TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형
-
Upload
toastnhnent -
Category
Technology
-
view
544 -
download
7
Transcript of TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형
![Page 1: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/1.jpg)
TOAST CloudTENANT ISOLATION김태형 / NHN엔터테인먼트 클라우드개발팀
2015.11.26
![Page 2: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/2.jpg)
시작하며
무엇을 얘기하고 싶은가
▸ Tenant Isolation?
▸ How?
▸ 해결해야 할 수 많은 과제들
![Page 3: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/3.jpg)
TENANT ISOLATION?
TENANT ISOLATION
▸ Cloud == Shared Resource
▸ Isolation
▸ Compute / Storage / Network
▸ Tenant Network Limitation
NETWORK COMPUTE STORAGE
![Page 4: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/4.jpg)
NETWORK
FIP
PROBLEM
NETWORK NODE
COMPUTE
PRIVATE
COMPUTE
PUBLIC
R
![Page 5: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/5.jpg)
장애
BLOODY 4.16
▸ Network node on VM
▸ Rollback Fail
▸ LBaaS, DHCP 부하 분산
▸ 장애가 준 교훈
![Page 6: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/6.jpg)
SOLUTION #1
1ST APPROACH
▸ Network Node 분리
NETWORK
FIP
COMPUTE
PRIVATE
COMPUTE
PUBLIC
R
NETWORK
FIPR
![Page 7: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/7.jpg)
NOT ENOUGH
IS IT OK?
NETWORK
FIP
COMPUTE
R
![Page 8: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/8.jpg)
LOAD BALANCER
WORST CASE
NETWORK
FIP
COMPUTE
R
![Page 9: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/9.jpg)
SOLUTION #2
2ND APPROACH
![Page 10: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/10.jpg)
DVR?
DVR
NETWORK
COMPUTE COMPUTE
R
R R
FIP
![Page 11: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/11.jpg)
BETTER
나눠먹기 시작!
NETWORK
COMPUTE COMPUTE
R
R R
LOAD BALANCER
R FIP
FIP
![Page 12: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/12.jpg)
DVR로 얻은 것과 잃은 것
DVR의 빛과 그림자
▸ 버그...
▸ 장애 구간 검출
▸ 병목 감소
▸ 장애 포인트
![Page 13: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/13.jpg)
NOT ENOUGH YET
병목은 사라졌나?
NETWORK
COMPUTE COMPUTE
R
R R
LOAD BALANCER
R FIP
![Page 14: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/14.jpg)
NEW SOLUTION
LOAD BALANCER FARM
NETWORK
COMPUTE COMPUTE
R
R R
LOAD BALANCER FARM
LB LB LB
FUTURE
![Page 15: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/15.jpg)
또 다른 이슈
TENANT NETWORK 제한
4K vs 16M
![Page 16: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/16.jpg)
계속된 고난
고난의 VXLAN
▸ Flooding
▸ Performance
![Page 17: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/17.jpg)
DPDK
VxLAN Offloading
OVS upgrade
& Partitioning
그래서?
TODO
![Page 18: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/18.jpg)
개선점
남은 이슈는?
▸ DVR + HA Router
▸ Openstack Liberty
▸ Back port
▸ VxLAN 성능 개선
▸ Partitioning
![Page 19: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/19.jpg)
SUMMARY
SUMMARY
▸ Network node 당 Tenant의 수를 줄일 수 있는 방향으로구조 변경
▸ DVR + Network node 분리 성능/확장성 확보
▸ 더 이상 infra 전면 장애는 없음
![Page 20: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/20.jpg)
Q&A
![Page 21: TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형](https://reader031.fdocuments.net/reader031/viewer/2022021506/5870d6311a28ab64768b69ad/html5/thumbnails/21.jpg)
Thank you.