MidoNet Differentiation and Overview
Download as PPTX, PDF2 likes1,389 views
Midokura, founded in 2010, specializes in network virtualization and offers software for networking using an overlay approach, garnering significant funding and industry recognition. The Midonet network virtualization platform enables rapid provisioning, enhanced security, and improved performance across various cloud environments by decoupling logical network architectures from physical hardware. It utilizes a distributed model that addresses challenges tied to traditional Open vSwitch (OVS) by eliminating single points of failure and improving scalability.
MidoNet Differentiation and Overview
- 1. Confidential MidoNet Differentiation & Overview
- 2. Confidential About the company • Founded in 2010, Midokura is a global company with offices in Tokyo, San Francisco, Barcelona and Munich • Pioneer in network virtualization – provides software for networking using overlay approach. Pedigree includes Amazon, Cisco, VMware and Google • Received $20M+ in first round of funding April 2013 from Innovation Network Corporation of Japan, NTT and NEC • Named by CRN as amongst the top 10 networking stories of 2013 and also amongst 10 coolest startups in the world • Won Nokia’s Silicon Valley Innovation Challenge – 2014 • Named AlwaysOn award winner for the second consecutive year • Significant contributor to the OpenStack Networking (Neutron) • First SDN vendor to be certified for Red Hat OpenStack environment • Early member of the Open DayLight Project (ODP) • Broad and deep technical partnerships with network switch vendors, software companies and solution providers
- 4. Confidential v Any Application MidoNet Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Layer 4 Load Balancer Logical L3 KVM, ESXI, LXC, Docker Logical Switching – Layer 2 over Layer 3, decoupled from the physical network Logical Routing – Routing between virtual networks without exiting the software container Distributed Firewall – Provides ACLs, high performance kernel integrated firewall via a flexible rule chain system VXLAN/GRE – VxLAN and GRE tunneling Provides L2 connectivity across L3 transport. Logical Layer 4 Load Balancer – Application Load Balancing in software MidoNet API – Alignment with OpenStack Neutron’s API for integration into compatible cloud management software MidoNet Network Virtualization Platform
- 5. Confidential Do it BiggerDo it Faster Value Agility Provide rapid provisioning of isolated network infrastructure for labs and devops. Logical Network Provisioning Automated Provisioning Isolated Sandboxes Control Network admins can better secure, control & view network traffic. Single Pane of Glass OpsTools Enhanced Security Enable Compliance Do it Better IaaS Cloud Build multi-tenant clouds with visibility into usage. Tenant Control Metering Automated Self Service Performance Improve network performance using edge overlay & complementary technologies. Single Hop Virtual Networking VXLAN Hardware Gateway Massive performance with 40Gb Support Scale Add virtual network infra & services simply & resiliently without hardware & bottlenecks. Distributed Logical Networking FW, LB, L2/3, NAT Limitless “VLANs” Scale out L3 Gateway Bridge legacy VLANs IPv6 Solution for OpenStack Networking Use MN to overcome limitations of Neutron for OpenStack users. Replaces OVS Plugin
- 7. Confidential 6 Logical Topology – Overlay Networks
- 8. Confidential MidoNet Distributed Advantage: Comparing with OVS and Centralized Controller Approaches 7
- 9. Confidential OVS Open Source Plugin 8 Overlay Networking GRE Tunnels Uses Open vSwitch Project Components: • Neutron OVS Agent • Neutron DHCP Agent • Neutron L3 Agent • IPTables Neutron Network Node Neutron-Server + OVS Plugin L3 Agent DHCP Agent OVS Agent NAT / Floating IPs IP Tables / Routing dnsmasq ovsdb/ vswitchd Linux Kernel / IP Stack Compute Node nova compute OVS Agent KVM VM VM Linux Kernel / IP Stack ovsdb/ vswitchd IP Tables Compute Node nova compute OVS Agent KVM VM VM Linux Kernel / IP Stack ovsdb/ vswitchd IP Tables GRE Tunnels IP Underlay WAN security groups security groups
- 10. Confidential Challenges with OVS Plugin 9 Neutron Network Node is a SPOF Need to use corosync, etc for active/standby failover. Challenging at Scale Since there’s a single network node, this becomes a bottleneck fairly quickly. Inefficient Networking IPTables, L3 Agent, multiple hops for single flow are causing unnecessary traffic and added latency on your physical network
- 11. Confidential 10 Private IP Network SDN Controller Active Gateway Standby Gateway Internet Service Node Linux Kernel Open vSwitch Agent VM IP Tables SDN Controller centrally processes flows, and programs virtual switches remotely VM VM Linux Kernel Open vSwitch Agent VM IP Tables VM VM Centralized Controller Model
- 12. Confidential 11 Private IP Network Network State Database Internet MidoNet Agents act as distributed controller MidoNet Distributed Model Network State Database Network State Database Linux Kernel MidoNet Agent VMVM VM Linux Kernel MidoNet Agent VMVM VM Active Gateway Active Gateway Active Gateways Distributed scale out Gateways Logical Network topology stored in distributed database MidoNet Agent removes need for Service Nodes and IPTables
- 13. Confidential 12 Private IP Network SDN Controller Service Node Service node centrally responsible network services like NAT, routing, Load balancing Linux Kernel Open vSwitch Agent VM IP Tables VM VM Centralized Controller Model
- 14. Confidential 13 Private IP Network Network State Database MidoNet Agent programs the Kernel to provide services like security groups, routing, load balancing, and floating IPs Linux Kernel VMVM VM MidoNet’s Distributed Edge Model MidoNet Agent
- 15. Confidential 14 Private IP Network SDN Controller Active Gateway Standby Gateway Internet Linux Kernel Open vSwitch Agent VM IP Tables All outgoing flows travel through the active gateway node. VM VM Linux Kernel Open vSwitch Agent VM IP Tables VM VM Active/Standby GW Model
- 16. Confidential 15 Private IP Network Active Gateway 1 Active Gateway 2 Internet Linux Kernel Open vSwitch Agent VM IP Tables Outgoing and Incoming flows balanced across MidoNet Distributed Gateways VM VM Linux Kernel Open vSwitch Agent VM IP Tables VM VM Active Gateway 3 Network State Database Network State Database Network State Database Fully Distributed GW Model
- 17. Confidential Why L3 Gateway? 16 • Static routes suck • Provides HA out of the box • Inbound distributed NAT, routing, L4LB, and Firewalls • Can provide VPC like multi-tenant BGP capabilities
- 18. Confidential VxLAN Gateway (VXGW) 17 • Connect to non-virtualized workloads without a software gateway • One less hop required • More port density
- 19. Confidential 18 MidoNet – Cumulus Linux Solution VxLAN Tunnel Physical Connection OVSDB TCP/IP