Hypervisor   NVP  Controller   Hypervisor   Hypervisor   Service  Nodes   Hypervisor   Hypervisor   OpenStack   Hypervisor   Hypervisor   Edge   Switch   STT/GRE   Edge   Switch   VLANs   OpenStack   Compute   Cabinets   Compute   Cabinets   Infrastructure   Cabinets   OpenStack  CEE  Day  2013   L3  Gateways   L2  Gateways   Edge  Gateway   Cabinets   R R Sta3c  /  NAT  
  11. 11. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  12. 12. About  Open  vSwitch   •  Open  Source,  started  with  code  contributed  by  Nicira   •  Widespread  support  in  a  lot  of  Linux  Distribu3ons     •  Upstreamed  in  Linux  Kernel   •  Building  block  for  most  Quantum  Plugins  today.       •  No  single  “feature  set”:  generic  flow  table  lookup  +  tunneling   engine.   •  Really  what  mamers  is  how  this  “engine”  is  programmed.    Ranges   from:     •  very  simple  (L2  forwarding)     •  very  complex  (L2  +  L3  +  ACL  +  QoS,  etc.)     OpenStack  CEE  Day  2013  
  13. 13. Hypervisor Controller   Controller   NVP  Controller   TCP  6633   OpenFlow   TCP  6632   OVSDB   Top  of  Rack     Switch(s)   MGMT   eth0   user   eth1   kernel   br0     Config/State  DB   Linux  IP  stack  +  rouKng  table   192.168.10.1   Tunnel  Ports     (to  Linux  IP  Stack)     ovsdb-­‐server   br-­‐int  (flow  table)                                         ovs-­‐vswitchd   WEB   OpenStack  CEE  Day  2013   WEB   APP   APP  
  14. 14. NVP  Tunneling VM  source   MAC   VM  source   IP   Logical  Network Physical  Network VM  source   MAC   VM   VM   Open  vSwitch   (OVS)   Open  vSwitch   (OVS)   Hypervisor  Pla6orm   Hypervisor  Pla6orm   VM  source   MAC   VM  source   IP   VM  source   MAC   VM  source   IP   VM  source   IP   source  HV   MAC   source  MAC   Source  HV   IP   source  HV   IP   OpenStack  CEE  Day  2013  
  15. 15. A  friendly  note  about  tunneling   protocols… •  tunneling  protocol  !=  network  virtualiza3on.         They  are  just  a  part  of  the  solu3on.   •  What  does  mamer:  how  forwarding  rules  setup.       •  For  example:     •  GRE  was  around  for  years,  but  missing  programmable  forwarding   •  VXLAN  adop3on  hobbled  by  reliance  on  mul3cast  to  program  forwarding.   •  NVP  enables  programma3c  forwarding  setup,  can  use  many   protocols.   •  For  example:     •  IPsec  tunneling  if  security  is  required  (e.g.,  over  WAN)   •  VXLAN  if  interac3on  with  a  physical  switch  is  required.         OpenStack  CEE  Day  2013  
  16. 16. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  17. 17. NVP  Controller  Basics •  x86  SoMware   •  Exposes  northbound  API  to   Quantum   •   Southbound  API  to  OVS   •  Maps  between  logical  +  physical   •  Never  handles  dataplane  traffic   OpenStack  CEE  Day  2013   NVP   NVP   Controller   NVP   Controller   Controller  
  18. 18. NVP  Controller  scale  out Transport     Network   Controller   Cluster   WebService   API   NVP   Controller   NVP   Controller   Node1   Node2   •  •  •  •  Persistent   Storage   NVP   Controller   NVP   Controller   Node3   Node4   All  nodes  Ac3ve   Workload  sliced  and  shared   Majority  rule   Live  SoMware  Upgrades   OpenStack  CEE  Day  2013   Logical     Network   NVP   Controller   Node5  
