Operators experience and perspective on SDN with VLANs and L3 Networks
Download as PPTX, PDF0 likes747 views
The presentation at the OpenStack Summit 2016 discusses the operator's experience with Software Defined Networking (SDN) utilizing VLANs and L3 networks, focusing on TCP Cloud's private cloud solutions and their partnerships. It emphasizes the significance of networking in cloud environments, highlights the challenges of choosing the right SDN solutions, and outlines various objectives and key criteria for enterprises. The conclusion asserts that Contrail, available as open source, is a core capability for secure multi-tenancy in cloud platforms, providing strong network isolation and access control.
Operators experience and perspective on SDN with VLANs and L3 Networks
- 1. Operator's experience and perspective on SDN with VLANs and L3 Networks @tcpcloud OpenStack Summit Austin 2016
- 2. Presentation Agenda • About tcp cloud & workday • OpenStack Networking/SDN • SDN key criteria for enterprises • SDN operation Use Cases • Comparison of SDN
- 3. About tcp cloud ❖ Active in global community (OpenStack, OpenContrail, SaltStack, etc…) ❖ Partnership (Canonical, Juniper, Arrow ECS, etc…) ❖ Own Hi-Tech Datacenter (TIER III, 20kW per rack, hundreds 10Gbps ports, etc…) ❖ Focused on private open cloud solutions and services (since 2011) ❖ References (AVG Technologies, Czech Railways, Mall.cz, 100%IT) ❖ Two directions: ➢ Enterprise Private Cloud solutions (OpenStack, Kubernetes) ➢ IoT (SmartCity projects)
- 4. About Workday ● On-demand (cloud-based) financial management and human capital management software vendor. ● Juniper Contrail ● L3 fabric network
- 5. • All clouds are about networking • Key and the most controversial component of OpenStack • High Availability, Scalability, Migration, Multi-tenancy, Performance, Security • LBaaS, FWaaS, VPNaaS, Service Chainning • Multiple solutions • 30+ plugin drivers • It is almost impossible to choose right way OpenStack Networking/SDN
- 6. Multiple Openstack Neutron SDN
- 7. • Provide secure multi-tenancy using strong network isolation • Policy driven network access control within (and across) projects/domains • Support software driven network functions • LBaaS, DNSaaS, etc. • Interconnect OpenStack with bare metal storage/analytics services • Provide an ability for product engineering teams to define a network topology via REST APIs • Associate network objects dynamically with VMs, Projects • Create and manage network access control policies within and across projects • Enable easier integration of applications on partner infrastructure General SDN Objectives
- 8. First step = Overlay or not Overlay Cloud native way • Cloud native apps • No overlapping (callico can) • No IP failover • No Live Migration • No L2 between VMs • Suitable for containers VLANs • 4k limit • No failure isolation domain • Spanning many ToRs • Physical device configuration Overlay • Simple physical network • L3 between ToRs • Controllers orchestrate tunnel mesh for VM • Overlapping, NFV, VNF
- 9. First step = Overlay or not Overlay Cloud native way • Cloud native apps • No overlapping (callico can) • No IP failover • No Live Migration • No L2 between VMs • Suitable for containers VLANs • 4k limit • No failure isolation domain • Spanning many ToRs • Physical device configuration Overlay • Simple physical network • L3 between ToRs • Controllers orchestrate tunnel mesh for VM • Overlapping, NFV, VNF Legacy - not suitable for cloud Future - cloud native applications
- 10. • NFV & VNF - LBaaS, VPNaaS • Direct traffic datapath - East-West & North-South • North-South - must be routed on physical routers • Multiple external networks • Performance & Scaling • Bare metal connection (non virtualized servers) SDN key criterias for enterprise
- 11. • Open source • L3VPN, EVPN capabilities • Multi cloud solution - Kubernetes, KVM, other hypervisors • Integration of physical LbaaS • IPv6 support • Intel DPDK, SR-IOV SDN optionals for service providers
- 12. • Linux bridge, OVS • External network in port to each compute • L2 underlay only • No analytics • Too complex Neutron DVR Complexity
- 13. • L3/L2 compatible • open source • no too complex OpenContrail
- 14. • No network node • No proprietary gateway node (appliances) • MPLSoverGRE or VXLAN termination in Network devices • L3VPN, EVPN, OVS-DB Direct datapath North-South, East-West
- 15. • depends on encapsulation • depends on NIC offloading • 4 % payload overhead • 9.6 Gbits/s North-South, East-West with MPLSoverGRE • 5.2 Gbits/s with OVS VXLAN Data Plane Performance
- 20. IPv6 Integration
- 21. Openstack Cluster Deployment - sample logical
- 22. Openstack Cluster Deployment - sample
- 23. OpenContrail vs Neutron DVR vs Other OpenContrail Neutron DVR Other SDN Licensing Fully Open Source (Commercial support from Juniper) Open Source Depends Hypervisors Orchestrator KVM, VMware, Kubernetes KVM, VMware (limited), Docker Depends Gateway Routing (South- North) Any arbitrary Edge Router (supports MPLS, GRE) Juniper MX, Cisco ASR, etc. Direct from each compute. External routing is provided at appliances not network devices. Performance Near the line speed for both directions (9.6 Gbits on 10Gbits) 6 Gbits for East-West and North-South 6 Gbits for East-West. For North-South depends on gateway appliances, but not more than 6Gbit.
- 24. • SDN is core capability to us offer a secure multi- tenant cloud platform • overlay solutions provide a strong network isolation and access control • Overlay provide tight container - VM integration SDN Conclusion
- 25. Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper. www.opentcpcloud.org Reference Architecture for OpenStack deployment Same features and scaling as commercial version Uses proven stable standards. Production-Ready. Permissive license Apache 2.0 tcp cloud is main contributor Join us at OpenContrail Community
- 27. @tcpcloud OpenStack Summit Austion 2016