SlideShare a Scribd company logo

Cloudstack collab talk

Download as PPTX, PDF
Midokura, profile picture
Midokura

This document discusses the requirements and challenges of networking in an Infrastructure as a Service (IaaS) cloud environment. It proposes using distributed overlay-based network virtualization as a solution. Key points include: - Traditional networking devices do not scale well for IaaS clouds with high churn and micro-granularity needs. - An overlay-based approach using encapsulation can build a virtual network that decouples from the physical network and handles network intelligence at the edge. - The Midokura solution presented uses this approach with a distributed control plane, centralized database, and packet processing at ingress points. - It integrates with popular cloud stacks like OpenStack and CloudStack to provide scalable L

Technology
1 of 37
Downloaded 39 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Making a case for distributed overlay-based network virtualization Ben Cherian Chief Strategy Officer @bencherian Midokura
So, you’re building a cloud?
Requirements
1 2 3 4 5 vs 1 New 1 Horizontal scaling
Building blocks of an IaaS cloud
Cloud management system
Compute
Storage
Networking
Traditional networking devices scale up
Service interruptions
High churn, micro granularity
Limitations of VLANs
Traffic trombones
Human costs don’t scale
Additional Requirements
IaaS Cloud Networking Requirements • Multi-tenancy • ACLs • L2 isolation • Stateful (L4) Firewall  Security Groups • L3 routing isolation  VPC • VPN  Like VRF (virtual  IPSec routing and forwarding) • BGP gateway • Scalable control • REST API plane • Integration with CMS  ARP, DHCP, ICMP  CloudStack • NAT (Floating IP)  OpenStack
IaaS Cloud Networking Requirements Typical Network Topology uplink - Creat e one provider rout er upon deployment - Link to uplink - Creat e a rout er f or a t enant - BGP multi-homing - M ap a bridge f or a quant um net work - Global NAT/route settings, e.g. for floating ip Provider Virtual Router (L3) - Tenant router for FW, LB, DHCP and NAT Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network
Solution: Distributed overlay-based network virtualization
Use encapsulation to build a virtual network
Handle network intelligence / network state at the edge
Require less of the physical network
Edge to Edge IP Overlays • Isolation not using VLANs  IP encapsulation • Decouple from physical network • Provisioning VM doesn’t change underlay state • Underlay delivers to destination host IP • Use scalable IGP (iBGP, OSPF) to build multi-path underlay • Inspired by VL2 from MSR
Market trends supporting overlay model • Packet processing on x86 CPUs (at edge) – Intel DPDK facilitates packet processing – Number of cores in servers increasing fast • Clos Networks (for underlay) – Spine and Leaf architecture with IP – Economical and high E-W bandwidth • Merchant silicon (cheap IP switches) – Broadcom, Intel (Fulcrum Micro), Marvell – ODMs (Quanta, Accton) starting to sell directly – Switches are becoming just like Linux servers • Optical intra-DC Networks
The MidoNet Solution • Virtual L2 Distributed Switching • Virtual L2 Isolation • Virtual L3 Distributed Routing • Virtual L3 Isolation • L4 Services (Load Balancing, Firewall) • NAT • Access Control Lists (ACLs) • Virtual port and device monitoring • Restful API • Web based management control panel
The MidoNet Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 vPort Router Tenant B vPort Virtual Virtual Router Switch B1 vPort VM MN MN VM BGP BGP Multi To ISP1 Homing Internet Private IP VM MN Network MN VM BGP To ISP2 Tunnel BGP To ISP3 VM MN MN VM MN MN MN Network State Database Physical Topology
The MidoNet Solution • Distributed and scalable control plane  Handle all control packets at local MidoNet agent adjacent to VM • Scalable and fault tolerant central database  Stores virtual network configuration  Dynamic network state  MAC learning, ARP cache, etc  Cached at edges on demand • All packet modifications at ingress Packet Tunnel Ingress  One virtual hop MN  No travel through middle boxes Encapsulated  Drop at ingress Drop/Block
Scale out model
The MidoNet Solution • Scalable edge gateway interface to external networks – Multihomed BGP to ISP • REST API and GUI • Integration with popular open source cloud stacks – OpenStack • Removes SPOF of network node • Scalable and fault tolerant NAT for floating IP • Implements security groups efficiently – CloudStack (in progress)
CloudStack integration • Currently have L2 integration • Full integration is slated for Q1, 2013 – L3 isolation (without VM / appliance) – Security groups (stateful firewall) – Floating IP (NAT) – Load balancing (L4)
Questions? Slides: http://www.slideshare.net/midokura
Backup slides
Candidate Models • Traditional network • Centrally controlled OpenFlow based hop- by-hop switching fabric • Edge to edge overlays
Traditional Netowrk • Ethernet VLANs for L2 isolation  4096 limit  VLANs will have large spanning trees terminating on many hosts  High churn in switch control planes doing MAC learning non-stop  Need MLAG for L2 multi-path  Vendor specific • MPLS VPN? • VRFs for L3 isolation  Not scalable to cloud scale  Expensive hardware  Not fault tolerant
OpenFlow Fabric • State in switches  Proportional to virtual network state  Need to update all switches in path when provisioning  Not scalable, not fast enough to update, no atomicity of updates • Not good for IaaS cloud virtual networking
Spine and Leaf Network Architecture
Deep OpenStack Integration • Quantum Plugin – L2 isolation, of course • Also… – L3 isolation (without VM / appliance) – Security groups (stateful firewall) – Floating IP (NAT) – Load balancing (L4) 37

