SlideShare a Scribd company logo

Networking in the Cloud Age (LISA 2012 Tutorial)

Chiradeep Vittal
Chiradeep Vittal

I (along with David Nalley - ke4qqq) presented a tutorial on Cloud Networking for cloud operators (not users) at LISA 2012

Technology
1 of 94
Networking in the Cloud Age! With references to Apache CloudStack! ! December 11 2012! ! Chiradeep Vittal! @chiradeep! David Nalley! @ke4qqq!
Agenda! •  Why virtual networks?! •  Basic principles of Cloud Networking! •  Service insertion in virtual networks! •  Virtual Networking using L3 isolation! •  Networking in Apache CloudStack! •  Software Defined Networking! •  Wrap-up!
Apache CloudStack! •  Secure, multi-tenant cloud orchestration platform! –  Turnkey platform for delivering IaaS clouds! –  Over 150 commercial Build your cloud the way deployments: private and public! the world’s most successful –  Full featured GUI, end-user API clouds are built! and admin API!
Apache CloudStack! •  Open Source! •  Apache License! •  Incubating in the Apache Software Foundation since April 2012! Build your cloud the way the world’s most successful •  Open Source since May clouds are built! 2010! •  In production since 2009!
Networking in the Cloud Age! DRIVERS!
Drivers! New-style! IAAS! Workload! Agility! Application owns availability! Virtualization! API! High bandwidth! Self-service! Elasticity! Scale! Low cost! Distributed! L3! Cookie cutter! Multi-tenancy! These classes of drivers (IAAS and new-style workloads) are highly complementary and therefore most new-style applications operate on IAAS!
Traditional Style! Traditional! IAAS! Workload! Agility! Infra owns availability! Virtualization! API! Complex Packet Filters! Elasticity! Scale! High cost! Self-service! Gold-plated! Multi-tenancy! Infra! L2! It is possible to realize some of the benefits of IAAS for traditional workloads !
Traditional infra can be IAAS! IAAS! Agility! Gold-plated! Virtualization! Infra! API! Infra owns availability! Elasticity! Scale! High cost! Self-service! Multi-tenancy! L2! Complex Packet Filters! It is possible to realize some of the benefits of IAAS for traditional infrastructure!
Traditional! Cloud! •  10x more scaleable! •  2-5x lower cost! •  100% more open! Built for traditional Designed around big data, enterprise apps & client- massive scale & next-gen server compute! apps! •  Enterprise arch for 100s of •  Cloud architecture for 1000s hosts! of hosts! •  Scale-up (server clusters) ! •  Scale-out (multi-site server •  Apps assume reliability! farms)! •  IT Mgmt-centric [1:Dozens]! •  Apps assume failure! •  Proprietary vendor stack! •  Autonomic [1:1,000’s]! •  Open, value-added stack!
Defining Cloud Computing (IAAS)! •  Agility! –  Re-provision complex infrastructure topologies in minutes, not days •  API! –  Automate complex infrastructure tasks •  Virtualization! –  Enables workload mobility and load sharing •  Multi-tenancy! –  Share resources and costs
Defining Cloud Computing (IAAS)! •  Scalability! –  Ability to consume resources limited by budget, not by infrastructure •  Elasticity! –  Scale up and down on demand –  Reduce need to engineer for peak load •  Self-service! –  No IT assistance!
Cloud Networking Requirements! •  Agile! –  Complex networking topologies created by non- network engineers •  API! –  Language to talk with the network infrastructure layer (not CLI) •  Virtualization! –  Hypervisor-level switches work together with physical infrastructure
