SlideShare una empresa de Scribd logo

Hong kongopenstack2013 sdn_bluehost

Descargar como PPTX, PDF
Jun Park
Jun Park

Used for my talk in the OpenStack summit 2013 at Hong Kong. http://www.youtube.com/watch?v=BOAvDHOo6U4

TecnologíaEmpresariales
1 de 24
Towards Truly Open And Commoditized SDN In OpenStack Jun Park (Ph.D.) Senior Systems Architect EIG/Bluehost OpenStack Summit 2013 at Hong Kong
• OpenStack Meets Software-Defined-Networking • Why Does OpenStack need SDN? • Why Does SDN need OpenStack? EIG/Bluehost 2
L2 Fabric VM1 Keep Public IP Address, Rack MAC Address VM2 Rack QoS, Isolation, ACL, Firewall Tenant isolated networks Rack VM3 Rack This is exactly a killer app of SDN! EIG/Bluehost 3
Key Points of L2 Fabric Simple Data Forwarding No L3 Agent, No NAT No Unknown Traffic Plane Avoid Performance Overhead Seamless & Straightforward VM Migration EIG/Bluehost High Entropy in Packets : Desired for multipath 4
# neutron port-list For 20,000 ports EIG/Bluehost 5
Now 3 Seconds With Optimization EIG/Bluehost 6
SDN Controller When Something Closed… NOX/POX NEC 3? BigSwitch Onix Ryu Nicira 4? FloodLight OpenDayLight EIG/Bluehost 7
General SDN Architecture • Open Flow rules – Forwarding plane – No Src MAC learning • Timing – Reactive vs. Proactive • Transition – Traditional ports -> Open Flow ports – Pure Open Flow vs. Hybrid port • Max # of Open Flow rules – 4K – 120K, more or less – How many rules bundled up EIG/Bluehost External Entity Northbound API SDN Controllers SDN Application Control Logic Network Topology • Distributed vs. Single Southbound API OpenFlow Switch 8
Current OpenStack SDN Approach 1. Request to create a virtual interface (vif) Neutron-server SDN Controller(s) 3. Call rest api to SDN controller 2. Create a vif in DB Neutron DB • Intended to be minimal functionality on agent • SDN controllers own control logic • No RPC from Neutron server to agent • Who creates OVS vif and externalids? Answer: Nova-compute, why? EIG/Bluehost SDN Application Network Info Base (NIB) 4. Deploy OpenFlow Rules Compute node Openvswitch (OVS) Neutron agent 0. Agent prepares basic OVS structure 9
Current OpenStack SDN Approach 1. Request to create a vif 3. Call rest api to SDN controller Neutron-server SDN Controller(s) SDN Application Network Info Base (NIB) 2. Create a vif in DB Neutron DB Doesn’t Scale! node node node node Compute node Node > 18,000 OpenvSwitch EIG/Bluehost Hundreds of TOR physical switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches 10
OK, Questions We Got! Q: What is a truly scalable SDN solution now? Q: Can you use a different approach? A: Not yet, but will be. A: Nope. Q: When? Q: Why not? A: Who knows! A: Vendors working on it. EIG/Bluehost 11
Observations & Ideas Compute node VM1 Openvswitch Neutron agent VM2 VM3 • Observations – Neutron agent already fully distributed on compute nodes – OpenFlow rules on a compute node specific to its own VMs only • Ideas – Why not add SDN controller functionality to Neutron agent? – Deploy necessary OpenFlow rules in a right time via Neutron agent EIG/Bluehost 12
