![Page 1: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/1.jpg)
Introduction to Network Virtualization in IaaS Cloud
Akane Matsuo, [email protected] Midokura Japan K.K.
LinuxCon Japan 2013 May 31st, 2013
![Page 2: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/2.jpg)
Copyright ©2012 Midokura All rights reserved
About myself
2
l NTTCommunications: OCN, Verio, Arcstar…got some background of network product …But not engineer :p
l Joined Midokura as an employee #9(?) l Senior Manager
= Do everything but coding l Trying to build the ecosystem of
network virtualization
…
2011.3
2001.4
![Page 3: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/3.jpg)
Copyright ©2012 Midokura All rights reserved
How I met network virtualization a.k.a. Midokura?
3
I don’t know anything about Cloud Network…
But let’s jump on the bandwagon
!!!
![Page 4: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/4.jpg)
My presentation today is about…
What is Network Virtualization
for IaaS Cloud
and Why it matters?
![Page 5: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/5.jpg)
Copyright ©2012 Midokura All rights reserved
What I found #1: What is IaaS Cloud?
5
CPU・Memory Storage Network
You can get computer resources as much you need, only when necessary
Free from deployment, operation, troubleshooting…Everyone is happy….!?
![Page 6: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/6.jpg)
Copyright ©2012 Midokura All rights reserved
What I found #2
6
Cloud has been growing...
http://blogs-images.forbes.com/louiscolumbus/files/2013/02/Figure-1-Cloud-Computing-Growth.jpg
Which means cloud installation base is growing.
![Page 7: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/7.jpg)
Copyright ©2012 Midokura All rights reserved
What I found #3:
7
(1)Source:http://www.datacenterknowledge.com/archives/2009/09/21/ec2-adding-50000-instances-a-day/
Who takes care of the troublesome
network?
What happens if more and more people create Vms with a click of a bottom
everywhere?
l An article in ‘09 says 50K instances are born in AWS everyday(1).
![Page 8: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/8.jpg)
8
We need to think about how to build a network
for IaaS Cloud!
![Page 9: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/9.jpg)
Copyright ©2012 Midokura All rights reserved
What would be the best network for cloud environment?
9
But you can’t create multi-tenant environment!
Flat L2 network! It’s simple!
Management would be so complicated!
How about VLAN then!?
![Page 10: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/10.jpg)
Copyright ©2012 Midokura All rights reserved
What is the best network for cloud environment?
10
Network gets complicated more and more…
Actually, we want L3 too…
Firewall and Load Balancer please!
![Page 11: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/11.jpg)
11
Let’s start from Typical IaaS Cloud Network
For example.. AWS or OpenStack
![Page 12: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/12.jpg)
Copyright ©2012 Midokura All rights reserved
What are the requirements for IaaS Cloud?
12
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
![Page 13: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/13.jpg)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
13
Isolated tenant network (virtual
data center)
![Page 14: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/14.jpg)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
14
Isolated L2 networks
![Page 15: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/15.jpg)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
15
L3 isolation (similar to VPC and VRF)
![Page 16: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/16.jpg)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
16
Redundant, optimized and fault-tolerant
paths to the Internet (e.g. via BGP)
![Page 17: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/17.jpg)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
17
Fault-tolerant devices and links
![Page 18: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/18.jpg)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
18
NAT, LB, and Filtering
NAT, LB, and Firewalls
![Page 19: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/19.jpg)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
19
L3 (and L2) VPNs
![Page 20: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/20.jpg)
Copyright ©2012 Midokura All rights reserved
Tenant/Project A
Network A1
VM1 VM3
Network A2
VM5
Tenant/Project B
Network B1
VM2 VM4
uplink
Provider Virtual Router (L3)
Tenant AVirtual Router
Tenant BVirtual Router
VM6
Virtual L2 Switch B1
Virtual L2 Switch A1
Virtual L2 Switch A2
TenantB office
Tenant BVPN Router
Office Network
Requirements
20
Minimize ARP broadcasts by exploiting CMS config RESTful API for CMS
integration and direct tenant access DHCP, DNS and other
services
![Page 21: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/21.jpg)
21
How we build it?
![Page 22: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/22.jpg)
Copyright ©2012 Midokura All rights reserved
How to build IaaS Cloud Network?
