Network Virtualization & Software-defined ... - Red Hat Summit
Network Virtualization & Software-defined ... - Red Hat Summit Network Virtualization & Software-defined ... - Red Hat Summit
- Page 3 and 4: Agenda● Problem Statement● Defi
- Page 5: Challenges
- Page 9 and 10: Visibility● Debugging complex net
- Page 11 and 12: Network● Collection of endpoints
- Page 13 and 14: Traditional forwarding deviceManage
- Page 15 and 16: Network Virtualization● Decouple
- Page 17 and 18: VLAN trunkingNova Compute NodeNova
- Page 19 and 20: Network Service APINetwork abstract
- Page 21 and 22: Data PlaneControl PlaneVirtual Swit
- Page 23 and 24: Dynamically update flow tables in a
- Page 25 and 26: OpenFlow Capable DevicesSoftware Sw
- Page 27 and 28: Open vSwitch Project●Multilayer v
- Page 29 and 30: Network SegregationVLAN isolation e
- Page 31 and 32: Visibility●Supports industry stan
- Page 33 and 34: Up NextMultithreading- Enables para
- Page 35 and 36: What is OpenDaylight?OpenDaylight i
- Page 37 and 38: OpenDaylight architecture37
- Page 39 and 40: Questions?●OpenDaylight●Red Hat
Agenda● Problem Statement● Definitions● Solutions
She can't take muchmore of this, captain!
Challenges
Dynamic workloads● Respond in real time● <strong>Virtualization</strong>, cloud, BYOD, mobilityVMKVMKVM
Visibility● Debugging complex networks is hard, let's goshopping
Definitions
<strong>Network</strong>● Collection of endpoints and forwarding elements● Job is to move packets between hosts● Source hosts identify destination● Forwarding elements direct traffic at eachintersection
What is SDN?● Separation of control plane from data plane● Standardized programmatic control of trafficflows● Global view of network
Traditional forwarding deviceManagement interfaceCLI, Console, SNMP, ...Control PlaneForwarding Decision (Learning, RIB Lookup),Routing Protocols (OSPF, BGP, ...)Data / Forwarding PlaneFabric, Flow Table, Forwarding Engine
SDN forwarding logicVendor SpecificProtocolSNMPApp App AppControllerControl PlaneData PlaneControl PlaneData PlaneData PlaneControl PlaneData PlaneLocal ConsoleData PlaneData PlaneControl PlaneData PlaneData Plane
<strong>Network</strong> <strong>Virtualization</strong>● Decouple logical topologies from physicaltopology●Build complete virtual network topologies●●Provide layer 2-7 network servicesIsolated tenant networks● <strong>Network</strong> is an abstraction●API to dynamically manage network abstraction
Naive VLAN mappingNova Compute NodeNova Compute NodeNova Compute NodeVLAN 1VLAN 2VLAN 3VM1 VM2 VM3VM1VM2VM3VM1VM2VM3vSwitchvSwitchvSwitchSwitchSwitchSwitchSwitch
VLAN trunkingNova Compute NodeNova Compute NodeNova Compute NodeVM1VM1VM1VM2VM2VM2VM3VM3VM3vSwitchvSwitchvSwitchSwitchSwitchSwitchSwitch
<strong>Network</strong> overlayNova Compute NodeNova Compute NodeNova Compute NodeVM1VM1VM1VM2VM2VM2VM3VM3VM3vSwitchvSwitchvSwitchSwitchSwitchSwitchSwitch
<strong>Network</strong> Service API<strong>Network</strong> abstractionVMVMVMVMVMVMVMVMVMLogicalSwitch Switch SwitchPhysicalSwitchSwitchSwitchSwitch
Under the hood
Data PlaneControl PlaneVirtual SwitchPhysical SwitchOpenFlowMP-BGPLinux BridgeXMPPVLANGREOpen vSwitchNVO3QuantumTremaSTTLISPRyuFloodlightVXLANMPLSOpenDaylightBeacon
OpenFlowAn Open Standard behind SDN1.Match on bits inpacket header L2-L4 plus meta data2.Execute actions● Forward to port● Drop● Send tocontroller● Mangle packetOpenFlow enables networks to evolve, by giving aremote controller the power to modify the behavior ofnetwork devices, through a well-<strong>defined</strong> "forwardinginstruction set". The growing OpenFlow ecosystem nowincludes routers, switches, virtual switches, and accesspoints from a range of vendors.ONF Website
Dynamically update flow tables in auniversal language.In the <strong>Software</strong> Defined <strong>Network</strong>ing architecture,the control and data planes are decoupled, networkintelligence and state are logically centralized, andthe underlying network infrastructure is abstractedfrom the applications.<strong>Software</strong>-Defined <strong>Network</strong>ing:The New Norm for <strong>Network</strong>sONF White PaperApril 13, 2012
