SlideShare una empresa de Scribd logo

BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds

Adam Johnson
Adam Johnson

Presentation about the various approaches to network virtualization for infrastructure as a service (IaaS) clouds with an overview of MidoNet, an overlay based approach to network virtualization.

Tecnología
1 de 43
Descargar para leer sin conexión
MidoNet: Overlay-based Virtual Networking for IaaS Clouds March 21, 2013 Adam Johnson General Manager, Midokura @adjohn
Requirements uplink Provider Virtual Router (L3) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 2
Requirements uplink Isolated tenant Provider Virtual network (virtual Router (L3) data center) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 3
Requirements uplink Provider Virtual Router (L3) L3 isolation (similar to VPC and VRF) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 4
Requirements uplink Provider Virtual Router (L3) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Isolated L2 networks Copyright ©2012 Midokura All rights reserved 5
Requirements uplink Provider Virtual Redundant, optimized Router (L3) and fault-tolerant paths to the Internet (e.g. via BGP) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 6
Requirements uplink Provider Virtual Fault-tolerant Router (L3) devices and links Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 7
Requirements uplink Provider Virtual Router (L3) NAT, LB, and Firewalls Filtering Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 8
Requirements uplink Provider Virtual Router (L3) Tenant/Project A Tenant/Project B Tenant B L3 (and L2) VPNs Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 9
Requirements Solid integration with uplink Minimize ARP broadcasts by leading open CMS: exploiting CMS config OpenStack, CloudStack Provider Virtual DHCP, DNS and other RESTful API for CMS Router (L3) services integration and direct tenant access Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 10
Requirements: recap l  Multi-tenancy l Stateful NAT l  Scalable, fault-tolerant u  Port masquerading devices (or device- u  DNAT agnostic network l ACLs services). l Stateful (L4) Firewalls l  L2 isolation u  Security Groups l LB health checks l  L3 routing isolation l VPNs at L2 and L3 u  VPC u  Like VRF (virtual u  IPSec routing and fwd-ing) l REST API l  BGP gateway l Integration with CMS l  Scalable control plane u  OpenStack u  ARP, DHCP, ICMP u  CloudStack l  Floating IP Copyright ©2012 Midokura All rights reserved 11
How to build it? 1. Virtualized physical devices 2. Centrally controlled OpenFlow-based hop-by- hop switching fabric 3. Edge to edge overlays Copyright ©2012 Midokura All rights reserved 12
1 Virtualized physical devices VLAN VLAN1 VLAN2 l  4096 limit on number of unique tags l  Large spanning trees terminating on many hosts l  High churn in switch control planes due to MAC learning l Each VM is separate virtual MAC! l  Need MLAG for L2Copyright ©2012 Midokura(vendor specific) multi-path All rights reserved 13
1 Virtualized physical devices VLAN (more) VLAN1 VLAN2 l  L2 isolation l  What about L3 and Internet access? l  Use VRF or virtual appliances? Copyright ©2012 Midokura All rights reserved 14
1 Virtualized physical devices VRF VRF VRF VRF Core Product VLAN 20 Sales VLAN 10 VLAN 99 VLAN21 VLAN11 VLAN22 VLAN12 出典:http://infrastructureadventures.com/tag/vrf-lite/ l  Not scalable to cloud scale l  Expensive hardware l  Not fault tolerant (HSRP?) l  L2 and L3 isolation. What about NAT, LB, FW? Copyright ©2012 Midokura All rights reserved 15
2 OpenFlow hop-by-hop switch fabric OpenFlow Controller (Cluster) OpenFlow Switches l  Fabric extends to the compute host software switch? • State in each switch is proportional to the virtual network state • Need to update all switches in path when provisioning new virtual devices or updating them. • Not scalable, slowCopyright ©2012 Midokura All rights reserved and non-atomic switch updates. 16
2 OpenFlow hop-by-hop switch fabric (more) OpenFlow Controller (Cluster) OpenFlow Switches l  Flow rules for VM flows (microflows)? l  Flow rules for virtual device simulation? Copyright ©2012 Midokura All rights reserved 17
3  Edge-to-Edge Overlays Edge VM Edge Edge Edge Edge VM Edge Use scalable IGP (iBGP, OSPF) to build multi-path underlay Copyright ©2012 Midokura All rights reserved 18
3  Edge-to-Edge Overlays IP encapsulation provides isolation Edge VM Edge Edge Edge Edge VM Edge Copyright ©2012 Midokura All rights reserved 19
3  Edge-to-Edge Overlays Virtual network processing at ingress host, decoupled from Edge physical network VM Edge Edge Edge Edge VM Edge Copyright ©2012 Midokura All rights reserved 20
3  Edge-to-Edge Overlays Edge VM Edge Edge Edge Edge VM Edge Virtual network changes don't affect underlay state Copyright ©2012 Midokura All rights reserved 21
