SDN AND OPENFLOWIMPLICATIONS AND PERSPECTIVES
Oct 22, 2013
Vinay Bannai
SDN Architect, PayPal (eBay Inc. company)
SDN DEFINITION
ONF definition
Separation of Control Plane and Forwarding Plane
Logically centralized Control Plane
Abstractions and Programmatic Interface to the Applications
SDN at PayPal
SDN is part of our larger effort to implement SDDC (Software Defined Data Center) and is
a critical component
SDDC : Orchestration of compute, storage and network
Part of our new network architecture
SOFTWARE DEFINED DATA CENTER
Block StorageCompute
Networking
Proprietary Vendor Solution
Object Storage
WHY NEW NETWORK ARCHITECTURE IS NEEDED?
Stranded Compute Capacity
Compute virtualization has been the key driver
Use Compute capacity wherever available irrespective of network zones and boundaries
Multi Tenancy
Different Cloud Clients with varying service and security requirements
Tenant isolation
Rigid Network Topologies
Design networks according to application needs instead of other way around
Automate Everything
Cloud Orchestration
USE CASES DRIVING SDN AT PAYPAL
Production
LTS deployment
Flex-up
Flex-down
Multi-tenancy
LIVE TO SITE – HOW IT IS DONE
6
DesignCollaborate & Review Code CI&CD
Capacity Release
Live to Site
StorageNetworking
LB TicketsFW
TicketsMisc
Tickets
Code Build/Test Deploy
LTS – WHAT WE LIKE TO SEE
PaaSIaaSLive in
FunctionRoll code
Partial Automated F/W config
Automated Add to LB
Automated Allocate Cache
Application Demand *
0 hours 0 hoursDemand 15 min
Provisioning IaaS Server
Automated Light Server
Automated provision per application
FLEX UP AND FLEX DOWN BURSTING
8
PaaS IaaS
Delete VM’sLTM DisableApplication Demand *
3-24 hrs 0 hoursDemand 15 min
Allocate to cache
Validate Capacity (3-24 hrs)
MULTI-TENANCY
App Svr
OS
VM
App Svr
OS
VM
App Svr
OS
VM
App Svr
OS
VM
App Svr
OS
VM
App Svr
OS
VM
Tenant B
Physical Network
Tenant A Tenant C
App Svr
OS
VM
App Svr
OS
VM
Network Virtualization
Router
OpenFlow Control Layer
SDNApp
SDNApp
SDNApp
OPENFLOW BASICS
OpenFlow
OPENFLOW BASICS
SERVICE NEEDS OF A TENANT IN A DATA CENTER
Compute and Storage
Network separation/isolation
Overlay networks (VXLAN, NVGRE, STT etc)
Provider networks (VLANs)
Three tier architecture
Logical switches and routers for the VM’s
Perimeter Firewalls and Security Groups
Load Balancers
etc
DATACENTER ARCHITECTURE
Internet
Racks
Layer-3 switchAccess
Data Center
Layer-3 switchAggregation
Layer-3 routerCore
Bisection BW
Bisection BW
Bisection BW
Internet
OF switches
Layer-3 switchAccess
Data Center
Layer-3 switchAggregation
Layer-3 routerCore
Bisection BW
Bisection BW
Bisection BW
VM VMVMVMVMVM VM VM VM VM
DATACENTER ARCHITECTURE WITH OPENFLOW VSWITCHES
EdgeLayer
DATACENTER ARCHITECTURE WITH OPENFLOW VSWITCHES
Layer-3 switch
Access
Data Center
VM
VM
VM
VM
VM
Racks Racks Racks
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Multi-Tenancy withOverlay Network
SDN Controller
Service API
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Firewall As A Service
VM
VM
VM
VM
VM
SDN Controller
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Distributed Firewall & SG
IMPORTANT IMPLICATIONS
Challenges due to organization structure
System Admins (manage compute infrastructure)
Network Admins (manage network infrastructure)
OF enabled Software Switches now reside in a computer server
There are lots of them!!
Networking Device sitting in a device controlled by IT admins
Different approaches to SDN’s
Pure Software play
Pure Hardware play
Hybrid Play
VM
VM
VM
VM
VM
Data CenterPhysical Network
SDN Controller
Service API
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Confidential and Proprietary20
• SDN is a component of our SDDC
• SDN is mostly pure software, but will move to Hybrid mode
• Enables agility, cuts cycle time
• OF soft switches reside in the hypervisors
• OF soft switches outnumber physical switches 50 to 1
• OF soft switches operate at the edge of the network
• Enable multi-tenancy with overlay and physical networks
• Enable distributed firewalls and security groups
SUMMARY
THANK YOU
Vinay Bannai, [email protected]
Top Related