Bluehost OpenStack SDN Approach 1. Request to create a vif 3. Call rest api to SDN controller Neutron-server 2. Create a vif in DB Neutron DB Compute node Openvswitch 4. Deploy OpenFlow rules Neutron agent SDN Controller(s) SDN Application Network Info Base (NIB) Hundreds of TOR physical switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches 4. SDN controllers deploy OpenFlow rules on physical switches. 3. Agent receives RPC calls EIG/Bluehost 13
Edge vs. Fabric § Separation of Control: “The fabric is responsible for packet transport across the network, while the edge is responsible for providing more semantically rich services such as network security, isolation, and mobility.” HotSDN’12, “Fabric: A Retrospective on Evolving SDN” Martín Casado, Teemu Koponen, Scott Shenker, Amin Tootoonchian EIG/Bluehost 14
Key Services Achieved Via Neutron Only Tenant3 Tenant1 Tenant2 Isolated on flat network vif1 Firewall Rules 11.22.33.8 11.22.33.4 11.22.33.5 vif2 vif3 QoS: Bandwidth EIG/Bluehost 11.22.33.7 Multiple IPs per vif 11.22.33.6 Anti-IP spoofing per vif 15
Under The Hood QoS, Anti-IP Spoofing, VM-to-VM • Deploy QoS for • DMAC matching for incoming packets outgoing packets • TPA matching in ARP query VM1 vif1 br-int-eth0 10 Mbps For VM1, VM2, … VMn, src_mac, dst_mac -> VM vif => O(n^2) pair of veth • Anti-IP spoofing: SRC IP matching for outgoing packets phy-br-eth0 Public Networks br-int br-eth0 eth0 50 Mbps VM2 EIG/Bluehost vif2 16
Reduce OpenFlow Rules For VM-to-VM Traffic VM1 vif1 br-int-eth0 10 Mbps pair of veth phy-br-eth0 Public Networks br-int vif2 eth0 dst_mac -> phy-loopback => O(n) 50 Mbps VM2 br-eth0 Int-loopback pair of veth phy-loopback dst_mac -> VM vif => O(n) EIG/Bluehost 17
Firewall Rules ~= Security Group • • • Firewall Rules for Incoming packets • Protocol (TCP, UDP, ICMP) & Ports VM1 vif1 br-int-eth0 pair of veth br-int Firewall Rules for outgoing packets Protocol (TCP, UDP, ICMP) & Ports phy-br-eth0 br-eth0 eth0 Public Networks VM2 EIG/Bluehost vif2 Int-loopback pair of veth phy-loopback 18
Tenant Networks Unicast: AMAC <-> PMAC External SDN Controller(s) Bundle Up PMAC Core Switches Only See PMAC Only See PMAC ToR Switches L2 Fabric ToR Switches Neutron Actual MAC -> Neutron PMAC -> AMAC Positional MAC Agent Agent Host Host Open vSwitch ARP Proxy or Not? VM VM Open vSwitch EIG/Bluehost Path Determination 19
Tenant Networks Unicast: Overlay Networks External SDN Controller(s) Core Switches See Normal UDP/TCP ToR Switches L2 or L3 Fabric Neutron Overlay Network Agent Tunnels Host VM Open vSwitch EIG/Bluehost See Normal UDP/TCP ToR Switches Overlay Network Neutron Tunnels Agent Host Open vSwitch VM VXLAN, STT, GRE 20
Tenant Networks Multicast/Broadcast Core Switches ToR Switches ToR Switches ToR Switches VM VM EIG/Bluehost VM VM 21
Tenant Networks Multicast/Broadcast Core Switches ToR Switches ToR Switches Generate Multiple Unicast Packets VM ToR Switches VM VM VM EIG/Bluehost 22
We Need Truly Open, Commoditized SDN Solutions! EIG/Bluehost Willing To Contribute! EIG/Bluehost 23
Thanks! • Design Summit for Neutron – http://summit.openstack.org/cfp/details/311 EIG/Bluehost 24