3  Edge-to-Edge Overlays • Packet processing on x86 CPUs (at edge) •  Intel DPDK facilitates packet processing •  Number of cores in servers increasing fast • Clos Networks (for underlay) •  Spine and Leaf architecture with IP •  Economical and high E-W bandwidth • Merchant silicon (cheap IP switches) •  Broadcom, Intel (Fulcrum Micro), Marvell •  ODMs (Quanta, Accton) starting to sell directly •  Switches are becoming just like Linux servers Copyright ©2012 Midokura All rights reserved 22
Overlays are the right approach! But not sufficient... We still need a scalable control plane. Copyright ©2012 Midokura All rights reserved 23
MidoNet SDN Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 Router vPort Tenant B vPort Virtual Virtual Router Switch B1 vPort Copyright ©2012 Midokura All rights reserved 24
MidoNet SDN Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 Router vPort Tenant B vPort Virtual Virtual Router Switch B1 vPort VM MN MN VM BGP BGP Multi To ISP1 Homing VM Internet BGP Private IP Network MN VM MN To ISP2 Tunnel BGP To ISP3 VM MN MN VM MN MN MN Network State Database Physical Topology Copyright ©2012 Midokura All rights reserved 25
MidoNet SDN Solution Distributed State MidoNet REST API Dashboard Copyright ©2012 Midokura All rights reserved 26
MidoNet SDN Solution Lazy state propagation Distributed State Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 27
MidoNet SDN Solution VM sends first packet; table Distributed State miss; NetLink upcall to MidoNet Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 28
MidoNet SDN Solution MidoNet agent locally processes packet (virtual Distributed State layer simulation); installs local flow (drop/mod/ fwd) Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 29
MidoNet SDN Solution Packet tunneled to Distributed State peer host; decap; kflow table miss; Netlink notifies peer MidoNet agent Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 30
MidoNet SDN Solution Distributed State MN agent maps tun-key to kernel datapath port#; installs fwd flow rule Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 31
MidoNet SDN Solution Subsequent packets Distributed State matched by flow rules at both ingress and egress hosts Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 32
MidoNet SDN Solution •  Distributed and scalable control plane Ø Handle all control packets at local MidoNet agent adjacent to VM •  Scalable and fault tolerant central database Ø Stores virtual network configuration Ø Dynamic network state ² MAC learning, ARP cache, etc Ø Cached at edges on demand •  All packet modifications at ingress Ø One virtual hop ² No travel through middle boxes Ø Drop at ingress Copyright ©2012 Midokura All rights reserved 33
MidoNet SDN Solution • Scalable edge gateway interface to external networks •  Multihomed BGP to ISP •  REST API and GUI •  Integration with popular open source cloud stacks •  OpenStack •  Removes SPOF of network node •  Scalable and fault tolerant NAT for floating IP •  Implements security groups efficiently •  CloudStack Copyright ©2012 Midokura All rights reserved 34
MidoNet SDN Solution Deep OpenStack Integration • Quantum Plugin •  L2 isolation, of course • Also… •  L3 isolation (without VM / appliance) •  Security groups (stateful firewall) •  Floating IP (NAT) •  Load balancing (L4) Copyright ©2012 Midokura All rights reserved 35
OpenStack Integration Horizon MidoNet Nova API Web GUI Manager (Web GUI) INTERNET Quantum Plugin RabbitMQ - Passing Keystone Queue MidoNet Edge Authentication MidoNet Edge MidoNet API MidoNet Edge Agent Agent Agent Compute Host API MidoNet MidoNet MidoNet Distributed Instance A1 Distributed Instance B1 Nova Quantum Distributed State Compute State State MidoNet Plugin MidoNet VIF Driver Libvirt driver MidoNet Datapath Agent Copyright ©2012 Midokura All rights reserved
MidoNet SDN Solution Future Directions • Scalable L7 virtual appliances • Content aware load balancer • MPLS VPN termination Ø Interconnect with carrier backbones • multiple data center federation Ø Virtual L2 between sites • LISP Ø Global IP mobility between sites Copyright ©2012 Midokura All rights reserved 37
MidoNet SDN Solution Conclusions • IaaS clouds require new networking model • Edge to edge overlays are the right approach • Servers are good enough at packet processing Ø  Can use them for edge gateways • Multipath IP network fabric is cheap and easy to build Copyright ©2012 Midokura All rights reserved 38
Questions? info@midokura.com We’re hiring http://midokura.com/careers/
MidoNet SDN Solution Backup Slides Copyright ©2012 Midokura All rights reserved 40
MidoNet SDN Solution Packet from VM, VPN, or external BGP peer enters kernel Tunnel datapath MN Packet Encapsulated Drop/Block Copyright ©2012 Midokura All rights reserved 41
MidoNet SDN Solution Tunnel MN Packet Encapsulated Drop/Block One flow rule reflecting the outcome of the virtual layer simulation AND the mapping of egress vport to peer host decides to drop or Copyright ©2012 Midokura All rights reserved fwd 42
Spine and Leaf Network Architecture e.g Force10 Z9000 Spine L3 Switch L3 Switch L3 Switch L3 Switch x4 IBGP and ECMP 4x40G Leaf L3 Switch L3 Switch L3 Switch x32 48x10G 1536 x 10G e.g Arista 7050T Copyright ©2012 Midokura All rights reserved 43

