規模オーバーレイ SDNの展開事にるユースケースと課題 · VPC ネットワーク展開の柔軟性マルチハイパーバイザ ESXi, Xen,KVM,LXC マルチクラウドプラットフォーム

Copyright 2014 Alcatel-Lucent. All rights reserved.

SDN

Delivering the Power and Value of SDN NOW


()

SDN


1. - - 2 -

2. - - -

3. - - OPEX/CAPEX


MAC/IP BGP update

RD = 65000:1

ESI = 0

Ethernet Tag ID (4B)

MAC1 - IP1/32

SDN Controller

Overlay Tunnel ID = VNID

= VXLAN-ID (24-bit)

BGP EVPN for VXLAN

SDN Controller

IP Network

MAC IP

UDP VXLAN

MAC

Payload

MAC

Payload

MAC

Payload

VXLAN(RFC 7348)(Unicast) IP flow

Multi Protocol BGP EVPN AFI = 25 (L2VPN) / SAFI = 70 (EVPN) VMMAC/IP VXLANVNI BGP Peering MAC/IP/VNI BGPMAC/IP (Openflow) : MAC: 00:00~, IP: 192.168.~ Next-hop : VTEP 100 VTEP 100 Next-hop : 10.1.1.100/32(HV)


1.

2.


1/2 : UPMC (http://www.upmc.com) 2262,000220 IT

: 2014 : 450 : 6(, (X-ray/MRI)) : VLAN => VM => (VXLAN-GW)


2/2 :DC DC

: 20147 : : VDI :1. (VLAN)2. VDI

3.


1.

2.


1/3

IaaSIaaS Openstack as a Service : 201410 VM: x Openstack() Openstack + Nuage

IaaS

Virtualized

Services Controlle

r

Virtualized Services Controller

Virtualized Services Directory Cloud C

Virtualized

Services Controlle

r


Virtualized Services Directory Cloud B



Virtualized Services Directory Cloud A


2/3

French national cloud : 20143 DC: 10() VM: 100VM Compute: Openstack Network: Nuage VSP

https://www.numergy.com/

100VM


Openstack Summit Paris

Numergy COOErik Beauvalot

OpenstackNuage


3/3 (IaaS)

: 2014 : 42DC

VM: 1,100VM Compute: Cloudstack Network: Nuage VSP

: VR() VPC ESXi, Xen, KVM, LXC Cloudstack, Openstack, vCloud


1. -

2. - BGP

3. -


: 1/2

1. MTU

2. Key

3. (BUM)


: 2/2

1. 2. 3. IP vs

SDN


(Security Groups)

(Match) (Action)WEBDB tcp/3306

WEB

DB

Single Subnet: 10.1.1.X

WEB1 WEB2 DB1 DB2


VM : Openstack Neutron Security Group


WEB

DB


WEB1 WEB2 DB1 DB2

(Security Groups)



WEB

DB


WEB1 WEB2 DB1 DB2

1. WEB1 1.

2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit

3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306

4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any

O(N^2) Order: O O(N * (N-1)/2 * A) FWState: O(N*A)

(Security Groups)



WEB1 WEB2 DB1 DB2

1. WEB1 1.





WEB1 WEB2 DB1 DB2

1. WEB1 1.





WEB1 WEB2 DB1 DB2

1. WEB1 1.





WEB1 WEB2 DB1 DB2

1. WEB1 1.





WEB1 WEB2 DB1 DB2

1. WEB1 1.





WEB1 WEB2 DB1 DB2

1. WEB1 1.





WEB1 WEB2 DB1 DB2

1. WEB1 1.





WEB1 WEB2 DB1 DB2

1. WEB1 1.





WEB1 WEB2 DB1 DB2

1. WEB1 1.




O(N^2) Flow

# of Flows

# of Nodes / Tenants


: Nuage


WEB

DB


WEB1 WEB2 DB1 DB2

1. WEB 2. DB

1. WEB DBTCP 3306permit 2. Permit any

ACLIP

https://github.com/openstack/neutron-specs/blob/master/specs/juno/group-based-policy-abstraction.rst Openstack Group based Policy Abstractions for Neutron


PE PE

WAN: Infrastructure IP-VPN

PE PE

HV-1 VRS HV-2 VRS HV-3 VRS HV-4 VRS

Pub VRF Pub VRF Pub VRF Pub VRF

Infra VRF Infra VRF Infra VRF Infra VRF

DC Fabric DC Fabric CTRL CTRL CTRL

CTRL vxlan

vxlan

MP-BGP (EVPN)

vs (FDB flow, security-policy)

