SlideShare una empresa de Scribd logo

Cloud networking deep dive

A
amylynn11

This document provides an overview of VMware vCloud Networking and describes the different layers of networking in vCloud including external networks, network pools, organization networks, and vApp networks. It discusses how these networks are managed and set up and provides examples of portgroup-backed, VLAN-backed, and vCloud Network Isolation-backed network pools. The document also includes examples of different organization network types and use cases to demonstrate how vCloud networking can be configured and leveraged in various scenarios.

TecnologíaEmpresariales
1 de 30
Descargar para leer sin conexión
vCloud Networking Deep Dive Updated: 16 November 2010 © 2009 VMware Inc. All rights reserved
Agenda  Networking Overview  External Network  Network Pools  Organization Networks  vApp Networks  Example Use Cases Q&A 2
Networking Overview  Layers of Networking • External • Network Pools • Organization • vApp  Managed at two layers: Consumers & Providers  An External Network is an network that is outside of VMware vCloud Director. • This is set up by the Provider  An Organization Network is contained within an organization. • This is also set up by the Provider  vApp Network is a contained within a vApp. • This is set up by Consumers Note: Both organization networks and vApp networks are entirely within VMware vCloud Director-managed infrastructure.. 3
External Network: Overview  a.k.a ‘Provided Network’ • Network that is external to VMware vCloud Director • Created in vSphere/vCenter environment and consumed by VMware vCloud Director to provide external connectivity to Organizations • Mapped to a portgroup at the VMware vSphere layer • vSS or vDS • The portgroup is attached to VMware vCloud Director as an “External Network”  Use cases • Internet access • Provider supplied network endpoints • IP based storage Set up by Provider • Backup servers • Backhauled networking to a customer datacenter • VPN access to a private cloud • MPLS termination 4
External Networks: In vSphere • VMware vCloud Director does NOT create portgroups when you create an External Network • The VI Admin must create the portgroups first, before a VMware vCloud Director Provider Admin can map External Networks to them. • It is recommended that you define these port groups on a dedicated “Provider” vDS vs. creating them on a vSS on each ESX host in your cluster. (Can use Cisco Nexus 1000V) • Below is an example of VLAN isolated External Networks: 5
External Networks: In VMware vCloud Director • In VMware vCloud Director, create an External Network and attach it to one of the portgroups • Note if done using the VIM SDK you should create an ephemeral port group; otherwise, you get static portgroups when created with the vCenter UI 6
Network Pools: Overview  A set of pre-configured network resources that can be used for Organization and vApp Networks • Use to facilitate VM to VM communication  Three Types of Network Pools in VMware vCloud Director • Portgroup-backed • Reference pre-created portgroups • These have to be created in vSphere manually or through orchestration • Do not have to be VLAN isolated (but should for L2 isolation) • Attach a collection of them to VMware vCloud Director • VLAN-backed • Exactly like portgroup-backed…but VMware vCloud Director will automatically create the portgroups as needed, and use a range of VLANs to isolate them. • vCloud Network Isolation-backed (vCD-NI) • VMware proprietary network isolation technology 7
Network Pools: Portgroup-backed Requires • Preconfigured portgroups at the vSphere layer • Assign meaningful names so its obvious what is being mapped • If using vSS portgroups, they must exist on all ESX/ESXi hosts in the cluster How it works • The system administrator manually creates the portgroups. • When creating the network pool, you are given a list of unused portgroups that exist in the cluster. Advantages • Works with all types of vSwitches. Disadvantages • Requires manual work or orchestration to create all of the portgroups • Portgroups needs to be keep in sync on a vSS • To ensure isolation portgroups rely on VLANs for L2 isolation 8
Network Pools: VLAN-backed Requires • A vDS that’s connected to all ESX/ESXi hosts in your cluster • A range of unused VLANs How it works • vCD admin creates the network pool and chooses an “Organization” vDS to attach it to, then provides a range of valid VLANs, for example, 10 – 15. • When an isolated network is needed, vCD will automatically create a portgroup on the vDS and assign it one of the unused VLAN numbers. • Many isolated portgroups can coexist on the same vDS because they are isolated by the VLAN tag Advantages • Isolated networks • Best network performance. Disadvantages • Requires VLANs to exist in the physical network hardware (physical switches) • VLANs are limited and may not be available at all • Not compatible with Cisco Nexus 1000V • Use portgroup-backed network pool of portgroups that happen to have VLAN tags 9
Network Pools: VLAN-backed in VMware vCloud Director VLAN-backed: • define the VLAN range for the pool and select the vDS to provision the portgoups on 10
Network Pools: VLAN-backed in vSphere VLAN-backed Example: • The VLAN-backed network pool was defined to use the range 10-15 • The External Org Network was called Emca External. • An ephemeral port group was created for you with a vShield edge, vse-1821527865. • Editing properties shows the switch is named with V10 matching the consumed VLAN and the name is dvs.VC1098296841DVS1CM1-V10-Emca External 11
Network Pools: vCloud Network Isolation  VMware proprietary network isolation technology • vCD-NI “networks” span hosts and are represented as portgroups on a vDS. • Setup: • Designate a “Transport Network” – an actual layer 2 segment to carry the packets for vCD-NI networks • Decide how many networks you want in the pool • Individual vCD-NI Networks are isolated from each other and the Transport Network via MAC-in-MAC encapsulation • Works with vmkernel functionality in ESX/ESXi 4.0U2 or 4.1 and above • (vCD Beta required Service VM on older ESX/ESXi hosts) • Technical details: In Lab Manager, this was • Implemented with MAC-in-MAC encapsulation called “Cross-Host Fencing” • Can cause frame fragmentation with default MTU • Requires a small increase in MTU to 1524 or higher 12
