Network Technologies for Next-generation Data Centers SDN-VE: Software Defined Networking for Virtual Environment Rami Cohen, IBM Haifa Research Lab September 2013
Data Center Network Defining and deploying multi tenant network application (NaaS) Endpoint connectivity in a large scale dynamic environment? Management, control & configuration of the infrastructure 2
Back to the 80's... Unicast = Broadcast Dealing with unknown information by broadcasting 3
Early 90's... Learning ARP Control Small number of switches telnet> open 10.0.0.1 Trying 10.0.01... Dealing with unknown information by flooding 4
VLAN, 802.3, ARP, TRILL, SNMP, Today Yesterday ACL, MPLS, DCB, OSPF, RIP, RSVP,... VLAN, 802.3, ARP, TRILL, SNMP, VLAN, 802.3, ARP, TRILL, SNMP, ACL, MPLS, DCB, OSPF, RIP, RSVP,... VLAN, 802.3, ARP, TRILL, SNMP, ACL, MPLS, DCB, OSPF, RIP, RSVP,... VLAN, 802.3, ARP, TRILL, SNMP, VLAN, 802.3, ARP, TRILL, SNMP, ACL, MPLS, DCB, OSPF, RIP, RSVP,... ACL, MPLS, DCB, OSPF, RIP, RSVP,... ACL, MPLS, DCB, OSPF, RIP, RSVP,... VLAN, 802.3, ARP, TRILL, SNMP, ACL, MPLS, DCB, OSPF, RIP, RSVP,... VLAN, 802.3, ARP, TRILL, SNMP, ACL, MPLS, DCB, OSPF, RIP, RSVP,... Dealing with unknown information is still done by broadcasting and flooding 5
Data Center Network Server 1 LB Server 2 WS1 DB1 Virtual Switch Server 3 WS2 WS3 Virtual Switch Virtual Switch Specific location of network appliance Policy is enforced by sending data through the router (bump in the wire) SSL FW DB2 Server 4 APP WS3 Virtual Switch SoftSwitch are used to connect VM's to the network - Virtual Machines are clients of the physical network Comp Router 6
Data Center Networking (cont.) Large scale The number of endpoints (virtual machines) is significantly larger than the number of physical servers Each switch should manage large number of VM's Dynamic Endpoints are dynamically created terminated and migrated from one location to another Switches are constantly reconfigured (VLAN, flow tables, etc.) Artificial constraints may be enforced (e.g. VM cannot be migrated to a different Rack due to VLAN setting) Multi tenancy 7 Increasing the flooding and broadcasting Increasing the size of the flow tables Many independent tenants each with his own network requirement are collocated on the same network infrastructure
Data Center Networking (cont.) Large scale The number of endpoints (virtual machines) is significantly larger than the number of physical servers Each switch should manage large number of VM's Dynamic Endpoints are dynamically created terminated and migrated from one location to another Switches are constantly reconfigured (VLAN, flow tables, etc.) Artificial constraints may be enforced (e.g. VM cannot be migrated to a different Rack due to VLAN setting) Multi tenancy 8 Increasing the flooding and broadcasting Increasing the size of the flow tables Many independent tenants each with his own network requirement are collocated on the same network infrastructure
NaaS Network as a Service 9 Typical network Consists of several type of servers with different connectivity criteria Defined in a natural language I need a three-tier application comprising a set of Web servers connected to the public Internet through an Application Delivery Controller and using a set of DB2 servers as a back-end data storage. And... all the traffic between the Internet and the ADC must pass through a set of firewall rules, and all the SSL traffic between the Web servers and the ADC must be accelerated using an SSL accelerator. The stored data must be compressed, and I must have an external bandwidth of at least 5Gbps... Depends of an underlying technology and topology Deployment is based on low level network control (rather than the application functionality)
NaaS (cont.) Topology: two IPv4 subnets Technology: Managed Ethernet (Cisco) 10 Routing configuration Firewall deployment and path System Technologies and Services Department, Haifa Research Lab isolation
NaaS (cont.) Any modification is subject to misconfiguration 11 Hardware, Instances, services Validation and verification follow the deployment
NaaS Network as a Service I need a three-tier application comprising a set of WebSpheres connected to the pblic Internet through an Application Delivery Controller and using a set of DB2 as a back-end data store. I need a three-tier application comprising a set of WebSpheres connected to the pblic Internet through an Application Delivery Controller and using a set of DB2 as a back-end data store. By the way, all the traffic between the Internet and the ADC must pass through a set of firewall rules, and all the SSL traffic between the By the way, all the traffic between the Internet and the ADC must pass through a set of WebSpheres and the ADC must be accelerated using an SSL accelerator. The stored data must be compressed, and I must have an firewall rules, and all the SSL traffic between the external bandwidth of at least 5Gbps... WebSpheres and the ADC must be accelerated using an SSL accelerator. The stored data must be compressed, and I must have an external bandwidth of at least 5Gbps... I need a three-tier application comprising a set of WebSpheres connected to the pblic Internet through an Application Delivery Controller and using a set of DB2 as a back-end data store. By the way, all the traffic between the Internet and the ADC must pass through a set of firewall rules, and all the SSL traffic between the WebSpheres and the ADC must be accelerated using an SSL accelerator. The stored data must be compressed, and I must have an external bandwidth of at least 5Gbps... I need a three-tier application comprising a set of WebSpheres connected to the pblic Internet through an Application Delivery Controller and using a set of DB2 as a back-end data store. I need a three-tier application comprising a set of WebSpheres connected to the pblic Internet through an Application Delivery Controller and using a set of DB2 as a back-end data store. By the way, all the traffic between the Internet and the ADC must pass through a set of firewall rules, and all the SSL traffic between the WebSpheres and the ADC must be accelerated using an SSL accelerator. The stored data must be compressed, and I must have an By the way, all the traffic between the Internet and the ADC must pass through a set of firewall rules, and all the SSL traffic between the WebSpheres and the ADC must be accelerated using an SSL accelerator. The stored data must be compressed, and I must have an external bandwidth of at least 5Gbps... 12 external bandwidth of at least 5Gbps...