Recomendados

Making case up
Making case upMaking case up
Making case upKhazret Sapenov
 
Cloudstack collab talk
Cloudstack collab talkCloudstack collab talk
Cloudstack collab talkMidokura
 
Networking in the cloud: An SDN primer
Networking in the cloud: An SDN primerNetworking in the cloud: An SDN primer
Networking in the cloud: An SDN primerMidokura
 
Brokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessBrokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessimec.archive
 
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, VerimatrixMulti-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, VerimatrixVerimatrix
 
Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01ciperi
 
Telco Cloud - 02. Introduction to NFV - Network Function Virtualization
Telco Cloud - 02. Introduction to NFV - Network Function VirtualizationTelco Cloud - 02. Introduction to NFV - Network Function Virtualization
Telco Cloud - 02. Introduction to NFV - Network Function VirtualizationVikas Shokeen
 
evolution towards NGN
evolution towards NGNevolution towards NGN
evolution towards NGNAJAL A J
 

Recomendados

Making case up
Making case upMaking case up
Making case upKhazret Sapenov
 
Cloudstack collab talk
Cloudstack collab talkCloudstack collab talk
Cloudstack collab talkMidokura
 
Networking in the cloud: An SDN primer
Networking in the cloud: An SDN primerNetworking in the cloud: An SDN primer
Networking in the cloud: An SDN primerMidokura
 
Brokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessBrokerage 2007 presentation wireless
Brokerage 2007 presentation wirelessimec.archive
 
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, VerimatrixMulti-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, VerimatrixVerimatrix
 
Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01Bnova flyer blankomdigital_rev04_web_01
Bnova flyer blankomdigital_rev04_web_01ciperi
 
Telco Cloud - 02. Introduction to NFV - Network Function Virtualization
Telco Cloud - 02. Introduction to NFV - Network Function VirtualizationTelco Cloud - 02. Introduction to NFV - Network Function Virtualization
Telco Cloud - 02. Introduction to NFV - Network Function VirtualizationVikas Shokeen
 
evolution towards NGN
evolution towards NGNevolution towards NGN
evolution towards NGNAJAL A J
 
SDN Network virtualization, NFV & MPLS synergies
SDN Network virtualization, NFV & MPLS synergiesSDN Network virtualization, NFV & MPLS synergies
SDN Network virtualization, NFV & MPLS synergiesHector.Avalos
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixSao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixVerimatrix
 
Konfigurasi SCADA APD Semarang
Konfigurasi SCADA APD SemarangKonfigurasi SCADA APD Semarang
Konfigurasi SCADA APD SemarangAngga Rajasa
 
Quality of Experience
Quality of ExperienceQuality of Experience
Quality of ExperienceThomas Kernen
 