Cloud Networking Requirements! •  Scalability! –  Usually means L3 in the physical infrastructure •  Elasticity! –  Release resources when not in use –  Introduce new resources on demand •  Self-service! –  Novices deploying, maintaining, troubleshooting virtual networks
Cloud-Style Workloads! •  Low cost! –  Standardized, cookie cutter infrastructure –  Highly automated and efficient •  L3! –  Applications do not need persistent ip/mac –  L2 adjacency not required •  Application owns availability! –  At scale everything breaks –  Focus on MTTR instead of MTBF
Scale! “At scale, everything breaks”! -­‐  Urs  Hölzle,  Google! " " "! Server failure comes from:! ᵒ  70% - hard disk! 8%   ᵒ  6% - RAID controller! ᵒ  5% - memory! ᵒ  18% - other factors! Application can still fail for Annual  Failure  Rate  of  servers   other reasons:! ᵒ  Network failure! Kashi  Venkatesh  Vishwanath  and   Nachiappan  Nagappan,  Characterizing   ᵒ  Software bugs! Cloud  Compu3ng  Hardware  Reliability,   ᵒ  Human admin error! SoCC’10  
Redundancy helps a little! • Bugs in failover 40%! mechanism! • Incorrect configuration! • Protocol issues such as TCP back-off, timeouts, and Effectiveness of network redundancy in reducing spanning tree failures! reconfiguration! Phillipa Gill, Navendu Jain & Nachiappan Nagappan, Understanding Network Failures in Data Centers: Measurement, Analysis and Implications, SIGCOMM 2011 ! 16!
Reliability Strategies! Cloud workloads! Traditional-Style! New (“Amazon”) Style! Reliable hardware, backup Tell users to expect failure. entire cloud, and restore for Users to build apps that can users when failure happens! withstand infrastructure failure! Both styles of workloads must run reliably in the cloud!
Reliability Styles! Traditional workload! Cloud workload! Link aggregation! VM backup/snapshots ! Storage multi-pathing! Ephemeral resources! VM HA, fault tolerance! Chaos monkey! VM live migration! Multi-site redundancy! Expect reliability. Back-up entire Expect failure. Design app for failure. cloud. Admin controlled failure Self-service failure handling! handling! Think Amazon Web Services! Think Server Virtualization!
Traditional Enterprise network! Backbone/ Internet! Core Routers! N-S traffic! …! Access Routers! Packet Filters! Aggregation Switches! Load Balancers! …! Top of Rack Switches! Servers!
Enterprise networks! •  Hierarchical tree structure! –  Assumes N-S traffic predominant •  L2 domains! –  Susceptible to flooding –  Wasted capacity due to STP •  Services provided by redundant HW appliances! –  Firewall, IDS, ACL, Loadbalancer –  Often need L2 adjacency! •  Complex engineering, limited scale!
Scaled out network! Backbone/ Internet! Spine Routers! Leaf Routers! …! Servers! Host-based! Server Load Balancing! firewalls and ACL!
Scaled out network! •  L3 (routed) network! –  ECMP for increased bandwidth/redundancy •  No oversubscription! –  Uniform access to bandwidth •  Predominantly east-west traffic! •  Commodity hardware! •  Services provided at the host / vm level! –  Firewall, IDS, load balancing.
Networking in the Cloud Age! VIRTUAL NETWORKING PRINCIPLES!
The illusion of isolated networks on top of shared physical infrastructure!
Usually requires! •  Hypervisors! –  To share the same host with multiple tenants •  Virtual (software) switches! –  Port-level control to provide isolation •  Services provided in software / virtual contexts! –  Loadbalancer / firewall virtual appliances –  Host-based firewalls
