SlideShare a Scribd company logo

CloudStack Networking Deepdive CCCEU13

Chiradeep Vittal
Chiradeep Vittal

Networking in CloudStack is full-featured, full of bells and whistles and by necessity complicated. This session will take cloud operators through the ins-and-outs of CloudStack Networking. Attendees will learn the motivations behind how CloudStack networking is architected, solutions to common networking requirements, gotchas, troubleshooting CloudStack networking and finally some future directions for theses features. It is assumed that the audience will have some experience administering CloudStack clouds.

Technology
1 of 34
CloudStack  Networking  Deep   Dive   @chiradeep   CloudStack  Collabora9on  Conference     Amsterdam   Nov  22,  2013  
Overview   •  •  •  •  •  10,000  foot  overview  of  CloudStack  Networking   SoDware  architecture   Complex  use  cases   Performance  issues   Focus  on     –  Advanced  zone   –  VLAN  isola9on    
Virtual  Networking   •  The  illusion  of  isolated  networks  on  top  of   shared  physical  infrastructure   •  Requires  orchestra9on  of     –  Hypervisors   –  SoDware  switches   •  Services  are  provided  in  virtual  contexts   –  E.g.,  LB,  firewalls    
Virtual  Network  Services   •  Provide  L2-­‐L7  network  services  that  applica9ons   expect:   –  Load balancing, firewall, IDS, VPN, NAT, etc. •  Services  are  inserted  in  the  virtual  network  topology   –  usually in the path to the public network •  Services  are  on-­‐demand  (api-­‐driven),  scalable,  elas9c    
Virtual  Network  Appliances   Network  services  are  oDen  provided  by  virtual  appliances.   These  are  either  commercial  appliances  in  the  virtual  form  factor  or  Linux-­‐ based  networking  appliances   Virtual Router! Public Network Nic! Control Network Nic! Virtual Network Nic!
Network  Services   Network   Services   •  L2   connec9vity   •  IPAM   •  DNS   •  Rou9ng   •  ACL   •  Firewall   •  NAT   •  VPN   •  LB   •  IDS   •  IPS    
Network  Services   Network   Services   •  L2   connec9vity   •  IPAM   •  DNS   •  Rou9ng   •  ACL   •  Firewall   •  NAT   •  VPN   •  LB   •  IDS   •  IPS     Service Providers! ü  Virtual appliances! ü  Hardware firewalls! ü  LB appliances! ü  SDN controllers! ü  VRF! ü  Hypervisor!
Network  Services   Network   Services   •  L2   connec9vity   •  IPAM   •  DNS   •  Rou9ng   •  ACL   •  Firewall   •  NAT   •  VPN   •  LB   •  IDS   •  IPS     Service Providers! ü  Virtual appliances! ü  Hardware firewalls! ü  LB appliances! ü  SDN controllers! ü  VRF! ü  Hypervisor! Network   Isola1on   •  No  isola9on   •  VLAN   isola9on   •  Overlays   •  L3  isola9on  
Network  Offerings   •  Cloud  users  are  not  exposed  to  the  nature  of  the   service  provider   •  Cloud  operator  designs  a  service  catalog  and  offers   them  to  end  users.   –  Gold = {LB + FW, using virtual appliances} –  Platinum = {LB + FW + VPN, using hardware appliances} –  Silver = {FW using virtual appliances, 10Mbps}
Mul9-­‐9er  virtual  networking   Internet! IPSec VPN! ! Customer! Premises! VR! Loadbalancer   (HW  or   Virtual)   Private Gateway! Web VM 3! VLAN 398 VLAN 101 Web VM 2! App VM 2! VLAN 2724 App VM 1! Web VM 1! DB VM 1! Network Services! •  IPAM! •  DNS! •  LB [intra]! •  S-2-S VPN! •  Static Routes! •  ACLs! •  NAT, PF! •  FW [ingress & egress]!
Virtual  networking  with  overlays   Internet! IPSec VPN! ! Customer! Premises! VR + vSwitches! App VM 1! Web VM 2! Web VM 3! GRE KEY 398 GRE KEY 101 Web VM 1! App VM 2! GRE KEY 2724 Private Gateway! Loadbalancer   (Virtual)   DB VM 1! Network Services! •  IPAM! •  DNS! •  LB [intra]! •  S-2-S VPN! •  Static Routes! •  ACLs! •  NAT, PF! •  FW [ingress & egress]!
CLOUDSTACK  ARCHITECTURE  
