Cloud Networking an Enterprise View



Similar documents
CloudNaaS: A Cloud Networking Platform for Enterprise Applications

SDN-enhanced Services in Enterprises and Data Centers

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

Software Defined Network (SDN)

Computer Sciences Department

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

Meridian: An SDN Platform for Cloud Network Services

基 於 SDN 與 可 程 式 化 硬 體 架 構 之 雲 端 網 路 系 統 交 換 器

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Panel : Future Data Center Networks

Architecture des plates-formes IaaS Etat des lieux et perspectives

Software Defined Environments

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

Building an Open, Adaptive & Responsive Data Center using OpenDaylight

CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS

CERN Cloud Infrastructure. Cloud Networking

Software-Defined Networks Powered by VellOS

Virtualization, SDN and NFV

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

CON Software-Defined Networking in a Hybrid, Open Data Center

Network Technologies for Next-generation Data Centers

Network Virtualization

Analysis of Network Segmentation Techniques in Cloud Data Centers

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

Open Source Networking for Cloud Data Centers

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

Network Virtualization for the Enterprise Data Center. Guido Appenzeller Open Networking Summit October 2011

SDN PARTNER INTEGRATION: SANDVINE

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

VMUG - vcloud Air Deep Dive VMware Inc. All rights reserved.

Network Virtualization

Cloud Security Best Practices

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

The Case for Enterprise Ready Virtual Private Clouds

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Network performance in virtual infrastructures

VMware. NSX Network Virtualization Design Guide

NVO3: Network Virtualization Problem Statement. Thomas Narten IETF 83 Paris March, 2012

Networking in the Era of Virtualization

Utility Computing and Cloud Networking. Delivering Networking as a Service

Network Virtualization

Installing Intercloud Fabric Firewall

SDN Applications in Today s Data Center

Automating Network Security

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

SDN v praxi overlay sítí pro OpenStack Daniel Prchal daniel.prchal@hpe.com

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

How To Extend Security Policies To Public Clouds

The promise of SDN. EU Future Internet Assembly March 18, Yanick Pouffary Chief Technologist HP Network Services

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Software Defined Networking Subtitle: Network Virtualization Terry Slattery Chesapeake NetCraftsmen Principal Consultant CCIE #1026.

VMware vcloud Networking and Security

VMware vcloud Networking and Security Overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Technical white paper. Realizing the power of SDN with HP Virtual Application Networks

Palo Alto Networks. Security Models in the Software Defined Data Center

Cisco. Daneyon Hansen 3/28/ Cisco and/or its affiliates. All rights reserved. Cisco Confiden+al 1

Cisco Cloud Architecture for the Microsoft Cloud Platform

Why Software Defined Networking (SDN)? Boyan Sotirov

CloudStack Networking. Paul Angus Cloud

Network Virtualization Solutions

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

THE REVOLUTION TOWARDS SOFTWARE- DEFINED NETWORKING

Horizontal Integration - Unlocking the Cloud Stack. A Technical White Paper by FusionLayer, Inc.

How To Orchestrate The Clouddusing Network With Andn

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack

NephOS A Licensed End-to-end IaaS Cloud Software Stack for Enterprise or OEM On-premise Use.

Enterprise-Ready Network Virtualization for OpenStack

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Programmable Networking with Open vswitch

Pluribus Netvisor Solution Brief

OpenDaylight Network Virtualization and its Future Direction

2014 Open Networking Foundation

Cisco Virtual Topology System: Data Center Automation for Next-Generation Cloud Architectures

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

HP OpenStack & Automation

OpenFlow/SDN for IaaS Providers

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

VMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000

IBM EXAM QUESTIONS & ANSWERS

Software defined networking. Your path to an agile hybrid cloud network

Lecture 02b Cloud Computing II

What is SDN all about?

ViSION Status Update. Dan Savu Stefan Stancu. D. Savu - CERN openlab

Ethernet-based Software Defined Network (SDN)

How To Build A Software Defined Data Center

Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

How To Build An Openstack Cloud System

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Network Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013

Transcription:

Anees Shaikh, Guohui Wang, John Tracey, Dave Olshefski, Jack Kouloheris, Hani Jamjoom, Zon-Yin Shae IBM TJ Watson Research Center Cloud Networking an Enterprise View Enterprise Cloud Networking DIMACS December 2011

Enterprise clouds multiple delivery models Third-party operated Third-party hosted and operated Enterprise data center Enterprise data center Enterprise Enterprise A B A Users B Private cloud Managed private cloud Hosted private cloud Shared cloud services Public cloud services implications on the delivery network levels of sharing (infrastructure, services, management ) security / isolation / privacy / compliance 2 Enterprise Cloud Networking DIMACS December 2011

