plumgrid technical introduction ams... · openstack networking state of the union 6 openstack...

2011-2014 © PLUMgrid - Confidential Information

Amsterdam - September 2014

PLUMgrid Technical Introduction Oded Nahum – Systems Engineer [email protected]


Outline

2

•  Introduction

•  OpenStack Networking challenge

•  PLUMgrid System components and Virtual Domains

•  OpenStack networking with PLUMgrid

•  Live Demo

•  Q&A


Introduction


PLUMgrid

“ We are the first company to deliver a holistic virtualized network infrastructure solution

for the modern cloud datacenter ”

4

On Demand

Any Network

Policy Driven

Hyper Scale

Any Hardware

Pervasive Security


Cloud Automation requires Virtual Network

5"

PHYS

ICA

L IN

FRA

STR

UC

TUR

E VI

RTU

AL

INFR

AST

RU

CTU

RE

Virtual Compute

Compute Storage

Virtual Storage

Cloud Management Platform

Portal / Self Service Catalog

Enterprise Cloud / Service Cloud / SaaS Cloud Pure Cloud

CR

M

VDI

ERP IaaS

SaaS

PaaS

Network

Virtual Network

Physical Network Infrastructure limits Cloud Automation


OpenStack Networking State of the Union

6

OpenStack Network

Controller

Open vSwitch

v  Basic switch features only v  Limited scale v  Limited performance v  BOTTOM LINE: NOT FOR PRODUCTION

v  Single point of failure v  No HA capabilities v  Limited performance v  BOTTOM LINE: NOT FOR PRODUCTION

How do I scale as new users onboard? Can I see what’s going on with my tenants? How much control can I give my tenants? How do I harden and secure my environment? How do I integrate my physical load balancers and firewalls?

?


OpenStack with OVS

Hypervisor vSwitch

Neutron OVS

plugin

VM

Hypervisor vSwitch VM


Server 1

Server 2

Server N

Nova

Simple Layer 2 Functionality


OpenStack with OVS

Hypervisor vSwitch

Neutron OVS

plugin

VM



Network Nodes

Server 1

Server 2

Server N

Nova Virtual Router

Virtual Firewall

Virtual LB

Virtual DHCP


OpenStack with OVS

Neutron

ML2/OVS plugin

VM

Network Nodes

VM VM

VM

VM VM VM

VM VM

VM VM VM

VM VM

VM

VM VM VM

Nova

Glance

Swift

Cinder L3 Agent

FWaaS Agent LBaaS Agent

Agent

Agent

Agent

Agent

Agent

Agent

Complex – Agent Sprawl, Limited Functionality

DHCP Agent

Services Neutron

Framework

•  Single point of failure •  Agent-based deployment produce a complicated system to monitor, control and debug •  DP bottleneck for all services (L3, DHCP, NAT, FW and LB) •  Performance degradation – Ethernet frames must pass through nine devices inside of the compute host server (http://

docs.openstack.org/)


OpenStack with OVS

Hypervisor vSwitch

Neutron OVS

plugin

VM



Network Nodes

Server 1

Server 2

Server N

Nova


OpenStack networking with PLUMgrid


YOUR PHYSICAL NETWORK INFRASTRUCTURE IN YOUR DATA CENTER

VXLAN-BASED OVERLAY NETWORK

VM VM VM VM VM VM

100s

10,000s

DISTRIBUTED ARCHITECTURE

NON-STOP

FORWARDING

SERVICE INSERTION

1000s

VIRTUAL DOMAIN VIRTUAL DOMAIN

PLUMGRID NETWORK LIBRARY

Bridge

Router

LB

Security Policies

Bridge

Security Policies

Bridge

Router

FW

12

Secure Virtual Domains for OpenStack Clouds


PLUMgrid Virtual Domains


14

Virtual Domains

Virtual Compute

App

OS

Physical Compute

Virtual Domain

Physical Network

Common Attributes: •  Software Container •  Decoupled from HW •  Logical Representation •  Create, Copy, Clone

Software Container for Virtual Network Functions


15

Why Virtual Domains?

No device-by-device Configuration required

Solves limitations of Physical Network Infrastructure: •  Automation •  Scale •  Multi-tenancy •  Fault Isolation •  Visibility •  Flexibility

Virtual Network Infrastructure

Physical Network

2011-2014 © PLUMgrid - Confidential Information x86 Software Only Solution – Completely Decoupled From Hardware

PLUMgrid Platform™

Overlay Based Infrastructure •  Virtual Domains •  On-Demand •  Multi Tenant •  Automated •  Self Service •  Secure

Device Based Infrastructure •  QoS, Bandwidth •  Latency •  Multicast •  Capacity •  Connectivity

The right architecture for Cloud

Virtual Netw

ork Infrastructure

Physical Netw

ork Infrastructure


Virtual Network Functions

Virtual Network Functions Description

Bridge •  Distributed Layer 2 network function •  Connects VMs on same IP subnet inside Virtual Domain

Router •  Distributed Layer 3 network function •  Connects VMs from different subnets inside a Virtual Domain

DHCP •  Distributed DHCP function for dynamic IP Address allocation •  Associated on per Bridge basis

NAT •  Distributed Network Address Translation function •  Supports Inbound / Outbound, Many to One, One to One NAT

Security Policies •  Distributed Layer 4 Security network function •  Substitute for Layer 4 ACLs / Firewalls •  *see more details in Security section