Recomendados

Intro to OpenStack Astara (Spring '16)
Intro to OpenStack Astara (Spring '16)Intro to OpenStack Astara (Spring '16)
Intro to OpenStack Astara (Spring '16)markmcclain
 
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...Cloud Native Day Tel Aviv
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Cloud Native Day Tel Aviv
 
NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus Hirofumi Ichihara
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...OpenStack Korea Community
 
Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...RedHatTelco
 
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFVOpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFVCloud Native Day Tel Aviv
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysCumulus Networks
 

Recomendados

Intro to OpenStack Astara (Spring '16)
Intro to OpenStack Astara (Spring '16)Intro to OpenStack Astara (Spring '16)
Intro to OpenStack Astara (Spring '16)markmcclain
 
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...
OpenDaylight Netvirt and Neutron - Mike Kolesnik, Josh Hershberg - OpenStack ...Cloud Native Day Tel Aviv
 
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Cloud Native Day Tel Aviv
 
NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus Hirofumi Ichihara
 
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...
[OpenStack Day in Korea 2015] Track 3-6 - Archiectural Overview of the Open S...OpenStack Korea Community
 
Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...Using Software-Defined WAN implementation to turn on advanced connectivity se...
Using Software-Defined WAN implementation to turn on advanced connectivity se...RedHatTelco
 
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFVOpenStack and OpenDaylight: An Integrated IaaS for SDN/NFV
OpenStack and OpenDaylight: An Integrated IaaS for SDN/NFVCloud Native Day Tel Aviv
 
Accelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysAccelerating SDN Applications with Open Source Network Overlays
Accelerating SDN Applications with Open Source Network OverlaysCumulus Networks
 
Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...
Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...
Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...Cloud Native Day Tel Aviv
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Cloud Native Day Tel Aviv
 
OpenContrail deployment experience
OpenContrail deployment experienceOpenContrail deployment experience
OpenContrail deployment experienceJakub Pavlik
 
Open daylight and Openstack
Open daylight and OpenstackOpen daylight and Openstack
Open daylight and OpenstackDave Neary
 
OpenVirtex (OVX) Tutorial
OpenVirtex (OVX) TutorialOpenVirtex (OVX) Tutorial
OpenVirtex (OVX) Tutorial동호 손
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBLFei Ji Siao
 
OpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - MeetupOpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - MeetupCloud Native Day Tel Aviv
 
MidoNet 101
MidoNet 101MidoNet 101
MidoNet 101alexbikfalvi
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerLew Tucker
 
Kubernetes OpenContrail Meetup
Kubernetes OpenContrail MeetupKubernetes OpenContrail Meetup
Kubernetes OpenContrail MeetupLachlan Evenson
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleMarketingArrowECS_CZ
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networkingyfauser
 
OpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt FeedbackOpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt Feedbackethuleau
 
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013Randy Bias
 
Nvp deep dive_session_cee-day
Nvp deep dive_session_cee-dayNvp deep dive_session_cee-day
Nvp deep dive_session_cee-dayyfauser
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesAnil Bidari ( CEO , Cloud Enabled)
 
OpenDaylight: an open source SDN for your OpenStack cloud
OpenDaylight: an open source SDN for your OpenStack cloudOpenDaylight: an open source SDN for your OpenStack cloud
OpenDaylight: an open source SDN for your OpenStack cloudAnees Shaikh
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 

Más contenido relacionado

La actualidad más candente

Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...
Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...
Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...Cloud Native Day Tel Aviv
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Cloud Native Day Tel Aviv
 
OpenContrail deployment experience
OpenContrail deployment experienceOpenContrail deployment experience
OpenContrail deployment experienceJakub Pavlik
 
Open daylight and Openstack
Open daylight and OpenstackOpen daylight and Openstack
Open daylight and OpenstackDave Neary
 
OpenVirtex (OVX) Tutorial
OpenVirtex (OVX) TutorialOpenVirtex (OVX) Tutorial
OpenVirtex (OVX) Tutorial동호 손
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBLFei Ji Siao
 
OpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - MeetupOpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - MeetupCloud Native Day Tel Aviv
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerLew Tucker
 
Kubernetes OpenContrail Meetup
Kubernetes OpenContrail MeetupKubernetes OpenContrail Meetup
Kubernetes OpenContrail MeetupLachlan Evenson
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleMarketingArrowECS_CZ
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networkingyfauser
 
OpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt FeedbackOpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt Feedbackethuleau
 
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013Randy Bias
 
Nvp deep dive_session_cee-day
Nvp deep dive_session_cee-dayNvp deep dive_session_cee-day
Nvp deep dive_session_cee-dayyfauser
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
OpenDaylight: an open source SDN for your OpenStack cloud
OpenDaylight: an open source SDN for your OpenStack cloudOpenDaylight: an open source SDN for your OpenStack cloud
OpenDaylight: an open source SDN for your OpenStack cloudAnees Shaikh
 

La actualidad más candente (20)

Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...
Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...
Cloud Networking - Leaving the Physical Behind - Omer Anson - OpenStack Day I...
 
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
Can the Open vSwitch (OVS) bottleneck be resolved? - Erez Cohen - OpenStack D...
 
