Multitenancy Options in Brocade VCS Fabrics



Similar documents
Scalable Approaches for Multitenant Cloud Data Centers

Brocade VCS Fabrics: The Foundation for Software-Defined Networks

The Road to SDN: Software-Based Networking and Security from Brocade

Exploring Software-Defined Networking with Brocade

NETWORK FUNCTIONS VIRTUALIZATION. The Top Five Virtualization Mistakes

Fibre Channel over Ethernet: Enabling Server I/O Consolidation

NETWORK FUNCTIONS VIRTUALIZATION. Segmenting Virtual Network with Virtual Routers

Ethernet Fabrics: An Architecture for Cloud Networking

Multi-Chassis Trunking for Resilient and High-Performance Network Architectures

The Business Case for Software-Defined Networking

DEDICATED NETWORKS FOR IP STORAGE

An Introduction to Brocade VCS Fabric Technology

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Building Tomorrow s Data Center Network Today

WHITE PAPER. Cloud Networking: Scaling Data Centers and Connecting Users

Data Center Evolution without Revolution

Exploring Software-Defined Networking with Brocade

VCS Monitoring and Troubleshooting Using Brocade Network Advisor

An Introduction to Brocade VCS Fabric Technology

Simplifying Virtual Infrastructures: Ethernet Fabrics & IP Storage

Scale-Out Storage, Scale-Out Compute, and the Network

Exploring Software-Defined Networking with Brocade

Ensuring a Smooth Transition to Internet Protocol Version 6 (IPv6)

Brocade Monitoring Services Security White Paper

Introducing Brocade VCS Technology

WHITE PAPER. Enhancing Application Delivery and Load Balancing on Amazon Web Services with Brocade Virtual Traffic Manager

Cloud Service Delivery Architecture Solutions for Service Providers

The Brocade SDN Controller in Modern Service Provider Networks

VMware and Brocade Network Virtualization Reference Whitepaper

Deploying Brocade VDX 6720 Data Center Switches with Brocade VCS in Enterprise Data Centers

Brocade One Data Center Cloud-Optimized Networks

Virtualization, SDN and NFV

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

VXLAN: Scaling Data Center Capacity. White Paper

Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO

How To Connect Virtual Fibre Channel To A Virtual Box On A Hyperv Virtual Machine

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Extending Networking to Fit the Cloud

Analysis of Network Segmentation Techniques in Cloud Data Centers

Brocade Fabric Vision Technology Frequently Asked Questions

Open Source Networking for Cloud Data Centers

Brocade Premier and Premier-Plus Support

DATA CENTER. Best Practices for High Availability Deployment for the Brocade ADX Switch

Network Virtualization for Large-Scale Data Centers

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

Data Center Networking Designing Today s Data Center

How To Make Your Phone A Mobile Device Safe And Secure

Brocade Data Center Fabric Architectures

BROCADE NETWORK ADVISOR

How To Get A Virtual Managed Enterprise Router From Overure And Brocade

Cloud Optimized Performance: I/O-Intensive Workloads Using Flash-Based Storage

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

WHITE PAPER. Network Virtualization: A Data Plane Perspective

Facilitating a Holistic Virtualization Solution for the Data Center

Palo Alto Networks. Security Models in the Software Defined Data Center

Brocade Data Center Fabric Architectures

Brocade Workflow Composer Network Automation Platform

VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Avaya VENA Fabric Connect

Brocade SDN 2015 NFV

Brocade Virtual Traffic Manager and Microsoft IIS Deployment Guide

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

ETHERNET FABRICS REVOLUTIONIZES VIRTUALIZED DATA CENTERS. Phillip Coates - pcoates@brocade.com Brocade Systems Engineer Manager ANZ

BASCS in a Nutshell Study Guide for Exam Brocade University Revision

Brocade SAN Scalability Guidelines: Brocade Fabric OS v7.x

Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Diagnostics and Troubleshooting Using Event Policies and Actions

SDN CONTROLLER. Emil Gągała. PLNOG, , Kraków

Global Load Balancing with Brocade Virtual Traffic Manager

BROCADE FABRIC VISION TECHNOLOGY FREQUENTLY ASKED QUESTIONS

Networking in the Era of Virtualization

Software Defined Network (SDN)

VMware. NSX Network Virtualization Design Guide

Software-Defined Networks Powered by VellOS

Enterasys Data Center Fabric

Data Center Use Cases and Trends

Brocade SDN/OpenFlow. Norival Figueira Office of the CTO. January 9, /2015 BROCADE COMMUNICATIONS SYSTEMS, INC. ALL RIGHTS RESERVED.