Virtual-to-Physical Mapping! •  Option 1: VLAN! –  1 virtual network = 1 VLAN in physical infra ! •  Option 2: Tunnels! –  VxLAN! –  (NV) GRE! –  STT! –  Others: MAC-in-MAC, NVO3, MPLS!
Virtual-to-Physical Mapping! •  Option 3: IP address re-write! –  1 tenant address mapped to 1 different provider address –  Hyper-V only (possible with KVM/Xen) •  Option 4: No mapping ! –  Tenant address is present on physical network –  Tenants isolated from each other and physical network using packet filters in hypervisor –  L3 isolation is CloudStack’s term for this mode –  Also called “Basic Networking”.
Virtual Switches! •  Linux bridge! –  KVM, XenServer, XCP, Oracle VM •  Open vSwitch (OVS)! –  KVM, XenServer, XCP •  VMware options! –  vSphere –  Distributed vSwitch (DVS) –  Cisco Nexus 1000v
Virtual Switches! Hypervisor Host! VM A1! VM A2! VM B1! VM C1! untagged (usually)! Virtual Nics! vswitch! vswitch! vswitch! Physical ! Nics! 192.168.1.0/24! VLAN TRUNK! VLAN 10! 192.168.1.0/24! VLAN 20! 10.1.1.0/24! VLAN 30!
Egress Traffic from VM! Ethernet frame from VM A1 to vswitch (untagged) Payload (IP Packet) 06:00:01:AA:BB:CC 06:02:12:1D:1E 0x800 46-1500 octets Dest, addr Src, addr Type Ethernet frame from vswitch to physical nic( tagged) Payload (IP Packet) 06:00:01:AA:BB:CC 06:02:12:1D:1E 0x8100 0xA 0x800 46-1500 octets Dest, addr Src, addr 802.1Q Tag Type *not all fields shown for clarity!
Ingress Traffic to VM! From physical nic to vswitch( tagged) Payload (IP Packet) 06:02:12:1D:1E:1F 06:00:01:AA:BB:CC 0x8100 0xA 0x800 46-1500 octets From vswitch to VM A1 (untagged) Payload (IP Packet) 06:02:12:1D:1E:1F 06:00:01:AA:BB:CC 0x800 46-1500 octets
VLAN networking! Trunks! Trunks! Trunks! User   A   User   A   User   A   User   User   B   A   User   B   …  
12 bits tag = 4094 virtual networks
VLANs – other problems! •  Configuration complexity! –  Need to program switches carefully •  Large L2 domains! –  Broadcast in one VLAN can cause unintended load on unrelated hypervisors •  Live migration limited to a single VLAN! •  Limited mac table sizes in L2 switches! –  100s of vms per hypervisor –  1000s of mac addresses on uplink port
Tunnels! •  Map VM address (Tenant Address) to Physical address (PA) of Hypervisor! –  Software IPv4 tunnels between hypervisors –  Tunnel endpoints are PA of hypervisor –  Discriminator in tunnel header identifies tenant/ network •  GRE key in (NV) GRE tunnels (24-32 bits) •  VxLAN Network Identifier (VNI) in VxLAN (24 bits) •  Context ID in STT (64 bits)
GRE tunnel example! GRE  Key  1   GRE  Key  2   OVS   User   1   OVS   User   1   User   1   OVS   User   OVS   User   OVS   2   1   User   2   …   …   …  
GRE Example! Hypervisor 1! Hypervisor 2! VM   VM   VM   VM   A1   B1   A2   B2   192.168.10.55! 192.168.20.88! 192.168.10.5! 192.168.20.8! vswitch   vswitch   10.10.10.5! 10.20.20.9! 10.20.20.9! 10.10.10.5! GRE key=10! MAC A2! MAC A1! 192.168.10.5! 192.168.10.55! A1->A2! B1->B2! 10.20.20.9! 10.10.10.5! GRE key=20! MAC B2! MAC B1! 192.168.20.8! 192.168.20.88! Physical Address! Tenant L2 header! Tenant L3 header! Wire format!
Layer 3 cloud networking! Web   DB   Web   VM   VM   VM   Web   DB     Security   Security   Group   Group   Web   Web   DB   VM   VM   VM   …   …   …   Web   Web   VM   VM  
