cloud networking – from theory to practice · pdf file · 2012-04-13web...
TRANSCRIPT
![Page 1: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/1.jpg)
Cloud Networking – From Theory to Practice"Ivan Pepelnjak ([email protected])NIL Data Communications"
![Page 2: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/2.jpg)
2 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Who is Ivan Pepelnjak (@ioshints)"• Networking engineer since 1985"• Consultant, blogger (blog.ioshints.info), book
and webinar author"• Currently teaching “Scalable Web Application
Design” at University of Ljubljana"
Focus: "• Large-scale data centers and network virtualization"• Networking solutions for cloud computing"• Scalable application design"• Core IP routing/MPLS, IPv6, VPN"
![Page 3: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/3.jpg)
3 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Disclaimers"• This presentation is an analysis of currently available
virtual networking architectures"
• It’s not an endorsement or bashing of companies, solutions or products mentioned on the following slides"
• It describes features not futures"
• The crucial question: Does It Scale?"
![Page 4: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/4.jpg)
4 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Cloud Services Taxonomy 101"Interesting: IaaS "Others run over TCP"
Key ingredients"• Scalability"• Orchestration"• On-demand"
Web application (PHP/Java/Ruby)
Scripting environment
Web server
Operating system
CPU/RAM Block Storage
Database
File system
SaaS
PaaS
DBaaS
Storage-aaS (S3)
Storage-aaS (EBS) IaaS
![Page 5: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/5.jpg)
5 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
What IaaS Service Will You Offer?"What is your added value?"• Differentiator from Amazon and Rackspace?"• Enterprise apps or new-world (scale-out) apps?"• Low-cost or feature-rich? "
Technical questions:"• Simple compute capacity or app stack support?"• TCP or UDP cloud?"• IP Multicast support?"
![Page 6: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/6.jpg)
6 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
IaaS Lite: Multi-Tenant Isolation"Making life easier for the cloud provider"• Customer VMs attached to “random” L3 subnets"• VM IP addresses allocated by the IaaS provider"• Predefined configurations or user-controlled firewalls"
Multi-tenant isolation options"• Packet filters (ex: iptables)"• Private VLANs in vSwitch "• Virtual firewalls"
Host
? Xen/KVM/Containers
Scalability: unlimited (see also: Internet)
![Page 7: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/7.jpg)
7 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
What Customers Want"
Requirements"• Multiple logical segments"• Load balancing and firewalling"• Usually one NIC per VM"• Unlimited scalability and mobility"
Implementation decisions"• VM mobility?"• L2 or L3 segments?"• Support for IP MC and L2
flooding?"• Virtual or physical appliances?"
Outside
Web servers App servers DB servers
![Page 8: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/8.jpg)
8 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Solution Space and Scalability"VLANs""VM-aware Networking (Arista VM Tracer)"Edge Virtual Bridging (EVB, 802.1Qbg)""vCDNI – VMware (L2 over L2)"EVB with PBB/SPB (L2 over L2)""VXLAN (Cisco) / NVGRE (Microsoft)L2 over IP""Nicira NVP (L2 over IP + Control Plane)""Amazon EC2 (IP over IP + Control Plane)"
Scal
abili
ty
4096 segments
Emerging
Theoretical
No control plane
![Page 9: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/9.jpg)
9 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Architectural Models"VLANs: Stupid edge + Stupid core "Stupid edge + Smart core"• VM-aware networking, EVB (802.1Qbg)"
""Smart edge + simple core"• vCDNI (L2 core), VXLAN, NVGRE, Nicira NVP, Amazon"
With sufficient thrust, pigs fly just fine RFC 1925 Can we afford the fuel costs ... And who wants to fly pigs anyway?