OpenContrail deployment experience
OpenContrail deployment experienceOpenContrail deployment experience
OpenContrail deployment experience
 
Open daylight and Openstack
Open daylight and OpenstackOpen daylight and Openstack
Open daylight and Openstack
 
OpenVirtex (OVX) Tutorial
OpenVirtex (OVX) TutorialOpenVirtex (OVX) Tutorial
OpenVirtex (OVX) Tutorial
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBL
 
OpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - MeetupOpenStack Discovery and Networking Assurance - Koren Lev - Meetup
OpenStack Discovery and Networking Assurance - Koren Lev - Meetup
 
MidoNet 101
MidoNet 101MidoNet 101
MidoNet 101
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew Tucker
 
Kubernetes OpenContrail Meetup
Kubernetes OpenContrail MeetupKubernetes OpenContrail Meetup
Kubernetes OpenContrail Meetup
 
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
2014 OpenStack Summit - Neutron OVS to LinuxBridge Migration
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at Scale
 
Linux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack NetworkingLinux Tag 2014 OpenStack Networking
Linux Tag 2014 OpenStack Networking
 
OpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt FeedbackOpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt Feedback
 
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
SFBay OpenStack Meetup // Neutron and SDN in Production – Dec 3 2013
 
Nvp deep dive_session_cee-day
Nvp deep dive_session_cee-dayNvp deep dive_session_cee-day
Nvp deep dive_session_cee-day
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the Scenes
 
OpenDaylight: an open source SDN for your OpenStack cloud
OpenDaylight: an open source SDN for your OpenStack cloudOpenDaylight: an open source SDN for your OpenStack cloud
OpenDaylight: an open source SDN for your OpenStack cloud
 

Similar a Hong kongopenstack2013 sdn_bluehost

SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networkingmarkmcclain
 
Technical introduction to MidoNet
Technical introduction to MidoNetTechnical introduction to MidoNet
Technical introduction to MidoNetMidoNet
 
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Công TÔ
 
ONOS-based Location and Load aware Virtually Dedicated Container Networking o...
ONOS-based Location and Load aware Virtually Dedicated Container Networking o...ONOS-based Location and Load aware Virtually Dedicated Container Networking o...
ONOS-based Location and Load aware Virtually Dedicated Container Networking o...APNIC
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysAdam Johnson
 
Open stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeOpen stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeJunho Suh
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
Sdn dell lab report v2
Sdn dell lab report v2Sdn dell lab report v2
Sdn dell lab report v2Oded Rotter
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationSDN Hub
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksOperators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksJakub Pavlik
 
DevOops - Lessons Learned from an OpenStack Network Architect
DevOops - Lessons Learned from an OpenStack Network ArchitectDevOops - Lessons Learned from an OpenStack Network Architect
DevOops - Lessons Learned from an OpenStack Network ArchitectJames Denton
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
4th SDN Interest Group Seminar-Session 2-2(130313)
4th SDN Interest Group Seminar-Session 2-2(130313)4th SDN Interest Group Seminar-Session 2-2(130313)
4th SDN Interest Group Seminar-Session 2-2(130313)NAIM Networks, Inc.
 
MidoNet gives OpenStack Neutron a Boost
MidoNet gives OpenStack Neutron a BoostMidoNet gives OpenStack Neutron a Boost
MidoNet gives OpenStack Neutron a BoostOpenStack_Online
 
OpenStack Neutron Behind The Senes
OpenStack Neutron Behind The SenesOpenStack Neutron Behind The Senes
OpenStack Neutron Behind The Senesopenstackindia
 

Similar a Hong kongopenstack2013 sdn_bluehost (20)

SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
Technical introduction to MidoNet
Technical introduction to MidoNetTechnical introduction to MidoNet
Technical introduction to MidoNet
 
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
Yechielthur1100red hat-cloud-infrastructure-networking-deep-dive-140417165107...
 
ONOS-based Location and Load aware Virtually Dedicated Container Networking o...
ONOS-based Location and Load aware Virtually Dedicated Container Networking o...ONOS-based Location and Load aware Virtually Dedicated Container Networking o...
ONOS-based Location and Load aware Virtually Dedicated Container Networking o...
 
