Cloud Networks Uni Stuttgart Gerhard Koch IBM Distinguished Engineer WW Engineering & Delivery Cloud SSA
Network Inhibitors today to Cloud technologies Role of the Network in Cloud DC s Concrete Realization Scenarios Cloud ready Networks Future Cloud & Network Virtualization Options From QoS to QoE T-Server (Genesys) 2
Network Inhibitors today to Cloud technologies Role of the Network in Cloud DC s Concrete Realization Scenarios Cloud ready Networks Future Cloud & Network Virtualization Options From QoS to QoE T-Server (Genesys) 3
Cloud Computing is defining new requirements for networks... v Evolved Network Model to support Network Virtualization and Resource management v Support of dynamic and mobile workloads within and between DC s v Workaround new scalability issues in L2 and L3 environments v Virtualized Networks b e t w e e n Providers v Dynamic Provisioning of Network Resources due to needs of a Cloud workload v Enable Real-time Cloud Workloads such as Telco Billing, Voice and Video v Management of Real-time Cloud Workloads in a distributed Cloud Architecture v Understand the Telco network requirements when introducing cloud principles to their IT landscape v Bandwidth as a Service, Network Services as a Service (e.g App Acceleration) 4
Network Inhibitors today to Cloud technologies Role of the Network in Cloud DC s Concrete Realization Scenarios Cloud ready Networks Future Cloud & Network Virtualization Options From QoS to QoE T-Server (Genesys) 5
The data center IT infrastructure evolution from ad-hoc to well-architected, to reduce costs and increase responsiveness Top IT requirements to be met: Lower total costs through better device utilization and energy efficiency Better IT responsiveness through rapid application deployment, including self-service Better IT agility virtual resources, configurations, and workloads decoupled and insulated from physical environment Scale-Out Complexity Consolidation Virtualization Dynamic / Cloud Windows Servers Windows Server Virtual Servers, Storage, Networks Unix Servers Firewalls, Routers Ensemble Switches Mainframe or Unix Server Networks Multi-System Virtualization Ensemble Linux Servers Management Servers Storage Linux Server Storage V Servers V Networks V Storage Ensemble Device sprawl Physical consolidation System virtualization System provisioning and automation 6
Networks must become flexible, responsive, and managed together with the rest of the IT infrastructure Scale-Out Complexity Consolidation Virtualization Dynamic / Cloud Server / Storage Network Device sprawl Device virtualization System virtualization System provisioning and automation 7
Evolution of Data Center Networking Data Center Network is migrating to a Single Layer Router Core N layer 2 layer 1 layer Virtual Core Aggregation Access.. Virtual Storage Virtual Servers Storage fabric connect anything anywhere connectivity is predictible (bandwith, latency, qos) Enable Converge and Simplify Scale Reduced TCO 8
The foundation... Real Virtual Ethernet s 9
The Evolution of Access Networks Access layer networking has evolved from a simple physical NIC-to-physical switch connection to a complex virtual network infrastructure living within the physical server in the form of vnics and vswitches and associated technologies (VLAN tagging, trunking, QoS, etc.). A trend that is likely to continue. 10
Standards associated with Virtual Ethernet Bridging IEEE 802.1Qbg Edge Virtual Bridging Edge Virtual Bridging (EVB) is the environment where physical end stations contain multiple virtual end stations that participate in the bridged LAN. is the effort to standardize interactions between data center subsystems in support of Virtualization and Virtual Machine Mobility. 1. Virtual Ethernet Port Aggregation (VEPA) Allows VM-VM communication within the same server to be done through external switch (hairpin mode) to take advantage of its advanced controls Leverages VEB (Virtual Ethernet Bridging) embedded bridging in adapters 2. Multi-channel Allows each virtual MAC address (such as the MAC Addresses used by VMs) to carry a VLAN tag, which can be used to provide quality of service capabilities (e.g. traffic controls). Todays pre-standards alternatives: IBM/BNT Virtual Fabric with vnic 3. Virtual Station Interface (VSI) Allows external network state, also known as port profiles (i.e. VLAN Identifier, Port Access and Traffic Controls) to dynamically migrate with a VM. This was Automated Migration of a Port Profile (AMPP) before. Key Proponents: IBM, HP, BNT, Juniper, Qlogic, Emulex first products expected for late 2010 A similar proposal ist 802.1Qbh - Bridge Port Extension (Cisco s VN-link). 11