CloudStack  Architecture   5 4 1 API     API     API     Plugin   Framew ork   2 Orchestra9on  Engine   Hyperviso Hyperviso r  Plugins   r  Plugins   6 8 3 7 Network   Network   Plugins   Plugins   Allocator   Storage   Plugins   Plugins   9 Hypervisor   Hypervisor   Resource   Resource   Network   Network   Resource   Resource   Storage   Storage   Resource   Resource   Allocator   Allocator   Plugins   Plugins   Physical Resources ! Orchestration steps usually executed in sequence!
Plugin  interac9on   1 API     API     API     Async   Job   Mgr   2 Plugin   Frame 4 work   Orchestra9on   Engine   Idempotent   5 Network   Network   Plugins   Plugins   6 Desired  State   3 CloudSt ack  DB   Idempotent   7 Network   Network   Resource   Resource   8 Desired  State   Opera9onal  State   Desired  State   Plugin  should  not  update   CloudStack  objects  
Plugin  Interac9on  Details   •  Resource  calls  are  expected  to  be  idempotent   –  It  is  the  job  of  the  plugin  to  ensure  this   –  apply(apply(config)) == apply(config) •  Plugins  should  not  update  CloudStack  resources     –  networks,  rules,  ip  addresses,  etc.   –   This  is  the  desired  state  as  expressed  by  the  API   •  Plugins  can  have  their  own  tables  inside  the  CloudStack  DB   •  Usually,  there  is  no  retry  from  the  CloudStack  orchestra9on  engine   upon  failure     –  API  reports  failure.   –  Security  groups  mechanism  will  con9nuously  retry  (eventual   consistency)   –  Refactor  proposed  to  provide  eventual  consistency  for  all  network   plugins  
USE  CASES  
Isolated  vs.  VPC   •  VPC  should  be  the  default  choice   –  Isolated  =  VPC  with  a  single  9er   •  Differences   –  Isolated:  Remote  Access  VPN,  Firewall  Rules  on  Public  IP   –  VPC:  Site-­‐to-­‐Site  IPSec  VPN,  ACL   •  RA  VPN  coming  very  soon   •  FW  on  public  IP  may  come  later   –  Use  ACL  for  equivalent  func9on   •  Use  Isolated  when  firewall  is     –  SRX   –  Cisco  vASA1000    
Real-­‐life  Use  cases   •  •  •  •  •  •  •  •  •  Monitoring-­‐as-­‐a-­‐Service   Managed  Applica9ons   Cloud  burs9ng   Mix  bare-­‐metal/virtual  workloads   Load  balance  applica9on  9er   MPLS  VPN   Mul9-­‐zone  failover   Mul9ple  IP  usecases   Metering  with  hardware  appliances  
Monitoring  /  Backup  Service   •  Shared  VLANs  for  monitoring/   backup   •  Mul9-­‐tenancy  enforced  by  using   PVLAN  (Xen/VMW/KVM)   ! VR! App VM 2! VLAN 2724 Web VM 3! VLAN 398 VLAN 101 Web VM 2! DB VM 1! Backup PVLAN (shared)! App VM 1! Web VM 1! Cloud  Operator  Resources  (aaS)     Monitoring  Server   Backup  Server   Patching PVLAN (shared)! Patching  Server   Monitoring PVLAN (shared)! Tenant  VPC    
Monitoring  Using  Private  Gateway   Monitoring  Server   Private  Gateway   ! VR! Backup  Server   NAT   Web VM 1! Web VM 2! App VM 2! Patching  Server   App VM 1! Web VM 3! Tenant  VPC     DB VM 1! Cloud  Operator     Resources   •  -­‐  Addi9onal  traffic  through  VR   •  -­‐  Performance  impact  on  VR   •  +  Usable  for  SDN  topologies  
Managed  Applica9ons   Shared  App  Manager     (not  CloudStack  Managed)   VR   Hosted  App   (CRM/VDI/ CMS/etc)  for   Tenant  A   VM   VM   VM   VM   VM   NAT   VM   VR   Hosted  App   for  Tenant  B   Cloud   Operator   Resources   VM   VM   VM   VM   VM   NAT   VM   Public  or   Private  GW   •  Mul9ple  tenants  share  the   applica9on  manager/ orchestrator   •  Tenant  will  get  charged  if  using   public  route.  
S3  /  Object  Store   VR   VPC  for   Tenant  A   VM   VM   VM   VM   VM   VM   •  Tenant  will  get  charged  for   network  bandwidth  between   object  store  and  compute  even   if  object  store  is  co-­‐located   VR   VPC  for   Tenant  B   VM   VM   VM   VM   VM   VM   Public  Network  
