Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon Japan 2013

Introduction to Network Virtualization in IaaS Cloud

Akane Matsuo, [email protected] Midokura Japan K.K.

LinuxCon Japan 2013 May 31st, 2013

Copyright ©2012 Midokura All rights reserved

About myself

2

l  NTTCommunications: OCN, Verio, Arcstar…got some background of network product …But not engineer :p

l  Joined Midokura as an employee #9(?) l  Senior Manager

= Do everything but coding l  Trying to build the ecosystem of

network virtualization

…

2011.3

2001.4


How I met network virtualization a.k.a. Midokura?

3

I don’t know anything about Cloud Network…

But let’s jump on the bandwagon

!!!

My presentation today is about…

What is Network Virtualization

for IaaS Cloud

and Why it matters?


What I found #1: What is IaaS Cloud?

5

CPU・Memory Storage Network

You can get computer resources as much you need, only when necessary

Free from deployment, operation, troubleshooting…Everyone is happy….!?


What I found #2

6

Cloud has been growing...

http://blogs-images.forbes.com/louiscolumbus/files/2013/02/Figure-1-Cloud-Computing-Growth.jpg

Which means cloud installation base is growing.


What I found #3:

7

(1)Source:http://www.datacenterknowledge.com/archives/2009/09/21/ec2-adding-50000-instances-a-day/

Who takes care of the troublesome

network?

What happens if more and more people create Vms with a click of a bottom

everywhere?

l  An article in ‘09 says 50K instances are born in AWS everyday(1).

8

We need to think about how to build a network

for IaaS Cloud!


What would be the best network for cloud environment?

9

But you can’t create multi-tenant environment!

Flat L2 network! It’s simple!

Management would be so complicated!

How about VLAN then!?


What is the best network for cloud environment?

10

Network gets complicated more and more…

Actually, we want L3 too…

Firewall and Load Balancer please!

11

Let’s start from Typical IaaS Cloud Network

For example.. AWS or OpenStack


What are the requirements for IaaS Cloud?

12

Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink

Provider Virtual Router (L3)

Tenant AVirtual Router

Tenant BVirtual Router

VM6

Virtual L2 Switch B1

Virtual L2 Switch A1


TenantB office

Tenant BVPN Router

Office Network


Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink




VM6




TenantB office

Tenant BVPN Router

Office Network

Requirements

13

Isolated tenant network (virtual

data center)


Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink




VM6




TenantB office

Tenant BVPN Router

Office Network

Requirements

14

Isolated L2 networks


Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink




VM6




TenantB office

Tenant BVPN Router

Office Network

Requirements

15

L3 isolation (similar to VPC and VRF)


Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink




VM6




TenantB office

Tenant BVPN Router

Office Network

Requirements

16

Redundant, optimized and fault-tolerant

paths to the Internet (e.g. via BGP)


Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink




VM6




TenantB office

Tenant BVPN Router

Office Network

Requirements

17

Fault-tolerant devices and links


Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink




VM6




TenantB office

Tenant BVPN Router

Office Network

Requirements

18

NAT, LB, and Filtering

NAT, LB, and Firewalls


Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink




VM6




TenantB office

Tenant BVPN Router

Office Network

Requirements

19

L3 (and L2) VPNs


Tenant/Project A

Network A1

VM1 VM3

Network A2

VM5

Tenant/Project B

Network B1

VM2 VM4

uplink




VM6




TenantB office

Tenant BVPN Router

Office Network

Requirements

20

Minimize ARP broadcasts by exploiting CMS config RESTful API for CMS

integration and direct tenant access DHCP, DNS and other

services

21

How we build it?


How to build IaaS Cloud Network?

22

1

2

Virtualized physical devices

OpenFlow-based hop-by-hop switching fabric


　Virtualized physical devices

23

l  4096 limit on number of unique tags

l  Large spanning trees terminating on many hosts

l  High churn in switch control planes due to MAC learning

l  Need MLAG for L2 multi-path (vendor specific)

1

VLAN VLAN1

VLAN2


　Virtualized physical devices

24

1

MPLS VPN

l  Often used by Carriers/Teleco, but technically advanced for IaaS

l  Hardwares could be very expensive

tag

tag



25

1

l  Not scalable to cloud scale l  Expensive hardware l  Not fault tolerant (HSRP?) l  L2 and L3 isolation. What about NAT, LB, FW?

出典：http://infrastructureadventures.com/tag/vrf-lite/

VRF

Core VLAN 10 VLAN11 VLAN12

Product VLAN 20 VLAN21 VLAN22

Sales VLAN 99

VRF VRF VRF


OpenFlow hop-by-hop switch fabric

26

2

OpenFlow Switches

OpenFlow Controller (Cluster)

l  State in each switch is proportional to the virtual network state

l  Not scalable, not fast enough to update, and no atomicity of updates

l  Fault tolerant?

27

Can’t we do this better?


How to build IaaS Cloud Network?

28

1

2

3


OpenFlow-based hop-by-hop switching fabric

Edge-to-Edge overlays


　Overlays address the issues of IaaS Cloud Network

29

3

VM

VM Edge

Edge Edge

Edge Edge

Edge

Virtual network changes don't affect

underlay state

Use scalable IGP to build multi-path underlay with cheap HW

IP encapsulation provides isolation

without using VLAN

Decoupled from physical network.

Wired once


Market trend that accelerate IP overlay

30

1

2

3

Packet processing on x86 CPUs (at edge)

Clos Networks (for underlay)

Merchant silicon (cheap IP switches)

4 Optical intra-DC Networks

•  Intel DPDK facilitates packet processing •  Number of cores in servers increasing fast

•  Spine and Leaf architecture with IP •  Economical and high E-W bandwidth

•  Broadcom, Intel (Fulcrum Micro), Marvell •  ODMs (Quanta, Accton) starting to sell directly •  Switches are becoming just like Linux servers

31

Overlays are the right approach!

But not sufficient. We need a scalable control plane


　Scalable Control Plane for Overlay

32

VM

VM

Edge

Edge Edge

Edge Edge

Edge

CP

CP

CP

CP

CP

CP

Intelligence at the edge. Scalable and fault tolerant

Edge Gateway Internet

DB

DB

DB

Stateful Database


MidoNet

33

* MidoNet = Overlay + Network Functions L2, L3, Firewall, DNS, BGP, etc

* Scalable, distributed control plane

* No VLAN, easy to manage.

Please come talk to us later

* Designed for IaaS Cloud from day one


Summary

34

* IaaS Cloud needs virtualized network which is designed for IaaS Cloud

* There are various technologies such as VLAN, but overlay is the right approach!

* Plus, we need scalable control plane!

Questions?

[email protected]

Technology

Introduction to Network Virtualization for IaaS Cloud by Midokura at LinuxCon Japan 2013