1st SDN Interest Group Seminar - Session4 (121017)

1

데이터센터 가상화 환경에서의 오픈 플로우

2

1. 데이터 센터의 진화와 구조

3 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Evolution of Data Center Infrastructure Consolidation/Virtualization/Automation

Compute

Network

Reduce TCO, improve

Efficiency, Centralization &

standardization

Consolidation

LAN WAN MAN

SAN

Storage

Network

Front-End

Network

Intelligent Network

HPC Cluster

Virtualization

Storage Network Server

Application

Increase Utilization

Logical Resources

Automation

Storage

Network

Server

Policy-Based

On-Demand

Service Oriented

Dynamic Provisioning

Business Agility

ILM ( Information Lifecycle

Management

4 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

I/O Consolidation

Unified IO, Unified Fabric

Virtualized Data Center

DC Infrastructure Transformation

Automated Provisioning

DC Operation Transformation

Green Data Center

Power, Cooling, Space

Cloud Computing

차세대 데이터 센터 (클라우드 데이터 센터) 특징 Data Center Transformation

5 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

SA

N

NA

S

Ba

cku

p

Win

dow

s

Lin

ux

Arc

hiv

e

Sun

Sola

ris

Business Service Management (BSM)

Configuration Management Database (CMDB)

Service

Catalogue

Predictive

Operations

Metering

& Billing

Virtualization

Storage

Virtualization

Orchestration

&

Provisioning DC Model

Requests

Policy Rules

Red zone Yellow zone Green zone

Storage Net

DMZs Ne

two

rk

Ne

two

rk

Compute

Workload Request

and Provisioning

Shared Technical

Infrastructure

Operations

Management

NGDC Reference Architecture Cloud Computing-Enabled Data Center

6 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

데이터 센터의 패러다임

7 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

서버 가상화 환경에서의 Networking 구조

8 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

가상 스위치 (Open vSwitch – Xen)

9 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Virtualized Data Center Infrastructure

CBS 31xx Blade

Nexus 7000 End-of-Row

Access Layer

Catalyst 6500 End-of-Row

CBS 31xx MDS 9124e Nexus 4000

10GbE and 4/8Gb FC Server Access

10Gb DCE / FCoE Server Access

1GbE Server Access

Gigabit Ethernet

10 Gigabit Ethernet

10 Gigabit DCE

4/8Gb Fiber Channel

10 Gigabit FCoE/DCE

MDS 9500 Storage

SAN B SAN A

Aggregation Layer

Nexus 7000

10GbE Agg Catalyst 6500 or appliances

DC Services

vPC

Nexus 7000

10GbE Core

vPC

Core Layer

Nexus 5000 & Nexus 2000 Top-of-Rack

Cisco UCS

Nexus 5000 & FCoE Top-of-Rack

FIP

FIP

10 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Virtual Access Layer

Nexus 1000v

L2 Virtual Layer - Virtual Access Layer

11

2. 가상화 데이터 센터의 Issue

12 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

데이터 센터 가상화 환경에서의 Issue

Performance (성능)

Scalability (확장성)

Security (보안)

Automation (자동화)

Management (관리)

13 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Performance Issue - Native Virtualization

DMA packet into VMM Q

Raise physical interrupt

Route to destination

Copy packet to guest Q

Raise virtual interrupt to guest

VM 1 VM 2

Applications

Guest OS 1

Hardware

Applications

Guest OS n

NIC

Ring 0

Ring 1 or 3

Ring 3

Packet

Virtual NIC

Packet

Receive Q

Routing

VMM Virtual NIC Virtual NIC with own MAC, IP

14 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Performance Issue - Vmware 환경에서의 네트워킹과 성능

15 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Performance Issue - Vmware 의 Virtual NIC 비교

16 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Performance Issue - Vmware 환경에서의 네트워킹과 성능 VMDirectPath I/O

17 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Solution - I/O Virtualization