Release 5 arch and beyond v06
Release 5 arch and beyond v06Release 5 arch and beyond v06
Release 5 arch and beyond v06reza-nasrollah
 
Pstn Migration To Ngn
Pstn Migration To NgnPstn Migration To Ngn
Pstn Migration To NgnMike Fisher
 
Ibc forum 2012-divitel
Ibc forum 2012-divitelIbc forum 2012-divitel
Ibc forum 2012-divitelVerimatrix
 
10 fn s42
10 fn s4210 fn s42
10 fn s42Scott Foster
 
Intercloud Registry
Intercloud RegistryIntercloud Registry
Intercloud Registryguest236753
 
Netup dvb-tc-ci
Netup dvb-tc-ciNetup dvb-tc-ci
Netup dvb-tc-ciTELE-audiovision eng
 
CDMA Wireless Intelligent Network for Advanced Short Messaging Services
CDMA Wireless Intelligent Network for Advanced Short Messaging ServicesCDMA Wireless Intelligent Network for Advanced Short Messaging Services
CDMA Wireless Intelligent Network for Advanced Short Messaging ServicesShameer KC
 
2002023
20020232002023
2002023pglehn
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
통신시스템(Gprs network)
통신시스템(Gprs network)통신시스템(Gprs network)
통신시스템(Gprs network)영기 김
 
Unified MPLS
Unified MPLSUnified MPLS
Unified MPLSCisco Service Provider
 
Smart Meter Architectures and Interfaces - Dec 2010
Smart Meter Architectures and Interfaces - Dec 2010Smart Meter Architectures and Interfaces - Dec 2010
Smart Meter Architectures and Interfaces - Dec 2010Simon Harrison
 
A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011acaiani
 
Ims Services
Ims ServicesIms Services
Ims ServicesMarie-Paule Odini
 
Colt wholesale vpn customer presentation
Colt wholesale vpn customer presentationColt wholesale vpn customer presentation
Colt wholesale vpn customer presentationacaiani
 
Networking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN PrimerNetworking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN PrimerOpenStack Foundation
 
Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613OpenStack Foundation
 
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...Midokura
 

Más contenido relacionado

La actualidad más candente

SDN Network virtualization, NFV & MPLS synergies
SDN Network virtualization, NFV & MPLS synergiesSDN Network virtualization, NFV & MPLS synergies
SDN Network virtualization, NFV & MPLS synergiesHector.Avalos
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixSao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixVerimatrix
 
Konfigurasi SCADA APD Semarang
Konfigurasi SCADA APD SemarangKonfigurasi SCADA APD Semarang
Konfigurasi SCADA APD SemarangAngga Rajasa
 
Quality of Experience
Quality of ExperienceQuality of Experience
Quality of ExperienceThomas Kernen
 
Release 5 arch and beyond v06
Release 5 arch and beyond v06Release 5 arch and beyond v06
Release 5 arch and beyond v06reza-nasrollah
 
Pstn Migration To Ngn
Pstn Migration To NgnPstn Migration To Ngn
Pstn Migration To NgnMike Fisher
 
Ibc forum 2012-divitel
Ibc forum 2012-divitelIbc forum 2012-divitel
Ibc forum 2012-divitelVerimatrix
 
Intercloud Registry
Intercloud RegistryIntercloud Registry
Intercloud Registryguest236753
 
CDMA Wireless Intelligent Network for Advanced Short Messaging Services
CDMA Wireless Intelligent Network for Advanced Short Messaging ServicesCDMA Wireless Intelligent Network for Advanced Short Messaging Services
CDMA Wireless Intelligent Network for Advanced Short Messaging ServicesShameer KC
 
2002023
20020232002023
2002023pglehn
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
통신시스템(Gprs network)
통신시스템(Gprs network)통신시스템(Gprs network)
통신시스템(Gprs network)영기 김
 
Smart Meter Architectures and Interfaces - Dec 2010
Smart Meter Architectures and Interfaces - Dec 2010Smart Meter Architectures and Interfaces - Dec 2010
Smart Meter Architectures and Interfaces - Dec 2010Simon Harrison
 
A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011acaiani
 
Colt wholesale vpn customer presentation
Colt wholesale vpn customer presentationColt wholesale vpn customer presentation
Colt wholesale vpn customer presentationacaiani
 

