SlideShare a Scribd company logo

Network service in open stack cloud

Yaohui Jin
Yaohui Jin

This document discusses network virtualization in OpenStack clouds. It acknowledges contributions from OpenStack community members and network engineers. It outlines how OpenStack's Quantum project allows networking to be treated as a first-class service. Quantum supports plug-ins for different virtual network implementations like Open vSwitch, NVGRE, and VXLAN. The document also describes the speaker's work on a virtual cube (vCube) network service that provides quality of service, visibility, and a transition between VLAN and GRE solutions in OpenStack clouds.

Technology
1 of 40
Downloaded 55 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Network Service in OpenStack Cloud p Yaohui Jin email: ji h at sjtu.edu.cn il jinyh t jt d Sina Weibo: @bright_jin Network & Information Center © jinyh@sjtu
Acknowledgement  Team: Dr. Xuan Luo, Pengfei Zhang, Xiaosheng Zuo, Zhixing Xu, Xinyu Xu, Jianwen Wei, Baoqing Huang, etc.  Prof. Hongfang Yu and team with UESTC  Prof. Jianping Wang with CityU HK  Engineers, discussion and slides from Intel, SINA, IBM, Cisco, Dell, VMware/EMC, H3C, Huawei, IXIA, …  OpenStack Community  China OpenStack User Group (COSUG)  China OpenStack Cloud League (COSCL)  Technical blogs such as blog.ioshints.info, ipspace.net, … © jinyh@sjtu 2
OpenStack in Academia for Research & Operation  USC, Information Science Institute  Purdue University  University of Melbourne  San Diego Supercomputer Center  Brookhaven National Lab., DOE  Argonne National Lab., DOE  European Organization for Nuclear Research (CERN)  Shanghai Jiao Tong University  University of Science & Technology of China  University of Electrical Science & Technology of China  …… © jinyh@sjtu 3
Agenda  Introduction  SDN and OpenFlow  Network Virtualization N t k Vi t li ti  Network Virtualization in OpenStack  Our Work © jinyh@sjtu 4
The Service Trend  "Decoupling infrastructure management from service management can lead to innovation new business innovation, models, and a reduction in the complexity of running services. It is happening in the world of computing, and is poised to happen in networking.“ Jennifer Rexford Professor, Princeton University  Last month, VMware paid $1.2B to acquire Nicira for software defined networking (SDN). © jinyh@sjtu 5
Why is Nicira worth $1.2 billion? © jinyh@sjtu 6
SDN and OpenFlow © jinyh@sjtu
Software Defined Network (SDN)  A network architecture in which the network control plane (OS) is decoupled from the physical topology using open protocols such as OpenFlow. © jinyh@sjtu 8
Flow Table (v1.1)  Rules: Ethernet, IP, MPLS, TCP/UDP any combination, exact or wildcard  Actions: Forward, Drop, Modify field (NAT)  Statistics: Volume based billing anti DDOS billing, © jinyh@sjtu 9
OpenFlow Implementation  Hypervisor Mode yp  Open vSwitch (OVS): XEN, KVM, …  OVS other features: security, visibility, QoS security visibility QoS, automated control  Hardware Mode  OpenFlow Switch  Hop by hop configuration © jinyh@sjtu 10
Reality Check  “OpenFlow doesn’t let you do anything you couldn’t do on a network net ork before” –Scott Shenker (Professor UC Berkele Scott (Professor, Berkeley, OpenFlow co-inventor)  Frames are still f F till forwarded, packets are d li d d k t delivered t h t d to hosts.  OpenFlow 1.3 was recently approved.  Major vendors are participating - Cisco, Juniper, Brocade, Huawei, Ericsson, etc. It’s still early stage technology but commercial products are shipping.  OpenFlow led by large companies Google/Yahoo/Verizon and lack of focus on practical applications in the enterprise. © jinyh@sjtu 11
OpenFlow Interop  Fifteen Vendors Demonstrate OpenFlow Switches at Interop (May 8-12 2011) 8-12, © jinyh@sjtu 12
Network Virtualization © jinyh@sjtu
General Data Center Architecture Cloud management system allows us dynamically provisioning VMs and virtual storage. © jinyh@sjtu 14
What customers really want? Virtual Network  Requirements  Multiple logical segments p g g  Multi-tie applications  Load balancing and firewalling  Unlimited scalability and mobility © jinyh@sjtu 15
Multi-Tenant Isolation  Making life easier for the cloud provider  Customer VMs attached to “random” L3 subnets  VM IP addresses allocated by the IaaS provider  Predefined configurations or user-controlled firewalls  Autonomous tenant address space A t t t dd  Both MAC and IP addresses could overlap between two tenants, or even within the same tenant  Each overlapping address space needs a separate segment © jinyh@sjtu 16