MPLS  VPN   Tenant  A  DC   Private  GW   VR   WAN   Tenant  A   VM   VM   VM   VM   VM   VM   Tenant  B  DC   VR   Tenant  B   Private  GW   VM   VM   VM   VM   VM   VM   •  S9tching  VLAN  to  MPLS  label  is   done  outside  CloudStack   •  Alterna9vely:  use  solu9on  like   Contrail  SDN   •  No  VLANs,  use  overlays   •  VR  func9on  replaced  by   logical  distributed  router  
Cloud  Burs9ng   RFC  1918  Public  IP  Range  reserved  for  Tenant  A   VR   Internet   VM   VM   VM   VM   VM   VR   Tenant  B   VM   VM   VM   VM   VM   VM   Tenant  A  DC   Public  VLAN  1   VM   Public  VLAN  2   Tenant  A   •  Clients  in  Tenant  DC  need  to  use   services  inside  VPC  in  the  cloud   •  Tenant  DC  is  already  networked   with  Cloud  (e.g.,  with  MPLS  VPN)   •  Public  VLAN  can  be  reserved  for  a   tenant  (use  RFC1918  address   range  if  needed).   •  Cloud  operator  can  choose  not  to   bill  for  ‘public’  data  traffic  
Internal  Load  Balancer   ! VR! Web VM 1! Web VM 2! Web VM 3! LB VM 1! •  LB  VM  lifecycle  is   managed  by  CloudStack   App 1 VM 1! App 1 VM 2! App 1 VM 3! LB VM 2! App 2 VM 1! App 2 VM 2! DB VM 1!
Interoperate  with  legacy  appliances  / Baremetal  DB   Use  reserved  IP   range   VM   HW   appliances   not   managed  by   CloudStack   VPN   VM   VM   VM   CS  VM  but   not   configured   by  CS   Shared  VLAN  200   Can  be   RFC1918  or   Public  IP   Not   CloudStack-­‐ Managed   Baremetal   DB   Shared  VLAN  100   •  Managed  hos9ng   primarily   •  Baremetal   advanced  zone   support   forthcoming    
Conundrum:  Inter-­‐AZ  private  traffic   Tenant  A   Tenant  A   Tenant  B   Zone  1   Tenant  B   High  speed  Private   Interconnect   Zone  2  
Inter-­‐AZ  private  traffic   •  Solu9on  1:  Use  VR-­‐VR  IPSec  VPN   –  Coming  in  4.3   –  Cons:     •  ipsec  overhead,     •  tricky  usage  accoun9ng,   •  Uses  public  internet   •  Solu9on  2:  overlay   –  GRE  tunnel  between  VRs   –  Not  yet  a  proposal,  just  a  possibility   •  Solu9on  3:  SDN  overlay   –  Stretch  overlay  subnets  between  DC   –  Cons:   •  Needs  change  to  CloudStack  model  (network  belongs  to  zone)   •  SDN  controllers  inherently  are  single-­‐DC  
PERFORMANCE  ISSUES  
VR  performance   •  FAQ:  what  is  the  performance  of  the  VR?   –  #  of  concurrent  connec9ons?   –  #  of  connec9ons  per  second?   –  Throughput?   –  Latency?   •  Answer:   –  “It  depends”  
Factors  affec9ng  performance   •  Physical  network   –  Public  network  capacity  (ports/buffers/etc.)   –  Top  of  rack  switch  capacity     •  Hypervisor   –  CPU  model  (L1/L2  cache,  clock  speed)   –  NICs  (1  GigE/10GigE/link  aggrega9on  mode/Jumbo   Frames)   –  RAM  and  CPU  allocated  to  dom0   –  Bridge  vs  OVS   •  Virtual  Router  specs   –  CPU  speed   –  RAM   –  (4.2.1)  32-­‐bit  vs  64-­‐bit  
Topology  for  tes9ng   Hypervisor  H1   VR   Web   VM  2   Hypervisor  H2   Tool  Host   Web   VM  1   Web   VM  3   Web   VM  4   Hypervisor  H3   Public   Network   Guest   Network  
Do  your  own  tes9ng   •  Basic  Topology     –  Intra  hypervisor,  guest  VM  -­‐>  guest  VM   •  VM3  -­‐>  VM4   –  Between  hypervisors,  guest  VM  -­‐>  guest  VM  on  same   VLAN   •  VM1  -­‐>  VM3   •  Routed  topology   –  VR  between  traffic  source  and  des9na9on   •  VR  on  same  hypervisor  as  des9na9on   –  Tools  Host  -­‐>VR  -­‐>    VM2  (port  forward)   •  VR  on  different  hypervisor  as  des9na9on   –  Tools  Host  -­‐>  VM1  (port  forward)   •  LB  test   –  Tools  Host  -­‐>  {VM1,  VM2,  VM3,  VM4}  
VLAN  Issues   •  En9re  VLAN  range  trunked  to  all  hypervisors   –  Unlimited  broadcast  domain   –  Per-­‐port  VLAN  limits  in  certain  switches   •  No  good  solu9ons:   –  VTP  (Vlan  Pruning)   –  Arista  VMTracer  (vSphere  only)   •  Overlays  (aka  SDN)  is  probably  the  way  to  go  

