Operator's experience and perspective on SDN with VLANs and L3 Networks

@tcpcloud

OpenStack Summit Austin 2016

Presentation Agenda

• About tcp cloud & workday• OpenStack Networking/SDN• SDN key criteria for enterprises• SDN operation Use Cases• Comparison of SDN

About tcp cloud

❖ Active in global community (OpenStack, OpenContrail, SaltStack, etc…)❖ Partnership (Canonical, Juniper, Arrow ECS, etc…)❖ Own Hi-Tech Datacenter (TIER III, 20kW per rack, hundreds 10Gbps ports, etc…)❖ Focused on private open cloud solutions and services (since 2011)❖ References (AVG Technologies, Czech Railways, Mall.cz, 100%IT)❖ Two directions:

➢ Enterprise Private Cloud solutions (OpenStack, Kubernetes)➢ IoT (SmartCity projects)

About Workday● On demand (cloud-based) financial ‑

management and human capital management software vendor.

● Juniper Contrail● L3 fabric network

• All clouds are about networking• Key and the most controversial component of

OpenStack• High Availability, Scalability, Migration, Multi-tenancy,

Performance, Security• LBaaS, FWaaS, VPNaaS, Service Chainning• Multiple solutions

• 30+ plugin drivers• It is almost impossible to choose right way

OpenStack Networking/SDN

Multiple Openstack Neutron SDN

• Provide secure multi-tenancy using strong network isolation• Policy driven network access control within (and across)

projects/domains• Support software driven network functions

• LBaaS, DNSaaS, etc.• Interconnect OpenStack with bare metal storage/analytics

services• Provide an ability for product engineering teams to define a

network topology via REST APIs• Associate network objects dynamically with VMs, Projects• Create and manage network access control policies within

and across projects• Enable easier integration of applications on partner

infrastructure

General SDN Objectives

First step = Overlay or not OverlayCloud native way

• Cloud native apps• No overlapping (callico

can)• No IP failover• No Live Migration• No L2 between VMs• Suitable for containers

VLANs• 4k limit• No failure isolation

domain• Spanning many ToRs• Physical device

configuration

Overlay• Simple physical

network• L3 between ToRs• Controllers

orchestrate tunnel mesh for VM

• Overlapping, NFV, VNF

First step = Overlay or not OverlayCloud native way

• Cloud native apps• No overlapping (callico

can)• No IP failover• No Live Migration• No L2 between VMs• Suitable for containers

VLANs• 4k limit• No failure isolation

domain• Spanning many ToRs• Physical device

configuration

Overlay• Simple physical

network• L3 between ToRs• Controllers

orchestrate tunnel mesh for VM

• Overlapping, NFV, VNF

Legacy - not suitable for

cloudFuture - cloud

native applications

• NFV & VNF - LBaaS, VPNaaS• Direct traffic datapath - East-West & North-South • North-South - must be routed on physical routers• Multiple external networks• Performance & Scaling• Bare metal connection (non virtualized servers)

SDN key criterias for enterprise

• Open source• L3VPN, EVPN capabilities• Multi cloud solution - Kubernetes, KVM, other

hypervisors• Integration of physical LbaaS• IPv6 support• Intel DPDK, SR-IOV

SDN optionals for service providers

• Linux bridge, OVS• External network in

port to each compute

• L2 underlay only• No analytics• Too complex

Neutron DVR Complexity

• L3/L2 compatible• open source• no too complex

OpenContrail

• No network node• No proprietary gateway node

(appliances)• MPLSoverGRE or VXLAN termination in

Network devices• L3VPN, EVPN, OVS-DB

Direct datapath North-South, East-West

• depends on encapsulation• depends on NIC offloading• 4 % payload overhead• 9.6 Gbits/s North-South, East-West with MPLSoverGRE• 5.2 Gbits/s with OVS VXLAN

Data Plane Performance

Multi Cloud networking

Multi Cloud networking

Bare metal integration

Physical LbaaS integration

IPv6 Integration

Openstack Cluster Deployment - sample logical

Openstack Cluster Deployment - sample

OpenContrail vs Neutron DVR vs OtherOpenContrail Neutron DVR Other SDN

Licensing Fully Open Source (Commercial support from Juniper)

Open Source Depends

Hypervisors Orchestrator

KVM, VMware, Kubernetes

KVM, VMware (limited), Docker

Depends

Gateway Routing (South-North)

Any arbitrary Edge Router (supports MPLS, GRE) Juniper MX, Cisco ASR, etc.

Direct from each compute.

External routing is provided at appliances not network devices.

Performance

Near the line speed for both directions (9.6 Gbits on 10Gbits)

6 Gbits for East-West and North-South

6 Gbits for East-West. For North-South depends on gateway appliances, but not more than 6Gbit.

• SDN is core capability to us offer a secure multi-tenant cloud platform

• overlay solutions provide a strong network isolation and access control

• Overlay provide tight container - VM integration

SDN Conclusion

Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper.www.opentcpcloud.org Reference Architecture for OpenStack deployment

Same features and scaling as commercial versionUses proven stable standards. Production-Ready.

Permissive license Apache 2.0

tcp cloud is main contributor

Join us at OpenContrail Community

Questions?

Marek Celoudmarek.celoud@tcpcloud.eu@MCeloud

Jakub Pavlíkjakub.pavlik@tcpcloud.eu@JakubPav

@tcpcloud

OpenStack Summit Austion 2016