sdn in cloudstack
DESCRIPTION
I presented this at the CloudStack collaboration conference 2013 in Santa Clara.TRANSCRIPT
![Page 1: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/1.jpg)
SDN in CloudStack
![Page 2: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/2.jpg)
About me
» Hugo Trippaers
– Email: [email protected]– Twitter: @Spark404– Freenode: Spark404
– http://www.schubergphilis.com»
![Page 3: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/3.jpg)
CloudStack networking - the !ve minute version
» CloudStack networking– Basic, isolation using security groups (L3)– Advanced, isolation using network isolation (L2)
» SDN was introduced to create isolated networks in Advanced zones
» By now it can do much more... (Routing, Firewall, NAT)
3
![Page 4: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/4.jpg)
Isolation with VLAN
4
CloudStack takes care off the con"guration of hypervisor switches.
Who takes care of the networking gear?
![Page 5: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/5.jpg)
Isolation with VLAN
5
CloudStack takes care off the con"guration of hypervisor switches.
Who takes care of the networking gear?
He does...
![Page 6: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/6.jpg)
Isolation with Software De!ned Networking
6
Who takes care of the networking gear?
CloudStack takes care off the con"guration of hypervisor switches and L2 networking.
![Page 7: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/7.jpg)
Isolation with Software De!ned Networking
7
Who takes care of the networking gear?
CloudStack takes care off the con"guration of hypervisor switches and L2 networking.
![Page 8: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/8.jpg)
Software de!ned networking - core concepts
» Decouples the control plane (what data is going where) from the data plane (how to get data there)
» Makes network management easier by abstracting low-level functionality into virtual services.– Independent of hardware and/or vendor
» Provides a Northbound API– Allows administrators to use automated tooling to provision services
» Scale?
8
![Page 9: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/9.jpg)
Software De!ned Networking - advanced
» Where can we go if we have a software based network infrastructure.– Distributed routing?– Integrated security framework?– Application controlled networking?
» Endless possibilities, it’s all software anyway
9
![Page 10: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/10.jpg)
SDN in CloudStack
» Where is it?
10
![Page 11: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/11.jpg)
SDN in CloudStack
» Where is it?
11
Implemented in the core of CloudStack.
“Movable parts” con"gured per plugin.
Controlled by existing offering model.
![Page 12: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/12.jpg)
SDN implementations
12
Isolation DHCP Firewall NAT Security Groups
VPC
GRE isolation Pre ACS - - - - -
![Page 13: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/13.jpg)
SDN implementations - GRE isolation
» Uses the existing implementation of OpenVSwitch in XenServer and XCP– Uses the OpenVSwitch GRE tunnels to “link” OpenVSwitch bridges
between hypervisors– Entirely controlled by CloudStack
» Pros– Doesn’t require external components
» Cons– Bandwidth is limited due to lack of offloading– Large deployments require a lot of tunnels– Limited set of hypervisors supported (XenServer)
13
![Page 14: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/14.jpg)
SDN implementations
14
Isolation DHCP Firewall NAT Security Groups
VPC
GRE isolation Pre ACS - - - - -
Nicira NVP >= 4.0 - - - - -
![Page 15: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/15.jpg)
SDN implementations - Nicira NVP
» A commercial SDN solution developed by Nicira. Uses both OpenVSwitch and OpenFlow to build overlay tunnels on an existing network.
» Pros– STT tunnel protocol is optimized for
high-bandwidth– Includes a gateway to link existing L3 or
L2 networks to the virtual switch» Cons– Requires custom OpenVSwitch on
hypervisors.
15
![Page 16: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/16.jpg)
SDN Implementations
16
Isolation DHCP Firewall NAT Security Groups
VPC
GRE isolation Pre ACS - - - - -
Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1
Big Switch VNS >= 4.1 - - - - -
![Page 17: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/17.jpg)
SDN implementations - Nicira NVP (>= ACS 4.1)
» Nicira NVP plugin is updated to support L3 functionality. With this functionality the existing VRouter can be replaced with a SDN based construct.
» Several changes have been made to the VPC setup to support SDN based networks in VPCs.
