plumgrid technical introduction ams... · openstack networking state of the union 6 openstack...
Post on 28-May-2020
2 Views
Preview:
TRANSCRIPT
2011-2014 © PLUMgrid - Confidential Information
Amsterdam - September 2014
PLUMgrid Technical Introduction Oded Nahum – Systems Engineer odedn@plumgrid.com
2011-2014 © PLUMgrid - Confidential Information
Outline
2
• Introduction
• OpenStack Networking challenge
• PLUMgrid System components and Virtual Domains
• OpenStack networking with PLUMgrid
• Live Demo
• Q&A
2011-2014 © PLUMgrid - Confidential Information
Introduction
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid
“ We are the first company to deliver a holistic virtualized network infrastructure solution
for the modern cloud datacenter ”
4
On Demand
Any Network
Policy Driven
Hyper Scale
Any Hardware
Pervasive Security
2011-2014 © PLUMgrid - Confidential Information
Cloud Automation requires Virtual Network
5"
PHYS
ICA
L IN
FRA
STR
UC
TUR
E VI
RTU
AL
INFR
AST
RU
CTU
RE
Virtual Compute
Compute Storage
Virtual Storage
Cloud Management Platform
Portal / Self Service Catalog
Enterprise Cloud / Service Cloud / SaaS Cloud Pure Cloud
CR
M
VDI
ERP IaaS
SaaS
PaaS
Network
Virtual Network
Physical Network Infrastructure limits Cloud Automation
2011-2014 © PLUMgrid - Confidential Information
OpenStack Networking State of the Union
6
OpenStack Network
Controller
Open vSwitch
v Basic switch features only v Limited scale v Limited performance v BOTTOM LINE: NOT FOR PRODUCTION
v Single point of failure v No HA capabilities v Limited performance v BOTTOM LINE: NOT FOR PRODUCTION
How do I scale as new users onboard? Can I see what’s going on with my tenants? How much control can I give my tenants? How do I harden and secure my environment? How do I integrate my physical load balancers and firewalls?
?
2011-2014 © PLUMgrid - Confidential Information
OpenStack with OVS
Hypervisor vSwitch
Neutron OVS
plugin
VM
Hypervisor vSwitch VM
Hypervisor vSwitch VM
Server 1
Server 2
Server N
Nova
Simple Layer 2 Functionality
2011-2014 © PLUMgrid - Confidential Information
OpenStack with OVS
Hypervisor vSwitch
Neutron OVS
plugin
VM
Hypervisor vSwitch VM
Hypervisor vSwitch VM
Network Nodes
Server 1
Server 2
Server N
Nova Virtual Router
Virtual Firewall
Virtual LB
Virtual DHCP
2011-2014 © PLUMgrid - Confidential Information
OpenStack with OVS
Neutron
ML2/OVS plugin
VM
Network Nodes
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VM VM VM
Nova
Glance
Swift
Cinder L3 Agent
FWaaS Agent LBaaS Agent
Agent
Agent
Agent
Agent
Agent
Agent
Complex – Agent Sprawl, Limited Functionality
DHCP Agent
Services Neutron
Framework
• Single point of failure • Agent-based deployment produce a complicated system to monitor, control and debug • DP bottleneck for all services (L3, DHCP, NAT, FW and LB) • Performance degradation – Ethernet frames must pass through nine devices inside of the compute host server (http://
docs.openstack.org/)
2011-2014 © PLUMgrid - Confidential Information
OpenStack with OVS
Hypervisor vSwitch
Neutron OVS
plugin
VM
Hypervisor vSwitch VM
Hypervisor vSwitch VM
Network Nodes
Server 1
Server 2
Server N
Nova
2011-2014 © PLUMgrid - Confidential Information
OpenStack networking with PLUMgrid
2011-2014 © PLUMgrid - Confidential Information
YOUR PHYSICAL NETWORK INFRASTRUCTURE IN YOUR DATA CENTER
VXLAN-BASED OVERLAY NETWORK
VM VM VM VM VM VM
100s
10,000s
DISTRIBUTED ARCHITECTURE
NON-STOP
FORWARDING
SERVICE INSERTION
1000s
VIRTUAL DOMAIN VIRTUAL DOMAIN
PLUMGRID NETWORK LIBRARY
Bridge
Router
LB
Security Policies
Bridge
Security Policies
Bridge
Router
FW
12
Secure Virtual Domains for OpenStack Clouds
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid Virtual Domains
2011-2014 © PLUMgrid - Confidential Information
14
Virtual Domains
Virtual Compute
App
OS
Physical Compute
Virtual Domain
Physical Network
Common Attributes: • Software Container • Decoupled from HW • Logical Representation • Create, Copy, Clone
Software Container for Virtual Network Functions
2011-2014 © PLUMgrid - Confidential Information
15
Why Virtual Domains?