智 慧 應 用 服 務 的 資 料 中 心 與 底 層 網 路 架 構

Understanding The Brocade SDN Controller Architecture

Data Center Infrastructure of the future. Alexei Agueev, Systems Engineer

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

Data Center Convergence. Ahmad Zamer, Brocade

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates

Cloud Fabric. Huawei Cloud Fabric-Cloud Connect Data Center Solution HUAWEI TECHNOLOGIES CO.,LTD.

Simplify Your Data Center Network to Improve Performance and Decrease Costs

IMPLEMENTING VIRTUALIZED AND CLOUD INFRASTRUCTURES NOT AS EASY AS IT SHOULD BE

SOFTWARE DEFINED NETWORKING

Transcription:

WHITE PAPER DATA CENTER Multitenancy Options in Brocade VCS Fabrics

As cloud environments reach mainstream adoption, achieving scalable network segmentation takes on new urgency to support multitenancy. Brocade VCS Fabric technology provides a variety of means for supporting multitenancy in cloud environments, including Layer 3 approaches and an innovative native Layer 2 solution. INTRODUCTION Public and private cloud providers need to deploy and support componentized, virtualized workloads quickly, securely, and scalably, on a per-tenant basis. Traditional Virtual Local Area Networks (VLANs) can be used for this purpose up to a point, but limitations on VLAN scale, the complexity of configuring large numbers of VLANs, and overlapping VLANs restrict their usefulness in larger data centers. This paper examines new techniques for segmenting traffic within Brocade VCS fabrics without constricting traffic movement within a large, dynamic, multitenant data center. These techniques interconnect Layer 2 and Layer 3 topologies in different ways, while multiplying the total number of available domains. Broadly speaking, these techniques can be classified as either network-native or hypervisor-centric technologies, each with its own advantages and usage considerations. In a Brocade VCS fabric, the main native approach is an innovative yet standardsbased capability called the VCS Virtual Fabric feature. Since other approaches are extensively documented in other publications, the majority of this paper focuses on the VCS Virtual Fabric feature. As the reader is assumed to have a basic understanding of other segmentation techniques covered in this paper, the focus is on their role in a Brocade VCS fabric environment. 2

NETWORK OPTIONS FOR MULTITENANCY Multitenancy in modern cloud contexts has two rising challenges VLAN scale and number of tenants that are affected by current network segmentation practices. Newer segmentation technologies increasingly address both of these parameters. There are several possible approaches to segmenting the physical network to support multiple tenants and their respective workloads. Layer 2 separation. This is traditionally accomplished by implementing VLANs between physical switch ports and host Network Interface Cards (NICs) or between logical ports of a vswitch and the vnics of Virtual Machines (VMs), using a trunk to the physical switch. This technology is widely used and well understood, but its scope is limited to 4096 VLANs per domain. In larger data centers, this limit can be severely restrictive, as is the orchestration and management burden of large numbers of domains. Brocade helps data center operators overcome these challenges with the introduction of the VCS Virtual Fabric feature 1. Overlay networks. Traffic is isolated via encapsulation in virtual Layer 2 segments running on top of Layer 3 networks. These overlay networks are highly scalable, with over 16 million VLANs available within a domain. On the other hand, overlay implementations come at an operational cost, as they present a new network layer that must be configured and managed in addition to the ongoing requirements of the underlying physical network. In addition, the lack of visibility and shared health knowledge between physical and virtual networks can present significant troubleshooting challenges in the event of a physical node outage or virtual network event. Layer 3 separation. Virtual Routing and Forwarding (VRF) is often used in large carrier data centers, generally in conjunction with IP-VPNs over a Multiprotocol Label Switching (MPLS) backbone. However, the requirements of VRF are typically excessive for smaller enterprise and specialized provider networks. VRF Lite can be used in small to medium data centers without MPLS, although doing this adds some overhead, due to the need to implement a VRF instance on each router. Brocade VCS Fabric technology supports all three approaches, or combinations of them. More importantly, VCS fabrics provide a clear and consistent means of bridging between physical and virtual approaches to multitenancy, as well as a centralized management construct for Layer 2 multitenancy. VIRTUAL FABRIC: A SIMPLIFIED, SCALABLE LAYER 2 APPROACH TO MULTITENANCY Brocade designed VCS Fabric technology to be automated, resilient, and future-ready without disrupting existing operational models. From this point of view, primary network activities such as forwarding should be defined and operated natively to ensure coordination between all points, both physical and virtual. The VCS Virtual Fabric feature of Brocade VCS Fabric technology provides native scalable multitenant support for both physical and virtual application deployments. The multitenancy is provided not just within a VCS fabric but also across multiple VCS fabrics. Managed centrally through the Brocade VCS Logical Chassis, the VCS Virtual Fabric capability simplifies and accelerates application deployment and ensures policy consistency for each tenant, regardless of how the application components are distributed across the data center. VCS Logical Chassis To learn more about VCS Logical Chassis, read the white paper, An Overview of Brocade VCS Logical Chassis. The VCS Virtual Fabric feature is designed to address the scalability restrictions of traditional VLANs that are used for multitenant segmentation. Using the 24-bit TRILL 1 The VCS Virtual Fabric capability is available on all Brocade VDX switches and in Brocade Network OS 4.1 and later releases. 3