Network Pools: vCloud Network Isolation-backed Requires • A vDS that’s connected to all ESX/ESXi hosts in your cluster. How it works: • vCD creates an overlay “transport” network for each isolated network to carry encapsulated traffic • Each overlay network is assigned a Network ID number. • Encapsulation contains source and destination MAC addresses of ESX/ESXi hosts where VM endpoints reside as well as the Network ID • ESX/ESXi host strips the vCD-NI packet to expose the VM source and destination MAC addressed packet that is delivered to the destination VM Advantages: • Does not require VLANs (can optionally set a VLAN ID for the transport network; leaving blank defaults to 0) • More secure than VLAN-backed Disadvantages: • Small performance overhead due to encapsulation (dvFilter). • Added MAC header require an increase in MTU same as in MPLS networks • vCD-NI is for layer 2 adjacency and not for routed networks • vCD-NI is only for VMs and cannot be accessed by physical hosts 13
Network Pools: vCloud Network Isolation in vSphere vCD-NI-backed Example: • A vCD-NI-Backed Pool where transport VLAN is 99 was created. • The VI portgroup does not reflect isolation, just the transport VLAN used for the vCD-NI • The name of the portgroup gives you a hint that it’s isolated. It contains, in this instance, with “V99-F1” meaning it’s using VLAN 99 and isolation network ID 1. 14
Organization Networks: Overview Contained within an organization Allows vApps within the organization to communicate with each other or to outside the organization Can be connected to External Networks as: • Public (External Org Direct) • Bridged connection to an External Network • Others outside the organization can see • Private Routed (External Org NAT-Routed) • Connected to an External Network through a vShield Edge • Can be configured for NAT & Firewall …or left unconnected to external Set up by Provider • Private Internal (Internal Org) • No External connectivity Backed By Network Pools 15
Organization Networks: In VMware vCloud Director Creating NAT-Routed and Isolated Org Networks: • Select the type of Org Network to create using the typical radio button and dropdown box 16
Organization Networks: In VMware vCloud Director Creating NAT-Routed and Isolated Org Networks: • Select the Network Pool to use for the Internal Network • Assign internal addressing for the Internal Network 17
Organization Networks: In VMware vCloud Director Creating NAT-Routed and Isolated Org Networks: • For the External Network select the External Network to attach to as well as the internal • Also select the Network Pool to use for the Internal Network behind the vShield Edge. • Assign internal addressing for the Inside portion of Org Network 18
vApp Networks: Overview Contained within a vApp • Inherently Private Internal Allows VMs in a vApp to communicate with each other or...by connecting them to Org Networks, other vApps  Can be connected to Org Networks as • Public (Direct) Set up by Consumers • Bridged connection to a organization network • Private Routed • Connected to a organization network through a vShield Edge • Can be configured for NAT & Firewall  Backed by a Network Pool 19
Putting it Together: vCloud Networking Options – Examples External Network (set up by system admin) Organization 6 5 External Organization Network (set up by system admin) External Organization Network vApp 4 8 1 2 vApp network vApp network 3 vApp network (set up by org admin/vApp author, internal to vApp) 7 Internal Organization network (set up by system admin) 20
Putting it Together: vCloud Networking Options – Examples External Network 2 vSphere Network 2 External Network 1 vSphere Network 1 Organization vShield Edge (NAT/firewall) Organization Network 3 Internal Organization Network Internal vSphere network (backed by Network Pool) Organization Network 2 External Organization Network – Internal vSphere network NAT-routed Connection (backed by Network Pool) Organization Network 1 .111 .112 External Organization Network – Direct Connection vShield Edge vApp 1 vApp 2 vApp 3 (NAT/firewall) vApp 4 Isolated VM .11 .12 vApp Network vApp Network vApp Network (Private) Internal vSphere network Internal vSphere network Internal vSphere network (backed by Network Pool) (backed by Network Pool) (backed by Network Pool) Connected to Connected to Organization network Connected to Organization Network Isolated vApp Network Organization network (vApp network with direct connection) (vApp network with NAT-routed connection (vNICs connected to and IP masquerading defined) Organization network) 21
Use Cases 22
Networking Use Cases – Example 1 of 4 Use Case 1: Isolated vApp 23
Networking Use Cases – Example 2 of 4 Use Case 2: Dev/Test 24
Networking Use Cases – Example 3 of 4 Use Case 3: Pre-Production with access to Internet 25
Networking Use Cases – Example 4 of 4 Use Case 4: Pre-Production with access to VPN 26
Networking Multi-tenancy 27
vSphere Dependencies Network Pools: Backing for private networks in vCloud Director • vSphere Port Group backed • Requires vSS or vDS or N1KV Switches • VLAN-backed • Requires vDS and VLANs • vCloud Director Network Isolation-backed (vCD-NI) • Requires vDS and VLANs • Mac-in-Mac Encapsulation (1524 bytes MTU) External Networks: for Internet, VPN/MPLS, IP SAN connectivity • Requires vSS or vDS or N1KV Switches 28
Network Security vShield Edge • Integrated with vCloud Director • Network security services • Firewall • NAT • DHCP • Port forwarding • IP masquerading Option for internal only or connected externally • Internal only – within vApp or within organization 29
Questions 30