Recommended

Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 
Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack NetworkingShapeBlue
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationDag Sonstebo
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinChiradeep Vittal
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack NetworkingCloudStack - Open Source Cloud Computing Project
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
CloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanCloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanKimihiko Kitase
 

Recommended

Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 
Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack NetworkingShapeBlue
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationDag Sonstebo
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinChiradeep Vittal
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack NetworkingCloudStack - Open Source Cloud Computing Project
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
CloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanCloudStack Networking at CloudOpen Japan
CloudStack Networking at CloudOpen JapanKimihiko Kitase
 
Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Chiradeep Vittal
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackMurali Reddy
 
Implementing CloudStack's VPC feature
Implementing CloudStack's VPC featureImplementing CloudStack's VPC feature
Implementing CloudStack's VPC featureMarcus L Sorensen
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack ArchitectureCloudStack - Open Source Cloud Computing Project
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle ShapeBlue
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014Amazon Web Services
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupShapeBlue
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 
Introduction to cloudstack 4.3 networking
Introduction to cloudstack 4.3 networking Introduction to cloudstack 4.3 networking
Introduction to cloudstack 4.3 networking ShapeBlue
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack CloudStack - Open Source Cloud Computing Project
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginnersRadhika Puthiyetath
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
 
Deep Dive VPC - Pop-up Loft TLV 2017
Deep Dive VPC - Pop-up Loft TLV 2017Deep Dive VPC - Pop-up Loft TLV 2017
Deep Dive VPC - Pop-up Loft TLV 2017Amazon Web Services
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018ShapeBlue
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UICloudStack - Open Source Cloud Computing Project
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1tcloudcomputing-tw
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewgavin_lee
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailPriti Desai
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 

More Related Content

What's hot

Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Chiradeep Vittal
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackMurali Reddy
 
Implementing CloudStack's VPC feature
Implementing CloudStack's VPC featureImplementing CloudStack's VPC feature
Implementing CloudStack's VPC featureMarcus L Sorensen
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle ShapeBlue
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014Amazon Web Services
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupShapeBlue
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 
Introduction to cloudstack 4.3 networking
Introduction to cloudstack 4.3 networking Introduction to cloudstack 4.3 networking
Introduction to cloudstack 4.3 networking ShapeBlue
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
 
Deep Dive VPC - Pop-up Loft TLV 2017
Deep Dive VPC - Pop-up Loft TLV 2017Deep Dive VPC - Pop-up Loft TLV 2017
Deep Dive VPC - Pop-up Loft TLV 2017Amazon Web Services
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018ShapeBlue
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1tcloudcomputing-tw
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewgavin_lee
 