17
![Page 18: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/18.jpg)
SDN implementations - BigSwitch VNS
» The Big Switch Networks plugin is a CloudStack SDN plugin using the BigSwitch VNS platform. While BigSwitch VNS is a commercial solution, it is completely based on open standards like OpenFlow
» Pros– Uses open standards
» Cons– Requires hypervisors and switches to support
OpenFlow
18
![Page 19: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/19.jpg)
SDN Implementations
19
Isolation DHCP Firewall NAT Security Groups
VPC
GRE isolation Pre ACS - - - - -
Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1
Big Switch VNS >= 4.1 - - - - -
Midokura Midonet
master master master master - master
Stratosphere SSP review - - - - -
VXLAN announced
![Page 20: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/20.jpg)
SDN implementations - Midokura Midonet
» Midokura Midonet is implemented as a CloudStack plugin. It offers a complete set of advanced features like DHCP, L3 Routing and various NAT options.
» Pros– Complete solution for building standard
networks including L3 functions.
» Cons– Can only be used with the KVM hypervisor.
20
![Page 21: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/21.jpg)
SDN implementations - Stratosphere
» Stratosphre SSP is an SDN controller that controls or brokers physical and or virtual network devices. Stratosphere SSP will build a vxlan backed overlay network. The plugin makes L2 connectivity service provided by SSP.
» Not much information available yet.
21
![Page 22: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/22.jpg)
SDN implementations - VXLAN
» Today at CCC 2013 by Toshiaki Hatano.
» Not much information available yet, be sure to catch the recording of the talk of this morning.
22
![Page 23: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/23.jpg)
SDN Implementations
23
Isolation DHCP Firewall NAT Security Groups
VPC
GRE isolation Pre ACS - - - - -
Nicira NVP >= 4.0 - >= 4.1 >= 4.1 - >= 4.1
Big Switch VNS >= 4.1 - - - - -
Midokura Midonet
master master master master - master
Stratosphere SSP review - - - - -
VXLAN announced
![Page 24: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/24.jpg)
SDN implementations - next steps?
» Support for VPC– Including private gateways
» Common con#guration and setup
» Security
» Con#gurable on-ramp/off-ramp
» IPv6
24
![Page 25: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/25.jpg)
SDN in CloudStack - how does it work
» Preparing a SDN solution for use requires some con#guration work up front
25
![Page 26: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/26.jpg)
Preparation - Con!gure physical network
» The physical network de#nes the type of L2 isolation used.
26
![Page 27: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/27.jpg)
Preparation - Setup Providers
» The provider is the place to con#gure the SDN controller
» Not used by the GRE tunnels, that is con#gured using con#guration parameters.
27
![Page 28: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/28.jpg)
Preparation - Setup network offerings
» Connectivity is key
» Services de#ne where and how SDN is used in the offering
28
![Page 29: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/29.jpg)
SDN in CloudStack - how does it work
» Preparing a SDN solution for use requires some con#guration work up front
» Using the SDN solution is as straight forward as any networking in CloudStack
29
![Page 30: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/30.jpg)
Usage - Creating a new network
» The role of Network Gurus– each guru supports a speci#c type of network– select based on a number of criteria, of which
isolation type is only one
» Selected guru is stored in the database for this particular network.
30
![Page 31: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/31.jpg)
Usage - Creating a new network
» The role of Network Elements– triggered when ever a new NIC is attached to a network– con#gure devices like #rewall, routers, etc..
» Elements are selected based on the network offering used to create the network.
31
![Page 32: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/32.jpg)
Usage - My !rst VM
» Multiple actions happen at the same time– network elements– hypervisor resources
» The NIC is the linking pin between a VM and the SDN implementation
» The hypervisor sets $ags to allow the VIF to be found
» The network element tells the SDN solution what to look for
» Not a generic way of doing things, depends on the SDN in use.
32
![Page 33: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/33.jpg)
Usage - Ready
33
![Page 34: SDN in CloudStack](https://reader035.vdocuments.mx/reader035/viewer/2022062405/55515162b4c905e1708b4595/html5/thumbnails/34.jpg)
Thats all there is to it
» http://apache.cloudstack.org
» http://www.nicira.com» http://www.bigswitch.com» http://www.midokura.com» http://www.iij.ad.jp/en/
– Email: [email protected]– Twitter: @Spark404– IRC Freenode: Spark404
34