Recomendados

Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep Dive
Open Networking Summit
 
Project kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextProject kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes Next
Antoni Segura Puimedon
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Chia-Chun Shih
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deployment
Michael Cherny
 
KuberNETes - meetup
KuberNETes - meetupKuberNETes - meetup
KuberNETes - meetup
Nathan Ness
 
Keystone at openstack multi sites
Keystone at openstack multi sitesKeystone at openstack multi sites
Keystone at openstack multi sites
Vietnam Open Infrastructure User Group
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Fawad Khaliq
 

Recomendados

Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep Dive
Open Networking Summit
 
Project kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextProject kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes Next
Antoni Segura Puimedon
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)Service mesh from linkerd to conduit (cloud native taiwan meetup)
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Chia-Chun Shih
 
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
OpenStack Korea Community
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deployment
Michael Cherny
 
KuberNETes - meetup
KuberNETes - meetupKuberNETes - meetup
KuberNETes - meetup
Nathan Ness
 
Keystone at openstack multi sites
Keystone at openstack multi sitesKeystone at openstack multi sites
Keystone at openstack multi sites
Vietnam Open Infrastructure User Group
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Fawad Khaliq
 
Open Stack compute-service-nova
Open Stack compute-service-novaOpen Stack compute-service-nova
Open Stack compute-service-nova
GHANSHYAM MANN
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Vietnam Open Infrastructure User Group
 
Continuous Delivery the hard way with Kubernetes
Continuous Delivery the hard way with KubernetesContinuous Delivery the hard way with Kubernetes
Continuous Delivery the hard way with Kubernetes
Luke Marsden
 
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Codemotion
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
Che-Chia Chang
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
inovex GmbH
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Major Hayden
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Sanjeev Rampal
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Weaveworks
 
Container Security
Container SecurityContainer Security
Container Security
Salman Baset
 
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCsa container-security-in-aws-dw
Csa container-security-in-aws-dw
Cloud Security Alliance, UK chapter
 
Containers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs ContainersContainers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs Containers
Tommy Berry
 
How to Install and Use Kubernetes by Weaveworks
How to Install and Use Kubernetes by Weaveworks How to Install and Use Kubernetes by Weaveworks
How to Install and Use Kubernetes by Weaveworks
Weaveworks
 
