Xen*, SDN and Apache Cloudstack. Sebastien Goasguen, Apache CloudStack Citrix EMEA August 28 th 2012 Xen Summit

Similar documents
Apache CloudStack. Sebastien Goasguen Open Source Office,

Xen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems

Network Mul,tenancy in Xen- based Clouds. Chiradeep Vi;al CloudStack Commi;er Citrix Sep

Getting to Know Apache CloudStack

Quantum, network services for Openstack. Salvatore Orlando Openstack Quantum core developer

Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.

Building a Big IaaS Cloud. David /

Distributed Systems. 31. The Cloud: Infrastructure as a Service Paul Krzyzanowski. Rutgers University. Fall 2013

CloudStack Administration Guide

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

Software Defined Networking

Open Networking Opens Opportunities

BRKDCT-1253: Introduction to OpenStack Daneyon Hansen, Software Engineer

Citrix CloudPlatform (powered by Apache CloudStack) Version 4.5 Concepts Guide

CSC 4900 Computer Networks: Network Layer

Baremetal with Apache CloudStack

Cloud Networking (VITMMA02) Software Defined Networking (SDN) in the Cloud

Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking

Introduction to Neutron. Network as a Service

CloudStack Tech Talks - Design. Chinzan-so Hotel & Conference Center Tokyo, Japan June 2, 2015

Network Virtualization Based on Flows

Cloud Networking From Theory to Practice. Ivan Pepelnjak NIL Data Communications

Apache CloudStack CloudStack Administrator's Guide

Cloud Networking (VITMMA02) Server Virtualization Data Center Gear

OpenContrail Overview Architecture & Demo

CloudBridge and Get Ready for Desktops and Apps as a Service. Henrik Poulsen

CSC 401 Data and Computer Communications Networks

Internet Technology. 15. Things we didn t get to talk about. Paul Krzyzanowski. Rutgers University. Spring Paul Krzyzanowski

Extend your datacenter with the power of Citrix Open Cloud

Software Defined Networking

CloudPlatform (powered by Apache CloudStack) Version Installation Guide

Ethernet Fabrics- the logical step to Software Defined Networking (SDN) Frank Koelmel, Brocade

Networking in virtual environments

lecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00

Nuage Networks Product Architecture. White Paper

Chapter 5 Network Layer: The Control Plane

CS-580K/480K Advanced Topics in Cloud Computing. Network Virtualization

Ryu: Network Operating System

Hands on SDN and BRO

Data Center Virtualization: VirtualWire

Citrix CloudPlatform (powered by Apache CloudStack) Version 4.5 Getting Started Guide

WELCOME. Chicago Juniper Users Group SEPT 18TH, 2013

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Software-Defined Networking (SDN) Overview

Communication System Design Projects

DECODING SOFTWARE DEFINED NETWORKS

Slicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)

VXLAN Overview: Cisco Nexus 9000 Series Switches

OpenADN: Service Chaining of Globally Distributed VNFs

Huawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers

Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA. Bruno Barba Systems Engineer Mexico & CACE

Application Delivery Using Software Defined Networking

Switching and Routing projects description

CS-580K/480K Advanced Topics in Cloud Computing. Software-Defined Networking

Project Calico v3.1. Overview. Architecture and Key Components

Software Defined Networks

Cross-Site Virtual Network Provisioning in Cloud and Fog Computing

Open vswitch: A Whirlwind Tour. Jus8n Pe:t March 3, 2011

Chapter 4 Network Layer: The Data Plane

Centec V350 Product Introduction. Centec Networks (Suzhou) Co. Ltd R

VMWARE SOLUTIONS AND THE DATACENTER. Fredric Linder

TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS

Project Calico v3.2. Overview. Architecture and Key Components. Project Calico provides network security for containers and virtual machine workloads.