L3 isolation with distributed firewalls! ! Tenant 10.1.0.2 Public Public IP 1 VM 1 Internet address 65.37.141.11! 65.37.141.24! 10.1.0.1 ! Pod 1 Tenant 10.1.0.3 65.37.141.36! ! Leaf 2 VM 1 65.37.141.80! Switch ! ! Tenant 10.1.0.4 1 VM 2 L3 Core ! Pod 2 10.1.8.1 …! ! Leaf Switch 10.1.16.1 ! Load Pod 3 ! Balancer Leaf Switch … !
Networking in the Cloud Age! SERVICES!
Virtual Network Services! •  Provide L2-L7 network services that applications expect:! –  Load balancing, firewall, IDS, VPN, NAT, etc. •  Services are inserted in the virtual network topology! –  usually in the path to the public network •  Services are on-demand (api-driven), scalable, elastic!
Virtual Network Appliances! Network services are often provided by virtual appliances.! These are either commercial appliances in the virtual form factor or Linux-based networking appliances! Virtual Router! Public Network Nic! Virtual Network Nic! Control Network Nic!
Service insertion example! Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP ! Tenant 10.1.1.2 Network address Gateway 1 VM 1 65.37.141.11! address 10.1.1.1 65.37.141.36 ! Tenant 1 ! Tenant 10.1.1.3 Edge 1 VM 2 Services ! Appliance(s) NAT! Internet! ! Tenant 10.1.1.4 DHCP! 1 VM 3 FW ! Tenant 10.1.1.5 1 VM 4
Service insertion with VLAN ! Trunks! Trunks! Trunks! Tena nt  1   Tena nt  1   Tena nt  1   Tena Tena nt  2   Rout nt  1   er   VM  1   …   Public VLAN! Public VLAN! Public VLAN! Rout er   VM  2  
Network Services! Network Services! •  L2 connectivity! •  IPAM! •  DNS! •  Routing! •  ACL! •  Firewall! •  NAT! •  VPN! •  LB! •  IDS! •  IPS! !
Network Services! Network Service Services! Providers! •  L2 ü  Virtual connectivity! appliances! •  IPAM! ü  Hardware •  DNS! firewalls! •  Routing! ü  LB •  ACL! appliances! •  Firewall! ü  SDN •  NAT! controllers! •  VPN! ü  IDS /IPS •  LB! appliances! •  IDS! ü  VRF! •  IPS! ü  Hypervisor! !
Network Services! Network Service Network Services! Providers! Isolation! •  L2 ü  Virtual •  No connectivity! appliances! •  IPAM! isolation! ü  Hardware •  DNS! firewalls! •  VLAN •  Routing! ü  LB isolation! •  ACL! appliances! •  Firewall! ü  SDN •  Overlays! •  NAT! controllers! •  L3 •  VPN! ü  IDS /IPS isolation! •  LB! appliances! •  IDS! ü  VRF! •  IPS! ü  Hypervisor! !
Service Catalog! •  Cloud users are not exposed to the nature of the service provider! •  Cloud operator designs a service catalog and offers them to end users.! –  Gold = {LB + FW, using virtual appliances} –  Platinum = {LB + FW + VPN, using hardware appliances} –  Silver = {FW using virtual appliances, 10Mbps}
End-user experience! •  Deploy a VM in a network! –  VM Template = Windows 2008 with Joomla on VMWare! –  Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM! –  Disk Offering {Super fast}! –  Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps Internet access!
End-user experience! •  Deploy a VM in a network! –  VM Template = Windows 2008 with Joomla on VMWare –  Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM –  Disk Offering {Super fast} –  Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps Internet access •  Network Offering Gold is realized by! –  VLAN isolation –  Source NAT & FW on Juniper SRX –  LB on F5 BigIp –  DHCP, DNS on virtual appliance
