Creating Overlay Networks Using Intel Ethernet Converged Network Adapters



Similar documents
How to Configure Intel Ethernet Converged Network Adapter-Enabled Virtual Functions on VMware* ESXi* 5.1

Intel Ethernet and Configuring Single Root I/O Virtualization (SR-IOV) on Microsoft* Windows* Server 2012 Hyper-V. Technical Brief v1.

How to Configure Intel X520 Ethernet Server Adapter Based Virtual Functions on Citrix* XenServer 6.0*

VNF & Performance: A practical approach

iscsi Quick-Connect Guide for Red Hat Linux

Intel Data Direct I/O Technology (Intel DDIO): A Primer >

Intel Media SDK Library Distribution and Dispatching Process

Intel Service Assurance Administrator. Product Overview

Intel Internet of Things (IoT) Developer Kit

Intel HTML5 Development Environment. Article - Native Application Facebook* Integration

Customizing Boot Media for Linux* Direct Boot

Intel Technical Advisory

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

COSBench: A benchmark Tool for Cloud Object Storage Services. Jiangang.Duan@intel.com

Intel vpro Technology. How To Purchase and Install Go Daddy* Certificates for Intel AMT Remote Setup and Configuration

Software Solutions for Multi-Display Setups

with PKI Use Case Guide

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms

The Case for Rack Scale Architecture

Intel Data Migration Software

Intel HTML5 Development Environment. Tutorial Test & Submit a Microsoft Windows Phone 8* App (BETA)

Different NFV/SDN Solutions for Telecoms and Enterprise Cloud

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Intel Desktop Board DQ965GF

Cloud based Holdfast Electronic Sports Game Platform

Specification Update. January 2014

Intel Solid-State Drive Pro 2500 Series Opal* Compatibility Guide

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

A Superior Hardware Platform for Server Virtualization

SDN. WHITE PAPER Intel Ethernet Switch FM6000 Series - Software Defined Networking. Recep Ozdag Intel Corporation

Intel Desktop Board DP55WB

Linux KVM Virtual Traffic Monitoring

Intel HTML5 Development Environment. Tutorial Building an Apple ios* Application Binary

Intel Desktop Board DG965RY

Intel SSD 520 Series Specification Update

Developing High-Performance, Flexible SDN & NFV Solutions with Intel Open Network Platform Server Reference Architecture

Intel Desktop Board D945GCPE Specification Update

Intel HTML5 Development Environment Article Using the App Dev Center

Intel Desktop Board D945GCPE

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems

2013 Intel Corporation

Intel Desktop Board DG41BI

Intel Desktop Board DG43RK

Intel Retail Client Manager Audience Analytics

Power Benefits Using Intel Quick Sync Video H.264 Codec With Sorenson Squeeze

Intel Open Network Platform Release 2.1: Driving Network Transformation

Fiber Channel Over Ethernet (FCoE)

Network Virtualization

Partition Alignment of Intel SSDs for Achieving Maximum Performance and Endurance Technical Brief February 2014

Intel Desktop Board DG41WV

Intel Desktop Board DQ35JO

Intel Desktop Board DG41TY

Intel Desktop Board DG31PR

Intel Small Business Advantage (Intel SBA) Release Notes for OEMs

System Image Recovery* Training Foils

Intel Solid-State Drive Data Center Tool User Guide Version 1.1

Intel Core i5 processor 520E CPU Embedded Application Power Guideline Addendum January 2011

Intel Media Server Studio - Metrics Monitor (v1.1.0) Reference Manual

Intel Core TM i3 Processor Series Embedded Application Power Guideline Addendum

Intel Network Builders

Wake on LAN Hardware Implementation Utilizing the Intel EP80579 Integrated Processor Product Line

Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

System Event Log (SEL) Viewer User Guide

Revision History. Revision Revision History Date

Intel Identity Protection Technology (IPT)

Intel Simple Network Management Protocol (SNMP) Subagent v6.0

NFV Reference Platform in Telefónica: Bringing Lab Experience to Real Deployments

User Experience Reference Design

Intel Cloud Builder Guide to Cloud Design and Deployment on Intel Xeon Processor-based Platforms

Intel Remote Configuration Certificate Utility Frequently Asked Questions

Intel Ethernet Controller X540 Feature Software Support Summary. LAN Access Division (LAD)

Configuring RAID for Optimal Performance

Intel Desktop Board DQ43AP

Network Function Virtualization Using Data Plane Developer s Kit

RAID and Storage Options Available on Intel Server Boards and Systems

PCI-SIG SR-IOV Primer. An Introduction to SR-IOV Technology Intel LAN Access Division

Douglas Fisher Vice President General Manager, Software and Services Group Intel Corporation

Intel Desktop Board DG33TL

Intel RAID RS25 Series Performance

Intel Integrated Native Developer Experience (INDE): IDE Integration for Android*

Intel Retail Client Manager

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Upsurge in Encrypted Traffic Drives Demand for Cost-Efficient SSL Application Delivery

Virtual Compute Appliance Frequently Asked Questions

This guide explains how to install an Intel Solid-State Drive (Intel SSD) in a SATA-based desktop or notebook computer.

