SlideShare a Scribd company logo
1 of 26
Download to read offline
Tungsten Fabric Overview
MISSION
Build the world’s most ubiquitous, easy-to-use, scalable, secure, and cloud-grade SDN stack, providing a network
fabric connecting all environments, all clouds, all people.
CODE & COMMUNITY
CODE
• 2013-Today: >300 years of work
• 200-300 developer contributions
• ~100 active developers
• Languages: C++, Python, Node, Go
• Apache 2.0 license
• GitHub repositories
• Gerrit review processes
• Launchpad bug tracking and blueprints
• Other OSS used: Cassandra, Kafka, HAproxy,
Docker, Keystone
COMMUNITY
Principles:
• Open and inclusive
• Provide strong technical and architectural
oversight
• Competitive ideas welcome
• Rough consensus and running code will always
win
• Iterate and evolve
COMMUNITY
• Online:
• Downloads and trial sandbox
• Talk with 900+ people: Slack, Mailing lists
• Follow: Blog, YouTube, Facebook, Twitter
• GitHub: Presentations, Tutorials
• Live (see calendar) :
• Conferences: OpenStack, KubeCon, ONS, Re:invent and
GC Next
• Meetups: host your own or join some
• User Group events: often at conferences
• Governance summits
• Groups: Governance, Technical, Infrastructure
• Community manager: Greg Elkinbard
JOIN
• tungsten.io/slack
• tungsten.io/community
COMMUNITY MEMBERS
your logo here
PAST, PRESENT & FUTURE
• OpenStack networking at scale
• NFV service chaining
• Analytics collection/querying
• REST API and GUI
• Docker & ESXi runtime support
• VMware vSphere support
• DPDK vRouter
• Prototype with Kubernetes v1.1
• Node-port service chaining
• Improve analytics with Kafka
• LBaaS
• ToR switch as OVSDB gateway
• Kubernetes and CNI support
• OpenShift and Mesos support
• Containerize project
• New install w/ Ansible or Helm
• Security focus
• Multicloud deployability
• Switching fabric focus
• Declarative network as code
v1 v2 v4v3 v5+
FEATURES
VIRTUAL
NETWORK
GREEN
Host + Hypervisor
Host + Hypervisor
Visualizing Tungsten Fabric’s Operational Effects
VIRTUAL
NETWORK
BLUE
VIRTUAL
NETWORK
YELLOW
TF Security Policy
(e.g. allow only HTTP traffic)
Service Chain
Policy with a
Firewall VNF
IP fabric
(switch underlay)
G1 G2 G3
B3
B1
B2
G1
G3
G2
Y1 Y2 Y3B1 B2 B3
Y2Y3
Y1
VM and virtualized Network
function pool
Intra-network traffic Inter-network traffic traversing a service
… …
LOGICAL
(PolicyDefinition)
PHYSICAL
(PolicyEnforcement)
Non-HTTP
traffic
Security
Groups
Seamless Multi-Cloud Overlay SDN
Telco POPs Private Cloud DC Public Cloud VPCUsers
Multicloud SDN
Virtual Networking: Overlay Virtual Networking provides connectivity for VM’s and Containers
Distributed Compute Platforms: Leverage the right balance of edge compute, private cloud
compute, and public cloud compute to deploy services
Ubiquitous Security – Centralized security policy orchestration with distributed enforcement across multiple clouds
Performance and Scale: Manage remote compute resources, high performance virtual network
functions, and containers using the same tools
Overlay SDN
ARCHITECTURE OVERVIEW
Ethernet / IP
underlay network
TF CONTROLLER, API & GUI
scale-out control and
management container
micro-services
REST
XMPP
ORCHESTRATION NODES
XMPP
virtual overlay networks
TF
Orchestration plug-ins
Control
COMPUTE NODE 2…
TF
vRouter
COMPUTE NODE 1
TF
vRouter
Compute Runtime Compute Runtime