Ethernet Virtual Bridging Standards (IEEE 802.1Qbg) 2 VM App. OS Drv Server VM App. OS Drv Server VM App. OS Drv VM App. OS Drv 1. Virtual Ethernet Port Aggregator (VEPA) Protocol Discovers where VM-VM communication is performed: Through Virtual Ethernet Bridge (VEB) within the server, or Through external switch, so external switches advanced controls can be performed on traffic. VEPA Hypervisor 1 2 2 VEPA Hypervisor 2. Multi-channel Protocol Uses a Service Provider VLAN tag (STAG) to isolate traffic to a channel. Allows a mix of internal (VEB) and external (VEPA) based switching approaches on the same server physical port. 12 3 A Port Profile consists of network state associated with the VM, such as VLAN ID, Access, QoS & Security Controls. 3. Virtual Station Interface (VSI) Protocol Used to associate and de-associate VM MAC Addresses to a port profile. Enables port profiles to dynamically migrate with a VM. http://www.ieee802.org/1/pages/802.1bg.html
Multi-Channel: allows VEB, VEPA & dedicated links on the same switch port VM Edge Switch Edge VM VM Provides the ability to support a vswitch and VEPA on the same switch port (with a single NIC) VM VM VM VM VM VEB VEPA Hypervisor Multi-Channel Multi-Channel L2 net(s) Server Edge The type of link (VEB, VEPA, or direct) could be specified as part of the port profile. 13 13 11/9/2010 NEVA/EVB
Today s VM Migration (VMware, PowerVM, ) VM App. OS Identity VM App. OS Identity Hypervisor Server VM App. OS Identity Hypervisor Server Today: Internal virtual switch Port Profiles, move with a VM. But external Port Profiles do not move with the VM. Port Profile Options: Use same Port Profiles All VMs must be same type. Move after VM Can t tell Migrated vs Reincarnated VM. Manually move the Port Profile Reduces virtualization value. 14 A Port Profile consists of network state associated with the VM, such as VLAN ID, Access, QoS & Security Controls.
Solving VM Automation Challenges VM App. OS Identity Hypervisor Server VM App. OS Identity VM App. OS Identity Hypervisor Server 2010 Products We are working with partners & the industry to provide a standards based approach for: 1) Selecting where Virtual Switching is done: Server vs external switch (Virtual Ethernet Port Aggregation). 2) Automating the migration of port profiles (Virtual Station Interface or Automated Migration of a Port Profile). 15
BNT s VM aware Network - VMready VM 1 VM 2 VM X Virtual Switch Virtual Switch 2 2 Virtual port VLAN 100 ACL filters TX/RX limits 1 VMready Switch 3 Virtual port VLAN 100 ACL filters TX/RX limits VMready Switch VMready runs on the switch 1. VMready creates a virtual port for each VM can be configured for VLANs, ACLs, QoS etc. 2. Virtual port configurations can be synchronized with vswitches via APIs 3. VMready see the packets sent from VMs as they migrate and moves the virtual ports and policies in real time with Nmotion - Virtual Machines stay attached and secure. 16
Virtual Fabric for IBM System x Divide a 10G adapter port into 2, 3 or 4 adjustable virtual pipes Reduce acquisition cost up to 75% and energy cost up to 45% Reduce complexity up to 86% less cables and 75% less switches & adapters Ability to dynamically allocate I/O bandwidth (100Mb increments) Exceptional security by providing isolation between virtual NICs High availability isolate failures of vnics or virtual groups OS/Hypervisor sees up to 4 NICs per port (data, mgmt, Vmotion) Control Transmit and receive directions x86 Architecture BLADE 10G Switch 10G Link Virtual Pipes BLADE G8124 Emulex OneConnect NIC 17 BLADE Network Technologies Confidential 9-Nov-10 17