Fine-Grained Label (FGL) header, a VCS Virtual Fabric provides expanded VLAN space 2. This allows for overlapping VLANs, while maintaining tenant isolation. The VCS Virtual Fabric capability requires no modifications to existing VLAN configurations, which simplifies implementation as well as communication with vswitches. The VCS Virtual Fabric ID is assigned at the edge port and is carried transparently on transit nodes to the destination node, where it is matched with the corresponding tenant VLAN. You can implement Layer 3 VE interfaces for inter-virtual Fabric routing. In sum, the VCS Virtual Fabric feature functions much like a traditional VLAN, but without its limitations. As a native Layer 2 service within a Brocade VCS fabric, the VCS Virtual Fabric capability is fully distributed by default, so that all nodes are aware of Virtual Fabric assignments for each tenant. Figure 1 illustrates how a VCS Virtual Fabric ID is assigned and distributed to other nodes in the fabric, uniting customer workloads that are distributed across several compute pods. VCS Virtual Fabric ID assignment may use a combination of several different criteria, such as VLANs, ports, and MAC addresses. Tenant-A: VLAN 10 Tenant-A: VLAN 10 Tenant-B: VLAN 10 Tenant-C: VLAN 10 Virtual Fabric 5000 Virtual Fabric 5001 Virtual Fabric 5002 Tenant-B: VLAN 10 Tenant-A: VLAN 10 Figure 1. Topology of a multitenant VCS fabric with VCS Virtual Fabric capability. Tenant-C: VLAN 10 Virtual Fabric ID: 5000 Virtual Fabric ID: 5001 Virtual Fabric ID: 5002 CloudID Assignment Customer-VLAN to GVLAN Assignment (Flat VLAN Space) VCS Virtual Fabric Benefits Fabric Wide TRILL L2VPN-ID CloudID: 24 Bit (Compatible with FGL) Tenant-B: VLAN 10 Tenant-C: VLAN 10 fig01_multitenancy-options-wp Evolutionary: The VCS Virtual Fabric feature can be implemented non-disruptively within current organizational and operational models. A VCS Virtual Fabric uses the same broadcast and multicast domains as VLANs and requires no modification of existing VLAN configurations. It has a low learning curve, because it is configured in the same manner as traditional VLANs. Management Simplicity: The VCS Virtual Fabric capability is simply to configure and manage using an approach that ensures continuous visibility to all traffic within a single management construct the VCS Logical Chassis. For network staging and life-cycle management of VCS fabrics, Brocade offers Brocade Network Advisor, which leverages the Logical Chassis to provide both fabric- and node-level visibility and management. Brocade VCS Fabric technology also provides access to higher level orchestration tools and frameworks, such as OpenStack, via programmatic Application Programming Interfaces (APIs). This is an important step forward in terms of making network multitenancy operationally scalable. 2 Check the most recent release notes for Brocade Network OS to determine the current supported scalability. 4

