Copyright 2014 Alcatel-Lucent. All rights reserved.
SDN
Delivering the Power and Value of SDN NOW
Copyright 2014 Alcatel-Lucent. All rights reserved.
()
SDN
Copyright 2014 Alcatel-Lucent. All rights reserved.
1. - - 2 -
2. - - -
3. - - OPEX/CAPEX
Copyright 2014 Alcatel-Lucent. All rights reserved.
MAC/IP BGP update
RD = 65000:1
ESI = 0
Ethernet Tag ID (4B)
MAC1 - IP1/32
SDN Controller
Overlay Tunnel ID = VNID
= VXLAN-ID (24-bit)
BGP EVPN for VXLAN
SDN Controller
IP Network
MAC IP
UDP VXLAN
MAC
Payload
MAC
Payload
MAC
Payload
VXLAN(RFC 7348)(Unicast) IP flow
Multi Protocol BGP EVPN AFI = 25 (L2VPN) / SAFI = 70 (EVPN) VMMAC/IP VXLANVNI BGP Peering MAC/IP/VNI BGPMAC/IP (Openflow) : MAC: 00:00~, IP: 192.168.~ Next-hop : VTEP 100 VTEP 100 Next-hop : 10.1.1.100/32(HV)
Copyright 2014 Alcatel-Lucent. All rights reserved.
1.
2.
Copyright 2014 Alcatel-Lucent. All rights reserved.
1.
2.
Copyright 2014 Alcatel-Lucent. All rights reserved.
1/2 : UPMC (http://www.upmc.com) 2262,000220 IT
: 2014 : 450 : 6(, (X-ray/MRI)) : VLAN => VM => (VXLAN-GW)
Copyright 2014 Alcatel-Lucent. All rights reserved.
2/2 :DC DC
: 20147 : : VDI :1. (VLAN)2. VDI
3.
Copyright 2014 Alcatel-Lucent. All rights reserved.
1.
2.
Copyright 2014 Alcatel-Lucent. All rights reserved.
1/3
IaaSIaaS Openstack as a Service : 201410 VM: x Openstack() Openstack + Nuage
IaaS
Virtualized
Services Controlle
r
Virtualized Services Controller
Virtualized Services Directory Cloud C
Virtualized
Services Controlle
r
Virtualized Services Controller
Virtualized Services Directory Cloud B
Virtualized Services Controller
Virtualized Services Controller
Virtualized Services Directory Cloud A
Copyright 2014 Alcatel-Lucent. All rights reserved.
Copyright 2014 Alcatel-Lucent. All rights reserved.
2/3
French national cloud : 20143 DC: 10() VM: 100VM Compute: Openstack Network: Nuage VSP
https://www.numergy.com/
100VM
Copyright 2014 Alcatel-Lucent. All rights reserved.
Openstack Summit Paris
Numergy COOErik Beauvalot
OpenstackNuage
Copyright 2014 Alcatel-Lucent. All rights reserved.
3/3 (IaaS)
: 2014 : 42DC
VM: 1,100VM Compute: Cloudstack Network: Nuage VSP
: VR() VPC ESXi, Xen, KVM, LXC Cloudstack, Openstack, vCloud
Copyright 2014 Alcatel-Lucent. All rights reserved.
1. -
2. - BGP
3. -
Copyright 2014 Alcatel-Lucent. All rights reserved.
1. -
2. - BGP
3. -
Copyright 2014 Alcatel-Lucent. All rights reserved.
: 1/2
1. MTU
2. Key
3. (BUM)
Copyright 2014 Alcatel-Lucent. All rights reserved.
: 2/2
1. 2. 3. IP vs
SDN
Copyright 2014 Alcatel-Lucent. All rights reserved.
(Security Groups)
(Match) (Action)WEBDB tcp/3306
WEB
DB
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
Copyright 2014 Alcatel-Lucent. All rights reserved.
VM : Openstack Neutron Security Group
(Match) (Action)WEBDB tcp/3306
WEB
DB
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
(Security Groups)
Copyright 2014 Alcatel-Lucent. All rights reserved.
(Match) (Action)WEBDB tcp/3306
WEB
DB
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
O(N^2) Order: O O(N * (N-1)/2 * A) FWState: O(N*A)
(Security Groups)
Copyright 2014 Alcatel-Lucent. All rights reserved.
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB1 1.
2. WEB2 1. From WEB1 to WEB2 Permit 2. From WEB2 to WEB1 Permit
3. DB1 1. From WEB1 to DB1 Permit TCP 3306 2. From WEB2 to DB1 Permit TCP 3306
4. DB2 1. From WEB1 to DB2 Permit TCP 3306 2. From WEB2 to DB2 Permit TCP 3306 3. From DB1 to DB2 Permit any 4. From DB2 to DB1 permit any
O(N^2) Flow
# of Flows
# of Nodes / Tenants
Copyright 2014 Alcatel-Lucent. All rights reserved.
: Nuage
(Match) (Action)WEBDB tcp/3306
WEB
DB
Single Subnet: 10.1.1.X
WEB1 WEB2 DB1 DB2
1. WEB 2. DB
1. WEB DBTCP 3306permit 2. Permit any
ACLIP
https://github.com/openstack/neutron-specs/blob/master/specs/juno/group-based-policy-abstraction.rst Openstack Group based Policy Abstractions for Neutron
Copyright 2014 Alcatel-Lucent. All rights reserved.