Virtual Pipe Architecture Hypervisor/OS Hypervisor/OS vnics are identified by unique VLAN tags vnic1 vnic2 vnic3 vnic4 OT!0 Packets with OT 10 OT2 0 Packets with OT 20 OT3 0 Packets with OT 30 OT4 0 Packets with OT 40 vnic1 vnic2 vnic3 vnic4 OT!0 Packets with OT 10 OT2 0 Packets with OT 20 OT5 0 Packets with OT 40 OT6 0 Packets with OT 50 User assigns vnic(s) and uplink(s) to a vnic group (outer VLAN) in the switch One server port may belong to only one vnic group One uplink may belong to only one vnic group Switch does bandwidth metering based on vnic VLAN tag and the port vnic Group 10 vnic Group 20 vnic Group 30 vnic Group 40 vnic Group 50 There will no forwarding between the uplinks Server Switch Packet Flow NIC inserts vnic s VLAN tag Switch has a vnic groups for every vnic tag Unicast Packet goes out on the right port server port or uplink port vnic VLAN tag is stripped before sending out on uplink vnic VLAN tag is not stripped before sending out on server port Broadcast, multicast and unknown unicast packets are flooded in the vnic group 18 Switch Server Packet Flow Switch inserts vnic group s VLAN tag based on the ingress uplink port Unicast Packet goes out on the right server port Broadcast, multicast and unknown unicast packets are flooded in the vnic group Switch applies egress bandwidth meter on the vnic VLAN on a per port basis
The next foundation...virtual Network Scalability 19
Short & Midterm needs when connecting multiple Cloud DC s 20
TRILL as option from Network Perspective when connecting Cloud DC s Transparent Interconnection of Lots of Links 21
TRILL How does it work? 22
Network Inhibitors today to Cloud technologies Role of the Network in Cloud DC s Concrete Realization Scenarios Cloud ready Networks Future Cloud & Network Virtualization Options From QoS to QoE T-Server (Genesys) 23
Cloud Networks going forward 24
Data Center - Cloud Network topology there is even more to cloudify Vswitches VCO s VCO s Vswitches Virtualized Instances of FW/IDS Virtualized Physical Switches Virtualized Physical Routers with Services Blades VConnections/VPipes 25
Data Center - Cloud Network topology Service Activation (Virtualized) Nw Instances Vswitches VCO s NVM NVM VCO s Vswitches (Virtualized) Physical Nw Instances 26 26
Dynamic (Network) Provisioning Network Overlay (VCO s) Server SEP Service App SEP NEP NEP NEP Storage SEP NEP NEP VCO s VCO s Server SEP NEP NEP NEP Storage SEP A network ensemble has Several network end points (NEP s) Places where using entities connect. Network end points are fixed Each user entity has Exactly one application end point An abstraction with identity. Virtual Connectivity Object (VCO s) Has two or more Service end points (SEPs) A current mapping from one service end point to one network end-point Location is a mapping between an SEP and the NEP Configuration and Monitoring of NEPs Is performed by one or more Element Managers provided by the device manufacturer Service Appliances Firewalls, load-balancers or caches type network devices Can be inserted into a connectivity overlay to provide desired QoS/security characteristics 27
Service Activation for Networking: Using OVF(VCO) for data exchange <IaaS> <Customer> attr </Customer> <Project> attr </Project> </IaaS> <Network> <Port> attr </Port> <Vlan>attr </Vlan> <IP Addr> attr </IP Addr> </Network> TSAM Network Configuration Manager Network Context XML Document (OVF) Network Context 28 28 28
1 What network activation am I being asked to perform? Defined Network Activation Requirements Activate Ethernet Ports (virtual and physical) Activate Routing Activate VLANS Activate Security Access Control Lists 2 How does TSAM interact? TSAM Integration Exits Defined Activations Completed Return Workflow Values 5 Done. RunBook Completed State and Status Returned Tpae Workflow 29 3 RunBook Automation Defined Workflow Workflow Orchestrated NCM API s Called CDM Network Parameters Passed Workflow nested within the network space. 4 Do it. Network Activated Virtual Network Physical Network