No device-by-device Configuration required
Solves limitations of Physical Network Infrastructure: • Automation • Scale • Multi-tenancy • Fault Isolation • Visibility • Flexibility
Virtual Network Infrastructure
Physical Network
2011-2014 © PLUMgrid - Confidential Information x86 Software Only Solution – Completely Decoupled From Hardware
PLUMgrid Platform™
Overlay Based Infrastructure • Virtual Domains • On-Demand • Multi Tenant • Automated • Self Service • Secure
Device Based Infrastructure • QoS, Bandwidth • Latency • Multicast • Capacity • Connectivity
The right architecture for Cloud
Virtual Netw
ork Infrastructure
Physical Netw
ork Infrastructure
2011-2014 © PLUMgrid - Confidential Information
Virtual Network Functions
Virtual Network Functions Description
Bridge • Distributed Layer 2 network function • Connects VMs on same IP subnet inside Virtual Domain
Router • Distributed Layer 3 network function • Connects VMs from different subnets inside a Virtual Domain
DHCP • Distributed DHCP function for dynamic IP Address allocation • Associated on per Bridge basis
NAT • Distributed Network Address Translation function • Supports Inbound / Outbound, Many to One, One to One NAT
Security Policies • Distributed Layer 4 Security network function • Substitute for Layer 4 ACLs / Firewalls • *see more details in Security section
2011-2014 © PLUMgrid - Confidential Information
Understanding Virtual Domains
PHYSIC
AL
INFR
ASTR
UC
TUR
E VIEW
VIRTU
AL
INFR
ASTR
UC
TUR
E VIEW
Custom or Template based Virtual Network Domains per Tenant
Tenant 1 Tenant 2 Tenant 3
VM VM VM VM
Internet
VM VM
VM
VM PLUMgrid Zone
2011-2014 © PLUMgrid - Confidential Information
Building Blocks of PLUMgrid Platform
19
Director Cluster
Server Workload Cluster
Network Fabric
Gateways
PLUMgrid Director
IOVisor - Gateway
IOVisor - Edge
Internet
VM VM
VM
VM
PLUMgrid Zone = collection of Edges and Gateways operated by a Director cluster
2011-2014 © PLUMgrid - Confidential Information
Director Cluster
• The brain of the system. Coordinates and manages all resources
• User accesses the Director Cluster through a VIP
• All members of the cluster and simultaneously active. Load dynamically adjusts across Director Cluster members
• N+1 high availability (currently x 3) model provides continuous uptime
• Supports Headless Operations (VMs and Virtual Domains data planes continue to be operational when Director Cluster not functional)
20
Director Cluster
2011-2014 © PLUMgrid - Confidential Information
IO Visor Edge
• Distributed Data plane
• Runs in the hypervisor (inside the kernel)
• Provides networking for VMs
• Edge to Edge connectivity with VXLAN tunnels (overlay)
21"
Edge
Management Fabric
KVM
2011-2014 © PLUMgrid - Confidential Information
IO Visor Gateway
• Is used to connect PLUMgrid zone to external resources
• Example of such resources:
• External Networks (Internet)
• Bare-metal servers
• Network service appliances
• Available in two forms
• Software Gateway: Installed on any x86 bare metal servers
• Hardware Gateway: Approved 3rd Party Switches /Routers (eg Arista 7150)
22"
Gateway
Management Fabric
External
2011-2014 © PLUMgrid - Confidential Information
PLUMgrid in OpenStack
23
Nova
Neutron Glance
Swift
Cinder
Storage
Network
Compute
PLUMgrid Neutron Plugin Adds:
• Increased Control • Virtual Domains
• Simplified Isolation