Broad Applicability and Interoperability: Brocade VCS Fabric technology, including the Virtual Fabric feature, is hypervisor-agnostic, making scalable multitenancy possible for any type of virtualized environment including those with heterogeneous hypervisors as well as nonvirtualized environments or workloads. At the same time, the VCS Virtual Fabric can be joined with hypervisor-centric solutions at the fabric edge for greater Layer 2 extension. The VCS Virtual Fabric provides multitenancy not only within the fabric but also across fabrics. The VCS Virtual Fabric capability can also be combined with VRF Lite to extend multitenancy via VCS fabric Layer 3 mechanisms, or by using Brocade Vyatta vrouters, as discussed in a later section. Compared to the other approaches discussed in this paper, native Layer 2 separation is simple and well understood. The VCS Virtual Fabric capability scales and extends this mechanism, while allowing the Brocade VDX switches to intelligently manage traffic flows together in both physical and virtual constructs. Use Cases for VCS Virtual Fabrics Enterprises are increasingly transitioning to private cloud architectures in order to consolidate infrastructure requirements. Multiple groups or business units can be treated as tenants on the same infrastructure, with segmentation providing a step toward defining specific Service-Level Agreements (SLAs) with associated chargeback scales. However, in larger organizations, and those with especially dense server virtualization, VLAN limitations quickly become apparent. In Brocade VCS fabrics, the same VLAN can be used by multiple business units, each of which is assigned a separate Virtual Fabric ID, as shown in Figure 2. Primary Issue: Overlapping VLANs Brocade MLX with MCT Core Brocade VDX 8770 Virtual Fabric 6000 40 GbE vlag Brocade VDX 8770 Virtual Fabric 5000 Shared Services Brocade VDX 6740 VLAN: 10 BU-1 BU-2 BU-3 BU-N VLAN: 10 Overlapping VLANs fig_02 Multi-tenancy WP 1 GbE 10 GbE 40 GbE Logical Chassis Figure 2. VCS Virtual Fabric capability for several tenants can be used within a common VLAN. Many colocation centers and managed hosting providers are undergoing a similar transition to full-scale cloud services. Here, scale becomes an even more significant challenge, but so does managing this shift in business model without disrupting existing clients. VCS Virtual Fabric technology provides a straightforward means to achieving this transition, one rack at a time if desired. 5

Active-Active Layer 3 Gateways To learn more about active-active Layer 3 gateways in Brocade VCS Fabric technology, read the white paper, Setting a New Standard for Network Efficiency with VCS Fabric Multilayer Multipathing Capabilities. For example, you can add a rack of Infrastructure as a Service (IaaS) within an existing managed hosting environment. The same tenant can reside in the cloud rack and also in the managed hosting rack. The tenant can be assigned to a VCS Virtual Fabric, which bridges the Layer 2 domain from the cloud environment to the managed hosting environment. Note that this does mean bridging Layer 3 boundaries. This can be achieved with VRF Lite (described in the section titled VRF: Layer 3 Separation ), with Layer 3 gateways placed at optimal points in the fabric, as shown in Figure 3. Primary Issues: VLAN scale and overlapping VLANs VRF-Separated Tenants; Dedicated CloudID Per Tenant 40 GbE vlag Brocade MLX with MCT Core Active-Active L3 Gateway; Per-Tenant VRF; East-West Optimized Aggregation Tier Brocade VDX 8770 VLAN 6000 Brocade VDX 8770 VLAN 5000 Brocade VDX 6740 Figure 3. Hosting provider using the VCS Virtual Fabric capability to transition gradually to a cloud environment. Tenant-1 Tenant-2 Tenant-N T1 T2 TN TX Overlapping VLANs fig02_multitenancy-options-wp 1 GbE 10 GbE 40 GbE Logical Chassis Cloud Rack Using Overlay Networks with Brocade VCS Fabrics Many organizations are starting to explore 24-bit encapsulation techniques such as Virtual Extensive LAN (VXLAN), Stateless Transport Tunneling (STT), and Network Virtualization using Generic Routing Encapsulation (NVGRE) to transport Virtual Machine traffic in virtual IP overlays across Layer 3 infrastructure. The Brocade VDX 8770 Switch flexibly monitors and processes packets for all overlay types, regardless of encapsulation method. In contrast, encapsulation and decapsulation require protocol-specific techniques. The Brocade VDX 6740 Switch and the Brocade VDX 6940 Switch currently support VXLAN Gateway for VMware NSX. Support for other tunneling techniques may be implemented in the future. Figure 4 shows how VXLAN might be used with both physical and virtual workloads within a Brocade VCS fabric.overlay networks may be of particular interest to organizations that have primarily virtualized workloads, where encapsulation occurs within the hypervisor rather than the physical switch. You can use overlays to transport traffic without segmentation disruption between data centers. Overlay tunnels create an extended virtual Layer 2 that runs on top of the Layer 3 infrastructure. Although overlay techniques provide a means for overlapping IP addressing, there will still be a need to architect the traffic routing. You can implement VRF (discussed in the next section) on the physical switching infrastructure, although VRF is less scalable than VXLAN. Another alternative is to deploy virtual routers such as Brocade Vyatta vrouters on the host side and stitch them to the overlay edge. 6

