NetCloud 2013

Non-Tunneling Edge-Overlay Modelusing OpenFlow for Cloud Datacenter Networks

Nagoya Institute of Technology, Japan

Ryota Kawashima and Hiroshi Matsuo

2

Outlines

Backgrounds

Edge-Overlay (Distributed Tunnels)

Proposed method

Evaluation

Conclusion

3

Backgrounds – Network Virtualization

Multi-tenant Datacenter Networks Each tenant uses virtual networks Each virtual network shares the physical network resources

Physical network10.0.0.0/8

VMVM

VM

VMVM

VM

VMVM

VM

Virtual network192.168.0.0/24

Virtual network172.16.2.0/16 Virtual network

10.0.0.0/8

Tenant 1

Tenant 2

Tenant 3

4

Backgrounds – VLAN limitations

Each virtual network has its own VLAN ID

A VLAN tag is inserted into Ethernet frames

Ethernet VLAN Payload FCS

Problems with VLAN

• The maximum number of VLANs is 4094

• Physical switches learn VMs' MAC addresses

VLAN ID (1～ 4094) is included

VM's frame

5

Backgrounds – Edge-Overlay

L2-in-L3 tunneling

VM VM

Virtual switch

Physical serverPhysical server

VLAN problems can be addressed• Over 16 million virtual networks can be supported• VMs' MAC addresses are hidden from physical switches

Existing network devices can be used• Virtual switches provide many high-level functions

Virtual switch

6

Tunneling protocols

Ethernet(Physical)

IP(Physical)

VXLANUDP FCSEthernet(Virtual)

Payload

VXLAN VM's frame

Ethernet(Physical)

IP(Physical)

NVGRE FCSEthernet(Virtual)

Payload

NVGRE VM's frame

Ethernet(Physical)

IP(Physical)

STTTCP-like FCSEthernet(Virtual)

Payload

STT VM's frame

24bit ID

24bit ID

64bit IDTCP-like headerNIC offloading (TSO)

7

Problems with Tunneling (1 / 2)

IP Fragmentation at the physical server

Payload

PayloadHeader

Payload Payload

PayloadHeader PayloadHeader

VM

PhysicalServer

Header Payload

PayloadHeader

Fragmentation

Fragmentation

8

Problems with Tunneling (2 / 2)

Compatibility with existing environment IP Multicasting should be supported (VXLAN) Load balancing (ECMP) is not supported (NVGRE) Firewalls, IDS, load balancer may discard the frames (STT) TSO cannot be used (VXLAN, NVGRE)

Practical problem Supported protocols differs between products (vendor lock-in)

9

Proposed Method

Yet another edge-overlay method Tunneling protocols are not used No IP fragmentation at the physical server layer OpenFlow-enabled virtual switches No VLAN limitations Compatibility with existing environment

10

Method1 - MAC Address Translation

MAC addresses within the frame are replaced SRC address : VM1's address => SV1's address DEST address : VM2's address => SV2's address

VM 1 VM 2VM1 => VM2

Physical Server (SV1) Physical Server (SV2)

SV1 => SV2 SV1 => VM2

VMs' MAC addresses are hidden from the physical switches

Virtual Switch Virtual Switch

11

Method2 – Host-based VLAN

VM VM VM

Tenant 1 Tenant 2

VID=10VID=10 VID=20

Server

Server

VM VM

Tenant 1 Tenant 2

VID=20VID=10

Virtual Network(VID10)

Virtual Network(VID20)

Traditional

VM VM VM

Tenant 1 Tenant 2

VID=10VID=20 VID=30

Server

Server

VM VM

Tenant 1 Tenant 2

VID=20VID=10

ProposalVID is globally unique VID is unique within a server

12

Feature Comparison

Proposal VXLAN NVGRE STT VLAN

Physical Network L2 L2 / L3 L2 / L3 L2 / L3 L2

MAC address hiding ✔ ✔ ✔ ✔ -

No. of virtual networks Unlimited 16 million 16 million 18 quintillion 4094

IP Multicasting - Required - - -

Load balancing (ECMP) ✔ ✔ - ✔ ✔

FW, IDS, LB Transparency ✔ ✔ ✔ - ✔

IP Fragmentation (Physical) - Occur Occur Occur -

TSO support ✔ - - ✔ ✔

13

Performance Evaluation

VM-to-VM communication

Virtualswitch

Physical server 1

VM1 (Sender)

Iperfclient

VM2 (Receiver)

Physical server 2

GbE switching hub

Virtualswitch

OpenFlowController

Iperfserver

GRE / VXLAN tunnel

14

Evaluation Result (UDP)

• The performance of proposed method was equal to "Optimal"

• IP fragmentation affected the no. of frames and performance

Fragmentation at the VM

Fragmentation by GRE encapsulationFragmentation by VXLAN encapsulation

The no. of frames = 3

The no. of frames = 5

15

Conclusion

Yet another Edge-overlay method No tunneling protocols No IP fragmentation at physical server layer Higher throughput than tunneling protocols L2 network

Future Work Further evaluation is necessary

• 10/40 GbE environment MPLS support