Network Service in OpenStack Cloud, by Yaohui Jin
Download as PPTX, PDF6 likes2,388 views
The document discusses network service in OpenStack cloud. It introduces SDN and network virtualization technologies like OpenFlow, VXLAN, and NVGRE. It describes how OpenStack's Quantum project provides network as a service and supports various plug-ins for virtual and physical network provisioning, including options from Open vSwitch, NVP, Cisco, and OpenFlow controllers. It also outlines the speaker's work on a virtual network solution called vCube that enables coexistence of VLAN and GRE networks in OpenStack and provides QoS and visibility capabilities.
Network Service in OpenStack Cloud, by Yaohui Jin
- 1. Network Service in OpenStack Cloud Yaohui Jin email: jinyh@sjtu.edu.cn Sina Weibo: @bright_jin (The slides will be shared in Sina Weipan & Slideshare ) Network & Information Center © jinyh@sjtu
- 2. Acknowledgement Team: Dr. Xuan Luo, Pengfei Zhang, Xiaosheng Zuo, Zhixing Xu, Xinyu Xu, Jianwen Wei, Baoqing Huang, etc. Prof. Hongfang Yu and team with UESTC Prof. Jianping Wang with CityU HK Engineers, discussion and slides from Intel, SINA, IBM, Cisco, Dell, VMware/EMC, H3C, Huawei , IXIA, … OpenStack Community China OpenStack User Group (COSUG) China OpenStack Cloud League (COSCL) Technical blogs such as blog.ioshints.info, ipspace.net, … © jinyh@sjtu 2
- 3. About me 上海交通大学 教授,以前做光通信的,现在改行 做云计算了。。。 上海交通大学 网络信息中心 副主任,其实就是 个苦逼的挨踢网管啊。。。 研究兴趣: 数据中心网络,海量流式数据分析, 云计算架构 © jinyh@sjtu 3
- 4. OpenStack in Academia for Research & Operation USC, Information Science Institute Purdue University University of Melbourne San Diego Supercomputer Center Brookhaven National Lab., DOE Argonne National Lab., DOE European Organization for Nuclear Research (CERN) Shanghai Jiao Tong University University of Science & Technology of China University of Electrical Science & Technology of China …… © jinyh@sjtu 4
- 5. Agenda Introduction SDN and OpenFlow Network Virtualization Network Virtualization in OpenStack Our Work © jinyh@sjtu 5
- 6. The Service Trend "Decoupling infrastructure management from service management can lead to innovation, new business models, and a reduction in the complexity of running services. It is happening in the world of computing, and is poised to happen in networking.“ Jennifer Rexford Professor, Princeton University Last month, VMware paid $1.2B to acquire Nicira for software defined networking (SDN). © jinyh@sjtu 6
- 7. Why is Nicira worth $1.2 billion? © jinyh@sjtu 7
- 8. SDN and OpenFlow © jinyh@sjtu
- 9. Software Defined Network (SDN) A network architecture in which the network control plane (OS) is decoupled from the physical topology using open protocols such as OpenFlow. © jinyh@sjtu 9
- 10. Flow Table (v1.1) Rules: Ethernet, IP, MPLS, TCP/UDP any combination, exact or wildcard Actions: Forward, Drop, Modify field (NAT) Statistics: Volume based billing, anti DDOS © jinyh@sjtu 10
- 11. OpenFlow Implementation Hypervisor Mode Open vSwitch (OVS): XEN, KVM, … OVS other features: security, visibility, QoS, automated control Hardware Mode OpenFlow Switch Hop by hop configuration © jinyh@sjtu 11
- 12. Reality Check “OpenFlow doesn’t let you do anything you couldn’t do on a network before” –Scott Shenker (Professor, UC Berkeley, OpenFlow co-inventor) Frames are still forwarded, packets are delivered to hosts. OpenFlow 1.3 was recently approved. Major vendors are participating - Cisco, Juniper, Brocade, Huawei, Ericsson, etc. It’s still early stage technology but commercial products are shipping. OpenFlow led by large companies Google/Yahoo/Verizon and lack of focus on practical applications in the enterprise. © jinyh@sjtu 12
- 13. OpenFlow Interop Fifteen Vendors Demonstrate OpenFlow Switches at Interop (May 8-12, 2011) © jinyh@sjtu 13
- 15. General Data Center Architecture Cloud management system allows us dynamically provisioning VMs and virtual storage. © jinyh@sjtu 15
- 16. What customers really want? Virtual Network Requirements Multiple logical segments Multi-tie applications Load balancing and firewalling Unlimited scalability and mobility © jinyh@sjtu 16
- 17. Multi-Tenant Isolation Making life easier for the cloud provider Customer VMs attached to “random” L3 subnets VM IP addresses allocated by the IaaS provider Predefined configurations or user-controlled firewalls Autonomous tenant address space Both MAC and IP addresses could overlap between two tenants, or even within the same tenant Each overlapping address space needs a separate segment © jinyh@sjtu 17