What's hot (20)

Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
Implementing CloudStack's VPC feature
Implementing CloudStack's VPC featureImplementing CloudStack's VPC feature
Implementing CloudStack's VPC feature
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overview
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack Architecture
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User Group
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
 
Introduction to cloudstack 4.3 networking
Introduction to cloudstack 4.3 networking Introduction to cloudstack 4.3 networking
Introduction to cloudstack 4.3 networking
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
 
Deep Dive VPC - Pop-up Loft TLV 2017
Deep Dive VPC - Pop-up Loft TLV 2017Deep Dive VPC - Pop-up Loft TLV 2017
Deep Dive VPC - Pop-up Loft TLV 2017
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 

Similar to CloudStack Networking Deepdive CCCEU13

Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailPriti Desai
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.Semihalf
 
Presentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a servicePresentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a servicexKinAnx
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittalbuildacloud
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...nvirters
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalThe Linux Foundation
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld
 
Docker network performance in the public cloud
Docker network performance in the public cloudDocker network performance in the public cloud
Docker network performance in the public cloudContainerCamp
 
Docker network performance in the public cloud
Docker network performance in the public cloudDocker network performance in the public cloud
Docker network performance in the public cloudArjan Schaaf
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANRobb Boyd
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
HA and DR for Cloud Workloads
HA and DR for Cloud WorkloadsHA and DR for Cloud Workloads
HA and DR for Cloud Workloadsswamybabu
 

Similar to CloudStack Networking Deepdive CCCEU13 (20)

Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStack
 
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.
 
Presentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a servicePresentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a service
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
 
Docker network performance in the public cloud
Docker network performance in the public cloudDocker network performance in the public cloud
Docker network performance in the public cloud
 
Docker network performance in the public cloud
Docker network performance in the public cloudDocker network performance in the public cloud
Docker network performance in the public cloud
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WAN
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
HA and DR for Cloud Workloads
HA and DR for Cloud WorkloadsHA and DR for Cloud Workloads
HA and DR for Cloud Workloads
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networks
 

More from Chiradeep Vittal

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackChiradeep Vittal
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackChiradeep Vittal
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)Chiradeep Vittal
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopChiradeep Vittal
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)Chiradeep Vittal
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Chiradeep Vittal
 

More from Chiradeep Vittal (10)

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro services
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStack
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStack
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache Hadoop
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)
 
CloudStack + SDN
CloudStack + SDNCloudStack + SDN
CloudStack + SDN
 

Recently uploaded

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Recently uploaded (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