22
1
2
Virtualized physical devices
OpenFlow-based hop-by-hop switching fabric
![Page 23: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/23.jpg)
Copyright ©2012 Midokura All rights reserved
Virtualized physical devices
23
l 4096 limit on number of unique tags
l Large spanning trees terminating on many hosts
l High churn in switch control planes due to MAC learning
l Need MLAG for L2 multi-path (vendor specific)
1
VLAN VLAN1
VLAN2
![Page 24: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/24.jpg)
Copyright ©2012 Midokura All rights reserved
Virtualized physical devices
24
1
MPLS VPN
l Often used by Carriers/Teleco, but technically advanced for IaaS
l Hardwares could be very expensive
tag
tag
![Page 25: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/25.jpg)
Copyright ©2012 Midokura All rights reserved
Virtualized physical devices
25
1
l Not scalable to cloud scale l Expensive hardware l Not fault tolerant (HSRP?) l L2 and L3 isolation. What about NAT, LB, FW?
出典:http://infrastructureadventures.com/tag/vrf-lite/
VRF
Core VLAN 10 VLAN11 VLAN12
Product VLAN 20 VLAN21 VLAN22
Sales VLAN 99
VRF VRF VRF
![Page 26: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/26.jpg)
Copyright ©2012 Midokura All rights reserved
OpenFlow hop-by-hop switch fabric
26
2
OpenFlow Switches
OpenFlow Controller (Cluster)
l State in each switch is proportional to the virtual network state
l Not scalable, not fast enough to update, and no atomicity of updates
l Fault tolerant?
![Page 27: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/27.jpg)
27
Can’t we do this better?
![Page 28: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/28.jpg)
Copyright ©2012 Midokura All rights reserved
How to build IaaS Cloud Network?
28
1
2
3
Virtualized physical devices
OpenFlow-based hop-by-hop switching fabric
Edge-to-Edge overlays
![Page 29: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/29.jpg)
Copyright ©2012 Midokura All rights reserved
Overlays address the issues of IaaS Cloud Network
29
3
VM
VM Edge
Edge Edge
Edge Edge
Edge
Virtual network changes don't affect
underlay state
Use scalable IGP to build multi-path underlay with cheap HW
IP encapsulation provides isolation
without using VLAN
Decoupled from physical network.
Wired once
![Page 30: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/30.jpg)
Copyright ©2012 Midokura All rights reserved
Market trend that accelerate IP overlay
30
1
2
3
Packet processing on x86 CPUs (at edge)
Clos Networks (for underlay)
Merchant silicon (cheap IP switches)
4 Optical intra-DC Networks
• Intel DPDK facilitates packet processing • Number of cores in servers increasing fast
• Spine and Leaf architecture with IP • Economical and high E-W bandwidth
• Broadcom, Intel (Fulcrum Micro), Marvell • ODMs (Quanta, Accton) starting to sell directly • Switches are becoming just like Linux servers
![Page 31: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/31.jpg)
31
Overlays are the right approach!
But not sufficient. We need a scalable control plane
![Page 32: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/32.jpg)
Copyright ©2012 Midokura All rights reserved
Scalable Control Plane for Overlay
32
VM
VM
Edge
Edge Edge
Edge Edge
Edge
CP
CP
CP
CP
CP
CP
Intelligence at the edge. Scalable and fault tolerant
Edge Gateway Internet
DB
DB
DB
Stateful Database
![Page 33: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/33.jpg)
Copyright ©2012 Midokura All rights reserved
MidoNet
33
* MidoNet = Overlay + Network Functions L2, L3, Firewall, DNS, BGP, etc
* Scalable, distributed control plane
* No VLAN, easy to manage.
Please come talk to us later
* Designed for IaaS Cloud from day one
![Page 34: Introduction to Network Virtualization in IaaS Cloud · Introduction to Network Virtualization in IaaS Cloud Akane Matsuo, akane@midokura.com Midokura Japan K.K. LinuxCon Japan 2013](https://reader034.vdocument.in/reader034/viewer/2022042712/5fa05aa0cb8575091d4a7cdd/html5/thumbnails/34.jpg)
Copyright ©2012 Midokura All rights reserved
Summary
34
* IaaS Cloud needs virtualized network which is designed for IaaS Cloud
* There are various technologies such as VLAN, but overlay is the right approach!
* Plus, we need scalable control plane!