Enterprise clouds management up the stack public cloud service managed cloud service clientmanaged hypervisor hypervisor hypervisor hypervisor hypervisor security patching hypervisor incident mgmnt storage for virtual images shared services security patching, software updates high-availability, cluster management monitoring backup / recovery SLAs and reporting user management storage configuration (related to ) onboarding 3 Enterprise Cloud Networking DIMACS December 2011

Enterprise clouds tools and infrastructure complexity provisioning tenant s asset and sw license management multitude of tools some need globally unique endpoints IBR Mgmnt vswitch Prod vnics change and config management endpoint patch management multiple isolated networks for management, mobility, backup access security / policy compliance checking monitoring and usage accounting integration with onpremise tools and systems multiple risks of address overlap IBR Mgmnt Prod vswitch backup and recovery identity management 4 Enterprise Cloud Networking DIMACS December 2011

introduction of cloud networking functions RESEARCH Networking support in current cloud offerings Adding features but limited control of the network requires integration of third-party solutions limits the opportunity to migrate production s Subnets and ACLs e.g., VPC enhancements Network monitoring e.g., CloudWatch Examples of Missing Features No multicast or broadcast VPN to the enterprise e.g., Virt Private Cloud Server load balancing e.g., Elastic Load Balancing persistent connectivity for services e.g., elastic IP base IP connectivity Third-party virtual appliances No ability to create VLANs No facility for bandwidth or QoS Limited crafting of network segments No dynamically structured networks Limited network mgmnt or visibility No IPv6 support reference: http://broadcast.oreilly.com/2010/12/ cloud-2011-the-year-of-the-network-in-the-cloud.html 5 Enterprise Cloud Networking DIMACS December 2011

Anatomy of an enterprise moving to the cloud Configurations to preserve: IP addresses, logical topology, firewall rules, VLAN, network bandwidth, fail-over plan, LDAP, DNS, Web Server Firewall rule: allow 7.6.*.* Web Server 7.1.3.8 7.2.3.4 7.2.3.5 DNS LDAP 7.9.3.4 7.8.3.4 shared network services remain on premise Application logical topology learned through discovery tools Firewalls rules must be validated and migrated. Multitenant cloud environment and mobility introduces additional challenges All IP addresses must be discovered. End-host reconfiguration is not scalable and are error prone 7.3.2.4 7.3.2.5 7.3.5.4 7.5.2.3 Firewall rule: allow 7.2.3.4, 7.2.3.5 App Svr DB2 App Svr Firewall rule: allow 7.3.2.4, 7.3.2.5 7.3.3.4 VLAN migration requires reconfiguration of all routers and firewalls Failure planning for placement considerations Network bandwidth requirements for better placement for performance 6 Enterprise Cloud Networking DIMACS December 2011

Networking-as-a-service for enterprise clouds Allow enterprises to re-create their on-premise network configuration in the cloud Unified framework for deploying s and corresponding network services Provide a service-centric, rather than network device centric view Cloud controller provides base IaaS service for managing instances and images self-service provisioning UI connects s via host virtual switches self-service UI Cloud controller + network specification Network controller Network controller works with cloud controller to provision virtual network services provides placement directives to cloud controller configures physical and virtual switches virtual network 7 Enterprise Cloud Networking DIMACS December 2011

User abstractions for specifying cloud networking functions 129.2.200.5 group logical grouping of s address assign a custom address to the middlebox instantiate and config a new middlebox EXTERNAL virtualnet - segments connect groups of s - associated with network services middlebox resv bandwidth VLAN / scoped bcast networkservice - attach capabilities to a virtualnet - supports combination of network services traffic is allowed to flow only over explicitly defined virtual network segments ( default off ) can provide standard templates to implement security policies, or requirements 8 Enterprise Cloud Networking DIMACS December 2011

Example with network policy specification group: frontend businesslogic backend EXTERNAL middlebox DPI Class virtualnet: protectfrontend 1. address dbserver1={128.1.104.103} 2. address dbserver2={128.1.104.13} besteffort 3. group frontend={httpdserver} 4. group businesslogic = {jboss1,jboss2, jboss3} 5. group backend={dbserver1,dbserver2} 6. middlebox Class={type=classifier,config=""} 7. middlebox DPI={type=dpi,config=""} 8. networkservice protectfrontend={l2broadcast=no, qos=standard, mb=dpi} 9. networkservice besteffort={l2broadcast=no, qos=standard, mb=none } 10. networkservice reservedbw ={l2broadcast=no, qos=10mbs, mb=class} 11. networkservice allowfailover={l2broadcast=yes, qos=standard, mb=none} 12. virtualnet allowfailover (backend) 13. virtualnet protect FrontEnd(frontend,EXTERNAL) 14. virtualnet besteffort(frontend,businesslogic) 15. virtualnet reservedbw(businesslogic,backend) 9 Enterprise Cloud Networking DIMACS December 2011 reservedbw allowfailover