Randy Bush
End-to-end protocol design should not rely on the maintenance of state inside the network RFC 3439
![Page 10: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/10.jpg)
10 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
VLANs: Bridging Has Failed Before"Your vendor has a solution:"• Two core switches and MLAG
aggregation: ~ 1900 ports (Arista)"• QFabric – Juniper (~ 6000 ports)"• FabricPath – Cisco (over 10K ports)"
Reality checks:"• VMware vDS supports 350 hosts (Nexus 1000V: 64)"• We still have only 4K VLANs"• L2 network = single failure domain"
You can run away from Spanning Tree, but broadcasts will eventually kill you
![Page 11: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/11.jpg)
11 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
VXLAN/NVGRE: Where Is Control Plane?"
• Virtual L2 segments over L3 transport"• UDP/LISP- or GRE-based encapsulation"• Dynamic MAC learning with L2 flooding over IPMC"
IP network
VXLAN VNI: 1 VNI: 2
IP VTEP
VXLAN VNI: 2 VNI: 3
IP VTEP
VXLAN
UDP
IP / IP-MC
L2 (Ethernet)
vDS port group
vSphere 5 host
Nexus 1000V
VMkernel interface
Large “broadcast domains” or enormous amount of (*,G) and (S,G) state Dynamic MAC learning through flooding does not scale
![Page 12: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/12.jpg)
12 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Open vSwitch With Nicira NVP (OpenFlow)"L2-over-IP with control plane"• OpenFlow-capable vSwitches "• IP tunnels (GRE, STT ...)"• MAC-to-IP mappings
downloaded with OpenFlow"• Third-party physical devices"Benefits"• No reliance on flooding"• No IP multicast in the core"Open questions"• L2 flooding within the virtual subnets (ARP proxy?)"
Xen/KVM
IP network
Xen/KVM
GRE Open vSwitch
OVSDB OF
![Page 13: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/13.jpg)
13 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Rule-of-Thumb Guidelines"100s tenants, 100s servers à VLANs"
1000s tenants, 100s servers à vCDNI or Q-in-Q"
Few tenants per server à VM-aware networking"
Few 1000s servers, many tenants à VXLAN / NVGRE"
More than that à L2 over IP with control plane"
Scale low-end solutions by splitting DC in availability zones
![Page 14: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/14.jpg)
14 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
First Steps"• Start: Business requirements and service definitions"
• Build-or-buy decision"
• Select the orchestration tools è might dictate hypervisors and networking technologies"
• Finally: Design the network"
• First time: Get help""
![Page 15: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/15.jpg)
15 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Introduction to Virtualized Networking
Virtual Networking Security vSphere 5 Update
Reference: Virtualization Webinars"
Availability"• Live sessions"• Recordings of individual webinars"• Yearly subscription"
Other options • Customized webinars • ExpertExpress • On-site workshops
Inter-DC FCoE has very limited use and requires no bridging More information @ http://www.ipspace.net/Webinars
OpenFlow
Spring 2012
VXLAN Deep Dive
Cloud Computing Networking VMware Networking
Coming in 2012 Coming in 2012
![Page 16: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/16.jpg)
16 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Reference: Blogs and Podcasts"• Packet Pushers Podcast & blog (packetpushers.net)"• The Cloudcast (.net)"• Network Heresy (Martin Casado, Nicira)"• RationalSurvivability.com (Christopher Hoff, Juniper)"• High Scalability Blog"• it20.info (Massimo Re Ferre, VMware)"• NetworkJanitor.net (Kurt Bales)"• BradHedlund.com (Brad Hedlund, Dell Force 10)"• Yellow bricks (Duncan Epping, VMware)"• Twilight in the Valley of the Nerds (Brad Casemore)"• blog.ioshints.info & ipspace.net (yours truly)"
![Page 17: Cloud Networking – From Theory to Practice · PDF file · 2012-04-13Web server Operating system CPU/RAM Block Storage ... • L2 or L3 segments?" • Support for IP MC and L2](https://reader031.vdocument.in/reader031/viewer/2022030415/5aa1278a7f8b9a1f6d8b77f7/html5/thumbnails/17.jpg)
17 © ipSpace.net / NIL Data Communications 2012 Cloud Networking – From Theory to Practice
Questions?