La actualidad más candente (19)

SDN Network virtualization, NFV & MPLS synergies
SDN Network virtualization, NFV & MPLS synergiesSDN Network virtualization, NFV & MPLS synergies
SDN Network virtualization, NFV & MPLS synergies
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - VerimatrixSao Paulo Multi-network Event 2012 - Verimatrix
Sao Paulo Multi-network Event 2012 - Verimatrix
 
Konfigurasi SCADA APD Semarang
Konfigurasi SCADA APD SemarangKonfigurasi SCADA APD Semarang
Konfigurasi SCADA APD Semarang
 
Quality of Experience
Quality of ExperienceQuality of Experience
Quality of Experience
 
Release 5 arch and beyond v06
Release 5 arch and beyond v06Release 5 arch and beyond v06
Release 5 arch and beyond v06
 
Pstn Migration To Ngn
Pstn Migration To NgnPstn Migration To Ngn
Pstn Migration To Ngn
 
Ibc forum 2012-divitel
Ibc forum 2012-divitelIbc forum 2012-divitel
Ibc forum 2012-divitel
 
10 fn s42
10 fn s4210 fn s42
10 fn s42
 
Intercloud Registry
Intercloud RegistryIntercloud Registry
Intercloud Registry
 
Netup dvb-tc-ci
Netup dvb-tc-ciNetup dvb-tc-ci
Netup dvb-tc-ci
 
CDMA Wireless Intelligent Network for Advanced Short Messaging Services
CDMA Wireless Intelligent Network for Advanced Short Messaging ServicesCDMA Wireless Intelligent Network for Advanced Short Messaging Services
CDMA Wireless Intelligent Network for Advanced Short Messaging Services
 
2002023
20020232002023
2002023
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
통신시스템(Gprs network)
통신시스템(Gprs network)통신시스템(Gprs network)
통신시스템(Gprs network)
 
Unified MPLS
Unified MPLSUnified MPLS
Unified MPLS
 
Smart Meter Architectures and Interfaces - Dec 2010
Smart Meter Architectures and Interfaces - Dec 2010Smart Meter Architectures and Interfaces - Dec 2010
Smart Meter Architectures and Interfaces - Dec 2010
 
A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011A&B Solutions Data Product Portfolio External 12 07 2011
A&B Solutions Data Product Portfolio External 12 07 2011
 
Ims Services
Ims ServicesIms Services
Ims Services
 
Colt wholesale vpn customer presentation
Colt wholesale vpn customer presentationColt wholesale vpn customer presentation
Colt wholesale vpn customer presentation
 

Similar a BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds

Networking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN PrimerNetworking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN PrimerOpenStack Foundation
 
Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613OpenStack Foundation
 
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...Midokura
 
Chapter1 modified
Chapter1 modifiedChapter1 modified
Chapter1 modifiedanitajoel
 
Architecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudArchitecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudbradhedlund
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)hypervnu
 
Windows Server 8 Hyper V Networking
Windows Server 8 Hyper V NetworkingWindows Server 8 Hyper V Networking
Windows Server 8 Hyper V NetworkingAidan Finn
 
System Center 2012 SP1 Overview and Window Azure IaaS
System Center 2012 SP1 Overview and Window Azure IaaSSystem Center 2012 SP1 Overview and Window Azure IaaS
System Center 2012 SP1 Overview and Window Azure IaaSHarold Wong
 
Alcatellucentsdn2013
Alcatellucentsdn2013Alcatellucentsdn2013
Alcatellucentsdn2013deepersnet
 
Ryu: network operating system
Ryu: network operating systemRyu: network operating system
Ryu: network operating systemIsaku Yamahata
 
Quantum L3 (forwarding) model - OpenStack Folsom Design Summit
Quantum L3 (forwarding) model - OpenStack Folsom Design SummitQuantum L3 (forwarding) model - OpenStack Folsom Design Summit
Quantum L3 (forwarding) model - OpenStack Folsom Design SummitSumit Naiksatam
 
What’s new in vShield 5
What’s new in vShield 5What’s new in vShield 5
What’s new in vShield 5Eric Sloof
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignRandy Bias
 
Advanced network services insertions framework
Advanced network services insertions frameworkAdvanced network services insertions framework
Advanced network services insertions frameworksalv_orlando
 