Scalability  Datacenter networks have got much bigger (and getting bigger still !!)  Juniper s Juniper’s Qfabric ~6000 ports, Cisco’s FabricPath over 10k ports 6000 Cisco s  Tenant number dramatically increase as the IaaS experiences rapid commoditization  Forrester Research forecasts that public cloud today globally valued at $2.9B, projected to grow to $5.85B by 2015.  Server virtualization increase demand on switch MAC address tables  Physical with 2 MACs -> 100 VMs with 2 vNIC need 200+ MACs! © jinyh@sjtu 17
Possible Solutions (1)  VLANs per tenant  limitations of VLAN-id range (Only 12bits ID = 4K)  VLAN trunk is manually configured  Spanning tree limits the size of the network  L2 over L2  vCDNI(VMware), Provider Bridging(Q-in-Q)  Limitations in number of users (limited by VLAN-id range)  Proliferation of VM MAC addresses in switches in the network (requiring larger table sizes in switches)  Switches must support use of same MAC address in multiple VLANs (independent VLAN learning) © jinyh@sjtu 18
Possible Solutions (2): L2 over IP  Virtual eXtensible LAN (VXLAN)  VMware, Arista, Broadcom, Cisco, Citrix, Red Hat  VXLAN Network Identifier (VNI): 24 bits = 16M  UDP encapsulation, new protocol  Network Virtualization Generic Routing Encapsulation (NVGRE)  Microsoft, Arista, Intel, Dell, HP, Broadcom, Emulex  Virtual Subnet Identifier (VSID): 24 bits = 16M  GRE tunneling, relies on existing protocol  Stateless Transport Tunneling (STT) St t l T tT li  Nicira  Context ID C t t ID: 64 bit TCP lik encapsulation bits, TCP-like l ti © jinyh@sjtu 19
VXLAN/NVGRE: How it Works? without overlay using VXLAN using NVGRE © jinyh@sjtu 20
Dynamic MAC learning  Dynamic MAC learning with L2 flooding over IP multicasting Flooding does not scale when fabric gets bigger. © jinyh@sjtu 21
Control Plane (Nicira)  L2-over-IP with control plane  OpenFlow-capable vSwitches  IP tunnels (GRE, STT ...)  MAC-to-IP mappings by OpenFlow  Third-party physical devices  Benefits  No reliance on flooding  No IP multicast in the core © jinyh@sjtu 22
Transitional Strategy Depends on Your Business  100s tenants, 100s servers: VLANs  1000s tenants, 100 servers: vCDNI or Q i Q 1000 t t 100s CDNI Q-in-Q  Few 1000s servers, many tenants: VXLAN/NVGRE/STT  More than that: L2 over IP with control plane Open question: How to solve the co-existing scenarios in one cloud? © jinyh@sjtu 23
Network Virtualization in Openstack © jinyh@sjtu
OpenStack Today  Networking is embedded inside of Nova compute, and un-accessible to application developers  Details and differences associated with network provisioning complicates a simple compute service  Difficult to track changes in networking as Software- defined Networking (SDN) comes into play © jinyh@sjtu 25
With Quantum – Networking becomes a Service  Nova becomes simpler, easier to maintain and extend  Developers have ability to create multiple networks for their own purposes (multi-tier apps)  May support provisioning of both virtual and physical networks – differences captured through plugin’s p g p g © jinyh@sjtu 26
Quantum API interactions © jinyh@sjtu 27
Plug-in’s available today  Open vSwitch p  Linux bridge  Nicira Ni i NVP  Cisco (Nexus switches and UCS VM-FEX)  NTT Labs Ryu OpenFlow controller  NEC OpenFlow  Big Switch Floodlight © jinyh@sjtu 28
Quantum in Horizon  Create/delete private network  Create “ports” and attach VM’s  Assign IP address blocks ( g (DHCP) ) © jinyh@sjtu 29
Quantum OVS Plugin: VLAN solution with Open vSwitch © jinyh@sjtu 30
OVS Plugin Flow Chart © jinyh@sjtu 31
Ryu Plugin: Overlay solution with Openflow © jinyh@sjtu 32
Ryu Plugin Flow Chart © jinyh@sjtu 33
vCube: Virtual, Versatile, Visible Network Service for OpenStack Cloud © jinyh@sjtu
Network Environment  Data Center Network: 10 GE Switch (BNT&H3C) in 2 domains  Control and Manage: GE Switch (DCRS)  10GE connect to campus network  Fat tree topology; L3: VRRP;  L2: LACP+VLAG+MSTP  Security control: SSH, NAT, ACL, VLAN  NIC: Intel X520-DA2; Chelsio T420E-CR © jinyh@sjtu 35
Transition:Co-existing VLAN/GRE  VLAN solution: Openstack + Open vSwitch p p  GRE solution: Openstack + Ryu © jinyh@sjtu 36 43
QoS in Virtual Network  Bandwidth upper bound for VMs pp  With only OVS : 200Mbit/s  With OVS and virtio: 8Gbit/s  Bandwidth guarantee with Openstack + OVS  User defined rate limitation  Differential service level for tenants  High bandwidth utilization  Stable performance under dynamic traffic p y © jinyh@sjtu 37
Visible Virtual Network by sFlow Virtual Physical Virtual Physical Machine Server Switch Switch CPU Unicast Disk Multicast Port Traffic Traffic © jinyh@sjtu © jinyh@sjtu 38 45
The Whole Picture © jinyh@sjtu 39
Thanks for your attention! Weibo: @bright_jin © jinyh@sjtu 40