OPENSTACK: THE OPEN CLOUD

COMP211 Chapter 4 Network Layer: The Data Plane

SDN TO BE OR NOT TO BE. Uwe Richter SE Director Russia/CIS, East and South East Europe

Neutron: peeking behind the curtains

Building NFV Solutions with OpenStack and Cisco ACI

Xen Community Update. Ian Pratt, Citrix Systems and Chairman of Xen.org

Taxonomy of SDN. Vara Varavithya 17 January 2018

Brocade and VMware Strategic Partners. Kyle Creason Brocade Systems Engineer

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

CloudPlatform (powered by Apache CloudStack) Version Installation Guide

Virtual Switches. Yao-Min Chen. Virtual Switches

Introduction to Software-Defined Networking UG3 Computer Communications & Networks (COMN)

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

SDN Applications and Use Cases. Copyright 2015 ITRI

Case Study on Enterprise Private Cloud

End to End SLA for Enterprise Multi-Tenant Applications

Some Musings on OpenFlow and SDN for Enterprise Networks. David Meyer Open Networking Summit October 18-19, 2011

Fully Scalable Networking with MidoNet

What s New with VMware vcloud Director 8.0

Nexus 1000V in Context of SDN. Martin Divis, CSE,

Build Cloud like Rackspace with OpenStack Ansible

OPENFLOW & SOFTWARE DEFINED NETWORKING. Greg Ferro EtherealMind.com and PacketPushers.net

White Paper. OCP Enabled Switching. SDN Solutions Guide

Network+ Guide to Networks 6 th Edition

An Introduction to Open vswitch

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

Citrix XenServer 7.1 Feature Matrix

Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall

Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide

Virtualizing Managed Business Services for SoHo/SME Leveraging SDN/NFV and vcpe

Network Virtualization and Application Delivery Using Software Defined Networking

MX ALS DATACENTER EDGE

Overlay Virtual Networking Explained. Ivan Pepelnjak NIL Data Communications

Enabling Efficient and Scalable Zero-Trust Security

Assignment 5: Software Defined Networking CS640 Spring 2015

Network Virtualization and Application Delivery Using Software Defined Networking

Distributed Systems COMP 212. Lecture 18 Othon Michail

Transcription:

Xen*, SDN and Apache Cloudstack Sebastien Goasguen, Apache CloudStack Citrix EMEA August 28 th 2012 Xen Summit

Outline A bit about CloudStack A bit about SDN A bit about OpenVswitch Some bits about SDN in CloudStack Slides are on slideshare for download: http://www.slideshare.net/sebastiengoasguen/c loudstack-and-sdn

Apache CloudStack IaaS solution to build a private/public cloud Hypervisor agnostic: Xen, XS, XCP K ware Object store support Swift Upcoming support from Caringo EC2/S3 compatibility Java application Ant build but moving to maven (via new contributor) First Apache release 4.0 coming Sept 26 th

Participating in CloudStack Apache incubator project http://www.cloudstack.org #cloudstack on irc.freenode.net @CloudStack on Twitter http://cloudstack.org/discuss/mailing-lists.html Welcoming contributions and feedback, Join the fun!

A Very Flexible IaaS Platform Compute Hypervisor XenServer ware Oracle K Bare metal Storage Block & Object Fiber Local Disk iscsi NFS Channel Swift Primary Storage Secondary Storage Network Network & Network Services Network Type Isolation Firewall Load balancer VPN http://www.slideshare.net/cloudstack/cloudstack-architecture

NaaS? Cloud Servers On-demand, Elastic, Measured server provisioning Cloud Storage Scalable/fault tolerant storage with object stores Cloud Networks How to do on-demand, elastic, measured networking provisioning? How to program the network?

A very extensive API CloudStack orchestrates your network: Provisioning Configuration Updates For multi-tenants isolation Using hardware and software devices At scale: O(10^4) Hyp, O(10^5) s

Software Defined Networking Enable innovation, experimentation, optimization and customization of networks Move control of the network to software. i.e Programmable network Virtualize the network Vendor-agnostic, standard protocol for control: OpenFlow

OpenFlow Google achieved 95% utilization of WAN backbone by using SDN Leading SDN protocol Decouples control and data plane by giving a controller the ability to install flow rules on switches. Hardware or software switches can use OpenFlow Spec driven by ONF