Kubernetes security with AWS
Kubernetes security with AWSKubernetes security with AWS
Kubernetes security with AWS
Kasun Madura Rathnayaka
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)
Dan Wendlandt
 
Kubernetes and Istio
Kubernetes and IstioKubernetes and Istio
Kubernetes and Istio
Ketan Gote
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & Security
Vietnam Open Infrastructure User Group
 
Inside Architecture of Neutron
Inside Architecture of NeutronInside Architecture of Neutron
Inside Architecture of Neutron
markmcclain
 
OpenStack Telco Architecture: OpenStack Summit Boston 2017
OpenStack Telco Architecture: OpenStack Summit Boston 2017OpenStack Telco Architecture: OpenStack Summit Boston 2017
OpenStack Telco Architecture: OpenStack Summit Boston 2017
Christian "kiko" Reis
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
OpenStack Korea Community
 
Presentation v cloud networking
Presentation v cloud networkingPresentation v cloud networking
Presentation v cloud networking
solarisyourep
 
BrownBag - vCloud Networking
BrownBag - vCloud NetworkingBrownBag - vCloud Networking
BrownBag - vCloud Networking
ProfessionalVMware
 

Más contenido relacionado

La actualidad más candente

Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
inovex GmbH
 
How to Install and Use Kubernetes by Weaveworks
How to Install and Use Kubernetes by Weaveworks How to Install and Use Kubernetes by Weaveworks
How to Install and Use Kubernetes by Weaveworks
Weaveworks
 

La actualidad más candente (20)

Open Stack compute-service-nova
Open Stack compute-service-novaOpen Stack compute-service-nova
Open Stack compute-service-nova
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
 
Continuous Delivery the hard way with Kubernetes
Continuous Delivery the hard way with KubernetesContinuous Delivery the hard way with Kubernetes
Continuous Delivery the hard way with Kubernetes
 
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
Container Security
Container SecurityContainer Security
Container Security
 
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCsa container-security-in-aws-dw
Csa container-security-in-aws-dw
 
Containers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs ContainersContainers 101 Meetup - VMs vs Containers
Containers 101 Meetup - VMs vs Containers
 
How to Install and Use Kubernetes by Weaveworks
How to Install and Use Kubernetes by Weaveworks How to Install and Use Kubernetes by Weaveworks
How to Install and Use Kubernetes by Weaveworks
 
Kubernetes security with AWS
Kubernetes security with AWSKubernetes security with AWS
Kubernetes security with AWS
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)OpenStack Quantum Intro (OS Meetup 3-26-12)
OpenStack Quantum Intro (OS Meetup 3-26-12)
 
Kubernetes and Istio
Kubernetes and IstioKubernetes and Istio
Kubernetes and Istio
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & Security
 
Inside Architecture of Neutron
Inside Architecture of NeutronInside Architecture of Neutron
Inside Architecture of Neutron
 
OpenStack Telco Architecture: OpenStack Summit Boston 2017
OpenStack Telco Architecture: OpenStack Summit Boston 2017OpenStack Telco Architecture: OpenStack Summit Boston 2017
OpenStack Telco Architecture: OpenStack Summit Boston 2017
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
 

Similar a Cloud networking deep dive

Presentation v cloud networking
Presentation v cloud networkingPresentation v cloud networking
Presentation v cloud networking
solarisyourep
 
VMware vCloud Director Technisch Overzicht
VMware vCloud Director Technisch OverzichtVMware vCloud Director Technisch Overzicht
VMware vCloud Director Technisch Overzicht
Arjan Hendriks
 
What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5
Eric Sloof
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
ke4qqq
 
Virtualization 101 - DeepDive
Virtualization 101 - DeepDiveVirtualization 101 - DeepDive
Virtualization 101 - DeepDive
Amit Agarwal
 

Similar a Cloud networking deep dive (20)

Presentation v cloud networking
Presentation v cloud networkingPresentation v cloud networking
Presentation v cloud networking
 
BrownBag - vCloud Networking
BrownBag - vCloud NetworkingBrownBag - vCloud Networking
BrownBag - vCloud Networking
 
Presentation v mware v-cloud director overview
Presentation v mware v-cloud director overviewPresentation v mware v-cloud director overview
Presentation v mware v-cloud director overview
 
Presentation v mware v-cloud director technical overview
Presentation v mware v-cloud director technical overviewPresentation v mware v-cloud director technical overview
Presentation v mware v-cloud director technical overview
 
VMware vCloud Director Technisch Overzicht
VMware vCloud Director Technisch OverzichtVMware vCloud Director Technisch Overzicht
VMware vCloud Director Technisch Overzicht
 
VMware vSphere 6.0 - Troubleshooting Training - Day 3
VMware vSphere 6.0 - Troubleshooting Training - Day 3 VMware vSphere 6.0 - Troubleshooting Training - Day 3
VMware vSphere 6.0 - Troubleshooting Training - Day 3
 
VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
 
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...
 
