quantum virtual network service
TRANSCRIPT
Quantum: Virtual Network Services (L2+)
Peter Lee – Upcoming Quantum [email protected]
Re-imagine the cloud network· Infinite number of ports· Pure 100% virtualization of entire network· Free from network hardware constraints· Realization of plugin virtual network services
Further imagine if you can…· Never deal with ports again (auto-generate on-
demand!)· Create pure logical network constructs· Make networks into simple building blocks· Attain true tenant isolation
What if, IP protocol was optional inside the cloud network?
InternetInternet
Virtual Network Service(VM)
Quantum L2 Network
Quantum L2 Network
Quantum L2 Network
VMVM VMVM
VMVMVMVM
VMVM
Quantum L2 Network
EVENT QUEUENotification API
QUANTUMManager
· Virtual Network Service is attached to one or more Quantum L2 Network
· Multiple Virtual Network Service can exist for a tenant
· Each Virtual Network Service has a unique ID
· A given VM can perform function of multiple Virtual Network Services
Legend
InternetInternet
VPN ServiceRouter Service
(VM)
Quantum L2 Network
Quantum L2 Network
VMVM
Quantum L2 Network
Router & Firewall Service
(VM)
Quantum L2 Network
Quantum L2 Network
Quantum L2 Network
VMVM VMVM
VMVMVMVM VMVM
Router Service(VM)
Quantum L2 Network
Quantum L2 Network
VMVM VMVM
VMVM
DHCP Service(VM)
Virtual Network Service (VM)
Quantum L2 Network
InternetInternet
DHCP Service(VM)
Quantum L2 Network
Quantum L2 Network
Quantum L2 Network
VMVM VMVM
VMVMVMVM
VMVM
Quantum L2 Network
EVENT QUEUENotification API
QUANTUMManager
DHCP Configuration Event
· DHCP Service issues IP addresses to VMs
/tenant/X/dhcp POST (list of Network IDs)Generates a new DHCP ID
/tenant/X/dhcp/Y/network/Z/ip (cidr)/tenant/X/dhcp/Y/network/Z/addresses/tenant/X/dhcp/Y/network/Z/gateway_ip/tenant/X/dhcp/Y/network/Z/dns
InternetInternet
Router Service(VM)
Quantum L2 Network
Quantum L2 Network
Quantum L2 Network
VMVM VMVM
VMVMVMVM
VMVM
Quantum L2 Network
EVENT QUEUENotification API
QUANTUMManager
Router Configuration Event
· Router Service routes all traffic from all attached L2 Networks
/tenant/X/router POST (list of Network IDs)Generates a new Router ID
/tenant/X/router/Y/network/Z/ip POST (pass in IP address)Becomes Router’s network interface’s IP address (gateway IP)
InternetInternet
Firewall Service(VM)
Quantum L2 Network
Quantum L2 Network
VMVM VMVM
VMVMVMVM
Quantum L2 Network
EVENT QUEUENotification API
QUANTUMManager
Firewall Configuration Event
· Firewall Service performs rule based actions between L2 networks
/tenant/X/firewall POST (list of Network IDs)Generates a new Firewall ID (Y)
/tenant/X/firewall/Y/filterPOST { priority: 1-32768 source: Network ID dest: Network ID source_ip: <cidr> dest_ip: <cidr> protocol: <string> source_port: <num or range> dest_port: <num or range> action: <ALLOW or DENY or REJECT> log: <true or false>}
/tenant/X/firewall/Y/policyPOST { source: Network ID dest: Network ID}
InternetInternet
Firewall Service(VM)
Quantum L2 Network
Quantum L2 Network
VMVM VMVM
VMVMVMVM
Quantum L2 Network
EVENT QUEUENotification API
QUANTUMManager
Firewall Configuration Event
Continued...
/tenant/X/firewall/Y/natPOST { source: Network ID dest: Network ID source_ip: <cidr> dest_ip: <cidr> masq_ip: <cidr>}
/tenant/X/firewall/Y/forwardPOST { source: Network ID dest: Network ID recv_on_ip: <cidr> send_to_ip: <cidr> recv_on_port: <num or range> send_to_port: <num or range>}
* port range iff range == range
InternetInternet
VPN Service(VM)
Quantum L2 Network
Quantum L2 Network
VMVM VMVM
VMVMVMVM
ServerServer
Quantum L2 Network
· VPN Service provides tunnels to remote L2 Networks
· VPN Service listens on all interfaces
· Does not specify underlying protocol for VPN
/tenant/X/vpn POST (list of Network IDs)Generates a new VPN ID* defines list of local networks accessible via VPN
/tenant/X/vpn/Y/tunnelPOST { local: ip/port remote: ip/port local_cred: <some credential> remote_cred: <some crednetial>}
/tenant/X/vpn/Y/tunnel/Z/linkPOST { source: Network ID dest: Network ID (usually Remote)}
Remote Quantum L2 Network
Remote Quantum L2 Network
Remote Quantum L2 Network
VMVM
Legend
InternetInternet
VPN ID 1Router ID 1
Network ID 1
Network ID 2
VMVM
Network ID 0
Router ID 2Firewall ID 1
Network ID 3
Network ID 4
Network ID 5
VMVM VMVM
VMVMVMVM VMVM
Router ID 3
Network ID 6
Network ID 7
VMVM VMVM
VMVM
DHCP ID 1
Virtual Network Service (VM)
Quantum L2 Network
ServerServer
Network ID 8
Network ID 9
Network ID 10
VMVM
InternetInternet
VPN ID 1Router ID 1Router ID 2Router ID 3DHCP ID 1
Firewall ID 1
Network ID 1
Network ID 2
VMVM
Network ID 0
Network ID 3
Network ID 4
Network ID 5
VMVM VMVM
VMVMVMVM VMVM
Network ID 6
Network ID 7
VMVM VMVM
VMVM
ServerServer
Network ID 8
Network ID 9
Network ID 10
VMVM
Launch ONE VM with all Quantum Virtual Network Services for the tenant!
nova create --quantum-service-vpn=1 --quantum-service-router=1 --quantum-service-router=2 --quantum-service-router=3 --quantum-service-dhcp=1 --quantum-service-firewall=1
EVENT QUEUENotification API
QUANTUMManager
DHCP Event for 1Router Event for 3Firewall Event for 1
We call this: Virtual Cloud Gateway
It also performs the following Virtual Network Services:· QoS· Security Gateway (IDS/IPS, CF, AV)· Universal Application Proxy· VPN (IPSEC/OpenVPN)· Remote Access (Win/Mac/iOS/Android)· Real-time Monitoring
100% managed from the cloud, created on-demand
Questions?