sdn in cloudstack
DESCRIPTION
Presentation by Hugo Trippaers from Schuberg Phillis, he talks about Software Defined Networking and its application in cloud computing. Hugo implemented the integration of the Nicira private gateway in Apache CloudStack. He also covers midonet from Midokura, the BigSwitch virtual wit and the native SDN controller in CloudsStack which uses GRE tunnels. SDN allows to dynamically configure and manage virtual network, this allows for easy provisioning of tenant's network in teh cloudTRANSCRIPT
SDN in CloudStack
About me
Hugo TrippaersEmail: [email protected]: @Spark404Freenode: Spark404
I’ve been working in IT for over two decades, mainly at ISP ands hosting companiesMission Critical Engineer at Schuberg Philis for almost 6 years.
Responsible for the 100% availability of our customers application landscapesCurrently part of the internal development team
PMC member for Apache Cloudstack
»–––
»»––
»
CloudStack networking - the five minute version
CloudStack networkingBasic, isolation using security groups (L3)Advanced, isolation using network isolation (L2)
SDN was introduced to create isolated networks in Advancedzones
By now it can do much more... (Routing, Firewall, NAT)
»––
»
»
3
Isolation with VLAN
4
CloudStack takes care off the configurationof hypervisor switches.
Who takes care of thenetworking gear?
Isolation with VLAN
5
CloudStack takes care off the configurationof hypervisor switches.
Who takes care of thenetworking gear?
He does...
Isolation with Software Defined Networking
6
Who takes care of thenetworking gear?
CloudStack takes care off the configurationof hypervisor switches and L2 networking.
Isolation with Software Defined Networking
7
Who takes care of thenetworking gear?
CloudStack takes care off the configurationof hypervisor switches and L2 networking.
Software defined networking - core concepts
Decouples the control plane (what data is going where) from the data plane (how to get datathere)
Makes network management easier by abstracting low-level functionality into virtual services.Independent of hardware and/or vendor
Provides a Northbound APIAllows administrators to use automated tooling to provision services
Scale?
»
»–
»–
»
8
Software Defined Networking - advanced
Where can we go if we have a software based network infrastructure.Distributed routing?Integrated security framework?Application controlled networking?
Endless possibilities, it’s all software anyway
»–––
»
9
SDN in CloudStack
Where is it?»
10
SDN in CloudStack
Where is it?»
11
Implemented in the core ofCloudStack.
“Movable parts” configured perplugin.
Controlled by existing offeringmodel.
SDN implementations
12
Isolation DHCP Firewall NAT SecurityGroups VPC
GRE isolation Pre ACS - - - - -
SDN implementations - GRE isolation
Uses the existing implementation of OpenVSwitch in XenServer andXCP
Uses the OpenVSwitch GRE tunnels to “link” OpenVSwitch bridgesbetween hypervisors
Entirely controlled by CloudStack
ProsDoesn’t require external components
ConsBandwidth is limited due to lack of offloadingLarge deployments require a lot of tunnelsLimited set of hypervisors supported (XenServer)
»
–
–
»–
»–––
13
SDN implementations
14
Isolation DHCP Firewall NAT SecurityGroups VPC
GRE isolation Pre ACS - - - - -
Nicira NVP >= 4.0 - - - - -
SDN implementations - Nicira NVP
A commercial SDN solution developed byNicira. Uses both OpenVSwitch andOpenFlow to build overlay tunnels on anexisting network.
ProsSTT tunnel protocol is optimized for
high-bandwidthIncludes a gateway to link existing L3
or L2 networks to the virtual switchCons
Requires custom OpenVSwitch onhypervisors.
»
»–
–
»–
15
SDN Implementations
16
Isolation DHCP Firewall NAT SecurityGroups VPC
GRE isolation Pre ACS - - - - -
Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1
Big Switch VNS >= 4.1 - - - - -
SDN implementations - Nicira NVP (>= ACS 4.1)
Nicira NVP plugin is updated to supportL3 functionality. With this functionalitythe existing VRouter can be replaced with aSDN based construct.Several changes have been made to the
VPC setup to support SDN based networksin VPCs.
»
»
17
SDN implementations - BigSwitch VNS
The Big Switch Networks plugin is a CloudStack SDNplugin using the BigSwitch VNS platform. WhileBigSwitch VNS is a commercial solution, it iscompletely based on open standards like OpenFlow
ProsUses open standards
ConsRequires hypervisors are switches to support
OpenFlow
»
»–
»–
18
SDN Implementations
19
Isolation DHCP Firewall NAT SecurityGroups VPC
GRE isolation Pre ACS - - - - -
Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1
Big Switch VNS >= 4.1 - - - - -
Midokura Midonet master master master master - -
Stratosphere SSP review - - - - -
SDN implementations - Midokura Midonet
Midokura Midonet is implemented as aCloudStack plugin. It offeres a complete set ofadvanced features like DHCP, L3 Routing andvarious NAT options.
ProsComplete solution for building standard
networks including L3 functions.
ConsCan only be used with the KVM hypervisor.
»
»–
»–
20
SDN implementations - Stratosphere
Stratosphre SSP is an SDN controller thatcontrols or brokers physical and or virtual networkdevices. Stratosphere SSP will build a vxlanbacked overlay network. The plugin makes L2connectivity service provided by SSP.
Not much information available yet.
»
»
21
SDN implementations - next steps?
Support for VPCIncluding private gateways
Common configuration and setup
Security Groups
»–
»
»
22
SDN in CloudStack - how does it work
Preparing a SDN solution for use requires someconfiguration work up front
»
23
Preparation - Configure physical network
The physical network defines the type of L2 isolation used.»
24
Preparation - Setup Providers
The provider is the place toconfigure the SDN controller
Not used by the GRE tunnels, thatis configured using configurationparameters.
»
»
25
Preparation - Setup network offerings
Connectivity is key
Services define where and how SDN is used inthe offering
»
»
26
SDN in CloudStack - how does it work
Preparing a SDN solution for use requires someconfiguration work up front
Using the SDN solution is as straight forward as anynetworking in CloudStack
»
»
27
Usage - Creating a new network
The role of Network Guruseach guru supports a specific type of networkselect based on a number of criteria, of which
isolation type is only one
Selected guru is stored in the database for thisparticular network.
»––
»
28
Usage - Creating a new network
The role of Network Elementstriggered when ever a new NIC is attached to a networkconfigure devices like firewall, routers, etc..
Elements are selected based on the network offering used tocreate the network.
»––
»
29
Usage - My first VM
Multiple actions happen at the same timenetwork elementshypervisor resources
The NIC is the linking pin between a VM and the SDN implementation
The hypervisor sets flags to allow the VIF to be found
The network element tells the SDN solution what to look for
Not a generic way of doing things, depends on the SDN in use.
»––
»
»
»
»
30
Usage - Ready
31
Thats all there is to it
http://apache.cloudstack.org
http://www.nicira.comhttp://www.bigswitch.comhttp://www.midokura.comhttp://www.iij.ad.jp/en/
Email: [email protected]: @Spark404IRC Freenode: Spark404
»
»»»»
–––
32