  19. 19. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  20. 20. NVP  API NVP  API   Descrip3on  of   physical  world   •  •  •  •  Non-­‐Virtualized  Abstrac3ons   Transport  Nodes     (Mgmt  &  tunnel  informa3on   about  hypervisors,  gateways,   service  nodes)   Transport  Zones     (Physical  networks  connec3ng   Transport  Nodes)   Gateway  Services     (Collec3on  of  GW  devices  that   func3on  as  a  single  unit)   Controller  Cluster  status   Descrip3on  of   logical  world   Virtualized  Abstrac3ons   •  Logical  Switch  (L2)   •  Logical  Router  (L3)   •  Logical  Port     •  Port  security  /  port   isola3on   •  ACLs  /  Security  Groups   •  QoS   •  Packet  Sta3s3cs   •  Port  mirroring   OpenStack  CEE  Day  2013  
  21. 21. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  22. 22. Quantum  w/NVP  Architecture Create   Net  1   Create  Net  1   Quantum   API   NVP   Plugin   Tenant  Scripts   Horizon   Return   port-­‐ID   NVP  Controller   NVP  Controller   NVP  Controller   Cluster   Create  port  Net  1,  return  port  ID   Orchestra3on  Code   Boot  VM  on  Net  1   Nova   API   Nova   Driver   Push  flow  state   OVS   Create  vnic   with  port  ID   OpenStack  CEE  Day  2013   Nova  Compute   L3  Fabric  
  23. 23. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  24. 24. L2  Gateways virtualized   view   Logical  Switch  1   VLAN  10   WEB   WEB   Data   non-­‐virtualized   view   Data   Data   VLAN  10   Data   L3  Gateway   L2  Gateway   IPSec  +  STT/GRE   WAN  /  Internet   Service  Node   Service  Node   NVP  Controller   STT/GRE  Tunnels   Hypervisors   HV1   br-­‐int   WEB   HV2   br-­‐int   WEB   OpenStack  CEE  Day  2013  
  25. 25. L3  Gateway  HA  +  Scale-­‐out L3  Gateway  Service   Failure  Zone  2   Failure  Zone  1   R9   R3   R11   R5   R1   R7   R5   R11   R10   R4   R12   R6   R2   R8   R6   R12   GW  N   GW  1   GW  N+1   GW2   STT/GRE  Tunnels   with  monitoring.     Hypervisors   HV1   br-­‐int   HV2   br-­‐int   OpenStack  CEE  Day  2013  
  26. 26. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  27. 27. Service  Node  HA  +  Scale-­‐out Bcat/Mcast  ReplicaKon  Service   Failure  Zone  2   Failure  Zone  1   Logical   Switch  1   Logical   Switch  1   Logical   Switch  1   Logical   Switch  1   Logical   Switch  N   Logical   Switch  N   Logical   Switch  N   Logical   Switch  N   SN  1   SN  N   SN  N+1   SN  2   STT/GRE  Tunnels   with  monitoring.     Hypervisors   HV1   br-­‐int   HV2   Brad  Hedlund  -­‐  OpenStack  Grizzly   OpenStack  CEE  Day  2013   br-­‐int  
  28. 28. The  NVP  “Stack” Mgmt  &  Operator   Tools   Quantum  &  Quantum   API   NVP  API   NVP  Control  Plane   L2/L3   Gateways   Service   Nodes   Hypervisors  +  OVS     Physical  Network   OpenStack  CEE  Day  2013  
  29. 29. Management  &   Opera6ons •  Tunnel  status   •  Port-­‐to-­‐port   troubleshoo3ng  tool   •  Traceflow  packet   injec3on   OpenStack  CEE  Day  2013  
  30. 30. Management  &  Opera6ons  (2) •  Automated  deployment   of  new  Version   •  Built  in  compa3bility   verifica3on   •  Rollback   •  Online  Upgrade     (i.e.  dataplane  &     control  plane  services   stay  up)   OpenStack  CEE  Day  2013  
  31. 31. NVP:  It’s  not  just  about  scale  … •  Data  plane  performance   •  Fast  +  reliable  high  availability     (data  plane  +  control  plane)   •  Rich  logical  network  capabili3es     (QoS,  ACLs,  sta3s3cs,  etc.)   •  Ability  to  onboard  remote  customers  +     physical  workloads  (L2  GW)   •  Operator  tools  to  troubleshoot,  upgrade,  etc.   OpenStack  CEE  Day  2013  
  32. 32. Thank  You! Have  a  great  OpenStack  CEE  Day  and  check  out  our  booth   OpenStack  CEE  Day  2013  

×