CloudStack Networking Deepdive CCCEU13

  • 1. CloudStack  Networking  Deep   Dive   @chiradeep   CloudStack  Collabora9on  Conference     Amsterdam   Nov  22,  2013  
  • 2. Overview   •  •  •  •  •  10,000  foot  overview  of  CloudStack  Networking   SoDware  architecture   Complex  use  cases   Performance  issues   Focus  on     –  Advanced  zone   –  VLAN  isola9on    
  • 3. Virtual  Networking   •  The  illusion  of  isolated  networks  on  top  of   shared  physical  infrastructure   •  Requires  orchestra9on  of     –  Hypervisors   –  SoDware  switches   •  Services  are  provided  in  virtual  contexts   –  E.g.,  LB,  firewalls    
  • 4. Virtual  Network  Services   •  Provide  L2-­‐L7  network  services  that  applica9ons   expect:   –  Load balancing, firewall, IDS, VPN, NAT, etc. •  Services  are  inserted  in  the  virtual  network  topology   –  usually in the path to the public network •  Services  are  on-­‐demand  (api-­‐driven),  scalable,  elas9c    
  • 5. Virtual  Network  Appliances   Network  services  are  oDen  provided  by  virtual  appliances.   These  are  either  commercial  appliances  in  the  virtual  form  factor  or  Linux-­‐ based  networking  appliances   Virtual Router! Public Network Nic! Control Network Nic! Virtual Network Nic!
  • 6. Network  Services   Network   Services   •  L2   connec9vity   •  IPAM   •  DNS   •  Rou9ng   •  ACL   •  Firewall   •  NAT   •  VPN   •  LB   •  IDS   •  IPS    
  • 7. Network  Services   Network   Services   •  L2   connec9vity   •  IPAM   •  DNS   •  Rou9ng   •  ACL   •  Firewall   •  NAT   •  VPN   •  LB   •  IDS   •  IPS     Service Providers! ü  Virtual appliances! ü  Hardware firewalls! ü  LB appliances! ü  SDN controllers! ü  VRF! ü  Hypervisor!
  • 8. Network  Services   Network   Services   •  L2   connec9vity   •  IPAM   •  DNS   •  Rou9ng   •  ACL   •  Firewall   •  NAT   •  VPN   •  LB   •  IDS   •  IPS     Service Providers! ü  Virtual appliances! ü  Hardware firewalls! ü  LB appliances! ü  SDN controllers! ü  VRF! ü  Hypervisor! Network   Isola1on   •  No  isola9on   •  VLAN   isola9on   •  Overlays   •  L3  isola9on  
  • 9. Network  Offerings   •  Cloud  users  are  not  exposed  to  the  nature  of  the   service  provider   •  Cloud  operator  designs  a  service  catalog  and  offers   them  to  end  users.   –  Gold = {LB + FW, using virtual appliances} –  Platinum = {LB + FW + VPN, using hardware appliances} –  Silver = {FW using virtual appliances, 10Mbps}
  • 10. Mul9-­‐9er  virtual  networking   Internet! IPSec VPN! ! Customer! Premises! VR! Loadbalancer   (HW  or   Virtual)   Private Gateway! Web VM 3! VLAN 398 VLAN 101 Web VM 2! App VM 2! VLAN 2724 App VM 1! Web VM 1! DB VM 1! Network Services! •  IPAM! •  DNS! •  LB [intra]! •  S-2-S VPN! •  Static Routes! •  ACLs! •  NAT, PF! •  FW [ingress & egress]!
  • 11. Virtual  networking  with  overlays   Internet! IPSec VPN! ! Customer! Premises! VR + vSwitches! App VM 1! Web VM 2! Web VM 3! GRE KEY 398 GRE KEY 101 Web VM 1! App VM 2! GRE KEY 2724 Private Gateway! Loadbalancer   (Virtual)   DB VM 1! Network Services! •  IPAM! •  DNS! •  LB [intra]! •  S-2-S VPN! •  Static Routes! •  ACLs! •  NAT, PF! •  FW [ingress & egress]!
  • 13. CloudStack  Architecture   5 4 1 API     API     API     Plugin   Framew ork   2 Orchestra9on  Engine   Hyperviso Hyperviso r  Plugins   r  Plugins   6 8 3 7 Network   Network   Plugins   Plugins   Allocator   Storage   Plugins   Plugins   9 Hypervisor   Hypervisor   Resource   Resource   Network   Network   Resource   Resource   Storage   Storage   Resource   Resource   Allocator   Allocator   Plugins   Plugins   Physical Resources ! Orchestration steps usually executed in sequence!