End-user experience! •  CloudStack orchestration:! –  Pick a free VLAN, pick a free public IP, free private IP –  Pick hypervisor with spare capacity –  Pick primary storage of SSD type accessible in hypervisor cluster –  Pick a Juniper SRX and F5 with spare capacity –  Spin up a new virtual appliance if necessary that runs DHCP and DNS service •  Pick hypervisor, call hypervisor APIs to provision virtual appliance on selected VLAN –  Call hypervisor APIs to provision VM on selected VLAN –  Call SRX and F5 APIs to place their internal interfaces on the VLAN, public interfaces on public VLAN –  Call SRX API to provision source NAT, default FW rules
Network services with VLANs! Tenant 1 Virtual Network 10.1.1.0/24 ! Tenant 10.1.1.2 Gateway 1 VM 1 address 10.1.1.1 ! Tenant 10.1.1.3 1 VM 2 Internet! ! Tenant 10.1.1.4 1 VM 3 ! Tenant 10.1.1.5 1 VM 4
Network virtualization with VLANs! Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP ! Tenant 10.1.1.2 Network address Gateway 1 VM 1 65.37.141.11! address 10.1.1.1 65.37.141.36 ! Tenant 1 ! Tenant 10.1.1.3 Edge 1 VM 2 Services Interne ! Appliance(s) NAT! ! Tenant t! DHCP! 1 VM 3 10.1.1.4 FW ! Tenant 10.1.1.5 1 VM 4
Network virtualization with VLANs! Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP ! Tenant 10.1.1.2 Network address Gateway 1 VM 1 65.37.141.11! address 10.1.1.1 65.37.141.36 ! Tenant 1 ! Tenant 10.1.1.3 Edge 1 ! Tenant 1 VM 2 Edge Services Services Appliance(s) NAT! ! ! Appliance(s) Internet! ! Tenant 10.1.1.4 DHCP! 1 VM 3 FW Load Balancing! ! VPN Tenant 10.1.1.5 1 VM 4
Service insertion with VLANs! Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP ! Tenant 10.1.1.2 Network address Gateway 1 VM 1 65.37.141.11! address 10.1.1.1 65.37.141.36 ! Tenant 1 ! Tenant 10.1.1.3 Edge 1 ! Tenant 1 VM 2 Edge Services Services Appliance(s) NAT! ! ! Internet! Appliance(s) ! Tenant 10.1.1.4 DHCP! 1 VM 3 FW Load Balancing! ! Tenant 10.1.1.5 1 VM 4 Tenant 2 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.24! Gateway address Tenant 2 VM 1 ! 10.1.1.2 65.37.141.80 10.1.1.1 ! Tenant 2 ! Tenant 10.1.1.3 Edge 2 VM 2 ! Services Appliance VPN! NAT! DHCP Tenant 2 VM 3 ! 10.1.1.4
Scaling services with VLANs! Scale out edge services using virtual appliances! 10.1.1.0/24! VLAN 100 VM 1! 10.1.1. 2 65.37.141.1 10.1.1.1 11! CS! 65.37.141.1 Virtual VM 2! 12 Router! 10.1.1. 3 DHCP, DNS! NAT! Load 10.1.1.4 VM 3! Balancing! VPN VM 4! 10.1.1.5
Scaling services with VLANs! Scale out edge services using virtual appliances! Scale up using hardware devices! 10.1.1.0/24! 10.1.1.0/24! VLAN 100 VLAN 100 VM 1! 65.37.141.11 10.1.1.1 10.1.1.2 VM 1! 10.1.1. 1 Juniper 2 SRX! 65.37.141.1 10.1.1.1 11! CS! Firewall! NAT, 65.37.141.1 Virtual VM 2! VPN! VM 2! 10.1.1. 10.1.1.3 12 Router! 3 65.37.141.11 10.1.1.112 DHCP, DNS! 2 Netscaler! NAT! Load Load 10.1.1.4 VM 3! VM 3! Balancer! 10.1.1.4 Balancing! VPN VM 4! VM 4! 10.1.1.5 10.1.1. 5 CS! DHCP, Virtual Router! DNS!
Multi-tier virtual networking! Internet! ! Loadbalancer Virtual appliance/! Hardware Devices! (virtual or HW)! Network Services! •  IPAM! •  DNS! Web VM 1! •  LB [intra]! •  S-2-S VPN! •  Static Routes! Web VM •  ACLs! 2! •  NAT, PF! •  FW [ingress & egress]! Web VM 3! Web VM 4! Web subnet ! 10.1.1.0/24! VLAN 101
Multi-tier virtual networking! Internet! ! Loadbalancer Virtual appliance/! Hardware Devices! (virtual or HW)! Network Services! App VM •  IPAM! 1! •  DNS! Web VM 1! •  LB [intra]! •  S-2-S VPN! App VM •  Static Routes! Web VM 2! VLAN 2724 •  ACLs! 2! •  NAT, PF! •  FW [ingress & egress]! VLAN 353 Web VM DB VM •  BGP! 3! 1! Web VM 4! Web subnet ! App subnet DB Subnet! 10.1.1.0/24! VLAN 101 10.1.2.0/24! 10.1.3.0/24!