Improving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization OverlaysImproving performance and efficiency with Network Virtualization Overlays
Improving performance and efficiency with Network Virtualization Overlays
 
Open stackdaykorea2016 wedge
Open stackdaykorea2016 wedgeOpen stackdaykorea2016 wedge
Open stackdaykorea2016 wedge
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
Sdn dell lab report v2
Sdn dell lab report v2Sdn dell lab report v2
Sdn dell lab report v2
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network Virtualization
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksOperators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 Networks
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
DevOops - Lessons Learned from an OpenStack Network Architect
DevOops - Lessons Learned from an OpenStack Network ArchitectDevOops - Lessons Learned from an OpenStack Network Architect
DevOops - Lessons Learned from an OpenStack Network Architect
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
Opencontrail network virtualization
Opencontrail network virtualizationOpencontrail network virtualization
Opencontrail network virtualization
 
OpenStack sdn
OpenStack sdnOpenStack sdn
OpenStack sdn
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
4th SDN Interest Group Seminar-Session 2-2(130313)
4th SDN Interest Group Seminar-Session 2-2(130313)4th SDN Interest Group Seminar-Session 2-2(130313)
4th SDN Interest Group Seminar-Session 2-2(130313)
 
MidoNet gives OpenStack Neutron a Boost
MidoNet gives OpenStack Neutron a BoostMidoNet gives OpenStack Neutron a Boost
MidoNet gives OpenStack Neutron a Boost
 
OpenStack Neutron Behind The Senes
OpenStack Neutron Behind The SenesOpenStack Neutron Behind The Senes
OpenStack Neutron Behind The Senes
 

Último

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Último (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Hong kongopenstack2013 sdn_bluehost