VMworld 2013: vSphere Networking and vCloud Networking Suite Best Practices a...
VMworld 2013: vSphere Networking and vCloud Networking Suite Best Practices a...VMworld 2013: vSphere Networking and vCloud Networking Suite Best Practices a...
VMworld 2013: vSphere Networking and vCloud Networking Suite Best Practices a...
 
What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5
 
VXLAN Practice Guide
VXLAN Practice GuideVXLAN Practice Guide
VXLAN Practice Guide
 
VMUG St Louis - SDN in the Real World
VMUG St Louis - SDN in the Real WorldVMUG St Louis - SDN in the Real World
VMUG St Louis - SDN in the Real World
 
vCloud Technical deck - cb.ppt
vCloud Technical deck - cb.pptvCloud Technical deck - cb.ppt
vCloud Technical deck - cb.ppt
 
VMworld - vSphere Distributed Switch 6.0 Technical Deep Dive
VMworld - vSphere Distributed Switch 6.0 Technical Deep DiveVMworld - vSphere Distributed Switch 6.0 Technical Deep Dive
VMworld - vSphere Distributed Switch 6.0 Technical Deep Dive
 
vSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User WorkflowvSphere Integrated Containers 101 and End-User Workflow
vSphere Integrated Containers 101 and End-User Workflow
 
VMware Hybrid Cloud Service - Overview
VMware Hybrid Cloud Service - OverviewVMware Hybrid Cloud Service - Overview
VMware Hybrid Cloud Service - Overview
 
CloudStack NYC Meetup: Networking
CloudStack NYC Meetup: NetworkingCloudStack NYC Meetup: Networking
CloudStack NYC Meetup: Networking
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
 
Virtualization 101 - DeepDive
Virtualization 101 - DeepDiveVirtualization 101 - DeepDive
Virtualization 101 - DeepDive
 
Virtualization & tipping point
Virtualization & tipping pointVirtualization & tipping point
Virtualization & tipping point
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Cloud networking deep dive