Understanding Virtual Domains

PHYSIC

AL

INFR

ASTR

UC

TUR

E VIEW

VIRTU

AL

INFR

ASTR

UC

TUR

E VIEW

Custom or Template based Virtual Network Domains per Tenant

Tenant 1 Tenant 2 Tenant 3

VM VM VM VM

Internet

VM VM

VM

VM PLUMgrid Zone


Building Blocks of PLUMgrid Platform

19

Director Cluster

Server Workload Cluster

Network Fabric

Gateways

PLUMgrid Director

IOVisor - Gateway

IOVisor - Edge

Internet

VM VM

VM

VM

PLUMgrid Zone = collection of Edges and Gateways operated by a Director cluster


Director Cluster

•  The brain of the system. Coordinates and manages all resources

•  User accesses the Director Cluster through a VIP

•  All members of the cluster and simultaneously active. Load dynamically adjusts across Director Cluster members

•  N+1 high availability (currently x 3) model provides continuous uptime

•  Supports Headless Operations (VMs and Virtual Domains data planes continue to be operational when Director Cluster not functional)

20

Director Cluster


IO Visor Edge

•  Distributed Data plane

•  Runs in the hypervisor (inside the kernel)

•  Provides networking for VMs

•  Edge to Edge connectivity with VXLAN tunnels (overlay)

21"

Edge

Management Fabric

KVM


IO Visor Gateway

•  Is used to connect PLUMgrid zone to external resources

•  Example of such resources:

•  External Networks (Internet)

•  Bare-metal servers

•  Network service appliances

•  Available in two forms

•  Software Gateway: Installed on any x86 bare metal servers

•  Hardware Gateway: Approved 3rd Party Switches /Routers (eg Arista 7150)

22"

Gateway

Management Fabric

External


PLUMgrid in OpenStack

23

Nova

Neutron Glance

Swift

Cinder

Storage

Network

Compute

PLUMgrid Neutron Plugin Adds:

•  Increased Control •  Virtual Domains

•  Simplified Isolation

•  Advanced Functionality •  Complete Network Services

•  Distributed Network Functions Not Virtual Appliances

•  Increased Scale •  No VLANs, no agents, no OpenFlow

•  Open Platform •  Add 3rd Party Network Functions

•  Network Visibility •  PLUMgrid Analytics and Monitoring


3rd party

OpenStack with PLUMgrid

Hypervisor IO VISOR™

Nova Neutron PLUMgrid

plugin

VM

Hypervisor IO VISOR™ VM

Hypervisor IO VISOR™ VM

Virtual Domain Virtual Domain

Server 1

Server 2

Server N

Network Services


3rd party

OpenStack with PLUMgrid

Neutron PLUMgrid

plugin

VM

Virtual Domain Virtual Domain

Network Services

PLUMgrid IO Visor

PLUMgrid Director Cluster

VM VM

VM

VM VM VM

VM VM

VM VM VM

VM VM

VM

VM VM VM

Nova

Glance

Swift

Cinder

Virtual Domain

Simple - Centrally Managed – Complete Network Topologies


Virtual Domains – 3rd Party Network Functions

Create, Clone & Migrate Complete Virtual Network Topologies

Virtual Domain

Network Functions

3rd party (L4-7) PLUMgrid Network Functions

(L2-4)

PHYS

ICA

L N

ETW

OR

K

INFR

AST

RU

CTU

RE

VIR

TUA

L N

ETW

OR

K

INFR

AST

RU

CTU

RE

Internet

VM VM

VM

PLUMgrid Zone


Demo


OpenStack with PLUMgrid Overview

PHYSIC

AL

INFR

ASTR

UC

TUR

E VIEW

VIRTU

AL

INFR

ASTR

UC

TUR

E VIEW

VM VM

VM

KVM Hosts ESX Hosts

Gateway Internet

Tenant

VM VM VM

VM VM Director Cluster

Nova

Glance

Swift

Cinder

Neutron PLUMgrid

plugin

Provider Network

VM

Virtual Domain

Virtual Domain



PHYSIC

AL

INFR

ASTR

UC

TUR

E VIEW

VIRTU

AL

INFR

ASTR

UC

TUR

E VIEW

VM VM

VM

Gateway Internet

Tenant


Nova

Glance

Swift

Cinder

Neutron PLUMgrid

plugin

•  Created a Project

Virtual Domain

Hosts



PHYSIC

AL

INFR

ASTR

UC

TUR

E VIEW

VIRTU

AL

INFR

ASTR

UC

TUR

E VIEW

VM VM

VM

Gateway Internet

Tenant

VM VM VM


Nova

Glance

Swift

Cinder

Neutron PLUMgrid

plugin

VM

•  Create Networks + Subnet

•  Spin up VMs Virtual Domain

Hosts



PHYSIC

AL

INFR

ASTR

UC

TUR

E VIEW

VIRTU

AL

INFR

ASTR

UC

TUR

E VIEW

VM VM

VM

Hosts

Gateway Internet

Tenant

VM VM VM


Nova

Glance

Swift

Cinder

Neutron PLUMgrid

plugin

VM

•  Create Router •  Attach the subnets •  Traffic across router Virtual

Domain



PHYSIC

AL

INFR

ASTR

UC

TUR

E VIEW

VIRTU

AL

INFR

ASTR

UC

TUR

E VIEW

VM VM

VM

Gateway Internet

Tenant

VM VM VM


Nova

Glance

Swift

Cinder

Neutron PLUMgrid

plugin

Provider Network

VM

•  Create External Network •  Connect to Router

Virtual Domain

Virtual Domain

Hosts

plumgrid technical introduction ams... · openstack networking state of the union 6 openstack...

Documents