Network virtualization for cloud services infrastructure
INDUST RIA L PR OJ E CT WIT H A LCAT E L -LUCENT
SHAHR YAR ALI
Problem statement
• Cloud computing has increased the requirements on the network infrastructure.
• Traditional Data center networks are less scalable, complex and inflexible.
• Technologies like VLANs and STP does not meet the requirements of Multi-tenant virtualized data centers.
Industry solutions
• Network Virtualization
1. TRILL (IETF), PBB(IEEE 802.1ah) , SPB (IEEE 802.1aq)
2. VRF, MPLS-VPN
3. VXLAN, NVGRE, STT (recent IETF drafts)
• Software defined networks (SDN)
1. OpenFlow
2. OpenStack
Project objectives
Investigating multi-tenant data centers
Understanding Data center Networking
Analyzing Multi-tenant virtualized
data centers
Investigating the limitations of multi-tenant data centers
and solutions
Understanding the limitations of Multi-tenant data
centers
Analyzing the Network
virtualization solutions.
Examining recent IETF drafts
Comparative Analysis
Limitations of VXLAN
Use of Software Defined Networks
OpenFlow as control plane for
VXLAN
Lab Simulation
Proposing an OpenStack based
solution
Literature Review : Cloud Computing
• Cloud Computing types
1. Public
2. Private
3. Hybrid
• Cloud Computing types of service
1. Software as a service (SaaS)
2. Platform as a service (PaaS)
3. Infrastructure as a service (IaaS)
Literature review : Virtualization
VM1
Application
Guest OS
Virtual Hardware
VM2
Application
Guest OS
Virtual Hardware
Physical Server (Memory, CPU)
Host Operating system or Hypervisor
• Virtualization basics
1. Hypervisor
2. Virtual machine(VM)
• Why virtualize?
1. To avoid server sprawl
2. Reduce costs
3. Isolate applications
Investigating multi-tenant virtualized Data centers
Data center Networking
• Data center networking architecture
1. Core layer
2. Aggregation layer
3. Access layer
• Networking protocols essentials
1. IP, TCP, UDP
2. ARP, Ethernet
3. VLANs and STP
Multi-tenant virtualized data centers
• Multi-tenancy
• Multi-tenant data center designs
1. Top of Rack(ToR)
2. End of Row(EoR)
Multi-tenant virtualized data centers
Multi-tenant separation
Layer 2 network virtualization Layer 3 network virtualization
Understanding the limitations of multi-tenant data centers
• VLAN limitations
• 12 bit VLAN ID
• STP limitations
• Limits bandwidth
• Slow convergence
• Multi-tenant address separation
• Duplicate IP and MAC addresses
• VM mobility
• Mobility across subnets
• Complexity
• No dynamic provisioning
What is Network virtualization?
Faithful reproduction of the physical network .
• Use of overlay networks
1. MAC-in-MAC encapsulation
2. MAC-in-IP encapsulation
• Dynamic network provisioning, simplified network management.
• Symmetry between the compute and Network parts.
Network virtualization with L2 overlay over L3 (MAC-in-IP encapsulation)
1. Virtual extensible LANs( VXLAN)
2. Network virtualization with GRE (NVGRE)
3. Stateless transport tunneling protocol (STT)
Virtual extensible LANs( VXLAN)
• Backed by VMware, Cisco systems, Arista Networks, Brocade, and Redhat.
• Exclusively to address the limitations caused by multi-tenancy.
• 24-bit ID called Virtual Network Identifier (VNI).
• VXLAN uses UDP encapsulation.
Virtual extensible LANs( VXLAN)
• VXLAN segment identified by VNI between tunnel endpoints called Virtual Tunnel End Points (VTEPs).
• Ideally each VNI is associated to a seperatemulticast group.
• VTEPs join a particular multicast group using Internet Group management protocol(IGMP).
• Switches learn about groups using IGMP snooping.
NVGRE
• Backed by Microsoft, HP, and Dell.
• Addresses the same problems as VXLAN.
• Generic routing encapsulation(GRE) as a tunneling protocol.
• STT is VMware’s (originally Nicira’s) proposal.