( )


1. -

2. - BGP EVPN for VXLAN

3. -


EVPN for VXLAN (draU-sd-l2vpn-evpn-overlay)

MAC/IP BGP update

RD = 65000:1

ESI = 0

Ether-Tag ID = VNI-1 MAC 00:de:fe:ca:da:00 IP 192.168.10.25/32

DC

VPLS1

CE

MAC/IPVNI

VM-1 00:de:fe:ca:da:00 192.168.10.25/32

Nuage VSC

VPLS1

Nuage VSC

VPLS1

Inclusive Multicast route

Inclusive Multicast route

Inclusive multicast route - VXLAN VTEP - BGP

- Multicast states

IP Fabric / VXLAN

MAC/IP route- MACMAC/IP- LocalMACBGP- MAC routeFDB- MACIPProxy ARP/NDUnknown Flooding

BGPL3 L2(MAC)NLRI


EVPN for VXLAN (draU-sd-l2vpn-evpn-overlay)

Layer2ARP

EVI 1

EVI 1

MAC1/IP1

MAC1/IP1

MAC1/IP1 ARP/GARP

MAC2/IP2

MAC2/IP2

MAC3/IP3

EVI 1

Proxy-ARP Enable MAC/IP type MAC1-IP1 EVPN MAC2-IP2 static MAC3-IP3 EVPN

MAC/IP type MAC1-IP1 dynamic MAC2-IP2 EVPN MAC3-IP3 EVPN

MAC/IPARP/NDFloodProxy-ARP/ND


BGP(MP-BGP-evpn)

1. I/O 2. VTEPReplicationGroup VTEP 3. BGP 4. 5. Overlay EVPNIETF(Cisco/Alcatel/Juniper) Interconnect Solution for EVPN Overlay networks / draft-rabadan-bess-dci-evpn-overlay http://tools.ietf.org/html/draft-rabadan-bess-dci-evpn-overlay-00


1. -

2. - BGP

3. -


/ ephemeral network () ()

()


Gold Customer Template Subnet Policy - WEB (DHCP enable) - LBaaS (DHCP enable) - FWaaS (DHCP disable) Security Policy Permit LB to WEB Permit FW to LB . Service Chaining Rule-01: From Internet To any -> Redirect to FW-External Rule-02: . QoS Policy Rule-01: DSCP 0x00 -> PIR 500M / CIR 0 .. Floating IP Policy Up to 16 IPs

Virtual Tenant A / Domain-01 Subnet Policy - WEB (DHCP enable) - LBaaS (DHCP enable) - FWaaS (DHCP disable) Security Policy Permit LB to WEB Permit FW to LB . Service Chaining Rule-01: From Internet To any -> Redirect to FW-External Rule-02: . QoS Policy Rule-01: DSCP 0x00 -> PIR 500M / CIR 0 .. Floating IP Policy Up to 16 IPs

Virtual Tenant B / Domain-01 Subnet Policy - WEB (DHCP enable) - LBaaS (DHCP enable) - FWaaS (DHCP disable) Security Policy Permit LB to WEB Permit FW to LB . Service Chaining Rule-01: From Internet To any -> Redirect to FW-External Rule-02: . QoS Policy Rule-01: DSCP 0x00 -> PIR 500M / CIR 0 .. Floating IP Policy Up to 16 IPs

Virtual Tenant C / Domain-01 Subnet Policy - WEB (DHCP enable) - LBaaS (DHCP enable) - FWaaS (DHCP disable) Security Policy Permit LB to WEB Permit FW to LB . Service Chaining Rule-01: From Internet To any -> Redirect to LB-External Rule-02: . QoS Policy Rule-01: DSCP 0x00 -> PIR 800M / CIR 0 .. Floating IP Policy Up to 16 IPs

&&


: Nuage


: Nuage

Service Chaining


THANK YOU


()

Documents

規模オーバーレイ SDNの 展開事にるユースケースと課題 · VPC ネットワーク展開の柔軟性 マルチハイパーバイザ ESXi, Xen,KVM,LXC マルチクラウドプラットフォーム

規模オーバーレイ SDNの展開事にるユースケースと課題 · VPC ネットワーク展開の柔軟性マルチハイパーバイザ ESXi, Xen,KVM,LXC マルチクラウドプラットフォーム