Fine Grained Flow Table ControlExtensive flow matching capabilities– Meta – Tunnel ID, In Port, QoS priority, skb mark– Layer 2 – MAC address, VLAN ID, Ethernet type– Layer 3 – IPv4/IPv6 fields, ARP– Layer 4 – TCP/UDP, ICMP, NDChain of actions– Output to port(s) (single, range, flood, mirror)– Discard, Resubmit to other table– Packet Mangling (Push/Pop VLAN header, TOS, ...)– Send to controller, Learn– Set tunnel ID
OpenFlow Capable Devices<strong>Software</strong> Switches– Open vSwitch, Cisco Nexus 1000V, VMware vSphere, NECHyper-V, ...Hardware Switches– Brocade, Cisco, HP, IBM, Juniper <strong>Network</strong>s, NEC, ...SwitchLight– Open source firmware and agent leveraging Ethernet switchingASICs to support OpenFlow
Open vSwitchOpen vSwitch is an open, virtual multi layer switch forhypervisors providing network connectivity to virtual machines.ControllerOpenFlowOpenStackVMVMHWSwitchvSwitchOpen vSwitcheSwitch
Open vSwitch Project●Multilayer virtual switch for VMs●Portable / Multi Platform●Developed by VMware (Nicira) & Community●Apache License (User Space), GPL (Kernel)●OpenFlow 1.1+ (+ extensions)
Flow TableController programs flow table in the slow path thatfeeds the flow table in the fast path upon request.Host SystemVMVM VM VMControllerOpen vSwitchUser spaceKernelDatapathFlow tableFlow tableOpenFlowPhysical Interface
<strong>Network</strong> SegregationVLAN isolation enforces VLAN membership ofa VM without the knowledge of the guest itself.Host systemVirtual MachineVLAN 1 VLAN 2Push (add)VLAN headerPop (remove)VLAN headerVM1VM2VM3vSwitchOpen vSwitchCaveat: MAX(VLAN_ID) limited
Tunneling (Overlay <strong>Network</strong>s)Tunneling provides isolation and reducesdependencies on the physical network.Host systemControllerHost systemVNET 1 VNET 1VNET 2 VNET 2VM1VM2VM3Open FlowOpen FlowVM4VM5VM6Open vSwitchOpen vSwitch{ GRE | VXLAN | STT } TunnelHardware Switch
Visibility●Supports industry standard technology tomonitor the use of a network.●NetFlow●Port Mirroring– SPAN– RSPAN– ERSPAN
Quality of Service●Uses existing Traffic Control Layer– Policer (Ingress rate limiter)– HTB, HFSC (Egress traffic classes)●Controller (Open Flow) can select Traffic ClassHost SystemVM1VLAN 10VM21mbitport1port2Open vSwitch
Up NextMultithreading– Enables parallel processing in slow pathMegaFlows– Support for wildcard flows in the datapath– Any non-present flow component is considered a wildcard– <strong>Red</strong>uction in # of flows in datapath by ~ 40%Zerocopy Upcall– Avoid expensive memcpy() when copying packet to user space
Tunneling is not Tunnelingkernel.org– No tunnel ports– veth instead of patch ports– Flow based tunneling– VXLAN, GREopenvswitch.org– Port based Tunneling– VXLAN, GRE, LISPRegular merge
What is OpenDaylight?OpenDaylight is an Open Source <strong>Software</strong> project under theLinux Foundation with the goal of furthering the adoption andinnovation of <strong>Software</strong> Defined <strong>Network</strong>ing (SDN) through thecreation of a common industry supported framework.
Who is OpenDaylight?PlatinumGoldSilverMembers as of April 8, 2013 and growing36
OpenDaylight architecture37
Putting it all togetherOpenStack<strong>Network</strong>ingOpenDaylightControllerOpenFlowOVSOpenStack ComputeKVMOVSOpenStack ComputeKVMOVSOpenStack ComputerKVM
Questions?●OpenDaylight●<strong>Red</strong> <strong>Hat</strong> OpenStack– http://www.opendaylight.org/●Open vSwitch– http://www.openvswitch.org/●OpenFlow– http://www.openflow.org/●●– http://www.redhat.com/openstack/RDO– http://openstack.redhat.com/OpenStack– http://www.openstack.org/
Thanks for participating in the session<strong>Network</strong> <strong>Virtualization</strong> & <strong>Software</strong>-<strong>defined</strong> <strong>Network</strong>ing●http://www.keysurvey.com/f/521822/17d2/Access and complete a short, less than 2 minute surveyBe entered in the Nexus7 32GB Tablet giveaway