Control
Networks isolated unless
connected with policy
USER EXPERIENCE
• REST API
• HTTPS authentication and role-
based authorization
• Used for GUI
• Used for declarative configurations
as code
• Generated from data model
NORTH-BOUND API GUI
VROUTER DEPLOYMENT MODELS
KERNEL VROUTER DPDK VROUTER
SRIOV/ VROUTER COEXISTENCE SMARTNIC VROUTER
…VM
1
vRouter
Agent
VNF
2
…VM
1
vRouter
Agent
VM
2
…VM
1
vRouter
Agent
VM
2
…VM
1
vRouter
Agent
VM
2
§ vRouter runs as a user
space process and uses
DPDK for fast path
Packet I/O.
§ Full set of SDN
Capabilities Supported
§ Requires the VMs to
have DPDK enabled for
performance benefits
§ vRouter fwding plane runs
within the NIC
§ Workloads are SRIOV-
connected to the NIC
§ Some workloads can directly
SRIOV into the NIC, while others
go through the vRouter
§ Sometimes a VNF can have
multiple interfaces some of which
are SRIOV-ed to the NIC
§ Interfaces that are SRIOV-ed into
NIC don’t get the benefits /
features of vRouter
§ This the normal operation where
fwding plane of vRouter runs in
the kernel and are connected to
VMs using TAP interface (or veth
pair for containers)
§ vRouter itself is enhanced using
other performance related
features:
o TSO / LRO
o Multi-Q Virtio
CONTAINERIZED WORKLOADS
kube-manager
TF Controller
kube-manager listens to K8s API Server and
conveys the API request to the Controller
Compute Node
…
POD 1
C
1
…
Compute Node
POD 2
C
2
…
POD 3
C
3
…
POD 4
C
4
…
API Server
K8s and Contrail Controller Nodes
Scheduler …
Replication Ctrl
kubectl
(user commands)
vRouter
(replaces kube-proxy)
CNI Plugin
vRouter
(replaces kube-proxy)
CNI Plugin
Kubele
t
Kubele
t
DIFFERENT LEVELS OF ISOLATION
N a m e s p a c e - B
S
3
S
4
POD 9
…
POD 13
…
…
N a m e s p a c e - A
S
1
S
2
POD 1
…
POD 5
…
…
N a m e s p a c e - D
S
7
S
8
POD 25
…
POD 29
…
…
N a m e s p a c e - C
S
5
S
6
POD 17
…
POD 21
…
…
N a m e s p a c e - F
S1
1
S1
2
POD 41
…
POD 45
…
…
N a m e s p a c e - E
S
9
S1
0
POD 33
…
POD 37
…
…
DEFAULT CLUSTER MODE NAMESPACE ISOLATION POD / SERVICE ISOLATION
§ This is how Kubernetes networking works
today
§ Flat subnet where -- Any workload can talk to
any other workload
§ In addition to default cluster, operator can
add isolation to different namespaces
transparent to the developer
§ In this mode, each POD is isolated from
one another
§ Note that all three modes can co-exist
The Latest from Tungsten Fabric
Ø Microservices
architecture
Ø Better cloud native
deployment options
Ø Comprehensive
support for Network
objects
Ø Ingress/Egress
Network Policy
Ø High performance
load balancing
Ø Improved flow
performance and
management
Ø SDN for Edge
Compute – Beta
Quality
House Keeping Container SDN VM’s and NFV
CONAINERIZED ARCHITECTURE
…
§ Multiple personalities of containers:
o 3 controller container – (Controller, Analytics,
Analytics DB) each representing a node
o LB to enable HA (based on HAProxy) will be
provided as container not a mandatory item
o vRouter Agent on containers
§ Containers are deployed using either Ansible / K8s / Helm
Charts / Docker Compose
§ Each of the nodes can independently scale (3 x)
§ Can be deployed on Bare Metal or VMs
§ No change in the role / functionality of the Control / config /
analytics nodes
SALIENT ASPECTS
BENEFITS
§ LCM is simplified [All dependencies within the container
(easy bring up) ]
