midonet: network virtualization & policies
Post on 18-Jul-2015
76 Views
Preview:
TRANSCRIPT
MidoNet:
Network Virtualization & Policies Open Networking Summit
Hot Startups Session
March 4th, 2014
Presenter: Daniel Conde, Director of Products
3/10/2014 © 2014 Midokura 1
How we are different
• Overlay Networks
– OpenFlow did not scale. We can do better
– Working with virtual and physical networks
• Networks will be consumed by application
owners
– Policy becomes the most important thing
3/10/2014 © 2014 Midokura 2
About the company
• Pioneer in network virtualization – provides
software for networking using overlay approach
• Staff from Amazon, Cisco, Google and VMware
3/10/2014 © 2014 Midokura 3
About the company
• Received $17mm in Series-A in April 2013
• Named by CRN as among among the 10 coolest virtualization startups in the world and in the top 10 networking stories of 2013
Tech Alliance Partners
3/10/2014 © 2014 Midokura 4
About the company
• Adopted by service providers as well as enterprise customers
• Significant contributor to the OpenStack Networking (Neutron)
• SDN vendor to be certified for Red Hat Enterprise Linux OpenStack platform
• Member of the OpenDayLight Project
• Technical partnerships with network switch vendors, software companies and solution providers
3/10/2014 © 2014 Midokura 5
451 Research
• “Midokura’s distributed architecture is elegant and appears to be making strides in early adopter markets for SDN and virtual networking”
3/10/2014 © 2014 Midokura 6
About me
• Midokura – network virtualization
• Google gGRC at Reciprocity Labs – compliance system
• VMware – compute virtualization
• Rendition Networks (now HP) – Network Configuration
• NetIQ - Systems Management
• Microsoft – Windows OS, UI
• DEC – Multiprocessor UNIX (TCP, file systems)
• Xerox – Distributed Systems, dev environments
3/10/2014 © 2014 Midokura 7
MidoNet Customer Adoption
• Large scale cloud service providers:
– OpenFlow did not scale
– Overcome VLAN limits and get > 4096 tenants
– Reduce OpEx for network management
– Reduce CapEx for network device
– OpenStack based
– Tenants configure and use application template
3/10/2014 © 2014 Midokura 8
What problems did they have
• Need way to access physical network
resources
• Need info on troubleshooting from the
physical network
• Need physical network to protect their SLA
3/10/2014 © 2014 Midokura 9
History: Evolution of SDN
• Control & data separation – Tempest in 1998
– Logically centralized control system
• Languages for SDN – Frenetic in 2011
– Goal is to raise the level of abstraction
3/10/2014 © 2014 Midokura 10
How to get across chasm
• Pushing off – Pain points to address,
such as Cloud providers hitting limits on VLANs (4096 max), agility, isolate network configs to TOR and below, self-provision
• Pulling yourself – Application driven Policy &
abstractions, Physical & Virtual control
3/10/2014 © 2014 Midokura 11
General Trend
1. Virtualize resources – be logical, not
physical
2. Automate control of network
3. Abstractions drive clients of networks
• Need more progress adopt these great ideas
3/10/2014 © 2014 Midokura 12
“Virtualized” net: Hop by hop device
emulation
3/10/2014 © 2014 Midokura 13
router
switch
router
Network Simulation & overlays
3/10/2014 © 2014 Midokura 14
Simple IP Underlay
Simulation
MidoNet solution
3/10/2014 © 2014 Midokura 15
FUTURE APPROACHES
Physical and Virtual Network management and Application Centric
Policy networking
3/10/2014 © 2014 Midokura 16
Problem
Tenant 1 Tenant 2 Tenant-N
3/10/2014 © 2014 Midokura 17
Infrastructure-spanning Network
Realities
• Need to address existing
hardware and tools
• Value is in providing
agility and flexibility of a
overlay (virt) network,
and using the
capabilities of the
underlay (phys) network
3/10/2014 © 2014 Midokura 18
Can the overlay ignore the underlay?
• Can I truly deploy an underlay net, leave it
alone and contain all the changes and
management in the overlay?
• Is a simple IP bus enough?
3/10/2014 © 2014 Midokura 19
EXAMPLE 1: VXLAN TUNNEL
ENDPOINT
Virtualized and physical networks co-existing happily together
3/10/2014 © 2014 Midokura 20
VTEP
3/10/2014 © 2014 Midokura 21
10.0.1.
3
NAT
Midonet
Host
VM
119.15.112.13
7 172.16.77.48
10.0.1.5
Cumulus
Linux
Switch
Management Net
“Across the
Atlantic”
OSGi
Console
Configuration
Requests
EXAMPLE 2: POLICY AND NETWORKS
AWS has shown that infrastructure will be consumed by application
owners and designers. They think in terms of policy, not IP addresses
and ACLs
3/10/2014 © 2014 Midokura 22
Policy the old way
switch(config)# mac access-list acl-mac-01
switch(config-mac-acl)#
switch(config-mac-acl)# permit
00c0.4f00.0000 0000.00ff.ffff any
3/10/2014 © 2014 Midokura 23
Group Policy - Basics
3/10/2014 © 2014 Midokura 24
Connectivity
Group
Of App Servers
App Policies
Application Policy Model
3/10/2014 © 2014 Midokura 25
Group
Of DB
Servers
Group
Of App
Servers
Group of
Load
Balancers
Policy
Group Policies for 3-tier app
3/10/2014 © 2014 Midokura 26
What the SDN controller does
• Controller is sending policy info instead of
network flow info
• Policy abstractions are templates that are
applied to the applications that are named
as a group
3/10/2014 © 2014 Midokura 27
Networks for large scale clouds
• Tenants: understand policies
• Infrastructure: understand policies and
translate it to physical network
• Network Virtualization: Maps the virtual to
physical
3/10/2014 © 2014 Midokura 28
Benefits of this approach
• Agility & OpEx savings
• Scalable for large scale clouds
• Policy templates means easy configuration
for
– Performance
– Information assurance & compliance
3/10/2014 © 2014 Midokura 29
How we are different
• Overlay Networks
– OpenFlow did not scale. We can do better
– Working with virtual and physical networks
• Networks will be consumed by application
owners
– Policy becomes the most important thing
3/10/2014 © 2014 Midokura 30
Contacting me
• Email: dconde@midokura.com
• Web: www.midokura.com
• Twitter: @danielconde or @midokura
• LinkedIn: /in/danielconde
3/10/2014 © 2014 Midokura 31
THANK YOU
Questions?
3/10/2014 © 2014 Midokura 32
Example 2: Group Policy
• How do I shield the application owner from
understanding IP Addresses, ACLs, VLAN,
load balancing,
• All they care about is that some abstraction
of policy is applied to a group of endpoints
(typically a set of virtual machines)
3/10/2014 © 2014 Midokura 33
Investors
• Innovation Network Corporation of Japan
(INCJ), NTT Investment Partners, L.P. and
NEC Group’s Venture Fund: Innovative
Ventures Fund Investment L.P., Sunbridge
Partners
3/10/2014 © 2014 Midokura 34
top related