KEMBAR78
Cloudstack networking2 | ODP
Cloudstack networking (part 2)
Hiroaki KAWAI
<kawai@stratosphere.co.jp>
<kawai@apache.org>
Cloudstack “SDN” approach
• Pluggable Network modules
▫ There are many “SDN” related plugins
Open vSwitch
Nicira NVP, BigSwitch VNS, Midokura midonet
▫ The modules replace the “default” or “builtin” behavior
▫ The combination of the replacement depends on
configuration.
“NetworkOffering”
Cloudstack global configuration
Springframework configuration files
Cloudstack “SDN” approach
• Pluggable Network modules
▫ There are many “SDN” related plugins
Open vSwitch
Nicira NVP, BigSwitch VNS, Midokura midonet
▫ The modules replace the “default” or “builtin” behavior
▫ The combination of the replacement depends on
configuration.
“NetworkOffering”
Cloudstack global configuration
Springframework configuration files
Network plugins
• 10 plugins in master (4.2)
▫ Bigswitch-vns
▫ Cisco-vnmc
▫ Elastic-loadbalancer
▫ F5
▫ Internal-loadbalancer
▫ Juniper-srx
▫ Midonet
▫ Netscaler
▫ Nicira-nvp
▫ ovs
Open vSwitch and cloudstack
Open vSwitch is...
• Virtual Openflow-“hybrid” switch
▫ Multiple instances (datapath)
▫ Openflow capable
Can connect to openflow controllers
▫ “Normal” switch
Port vlan tagging
MAC-learning
Open vSwitch also runs as...
• Standalone switch
▫ With openflow flow rule
“Proactive” flow rule
▫ Without connection to controller
▫ ovs-vsctl : to setup a switch configuration
▫ ovs-ofctl : to manupilate openflow flow rules
• In Linux
▫ It looks like a “bridge” device
Open vSwitch in cloudstack 4.1
• Two use cases
▫ OVS as a built-in switch
▫ OVS as a L2 tunneling module
As a built-in switch
• Cloudstack use VLAN for VM network isolation
▫ Vlan tagging feature
Open vSwitch
VM
VLAN
tagging
Hypervisor
(XenServer, KVM)
Open vSwitch
VM
No need to create an extra netdev : eth0.23
This feature is enabled by computing node's local configuration
L2 tunneling module
• Cloudstack sets up a GRE mesh network
▫ GRE tunnel ports
VM
Open vSwitch
OVS
OVS
OVS
OVS
4 GRE ports
(TEP)
hypervisor
(XenServer)
This feature is enabled by cloudstack global configuration and xenserver setup.
Cloudstack & Open vSwitch
• Cloudstack focues on:
▫ Creation of virtual switch (bridge)
▫ Wiring (pluggin the nic)
▫ No direct “openflow”
So you can connect your controller while running
cloudstack
Ecosystem (networking)
Plugins provide “services”
elastic
loadbalancer
f5
internal
loadbalancer
netscaler
cisco
vnmc
juniper
srx
midonet
nicira
nvp
bigswitch
vns
ConnectivityFirewall
Loadbalancer
StaticNat
PortForwarding
SourceNat
Gateway
stratosphre
ssp
SDN products
• Examples are:
▫ Nicira NVP, Big switch VNS, etc
• Centralized network configuration
• “Connectivity” service to solve problems with VLAN
▫ Number of isolation : only 4K ids (max)
▫ Broadcast traffic spreads over all trunk ports
▫ Route tromboning – spanning tree
Connectivity
• Default behavior
VM VM
iptables, ebtables vlanor
Cloudstack
Cloudstack sets up “security groups” or “vlan isolation”
Connectivity plugin
VM VM
Cloudstack
Stratosphere ssp
Service api
Cloudstack plugin
calls service api
then, the service sets up
“connectivity” environment
• Replaced
Here we use
“Openflow”
for optimization
Loadbalancer
• Products
▫ F5, Netscalar
• Building blocks
▫ Easy to understand, configure, use
• Good performance
▫ There may be special hardware support
Loadbalancer
• default “VirtualRouter” system VM
Load Balancer
(Virtual Router)
VM
bridge bridge
VM
Cloudstack
VirtualRouter is a regular
system VM
Loadbalancer
• Dedicated hardware
NetScalar MPX
bridge
VM
bridge
VM
CloudstackThe plugin sends
setup commands
Any Questions?