Intel Desktop Board D945GCL

Intel Identity Protection Technology with PKI (Intel IPT with PKI)

Intel Matrix Storage Console

How Linux kernel enables MidoNet s overlay networks for virtualized environments. LinuxTag Berlin, May 2014

Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms

Extending Networking to Fit the Cloud

Intel System Event Log (SEL) Viewer Utility

Running Windows 8 on top of Android with KVM. 21 October Zhi Wang, Jun Nakajima, Jack Ren

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam

Evaluation Report: Emulex OCe GbE and OCe GbE Adapter Comparison with Intel X710 10GbE and XL710 40GbE Adapters

Intel Desktop Board D101GGC Specification Update

Best Practices for Installing and Configuring the Hyper-V Role on the LSI CTS2600 Storage System for Windows 2008

Intel Atom Processor E3800 Product Family

Transcription:

Creating Overlay Networks Using Intel Ethernet Converged Network Adapters Technical Brief Networking Division (ND) August 2013 Revision 1.0

LEGAL INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. A Mission Critical Application is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PURCHASE OR USE INTEL S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked reserved or undefined. Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm. Intel and Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. *Other names and brands may be claimed as the property of others. Copyright 2013, Intel Corporation. All Rights Reserved. ii

Revision History Revision Date Comments 1.0 August 2013 Initial release Contents 1.0 Introduction...1 1.1 Hardware Requirements...2 1.2 Software Requirements...2 2.0 Installation and Configuration...2 2.1 Enabling the Host Server and OS Installation...2 2.2 Overlay Networks using Open vswitch...2 2.2.1 GRE Tunnel...3 2.2.2 VXLAN Tunnel...5 2.3 Network Connectivity to Guest Virtual Machines...8 3.0 Summary...9 4.0 Customer Support...9 5.0 For Product Information...9 iii

1.0 Introduction In recent years, Cloud computing has emerged as one of the key usage models for data centers. Cloud computing framework enables data center providers to abstract physical resources from users that enable sharing of physical resources. Intel Virtualization Technology is one of the key building blocks for Cloud computing. Data center providers are sharing processor, memory and I/O resources using Intel Virtualization technology, along with software from Microsoft*, VMware*, Citrix* and Linux* distributors, which provides a mechanism to provision and manage virtualized hardware. The Intel Ethernet Converged Network Adapter X520 and Intel Ethernet Converged Network Adapter X540 families support industry-leading features that are accelerating the performance and implementation of 10 GbE in Cloud computing environments. As Cloud computing matures, the need to virtualize networking resources has become vital. Cloud service providers expect network security and traffic segmentation in multi-tenant Cloud environments. Software Defined Networks (SDN) and Overlay Networks are industry standard techniques designed to achieve Network Virtualization. Network Overlays such as Generic Routing Encapsulation (GRE) and Virtual extensible Local Area Network (VXLAN) achieve Network Virtualization by overlaying layer 2 networks over physical layer 3 networks. These techniques enable network scalability and efficient use of current network infrastructure. Cloud computing frameworks such as EC2 from Amazon*, VMware s Cloud Infrastructure, and Linux based Open Stack use GRE or VXLAN to virtualize, provision and manage network resources. This document shows how to create Overlay Networks using GRE and VXLAN tunnels on Intel X520 or X540 Ethernet Converged Networking Adapters in a Linux environment. 1

1.1 Hardware Requirements An Intel Ethernet Converged Network Adapter X520 or X540 A server platform that supports Intel Virtualization Technology A server platform with an available PCI Express* (PCIe*): X8 5.0 GT/s (Gen2) slot 10 GbE Switch 1.2 Software Requirements Fedora 19 or Ubuntu 13.04 Linux distribution Open vswitch version 1.10.0 (http://openvswitch.org/release/openvswitch-1.10.0.tar.gz) 2.0 Installation and Configuration 2.1 Enabling the Host Server and OS Installation 1. Install the Intel Ethernet CNA X520 or X540 server adapter in an available PCIe x8 slot. Ensure that the x8 slot is electrically connected as an x8 some slots are physically x8 but electrically support only x4. Verify this with your server manufacturer or system documentation. 2. Power up the server. 3. Enter the server s BIOS setup and make sure the virtualization technology feature is enabled on the server. Install either the Fedora 19 or Ubuntu 13.04 Linux distribution. Software Fedora 19 Ubuntu 13.04 Development Tools Virtualization ~ # yum groupinstall virtualization ~ # yum groupinstall Development Tools ~ # sudo apt get install build essentials ~ # sudo apt get install qemu kvm libvirtbin bridge utils ~ # sudo apt-get install ubuntu-vmbuilder 2.2 Overlay Networks using Open vswitch Download, configure, compile and install Open vswitch. Follow the instructions provided within the Open vswitch package. 2.2.1 GRE Tunnel Figure 1 shows a typical GRE tunnel setup. VM-A and VM-B are part of a tenant network for ACME Corporation. A Cloud Service provider has assigned the unique Tenant Network Identifier (TNI) 5457 to ACME Corporation s network. A Unique TNI is required for each tenant utilizing the physical network to maintain network security and the tenants network traffic segregation. Network traffic flow from VM-A on Host1 to VM-B on Host2 follows: 1. Traffic from VM-A flows via bridge br2 using egress internal port gre0. 2