How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?Etsuji Nakai
 

Similar a BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds (20)

Networking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN PrimerNetworking in the Cloud: An SDN Primer
Networking in the Cloud: An SDN Primer
 
Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613Cherian networking in_the_cloud_041613
Cherian networking in_the_cloud_041613
 
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
 
Chapter1 modified
Chapter1 modifiedChapter1 modified
Chapter1 modified
 
Architecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudArchitecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloud
 
mumbai network diagram
mumbai network diagrammumbai network diagram
mumbai network diagram
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)
 
Windows Server 8 Hyper V Networking
Windows Server 8 Hyper V NetworkingWindows Server 8 Hyper V Networking
Windows Server 8 Hyper V Networking
 
System Center 2012 SP1 Overview and Window Azure IaaS
System Center 2012 SP1 Overview and Window Azure IaaSSystem Center 2012 SP1 Overview and Window Azure IaaS
System Center 2012 SP1 Overview and Window Azure IaaS
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
MidoNet 101
MidoNet 101MidoNet 101
MidoNet 101
 
Deep Dive Into Quantum
Deep Dive Into QuantumDeep Dive Into Quantum
Deep Dive Into Quantum
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual Environments
 
Alcatellucentsdn2013
Alcatellucentsdn2013Alcatellucentsdn2013
Alcatellucentsdn2013
 
Ryu: network operating system
Ryu: network operating systemRyu: network operating system
Ryu: network operating system
 
Quantum L3 (forwarding) model - OpenStack Folsom Design Summit
Quantum L3 (forwarding) model - OpenStack Folsom Design SummitQuantum L3 (forwarding) model - OpenStack Folsom Design Summit
Quantum L3 (forwarding) model - OpenStack Folsom Design Summit
 
What’s new in vShield 5
What’s new in vShield 5What’s new in vShield 5
What’s new in vShield 5
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network Design
 
Advanced network services insertions framework
Advanced network services insertions frameworkAdvanced network services insertions framework
Advanced network services insertions framework
 
How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?How Quantum configures Virtual Networks under the Hood?
How Quantum configures Virtual Networks under the Hood?
 

Último

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Último (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds

  • 1. MidoNet: Overlay-based Virtual Networking for IaaS Clouds March 21, 2013 Adam Johnson General Manager, Midokura @adjohn
  • 2. Requirements uplink Provider Virtual Router (L3) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 2
  • 3. Requirements uplink Isolated tenant Provider Virtual network (virtual Router (L3) data center) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 3
  • 4. Requirements uplink Provider Virtual Router (L3) L3 isolation (similar to VPC and VRF) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 4
  • 5. Requirements uplink Provider Virtual Router (L3) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Isolated L2 networks Copyright ©2012 Midokura All rights reserved 5
  • 6. Requirements uplink Provider Virtual Redundant, optimized Router (L3) and fault-tolerant paths to the Internet (e.g. via BGP) Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 6
  • 7. Requirements uplink Provider Virtual Fault-tolerant Router (L3) devices and links Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 7
  • 8. Requirements uplink Provider Virtual Router (L3) NAT, LB, and Firewalls Filtering Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 8
  • 9. Requirements uplink Provider Virtual Router (L3) Tenant/Project A Tenant/Project B Tenant B L3 (and L2) VPNs Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 9
  • 10. Requirements Solid integration with uplink Minimize ARP broadcasts by leading open CMS: exploiting CMS config OpenStack, CloudStack Provider Virtual DHCP, DNS and other RESTful API for CMS Router (L3) services integration and direct tenant access Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network Copyright ©2012 Midokura All rights reserved 10
  • 11. Requirements: recap l  Multi-tenancy l Stateful NAT l  Scalable, fault-tolerant u  Port masquerading devices (or device- u  DNAT agnostic network l ACLs services). l Stateful (L4) Firewalls l  L2 isolation u  Security Groups l LB health checks l  L3 routing isolation l VPNs at L2 and L3 u  VPC u  Like VRF (virtual u  IPSec routing and fwd-ing) l REST API l  BGP gateway l Integration with CMS l  Scalable control plane u  OpenStack u  ARP, DHCP, ICMP u  CloudStack l  Floating IP Copyright ©2012 Midokura All rights reserved 11
  • 12. How to build it? 1. Virtualized physical devices 2. Centrally controlled OpenFlow-based hop-by- hop switching fabric 3. Edge to edge overlays Copyright ©2012 Midokura All rights reserved 12
  • 13. 1 Virtualized physical devices VLAN VLAN1 VLAN2 l  4096 limit on number of unique tags l  Large spanning trees terminating on many hosts l  High churn in switch control planes due to MAC learning l Each VM is separate virtual MAC! l  Need MLAG for L2Copyright ©2012 Midokura(vendor specific) multi-path All rights reserved 13
  • 14. 1 Virtualized physical devices VLAN (more) VLAN1 VLAN2 l  L2 isolation l  What about L3 and Internet access? l  Use VRF or virtual appliances? Copyright ©2012 Midokura All rights reserved 14
  • 15. 1 Virtualized physical devices VRF VRF VRF VRF Core Product VLAN 20 Sales VLAN 10 VLAN 99 VLAN21 VLAN11 VLAN22 VLAN12 出典:http://infrastructureadventures.com/tag/vrf-lite/ l  Not scalable to cloud scale l  Expensive hardware l  Not fault tolerant (HSRP?) l  L2 and L3 isolation. What about NAT, LB, FW? Copyright ©2012 Midokura All rights reserved 15
  • 16. 2 OpenFlow hop-by-hop switch fabric OpenFlow Controller (Cluster) OpenFlow Switches l  Fabric extends to the compute host software switch? • State in each switch is proportional to the virtual network state • Need to update all switches in path when provisioning new virtual devices or updating them. • Not scalable, slowCopyright ©2012 Midokura All rights reserved and non-atomic switch updates. 16
  • 17. 2 OpenFlow hop-by-hop switch fabric (more) OpenFlow Controller (Cluster) OpenFlow Switches l  Flow rules for VM flows (microflows)? l  Flow rules for virtual device simulation? Copyright ©2012 Midokura All rights reserved 17
  • 18. 3  Edge-to-Edge Overlays Edge VM Edge Edge Edge Edge VM Edge Use scalable IGP (iBGP, OSPF) to build multi-path underlay Copyright ©2012 Midokura All rights reserved 18
  • 19. 3  Edge-to-Edge Overlays IP encapsulation provides isolation Edge VM Edge Edge Edge Edge VM Edge Copyright ©2012 Midokura All rights reserved 19
  • 20. 3  Edge-to-Edge Overlays Virtual network processing at ingress host, decoupled from Edge physical network VM Edge Edge Edge Edge VM Edge Copyright ©2012 Midokura All rights reserved 20
  • 21. 3  Edge-to-Edge Overlays Edge VM Edge Edge Edge Edge VM Edge Virtual network changes don't affect underlay state Copyright ©2012 Midokura All rights reserved 21
  • 22. 3  Edge-to-Edge Overlays • Packet processing on x86 CPUs (at edge) •  Intel DPDK facilitates packet processing •  Number of cores in servers increasing fast • Clos Networks (for underlay) •  Spine and Leaf architecture with IP •  Economical and high E-W bandwidth • Merchant silicon (cheap IP switches) •  Broadcom, Intel (Fulcrum Micro), Marvell •  ODMs (Quanta, Accton) starting to sell directly •  Switches are becoming just like Linux servers Copyright ©2012 Midokura All rights reserved 22