Multi-tier virtual networking! Internet! IPSec or SSL site-to-site VPN! ! Custome Loadbalancer Virtual appliance/! r! Hardware Devices! (virtual or HW)! Premises! MPLS VLAN! Network Services! App VM •  IPAM! 1! •  DNS! Web VM 1! •  LB [intra]! •  S-2-S VPN! App VM •  Static Routes! Web VM 2! VLAN 2724 •  ACLs! 2! •  NAT, PF! •  FW [ingress & egress]! VLAN 353 Web VM DB VM •  BGP! 3! 1! Web VM 4! Web subnet ! App subnet DB Subnet! 10.1.1.0/24! VLAN 101 10.1.2.0/24! 10.1.3.0/24!
Multi-tier networking with Overlay! Internet! IPSec or SSL site-to-site VPN! Loadbalancer ! Custome (virtual Virtual Router! r! Premises! appliance)! MPLS VLAN! Network Services! App VM •  IPAM! Web VM 1! •  DNS! 1! •  LB [intra]! App VM •  S-2-S VPN! 2! •  Static Routes! Web VM GRE Key 2724 2! •  ACLs! •  NAT, PF! •  FW [ingress & egress]! Web VM GRE Key 353 DB VM •  BGP! 3! 1! Web VM 4! Web subnet ! App subnet DB Subnet! 10.1.1.0/24! GRE Key 101 10.1.2.0/24! 10.1.3.0/24!
Multi-tier networking with Overlay! Internet! Loadbalancer vswitches! (virtual appliance)! App VM 1! Web VM 1! App VM Web VM 2! GRE Key 2724 2! Web VM GRE Key 353 DB VM 3! 1! Web VM 4! Web subnet ! App subnet DB Subnet! 10.1.1.0/24! GRE Key 101 10.1.2.0/24! 10.1.3.0/24!
Networking in the Cloud Age! LAYER 3 ISOLATION!
Layer 3 cloud networking! Web DB Web VM! VM! VM! Web! DB ! Security Security Group! Group! Web Web DB VM! VM! VM! …! …! …! Web Web VM! VM! Ingress Rule: Allow VMs in Web Security Group access to VMs in DB Security Group on Port 33
L3 isolation with distributed firewalls! ! Tenant 10.1.0.2 Public Public IP 1 VM 1 Internet address 65.37.141.11! 65.37.141.24! 10.1.0.1 ! Pod 1 Tenant 10.1.0.3 65.37.141.36! ! Leaf 2 VM 1 65.37.141.80! Switch ! ! Tenant 10.1.0.4 1 VM 2 L3 Core ! Pod 2 10.1.8.1 …! ! Leaf Switch 10.1.16.1 ! Load Pod 3 ! Balancer Leaf Switch … !
L3 isolation with distributed firewalls! ! Tenant 10.1.0.2 Public Public IP 1 VM 1 Internet address 65.37.141.11! 65.37.141.24! 10.1.0.1 ! Pod 1 Tenant 10.1.0.3 65.37.141.36! ! Leaf 2 VM 1 65.37.141.80! Switch ! ! Tenant 10.1.0.4 1 VM 2 L3 Core ! Pod 2 10.1.8.1 …! ! Leaf Switch 10.1.16.1 ! Load Pod 3 ! Balancer Leaf Switch … ! Tenant 1 VM 3 ! 10.1.16.47 ! Tenant 10.1.16.85 1 VM 4
L3 isolation with distributed firewalls! ! Tenant 10.1.0.2 Public Public IP 1 VM 1 Internet address 65.37.141.11! 65.37.141.24! 10.1.0.1 ! Pod 1 Tenant 10.1.0.3 65.37.141.36! ! Leaf 2 VM 1 65.37.141.80! Switch ! ! Tenant 10.1.0.4 1 VM 2 L3 Core ! Pod 2 10.1.8.1 …! ! Leaf Switch ! Tenant 10.1.16.12 10.1.16.1 2 VM 2 ! Load Pod 3 ! Balancer Leaf ! Switch Tenant 2 VM 3 10.1.16.21 … ! Tenant 1 VM 3 ! 10.1.16.47 ! Tenant 10.1.16.85 1 VM 4
1 Firewall per Virtual Machine
A Million Firewalls?! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! VM! VM! …! VM! VM! …! VM! VM! …! …! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM!
Networking in the Cloud Age! SOFTWARE DEFINED NETWORKING!
Definition! •  Separation of Control Plane from the hardware performing the forwarding function! •  Control plane is logically centralized!
SDN Advantages! •  Centralized control makes it easier to configure, troubleshoot and maintain •  Eliminates ‘box’ mode of configuration •  Enables control at a high level
Related to SDN! •  API layer over a collection of ‘boxes’! –  API layer communicates with boxes using box-level APIs / ssh / telnet •  OpenFlow! –  Standard protocol for the centralized control plane to talk to the forwarding elements. •  Tunnels / overlays! –  SDN is valuable for virtual topologies –  Initial target of SDN implementation