- 18. Scalability Datacenter networks have got much bigger (and getting bigger still !!) Juniper’s Qfabric ~6000 ports, Cisco’s FabricPath over 10k ports Tenant number dramatically increase as the IaaS experiences rapid commoditization Forrester Research forecasts that public cloud today globally valued at $2.9B, projected to grow to $5.85B by 2015. Server virtualization increase demand on switch MAC address tables Physical with 2 MACs -> 100 VMs with 2 vNIC need 200+ MACs! © jinyh@sjtu 18
- 19. Possible Solutions (1) VLANs per tenant limitations of VLAN-id range (Only 12bits ID = 4K) VLAN trunk is manually configured Spanning tree limits the size of the network L2 over L2 vCDNI(VMware), Provider Bridging(Q-in-Q) Limitations in number of users (limited by VLAN-id range) Proliferation of VM MAC addresses in switches in the network (requiring larger table sizes in switches) Switches must support use of same MAC address in multiple VLANs (independent VLAN learning) © jinyh@sjtu 19
- 20. Possible Solutions (2): L2 over IP Virtual eXtensible LAN (VXLAN) VMware, Arista, Broadcom, Cisco, Citrix, Red Hat VXLAN Network Identifier (VNI): 24 bits = 16M UDP encapsulation, new protocol Network Virtualization Generic Routing Encapsulation (NVGRE) Microsoft, Arista, Intel, Dell, HP, Broadcom, Emulex Virtual Subnet Identifier (VSID): 24 bits = 16M GRE tunneling, relies on existing protocol Stateless Transport Tunneling (STT) Nicira Context ID: 64 bits, TCP-like encapsulation © jinyh@sjtu 20
- 21. VXLAN/NVGRE: How it Works? without overlay using VXLAN using NVGRE © jinyh@sjtu 21
- 22. Dynamic MAC learning Dynamic MAC learning with L2 flooding over IP multicasting Flooding does not scale when fabric gets bigger. © jinyh@sjtu 22
- 23. Control Plane (Nicira) L2-over-IP with control plane OpenFlow-capable vSwitches IP tunnels (GRE, STT ...) MAC-to-IP mappings by OpenFlow Third-party physical devices Benefits No reliance on flooding No IP multicast in the core © jinyh@sjtu 23
- 24. Transitional Strategy Depends on Your Business 100s tenants, 100s servers: VLANs 1000s tenants, 100s servers: vCDNI or Q-in-Q Few 1000s servers, many tenants: VXLAN/NVGRE/STT More than that: L2 over IP with control plane Open question: How to solve the co-existing scenarios in one cloud? © jinyh@sjtu 24
- 25. Network Virtualization in Openstack © jinyh@sjtu
- 26. OpenStack Today Networking is embedded inside of Nova compute, and un-accessible to application developers Details and differences associated with network provisioning complicates a simple compute service Difficult to track changes in networking as Software- defined Networking (SDN) comes into play © jinyh@sjtu 26
- 27. With Quantum – Networking becomes a Service Nova becomes simpler, easier to maintain and extend Developers have ability to create multiple networks for their own purposes (multi-tier apps) May support provisioning of both virtual and physical networks – differences captured through plugin’s © jinyh@sjtu 27
- 28. Quantum API interactions © jinyh@sjtu 28
- 29. Plug-in’s available today Open vSwitch Linux bridge Nicira NVP Cisco (Nexus switches and UCS VM-FEX) NTT Labs Ryu OpenFlow controller NEC OpenFlow Big Switch Floodlight © jinyh@sjtu 29
- 30. Quantum in Horizon Create/delete private network Create “ports” and attach VM’s Assign IP address blocks (DHCP) © jinyh@sjtu 30
- 31. Quantum OVS Plugin: VLAN solution with Open vSwitch © jinyh@sjtu 31
- 32. OVS Plugin Flow Chart © jinyh@sjtu 32
- 33. Ryu Plugin: Overlay solution with Openflow © jinyh@sjtu 33
- 34. Ryu Plugin Flow Chart © jinyh@sjtu 34
- 35. vCube: Virtual, Versatile, Visible Network Service for OpenStack Cloud © jinyh@sjtu
- 36. Network Environment Data Center Network: 10 GE Switch (BNT&H3C) in 2 domains Control and Manage: GE Switch (DCRS) 10GE connect to campus network Fat tree topology; L3: VRRP; L2: LACP+VLAG+MSTP Security control: SSH, NAT, ACL, VLAN NIC: Intel X520-DA2; Chelsio T420E-CR © jinyh@sjtu 36
- 37. Transition:Co-existing VLAN/GRE VLAN solution: Openstack + Open vSwitch GRE solution: Openstack + Ryu © jinyh@sjtu 37 43
- 38. QoS in Virtual Network Bandwidth upper bound for VMs With only OVS : 200Mbit/s With OVS and virtio: 8Gbit/s Bandwidth guarantee with Openstack + OVS User defined rate limitation Differential service level for tenants High bandwidth utilization Stable performance under dynamic traffic © jinyh@sjtu 38
- 39. Visible Virtual Network by sFlow Virtual Physical Virtual Physical Machine Server Switch Switch CPU Unicast Disk Multicast Port Traffic Traffic © jinyh@sjtu © jinyh@sjtu 39 45
- 40. The Whole Picture © jinyh@sjtu 40
- 41. Thanks for your attention! Weibo: @bright_jin © jinyh@sjtu 41