  • 23. Overlays are the right approach! But not sufficient... We still need a scalable control plane. Copyright ©2012 Midokura All rights reserved 23
  • 24. MidoNet SDN Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 Router vPort Tenant B vPort Virtual Virtual Router Switch B1 vPort Copyright ©2012 Midokura All rights reserved 24
  • 25. MidoNet SDN Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 Router vPort Tenant B vPort Virtual Virtual Router Switch B1 vPort VM MN MN VM BGP BGP Multi To ISP1 Homing VM Internet BGP Private IP Network MN VM MN To ISP2 Tunnel BGP To ISP3 VM MN MN VM MN MN MN Network State Database Physical Topology Copyright ©2012 Midokura All rights reserved 25
  • 26. MidoNet SDN Solution Distributed State MidoNet REST API Dashboard Copyright ©2012 Midokura All rights reserved 26
  • 27. MidoNet SDN Solution Lazy state propagation Distributed State Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 27
  • 28. MidoNet SDN Solution VM sends first packet; table Distributed State miss; NetLink upcall to MidoNet Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 28
  • 29. MidoNet SDN Solution MidoNet agent locally processes packet (virtual Distributed State layer simulation); installs local flow (drop/mod/ fwd) Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 29
  • 30. MidoNet SDN Solution Packet tunneled to Distributed State peer host; decap; kflow table miss; Netlink notifies peer MidoNet agent Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 30
  • 31. MidoNet SDN Solution Distributed State MN agent maps tun-key to kernel datapath port#; installs fwd flow rule Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 31
  • 32. MidoNet SDN Solution Subsequent packets Distributed State matched by flow rules at both ingress and egress hosts Host A Host B MidoNet MidoNet VM1 Ctrl VM2 Ctrl Linux Kernel + OVS KMOD Linux Kernel + OVS KMOD HW HW Copyright ©2012 Midokura All rights reserved 32
  • 33. MidoNet SDN Solution •  Distributed and scalable control plane Ø Handle all control packets at local MidoNet agent adjacent to VM •  Scalable and fault tolerant central database Ø Stores virtual network configuration Ø Dynamic network state ² MAC learning, ARP cache, etc Ø Cached at edges on demand •  All packet modifications at ingress Ø One virtual hop ² No travel through middle boxes Ø Drop at ingress Copyright ©2012 Midokura All rights reserved 33
  • 34. MidoNet SDN Solution • Scalable edge gateway interface to external networks •  Multihomed BGP to ISP •  REST API and GUI •  Integration with popular open source cloud stacks •  OpenStack •  Removes SPOF of network node •  Scalable and fault tolerant NAT for floating IP •  Implements security groups efficiently •  CloudStack Copyright ©2012 Midokura All rights reserved 34
  • 35. MidoNet SDN Solution Deep OpenStack Integration • Quantum Plugin •  L2 isolation, of course • Also… •  L3 isolation (without VM / appliance) •  Security groups (stateful firewall) •  Floating IP (NAT) •  Load balancing (L4) Copyright ©2012 Midokura All rights reserved 35
  • 36. OpenStack Integration Horizon MidoNet Nova API Web GUI Manager (Web GUI) INTERNET Quantum Plugin RabbitMQ - Passing Keystone Queue MidoNet Edge Authentication MidoNet Edge MidoNet API MidoNet Edge Agent Agent Agent Compute Host API MidoNet MidoNet MidoNet Distributed Instance A1 Distributed Instance B1 Nova Quantum Distributed State Compute State State MidoNet Plugin MidoNet VIF Driver Libvirt driver MidoNet Datapath Agent Copyright ©2012 Midokura All rights reserved
  • 37. MidoNet SDN Solution Future Directions • Scalable L7 virtual appliances • Content aware load balancer • MPLS VPN termination Ø Interconnect with carrier backbones • multiple data center federation Ø Virtual L2 between sites • LISP Ø Global IP mobility between sites Copyright ©2012 Midokura All rights reserved 37
  • 38. MidoNet SDN Solution Conclusions • IaaS clouds require new networking model • Edge to edge overlays are the right approach • Servers are good enough at packet processing Ø  Can use them for edge gateways • Multipath IP network fabric is cheap and easy to build Copyright ©2012 Midokura All rights reserved 38
  • 39. Questions? info@midokura.com We’re hiring http://midokura.com/careers/
  • 40. MidoNet SDN Solution Backup Slides Copyright ©2012 Midokura All rights reserved 40
  • 41. MidoNet SDN Solution Packet from VM, VPN, or external BGP peer enters kernel Tunnel datapath MN Packet Encapsulated Drop/Block Copyright ©2012 Midokura All rights reserved 41
  • 42. MidoNet SDN Solution Tunnel MN Packet Encapsulated Drop/Block One flow rule reflecting the outcome of the virtual layer simulation AND the mapping of egress vport to peer host decides to drop or Copyright ©2012 Midokura All rights reserved fwd 42
  • 43. Spine and Leaf Network Architecture e.g Force10 Z9000 Spine L3 Switch L3 Switch L3 Switch L3 Switch x4 IBGP and ECMP 4x40G Leaf L3 Switch L3 Switch L3 Switch x32 48x10G 1536 x 10G e.g Arista 7050T Copyright ©2012 Midokura All rights reserved 43