CERN Cloud Infrastructure. Cloud Networking

Similar documents
Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Mirantis

Cloud on TEIN Part I: OpenStack Cloud Deployment. Vasinee Siripoonya Electronic Government Agency of Thailand Kasidit Chanchio Thammasat University

Bring your virtualized networking stack to the next level

Corso di Reti di Calcolatori M

Research trends in abstraction of networks and orchestration of network services

Software Defined Network (SDN)

SDN v praxi overlay sítí pro OpenStack Daniel Prchal daniel.prchal@hpe.com

Quantum Hyper- V plugin

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

SUSE Cloud Deployment Guide Questionnaire

การใช งานและต ดต งระบบ OpenStack ซอฟต แวร สาหร บบร หารจ ดการ Cloud Computing เบ องต น

Multi Provider Cloud. Srinivasa Acharya, Engineering Manager, Hewlett-Packard

Software Defined Networking (SDN) and OpenStack. Christian Koenning

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

Utility Computing and Cloud Networking. Delivering Networking as a Service

Open Source Networking for Cloud Data Centers

OpenStack Ecosystem and Xen Cloud Platform

Overlay networking with OpenStack Neutron in Public Cloud environment. Trex Workshop 2015

Installation Runbook for F5 Networks BIG-IP LBaaS Plugin for OpenStack Kilo

Lecture 02b Cloud Computing II

Guide to the LBaaS plugin ver for Fuel

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Palo Alto Networks. Security Models in the Software Defined Data Center

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Extending Networking to Fit the Cloud

SDN Architecture and Service Trend

Cloud on TIEN Part I: OpenStack Cloud Deployment. Vasinee Siripoonya Electronic Government Agency of Thailand Kasidit Chanchio Thammasat

System Administrators, engineers and consultants who will plan and manage OpenStack-based environments.

Fast Lane OpenStack Overview Red Hat Enterprise Linux OpenStack Platform

Assignment 3 Firewalls

Virtualization, SDN and NFV

Enabling NAT and Routing in DGW v2.0 June 6, 2012

An Introduction to OpenStack and its use of KVM. Daniel P. Berrangé

OpenStack/Quantum SDNbased network virtulization with Ryu

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

Network Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013

Moving SNE to the Cloud

Building a big IaaS cloud with Apache CloudStack

Ubuntu OpenStack on VMware vsphere: A reference architecture for deploying OpenStack while limiting changes to existing infrastructure

CON Software-Defined Networking in a Hybrid, Open Data Center

Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview. IT Network Global Solutions Division UNIVERGE Support Center

Linux Firewalls (Ubuntu IPTables) II

OpenStack Introduction. November 4, 2015

Software Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat

OVN: Open Virtual Network for Open vswitch. Ben Pfaff Justin Pettit

netkit lab load balancer web switch 1.1 Giuseppe Di Battista, Massimo Rimondini Version Author(s)

Software Defined Networking using VXLAN

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam

IBM Cloud Manager with OpenStack. Administrator Guide, version 4.1

Open vswitch and the Intelligent Edge

Programmable Networking with Open vswitch

Introduction to OpenStack

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

PES. High Availability Load Balancing in the Agile Infrastructure. Platform & Engineering Services. HEPiX Bologna, April 2013

Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks

Analysis of Network Segmentation Techniques in Cloud Data Centers

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

OpenStack Manila Shared File Services for the Cloud

Sales Slide Midokura Enterprise MidoNet V1. July 2015 Fujitsu Limited

NetScaler Cloud Bridge

Bridgewalling - Using Netfilter in Bridge Mode

Availability Digest. Redundant Load Balancing for High Availability July 2013

rackspace.com/cloud/private

OpenStack Networking: Where to Next?

How To Build An Openstack Cloud System

OpenStack in 程 辉. freedomhui@gmail.com

Private Distributed Cloud Deployment in a Limited Networking Environment

Building an Open, Adaptive & Responsive Data Center using OpenDaylight

Automating Network Security

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Infrastructure as a Service

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Telecom - The technology behind

OVN: Open Virtual Network for Open vswitch. Russell Bryant Kyle Mestery Justin Pettit

ClusterLoad ESX Virtual Appliance quick start guide v6.3

CloudStack Networking. Paul Angus Cloud

Installing Intercloud Fabric Firewall

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Building Multi-Site & Ultra-Large Scale Cloud with Openstack Cascading

Solution for private cloud computing

Linux KVM Virtual Traffic Monitoring

SDN CONTROLLER. Emil Gągała. PLNOG, , Kraków

How To Deploy Sangoma Sbc Vm At Amazon Cloud Service (Awes) On A Vpc (Virtual Private Cloud) On An Ec2 Instance (Virtual Cloud)

vshield Administration Guide

WHITE PAPER. Network Virtualization: A Data Plane Perspective

This How To guide will take you through configuring Network Load Balancing and deploying MOSS 2007 in SharePoint Farm.

The CMS openstack, opportunistic, overlay, online-cluster Cloud (CMSooooCloud)"

ExamPDF. Higher Quality,Better service!