More Related Content

PPTX
Networking in the cloud: An SDN primer
Midokura
 
PDF
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
Adam Johnson
 
PDF
Drd700
ciperi
 
PPT
evolution towards NGN
AJAL A J
 
PDF
Encoder
TELE-audiovision eng
 
PDF
Quality of Experience
Thomas Kernen
 
PPTX
Ibc forum 2012-divitel
Verimatrix
 
PDF
Network policies
shanj
 
Networking in the cloud: An SDN primer
Midokura
 
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
Adam Johnson
 
Drd700
ciperi
 
evolution towards NGN
AJAL A J
 
Encoder
TELE-audiovision eng
 
Quality of Experience
Thomas Kernen
 
Ibc forum 2012-divitel
Verimatrix
 
Network policies
shanj
 

What's hot (19)

PPTX
Scalable Video Coding in Content-Aware Networks
mgrafl
 
PPTX
Windows Server 8 Hyper V Networking
Aidan Finn
 
PDF
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Cisco Canada
 
PPTX
Sao Paulo Multi-network Event 2012 - Verimatrix
Verimatrix
 
PDF
2008 EBU Training BBC Scotland Infrastructure
European Broacasting Union
 
PDF
Optical Transport SDN by Peter Landon [APRICOT 2015]
APNIC
 
PDF
10209
ronsito
 
PPTX
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Verimatrix
 
PDF
IPv6 in 3G Core Networks
John Loughney
 
PPTX
Trill and Datacenter Alternatives
Aricent
 
PDF
Netup dvb-tc-ci
TELE-audiovision eng
 
PPT
Backhaul considerations-ver2
Rafael Junquera
 
PDF
Mobile Transport Evolution with Unified MPLS
Cisco Canada
 
ZIP
David A. Burgess's Presentation at eComm 2009
eCommConf
 
PDF
Ultra high definition TV over IP networks
Thomas Kernen
 
PDF
Waris l2vpn-tutorial
rakiva29
 
PDF
Bnova flyer blankomdigital_rev04_web_01
ciperi
 
PPTX
Unified MPLS
Cisco Service Provider
 
PDF
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
Ameen Wayok
 
Scalable Video Coding in Content-Aware Networks
mgrafl
 
Windows Server 8 Hyper V Networking
Aidan Finn
 
Flexible Data Centre Fabric - FabricPath/TRILL, OTV, LISP and VXLAN
Cisco Canada
 
Sao Paulo Multi-network Event 2012 - Verimatrix
Verimatrix
 
2008 EBU Training BBC Scotland Infrastructure
European Broacasting Union
 
Optical Transport SDN by Peter Landon [APRICOT 2015]
APNIC
 
10209
ronsito
 
Multi-network Solutions in the Real World, CABSAT: Steve Oetegenn, Verimatrix
Verimatrix
 