• Advanced Functionality • Complete Network Services
• Distributed Network Functions Not Virtual Appliances
• Increased Scale • No VLANs, no agents, no OpenFlow
• Open Platform • Add 3rd Party Network Functions
• Network Visibility • PLUMgrid Analytics and Monitoring
2011-2014 © PLUMgrid - Confidential Information
3rd party
OpenStack with PLUMgrid
Hypervisor IO VISOR™
Nova Neutron PLUMgrid
plugin
VM
Hypervisor IO VISOR™ VM
Hypervisor IO VISOR™ VM
Virtual Domain Virtual Domain
Server 1
Server 2
Server N
Network Services
2011-2014 © PLUMgrid - Confidential Information
3rd party
OpenStack with PLUMgrid
Neutron PLUMgrid
plugin
VM
Virtual Domain Virtual Domain
Network Services
PLUMgrid IO Visor
PLUMgrid Director Cluster
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VM VM VM
Nova
Glance
Swift
Cinder
Virtual Domain
Simple - Centrally Managed – Complete Network Topologies
2011-2014 © PLUMgrid - Confidential Information
3rd party
OpenStack with PLUMgrid
Neutron PLUMgrid
plugin
VM
Virtual Domain Virtual Domain
Network Services
PLUMgrid IO Visor
PLUMgrid Director Cluster
VM VM
VM
VM VM VM
VM VM
VM VM VM
VM VM
VM
VM VM VM
Nova
Glance
Swift
Cinder
Virtual Domain
Simple - Centrally Managed – Complete Network Topologies
2011-2014 © PLUMgrid - Confidential Information
Virtual Domains – 3rd Party Network Functions
Create, Clone & Migrate Complete Virtual Network Topologies
Virtual Domain
Network Functions
3rd party (L4-7) PLUMgrid Network Functions
(L2-4)
PHYS
ICA
L N
ETW
OR
K
INFR
AST
RU
CTU
RE
VIR
TUA
L N
ETW
OR
K
INFR
AST
RU
CTU
RE
Internet
VM VM
VM
PLUMgrid Zone
2011-2014 © PLUMgrid - Confidential Information
Demo
2011-2014 © PLUMgrid - Confidential Information 29"
2011-2014 © PLUMgrid - Confidential Information
OpenStack with PLUMgrid Overview
PHYSIC
AL
INFR
ASTR
UC
TUR
E VIEW
VIRTU
AL
INFR
ASTR
UC
TUR
E VIEW
VM VM
VM
KVM Hosts ESX Hosts
Gateway Internet
Tenant
VM VM VM
VM VM Director Cluster
Nova
Glance
Swift
Cinder
Neutron PLUMgrid
plugin
Provider Network
VM
Virtual Domain
Virtual Domain
2011-2014 © PLUMgrid - Confidential Information
OpenStack with PLUMgrid Overview
PHYSIC
AL
INFR
ASTR
UC
TUR
E VIEW
VIRTU
AL
INFR
ASTR
UC
TUR
E VIEW
VM VM
VM
Gateway Internet
Tenant
VM VM Director Cluster
Nova
Glance
Swift
Cinder
Neutron PLUMgrid
plugin
• Created a Project
Virtual Domain
Hosts
2011-2014 © PLUMgrid - Confidential Information
OpenStack with PLUMgrid Overview
PHYSIC
AL
INFR
ASTR
UC
TUR
E VIEW
VIRTU
AL
INFR
ASTR
UC
TUR
E VIEW
VM VM
VM
Gateway Internet
Tenant
VM VM VM
VM VM Director Cluster
Nova
Glance
Swift
Cinder
Neutron PLUMgrid
plugin
VM
• Create Networks + Subnet
• Spin up VMs Virtual Domain
Hosts
2011-2014 © PLUMgrid - Confidential Information
OpenStack with PLUMgrid Overview
PHYSIC
AL
INFR
ASTR
UC
TUR
E VIEW
VIRTU
AL
INFR
ASTR
UC
TUR
E VIEW
VM VM
VM
Hosts
Gateway Internet
Tenant
VM VM VM
VM VM Director Cluster
Nova
Glance
Swift
Cinder
Neutron PLUMgrid
plugin
VM
• Create Router • Attach the subnets • Traffic across router Virtual
Domain
2011-2014 © PLUMgrid - Confidential Information
OpenStack with PLUMgrid Overview
PHYSIC
AL
INFR
ASTR
UC
TUR
E VIEW
VIRTU
AL
INFR
ASTR
UC
TUR
E VIEW
VM VM
VM
Gateway Internet
Tenant
VM VM VM
VM VM Director Cluster
Nova
Glance
Swift
Cinder
Neutron PLUMgrid
plugin
Provider Network
VM
• Create External Network • Connect to Router
Virtual Domain
Virtual Domain
Hosts
top related