Open Source Networking for Cloud Data Centers Gaetano Borgione Distinguished Engineer @ PLUMgrid April 2015 1
Agenda Open Source Clouds with OpenStack Building Blocks of Cloud Networking Tenant Networks Integration with Physical Assets Integration with Services April 2015 2
Open Source Clouds with OpenStack April 2015 3
OpenStack OpenStack is a cloud management system that controls large pools of compute, storage, and networking resources throughout a datacenter, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface April 2015 4
OpenStack Core Services Compute ("Nova") provides virtual servers upon demand. Compute resources are accessible via APIs for developers building cloud applications and via web interfaces for administrators and users. Network ( Neutron") is a pluggable, scalable and API-driven system for managing networks and IP addresses. Like other aspects of the cloud operating system, it can be used by administrators and users to increase the value of existing datacenter assets. Block Storage ("Cinder") provides persistent block storage to guest VMs. This project was born from code originally in Nova (the nova-volume service described below). Dashboard ("Horizon") provides a modular web-based user interface for all the OpenStack services. April 2015 5
Driving toward a Cloud junction! April 2015 6
Tenant Networks April 2015 7
Per-Tenant Routers with Private Networks - Tenant create Networks, linking them to a Router - Ad-hoc model for Tenant-defined multi-tier applications, with each tier as separate network behind a Router - Multiple Routers make possible overlapping IP space among Tenant subnets - Access to External Network via SNAT / Floating IP April 2015 8
flat networking model VM interfaces are all bridged toward a network adapter Ok for full-trust or single-tenant deployments were segmentation is not needed No multi-tenancy, L2 isolation, overlapping IP address spaces support L3 first-hop routing is either provided by physical networking devices (flat model) or by OpenStack L3 Service (flat-dhcp model) April 2015 9
vlan-based networking model A VLAN per tenant network is used to provide multi-tenancy, L2 isolation, overlapping IP Address spaces support Each VLAN can be either pre-configured on physical switches ***or*** Neutron plugins (provided by switch vendor) can communicate with physical switches to provision it L3 first-hop routing is either provided by physical networking devices or by OpenStack L3 Service April 2015 10
overlay-based networking model multi-tenancy achieved by overlaying MAC-in-IP Tunnels onto the physical switch fabric (underlay, transport network) Encapsulation header (VXLAN, NVGRE, STT) convey tenant network ID to enable full isolation and overlapping IP Address spaces support Software layers to implement routing / switching operations within and across tenant networks April 2015 11
overlay-based networking model (cont.) Neutron plugin talk to SDN Controller via vendor APIs SDN Controller manages vswitches in the Hypervisors PLUMgrid, VMware NSX, Contrail, Nuage, Midokura, 12
Integration with Physical Assets April 2015 13
Virtual Topology and Physical Interconnect needs April 2015 14
Virtual to Physical Networking April 2015 15
Integration with Services April 2015 16
Services Adoption in Cloud Data Center 17
Service Provisioning steps in OpenStack Provisioning of Virtual Service Form Factor: Virtual Machine or Docker Container Placement Algorithm: RR, Resource Utilization Criteria, Affinity Properties High Availability Service Configuration Service plug-in for solutions supported by vendors Ad-Hoc configuration via Management Interface Service Connectivity SDN solutions to onboard exposed Virtual Service Interface(s) onto Networks provisioned in OpenStack April 2015 18
Wrapping up April 2015 19
Multi-Tenancy + Physical Connectivity + Service Insertion = Cloud Networking April 2015 20
Questions? Gaetano Borgione borgione@plumgrid.com April 2015 21