Network virtualization for cloud services infrastructure

INDUST RIA L PR OJ E CT WIT H A LCAT E L -LUCENT

SHAHR YAR ALI

Problem statement

• Cloud computing has increased the requirements on the network infrastructure.

• Traditional Data center networks are less scalable, complex and inflexible.

• Technologies like VLANs and STP does not meet the requirements of Multi-tenant virtualized data centers.

Industry solutions

• Network Virtualization

1. TRILL (IETF), PBB(IEEE 802.1ah) , SPB (IEEE 802.1aq)

2. VRF, MPLS-VPN

3. VXLAN, NVGRE, STT (recent IETF drafts)

• Software defined networks (SDN)

1. OpenFlow

2. OpenStack

Project objectives

Investigating multi-tenant data centers

Understanding Data center Networking

Analyzing Multi-tenant virtualized

data centers

Investigating the limitations of multi-tenant data centers

and solutions

Understanding the limitations of Multi-tenant data

centers

Analyzing the Network

virtualization solutions.

Examining recent IETF drafts

Comparative Analysis

Limitations of VXLAN

Use of Software Defined Networks

OpenFlow as control plane for

VXLAN

Lab Simulation

Proposing an OpenStack based

solution

Literature Review : Cloud Computing

• Cloud Computing types

1. Public

2. Private

3. Hybrid

• Cloud Computing types of service

1. Software as a service (SaaS)

2. Platform as a service (PaaS)

3. Infrastructure as a service (IaaS)

Literature review : Virtualization

VM1

Application

Guest OS

Virtual Hardware

VM2

Application

Guest OS

Virtual Hardware

Physical Server (Memory, CPU)

Host Operating system or Hypervisor

• Virtualization basics

1. Hypervisor

2. Virtual machine(VM)

• Why virtualize?

1. To avoid server sprawl

2. Reduce costs

3. Isolate applications

Investigating multi-tenant virtualized Data centers

Data center Networking

• Data center networking architecture

1. Core layer

2. Aggregation layer

3. Access layer

• Networking protocols essentials

1. IP, TCP, UDP

2. ARP, Ethernet

3. VLANs and STP

Multi-tenant virtualized data centers

• Multi-tenancy

• Multi-tenant data center designs

1. Top of Rack(ToR)

2. End of Row(EoR)

Multi-tenant virtualized data centers

Multi-tenant separation

Layer 2 network virtualization Layer 3 network virtualization

Understanding the limitations of multi-tenant data centers

• VLAN limitations

• 12 bit VLAN ID

• STP limitations

• Limits bandwidth

• Slow convergence

• Multi-tenant address separation

• Duplicate IP and MAC addresses

• VM mobility

• Mobility across subnets

• Complexity

• No dynamic provisioning

What is Network virtualization?

Faithful reproduction of the physical network .

• Use of overlay networks

1. MAC-in-MAC encapsulation

2. MAC-in-IP encapsulation

• Dynamic network provisioning, simplified network management.

• Symmetry between the compute and Network parts.

Network virtualization with L2 overlay over L3 (MAC-in-IP encapsulation)

1. Virtual extensible LANs( VXLAN)

2. Network virtualization with GRE (NVGRE)

3. Stateless transport tunneling protocol (STT)

Virtual extensible LANs( VXLAN)

• Backed by VMware, Cisco systems, Arista Networks, Brocade, and Redhat.

• Exclusively to address the limitations caused by multi-tenancy.

• 24-bit ID called Virtual Network Identifier (VNI).

• VXLAN uses UDP encapsulation.

Virtual extensible LANs( VXLAN)

• VXLAN segment identified by VNI between tunnel endpoints called Virtual Tunnel End Points (VTEPs).

• Ideally each VNI is associated to a seperatemulticast group.

• VTEPs join a particular multicast group using Internet Group management protocol(IGMP).

• Switches learn about groups using IGMP snooping.

NVGRE

• Backed by Microsoft, HP, and Dell.

• Addresses the same problems as VXLAN.

• Generic routing encapsulation(GRE) as a tunneling protocol.

• STT is VMware’s (originally Nicira’s) proposal.