  • 14. Plugin  interac9on   1 API     API     API     Async   Job   Mgr   2 Plugin   Frame 4 work   Orchestra9on   Engine   Idempotent   5 Network   Network   Plugins   Plugins   6 Desired  State   3 CloudSt ack  DB   Idempotent   7 Network   Network   Resource   Resource   8 Desired  State   Opera9onal  State   Desired  State   Plugin  should  not  update   CloudStack  objects  
  • 15. Plugin  Interac9on  Details   •  Resource  calls  are  expected  to  be  idempotent   –  It  is  the  job  of  the  plugin  to  ensure  this   –  apply(apply(config)) == apply(config) •  Plugins  should  not  update  CloudStack  resources     –  networks,  rules,  ip  addresses,  etc.   –   This  is  the  desired  state  as  expressed  by  the  API   •  Plugins  can  have  their  own  tables  inside  the  CloudStack  DB   •  Usually,  there  is  no  retry  from  the  CloudStack  orchestra9on  engine   upon  failure     –  API  reports  failure.   –  Security  groups  mechanism  will  con9nuously  retry  (eventual   consistency)   –  Refactor  proposed  to  provide  eventual  consistency  for  all  network   plugins  
  • 17. Isolated  vs.  VPC   •  VPC  should  be  the  default  choice   –  Isolated  =  VPC  with  a  single  9er   •  Differences   –  Isolated:  Remote  Access  VPN,  Firewall  Rules  on  Public  IP   –  VPC:  Site-­‐to-­‐Site  IPSec  VPN,  ACL   •  RA  VPN  coming  very  soon   •  FW  on  public  IP  may  come  later   –  Use  ACL  for  equivalent  func9on   •  Use  Isolated  when  firewall  is     –  SRX   –  Cisco  vASA1000    
  • 18. Real-­‐life  Use  cases   •  •  •  •  •  •  •  •  •  Monitoring-­‐as-­‐a-­‐Service   Managed  Applica9ons   Cloud  burs9ng   Mix  bare-­‐metal/virtual  workloads   Load  balance  applica9on  9er   MPLS  VPN   Mul9-­‐zone  failover   Mul9ple  IP  usecases   Metering  with  hardware  appliances  
  • 19. Monitoring  /  Backup  Service   •  Shared  VLANs  for  monitoring/   backup   •  Mul9-­‐tenancy  enforced  by  using   PVLAN  (Xen/VMW/KVM)   ! VR! App VM 2! VLAN 2724 Web VM 3! VLAN 398 VLAN 101 Web VM 2! DB VM 1! Backup PVLAN (shared)! App VM 1! Web VM 1! Cloud  Operator  Resources  (aaS)     Monitoring  Server   Backup  Server   Patching PVLAN (shared)! Patching  Server   Monitoring PVLAN (shared)! Tenant  VPC    
  • 20. Monitoring  Using  Private  Gateway   Monitoring  Server   Private  Gateway   ! VR! Backup  Server   NAT   Web VM 1! Web VM 2! App VM 2! Patching  Server   App VM 1! Web VM 3! Tenant  VPC     DB VM 1! Cloud  Operator     Resources   •  -­‐  Addi9onal  traffic  through  VR   •  -­‐  Performance  impact  on  VR   •  +  Usable  for  SDN  topologies  
  • 21. Managed  Applica9ons   Shared  App  Manager     (not  CloudStack  Managed)   VR   Hosted  App   (CRM/VDI/ CMS/etc)  for   Tenant  A   VM   VM   VM   VM   VM   NAT   VM   VR   Hosted  App   for  Tenant  B   Cloud   Operator   Resources   VM   VM   VM   VM   VM   NAT   VM   Public  or   Private  GW   •  Mul9ple  tenants  share  the   applica9on  manager/ orchestrator   •  Tenant  will  get  charged  if  using   public  route.  
  • 22. S3  /  Object  Store   VR   VPC  for   Tenant  A   VM   VM   VM   VM   VM   VM   •  Tenant  will  get  charged  for   network  bandwidth  between   object  store  and  compute  even   if  object  store  is  co-­‐located   VR   VPC  for   Tenant  B   VM   VM   VM   VM   VM   VM   Public  Network  
  • 23. MPLS  VPN   Tenant  A  DC   Private  GW   VR   WAN   Tenant  A   VM   VM   VM   VM   VM   VM   Tenant  B  DC   VR   Tenant  B   Private  GW   VM   VM   VM   VM   VM   VM   •  S9tching  VLAN  to  MPLS  label  is   done  outside  CloudStack   •  Alterna9vely:  use  solu9on  like   Contrail  SDN   •  No  VLANs,  use  overlays   •  VR  func9on  replaced  by   logical  distributed  router  