  • 1. vCloud Networking Deep Dive Updated: 16 November 2010 © 2009 VMware Inc. All rights reserved
  • 2. Agenda  Networking Overview  External Network  Network Pools  Organization Networks  vApp Networks  Example Use Cases Q&A 2
  • 3. Networking Overview  Layers of Networking • External • Network Pools • Organization • vApp  Managed at two layers: Consumers & Providers  An External Network is an network that is outside of VMware vCloud Director. • This is set up by the Provider  An Organization Network is contained within an organization. • This is also set up by the Provider  vApp Network is a contained within a vApp. • This is set up by Consumers Note: Both organization networks and vApp networks are entirely within VMware vCloud Director-managed infrastructure.. 3
  • 4. External Network: Overview  a.k.a ‘Provided Network’ • Network that is external to VMware vCloud Director • Created in vSphere/vCenter environment and consumed by VMware vCloud Director to provide external connectivity to Organizations • Mapped to a portgroup at the VMware vSphere layer • vSS or vDS • The portgroup is attached to VMware vCloud Director as an “External Network”  Use cases • Internet access • Provider supplied network endpoints • IP based storage Set up by Provider • Backup servers • Backhauled networking to a customer datacenter • VPN access to a private cloud • MPLS termination 4
  • 5. External Networks: In vSphere • VMware vCloud Director does NOT create portgroups when you create an External Network • The VI Admin must create the portgroups first, before a VMware vCloud Director Provider Admin can map External Networks to them. • It is recommended that you define these port groups on a dedicated “Provider” vDS vs. creating them on a vSS on each ESX host in your cluster. (Can use Cisco Nexus 1000V) • Below is an example of VLAN isolated External Networks: 5
  • 6. External Networks: In VMware vCloud Director • In VMware vCloud Director, create an External Network and attach it to one of the portgroups • Note if done using the VIM SDK you should create an ephemeral port group; otherwise, you get static portgroups when created with the vCenter UI 6
  • 7. Network Pools: Overview  A set of pre-configured network resources that can be used for Organization and vApp Networks • Use to facilitate VM to VM communication  Three Types of Network Pools in VMware vCloud Director • Portgroup-backed • Reference pre-created portgroups • These have to be created in vSphere manually or through orchestration • Do not have to be VLAN isolated (but should for L2 isolation) • Attach a collection of them to VMware vCloud Director • VLAN-backed • Exactly like portgroup-backed…but VMware vCloud Director will automatically create the portgroups as needed, and use a range of VLANs to isolate them. • vCloud Network Isolation-backed (vCD-NI) • VMware proprietary network isolation technology 7
  • 8. Network Pools: Portgroup-backed Requires • Preconfigured portgroups at the vSphere layer • Assign meaningful names so its obvious what is being mapped • If using vSS portgroups, they must exist on all ESX/ESXi hosts in the cluster How it works • The system administrator manually creates the portgroups. • When creating the network pool, you are given a list of unused portgroups that exist in the cluster. Advantages • Works with all types of vSwitches. Disadvantages • Requires manual work or orchestration to create all of the portgroups • Portgroups needs to be keep in sync on a vSS • To ensure isolation portgroups rely on VLANs for L2 isolation 8
  • 9. Network Pools: VLAN-backed Requires • A vDS that’s connected to all ESX/ESXi hosts in your cluster • A range of unused VLANs How it works • vCD admin creates the network pool and chooses an “Organization” vDS to attach it to, then provides a range of valid VLANs, for example, 10 – 15. • When an isolated network is needed, vCD will automatically create a portgroup on the vDS and assign it one of the unused VLAN numbers. • Many isolated portgroups can coexist on the same vDS because they are isolated by the VLAN tag Advantages • Isolated networks • Best network performance. Disadvantages • Requires VLANs to exist in the physical network hardware (physical switches) • VLANs are limited and may not be available at all • Not compatible with Cisco Nexus 1000V • Use portgroup-backed network pool of portgroups that happen to have VLAN tags 9
  • 10. Network Pools: VLAN-backed in VMware vCloud Director VLAN-backed: • define the VLAN range for the pool and select the vDS to provision the portgoups on 10
  • 11. Network Pools: VLAN-backed in vSphere VLAN-backed Example: • The VLAN-backed network pool was defined to use the range 10-15 • The External Org Network was called Emca External. • An ephemeral port group was created for you with a vShield edge, vse-1821527865. • Editing properties shows the switch is named with V10 matching the consumed VLAN and the name is dvs.VC1098296841DVS1CM1-V10-Emca External 11
  • 12. Network Pools: vCloud Network Isolation  VMware proprietary network isolation technology • vCD-NI “networks” span hosts and are represented as portgroups on a vDS. • Setup: • Designate a “Transport Network” – an actual layer 2 segment to carry the packets for vCD-NI networks • Decide how many networks you want in the pool • Individual vCD-NI Networks are isolated from each other and the Transport Network via MAC-in-MAC encapsulation • Works with vmkernel functionality in ESX/ESXi 4.0U2 or 4.1 and above • (vCD Beta required Service VM on older ESX/ESXi hosts) • Technical details: In Lab Manager, this was • Implemented with MAC-in-MAC encapsulation called “Cross-Host Fencing” • Can cause frame fragmentation with default MTU • Requires a small increase in MTU to 1524 or higher 12