CloudNaaS: A Cloud Networking Platform for Enterprise Applications IBM Research / University of Wisconsin collaboration Cloud Controller: OpenNebula 1.4 modified to accept user-specified network policies and interact with the Network Controller minimal modifications (~250 LOC) network policy parser (~250 LOC) Network Controller: NOX and OpenFlow-enabled switches HP Procurve 5400 switches w/ OpenFlow 1.0 firmware network controller implemented as a C++ NOX (~2500 LOC) pulls new / updated communication matrices and mappings from Cloud controller interfaces to non-openflow switch-specific functions (e.g., queue management) T. Benson, A. Akella, A. Shaikh, S. Sahu, in 2011 ACM Symposium on Cloud Computing (SOCC) End-host virtual switches: Open vswitch built-in support for OpenFlow protocol 10 Enterprise Cloud Networking DIMACS December 2011

Challenges at Cloud scale Evaluation: experimental and emulated workloads: multi-tier business (e.g., SAP R/3) enterprise search / analytics (e.g., MS SharePoint) topologies: standard 3-tier, fat tree 6K 30K hosts, 200 1000 ToRs, 20 100 agg Computation and instantiation of network services ~16K instances of 3-tier Web service (270K s) requires about 120s in experiments Recovering network paths / services when links or switches fail Network controller takes 2 10s for recomputation in a large DCN (1000 ToR/100 agg/270k s) when a link fails Can be reduced to 0.2s by precomputing solutions for core links Switch failures require an order of magnitude more time to recover Managing hardware device limitations O(V*N 2 ) forwarding entries per device (V = #virtual networks; N = #s) TCAM space in switches may only support 2000 flow table entries Optimizations can reduce in-network state (e.g., destination-based forwarding, entry aggregation with network-aware placement) 11 Enterprise Cloud Networking DIMACS December 2011

Research implications of enterprise clouds on the network Overcoming the scaling limitations of current network devices table sizes: MAC addrs, ACL / TCAMs, VLANs, priority levels, dynamic updates: changing forwarding tables, queuing rules, etc. take better advantage of device capabilities Management integration provide a more comprehensive network management view to tenants integrate the network with adjacent processes and tools compensating for legacy tools and s in the cloud Flexibility with simplicity make it easy to write network apps reconfigurable / optimized topologies, agile routing leverage the emerging SDN abstractions approach get above the CCIE interface to the network 12 Enterprise Cloud Networking DIMACS December 2011

Additional material 13 Enterprise Cloud Networking DIMACS December 2011

Cloud networking standards and models are evolving quickly OpenStack Project: open source cloud operating system base Nova networking focuses on address management flat subnet, flat subnet + DHCP, per-project private VLAN with OpenVPN access Networking services development Melange: flexible services for IP addr management Quantum: virtual network service to create L2 networks, ports, attachments, connectivity Open vswitch Quantum plugin available (Nicira), Cisco Nexus/UCS Donabe (Network Containers): APIs to manage generalized resource container abstraction network containers are a first instance of containers Commercial cloud solutions Amazon: variety of network functions, incl. VPCs with subnets / ACLs MS Azure: basic addresses / connectivity, VPC, CDN Ware: vcloud Director Networking (VXLAN) isolated virtual networks 14 Enterprise Cloud Networking DIMACS December 2011

Related work from industry and academic research Network-related services and appliances from 3 rd party ISVs / providers require integration of multiple solutions, individual service models and functions Research proposals on cloud networking abstractions single virtual router [Keller:10]; virt data center + bw guarantees [Guo:10] access control services [Popa:10] virt private cloud [Wood:09], WAN workload migration [Wood:11] Multi-tenant virtual networks many proposals (see recent SIGCOMM, NSDI, CoNEXT for examples) 15 Enterprise Cloud Networking DIMACS December 2011

Results Optimizations allow support of 3X more VNs Most savings at the core placement allows even better scaling Applications supported: 4X Algorithms Virtual switch ToR Aggregation Core # of Apps Default Placement 313 13K 235K 1068K 4k Default placement + Optimizations Placement Heuristic + Optimizations 0% 93% 95% 99% 12.2K 0% 99.8% 99% 99% 15.9K 16 Enterprise Cloud Networking DIMACS December 2011

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information