sdn, network virtualization and the software defined data center – brad hedlund
DESCRIPTION
IT organizations around the world are transforming data center operations and economics by virtualizing their networks. Much like server virtualization decoupled VMs from the underlying X86 server hardware transforming the operational model of compute, network virtualization decouples software-based virtual networks from the underlying network hardware to enable a new operational model for networking. Deployed non-disruptively on any existing network without change, network virtualization transforms the physical network into a pool of capacity that can be consumed and repurposed on demand. You will learn how, today, companies like AT&T, NTT, eBay and Rackspace have transformed their operational model and reduced network provisioning time from days/weeks to seconds. You will learn how network virtualization, OpenStack cloud management and Chef automation can be leveraged together and examine the architectural decisions you should be considering now to prepare for this transformationTRANSCRIPT
Network Virtualization Brad Hedlund
Brad Hedlund -‐ #ChefConf 2013
What is VMware NSX?
Brad Hedlund -‐ #ChefConf 2013
Nicira NVP VMware vCNS NSX
ü Scale-‐out Controller ü Next gen vSwitch ü Logical switches ü Logical routers ü Distributed statefull ACL
ü Edge Firewall ü Load Balancing ü VPN ü GSLB ü App Firewall
L2-‐L4 L4-‐L7
Full L2-‐L7 Network Virtualiza<on
ü Any Hypervisor ü Any Cloud ü Any Network ü Common API
Late 2013
Build your own cloud Shrink wrapped cloud
Networking *is* stuck in the Past
Compute • APIs • Automa<on (Chef) • Mobility • Distributed • Templates & Cookbooks
Networking • CLIs • Human + Keyboard • Rigid • Choke points • Manual & Error prone
Brad Hedlund -‐ #ChefConf 2013
Network Virtualization
Brad Hedlund -‐ #ChefConf 2013
Hardware
SoQware
Logical Switches
VIRTUALIZATION LAYER
Logical Routers
2001 2012
x86 Machine NIC CPU
HD RAM Network
VLANs
VRF ACL
NAT
Security (Firewall)
Virtual Network
vCPU
vRAM vNIC image
Virtual Machine AUTOMATE
REPRODUCE
DECOUPLE
LAN segment
LAN segment
Network Services for Apps
Brad Hedlund -‐ #ChefConf 2013
WEB WEB
World
Router NAT
Firewall
Load Balancer
Firewall
APP APP
My App GSLB
North-‐South Security
East-‐West Security
App Load Balancing
MulT-‐site Load Balancing
Shared Physical Appliance
BYO Virtual Appliance
Full L2-‐L7 Network Virtualiza<on
RouTng & NAT
L2 segments
Monitoring
Compute
Service Nodes OVS NVP Manager
Controller Controller NVP Controller Fabric
Hypervisor Hypervisor Hypervisor
L3 Gateway
L2 Gateway
L3 Gateway
OVS OVS OVS OVS
OVS OVS
L2 Gateway OVS
Service Nodes OVS
Quantum
Web App DB
Switch 1
WEB WEB
Switch 2 Switch 3
Router
APP APP
DB DB
Security QoS Monitoring
NAT
Virtual Network
NVP Components & Architecture
NVP API
World
Physical Edge
Brad Hedlund -‐ #ChefConf 2013
World
Non-‐virtual hosts / Remote Site Virtual Edge
NVP Plug-‐in
Hypervisor
br0 Linux IP stack 192.168.10.1
WEB WEB APP APP
Top of Rack Switch(s)
(bond) Config/State DB
ovsdb-‐server
ovs-‐vswitchd
eth0
MGMT Controller Controller NVP Controller
eth1 eth2 kernel user
TCP 6633 OpenFlow
TCP 6632 OVSDB
STT/GRE Tunnels
br-‐int
Brad Hedlund -‐ #ChefConf 2013
NVP Controller
NVP Controller
NVP Controller
NVP Controller
NVP Controller
NVP Controller scale out
Node5 Node4
WebService API
Persistent Storage
Logical Network
Transport Network
Node1 Node2 Node3
Controller Cluster
Number of NVP Controller in Cluster 3 4 5 7 9
Majority Number 2 3 3 4 5
Number of devices that can taken be offline 1 1 2 3 4
• All nodes AcTve • Workload sliced and shared • Majority rule • No split brain • Live SoQware Upgrades
Logical Network (NVP 3.1)
br-‐int
Logical Switch 2 Logical Switch 1
br-‐int br-‐int
Service Node Service Node
Hypervisors
OpTonal: BUM forwarding offload L3 Gateway L3 Gateway
North-‐South L3 L Router 1
WEB WEB WEB APP APP APP
NVP Controller
L Switch L Switch
L Router
HV1 HV2 HV3
Web App
Allow: Egress TCP 80, 443 from ANY Allow: Egress TCP 6000, 9000 from WEB_Servers Security Groups
World World
STT/GRE Tunnels
Distributed Logical Router 1
NAT
East-‐West L3
OpTonal: Source BUM forwarding
Brad Hedlund -‐ #ChefConf 2013
NVP Controller NVP Controller
Chef + NVP + OpenStack
• Chef deploys OpenStack nodes • Chef deploys OVS on Hypervisors • Chef installs NVP Plug-‐in • Chef configures NVP Plug-‐in • Chef/Script configures NVP Appliances • Chef/Script loads NVP snapshot / configures virtual network
Brad Hedlund -‐ #ChefConf 2013
From Baremetal to full OpenStack cloud in Minutes At any defined state
Hypervisors
HV1 HV2
DEMO: NVP Snapshots
Brad Hedlund -‐ #ChefConf 2013
VM1 VM3 VM2 VM4
192.168.1.2 192.168.1.3 192.168.2.2 192.168.2.3
Logical Switch 2 Logical Switch 1
Distributed Logical Router
12 Confidential
App provisioning at PayPal: From days to minutes with NSX
App Provisioning at PayPal Today
Demand 0 to 14 days 0 to 4 days
0 to 21 days 0 to 10 days
App Provisioning with NSX
From manual, multi-step, no predictable SLA IT…
To fast, automated, predictable deployments enabled by NSX
Demand 0 to 14 days 0 to 4 days
0 days 0 to 7 days
Thank You! Have a great evening!!
Brad Hedlund -‐ #ChefConf 2013