OpenFlow OpenFlow rules can drop, rewrite, forward packets Rule Action Stats Packet + byte counters 1. Forward packet to port(s) 2. Encapsulate and forward to controller 3. Drop packet 4. Send to normal processing pipeline Switch Port MAC src MAC dst Eth type VLAN ID Diagram Src: http://www.openflow.org/wp/documents/ 10 September 2012 10 IP Src IP Dst IP Prot TCP sport TCP dport

OF Controllers Several controllers out there (NOX, POX,Trema) Floodlight from Big Switch. Apache license

OpenVSwitch Open vswitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable the massive network automation through programmatic extension

OpenVSwitch Default bridge in XenServer and XCP Supported in Xen but not integrated in toolstack Enables: VLAN tagging Rate limiting GRE tunnels OpenFlow controller High Performance ( http://networkheresy.com/category/o pen-vswitch )

e.g OVS rate limiting Can enforce QoS with rate limiting controls ovs-vsctl set Interface tap0 ingress_policing_rate=1000 ovs-vsctl set Interface tap0 ingress_policing_burst=100

e.g OVS VLAN tagging ovs-vsctl add-br br0 ovs-vsctl add-port br0 eth0 ovs-vsctl add-port br0 tap0 tag=1 ovs-vsctl add-port br0 tap1 tag=2 Complement on host2

e.g OVS and GRE tunnels No Cookbook on OVS page ovs-vsctl add-port br1 gre1 -- set interface gre1 type=gre options:remote_ip=192.168.1.152

OVS and Openflow Point OVS switches to an OF controller: $ovs_vsctl set-controller br0 tcp 192.168.1.33:6633 Install rules on switch Proactively (before any packet flows) Reactively (unknown packets forwarded to controller, who pushes flow mod on switch, then operates at line rate) Can do SDN with OpenFLOW but also with straight up OVS and managing mappings/rules in CloudStack db.

OpenNebula Supports VLAN tagging and rate limiting through hooks that call ovs_vsctl Scripts executed on an hypervisor before a is launched Potentially also executed after shutdown for cleanup Also supports OpenFlow

CloudStack Nicira Support https://cwiki.apache.or g/confluence/display/cl OUDSTACK/Feature+Nic ira+nvp+integration By Hugo Trippaers, Schuberg Philis

API key to customization of the network You dream it, CloudStack orchestrates it

Terminology Zone: Availability zone, aka Regions. Could be worldwide. Different data centers Pods: Racks or aisles in a data center Clusters: Group of machines with a common type of Hypervisor Host: A Single server Primary Storage: Shared storage across a cluster Secondary Storage: Shared storage in a single Zone

Physical Network Operations Admin and Cloud API Users CloudStack Mgmt Server Cluster MySQL Router Load Balancer Availability Zone L3 Core Switch Access Layer Switches Servers Secondary Storage Pod 1 Pod 2 Pod 3 Pod N Slide from Chiradeep Vittal, http://www.slideshare.net/cloudstack/cloudstack-networking

Layer-2 Guest Virtual Network 1 VLAN per guest network CS Virtual Router provides Network Services External Devices provide Network Services Network Hardware exposing API can be controlled Guest Virtual Network 10.1.1.1/8 VLAN 100 Guest Virtual Network 10.1.1.1/8 VLAN 100 Public Network/Intern et Public IP 65.37.141.11 CS Virtual Router DHCP, DNS NAT Load Balancing VPN Gateway address 10.1.1.1 10.1.1.1 10.1.1.3 10.1.1.4 Guest 1 Guest 2 Guest 3 Public Network/Intern et Public IP 65.37.141.11 1 Public IP 65.37.141. 112 Juniper SRX Firewall NetScaler Load Blancer Private IP 10.1.1.111 Private IP 10.1.1.112 10.1.1.1 10.1.1.3 10.1.1.4 Guest 1 Guest 2 Guest 3 10.1.1.5 Guest 4 10.1.1.5 Guest 4 Slide from Chiradeep Vittal, http://www.slideshare.net/cloudstack/cloudstack-networking DHCP, DNS CS Virtual Router

Opportunity for Xen Opportunity to create highly specialized networking services appliances using OpenMirage s Hal See talks in Monday s session