• Also addresses the problem of large packets size (MTU) which VXLAN and NVGRE does not.
• STT leverages the advantages of TSO(TCP segmentation offload).
STT
OpenFlow and Network virtualization
• Control plane in the controller and Data plane in the switch.
• The action of the switch depends on the rule on which the packet header is defined.
• Network virtualization through Flowvisor.
• OpenFlow in multi-tenant data centers
1. To remove VLAN limitations
2. On-demand tenant network configuration
3. Vendor independence
Comparative analysis
• VXLAN versus NVGRE and STT
1. Existing switches does not parse GRE completely.
2. Load balancing, firewalls and ACLs issues with NVGRE.
3. Large and dominant vendor community.
4. Firewalls more likely to block STT.
• VXLAN versus MPLS
1. Hypervisor vendors use only layer 2 model.
2. Networking gear in the data centers does not support MPLS.
VXLAN
• VMware ESXi
• Cisco Nexus 1000V
• OpenvSwitch 1.10.0
• Latest additions:
• Arista 7150 Series[58]
• Nauge Networks DVRS [59]
• Brocade ADX Series
• F5 Big IP platform
NVGRE
• Microsoft Windows Server 2012
• Openvswitch 1.10.0
• Latest additions:
• Arista 7150 Series
OpenFlow as control plane for VXLAN
• Limitations of VXLAN
1. IP Multicast
2. No control plane specified
• Advantages of OpenFlow based control plane
1. Less processing Load on Hypervisor.
2. On demand flow entries.
3. No control plane protocols in switch.
Lab Simulation: VXLAN with Open vSwitch and Floodlight OpenFlow controller
Lab Simulation
Tasks:
• Connecting Floodlight controller to Open vSwitch
• Pushing static flows in Floodlight controller using REST API
• VXLAN tunnel configuration between two isolated bridges
Results:• Only point to point tunnels can be created as
there is no multicast learning in Open vSwitch.
• It is less scalable and no dynamic provisioning of virtual networks is possible.
Solution : • Require to build a controller module to enable
IGMP snooping.
• Integrate a cloud orchestration system like OpenStack to access the VNI to multicast mapping.
Integrating OpenStack with OpenFlow based VXLAN solution
• OpenStack can be used to provide a management plane.
• OpenStack with Open vSwitch can be directly used to create VXLAN tunnels using the OVS plugin.
• OpenFlow can discover the database of virtual networks from OpenStack using the OpenStack APIs.
Conclusion and Recommendations
• Traditional data centers networking needs to change to meet the requirements of cloud computing.
• Network virtualization using overlays can address most or all of the limitations.
• VXLAN is the most viable overlay mechanism .
• OpenFlow can work as a potential control plane for VXLAN.
• Integrating OpenStack can further optimize the network virtualization solution.
References• “VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks”, working
draft, version 4, Network Working Group, IETF, February 2013.
• Sridharan, M., "NVGRE: Network Virtualization using Generic Routing Encapsulation", draft-sridharan-virtualization-nvgre-02, Feb 2013
• Davie, B., and J. Gross. "A stateless transport tunneling protocol for network virtualization (STT)." draft-davie-stt-03. txt (work in progress) (2013).
• “Network Functions Virtualisation”, whitepaper, ETSI. 22 October 2012
• ONF Market Education Committee. "Software-Defined Networking: The New Norm for Networks." ONF White Paper. Palo Alto, US: Open Networking Foundation (2012)
• “Problem Statement: Overlays for Network Virtualization draft-ietf-nvo3-overlay-problem-statement-04 ”, working draft, Network Working Group, IETF, May 2013.
References• Network Virtualization Platform”, whitepaper, Nicira, 2013.
• “Virtualized services platform release 1.0 , whitepaper, Nuage Networks-An Alcatel-Lucent Venture, 2013
• Sherwood, Rob, et al. "Flowvisor: A network virtualization layer." OpenFlow Switch Consortium, Tech. Rep (2009).
• Project Floodlight, Big Switch networks. http://www.projectfloodlight.org/floodlight.
• Open source software for building private and public clouds .Available: http://www.openstack.org/.
• Neutron plugins, https://wiki.openstack.org/wiki/Neutron.