  • 24. Cloud  Burs9ng   RFC  1918  Public  IP  Range  reserved  for  Tenant  A   VR   Internet   VM   VM   VM   VM   VM   VR   Tenant  B   VM   VM   VM   VM   VM   VM   Tenant  A  DC   Public  VLAN  1   VM   Public  VLAN  2   Tenant  A   •  Clients  in  Tenant  DC  need  to  use   services  inside  VPC  in  the  cloud   •  Tenant  DC  is  already  networked   with  Cloud  (e.g.,  with  MPLS  VPN)   •  Public  VLAN  can  be  reserved  for  a   tenant  (use  RFC1918  address   range  if  needed).   •  Cloud  operator  can  choose  not  to   bill  for  ‘public’  data  traffic  
  • 25. Internal  Load  Balancer   ! VR! Web VM 1! Web VM 2! Web VM 3! LB VM 1! •  LB  VM  lifecycle  is   managed  by  CloudStack   App 1 VM 1! App 1 VM 2! App 1 VM 3! LB VM 2! App 2 VM 1! App 2 VM 2! DB VM 1!
  • 26. Interoperate  with  legacy  appliances  / Baremetal  DB   Use  reserved  IP   range   VM   HW   appliances   not   managed  by   CloudStack   VPN   VM   VM   VM   CS  VM  but   not   configured   by  CS   Shared  VLAN  200   Can  be   RFC1918  or   Public  IP   Not   CloudStack-­‐ Managed   Baremetal   DB   Shared  VLAN  100   •  Managed  hos9ng   primarily   •  Baremetal   advanced  zone   support   forthcoming    
  • 27. Conundrum:  Inter-­‐AZ  private  traffic   Tenant  A   Tenant  A   Tenant  B   Zone  1   Tenant  B   High  speed  Private   Interconnect   Zone  2  
  • 28. Inter-­‐AZ  private  traffic   •  Solu9on  1:  Use  VR-­‐VR  IPSec  VPN   –  Coming  in  4.3   –  Cons:     •  ipsec  overhead,     •  tricky  usage  accoun9ng,   •  Uses  public  internet   •  Solu9on  2:  overlay   –  GRE  tunnel  between  VRs   –  Not  yet  a  proposal,  just  a  possibility   •  Solu9on  3:  SDN  overlay   –  Stretch  overlay  subnets  between  DC   –  Cons:   •  Needs  change  to  CloudStack  model  (network  belongs  to  zone)   •  SDN  controllers  inherently  are  single-­‐DC  
  • 30. VR  performance   •  FAQ:  what  is  the  performance  of  the  VR?   –  #  of  concurrent  connec9ons?   –  #  of  connec9ons  per  second?   –  Throughput?   –  Latency?   •  Answer:   –  “It  depends”  
  • 31. Factors  affec9ng  performance   •  Physical  network   –  Public  network  capacity  (ports/buffers/etc.)   –  Top  of  rack  switch  capacity     •  Hypervisor   –  CPU  model  (L1/L2  cache,  clock  speed)   –  NICs  (1  GigE/10GigE/link  aggrega9on  mode/Jumbo   Frames)   –  RAM  and  CPU  allocated  to  dom0   –  Bridge  vs  OVS   •  Virtual  Router  specs   –  CPU  speed   –  RAM   –  (4.2.1)  32-­‐bit  vs  64-­‐bit  
  • 32. Topology  for  tes9ng   Hypervisor  H1   VR   Web   VM  2   Hypervisor  H2   Tool  Host   Web   VM  1   Web   VM  3   Web   VM  4   Hypervisor  H3   Public   Network   Guest   Network  
  • 33. Do  your  own  tes9ng   •  Basic  Topology     –  Intra  hypervisor,  guest  VM  -­‐>  guest  VM   •  VM3  -­‐>  VM4   –  Between  hypervisors,  guest  VM  -­‐>  guest  VM  on  same   VLAN   •  VM1  -­‐>  VM3   •  Routed  topology   –  VR  between  traffic  source  and  des9na9on   •  VR  on  same  hypervisor  as  des9na9on   –  Tools  Host  -­‐>VR  -­‐>    VM2  (port  forward)   •  VR  on  different  hypervisor  as  des9na9on   –  Tools  Host  -­‐>  VM1  (port  forward)   •  LB  test   –  Tools  Host  -­‐>  {VM1,  VM2,  VM3,  VM4}  
  • 34. VLAN  Issues   •  En9re  VLAN  range  trunked  to  all  hypervisors   –  Unlimited  broadcast  domain   –  Per-­‐port  VLAN  limits  in  certain  switches   •  No  good  solu9ons:   –  VTP  (Vlan  Pruning)   –  Arista  VMTracer  (vSphere  only)   •  Overlays  (aka  SDN)  is  probably  the  way  to  go