§ Accelerate provisioning
§ Integration with 3rd party provisioning tools simplified
Config +
Control
Analytics
Analytics
DB
Compute Node Compute Node
…
…
…
…
…
…
Docker containers
orchestrated using
K8s or other
orchestration tools
HA Controller Nodes
vRouter
Agent
vRouter
Agent
vRouter vRouter
Containerizing Contrail Control Plane – for easier manageability
INSTALLATION
• Ansible playbook to flexibly deploy Tungsten Fabric binaries
• Helm charts to easily operate Tungsten Fabric components on Kubernetes
• Install-time option with OpenShift to deploy with Tungsten Fabric
• Tungsten Fabric binaries available on DockerHub and we’re improving CI/CD
• Commercial integrations into lifecycle tools like RH OpenStack Director
VERSATILE SDN SOLUTION
L4 Policy
Tungsten Fabric network and security policies
provide fine grain traffic control, while
abstracting away the underlay topology.
1
Svc Chain Policy2
Containers
App Tier DB Tier
BMSVMs VMsFWL
B
Web Tier
VMs
1
2
1
Consistent security and network functionality between VMs, containers, or bare metal.
…
VM
Compute Node
Nested Container
Compute Node
Tungsten Fabric
Username
Passwor
d
…
NFV
Compute Node
SOFTWARE DEFINED SECURE NETWORKING
…
We
b
Ap
p
d
b
App1, Deployment = Dev
We
b
Ap
p
d
b
App1, Deployment = Staging
We
b
Ap
p
d
b
App1, Deployment = Prod
Tungsten fabric provides a rich, consistent set of security policy capabilities across multiple platforms.
We
b
Ap
p
d
b
App1, Deployment = Dev-K8s
We
b
Ap
p
d
b
App1, Deployment = Dev-
Mesos
vRouter Security Groups
We
b
Ap
p
d
b
App1, Deployment = Staging-BMS
B a r e M e t a l S e r v e r
s
Network Policy
Device
Manager
1. Simplified Manageability (change control, etc.
is much easier)
2. Improved Scalability
3. Define / Review / Approve Once à Use
Everywhere
Handling and Matching Flows
22
● 3X flow setup rate improvement
● TCP state machine to bypass flow aging
● Fat flow protocol & port i.e. Protocol: UDP Port:53 (Fat Flow)
● Enable/Disable flows *
* Note: features likes SG, floating-IP, VN based policy and VRF assign rules will not function
3X Improvement
Fat Flow
2.2
Enable/Disable Flows
Contrail 3.0.X/3.1.X
TCP state machine
2.2
FAT Flow Enhancements
Fat Flow Current Implementation
23
A flow key is used to hash into a flow table (identify
a hash bucket). The flow key is based on five tuple
consisting of source and destination IP addresses,
ports and the IP protocol
Flow Key is reduced from a 5-Tuple to a 4-Tuple
consisting of source & destination IP, destination
port and IP protocol. The client port is not used in
the flow key.
SRC IP DST IP SRC Port DST Port IP PacketProtocol
Virtual Machine Interface
FAT Flow
Protocol (TCP/UDP/SCTP & ICMP) & Port Pairs
Flow Key Hash using 5 Tuple
Fat Flow Enhancements
2
4
To enhance vRouter Fat Flow handling to support ignore source/destination port or
source/destination IP address.
1. Ignore both source and destination ports
2. Ignore either source or destination IP
3. Combination of both (1) and (2) above
Virtual Machine Interface
FAT Flow
Protocol (TCP/UDP/SCTP & ICMP), Port Pairs, Ignore
Address (SRC/DST)
Virtual Network
Protocol (TCP/UDP/SCTP & ICMP), Port Pairs, Ignore
Address (SRC/DST)
Try Tungsten Fabric
https://tungstenfabric.github.io/website/Tungsten-Fabric-10-minute-deployment-
with-k8s-on-AWS.html
Tungsten Fabric Overview