2. A GRE header is added to the outgoing Ethernet frames and handed to bridge br7 via ingress internal port tep7. 3. Ethernet frames with GRE header are now placed on the wire using eth7 device destined for VM-B on Host2. The process is reversed on Host2 and the Ethernet frame is handed to VM-B. Figure 1. GRE Tunnel Providing network access to additional tenants is as simple as creating additional OVS Bridges for each tenant using a unique TNI and creating a corresponding Tunnel Endpoint (TEP) port. Configuration for Host1 is shown below. Figure 2. Host 1 Configuration 3

Configuration for Host2 follows. Figure 3. Host 2 Configuration Figure 4 shows the various elements of an Ethernet frame with GRE header. Figure 4. Ethernet Frame Elements 4

Figure 5 shows the corresponding network packet. Figure 5. Corresponding Network Packet 2.2.2 VXLAN Tunnel Figure 6 shows a typical VXLAN tunnel setup. VM-A and VM-B are part of a tenant network for ABC Corporation. Their Cloud Service provider has assigned a unique VNI 5000 to ABC Corporation s network. A unique VNI is required for each tenant utilizing the physical network to maintain network security and tenant network traffic segregation. Network traffic flow from VM-A on Host1 to VM-B on Host2 follows: 1. Traffic from VM-A flows via bridge br2 using egress internal port vx9. 2. A VXLAN header is added to the outgoing Ethernet frames and handed to bridge br2 via ingress internal port tep2. 3. Ethernet frames with the VXLAN header are now placed on the wire using eth2 device destined for VM-B on Host2. 5

4. The process is reversed on Host2 and the Ethernet frame is handed to VM-B as shown in Figure 6. Figure 6. Typical VXLAN Tunnel Setup Providing network access to additional tenants is as simple as creating an additional OVS Bridge for each by using a unique VNI and creating a corresponding TEP port. The key parameter in the following code corresponds to VXLAN VNI. A VNI value of 5000 is used in the example below. The dst_port parameter is optional and is used to specify a UDP port number for the TEP port s VXLAN traffic. Note that the UDP port number is implementation specific and should be consistent for the network. Different vendors may choose to use different UDP Ports for VXLAN traffic. For example, VMware* products use UDP port 4789 for VXLAN traffic as their default. To ensure successful VXLAN communication, please be sure to consistently configure the VXLAN network to use the correct UDP Port for your implementation. The following Figure 7 shows VXLAN Tunnel setup commands for Host1. 6

Figure 7. Host 1 Configuration Below, Figure 8 shows VXLAN Tunnel setup commands for Host2 Figure 8. Host 2 Configuration Figure 9 shows various elements of an Ethernet frame with VXLAN header. Figure 9. Elements of an Ethernet Frame with VXLAN Header Note: The VXLAN header adds an additional 58 bytes to the standard L2 Ethernet frame. It is recommended that the MTU size be increased to 1600 on all network switches. 7

Ethernet frames sent to and from a VXLAN connected device are encapsulated in UDP packets. Linux Drivers for the Intel Ethernet CNA X520 and X540 support Receive Side Scaling (RSS) for UDP. Enabling RSS for Intel Ethernet CNAs may benefit VXLAN network performance. Figure 10 shows the corresponding network packet. Figure 10. Network Packet Detail 2.3 Network Connectivity to Guest Virtual Machines Most Linux Distributions ship with a Kernel Based Virtual Machine (KVM) solution, command line KVM management tools such as virsh, and a graphical user interface (GUI) based virt-manager. The Cloud Infrastructure provided typically creates Virtual Machines per tenants specifications. These VMs communicate over a segregated network using Network Overlays such as GRE and/or VXLAN. Cloud Infrastructure Service Providers may choose to implement either GRE, VXLAN, or both, for providing network connectivity to their tenants. The following sections show how to configure VMs to communicate over GRE and VXLAN. Unfortunately, the GUI based VM management tool virt-manager doesn t allow VM network interface assignment to Open vswitch at the time this document was authored. Virsh is required to edit a VM s configuration. Use the virsh edit virtual-machine-name command on a Linux console to edit the VM settings. 8

Add the following lines to the device section of the file: In the previous example, the VM is configured to use the GRE network configuration from Section 2.2.1. Each VM must be configured for a unique MAC address. 3.0 Summary Intel s Best-in-Class 10 GbE solutions are now available with Network Virtualization capabilities. Customers get world-class Ethernet support along with Network Virtualization support in mainstream Linux distributions in a single adapter. 9

4.0 Customer Support Intel Customer Support Services offer a broad selection of programs including phone support and warranty service. For more information, contact us at: support.intel.com/support/go/network/ adapter/home.htm Note: Service and availability may vary by country. 5.0 For Product Information To speak to a customer service representative regarding Intel products, please call 1-800-538-3373 (U.S. and Canada) or visit support.intel.com/support/go/network/contact.htm for the telephone number in your area. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information