CloudStack Networking at CloudOpen Japan
6 likes1,628 views
This document provides information about CloudStack networking and its architecture. It discusses how CloudStack supports both basic and advanced networking models, including options that utilize a virtual router or external network appliances. It also provides details on CloudStack's software-defined networking approach and use of technologies like VLANs. The document aims to educate about CloudStack's networking services and flexibility in supporting both internal and external network configurations.
CloudStack Networking at CloudOpen Japan
- 1. Kimihiko Kitase Solution Marketing Manager at Citrix Hiroaki Kawai Senior engineer at Stratosphere | Committer at Apache CloudStack CloudStack Networking
- 2. 北瀬 公彦 KIMIHIKO KITASE Board member at Japan CloudStack User Group Solution marketing manager at Citrix Joined to Citrix on March, 2000. TS R&D SE Sol | OSS community marketing twitter: @kkitase mail: [email protected] web: http://v12n.jp http://cloudstack.jp Wrote lots of magazines, book, articles related virtualization and cloud. Desktop Virtualization Server Virtualization Cloud and Network
- 3. • De Fact Standard Cloud Management Platform • Beautiful self-service portal UI • Admin, group admin, end user • Various networking services • LB, FW, VPN, NAT, etc • Work with external network appliance • OSS: Apache Software Foundation • Apache CloudStack (Latest ver. 4.0.2) • Commercial Distribution: Citrix • Citrix CloudPlatform (Latest ver. 3.0.6) What is CloudStack?
- 4. CloudStack Supports Multiple Cloud Strategies Multi-tenant Public Cloud • Dedicated resources • Security & total control • Internal network • Managed by Enterprise or 3rd party • Mix of shared and dedicated resources • Elastic scaling • Pay as you go • Public internet, VPN access Hosted Private Cloud • Dedicated resources • Security • SLA bound • 3rd party owned and operated Private Clouds Public Clouds On-premise Private Cloud
- 5. 150+ Clouds In Deployment 40,000+ Servers at scale
- 6. From the Latest Nikkei Computer ““Our cloud infra is based on CloudStack” is sales talk.” by one service provider’s evangelist
- 7. APIforintegration User Interface API for developer Amazon CloudStackCloud admin Tenant admin End User Availability and Security Server Network Storage Virtualization Layer server storage network VM management Backup Load Balancer reliability monitoring Image Library Service catalog OS templates ISOs Resource management CMS,Billing,Helpdesk, AccountManagement,etc…IaaS Archtecture metering
- 8. APIforintegration User Interface API for developer Amazon CloudStackCloud admin Tenant admin End User Availability and Security Server Network Storage Virtualization Layer server storage network VM management Backup Load Balancer reliability monitoring Image Library Service catalog OS templates ISOs Resource management CMS,Billing,Helpdesk, AccountManagement,etc…Area covered by Apache CloudStack metering
- 9. Compute Storage Network Management & Security PaaS Automation Business Portals Migration&Monitoring Application Mgmt. y Public Clouds Cloud Ecosystem
- 11. Secondary storage (NFS, OpenStack Swift) Management server Network appliance (LB, FW, SDN/OpenFlow) Self-service portal Primary storage (NFS, iSCSI, FC SAN, Local) CloudStack high level architecture
- 12. Pod 1 …. Cluster N L2 switch Host 2 Cluster 1 CloudStack components Host 1 Host is the basic unit of scale. Runs a hypervisor or is bare metal Cluster consists of one ore more hosts of same hypervisor All hosts in cluster have access to shared (primary) storage Pod is one or more clusters, usually with a L2 switch. Represents a rack Availability Zone has one or more pods, has access to secondary storage. Firewall and Load balancers separate public and private networks One or more zones represent cloud Primary Storage Zone 1 FirewallLoad Balancer …. L3 switch Secondary Storage Pod N
- 13. Data Center 1 Multi zones architecture Availability Zone 1 Data Center 2 Secondary Management Server MySQL Replication Data Center 3 Data Center 4 Availability Zone 2 Availability Zone 3 Availability Zone 4 Primary Management Server
- 14. Demo
- 55. Layer-3 Guest network - Basic Network 65.11.1.2 Guest VM 1 Guest VM 2 Guest VM 3 Guest VM 4 Public network NetScaler Load Balancer 65.11.1.3 65.11.1.4 65.11.1.5 DHCP DNS Virtual Router Tenant A Security group 1 10.1.2.3 Guest VM 1 Guest VM 2 Guest VM 3 Guest VM 4 10.1.2.4 10.1.2.5 10.1.2.6 EIP, ELB 65.11.1.2 65.11.1.3 L3 Switch Tenant B Security Group 2 DHCP DNS Virtual Router Public network Networking Service model provided by Virtual Router Networking Service model provided by external network appliance Tenant A Security group 1 Tenant B Security Group 2
- 56. Layer-2 Gust network - Advanced Network Guest network 10.1.1.1/8 Gateway 10.1.1.1 DHCP DNS NAT Load Balancing VPN Public IP 65.37.141.11 10.1.1.1 Guest VM 1 10.1.1.3 Guest VM 2 10.1.1.4 Guest VM 3 10.1.1.5 Guest VM 4 Guest network 10.1.1.1/8 Private IP 10.1.1.112 DHCP DNS Public IP 65.37.141.112 10.1.1.1 Guest VM 1 10.1.1.3 Guest VM 2 10.1.1.4 Guest VM 3 10.1.1.5 Guest VM 4 NetScaler Load Balancer Private IP 10.1.1.111 Public IP 65.37.141.111 Juniper SRX Firewall Networking Service model provided by Virtual Router Networking Service model provided by external network appliance Virtual Router Public network Public network Virtual Router Tenant B VLAN 101 Tenant A VLAN 100 Tenant A VLAN 100 Tenant B VLAN 101 Virtual Router Virtual Router
- 57. Virtual Router • When Advanced network is used VR is deployed Per-Account • Provide multiple networking services ᵒ DHCP, DNS, NAT, Source NAT, Firewall, VPN, User-data • VR details ᵒ Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security APT repository ᵒ Latest versions of dnsmasq, haproxy, iptables, ipsec, apache ᵒ Latest version of JRE • Can be accessed via SSH using key from management server
- 58. Web App DB Virtual Router Virtual Private Cloud a.k.a. VPC Create one or more networks Configure firewall rules Configure LB rules Deploy & manage VMs VLAN 1 VLAN 2 VLAN 3 Tenant A
- 59. CloudStack SDN Approach Hiroaki Kawai Senior engineer at Stratosphere | Committer at Apache CloudStack