  • 13. Network Pools: vCloud Network Isolation-backed Requires • A vDS that’s connected to all ESX/ESXi hosts in your cluster. How it works: • vCD creates an overlay “transport” network for each isolated network to carry encapsulated traffic • Each overlay network is assigned a Network ID number. • Encapsulation contains source and destination MAC addresses of ESX/ESXi hosts where VM endpoints reside as well as the Network ID • ESX/ESXi host strips the vCD-NI packet to expose the VM source and destination MAC addressed packet that is delivered to the destination VM Advantages: • Does not require VLANs (can optionally set a VLAN ID for the transport network; leaving blank defaults to 0) • More secure than VLAN-backed Disadvantages: • Small performance overhead due to encapsulation (dvFilter). • Added MAC header require an increase in MTU same as in MPLS networks • vCD-NI is for layer 2 adjacency and not for routed networks • vCD-NI is only for VMs and cannot be accessed by physical hosts 13
  • 14. Network Pools: vCloud Network Isolation in vSphere vCD-NI-backed Example: • A vCD-NI-Backed Pool where transport VLAN is 99 was created. • The VI portgroup does not reflect isolation, just the transport VLAN used for the vCD-NI • The name of the portgroup gives you a hint that it’s isolated. It contains, in this instance, with “V99-F1” meaning it’s using VLAN 99 and isolation network ID 1. 14
  • 15. Organization Networks: Overview Contained within an organization Allows vApps within the organization to communicate with each other or to outside the organization Can be connected to External Networks as: • Public (External Org Direct) • Bridged connection to an External Network • Others outside the organization can see • Private Routed (External Org NAT-Routed) • Connected to an External Network through a vShield Edge • Can be configured for NAT & Firewall …or left unconnected to external Set up by Provider • Private Internal (Internal Org) • No External connectivity Backed By Network Pools 15
  • 16. Organization Networks: In VMware vCloud Director Creating NAT-Routed and Isolated Org Networks: • Select the type of Org Network to create using the typical radio button and dropdown box 16
  • 17. Organization Networks: In VMware vCloud Director Creating NAT-Routed and Isolated Org Networks: • Select the Network Pool to use for the Internal Network • Assign internal addressing for the Internal Network 17
  • 18. Organization Networks: In VMware vCloud Director Creating NAT-Routed and Isolated Org Networks: • For the External Network select the External Network to attach to as well as the internal • Also select the Network Pool to use for the Internal Network behind the vShield Edge. • Assign internal addressing for the Inside portion of Org Network 18
  • 19. vApp Networks: Overview Contained within a vApp • Inherently Private Internal Allows VMs in a vApp to communicate with each other or...by connecting them to Org Networks, other vApps  Can be connected to Org Networks as • Public (Direct) Set up by Consumers • Bridged connection to a organization network • Private Routed • Connected to a organization network through a vShield Edge • Can be configured for NAT & Firewall  Backed by a Network Pool 19
  • 20. Putting it Together: vCloud Networking Options – Examples External Network (set up by system admin) Organization 6 5 External Organization Network (set up by system admin) External Organization Network vApp 4 8 1 2 vApp network vApp network 3 vApp network (set up by org admin/vApp author, internal to vApp) 7 Internal Organization network (set up by system admin) 20
  • 21. Putting it Together: vCloud Networking Options – Examples External Network 2 vSphere Network 2 External Network 1 vSphere Network 1 Organization vShield Edge (NAT/firewall) Organization Network 3 Internal Organization Network Internal vSphere network (backed by Network Pool) Organization Network 2 External Organization Network – Internal vSphere network NAT-routed Connection (backed by Network Pool) Organization Network 1 .111 .112 External Organization Network – Direct Connection vShield Edge vApp 1 vApp 2 vApp 3 (NAT/firewall) vApp 4 Isolated VM .11 .12 vApp Network vApp Network vApp Network (Private) Internal vSphere network Internal vSphere network Internal vSphere network (backed by Network Pool) (backed by Network Pool) (backed by Network Pool) Connected to Connected to Organization network Connected to Organization Network Isolated vApp Network Organization network (vApp network with direct connection) (vApp network with NAT-routed connection (vNICs connected to and IP masquerading defined) Organization network) 21
  • 23. Networking Use Cases – Example 1 of 4 Use Case 1: Isolated vApp 23
  • 24. Networking Use Cases – Example 2 of 4 Use Case 2: Dev/Test 24
  • 25. Networking Use Cases – Example 3 of 4 Use Case 3: Pre-Production with access to Internet 25
  • 26. Networking Use Cases – Example 4 of 4 Use Case 4: Pre-Production with access to VPN 26
  • 28. vSphere Dependencies Network Pools: Backing for private networks in vCloud Director • vSphere Port Group backed • Requires vSS or vDS or N1KV Switches • VLAN-backed • Requires vDS and VLANs • vCloud Director Network Isolation-backed (vCD-NI) • Requires vDS and VLANs • Mac-in-Mac Encapsulation (1524 bytes MTU) External Networks: for Internet, VPN/MPLS, IP SAN connectivity • Requires vSS or vDS or N1KV Switches 28
  • 29. Network Security vShield Edge • Integrated with vCloud Director • Network security services • Firewall • NAT • DHCP • Port forwarding • IP masquerading Option for internal only or connected externally • Internal only – within vApp or within organization 29