NaaS (cont.) Multi tenant virtual networking Enabling users to control not only their computation resources but also their network Isolation and independency between virtual networks Flexibility and decoupling Scalability Users do no have any access to the network infrastructure 13 Provide network service which is decoupled from the physical infrastructure and topology An abstraction layer must be created
DOVE SDN-VE SDV-VE: Software Defined Networking for Virtual Environment IBM SDN based Multi tenant network virtualization solution
SDN-VE Management Virtual Network Abstraction Virtual Network Platform Physical Infrastructure 15
SDN-VE Network Abstraction 16 Network functionality are best described in terms of the connectivity between endpoints and the policies associated with the connectivity Network modeling (or network intention) is described by grouping endpoint sharing the same policy criteria
SDN-VE Network Abstraction (cont.) External FW, 5Gbps ADC SSL on lerati Acce DB2 Compression, 20us latency WebSphere Intent-based Network modeling 17
SDN-VE Network Abstraction (cont.) ADC External *.*.*.* FW, 5Gbps SSL on lerati Acce DB2 Compression, 20us latency 18 WebSphere
SDN-VE Network Abstraction (cont.) Formal modeling of the network Network intention prior to any instantiation Topology and hardware independent Dealing only with the network functionality Easy to modify 19 Enable to introduce new services
SDN-VE Network Abstraction (cont.) External I 9.*.*.* FW, 1G bps ADC External II Billing Service SSL FW, IDS, s 5Gbp on lerati Acce *.*.*.* DB2 Compression, 20us latency 20 WebSphere An t o id S
SDN-VE Virtual Network Platform Overlay connectivity Data sent from one VM to another is encapsulated and sent from the source to the destination hosting server Decouples the physical infrastructure from the virtual domain Enables full isolation and in-dependency (including IP address overlapping between different tenants) Centralized controller 21 The physical infrastructure should handle much less of static entities (physical servers) The physical infrastructure can consist of many subnets and technologies As opposed to distributed and broadcast based learning mechanism
SDN-VE Virtual Network Platform Provides connectivity without reproducing L2 complexity A centralized controller is used to create and maintain the overlay infrastructure Designed in a distributed fashion Does not require any flooding and broadcasting (therefore does not inherit any L2 scalability limitation) Fully hardware independent 22 Does not requires any hardware support (e.g. multicast) Provides a powerful abstraction supporting both virtual and physical appliances
SDN-VE Data Flow 1. Data is sent from VM-1 to VM-3 and intercepted by the local dswitch VM to VM data flow 2. The dswitch acquires the policy using the DCS (Ditributed Connectivity Service) A caching mechanism is used 3. Based on this service the dswitch encapsulates the packet and sends it to the destination host through FW-I and ISS-I 4. The Packet is decapsulated by the dswitch on the destination host and sent to the appropriate VM VM-1 1 VM-2 dswitch Host 1 3 IPS-II FW-II dgateway VM-3 4 2 dswitch Host 2 SDN-VE SDN-VE Distributed Distributed Connectivity Connectivity Service Service FW-I IPS-I Physical PhysicalInfrastructure Infrastructure Router 23 VM-4
SDN-VE Network as a Service Overlay Based Solution VM are not client of the physical network Physical switches should handle only smaller number of static server Independent from the physical topology and technology Enabling users to control not only their computation resources but also their network Isolation and independency between virtual networks Scalability RAS (Reliability, Availability, Serviceability) Enables multi tenant support Multi tenant virtual networking Users do no have any access to the network infrastructure SDN-VE Software Defined Network Provides an abstraction of the network functionality Physical network complexity should not reproduced in the virtual domain System Technologies andbeservices Department, Haifa Research Lab 24 End user does not deal with network configuration (VLAN, Ports, etc.)
Optical Network and DCN? Packet switching based network Dynamic Large scale with millions endpoint 25 Circuit switching like Static configuration Small number of flows Typical data center switch may support more than 100K flows
Optical Network and DCN Low power and latency using optical switching technology High bandwidth using SDM technology 26 Memory less switching From GB to TB May completely change Data Center including network storage and computation
Optical Network and DCN Venture Photonics Ltd Combining Optics and SDN In next Generation data center Networks 27
Optical Network and DCN COSIGN - Combining Optics and SDN In next Generation data center Networks 400Gb per port ToR switch 28 Based on Multi-Core Fibres (NCFs) to support SDM within data center interconnect Enabling multiple data channels to be simultaneously multiplexed in a single fiber Flat data center network based on highly scalable SDN core switching nodes reducing latency and improving connectivity Creating logical networks using SDM technology
29