IPv6 in 3G Core Networks
John Loughney
 
Trill and Datacenter Alternatives
Aricent
 
Netup dvb-tc-ci
TELE-audiovision eng
 
Backhaul considerations-ver2
Rafael Junquera
 
Mobile Transport Evolution with Unified MPLS
Cisco Canada
 
David A. Burgess's Presentation at eComm 2009
eCommConf
 
Ultra high definition TV over IP networks
Thomas Kernen
 
Waris l2vpn-tutorial
rakiva29
 
Bnova flyer blankomdigital_rev04_web_01
ciperi
 
Unified MPLS
Cisco Service Provider
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
Ameen Wayok
 
Ad

Viewers also liked (6)

PDF
オープンソースになったMidoNet
Midokura
 
PDF
MidoNet US Launch - Oct 15
Midokura
 
PDF
MidoNet Future -ミドネットの未来-
Midokura
 
PPTX
Midokura Enterprise MidoNet Overview
Midokura
 
PPTX
MidoNet Differentiation and Overview
Midokura
 
PDF
クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化
Midokura
 
オープンソースになったMidoNet
Midokura
 
MidoNet US Launch - Oct 15
Midokura
 
MidoNet Future -ミドネットの未来-
Midokura
 
Midokura Enterprise MidoNet Overview
Midokura
 
MidoNet Differentiation and Overview
Midokura
 
クラウドネットワークの仮想化そしてVxLAN Offloadによる高速化
Midokura
 
Ad

Similar to Cloudstack collab talk (20)

PPTX
Networking in the Cloud: An SDN Primer
OpenStack Foundation
 
PPTX
Cherian networking in_the_cloud_041613
OpenStack Foundation
 
PDF
Windows server 8 hyper v networking (aidan finn)
hypervnu
 
PPTX
Advanced network services insertions framework
salv_orlando
 
PDF
OpenStack Load Balancing Use Cases and Requirements
John Gruber
 
PPTX
Link Virtualization based on Xen
The Linux Foundation
 
PDF
VoIP Connectivity Table
Braun Mincher
 
PDF
Network virtualization with open stack quantum
Miguel Lavalle
 
PDF
Brokerage 2007 presentation wireless
imec.archive
 
PDF
Networking is NOT Free: Lessons in Network Design
Randy Bias
 
PDF
Architecting data center networks in the era of big data and cloud
bradhedlund
 
PDF
Technical introduction to MidoNet
MidoNet
 
PDF
Ryu: network operating system
Isaku Yamahata
 
ODP
Virtual Network Performance Challenge
Stephen Hemminger
 
PPTX
Quantum grizzly summit
Dan Wendlandt
 
PPTX
Quantum PTL Update - Grizzly Summit.pptx
OpenStack Foundation
 
PDF
MFH3 Overview
rorcutt
 
PDF
Hungary Usergroup - Midonet overlay programming
Marton Kiss
 
PDF
Contrail Enabler for agile cloud services
Juniper Networks (日本)
 