PE PE
WAN: Infrastructure IP-VPN
PE PE
HV-1 VRS HV-2 VRS HV-3 VRS HV-4 VRS
Pub VRF Pub VRF Pub VRF Pub VRF
Infra VRF Infra VRF Infra VRF Infra VRF
DC Fabric DC Fabric CTRL CTRL CTRL
CTRL vxlan
vxlan
MP-BGP (EVPN)
vs (FDB flow, security-policy)
( )
Copyright 2014 Alcatel-Lucent. All rights reserved.
1. -
2. - BGP EVPN for VXLAN
3. -
Copyright 2014 Alcatel-Lucent. All rights reserved.
EVPN for VXLAN (draU-sd-l2vpn-evpn-overlay)
MAC/IP BGP update
RD = 65000:1
ESI = 0
Ether-Tag ID = VNI-1 MAC 00:de:fe:ca:da:00 IP 192.168.10.25/32
DC
VPLS1
CE
MAC/IPVNI
VM-1 00:de:fe:ca:da:00 192.168.10.25/32
Nuage VSC
VPLS1
Nuage VSC
VPLS1
Inclusive Multicast route
Inclusive Multicast route
Inclusive multicast route - VXLAN VTEP - BGP
- Multicast states
IP Fabric / VXLAN
MAC/IP route- MACMAC/IP- LocalMACBGP- MAC routeFDB- MACIPProxy ARP/NDUnknown Flooding
BGPL3 L2(MAC)NLRI
Copyright 2014 Alcatel-Lucent. All rights reserved.
EVPN for VXLAN (draU-sd-l2vpn-evpn-overlay)
Layer2ARP
EVI 1
EVI 1
MAC1/IP1
MAC1/IP1
MAC1/IP1 ARP/GARP
MAC2/IP2
MAC2/IP2
MAC3/IP3
EVI 1
Proxy-ARP Enable MAC/IP type MAC1-IP1 EVPN MAC2-IP2 static MAC3-IP3 EVPN
MAC/IP type MAC1-IP1 dynamic MAC2-IP2 EVPN MAC3-IP3 EVPN
MAC/IPARP/NDFloodProxy-ARP/ND
Copyright 2014 Alcatel-Lucent. All rights reserved.
BGP(MP-BGP-evpn)
1. I/O 2. VTEPReplicationGroup VTEP 3. BGP 4. 5. Overlay EVPNIETF(Cisco/Alcatel/Juniper) Interconnect Solution for EVPN Overlay networks / draft-rabadan-bess-dci-evpn-overlay http://tools.ietf.org/html/draft-rabadan-bess-dci-evpn-overlay-00
Copyright 2014 Alcatel-Lucent. All rights reserved.
1. -
2. - BGP
3. -
Copyright 2014 Alcatel-Lucent. All rights reserved.
/ ephemeral network () ()
()
Copyright 2014 Alcatel-Lucent. All rights reserved.
Gold Customer Template Subnet Policy - WEB (DHCP enable) - LBaaS (DHCP enable) - FWaaS (DHCP disable) Security Policy Permit LB to WEB Permit FW to LB . Service Chaining Rule-01: From Internet To any -> Redirect to FW-External Rule-02: . QoS Policy Rule-01: DSCP 0x00 -> PIR 500M / CIR 0 .. Floating IP Policy Up to 16 IPs
Virtual Tenant A / Domain-01 Subnet Policy - WEB (DHCP enable) - LBaaS (DHCP enable) - FWaaS (DHCP disable) Security Policy Permit LB to WEB Permit FW to LB . Service Chaining Rule-01: From Internet To any -> Redirect to FW-External Rule-02: . QoS Policy Rule-01: DSCP 0x00 -> PIR 500M / CIR 0 .. Floating IP Policy Up to 16 IPs
Virtual Tenant B / Domain-01 Subnet Policy - WEB (DHCP enable) - LBaaS (DHCP enable) - FWaaS (DHCP disable) Security Policy Permit LB to WEB Permit FW to LB . Service Chaining Rule-01: From Internet To any -> Redirect to FW-External Rule-02: . QoS Policy Rule-01: DSCP 0x00 -> PIR 500M / CIR 0 .. Floating IP Policy Up to 16 IPs
Virtual Tenant C / Domain-01 Subnet Policy - WEB (DHCP enable) - LBaaS (DHCP enable) - FWaaS (DHCP disable) Security Policy Permit LB to WEB Permit FW to LB . Service Chaining Rule-01: From Internet To any -> Redirect to LB-External Rule-02: . QoS Policy Rule-01: DSCP 0x00 -> PIR 800M / CIR 0 .. Floating IP Policy Up to 16 IPs
&&
Copyright 2014 Alcatel-Lucent. All rights reserved.
: Nuage
Copyright 2014 Alcatel-Lucent. All rights reserved.
: Nuage
Copyright 2014 Alcatel-Lucent. All rights reserved.
: Nuage
Copyright 2014 Alcatel-Lucent. All rights reserved.
: Nuage
Copyright 2014 Alcatel-Lucent. All rights reserved.
: Nuage
Service Chaining
Copyright 2014 Alcatel-Lucent. All rights reserved.
THANK YOU
Copyright 2014 Alcatel-Lucent. All rights reserved.
()