Cloudstack networking2

  • 1.
    Cloudstack networking (part2) Hiroaki KAWAI <kawai@stratosphere.co.jp> <kawai@apache.org>
  • 2.
    Cloudstack “SDN” approach •Pluggable Network modules ▫ There are many “SDN” related plugins Open vSwitch Nicira NVP, BigSwitch VNS, Midokura midonet ▫ The modules replace the “default” or “builtin” behavior ▫ The combination of the replacement depends on configuration. “NetworkOffering” Cloudstack global configuration Springframework configuration files
  • 3.
    Cloudstack “SDN” approach •Pluggable Network modules ▫ There are many “SDN” related plugins Open vSwitch Nicira NVP, BigSwitch VNS, Midokura midonet ▫ The modules replace the “default” or “builtin” behavior ▫ The combination of the replacement depends on configuration. “NetworkOffering” Cloudstack global configuration Springframework configuration files
  • 4.
    Network plugins • 10plugins in master (4.2) ▫ Bigswitch-vns ▫ Cisco-vnmc ▫ Elastic-loadbalancer ▫ F5 ▫ Internal-loadbalancer ▫ Juniper-srx ▫ Midonet ▫ Netscaler ▫ Nicira-nvp ▫ ovs
  • 5.
    Open vSwitch andcloudstack
  • 6.
    Open vSwitch is... •Virtual Openflow-“hybrid” switch ▫ Multiple instances (datapath) ▫ Openflow capable Can connect to openflow controllers ▫ “Normal” switch Port vlan tagging MAC-learning
  • 7.
    Open vSwitch alsoruns as... • Standalone switch ▫ With openflow flow rule “Proactive” flow rule ▫ Without connection to controller ▫ ovs-vsctl : to setup a switch configuration ▫ ovs-ofctl : to manupilate openflow flow rules • In Linux ▫ It looks like a “bridge” device
  • 8.
    Open vSwitch incloudstack 4.1 • Two use cases ▫ OVS as a built-in switch ▫ OVS as a L2 tunneling module
  • 9.
    As a built-inswitch • Cloudstack use VLAN for VM network isolation ▫ Vlan tagging feature Open vSwitch VM VLAN tagging Hypervisor (XenServer, KVM) Open vSwitch VM No need to create an extra netdev : eth0.23 This feature is enabled by computing node's local configuration
  • 10.
    L2 tunneling module •Cloudstack sets up a GRE mesh network ▫ GRE tunnel ports VM Open vSwitch OVS OVS OVS OVS 4 GRE ports (TEP) hypervisor (XenServer) This feature is enabled by cloudstack global configuration and xenserver setup.
  • 11.
    Cloudstack & OpenvSwitch • Cloudstack focues on: ▫ Creation of virtual switch (bridge) ▫ Wiring (pluggin the nic) ▫ No direct “openflow” So you can connect your controller while running cloudstack
  • 12.
  • 13.
  • 14.
    SDN products • Examplesare: ▫ Nicira NVP, Big switch VNS, etc • Centralized network configuration • “Connectivity” service to solve problems with VLAN ▫ Number of isolation : only 4K ids (max) ▫ Broadcast traffic spreads over all trunk ports ▫ Route tromboning – spanning tree
  • 15.
    Connectivity • Default behavior VMVM iptables, ebtables vlanor Cloudstack Cloudstack sets up “security groups” or “vlan isolation”
  • 16.
    Connectivity plugin VM VM Cloudstack Stratospheressp Service api Cloudstack plugin calls service api then, the service sets up “connectivity” environment • Replaced Here we use “Openflow” for optimization
  • 17.
    Loadbalancer • Products ▫ F5,Netscalar • Building blocks ▫ Easy to understand, configure, use • Good performance ▫ There may be special hardware support
  • 18.
    Loadbalancer • default “VirtualRouter”system VM Load Balancer (Virtual Router) VM bridge bridge VM Cloudstack VirtualRouter is a regular system VM
  • 19.
    Loadbalancer • Dedicated hardware NetScalarMPX bridge VM bridge VM CloudstackThe plugin sends setup commands
  • 20.