More Related Content

What's hot (20)

PDF
OMG DDS Tutorial - Part I
Angelo Corsaro
 
PDF
Tuning and Troubleshooting OpenSplice DDS Applications
Angelo Corsaro
 
PDF
OMG Data-Distribution Service (DDS) Tutorial - 2009
Gerardo Pardo-Castellote
 
PDF
Rise of Network Virtualization
Arinto Murdopo
 
PDF
Стратегия Juniper в контексте Web 2.0
TERMILAB. Интернет - лаборатория
 
PDF
The Data Distribution Service
Angelo Corsaro
 
PDF
The Data Distribution Service
Angelo Corsaro
 
PDF
Project titles abstract_2012
Suresh Radhakrishnan
 
PDF
Getting Started with DDS in C++, Java and Scala
Angelo Corsaro
 
PDF
Integrating network virtualization security in OpenStack Deployments.pdf
OpenStack Foundation
 
PDF
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Angelo Corsaro
 
PPTX
High Performance Cyberinfrastructure Enables Data-Driven Science in the Glob...
Larry Smarr
 
PDF
Tweeting with OpenSplice DDS
Angelo Corsaro
 
PDF
The Present and Future of DDS
Angelo Corsaro
 
PDF
27 30
Ijarcsee Journal
 
PDF
Network security dotnet
Dhamu Mca
 
PPT
Mist2012 panel discussion-ruo ando
Ruo Ando
 
PDF
SunGard Cloud - Infrastructure as a Service - IaaS
SunGard Availability Services UK
 
PDF
The next generation ethernet gangster (part 2)
Jeff Green
 
PDF
Microsoft NetMeeting and Windows XP Video Conferencing vs
Videoguy
 
OMG DDS Tutorial - Part I
Angelo Corsaro
 
Tuning and Troubleshooting OpenSplice DDS Applications
Angelo Corsaro
 
OMG Data-Distribution Service (DDS) Tutorial - 2009
Gerardo Pardo-Castellote
 
Rise of Network Virtualization
Arinto Murdopo
 
Стратегия Juniper в контексте Web 2.0
TERMILAB. Интернет - лаборатория
 
The Data Distribution Service
Angelo Corsaro
 
The Data Distribution Service
Angelo Corsaro
 
Project titles abstract_2012
Suresh Radhakrishnan
 
Getting Started with DDS in C++, Java and Scala
Angelo Corsaro
 
Integrating network virtualization security in OpenStack Deployments.pdf
OpenStack Foundation
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Angelo Corsaro
 
High Performance Cyberinfrastructure Enables Data-Driven Science in the Glob...
Larry Smarr
 
Tweeting with OpenSplice DDS
Angelo Corsaro
 
The Present and Future of DDS
Angelo Corsaro
 
27 30
Ijarcsee Journal
 
Network security dotnet
Dhamu Mca
 
Mist2012 panel discussion-ruo ando
Ruo Ando
 
SunGard Cloud - Infrastructure as a Service - IaaS
SunGard Availability Services UK
 
The next generation ethernet gangster (part 2)
Jeff Green
 
Microsoft NetMeeting and Windows XP Video Conferencing vs
Videoguy
 

Similar to Network service in open stack cloud (20)

PPTX
Keynote -金耀辉--network service in open stack cloud-osap2012_jinyh_v4
OpenCity Community
 
PPT
Scalable networking in Apache CloudStack
Chiradeep Vittal
 
PDF
Networking is NOT Free: Lessons in Network Design
Randy Bias
 
PPT
CloudStack and SDN
Sebastien Goasguen
 
PDF
Network virtualization with open stack quantum
Miguel Lavalle
 
PDF
OpenStack Quantum
openstackindia
 
PDF
Quantum - The Network Mechanics
Kiran Murari
 
PPTX
Am 04 track1--salvatore orlando--openstack-apac-2012-final
OpenCity Community
 
PDF
Understanding network and service virtualization
SDN Hub
 
PPTX
OpenStack and OpenFlow Demos
Brent Salisbury
 
PDF
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
scarisbrick
 
PDF
Network Virtualization with quantum
openstackindia
 
PPTX
Floodlight tutorial - Clemson / Georgia Tech
openflowhub
 
PPTX
OpenStack 2012 fall summit observation - Quantum/SDN
Te-Yen Liu
 
PPTX
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Dan Mihai Dumitriu
 
PPTX
Understanding and deploying Network Virtualization
SDN Hub
 
PDF
OpenFlowHub Webinar - Indigo v2.0 and LOXI
openflowhub
 
PPTX
Presentation11
KellyCheah
 
PPTX
OpenStack Quantum: Cloud Carrier Summit 2012
Dan Wendlandt
 
PPTX
OpenStack Quantum Intro (OS Meetup 3-26-12)
Dan Wendlandt
 
Keynote -金耀辉--network service in open stack cloud-osap2012_jinyh_v4
OpenCity Community
 
Scalable networking in Apache CloudStack
Chiradeep Vittal
 
Networking is NOT Free: Lessons in Network Design
Randy Bias
 
CloudStack and SDN
Sebastien Goasguen
 
Network virtualization with open stack quantum
Miguel Lavalle
 
OpenStack Quantum
openstackindia
 
Quantum - The Network Mechanics
Kiran Murari
 
Am 04 track1--salvatore orlando--openstack-apac-2012-final
OpenCity Community
 
Understanding network and service virtualization
SDN Hub
 
OpenStack and OpenFlow Demos
Brent Salisbury
 
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
scarisbrick
 
Network Virtualization with quantum
openstackindia
 
Floodlight tutorial - Clemson / Georgia Tech
openflowhub
 
OpenStack 2012 fall summit observation - Quantum/SDN
Te-Yen Liu
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Dan Mihai Dumitriu
 
Understanding and deploying Network Virtualization
SDN Hub
 
OpenFlowHub Webinar - Indigo v2.0 and LOXI
openflowhub
 
Presentation11
KellyCheah
 
OpenStack Quantum: Cloud Carrier Summit 2012
Dan Wendlandt
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
Dan Wendlandt
 
Ad

Recently uploaded (20)

PPTX
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
PDF
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PPT
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PPTX
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PPTX
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
Python basic programing language for automation
DanialHabibi2
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PDF
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
Smart Trailers 2025 Update with History and Overview
Paul Menig
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Python basic programing language for automation
DanialHabibi2
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
Ad

Network service in open stack cloud

  • 1. Network Service in OpenStack Cloud p Yaohui Jin email: ji h at sjtu.edu.cn il jinyh t jt d Sina Weibo: @bright_jin Network & Information Center © jinyh@sjtu
  • 2. Acknowledgement  Team: Dr. Xuan Luo, Pengfei Zhang, Xiaosheng Zuo, Zhixing Xu, Xinyu Xu, Jianwen Wei, Baoqing Huang, etc.  Prof. Hongfang Yu and team with UESTC  Prof. Jianping Wang with CityU HK  Engineers, discussion and slides from Intel, SINA, IBM, Cisco, Dell, VMware/EMC, H3C, Huawei, IXIA, …  OpenStack Community  China OpenStack User Group (COSUG)  China OpenStack Cloud League (COSCL)  Technical blogs such as blog.ioshints.info, ipspace.net, … © jinyh@sjtu 2
  • 3. OpenStack in Academia for Research & Operation  USC, Information Science Institute  Purdue University  University of Melbourne  San Diego Supercomputer Center  Brookhaven National Lab., DOE  Argonne National Lab., DOE  European Organization for Nuclear Research (CERN)  Shanghai Jiao Tong University  University of Science & Technology of China  University of Electrical Science & Technology of China  …… © jinyh@sjtu 3
  • 4. Agenda  Introduction  SDN and OpenFlow  Network Virtualization N t k Vi t li ti  Network Virtualization in OpenStack  Our Work © jinyh@sjtu 4
  • 5. The Service Trend  "Decoupling infrastructure management from service management can lead to innovation new business innovation, models, and a reduction in the complexity of running services. It is happening in the world of computing, and is poised to happen in networking.“ Jennifer Rexford Professor, Princeton University  Last month, VMware paid $1.2B to acquire Nicira for software defined networking (SDN). © jinyh@sjtu 5
  • 6. Why is Nicira worth $1.2 billion? © jinyh@sjtu 6
  • 7. SDN and OpenFlow © jinyh@sjtu
  • 8. Software Defined Network (SDN)  A network architecture in which the network control plane (OS) is decoupled from the physical topology using open protocols such as OpenFlow. © jinyh@sjtu 8
  • 9. Flow Table (v1.1)  Rules: Ethernet, IP, MPLS, TCP/UDP any combination, exact or wildcard  Actions: Forward, Drop, Modify field (NAT)  Statistics: Volume based billing anti DDOS billing, © jinyh@sjtu 9
  • 10. OpenFlow Implementation  Hypervisor Mode yp  Open vSwitch (OVS): XEN, KVM, …  OVS other features: security, visibility, QoS security visibility QoS, automated control  Hardware Mode  OpenFlow Switch  Hop by hop configuration © jinyh@sjtu 10
  • 11. Reality Check  “OpenFlow doesn’t let you do anything you couldn’t do on a network net ork before” –Scott Shenker (Professor UC Berkele Scott (Professor, Berkeley, OpenFlow co-inventor)  Frames are still f F till forwarded, packets are d li d d k t delivered t h t d to hosts.  OpenFlow 1.3 was recently approved.  Major vendors are participating - Cisco, Juniper, Brocade, Huawei, Ericsson, etc. It’s still early stage technology but commercial products are shipping.  OpenFlow led by large companies Google/Yahoo/Verizon and lack of focus on practical applications in the enterprise. © jinyh@sjtu 11
  • 12. OpenFlow Interop  Fifteen Vendors Demonstrate OpenFlow Switches at Interop (May 8-12 2011) 8-12, © jinyh@sjtu 12
  • 14. General Data Center Architecture Cloud management system allows us dynamically provisioning VMs and virtual storage. © jinyh@sjtu 14
  • 15. What customers really want? Virtual Network  Requirements  Multiple logical segments p g g  Multi-tie applications  Load balancing and firewalling  Unlimited scalability and mobility © jinyh@sjtu 15
  • 16. Multi-Tenant Isolation  Making life easier for the cloud provider  Customer VMs attached to “random” L3 subnets  VM IP addresses allocated by the IaaS provider  Predefined configurations or user-controlled firewalls  Autonomous tenant address space A t t t dd  Both MAC and IP addresses could overlap between two tenants, or even within the same tenant  Each overlapping address space needs a separate segment © jinyh@sjtu 16
  • 17. Scalability  Datacenter networks have got much bigger (and getting bigger still !!)  Juniper s Juniper’s Qfabric ~6000 ports, Cisco’s FabricPath over 10k ports 6000 Cisco s  Tenant number dramatically increase as the IaaS experiences rapid commoditization  Forrester Research forecasts that public cloud today globally valued at $2.9B, projected to grow to $5.85B by 2015.  Server virtualization increase demand on switch MAC address tables  Physical with 2 MACs -> 100 VMs with 2 vNIC need 200+ MACs! © jinyh@sjtu 17