• Also addresses the problem of large packets size (MTU) which VXLAN and NVGRE does not.

• STT leverages the advantages of TSO(TCP segmentation offload).

STT

OpenFlow and Network virtualization

• Control plane in the controller and Data plane in the switch.

• The action of the switch depends on the rule on which the packet header is defined.

• Network virtualization through Flowvisor.

• OpenFlow in multi-tenant data centers

1. To remove VLAN limitations

2. On-demand tenant network configuration

3. Vendor independence

Comparative analysis

• VXLAN versus NVGRE and STT

1. Existing switches does not parse GRE completely.

2. Load balancing, firewalls and ACLs issues with NVGRE.

3. Large and dominant vendor community.

4. Firewalls more likely to block STT.

• VXLAN versus MPLS

1. Hypervisor vendors use only layer 2 model.

2. Networking gear in the data centers does not support MPLS.

VXLAN

• VMware ESXi

• Cisco Nexus 1000V

• OpenvSwitch 1.10.0

• Latest additions:

• Arista 7150 Series[58]

• Nauge Networks DVRS [59]

• Brocade ADX Series

• F5 Big IP platform

NVGRE

• Microsoft Windows Server 2012

• Openvswitch 1.10.0

• Latest additions:

• Arista 7150 Series

OpenFlow as control plane for VXLAN

• Limitations of VXLAN

1. IP Multicast

2. No control plane specified

• Advantages of OpenFlow based control plane

1. Less processing Load on Hypervisor.

2. On demand flow entries.

3. No control plane protocols in switch.

Lab Simulation: VXLAN with Open vSwitch and Floodlight OpenFlow controller

Lab Simulation

Tasks:

• Connecting Floodlight controller to Open vSwitch

• Pushing static flows in Floodlight controller using REST API

• VXLAN tunnel configuration between two isolated bridges

Results:• Only point to point tunnels can be created as

there is no multicast learning in Open vSwitch.

• It is less scalable and no dynamic provisioning of virtual networks is possible.

Solution : • Require to build a controller module to enable

IGMP snooping.

• Integrate a cloud orchestration system like OpenStack to access the VNI to multicast mapping.

Integrating OpenStack with OpenFlow based VXLAN solution

• OpenStack can be used to provide a management plane.

• OpenStack with Open vSwitch can be directly used to create VXLAN tunnels using the OVS plugin.

• OpenFlow can discover the database of virtual networks from OpenStack using the OpenStack APIs.

Conclusion and Recommendations

• Traditional data centers networking needs to change to meet the requirements of cloud computing.

• Network virtualization using overlays can address most or all of the limitations.

• VXLAN is the most viable overlay mechanism .

• OpenFlow can work as a potential control plane for VXLAN.

• Integrating OpenStack can further optimize the network virtualization solution.

References• “VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks”, working

draft, version 4, Network Working Group, IETF, February 2013.

• Sridharan, M., "NVGRE: Network Virtualization using Generic Routing Encapsulation", draft-sridharan-virtualization-nvgre-02, Feb 2013

• Davie, B., and J. Gross. "A stateless transport tunneling protocol for network virtualization (STT)." draft-davie-stt-03. txt (work in progress) (2013).

• “Network Functions Virtualisation”, whitepaper, ETSI. 22 October 2012

• ONF Market Education Committee. "Software-Defined Networking: The New Norm for Networks." ONF White Paper. Palo Alto, US: Open Networking Foundation (2012)

• “Problem Statement: Overlays for Network Virtualization draft-ietf-nvo3-overlay-problem-statement-04 ”, working draft, Network Working Group, IETF, May 2013.

References• Network Virtualization Platform”, whitepaper, Nicira, 2013.

• “Virtualized services platform release 1.0 , whitepaper, Nuage Networks-An Alcatel-Lucent Venture, 2013

• Sherwood, Rob, et al. "Flowvisor: A network virtualization layer." OpenFlow Switch Consortium, Tech. Rep (2009).

• Project Floodlight, Big Switch networks. http://www.projectfloodlight.org/floodlight.

• Open source software for building private and public clouds .Available: http://www.openstack.org/.

• Neutron plugins, https://wiki.openstack.org/wiki/Neutron.