  • 1. Towards Truly Open And Commoditized SDN In OpenStack Jun Park (Ph.D.) Senior Systems Architect EIG/Bluehost OpenStack Summit 2013 at Hong Kong
  • 2. • OpenStack Meets Software-Defined-Networking • Why Does OpenStack need SDN? • Why Does SDN need OpenStack? EIG/Bluehost 2
  • 3. L2 Fabric VM1 Keep Public IP Address, Rack MAC Address VM2 Rack QoS, Isolation, ACL, Firewall Tenant isolated networks Rack VM3 Rack This is exactly a killer app of SDN! EIG/Bluehost 3
  • 4. Key Points of L2 Fabric Simple Data Forwarding No L3 Agent, No NAT No Unknown Traffic Plane Avoid Performance Overhead Seamless & Straightforward VM Migration EIG/Bluehost High Entropy in Packets : Desired for multipath 4
  • 5. # neutron port-list For 20,000 ports EIG/Bluehost 5
  • 6. Now 3 Seconds With Optimization EIG/Bluehost 6
  • 7. SDN Controller When Something Closed… NOX/POX NEC 3? BigSwitch Onix Ryu Nicira 4? FloodLight OpenDayLight EIG/Bluehost 7
  • 8. General SDN Architecture • Open Flow rules – Forwarding plane – No Src MAC learning • Timing – Reactive vs. Proactive • Transition – Traditional ports -> Open Flow ports – Pure Open Flow vs. Hybrid port • Max # of Open Flow rules – 4K – 120K, more or less – How many rules bundled up EIG/Bluehost External Entity Northbound API SDN Controllers SDN Application Control Logic Network Topology • Distributed vs. Single Southbound API OpenFlow Switch 8
  • 9. Current OpenStack SDN Approach 1. Request to create a virtual interface (vif) Neutron-server SDN Controller(s) 3. Call rest api to SDN controller 2. Create a vif in DB Neutron DB • Intended to be minimal functionality on agent • SDN controllers own control logic • No RPC from Neutron server to agent • Who creates OVS vif and externalids? Answer: Nova-compute, why? EIG/Bluehost SDN Application Network Info Base (NIB) 4. Deploy OpenFlow Rules Compute node Openvswitch (OVS) Neutron agent 0. Agent prepares basic OVS structure 9
  • 10. Current OpenStack SDN Approach 1. Request to create a vif 3. Call rest api to SDN controller Neutron-server SDN Controller(s) SDN Application Network Info Base (NIB) 2. Create a vif in DB Neutron DB Doesn’t Scale! node node node node Compute node Node > 18,000 OpenvSwitch EIG/Bluehost Hundreds of TOR physical switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches 10
  • 11. OK, Questions We Got! Q: What is a truly scalable SDN solution now? Q: Can you use a different approach? A: Not yet, but will be. A: Nope. Q: When? Q: Why not? A: Who knows! A: Vendors working on it. EIG/Bluehost 11
  • 12. Observations & Ideas Compute node VM1 Openvswitch Neutron agent VM2 VM3 • Observations – Neutron agent already fully distributed on compute nodes – OpenFlow rules on a compute node specific to its own VMs only • Ideas – Why not add SDN controller functionality to Neutron agent? – Deploy necessary OpenFlow rules in a right time via Neutron agent EIG/Bluehost 12
  • 13. Bluehost OpenStack SDN Approach 1. Request to create a vif 3. Call rest api to SDN controller Neutron-server 2. Create a vif in DB Neutron DB Compute node Openvswitch 4. Deploy OpenFlow rules Neutron agent SDN Controller(s) SDN Application Network Info Base (NIB) Hundreds of TOR physical switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches TOR switches 4. SDN controllers deploy OpenFlow rules on physical switches. 3. Agent receives RPC calls EIG/Bluehost 13
  • 14. Edge vs. Fabric § Separation of Control: “The fabric is responsible for packet transport across the network, while the edge is responsible for providing more semantically rich services such as network security, isolation, and mobility.” HotSDN’12, “Fabric: A Retrospective on Evolving SDN” Martín Casado, Teemu Koponen, Scott Shenker, Amin Tootoonchian EIG/Bluehost 14
  • 15. Key Services Achieved Via Neutron Only Tenant3 Tenant1 Tenant2 Isolated on flat network vif1 Firewall Rules 11.22.33.8 11.22.33.4 11.22.33.5 vif2 vif3 QoS: Bandwidth EIG/Bluehost 11.22.33.7 Multiple IPs per vif 11.22.33.6 Anti-IP spoofing per vif 15
  • 16. Under The Hood QoS, Anti-IP Spoofing, VM-to-VM • Deploy QoS for • DMAC matching for incoming packets outgoing packets • TPA matching in ARP query VM1 vif1 br-int-eth0 10 Mbps For VM1, VM2, … VMn, src_mac, dst_mac -> VM vif => O(n^2) pair of veth • Anti-IP spoofing: SRC IP matching for outgoing packets phy-br-eth0 Public Networks br-int br-eth0 eth0 50 Mbps VM2 EIG/Bluehost vif2 16
  • 17. Reduce OpenFlow Rules For VM-to-VM Traffic VM1 vif1 br-int-eth0 10 Mbps pair of veth phy-br-eth0 Public Networks br-int vif2 eth0 dst_mac -> phy-loopback => O(n) 50 Mbps VM2 br-eth0 Int-loopback pair of veth phy-loopback dst_mac -> VM vif => O(n) EIG/Bluehost 17
  • 18. Firewall Rules ~= Security Group • • • Firewall Rules for Incoming packets • Protocol (TCP, UDP, ICMP) & Ports VM1 vif1 br-int-eth0 pair of veth br-int Firewall Rules for outgoing packets Protocol (TCP, UDP, ICMP) & Ports phy-br-eth0 br-eth0 eth0 Public Networks VM2 EIG/Bluehost vif2 Int-loopback pair of veth phy-loopback 18
  • 19. Tenant Networks Unicast: AMAC <-> PMAC External SDN Controller(s) Bundle Up PMAC Core Switches Only See PMAC Only See PMAC ToR Switches L2 Fabric ToR Switches Neutron Actual MAC -> Neutron PMAC -> AMAC Positional MAC Agent Agent Host Host Open vSwitch ARP Proxy or Not? VM VM Open vSwitch EIG/Bluehost Path Determination 19
  • 20. Tenant Networks Unicast: Overlay Networks External SDN Controller(s) Core Switches See Normal UDP/TCP ToR Switches L2 or L3 Fabric Neutron Overlay Network Agent Tunnels Host VM Open vSwitch EIG/Bluehost See Normal UDP/TCP ToR Switches Overlay Network Neutron Tunnels Agent Host Open vSwitch VM VXLAN, STT, GRE 20
  • 21. Tenant Networks Multicast/Broadcast Core Switches ToR Switches ToR Switches ToR Switches VM VM EIG/Bluehost VM VM 21
  • 22. Tenant Networks Multicast/Broadcast Core Switches ToR Switches ToR Switches Generate Multiple Unicast Packets VM ToR Switches VM VM VM EIG/Bluehost 22
  • 23. We Need Truly Open, Commoditized SDN Solutions! EIG/Bluehost Willing To Contribute! EIG/Bluehost 23
  • 24. Thanks! • Design Summit for Neutron – http://summit.openstack.org/cfp/details/311 EIG/Bluehost 24