More Related Content

What's hot

오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기영우 김
 
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개OpenStack Korea Community
 
Open network operating system (onos)
Open network operating system (onos)Open network operating system (onos)
Open network operating system (onos)Ameer Sameer
 
ONOS Platform Architecture
ONOS Platform ArchitectureONOS Platform Architecture
ONOS Platform ArchitectureOpenDaylight
 
Container Orchestration with Docker Swarm and Kubernetes
Container Orchestration with Docker Swarm and KubernetesContainer Orchestration with Docker Swarm and Kubernetes
Container Orchestration with Docker Swarm and KubernetesWill Hall
 
SDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkSDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkTim4PreStartup
 
Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlowJoel W. King
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Seung-Hoon Baek
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVKingston Smiler
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
 
OpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Project
 
Monitoring kubernetes with prometheus
Monitoring kubernetes with prometheusMonitoring kubernetes with prometheus
Monitoring kubernetes with prometheusBrice Fernandes
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network ViewNeuVector
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingAnkita Mahajan
 
SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)NAIM Networks, Inc.
 
Extreme fabric connect
Extreme fabric connectExtreme fabric connect
Extreme fabric connectMUK Extreme
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelNetronome
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
 

What's hot (20)

오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기오픈스택 멀티노드 설치 후기
오픈스택 멀티노드 설치 후기
 
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
 
Open network operating system (onos)
Open network operating system (onos)Open network operating system (onos)
Open network operating system (onos)
 
ONOS Platform Architecture
ONOS Platform ArchitectureONOS Platform Architecture
ONOS Platform Architecture
 
Container Orchestration with Docker Swarm and Kubernetes
Container Orchestration with Docker Swarm and KubernetesContainer Orchestration with Docker Swarm and Kubernetes
Container Orchestration with Docker Swarm and Kubernetes
 
SDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkSDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual Network
 
Introduction to OpenFlow
Introduction to OpenFlowIntroduction to OpenFlow
Introduction to OpenFlow
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFV
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
 
OpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. MonteroOpenNebula Networking - Rubén S. Montero
OpenNebula Networking - Rubén S. Montero
 
Monitoring kubernetes with prometheus
Monitoring kubernetes with prometheusMonitoring kubernetes with prometheus
Monitoring kubernetes with prometheus
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
 
Nfv
NfvNfv
Nfv
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network View
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined Networking
 
SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)
 
Extreme fabric connect
Extreme fabric connectExtreme fabric connect
Extreme fabric connect
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream Kernel
 
Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
 

Similar to Tungsten Fabric Overview

Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)QAware GmbH
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
Service Meshes with Istio
Service Meshes with IstioService Meshes with Istio
Service Meshes with IstioRandyGupta
 
Support of containerized workloads in ONAP
Support of containerized workloads in ONAPSupport of containerized workloads in ONAP
Support of containerized workloads in ONAPVictor Morales
 
Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Anthony Dahanne
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesAdam Hamsik
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Yongyoon Shin
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetesJuraj Hantak
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftKangaroot
 
Kubernetes20151017a
Kubernetes20151017aKubernetes20151017a
Kubernetes20151017aRichard Kuo
 
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft Akshata Sawant
 
Dragonflow 01 2016 TLV meetup
Dragonflow 01 2016 TLV meetup  Dragonflow 01 2016 TLV meetup
Dragonflow 01 2016 TLV meetup Eran Gampel
 
Introductio to Docker and usage in HPC applications
Introductio to Docker and usage in HPC applicationsIntroductio to Docker and usage in HPC applications
Introductio to Docker and usage in HPC applicationsRichie Varghese
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...APNIC
 
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent RamièreAu delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramièreconfluent
 
Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Brent Doncaster
 

Similar to Tungsten Fabric Overview (20)

Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsx
 
Service Meshes with Istio
Service Meshes with IstioService Meshes with Istio
Service Meshes with Istio
 
Support of containerized workloads in ONAP
Support of containerized workloads in ONAPSupport of containerized workloads in ONAP
Support of containerized workloads in ONAP
 
Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
 
Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1Harmonia open iris_basic_v0.1
Harmonia open iris_basic_v0.1
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
 
Kubernetes20151017a
Kubernetes20151017aKubernetes20151017a
Kubernetes20151017a
 
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
 
Dragonflow 01 2016 TLV meetup
Dragonflow 01 2016 TLV meetup  Dragonflow 01 2016 TLV meetup
Dragonflow 01 2016 TLV meetup
 
Introductio to Docker and usage in HPC applications
Introductio to Docker and usage in HPC applicationsIntroductio to Docker and usage in HPC applications
Introductio to Docker and usage in HPC applications
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Introduction to istio
Introduction to istioIntroduction to istio
Introduction to istio
 