Decisions Behind Hypervisor Selection in CloudStack 4.3

Solution for private cloud computing

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

How Linux kernel enables MidoNet s overlay networks for virtualized environments. LinuxTag Berlin, May 2014

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

Openstack. Cloud computing with Openstack. Saverio Proto

Introduction to Openstack, an Open Cloud Computing Platform. Libre Software Meeting

Transcription:

CERN Cloud Infrastructure Cloud Networking

Contents Physical datacenter topology Cloud Networking - Use cases - Current implementation (Nova network) - Migration to Neutron 7/16/2015 2

Physical network Topology restrictions - A machine has only network connectivity in a specific area of the CC Network DB Registration (LanDB) - DHCP (~2 minutes) - DNS (~10 minutes) 7/16/2015 Cloud Service 3

Cloud Network nova-network Provider Network VMx VMx VMx VMx VMx Project Router Project Router Private Network Private Network VMx VMx 7/16/2015 Cloud Service 4

Nova-network architecture Cloud Controller Public Network Compute Node(s) eth0 nova-api nova-network eth0 br0 nova-compute nova-scheduler nova-conductor VMx 7/16/2015 Cloud Service 5

Nova-network @ CERN (I) Hypervisor agents - KVM Linux Bridge - Hyper-V Virtual Switch 7/16/2015 Cloud Service 6

Nova-network @ CERN (II) LanDB + AD integration - SQL extra information + Code Patch - IP/MAC pairs registered beforehand - nova-api Rename LanDB device Update AD information Wait for DNS update - ec2 Choose one device and run Rename LanDB device 7/16/2015 Cloud Service 7

Migration to Neutron Nova-network will be deprecated Neutron as a replacement - Same end-user functionality - ML2 Plugin (Flat + Linux Bridge) - Integration with CERN services - On-demand IP registration 7/16/2015 Neutron @ CERN 8

Create instance with port 1. Machine created (nova) VMx VMx VMx VMx 2. Allocate a port (neutron) - Generate MAC address - Add port to DB - Lookup subnets on network - Allocate IP on subnet - Bind port on instance to host Subnet Subnet Subnet Provider Network 7/16/2015 Cloud Service 9

Create instance with port @ CERN 1. Create instance VMx VMx VMx VMx 2. Allocate a port on a network + host - Generate MAC address - Add port to DB - Lookup subnets on network host filter - Allocate IP on subnet (LanDB) - Bind port on instance to host IP Service IP Service IP Service Provider Network 7/16/2015 Cloud Service 10

Integration with LanDB Register port creation/deletion - Device + Interface registration on neutron Import network restrictions from LanDB - Subnet Clusters (aggregation of Subnets) - Host Restrictions 7/16/2015 Neutron @ CERN 11

Q & A 7/16/2015 Cloud Service 12

CERN Cloud Infrastructure Backup slides 7/16/2015 Neutron @ CERN 14

Why? Nova-network will be deprecated Neutron as a replacement - Same end-user functionality - ML2 Plugin (Flat + Linux Bridge) - Integration with CERN services - On-demand IP registration 7/16/2015 Neutron @ CERN 15

Create instance with port 1. Machine created (nova) VMx VMx VMx VMx 2. Allocate a port (neutron) - Generate MAC address - Add port to DB - Lookup subnets on network - Allocate IP on subnet - Bind port on instance to host Subnet Subnet Subnet Provider Network 7/16/2015 Cloud Service 16

Create instance with port @ CERN 1. Create instance VMx VMx VMx VMx 2. Allocate a port on a network + host - Generate MAC address - Add port to DB - Lookup subnets on network host filter - Allocate IP on subnet (LanDB) - Bind port on instance to host IP Service IP Service IP Service Provider Network 7/16/2015 Cloud Service 17

Integration with LanDB Register port creation/deletion - Device + Interface registration on neutron Import network restrictions from LanDB - Subnet Clusters (aggregation of Subnets) - Host Restrictions 7/16/2015 Neutron @ CERN 18

Improve LanDB integration Split device from interface registration Method to retrieve not available IPs - 1 Network, 1 Broadcast, 1 Gateway, 6 Reserved Avoid clustername on interface registration IPv4 IPv6 7/16/2015 Neutron @ CERN 19

Contents Overview of nova-network @ CERN Neutron basics and architecture Decisions Planning 7/16/2015 Cloud Service 20

Nova-network architecture Cloud Controller Public Network Compute Node(s) eth0 nova-api nova-network eth0 br0 nova-compute nova-scheduler nova-conductor VMx 7/16/2015 Cloud Service 21

Nova-network @ CERN (I) Hypervisor agents - KVM Linux Bridge - Hyper-V Virtual Switch 7/16/2015 Cloud Service 22

Nova-network @ CERN (II) LanDB + AD integration - SQL extra information + Code Patch - IP/MAC pairs registered beforehand - nova-api Rename LanDB device Update AD information Wait for DNS update - ec2 Choose one device and run Rename LanDB device 7/16/2015 Cloud Service 23

OpenStack Neutron Provides networking as a service (NaaS) Concepts - Networks - Subnets - Ports - Interfaces virtual network virtual port virtual interface Net1 10.0.0.0/24 VM1 VM1 7/16/2015 Cloud Service 24