Networking challenges in a private Cloud Multi-tenants on hypervisors => isolation between guest networks VLANs in the datacenter is hard and limit at 4096 VLANs. Hardware switches may not do it very well or have a lower limit

Networking trend Move to software switches Move to L3 isolation Use tunnels between OVS (GRE tech preview) Program the network through API Encapsulation virtualizes the network, between overlays on overlays on overlays.. L3 on L2 on GRE on L3 on L2 Then you bring the WAN and you have: L3 on L2 on GRE on L3 on L2 on GRE on L3 on L2.Euhhhh!!!

Back of the enveloppe ~10,000 hypervisors in your data center ~100,000 s x10 or x100 if you use Hal or Openmirage.org (10,000*9,999)/2 tunnels for a full mesh 50x10^6 tunnels to keep track of?

Slide from Chiradeep Vittal Layer 3 cloud networking Web Web Security Group DB DB Security Group Web Web Web DB Web Web Ingress Rule: Allow s in Web Security Group access to s in DB Security Group on Port 3306

Public Internet L3 isolation with distributed firewalls Public IP address 65.37.141.11 65.37.141.24 65.37.141.36 65.37.141.80 Pod 1 L2 Switch 10.1.0.1 Tenant 1 1 Tenant 2 1 10.1.0.2 10.1.0.3 L3 Core Pod 2 L2 Switch 10.1.8.1 Tenant 1 2 10.1.0.4 Load Balancer Pod 3 L2 Switch 10.1.16.1 Slide from Chiradeep Vittal

Slide from Chiradeep Vittal Public Internet L3 isolation with distributed firewalls Public IP address 65.37.141.11 65.37.141.24 65.37.141.36 65.37.141.80 Pod 1 L2 Switch 10.1.0.1 Tenant 1 1 Tenant 2 1 10.1.0.2 10.1.0.3 L3 Core Pod 2 L2 Switch 10.1.8.1 Tenant 1 2 10.1.0.4 Load Balancer Pod 3 L2 Switch 10.1.16.1 Tenant 1 3 10.1.16.47 Tenant 1 4 10.1.16.85

Public Internet L3 isolation with distributed firewalls Public IP address 65.37.141.11 65.37.141.24 65.37.141.36 65.37.141.80 Pod 1 L2 Switch 10.1.0.1 Tenant 1 1 Tenant 2 1 10.1.0.2 10.1.0.3 L3 Core Pod 2 L2 Switch 10.1.8.1 Tenant 1 2 10.1.0.4 Load Balancer Pod 3 L2 Switch 10.1.16.1 Tenant 2 2 Tenant 2 3 10.1.16.12 10.1.16.21 Tenant 1 3 10.1.16.47 Tenant 1 4 10.1.16.85 Slide from Chiradeep Vittal

A Million Firewalls? Slide from Chiradeep Vittal

Problem: Manage the state of 100s of thousands of firewalls Solution: Well-known software scaling techniques Message queues Consistency tradeoffs Idempotent configuration & retries CloudStack uses special purpose queues optimized for large security groups eventual consistency for rule updates Slide from Chiradeep Vittal

Problem: Firewall (iptables) rules explosion on the host firewall Solution: Use ipsets: ipset N web_sg iptreemap ipset A web_sg 10.1.16.31 ipset A web_sg 10.1.16.112 ipset A web_sg 10.1.189.5 ipset A web_sg 10.21.9.77 -A FORWARD p tcp m tcp dport 3060 m set match-set web_sg src -j ACCEPT Slide from Chiradeep Vittal

Conclusions Programmable networking is here Software switches are key enabler to network virtualization Opens the door for scalable, on-demand, ephemeral networks OVS is the default switch in Xen, and supported in XenServer and XenCP. CloudStack implements highly scalable network structures and leverages OVS capabilities

Participating in CloudStack Apache incubator project http://www.cloudstack.org #cloudstack on irc.freenode.net @CloudStack on Twitter http://cloudstack.org/discuss/mailing-lists.html Welcoming contributions and feedback, Join the fun!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback