CloudStack Networking - Tokyo CloudDay 2014
Transcript of CloudStack Networking - Tokyo CloudDay 2014
Who is that guy anyway?
» Hugo Trippaers – Mission Critical Engineer @ Schuberg Philis – PMC @ Apache CloudStack – Contributor @ OpenDaylight OVSDB – Gamer @ Home !
» Contact – @Spark404 @ Twitter – Spark404 @ Freenode – hugo @ apache.org
2
Agenda
» CloudStack Network Architecture » CloudStack Network Services » The “Virtual Networking” Service A.K.A SDN » CloudStack networking at Schuberg Philis » Future of CloudStack networking
3
CloudStack Network Architecture
» Administrator defined resources – Physical Networks – Zone networking type – Network Offerings
» User defined services – Isolated networks – Network device configuration (firewall, loadbalancer)
4
CloudStack Networking
» Physical Network – Defines • Traffic Types
• Isolation methods
• Network Service Providers
– Links to traffic labels on hypervisors
– Tagged Resource
5
CloudStack Networking - Basic Network
» Basic Networking » Amazon style L3 network » Tenant isolation on L3 (security groups)
6
External Router
Public IP Space
Security Group
CloudStack Networking - Advanced Network
» Advanced Networking » Tenant isolation on L2 (VLAN, SDN) » Advanced services model per network
7
External Router
Public IP Space
Virtual Router
CloudStack Networking - Advanced Network VPC
» Advanced Networking » Tenant isolation on L2 (VLAN, SDN) » Advanced services model per network » Tiered networking » Private gateway
8
External Router
Public IP Space
VPC Virtual Router
CloudStack Networking Services
» Network Offerings – Mix and Match any combination of Service and
Provider – Services: • VPN, DNS, DHCP, Firewall, Load Balancer, User Data,
Source Nat, Static NAT, Port Forwarding, Security Groups, Network ACL, Virtual Networking, BaremetalPxeService, ….
– Providers: • VirtualRouter, VPCVirtualRouter, Midokura, NiciraNVP,
BigSwitch and more …
9
Software Defined Networking
» Changing the control plane of a network – The data plane moves packets around in the
network. – The control plane defines
and sets the configuration of the data plane. !
– SDN, centralized using an API
13 13
SDN Provisioning flow - activate L2 services
16
1. Create Isolated network 2. Create instance on network
Network Guru
SDN Controller
NIC UUID
SDN Provisioning flow - activate L3 services
17
3. Plug NIC on network
Network Elements
SDN Controller
Hypervisor resource
NIC UUID
SDN in CloudStack - Technology support
18
Isolation DHCP Firewall NAT VPC
GRE isolation Pre ACS - - - -
Nicira NVP >= 4.0 - - >= 4.1 >= 4.1
Big Switch VNS >= 4.1 - - - -
Midokura Midonet >= 4.2 >=4.2 >= 4.2 >= 4.2 >=4.2
Stratosphere SSP >=4.2 - - - -
VXLAN >= 4.3 - - - >= 4.3
Contrail >= 4.3 >= 4.3 - >= 4.3 -
OpenDaylight master - - - -
SDN in CloudStack - Hypervisor support
19
XenServer KVM VMware
GRE isolation Pre ACS >= 4.3 -
Nicira NVP >= 4.0 >=4.1 >=4.2
Big Switch VNS - >= 4.1 -
Midokura Midonet - >=4.2 -
Stratosphere SSP - >=4.2 -
VXLAN - >=4.3 -
Contrail >= 4.3 - -
OpenDaylight - master -
CloudStack @ Schuberg Philis
» We manage mission critical applications that businesses rely on 24/7 and we promise a 100% functional availably. !
20
CloudStack @ Schuberg Philis
» Is availability the only thing our customers care about? » No…
» Flexibility » Continuous Integration » Continuous Deployment » Auditability » Compliance
21
CloudStack @ Schuberg Philis
» To achieve our goals » We need focus on the applications and business processes » So infrastructure should be boring and automated
22
CloudStack @ Schuberg Philis
» Our “CloudStack” » CloudStack !
» Compute » XenServer » HP DL380 G8
» Networking » Arista » VMWare NSXx
» Storage » NetApp filer
23
CloudStack @ Schuberg Philis
» Networking » Arista based Leaf - Spine topology
» Optimized for throughput and switch latency » Only 4(!) VLANs configured
» VMware NSX (via CloudStack) » 400+ isolated networks » NSX Gateways
24
External Router
Public IP Space
Virtual Router
Legacy Infrastructure
NSX Gateway
Network Function Virtualization
» The new “hype” – L2/L3 is fixed – the next step is L4 - L7 !
» Think about – Distributed virtual firewalls – Loadbalancers – Routing
26
Integration
» Expand the ecosystem » Other SDN vendors
» Nuage » …
» Underlay network management » Stateless networks » …
27
Summary
» CloudStack networking is highly flexible. » Software Defined Networking supported in the core of CloudStack. » Proven in production in very demanding infrastructures. !
» CloudStack provides a solid base to support current and future innovation » with the help of Ecosystem partners
28