Neutron Components API Server Queue Network node Agents - L2 - L3 - DHCP - Advanced 7/16/2015 Cloud Service 25

Neutron Architecture

Neutron Topology Provider Network VMx VMx VMx VMx VMx Project Router Project Router Private Network Private Network VMx VMx 7/16/2015 Cloud Service 27

Neutron Networks Private Networks - User created - Not shared - Routable/Isolated Provider Networks - Created by admins - Shared among tenants - Map to existing physical networks 7/16/2015 Cloud Service 28

Neutron Drivers (ML2) Core Plugin (ML2) Type Manager Mechanism Manager Type Driver Mechanism Driver flat GRE VLAN VXLAN Linux Bridge OvS Hyper-V Other 7/16/2015 Cloud Service 29

Decisions ML2 mechanism and type drivers - KVM Linux Bridge Open vswitch - HyperV Deployment architecture - Flat (provider networks) - Routed (private networks) - Mixed (both) 7/16/2015 Cloud Service 30

Create instance with port 1. Machine created (nova) VMx VMx VMx VMx 2. Allocate a port (neutron) - Generate MAC address - Add port to DB - Lookup subnets on network - Allocate IP on subnet - Bind port on instance to host Subnet Subnet Subnet Provider Network 7/16/2015 Cloud Service 31

Create instance with port @ CERN 1. Create instance VMx VMx VMx VMx 2. Allocate a port on a network + host - Generate MAC address skip?? - Add port to DB - Lookup subnets on network host filter - Allocate IP + MAC on subnet (LanDB) - Bind port on instance to host IP Service IP Service IP Service Provider Network 7/16/2015 Cloud Service 32

CERN Specifics AD integration - Where is the right point to do it? IP/MAC address handling - IP/MAC addresses registered beforehand - Scheduler awareness of host on creation Interference with APIs 7/16/2015 Cloud Service 33

Neutron Resources Core Networks Subnets Ports Extended Routers Floating IPs Firewalls Load Balancers 7/16/2015 Neutron @ CERN 34

Neutron Components Extensions API Core L3 FW Plugins Core Plugin L3 Plugin FW Plugin Service Plugins Agents L2 Agent (Hyper-V, LinuxBridge, ) L3 Agent 7/16/2015 Neutron @ CERN 35

Neutron Components @ CERN Extensions API Core CERN Extensions Plugins Core Plugin CERN Service Plugin Service Plugins Agents L2 Agent (LinuxBridge, Hyper-V) 7/16/2015 Neutron @ CERN 36

ML2 Plugin Core L2 Type Manager Mechanism Manager Extension Manager Type Drivers (Flat, GRE, VLAN, VXLAN) Mechanism Drivers (LinuxBridge, OVS, Hyper-V, Cisco, ) Extension Drivers 7/16/2015 Neutron @ CERN 37

ML2 Plugin @ CERN Core L2 Type Manager Mechanism Manager Extension Manager Flat Type Driver CERN Mechanism Drivers No Extension Drivers 7/16/2015 Neutron @ CERN 38

CERN Cloud Infrastructure Implementation 7/16/2015 Neutron @ CERN 39

Summary LanDB Custom Mechanism Drivers IP Service Clusters SubnetCluster API IP restrictions HostRestrictions API VM Metadata Security groups 7/16/2015 Neutron @ CERN 40

CERN LB Mechanism Driver Based on LinuxBridge driver. Handles LanDB registration / deletion. Queries Nova to resolve instance name and other LanDB metadata. If LanDB registration fails, port gets deleted, instance gets error state. If LanDB deletion fails, instance gets deleted anyway wasted IPs. Code is run by neutron-server. 7/16/2015 Neutron @ CERN 41

SubnetCluster API extension Defines new Cluster network resource Allows association of subnets with a clusters Neutron Subnet == CERN IP Service Provider Network Cluster X Cluster Y Subnet XX Subnet XY Subnet YX Subnet YY 7/16/2015 Neutron @ CERN 42

HostRestrictions API extension Exposes information about CERN network restrictions as part of the Neutron API. Hypervisor Allowed IP Service(s). Can choose an IP service based on different algorithms. 7/16/2015 Neutron @ CERN 43

Instance Metadata Problem: Neutron implementation depends on L3 or DHCP. Solution: Get rid of Neutron metadata. Add NAT rule to forward metadata requests on compute node. Chain PREROUTING (policy ACCEPT) DNAT tcp -- anywhere 169.254.169.254 tcp dpt:http to:128.142.134.168:8775 neutron-linuxbri-prerouting all -- anywhere anywhere Add FORWARD rule to allow packets from/to metadata server. Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere neutrondev.cern.ch neutron-filter-top all -- anywhere anywhere neutron-linuxbri-forward all -- anywhere anywhere Implemented as patch in IPTables Manager. Added metadata_host and metadata_port in neutron.conf 7/16/2015 Neutron @ CERN 44

Security Groups Supported with nova cells. IP Tables implementation. Default rules don t allow external ingress traffic. Cannot change default rules from API. Patch on default security group rules creation. 7/16/2015 Neutron @ CERN 45

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information