Networking in the cloud: An SDN primer
Download as PPTX, PDF0 likes1,443 views
This document discusses software-defined networking (SDN) as it relates to cloud networking. It provides an overview of SDN and how it addresses some of the challenges with traditional network architectures. Specifically: - Traditional networks separate the control plane and data plane, which limits flexibility. SDN abstracts the network through centralization of the control plane. - SDN is useful for cloud service providers to provide multi-tenancy, security isolation, scalable routing/switching, and programmability through APIs. Edge-to-edge overlays are a good model for cloud networking by decoupling virtual networks from the physical underlay. - While overlays address some issues, a scalable SDN
Networking in the cloud: An SDN primer
- 1. Networking in the cloud: An SDN primer Ben Cherian Chief Strategy Officer @bencherian Midokura
- 2. The current state of networking is too manual
- 4. Almon Strowger – mortician, inventor, and possibly paranoid
- 6. Wanted to solve: Privacy Intended human errors Solved these too: Unintended human errors Speed of connections Lowering operational costs of running a local exchange
- 7. What is SDN?
- 9. Control Plane: Responsible for making decision on where the traffic is sent
- 10. Data Plane: Responsible for forwarding traffic to the selected destination
- 11. The network needs better abstraction
- 12. A basic example of SDN Contoller Control Control Control Data Data
- 13. Categories of SDN Definition Example Cloud Service Providers (CSP/CAP) • Distributed control plane • Midokura IaaS • VMWare/Nicira • Software solution for IaaS Cloud Cloud use • Nuage Enterprises SDN • Centralized control plane • Juniper Qfabric Fabric • Hardware solution for DC use • NEC Programmable Flow • Big Switch • Hybrid control plane (CP) • Google Carrier/ • Distributed CP with BGP WAN • Centralized CP using OpenFlow 13
- 14. Iaas Cloud Networking Requirements • Multi-tenancy • ACLs • L2 isolation • Stateful (L4) Firewall Security Groups • L3 routing isolation VPC • VPN Like VRF (virtual IPSec routing and forwarding) • BGP gateway • Scalable control • REST API plane • Integration with CMS ARP, DHCP, ICMP OpenStack • NAT (Floating IP) CloudStack, etc.
- 15. Iaas Cloud Networking Requirements Typical Network Topology uplink - Creat e one provider rout er upon deployment - Link to uplink - Creat e a rout er f or a t enant - BGP multi-homing - M ap a bridge f or a quant um net work - Global NAT/route settings, e.g. for floating ip Provider Virtual Router (L3) - Tenant router for FW, LB, DHCP and NAT Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network
- 16. Candidate models • Traditional network • Centrally controlled OpenFlow based hop- by-hop switching fabric • Edge to edge overlays
- 17. Traditional Network • Ethernet VLANs for L2 isolation 4096 limit VLANs will have large spanning trees terminating on many hosts High churn in switch control planes doing MAC learning non-stop Need MLAG for L2 multi-path Vendor specific • VRFs for L3 isolation Not scalable to cloud scale Expensive hardware Not fault tolerant
- 18. OpenFlow Fabric • State in switches Proportional to virtual network state Need to update all switches in path when provisioning Not scalable, not fast enough to update, no atomicity of updates • Not good for IaaS cloud virtual networking
- 19. Edge to Edge IP Overlays • Isolation not using VLANs IP encapsulation • Decouple from physical network • Provisioning VM doesn’t change underlay state • Underlay delivers to destination host IP Forwarding equivalence class (FEC) • Use scalable IGP (iBGP, OSPF) to build multi-path underlay • Inspired by VL2 from MSR
- 20. Market trends supporting overlay solutions • Packet processing on x86 CPUs (at edge) – Intel DPDK facilitates packet processing – Number of cores in servers increasing fast • Clos Networks (for underlay) – Spine and Leaf architecture with IP – Economical and high E-W bandwidth • Merchant silicon (cheap IP switches) – Broadcom, Intel (Fulcrum Micro), Marvell – ODMs (Quanta, Accton) starting to sell directly – Switches are becoming just like Linux servers • Optical intra-DC Networks
- 21. Example of an overlay solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 vPort Router Tenant B vPort Virtual Virtual Router Switch B1 vPort VM MN MN VM BGP BGP Multi To ISP1 Homing Internet Private IP VM MN Network MN VM BGP To ISP2 Tunnel BGP To ISP3 VM MN MN VM MN MN MN Network State Database Physical Topology 21
- 22. Overlays are the right approach! But not sufficient. We still need a scalable control plane.
- 23. Questions?
Editor's Notes
- #3: Networking is not built for a self-service cloud world
- #5: Patron saint of SDNUndertaker from Topeka, KansasRumor has it:Almon believed calls sent to “the undertaker” weren’t being routed to himThought the competition had a relative working at the switching officeMoved to Kansas City. Thought the operators were giving his customers a busy signalBecame convinced that manual switching (with a switchboard operator) should be eliminated
- #6: Example of the Strowger switchesHis work led to fully automated switching centers
- #10: Examples of control protocols:ICMPARPDHCP
- #12: Core concept in CSAbstraction lends to good design, good scaling propertiesOOP vs. FunctionalOperating Systems
- #13: 3 broad categories of SDNVirtual networking for or IaaS cloudsCentral control of data center network fabricCarrier networkReplace or augment distributed signalingEdge only?