Centralized control plane! Admin/User  API   Controller  Cluster   MySQL/NoSQL   Openflow/ssh/netconf/other! Boxes!
SDN problems! •  Discovery of virtual address -> physical address mapping! –  VxLAN = multicast –  GRE = programmed by control plane –  L3 isolation = no mapping, no discovery
SDN problems! •  State maintenance! –  Large number of endpoints + flows –  High arrival rate of new flows –  Needs fast and scalable storage and processing
CloudStack and SDN! Hypervisor   Hypervisor   Resource   5 4 Resource   Hyperviso Hyperviso r  Plugins   r  Plugins   Plugin   Framew 6 ork   Network   API   7 SDN   Resource   Network     API   Network   controller   OrchestraSon  Engine   Plugins   1   API   Plugins     2 8 Allocator   9 3 Storage   Plugins   Plugins   Storage   Storage   Resource   Resource   Allocator   Allocator   Plugins   Plugins   Physical Resources ! Network plugin is the glue that understands the SDN controller’s API!
Virtual Networking "! NETWORKING IN APACHE CLOUDSTACK!
Regions and Zones! •  A cluster of CloudStack management servers manage the physical resources of a region –  Single API endpoint per region •  Each region consists of zones •  Zones are physically proximate, but provide distinct failure domains (e.g., flood, earthquake, power) •  Zones are interconnected with high speed low latency links
Region “West” Region “East” Geographic separation Internet Low Latency Region “South”
Region “West” Zone “West-Beta” Zone “West-Alpha” High Speed Backbone (e.g., SONET ring) Zone “West-Delta” Zone “West-Gamma”
Inside a zone! Admin/User  API   End  users   CloudStack  Cluster   DC  Edge   MySQL   L2/L3  core   Leaf  Sw   Hypervisor  (Xen   /VMWare/KVM)   Secondary  Storage   Primary  Storage   NFS/ISCSI/FC   Pod   Pod   Pod   Pod   Pod  
Orchestration! •  Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware and services –  Wikipedia!
CloudStack Architecture! Hypervisor   Hypervisor   Plugins   Plugins   Plugin   Framework   Network  Plugins   OrchestraSon  Engine   Network  Plugins   Allocator   Allocator   Plugins   Plugins   Storage  Plugins  
CloudStack Architecture! •  XenServer   • VMWare   • KVM   • OracleVM   Hypervisor     Hypervisor   Plugins   Plugins   Plugin   Framework   Nicira   •  • Netscaler   • Brocade   Network  Plugins   OrchestraSon  Engine   Network  Plugins   idoNet   • M   Allocator   •  Random   Allocator   • User-­‐ Plugins   Plugins   concentrated   • Intel  TXT   • Affinity    
CloudStack Architecture! Hypervisor   Hypervisor   Resource   5 4 Resource   Hyperviso Hyperviso r  Plugins   r  Plugins   Plugin   Framew 6 ork   Network   API   7 Network   Resource   Network     API   Network   Resource   OrchestraSon  Engine   Plugins   1   API   Plugins     2 8 Allocator   9 3 Storage   Plugins   Plugins   Storage   Storage   Resource   Resource   Allocator   Allocator   Plugins   Plugins   Physical Resources ! Orchestration steps can be executed in parallel or in sequence!
Problem: Manage Configuration of! 1000s of virtual appliances (or VRF) Dozens of HW appliances Solution: Database-driven state management of appliances! Message queues + Retry Logic Idempotent updates, Recreatable virtual appliances
Problem: Manage Configuration of! 1000s of virtual appliances (or VRF) Dozens of HW appliances Solution: Database-driven state management of appliances! Message queues + Retry Logic! Idempotent updates,! Recreatable virtual appliances! !