CCMP (Core) Components Relevant to Networking Cloud Service Cloud Service Provider Consumer Cloud Service Developer Consumer End user Cloud Services IT capability provided to Cloud Service Consumer Cloud Service Integration Consumer Business Manager Customer In-house IT Consumer Administrator Service Delivery Portal API (Virtualized) Infrastructure Server, Storage, Network, Facilities Infrastructure for hosting Cloud Services and Common Cloud Management Platform Tools Common Cloud Management Platform Virtualized Network Services E.g., create virtual overlay with QoS, security, Offering Mgmt availability requirements. Order Mgmt BSS Business Support Services Deploy/create virtual network overlay over OSS (virtualized) infrastructure, that satisfies requirements. Operational Support Services Service Templates Service Business Manager General accounting Contract & agreement Mgmt Service Request Management Provisioning Monitoring & Event Management Customer Mgmt Entitlement Mgmt Invoicing Billing Opportunity to Order Metering, Analytics & Reporting Service Delivery Catalog Service Automation Management Change & Configuration Management Incident & Problem Management IT Asset & License Management Virtualization Mgmt Service Provider Portal Service Transition Manager Pricing & Rating Subscriber Mgmt Peering & Settlement Service Offering Catalog Virtual network overlay configuration/change management. How virtual network overlays are charged wrt SLA. Image Lifecycle Management IT Service Level Management Capacity & Performance Management Service Development Portal Service Operations Manager Developer Service Development Tools Service Definition Tools Monitor infrastructure for SLA compliance. Image Creation Tools Security & Resiliency Service Security Manager 30
Network Inhibitors today to Cloud technologies Role of the Network in Cloud DC s Concrete Realization Scenarios Cloud ready Networks Future Cloud & Network Virtualization Options From QoS to QoE T-Server (Genesys) 31
Cloud Networks what is still missing guess what? 32
Research for truly Virtualized and Open Networks... 33
34
35
36
37
38
39
OPENFLOW OPENFLOW OPENFLOW 40
Open Flow - What is it? 41
Open Flow - Architecture to program the Forwarding Path 42
Open Flow - Initial Use Cases Interlock to VCO s 43
Network Inhibitors today to Cloud technologies Role of the Network in Cloud DC s Concrete Realization Scenarios Cloud ready Networks Future Cloud & Network Virtualization Options From QoS to QoE T-Server (Genesys) 44
Defining QoE... Definition (ITU-T p.10/g.100) Quality of Experience (QoE) is the overall acceptability of an application or service, as perceived subjectively by the end-user. (New Proposed) Definition Quality of Experience is the overall acceptability of an application or service, as perceived by the end-user. It incorporates the end-to-end Network Quality of Service (NQoS) metrics, the QoS metrics specific to the application or service (AQoS) and the subjective overall customer satisfaction Mean Opinion Score (CMOS) collected for the user during and/or at the end of using the application or service. 45
QoS today... 46
QoE Components SLA QoE Objective / Quantitative Measured Perceived Subjective / Qualtitative E2E Customer Satisfaction Rating Laptops, desktops, PDAs, Smart phones Wireless, wireline Client Access AQoS Overall Service Physican Efficiency Patient Quality of Care Image Processing Collaboration Retrieval,Translation Business Recovery Metro Ethernet, etc Aggregation NQoS Customer Care Helpfullness Responsiveness Intranet, internet, IP, MPLS, VPN, Core Billing, Security,.. Data Preservation Compliance Patient Confidentiality VMs, Storage, Security, Imaging Servers Recommend? 47
QoE - Why doing this? because it is critical to the adoption of Cloud Services Delays Led to Decrease in: Revenue Sales Traffic Productivity Customer Satisfaction Amazon Google Bing Web Apps Computer world UK 100 ms Ref[31] 500 ms Ref[28] 2000 ms Ref[28] 1000 ms Ref[1] Application Degradation Ref[8] Application Degradation Ref[31] 2.10% 15% Network Delays 1% 20% Application Delays 14% 16% 48
Gerhard Koch IBM Distinguished Engineer Thank you!