Embed Size (px)
DESCRIPTION
2012년 10월 16일 진행된 제1차 SDN Interest Group Seminar의 발표 자료 입니다.
Citation preview
1
데이터센터 가상화 환경에서의 오픈 플로우
2
1. 데이터 센터의 진화와 구조
3 최 재 혁 [email protected] (2012-10-15)
Evolution of Data Center Infrastructure Consolidation/Virtualization/Automation
Compute
Network
Reduce TCO, improve
Efficiency, Centralization &
standardization
Consolidation
LAN WAN MAN
SAN
Storage
Network
Front-End
Network
Intelligent Network
HPC Cluster
Virtualization
Storage Network Server
Application
Increase Utilization
Logical Resources
Automation
Storage
Network
Server
Policy-Based
On-Demand
Service Oriented
Dynamic Provisioning
Business Agility
ILM ( Information Lifecycle
Management
4 최 재 혁 [email protected] (2012-10-15)
I/O Consolidation
Unified IO, Unified Fabric
Virtualized Data Center
DC Infrastructure Transformation
Automated Provisioning
DC Operation Transformation
Green Data Center
Power, Cooling, Space
Cloud Computing
차세대 데이터 센터 (클라우드 데이터 센터) 특징 Data Center Transformation
5 최 재 혁 [email protected] (2012-10-15)
SA
N
NA
S
Ba
cku
p
Win
dow
s
Lin
ux
Arc
hiv
e
Sun
Sola
ris
Business Service Management (BSM)
Configuration Management Database (CMDB)
Service
Catalogue
Predictive
Operations
Metering
& Billing
Virtualization
Storage
Virtualization
Orchestration
&
Provisioning DC Model
Requests
Policy Rules
Red zone Yellow zone Green zone
Storage Net
DMZs Ne
two
rk
Ne
two
rk
Compute
Workload Request
and Provisioning
Shared Technical
Infrastructure
Operations
Management
NGDC Reference Architecture Cloud Computing-Enabled Data Center
9 최 재 혁 [email protected] (2012-10-15)
Virtualized Data Center Infrastructure
CBS 31xx Blade
Nexus 7000 End-of-Row
Access Layer
Catalyst 6500 End-of-Row
CBS 31xx MDS 9124e Nexus 4000
10GbE and 4/8Gb FC Server Access
10Gb DCE / FCoE Server Access
1GbE Server Access
Gigabit Ethernet
10 Gigabit Ethernet
10 Gigabit DCE
4/8Gb Fiber Channel
10 Gigabit FCoE/DCE
MDS 9500 Storage
SAN B SAN A
Aggregation Layer
Nexus 7000
10GbE Agg Catalyst 6500 or appliances
DC Services
vPC
Nexus 7000
10GbE Core
vPC
Core Layer
Nexus 5000 & Nexus 2000 Top-of-Rack
Cisco UCS
Nexus 5000 & FCoE Top-of-Rack
FIP
FIP
10 최 재 혁 [email protected] (2012-10-15)
Virtual Access Layer
Nexus 1000v
L2 Virtual Layer - Virtual Access Layer
11
2. 가상화 데이터 센터의 Issue
12 최 재 혁 [email protected] (2012-10-15)
데이터 센터 가상화 환경에서의 Issue
Performance (성능)
Scalability (확장성)
Security (보안)
Automation (자동화)
Management (관리)
13 최 재 혁 [email protected] (2012-10-15)
Performance Issue - Native Virtualization
DMA packet into VMM Q
Raise physical interrupt
Route to destination
Copy packet to guest Q
Raise virtual interrupt to guest
VM 1 VM 2
Applications
Guest OS 1
Hardware
Applications
Guest OS n
NIC
Ring 0
Ring 1 or 3
Ring 3
Packet
Virtual NIC
Packet
Receive Q
Routing
VMM Virtual NIC Virtual NIC with own MAC, IP
18 최 재 혁 [email protected] (2012-10-15)
Solution - IO Virtualization (HW Support)
IOMMU
Intel VT-d
PCI-e IO Virtualization (IOV)
(SR-IOV)
VM 1 VM 2
Applications
Guest OS 1
Hardware
Applications
Guest OS n
NIC
Device Driver
Virtual NIC
VMM
Virtual NIC
IOMMU
Device Driver
19 최 재 혁 [email protected] (2012-10-15)
SR-IOV SR-IOV
MR-IOV MR-IOV
IBM x3530 M4
Cisco C210 M1
Solution - IO Virtualization (HW Support)
20 최 재 혁 [email protected] (2012-10-15)
Traffic Management Issue - 가상 머신의 트래픽 흐름
VM 간의 통신은 서버내의 메모리 통신으로 이루어 집니다.
VM-to-VM:
memory transfer
VM-to-native:
physical adapter
21 최 재 혁 [email protected] (2012-10-15)
Security Issue – VM 간의 Traffic
To the LAN administrator, the picture is blurry
LAN role typically limited to provisioning a trunk to ESX
No visibility into VM-to-VM traffic
Troubleshooting performance or connectivity issues challenging
23 최 재 혁 [email protected] (2012-10-15)
How to Controlling Traffic between Virtual Machines
Security & Management Issue
25 최 재 혁 [email protected] (2012-10-15)
Virtual Appliance Network Configuration
VM 간의 통신은 서버내의 메모리 통신으로 이루어지며,
보이지 않는 트래픽의 논리적인 흐름을 기반으로 구성을 하여야 합니다.
26 최 재 혁 [email protected] (2012-10-15)
Virtual Appliance Network Configuration
VM 간의 통신은 서버내의 메모리 통신으로 이루어지며,
보이지 않는 트래픽의 논리적인 흐름을 기반으로 구성을 하여야 합니다.
27 최 재 혁 [email protected] (2012-10-15)
MAC Address Change
Virtual Network Environment (Security Issue)
28 최 재 혁 [email protected] (2012-10-15)
Port Security & IP Source Guard
Virtual Network Environment (Security Issue)
30 최 재 혁 [email protected] (2012-10-15)
IEEE 802 Standard Solutions
Network Virtualization Standard Solutions
33 최 재 혁 [email protected] (2012-10-15)
Overlay Transport Virtualization (OTV) – cont
L2 Tunnel - Network Virtualization
Ethernet traffic between sites is encapsulated in IP: “MAC in IP”
Dynamic encapsulation based on MAC routing table
No Pseudo-Wire or Tunnel state maintained
Communication between
MAC1 (site 1) and MAC2 (site 2) Server 1
MAC 1
Server 2
MAC 2
OTV OTV
MAC IF
MAC1 Eth1
MAC2 IP B
MAC3 IP B
IP A IP B
Encap Decap
MAC1 MAC2 IP A IP B MAC1 MAC2 MAC1 MAC2
OTV at a Glance
34
3. 클라우드 데이터 센터와 오픈 플로우
37 최 재 혁 [email protected] (2012-10-15)
Google (G-Scale) and SDN
Google’s WAN
• I-Scale : Internet facing (User Traffic)
• G-Scale : Datacenter traffic (internal)
• Widely varying requirements : loss sensitivity, topology, availability, etc.
43 최 재 혁 [email protected] (2012-10-15)
SR-IOV and MR-IOV Technology (PCI-SIG)
SR-IOV SR-IOV
MR-IOV MR-IOV
MR-IOV를 DC간 연결후 Open vSwitch,OpenFlow 를 합한다면?
IBM x3530 M4
Cisco C210 M1
RDMA over Converged Ethernet (RoCE)
Internet Wide Area RDMA Protocol (iWARP)
Infiniband
45
Thank you…..
