acceptance testing production networks with sdn (openvnet)
If you can't read please download the document
TRANSCRIPT
What do we do at Axsh?
Virtualization
Infrastructure as a Service (IaaS)
Software Defined Networking (SDN)
DevOps, Continuous Integration/Delivery
Free open source software
Our two main FOSS projects
Wakame-vdcFull featured IaaS solution(virtual data center)
OpenVNetFull featured SDN solution(virtual network)
http://axsh.jp
What is OpenVNet
Software defined networking (SDN)
Free open source software
Written in Ruby
http://axsh.jp/openvnet/
https://github.com/axsh/openvnet
The concept of SDN
First look at vitualization
HardwareOperating System
VS
Physical machine
HardwareOperating SystemOperating SystemHypervisor
Virtual machines
SDN with OpenVNet
Hypervisor hostHypervisor hostHypervisor host
PhysicalNetworkVirtual(softwaredefined)NetworkVMVMVMVMVMVMNATDNSDHCPRoutersSwitchesFirewalls
The concept of SDN
A physical network
NICNICNICNIC
NICNIC
172.16.90.0/24
172.16.91.0/24
Router
The concept of SDN
A physical network
NICNICNICNIC
NICNIC
SwitchSwitchSwitch
Switch
Router
The concept of SDN
A virtual network
NICNICNICNIC
NICNIC
SwitchSwitchSwitch
Switch
Router
The concept of SDN
Create any network without changing hardware
NICNICNICNIC
NICNIC
SwitchSwitchSwitch
Switch
Router
Virtual network: 10.100.0.0/24
The concept of SDN
Create any network without changing hardware
NICNICNICNIC
NICNIC
SwitchSwitchSwitch
Switch
Router
Virtual network: 10.100.0.0/24
Virtual network: 192.168.100.0/24
The concept of SDN
Create any network without changing hardware
NICNICNICNIC
NICNIC
SwitchSwitchSwitch
Switch
Router
Virtual network: 172.16.0.0/16
Virtual network: 10.100.0.0/24
The concept of SDN
How is this magic possible?
Because OpenVNet controls the switches(using OpenFlow)
NICNICNICNIC
NICNIC
SwitchSwitchSwitch
Switch
Router
OpenVNet
OpenVNet
OpenVNet
OpenVNet's inner workings
User laptop
Hypervisor HostOpen vSwitchVNAVMVMVMVMVM
VnctlWeb (REST) API
HTTP
DatabaseVnmgr
Physical network
An OpenVNet usecase
Data center networks get complicated
What if changes need to be made?
A wrong change can break essential services
An OpenVNet usecase
What else is fragile to changes?
Software!
What does software do?
Spin up new versions in acceptance test environments before rolling out into production
Why not do this for networks?
An OpenVNet usecase
Thats why =>
Getting another copy of all that hardware is not feasable
An OpenVNet usecase
OpenVNet can create a virtualized exact copy of production
Automatic tests can be written to make sure everything works
Only after the virtual environment is cleared, changes are pushed to production
The scenario
We have a firewall
The scenario
A big freaking network is connected to it
The scenario
Changes in the firewall need to be tested
Simulating the network is easy
Hypervisor HostOpen vSwitchVNAVMVMVMVMVM
But how to connect hardware?
Hypervisor HostOpen vSwitchVNAVMVMVMVMVM
?
Hardware?
We tried a pica8 OpenFlow switch
Hardware?
We tried a Pica8 OpenFlow switch
Didnt work yet
Why?
Pica8 still missed some features
No learning flows
All flow tables get squashed into one and some times that goes wrong
OpenVNets workaround
Provide option without learning flows
Currently testing phase
SOON
What else can we do?
Make our own OpenFlow switch
+
+
Intel Edison runningLinux and Open vSwitch
What else can we do?
Make our own OpenFlow switch
It worked ^_^
An even better idea
Replace intel Edison with a VM
HOSTUSB NICUSB NICUSB NICVMOpen vSwitch
Nested VMNested VMNested VM
An even better idea
Replace intel Edison with a VM
HOSTUSB NICUSB NICUSB NICVMOpen vSwitch
Nested VMNested VMNested VM
Heres our test environment
Now OpenVNet is connected to the firewall
We can make a virtual copy of the production environment
We can make changes to the firewall and test
Demo time
Thank you for listening
http://axsh.jp