PPTX
OpenStack Quantum Intro (OS Meetup 3-26-12)
Dan Wendlandt
 
Networking in the Cloud: An SDN Primer
OpenStack Foundation
 
Cherian networking in_the_cloud_041613
OpenStack Foundation
 
Windows server 8 hyper v networking (aidan finn)
hypervnu
 
Advanced network services insertions framework
salv_orlando
 
OpenStack Load Balancing Use Cases and Requirements
John Gruber
 
Link Virtualization based on Xen
The Linux Foundation
 
VoIP Connectivity Table
Braun Mincher
 
Network virtualization with open stack quantum
Miguel Lavalle
 
Brokerage 2007 presentation wireless
imec.archive
 
Networking is NOT Free: Lessons in Network Design
Randy Bias
 
Architecting data center networks in the era of big data and cloud
bradhedlund
 
Technical introduction to MidoNet
MidoNet
 
Ryu: network operating system
Isaku Yamahata
 
Virtual Network Performance Challenge
Stephen Hemminger
 
Quantum grizzly summit
Dan Wendlandt
 
Quantum PTL Update - Grizzly Summit.pptx
OpenStack Foundation
 
MFH3 Overview
rorcutt
 
Hungary Usergroup - Midonet overlay programming
Marton Kiss
 
Contrail Enabler for agile cloud services
Juniper Networks (日本)
 
OpenStack Quantum Intro (OS Meetup 3-26-12)
Dan Wendlandt
 

More from Midokura (10)

PDF
Journey to an Intelligent Industrial Network - Pino de Candia, CTO Midokura
Midokura
 
PDF
ネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリット
Midokura
 
PDF
OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向
Midokura
 
PDF
OpenStack Havanaのネットワーキング新機能と適用事例
Midokura
 
PPTX
Network Virtualization with MidoNet in CloudStack
Midokura
 
PDF
20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet
Midokura
 
PDF
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Midokura
 
PDF
OSC Osaka 2013
Midokura
 
PDF
20130517 midokura-ncc
Midokura
 
PDF
12th Japan CloudStack User Group Meetup
Midokura
 
Journey to an Intelligent Industrial Network - Pino de Candia, CTO Midokura
Midokura
 
ネットワーク仮想化ソフトウェアMidoNet ユースケースとユーザメリット
Midokura
 
OpenStack Networkingとネットワーク仮想化ソフトMidoNet最新動向
Midokura
 
OpenStack Havanaのネットワーキング新機能と適用事例
Midokura
 
Network Virtualization with MidoNet in CloudStack
Midokura
 
20130614 Interop SDN ShowCase-OpenStage2-MidoNet with Sakura Internet
Midokura
 
Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon...
Midokura
 
OSC Osaka 2013
Midokura
 
20130517 midokura-ncc
Midokura
 
12th Japan CloudStack User Group Meetup
Midokura
 

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
KodekX | Application Modernization Development
KodekX
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
A Presentation on Artificial Intelligence
memembruh336
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Approach and Philosophy of On baking technology
30anthuong17
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 

