bay area network virtualization meetup
TRANSCRIPT
CLOUD NATIVE NETWORKS Chris Marino
BANV Meetup
March 10, 2016
BANV Meetup 3/10/16 romana.io
Cloud Native Networks• Agenda
• Application Development Trends
• Network Philosophy
• Cloud Native SDN
• How it works
• Demo
BANV Meetup 3/10/16 romana.io Slide 1
Cloud Native vs. Enterprise Apps• Amazon AWS Style v. Enterprise Apps
• Service orientation (Cattle) v. Endpoint orientation (Pets)
• Network requirements
• Reachable IP addresses v. Auto discovered MAC (ARP on VLANs)
• Service orientation further decouples apps from infrastructure
• No VM migration
• No IP Failover
• Good News: Cloud Native apps don’t need layer 2 networks
• Avoiding Layer 2 networks eliminates a lot of SDN complexity
• Bad News: Layer 2 networks provided a convenient way to isolate apps
• Even a small number of VLANs were difficult to automate
Bottom Line: Need a new way to isolate networks
romana.ioBANV Meetup 3/10/16 Slide 2
Network Isolation and Multi-tenancy• Physical networks already support multi-tenancy
• Have done so for decades
• Every tenant gets their own network• HP 16.0.0.0/8
• Apple 17.0.0.0/8
• MIT 18.0.0.0/8
• Ford 19.0.0.0/8
• Isolate layer 3 networks
• Assign IP addresses to tenants, and sub tenants as you like.
• Route only to authorized endpoints
• Filter as necessary
• Why has it gotten so complicated?
BANV Meetup 3/10/16 romana.io Slide 3
Network Heresy
BANV Meetup 3/10/16 romana.io
THE
PHYSICAL
NETWORK
Slide 4
Romana Cloud Native SDN• Layer 3 based isolation and tenancy model
• Topology-aware addressing
• Embed tenant and segment IDs in IP addresses
• Requires nothing more than standard L3 routing
• Hierarchical design simplifies scalable deployment
• No virtual network required
• Native performance and visibility
• Eliminates overlays
• Routes map to services 1:1
• Simplifies composition, security and control
• Tightly integrated into Cloud Management/Orchestration IPAM
romana.ioBANV Meetup 3/10/16 Slide 5
Complexity melts away• No VLANs, VXLANs, VTEP/VNID, OpenFlow, OVS/OVN/OVSDB
• Route aggregation
• Eliminates need for route distribution (BGP, XMPP, KVS)
• Reduces the number of firewall rules (i.e. network v. endpoint)
• Simplifies Operations
• Existing tools, techniques and diagnostics all just work
• Transparently integrates in to entire DC
• Existing security, policy and control systems all work
• Policy-based traffic management and control
• Firewalls, IDS, LB, etc., etc., etc.
BANV Meetup 3/10/16 romana.io Slide 6
How does it work?• Assign CIDR length for host (node), tenant and segment
• Example: host 16, tenant 24, segment 28
• On every host, each tenant gets a real physical CIDR
• Tenant can further sub-net for their own private segments
• Configure IP addresses that maintain reachability
• Only new endpoints need configuration
• Apply layer 3 firewall rules for network isolation
• Route aggregation collapses the number of rules needed
BANV Meetup 3/10/16 romana.io Slide 7
Example
BANV Meetup 3/10/16 romana.io
Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Field
Capacity 0 0 0 0 1 0 1 0
Example: Bits Length Purpose
10/8 Network 8 10/8 Network
Hosts 8 Up to 255 Hosts
Tenants 8 Up to 255 Tenants
Segments 4 Up to 16 Segments per Tenant