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent RamièreAu delà des brokers, un tour de l’environnement Kafka | Florent Ramière
Au delà des brokers, un tour de l’environnement Kafka | Florent Ramière
 
Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21
 

More from Michelle Holley

NFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function FrameworkNFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function FrameworkMichelle Holley
 
Edge and 5G: What is in it for the developers?
Edge and 5G: What is in it for the developers?Edge and 5G: What is in it for the developers?
Edge and 5G: What is in it for the developers?Michelle Holley
 
5G and Open Reference Platforms
5G and Open Reference Platforms5G and Open Reference Platforms
5G and Open Reference PlatformsMichelle Holley
 
De-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
De-fogging Edge Computing: Ecosystem, Use-cases, and OpportunitiesDe-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
De-fogging Edge Computing: Ecosystem, Use-cases, and OpportunitiesMichelle Holley
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPEMichelle Holley
 
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for EnterprisesEnabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for EnterprisesMichelle Holley
 
Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Michelle Holley
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
 
OpenDaylight Update (June 2018)
OpenDaylight Update (June 2018)OpenDaylight Update (June 2018)
OpenDaylight Update (June 2018)Michelle Holley
 
Orchestrating NFV Workloads in Multiple Clouds
Orchestrating NFV Workloads in Multiple CloudsOrchestrating NFV Workloads in Multiple Clouds
Orchestrating NFV Workloads in Multiple CloudsMichelle Holley
 
Convergence of device and data at the Edge Cloud
Convergence of device and data at the Edge CloudConvergence of device and data at the Edge Cloud
Convergence of device and data at the Edge CloudMichelle Holley
 
Intel® Network Builders - Network Edge Ecosystem Program
Intel® Network Builders - Network Edge Ecosystem ProgramIntel® Network Builders - Network Edge Ecosystem Program
Intel® Network Builders - Network Edge Ecosystem ProgramMichelle Holley
 
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Design Implications, Challenges and Principles of Zero-Touch Management Envir...Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Design Implications, Challenges and Principles of Zero-Touch Management Envir...Michelle Holley
 
Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...Michelle Holley
 
Intel Powered AI Applications for Telco
Intel Powered AI Applications for TelcoIntel Powered AI Applications for Telco
Intel Powered AI Applications for TelcoMichelle Holley
 
Artificial Intelligence in the Network
Artificial Intelligence in the Network Artificial Intelligence in the Network
Artificial Intelligence in the Network Michelle Holley
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioMichelle Holley
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Michelle Holley
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Michelle Holley
 

More from Michelle Holley (20)

NFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function FrameworkNFF-GO (YANFF) - Yet Another Network Function Framework
NFF-GO (YANFF) - Yet Another Network Function Framework
 
Edge and 5G: What is in it for the developers?
Edge and 5G: What is in it for the developers?Edge and 5G: What is in it for the developers?
Edge and 5G: What is in it for the developers?
 
5G and Open Reference Platforms
5G and Open Reference Platforms5G and Open Reference Platforms
5G and Open Reference Platforms
 
De-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
De-fogging Edge Computing: Ecosystem, Use-cases, and OpportunitiesDe-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
De-fogging Edge Computing: Ecosystem, Use-cases, and Opportunities
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for EnterprisesEnabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
Enabling Multi-access Edge Computing (MEC) Platform-as-a-Service for Enterprises
 
Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption Accelerating Edge Computing Adoption
Accelerating Edge Computing Adoption
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
 
DPDK & Cloud Native
DPDK & Cloud NativeDPDK & Cloud Native
DPDK & Cloud Native
 
OpenDaylight Update (June 2018)
OpenDaylight Update (June 2018)OpenDaylight Update (June 2018)
OpenDaylight Update (June 2018)
 
Orchestrating NFV Workloads in Multiple Clouds
Orchestrating NFV Workloads in Multiple CloudsOrchestrating NFV Workloads in Multiple Clouds
Orchestrating NFV Workloads in Multiple Clouds
 
Convergence of device and data at the Edge Cloud
Convergence of device and data at the Edge CloudConvergence of device and data at the Edge Cloud
Convergence of device and data at the Edge Cloud
 
Intel® Network Builders - Network Edge Ecosystem Program
Intel® Network Builders - Network Edge Ecosystem ProgramIntel® Network Builders - Network Edge Ecosystem Program
Intel® Network Builders - Network Edge Ecosystem Program
 
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Design Implications, Challenges and Principles of Zero-Touch Management Envir...Design Implications, Challenges and Principles of Zero-Touch Management Envir...
Design Implications, Challenges and Principles of Zero-Touch Management Envir...
 
Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...Using Microservices Architecture and Patterns to Address Applications Require...
Using Microservices Architecture and Patterns to Address Applications Require...
 
Intel Powered AI Applications for Telco
Intel Powered AI Applications for TelcoIntel Powered AI Applications for Telco
Intel Powered AI Applications for Telco
 
Artificial Intelligence in the Network
Artificial Intelligence in the Network Artificial Intelligence in the Network
Artificial Intelligence in the Network
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
 
Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...Accelerating Virtual Machine Access with the Storage Performance Development ...
Accelerating Virtual Machine Access with the Storage Performance Development ...
 

Recently uploaded

How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
Webinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptWebinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptkinjal48
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfBrain Inventory
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntelliSource Technologies
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyRaymond Okyere-Forson
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIIvo Andreev
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 

Recently uploaded (20)

How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
Webinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptWebinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.ppt
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdf
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptx
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptxSalesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
AI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human BeautyAI Embracing Every Shade of Human Beauty
AI Embracing Every Shade of Human Beauty
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 

Tungsten Fabric Overview

  • 2. MISSION Build the world’s most ubiquitous, easy-to-use, scalable, secure, and cloud-grade SDN stack, providing a network fabric connecting all environments, all clouds, all people.
  • 4. CODE • 2013-Today: >300 years of work • 200-300 developer contributions • ~100 active developers • Languages: C++, Python, Node, Go • Apache 2.0 license • GitHub repositories • Gerrit review processes • Launchpad bug tracking and blueprints • Other OSS used: Cassandra, Kafka, HAproxy, Docker, Keystone
  • 5. COMMUNITY Principles: • Open and inclusive • Provide strong technical and architectural oversight • Competitive ideas welcome • Rough consensus and running code will always win • Iterate and evolve
  • 6. COMMUNITY • Online: • Downloads and trial sandbox • Talk with 900+ people: Slack, Mailing lists • Follow: Blog, YouTube, Facebook, Twitter • GitHub: Presentations, Tutorials • Live (see calendar) : • Conferences: OpenStack, KubeCon, ONS, Re:invent and GC Next • Meetups: host your own or join some • User Group events: often at conferences • Governance summits • Groups: Governance, Technical, Infrastructure • Community manager: Greg Elkinbard JOIN • tungsten.io/slack • tungsten.io/community
  • 8. PAST, PRESENT & FUTURE • OpenStack networking at scale • NFV service chaining • Analytics collection/querying • REST API and GUI • Docker & ESXi runtime support • VMware vSphere support • DPDK vRouter • Prototype with Kubernetes v1.1 • Node-port service chaining • Improve analytics with Kafka • LBaaS • ToR switch as OVSDB gateway • Kubernetes and CNI support • OpenShift and Mesos support • Containerize project • New install w/ Ansible or Helm • Security focus • Multicloud deployability • Switching fabric focus • Declarative network as code v1 v2 v4v3 v5+