18 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Solution - IO Virtualization (HW Support)

IOMMU

Intel VT-d

PCI-e IO Virtualization (IOV)

(SR-IOV)

VM 1 VM 2

Applications

Guest OS 1

Hardware

Applications

Guest OS n

NIC

Device Driver

Virtual NIC

VMM

Virtual NIC

IOMMU

Device Driver

19 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

SR-IOV SR-IOV

MR-IOV MR-IOV

IBM x3530 M4

Cisco C210 M1

Solution - IO Virtualization (HW Support)

20 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Traffic Management Issue - 가상 머신의 트래픽 흐름

VM 간의 통신은 서버내의 메모리 통신으로 이루어 집니다.

VM-to-VM:

memory transfer

VM-to-native:

physical adapter

21 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Security Issue – VM 간의 Traffic

To the LAN administrator, the picture is blurry

LAN role typically limited to provisioning a trunk to ESX

No visibility into VM-to-VM traffic

Troubleshooting performance or connectivity issues challenging

22 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Security Issue – VM 간의 Traffic

23 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

How to Controlling Traffic between Virtual Machines

Security & Management Issue

24 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Security Issue – VM 간의 Traffic Flow

25 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Virtual Appliance Network Configuration

VM 간의 통신은 서버내의 메모리 통신으로 이루어지며,

보이지 않는 트래픽의 논리적인 흐름을 기반으로 구성을 하여야 합니다.

26 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Virtual Appliance Network Configuration

VM 간의 통신은 서버내의 메모리 통신으로 이루어지며,

보이지 않는 트래픽의 논리적인 흐름을 기반으로 구성을 하여야 합니다.

27 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

MAC Address Change

Virtual Network Environment (Security Issue)

28 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Port Security & IP Source Guard

Virtual Network Environment (Security Issue)

29 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Virtual Switch Support for…

30 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

IEEE 802 Standard Solutions

Network Virtualization Standard Solutions

31 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Elasticity (Cloudbursting) / Scalability Issue

32 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

VXLAN

Network Virtualization

VXLAN Format

33 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Overlay Transport Virtualization (OTV) – cont

L2 Tunnel - Network Virtualization

Ethernet traffic between sites is encapsulated in IP: “MAC in IP”

Dynamic encapsulation based on MAC routing table

No Pseudo-Wire or Tunnel state maintained

Communication between

MAC1 (site 1) and MAC2 (site 2) Server 1

MAC 1

Server 2

MAC 2

OTV OTV

MAC IF

MAC1 Eth1

MAC2 IP B

MAC3 IP B

IP A IP B

Encap Decap

MAC1 MAC2 IP A IP B MAC1 MAC2 MAC1 MAC2

OTV at a Glance

34

3. 클라우드 데이터 센터와 오픈 플로우

35 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

OpenFlow / Software Defined Network

36 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

효율적인 데이터 센터의 운영 기술과 제어 포인트의 통합

37 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Google (G-Scale) and SDN

Google’s WAN

• I-Scale : Internet facing (User Traffic)

• G-Scale : Datacenter traffic (internal)

• Widely varying requirements : loss sensitivity, topology, availability, etc.

38 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Google (G-Scale) and SDN

39 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Google (G-Scale) and SDN

40 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Sample WAN

41 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Traffic Engineering Example

42 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

Traffic Engineering Example

43 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

SR-IOV and MR-IOV Technology (PCI-SIG)

SR-IOV SR-IOV

MR-IOV MR-IOV

MR-IOV를 DC간 연결후 Open vSwitch,OpenFlow 를 합한다면?

IBM x3530 M4

Cisco C210 M1

RDMA over Converged Ethernet (RoCE)

Internet Wide Area RDMA Protocol (iWARP)

Infiniband

44 최 재 혁 Tony.choi@hanmail.net (2012-10-15)

NASA Visualization Example – California to Florida

45

Thank you…..