Endpoints 4 Up to 16 Endpoints per Segment
Host 1 ID CIDR or IP Host 2 ID CIDR or IP Host 3 ID CIDR or IP
Physical Addr 192.168.0.10 Physical Addr 192.168.0.11 Physical Addr 192.168.0.12
Host 1 10.1/16 Host 2 10.2/16 Host 3 10.3/16
Tenant 1 10.1.1/24 Tenant 1 10.2.1/24 Tenant 1 10.3.1/24
Segment 1 10.1.1.16/28 Segment 1 10.2.1.16/28 Segment 1 10.3.1.16/28
Pod 1 11 Pod 1 4 Pod 1 4
Pod 2 14 Pod 2 5 Pod 2 5
Tenant 2 10.1.2/24 Tenant 1 10.2.1/24 Tenant 2 10.3.2/24
Segment 1 10.1.2.16/28 Segment 2 10.2.1.32/28 Segment 1 10.3.2.32/28
Pod 1 4 Pod 1 9 Pod 1 9
Pod 2 8 Pod 2 12 Pod 2 12
29-32
25-28
17-24
9-16
1-8
32
28
24
16
8
10.1.1.27
10.3.2.28
10.3.2.25
10.3.1.21
10.3.1.20
10.2.1.44
10.2.1.41
10.2.1.21
10.2.1.20
10.1.2.24
10.1.2.20
10.1.1.40
Location
10/8 Net Mask Host ID Bits (8) Tenant ID Bits (8) Segment ID and IID
Up to 255 Hosts Up to 255 Tenants 255 Endpoints for each Tenant
Slide 8
Host 1: 192.168.0.10 on Port 1
Host 2: 192.168.0.11 on Port 2
Host 3: 192.168.0.12 on Port 3
Router,
Switch
or VPC
Physical Deployment
BANV Meetup 3/10/16 romana.io
192.168.0.10 192.168.0.11 192.168.0.12
Host 1
Pod 1
10.1.1
.27
G/W: 10.1.0.1/16
Pod 2
10.1.1
.40
Pod 1
10.1.2
.20
Pod 2
10.1.2
.24
Tap
Interfaces
Host 2
Pod 1
10.2.1
.20
G/W: 10.2.0.1/16
Pod 2
10.2.1
.21
Pod 1
10.2.1
.41
Pod 2
10.2.1
.44
Tap
Interfaces
Host 3
Pod 1
10.3.1
.20
G/W: 10.3.0.1/16
Pod 2
10.3.1
.21
Pod 1
10.3.2
.25
Pod 2
10.3.2
.28
Tap
Interfaces
Slide 9
Networks Define Services• Tenant ID + Segment ID become a Network ID
• Natural fit for micro- and shared platform
services
• Route control to/from mirco services enable
transparent service insertion and chaining
• Local/remote/hybrid cloud deployments
romana.io
IP
Int
IP
Int
IP
Int
IP
Int
L/B
Microservice
Endpoint
F/W
Shared Services
BANV Meetup 3/10/16 Slide 10
Segments map to services
BANV Meetup 3/10/16 romana.io
Bit location 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Field
Capacity 0 0 0 0 1 0 1 0
Example: Bits Length Purpose
10/8 Network 8 10/8 Network
Hosts 8 Up to 255 Hosts
Tenants 8 Up to 255 Tenants
Segments 4 Up to 16 Segments per Tenant
Endpoints 4 Up to 16 Endpoints per Segment
Host 1 ID CIDR or IP Host 2 ID CIDR or IP Host 3 ID CIDR or IP
Physical Addr 192.168.0.10 Physical Addr 192.168.0.11 Physical Addr 192.168.0.12
Host 1 10.1/16 Host 2 10.2/16 Host 3 10.3/16
Tenant 1 10.1.1/24 Tenant 1 10.2.1/24 Tenant 1 10.3.1/24
Segment 1 10.1.1.16/28 Segment 1 10.2.1.16/28 Segment 1 10.3.1.16/28
Pod 1 11 Pod 1 4 Pod 1 4
Pod 2 14 Pod 2 5 Pod 2 5
Tenant 2 10.1.2/24 Tenant 1 10.2.1/24 Tenant 2 10.3.2/24
Segment 1 10.1.2.16/28 Segment 2 10.2.1.32/28 Segment 1 10.3.2.32/28
Pod 1 4 Pod 1 9 Pod 1 9
Pod 2 8 Pod 2 12 Pod 2 12
29-32
25-28
17-24
9-16
1-8
32
28
24
16
8
10.1.1.27
10.3.2.28
10.3.2.25
10.3.1.21
10.3.1.20
10.2.1.44
10.2.1.41
10.2.1.21
10.2.1.20
10.1.2.24
10.1.2.20
10.1.1.40
Location
10/8 Net Mask Host ID Bits (8) Tenant ID Bits (8) Segment ID and IID
Up to 255 Hosts Up to 255 Tenants 255 Endpoints for each Tenant
Slide 11
10.x.1.16/28 is Service
Romana Project• Cloud Native SDN
• All details available at romana.io
• Open source
• Apache 2.0
• Written in Go
• www.github.com/romana
• Release v0.6 available now
• Integration with OpenStack and Kubernetes
romana.ioBANV Meetup 3/10/16 Slide 12