Cloudstack collab talk

  • 1. Making a case for distributed overlay-based network virtualization Ben Cherian Chief Strategy Officer @bencherian Midokura
  • 4. 1 2 3 4 5 vs 1 New 1 Horizontal scaling
  • 5. Building blocks of an IaaS cloud
  • 10. Traditional networking devices scale up
  • 12. High churn, micro granularity
  • 13. Limitations of VLANs
  • 17. IaaS Cloud Networking Requirements • Multi-tenancy • ACLs • L2 isolation • Stateful (L4) Firewall  Security Groups • L3 routing isolation  VPC • VPN  Like VRF (virtual  IPSec routing and forwarding) • BGP gateway • Scalable control • REST API plane • Integration with CMS  ARP, DHCP, ICMP  CloudStack • NAT (Floating IP)  OpenStack
  • 18. IaaS Cloud Networking Requirements Typical Network Topology uplink - Creat e one provider rout er upon deployment - Link to uplink - Creat e a rout er f or a t enant - BGP multi-homing - M ap a bridge f or a quant um net work - Global NAT/route settings, e.g. for floating ip Provider Virtual Router (L3) - Tenant router for FW, LB, DHCP and NAT Tenant/Project A Tenant/Project B Tenant B Tenant A Virtual Router Virtual Router Network A1 Network A2 Network B1 TenantB office Virtual L2 Virtual L2 Virtual L2 Switch A1 Switch A2 Switch B1 Tenant B VPN Router VM1 VM3 VM5 VM2 VM4 VM6 Office Network
  • 19. Solution: Distributed overlay-based network virtualization
  • 20. Use encapsulation to build a virtual network
  • 21. Handle network intelligence / network state at the edge
  • 22. Require less of the physical network
  • 23. Edge to Edge IP Overlays • Isolation not using VLANs  IP encapsulation • Decouple from physical network • Provisioning VM doesn’t change underlay state • Underlay delivers to destination host IP • Use scalable IGP (iBGP, OSPF) to build multi-path underlay • Inspired by VL2 from MSR
  • 24. Market trends supporting overlay model • Packet processing on x86 CPUs (at edge) – Intel DPDK facilitates packet processing – Number of cores in servers increasing fast • Clos Networks (for underlay) – Spine and Leaf architecture with IP – Economical and high E-W bandwidth • Merchant silicon (cheap IP switches) – Broadcom, Intel (Fulcrum Micro), Marvell – ODMs (Quanta, Accton) starting to sell directly – Switches are becoming just like Linux servers • Optical intra-DC Networks
  • 25. The MidoNet Solution • Virtual L2 Distributed Switching • Virtual L2 Isolation • Virtual L3 Distributed Routing • Virtual L3 Isolation • L4 Services (Load Balancing, Firewall) • NAT • Access Control Lists (ACLs) • Virtual port and device monitoring • Restful API • Web based management control panel
  • 26. The MidoNet Solution Logical Topology vPort Virtual Tenant A Switch A1 Virtual vPort Router vPort Provider Virtual Virtual Switch A2 vPort Router Tenant B vPort Virtual Virtual Router Switch B1 vPort VM MN MN VM BGP BGP Multi To ISP1 Homing Internet Private IP VM MN Network MN VM BGP To ISP2 Tunnel BGP To ISP3 VM MN MN VM MN MN MN Network State Database Physical Topology
  • 27. The MidoNet Solution • Distributed and scalable control plane  Handle all control packets at local MidoNet agent adjacent to VM • Scalable and fault tolerant central database  Stores virtual network configuration  Dynamic network state  MAC learning, ARP cache, etc  Cached at edges on demand • All packet modifications at ingress Packet Tunnel Ingress  One virtual hop MN  No travel through middle boxes Encapsulated  Drop at ingress Drop/Block
  • 29. The MidoNet Solution • Scalable edge gateway interface to external networks – Multihomed BGP to ISP • REST API and GUI • Integration with popular open source cloud stacks – OpenStack • Removes SPOF of network node • Scalable and fault tolerant NAT for floating IP • Implements security groups efficiently – CloudStack (in progress)
  • 30. CloudStack integration • Currently have L2 integration • Full integration is slated for Q1, 2013 – L3 isolation (without VM / appliance) – Security groups (stateful firewall) – Floating IP (NAT) – Load balancing (L4)
  • 33. Candidate Models • Traditional network • Centrally controlled OpenFlow based hop- by-hop switching fabric • Edge to edge overlays
  • 34. Traditional Netowrk • Ethernet VLANs for L2 isolation  4096 limit  VLANs will have large spanning trees terminating on many hosts  High churn in switch control planes doing MAC learning non-stop  Need MLAG for L2 multi-path  Vendor specific • MPLS VPN? • VRFs for L3 isolation  Not scalable to cloud scale  Expensive hardware  Not fault tolerant
  • 35. OpenFlow Fabric • State in switches  Proportional to virtual network state  Need to update all switches in path when provisioning  Not scalable, not fast enough to update, no atomicity of updates • Not good for IaaS cloud virtual networking
  • 36. Spine and Leaf Network Architecture
  • 37. Deep OpenStack Integration • Quantum Plugin – L2 isolation, of course • Also… – L3 isolation (without VM / appliance) – Security groups (stateful firewall) – Floating IP (NAT) – Load balancing (L4) 37

Editor's Notes

  • #6: Cloud ManagementComputeStorageNetworking
  • #37: The CMS (cloud management system) integration is critically importantWe have built a deep integration with OpenStackL2 isolation is a given!L2 isolation is not enoughL3 isolation (inter-network routing), scalable NAT, scalable security groups are also needed for a complete solution