  • 18. Possible Solutions (1)  VLANs per tenant  limitations of VLAN-id range (Only 12bits ID = 4K)  VLAN trunk is manually configured  Spanning tree limits the size of the network  L2 over L2  vCDNI(VMware), Provider Bridging(Q-in-Q)  Limitations in number of users (limited by VLAN-id range)  Proliferation of VM MAC addresses in switches in the network (requiring larger table sizes in switches)  Switches must support use of same MAC address in multiple VLANs (independent VLAN learning) © jinyh@sjtu 18
  • 19. Possible Solutions (2): L2 over IP  Virtual eXtensible LAN (VXLAN)  VMware, Arista, Broadcom, Cisco, Citrix, Red Hat  VXLAN Network Identifier (VNI): 24 bits = 16M  UDP encapsulation, new protocol  Network Virtualization Generic Routing Encapsulation (NVGRE)  Microsoft, Arista, Intel, Dell, HP, Broadcom, Emulex  Virtual Subnet Identifier (VSID): 24 bits = 16M  GRE tunneling, relies on existing protocol  Stateless Transport Tunneling (STT) St t l T tT li  Nicira  Context ID C t t ID: 64 bit TCP lik encapsulation bits, TCP-like l ti © jinyh@sjtu 19
  • 20. VXLAN/NVGRE: How it Works? without overlay using VXLAN using NVGRE © jinyh@sjtu 20
  • 21. Dynamic MAC learning  Dynamic MAC learning with L2 flooding over IP multicasting Flooding does not scale when fabric gets bigger. © jinyh@sjtu 21
  • 22. Control Plane (Nicira)  L2-over-IP with control plane  OpenFlow-capable vSwitches  IP tunnels (GRE, STT ...)  MAC-to-IP mappings by OpenFlow  Third-party physical devices  Benefits  No reliance on flooding  No IP multicast in the core © jinyh@sjtu 22
  • 23. Transitional Strategy Depends on Your Business  100s tenants, 100s servers: VLANs  1000s tenants, 100 servers: vCDNI or Q i Q 1000 t t 100s CDNI Q-in-Q  Few 1000s servers, many tenants: VXLAN/NVGRE/STT  More than that: L2 over IP with control plane Open question: How to solve the co-existing scenarios in one cloud? © jinyh@sjtu 23
  • 24. Network Virtualization in Openstack © jinyh@sjtu
  • 25. OpenStack Today  Networking is embedded inside of Nova compute, and un-accessible to application developers  Details and differences associated with network provisioning complicates a simple compute service  Difficult to track changes in networking as Software- defined Networking (SDN) comes into play © jinyh@sjtu 25
  • 26. With Quantum – Networking becomes a Service  Nova becomes simpler, easier to maintain and extend  Developers have ability to create multiple networks for their own purposes (multi-tier apps)  May support provisioning of both virtual and physical networks – differences captured through plugin’s p g p g © jinyh@sjtu 26
  • 28. Plug-in’s available today  Open vSwitch p  Linux bridge  Nicira Ni i NVP  Cisco (Nexus switches and UCS VM-FEX)  NTT Labs Ryu OpenFlow controller  NEC OpenFlow  Big Switch Floodlight © jinyh@sjtu 28
  • 29. Quantum in Horizon  Create/delete private network  Create “ports” and attach VM’s  Assign IP address blocks ( g (DHCP) ) © jinyh@sjtu 29
  • 30. Quantum OVS Plugin: VLAN solution with Open vSwitch © jinyh@sjtu 30
  • 31. OVS Plugin Flow Chart © jinyh@sjtu 31
  • 32. Ryu Plugin: Overlay solution with Openflow © jinyh@sjtu 32
  • 33. Ryu Plugin Flow Chart © jinyh@sjtu 33
  • 34. vCube: Virtual, Versatile, Visible Network Service for OpenStack Cloud © jinyh@sjtu
  • 35. Network Environment  Data Center Network: 10 GE Switch (BNT&H3C) in 2 domains  Control and Manage: GE Switch (DCRS)  10GE connect to campus network  Fat tree topology; L3: VRRP;  L2: LACP+VLAG+MSTP  Security control: SSH, NAT, ACL, VLAN  NIC: Intel X520-DA2; Chelsio T420E-CR © jinyh@sjtu 35
  • 36. Transition:Co-existing VLAN/GRE  VLAN solution: Openstack + Open vSwitch p p  GRE solution: Openstack + Ryu © jinyh@sjtu 36 43
  • 37. QoS in Virtual Network  Bandwidth upper bound for VMs pp  With only OVS : 200Mbit/s  With OVS and virtio: 8Gbit/s  Bandwidth guarantee with Openstack + OVS  User defined rate limitation  Differential service level for tenants  High bandwidth utilization  Stable performance under dynamic traffic p y © jinyh@sjtu 37
  • 38. Visible Virtual Network by sFlow Virtual Physical Virtual Physical Machine Server Switch Switch CPU Unicast Disk Multicast Port Traffic Traffic © jinyh@sjtu © jinyh@sjtu 38 45
  • 39. The Whole Picture © jinyh@sjtu 39
  • 40. Thanks for your attention! Weibo: @bright_jin © jinyh@sjtu 40