vcloud VMware NSX Controller Infrastructure Virtual VTEP VTEP vswitch vswitch VM VM VM VM VM VM Physical VTEP Server Storage Services fig04_multitenancy options wp Figure 4. Multitenant fabric segmented via VXLAN tunnels in a VMware NSX environment. VXLAN Tunnel VTEP Management VRF: Layer 3 Separation VRF provides segmentation within Layer 3. It is often used by large carriers, as well as large enterprises and major cloud providers that need to maintain traffic segmentation across a common WAN backbone or between data centers. In smaller environments, the less complex VRF Lite is more widely used. However, VRF may still play a useful role in transporting traffic within either physical or virtual Layer 2 domains across Layer 3 boundaries, without losing the desired separation. With Brocade Network OS 4.0 and later releases, Brocade VCS fabrics support VRF Lite. You can use VRF Lite as the primary segmentation mechanism within a VCS fabric, but it is more likely used in conjunction with the Virtual Fabric feature or overlay networks, as shown in Figure 5. You can also use the Brocade Vyatta vrouter for this purpose. VPN Routers Access Aggregation Core 5001 VRF-1 VE-1000 5001 Mapped VRF Instances 5002 5003 VRF-1 VE-1000 OSPF / RGP VRF-2 VE-1001 802.1q 802.1q 802.1q 5001 802.1q WAN 5003 5001 5001 802.1q VLAN 10 Port 1, VLAN 10 VRF-1 5002 802.1q VLAN 20 Figure 5. To connect VCS Virtual Fabric segments to corresponding tenants across a WAN, a VCS Virtual Fabric Layer 3 interface is associated with a corresponding VRF instance. Port 1, VLAN 10 Port 1, VLAN 10 Port 1, VLAN 10 7

WHITE PAPER www.brocade.com SUMMARY As cloud environments become the norm, scalable network segmentation becomes an increasingly critical consideration. There are now several possible network segmentation approaches optimized for slightly different requirements, including scale, Layer 3 architectures, hypervisor choices, organizational norms, staff skill sets, and other considerations. In many cases, these techniques can be complementary, with handoffs between Layer 2 and Layer 3 techniques at various points in the network in order to optimize the overall environment. Within Brocade VCS fabrics, all major techniques and combinations are supported, from hypervisor-based solutions to Layer 3 and Layer 2 separation, including the innovative Layer 2 construct, VCS Virtual Fabric capability. ABOUT BROCADE Brocade networking solutions help organizations achieve their critical business initiatives as they transition to a world where applications and information reside anywhere. Today, Brocade is extending its proven data center expertise across the entire network with open, virtual, and efficient solutions built for consolidation, virtualization, and cloud computing. Learn more at www.brocade.com. Corporate Headquarters San Jose, CA USA T: +1-408-333-8000 info@brocade.com European Headquarters Geneva, Switzerland T: +41-22-799-56-40 emea-info@brocade.com Asia Pacific Headquarters Singapore T: +65-6538-4700 apac-info@brocade.com 2015 Brocade Communications Systems, Inc. All Rights Reserved. 03/15 GA-WP-1789-05 ADX, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, The Effortless Network, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision and vadx are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information