  • 10. VIRTUAL NETWORK GREEN Host + Hypervisor Host + Hypervisor Visualizing Tungsten Fabric’s Operational Effects VIRTUAL NETWORK BLUE VIRTUAL NETWORK YELLOW TF Security Policy (e.g. allow only HTTP traffic) Service Chain Policy with a Firewall VNF IP fabric (switch underlay) G1 G2 G3 B3 B1 B2 G1 G3 G2 Y1 Y2 Y3B1 B2 B3 Y2Y3 Y1 VM and virtualized Network function pool Intra-network traffic Inter-network traffic traversing a service … … LOGICAL (PolicyDefinition) PHYSICAL (PolicyEnforcement) Non-HTTP traffic Security Groups
  • 11. Seamless Multi-Cloud Overlay SDN Telco POPs Private Cloud DC Public Cloud VPCUsers Multicloud SDN Virtual Networking: Overlay Virtual Networking provides connectivity for VM’s and Containers Distributed Compute Platforms: Leverage the right balance of edge compute, private cloud compute, and public cloud compute to deploy services Ubiquitous Security – Centralized security policy orchestration with distributed enforcement across multiple clouds Performance and Scale: Manage remote compute resources, high performance virtual network functions, and containers using the same tools Overlay SDN
  • 12. ARCHITECTURE OVERVIEW Ethernet / IP underlay network TF CONTROLLER, API & GUI scale-out control and management container micro-services REST XMPP ORCHESTRATION NODES XMPP virtual overlay networks TF Orchestration plug-ins Control COMPUTE NODE 2… TF vRouter COMPUTE NODE 1 TF vRouter Compute Runtime Compute Runtime Control Networks isolated unless connected with policy
  • 13. USER EXPERIENCE • REST API • HTTPS authentication and role- based authorization • Used for GUI • Used for declarative configurations as code • Generated from data model NORTH-BOUND API GUI
  • 14. VROUTER DEPLOYMENT MODELS KERNEL VROUTER DPDK VROUTER SRIOV/ VROUTER COEXISTENCE SMARTNIC VROUTER …VM 1 vRouter Agent VNF 2 …VM 1 vRouter Agent VM 2 …VM 1 vRouter Agent VM 2 …VM 1 vRouter Agent VM 2 § vRouter runs as a user space process and uses DPDK for fast path Packet I/O. § Full set of SDN Capabilities Supported § Requires the VMs to have DPDK enabled for performance benefits § vRouter fwding plane runs within the NIC § Workloads are SRIOV- connected to the NIC § Some workloads can directly SRIOV into the NIC, while others go through the vRouter § Sometimes a VNF can have multiple interfaces some of which are SRIOV-ed to the NIC § Interfaces that are SRIOV-ed into NIC don’t get the benefits / features of vRouter § This the normal operation where fwding plane of vRouter runs in the kernel and are connected to VMs using TAP interface (or veth pair for containers) § vRouter itself is enhanced using other performance related features: o TSO / LRO o Multi-Q Virtio
  • 15. CONTAINERIZED WORKLOADS kube-manager TF Controller kube-manager listens to K8s API Server and conveys the API request to the Controller Compute Node … POD 1 C 1 … Compute Node POD 2 C 2 … POD 3 C 3 … POD 4 C 4 … API Server K8s and Contrail Controller Nodes Scheduler … Replication Ctrl kubectl (user commands) vRouter (replaces kube-proxy) CNI Plugin vRouter (replaces kube-proxy) CNI Plugin Kubele t Kubele t
  • 16. DIFFERENT LEVELS OF ISOLATION N a m e s p a c e - B S 3 S 4 POD 9 … POD 13 … … N a m e s p a c e - A S 1 S 2 POD 1 … POD 5 … … N a m e s p a c e - D S 7 S 8 POD 25 … POD 29 … … N a m e s p a c e - C S 5 S 6 POD 17 … POD 21 … … N a m e s p a c e - F S1 1 S1 2 POD 41 … POD 45 … … N a m e s p a c e - E S 9 S1 0 POD 33 … POD 37 … … DEFAULT CLUSTER MODE NAMESPACE ISOLATION POD / SERVICE ISOLATION § This is how Kubernetes networking works today § Flat subnet where -- Any workload can talk to any other workload § In addition to default cluster, operator can add isolation to different namespaces transparent to the developer § In this mode, each POD is isolated from one another § Note that all three modes can co-exist
  • 17. The Latest from Tungsten Fabric Ø Microservices architecture Ø Better cloud native deployment options Ø Comprehensive support for Network objects Ø Ingress/Egress Network Policy Ø High performance load balancing Ø Improved flow performance and management Ø SDN for Edge Compute – Beta Quality House Keeping Container SDN VM’s and NFV
  • 18. CONAINERIZED ARCHITECTURE … § Multiple personalities of containers: o 3 controller container – (Controller, Analytics, Analytics DB) each representing a node o LB to enable HA (based on HAProxy) will be provided as container not a mandatory item o vRouter Agent on containers § Containers are deployed using either Ansible / K8s / Helm Charts / Docker Compose § Each of the nodes can independently scale (3 x) § Can be deployed on Bare Metal or VMs § No change in the role / functionality of the Control / config / analytics nodes SALIENT ASPECTS BENEFITS § LCM is simplified [All dependencies within the container (easy bring up) ] § Accelerate provisioning § Integration with 3rd party provisioning tools simplified Config + Control Analytics Analytics DB Compute Node Compute Node … … … … … … Docker containers orchestrated using K8s or other orchestration tools HA Controller Nodes vRouter Agent vRouter Agent vRouter vRouter Containerizing Contrail Control Plane – for easier manageability
  • 19. INSTALLATION • Ansible playbook to flexibly deploy Tungsten Fabric binaries • Helm charts to easily operate Tungsten Fabric components on Kubernetes • Install-time option with OpenShift to deploy with Tungsten Fabric • Tungsten Fabric binaries available on DockerHub and we’re improving CI/CD • Commercial integrations into lifecycle tools like RH OpenStack Director
  • 20. VERSATILE SDN SOLUTION L4 Policy Tungsten Fabric network and security policies provide fine grain traffic control, while abstracting away the underlay topology. 1 Svc Chain Policy2 Containers App Tier DB Tier BMSVMs VMsFWL B Web Tier VMs 1 2 1 Consistent security and network functionality between VMs, containers, or bare metal. … VM Compute Node Nested Container Compute Node Tungsten Fabric Username Passwor d … NFV Compute Node
  • 21. SOFTWARE DEFINED SECURE NETWORKING … We b Ap p d b App1, Deployment = Dev We b Ap p d b App1, Deployment = Staging We b Ap p d b App1, Deployment = Prod Tungsten fabric provides a rich, consistent set of security policy capabilities across multiple platforms. We b Ap p d b App1, Deployment = Dev-K8s We b Ap p d b App1, Deployment = Dev- Mesos vRouter Security Groups We b Ap p d b App1, Deployment = Staging-BMS B a r e M e t a l S e r v e r s Network Policy Device Manager 1. Simplified Manageability (change control, etc. is much easier) 2. Improved Scalability 3. Define / Review / Approve Once à Use Everywhere
  • 22. Handling and Matching Flows 22 ● 3X flow setup rate improvement ● TCP state machine to bypass flow aging ● Fat flow protocol & port i.e. Protocol: UDP Port:53 (Fat Flow) ● Enable/Disable flows * * Note: features likes SG, floating-IP, VN based policy and VRF assign rules will not function 3X Improvement Fat Flow 2.2 Enable/Disable Flows Contrail 3.0.X/3.1.X TCP state machine 2.2
  • 23. FAT Flow Enhancements Fat Flow Current Implementation 23 A flow key is used to hash into a flow table (identify a hash bucket). The flow key is based on five tuple consisting of source and destination IP addresses, ports and the IP protocol Flow Key is reduced from a 5-Tuple to a 4-Tuple consisting of source & destination IP, destination port and IP protocol. The client port is not used in the flow key. SRC IP DST IP SRC Port DST Port IP PacketProtocol Virtual Machine Interface FAT Flow Protocol (TCP/UDP/SCTP & ICMP) & Port Pairs Flow Key Hash using 5 Tuple
  • 24. Fat Flow Enhancements 2 4 To enhance vRouter Fat Flow handling to support ignore source/destination port or source/destination IP address. 1. Ignore both source and destination ports 2. Ignore either source or destination IP 3. Combination of both (1) and (2) above Virtual Machine Interface FAT Flow Protocol (TCP/UDP/SCTP & ICMP), Port Pairs, Ignore Address (SRC/DST) Virtual Network Protocol (TCP/UDP/SCTP & ICMP), Port Pairs, Ignore Address (SRC/DST)