Problem:! Single-tenant HW appliances! Solution:! CloudStack API layers multi-tenancy, provides abstraction! No direct access to devices!
Problem: Hardware appliances with no APIs CLI only Limited concurrent login sessions Solution: Recommend appliances with APIs Integrate with Network Orchestrators !
Problem: Manage the configuration of 100s of thousands of firewalls Solution: Well-known software scaling techniques •  Message queues •  Consistency tradeoffs •  Idempotent configuration & retries CloudStack uses •  special purpose queues •  optimized for large security groups •  eventual consistency for rule updates
Problem: Firewall (iptables) rules explosion on the host firewall! Allow Security Group {Web} on TCP port 3060 ! ! -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.16.31 – j ACCEPT -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.45.112 – j ACCEPT -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.189.5 – j ACCEPT …! -A FORWARD -m tcp –p tcp –dport 3060 –src 10.21.9.77 – j ACCEPT For large security groups, performance suffers
Problem: Firewall (iptables) rules explosion on the host firewall ! Solution:! Use ipsets: ! ipset –N web_sg iptreemap ipset –A web_sg 10.1.16.31 ipset –A web_sg 10.1.16.112 ipset –A …! web_sg 10.1.189.5 ipset –A web_sg 10.21.9.77 -A FORWARD –p tcp –m tcp –dport 3060 –m set –match-set web_sg src -j ACCEPT
Apache CloudStack! •  Apache CloudStack! –  http://www.cloudstack.org/! –  Download it! –  Use it! –  Contribute to it! •  Citrix CloudPlatform! –  Based on Apache CloudStack! –  Commercial support!

Recommended

Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack ArchitectureCloudStack - Open Source Cloud Computing Project
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Greg Ferro
 
2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer Day2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer DayKimihiko Kitase
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13Chiradeep Vittal
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackMurali Reddy
 
Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huangbuildacloud
 
CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-DayKimihiko Kitase
 

Recommended

Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack ArchitectureCloudStack - Open Source Cloud Computing Project
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Greg Ferro
 
2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer Day2 architectural at CloudStack Developer Day
2 architectural at CloudStack Developer DayKimihiko Kitase
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13Chiradeep Vittal
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackMurali Reddy
 
Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huangbuildacloud
 
CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-DayKimihiko Kitase
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack - Open Source Cloud Computing Project
 
CloudStack technical overview
CloudStack technical overviewCloudStack technical overview
CloudStack technical overviewCloudStack - Open Source Cloud Computing Project
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationDag Sonstebo
 
NephoScale Elastic Networking
NephoScale Elastic NetworkingNephoScale Elastic Networking
NephoScale Elastic NetworkingNephoScale
 
CloudStack Architecture Future
CloudStack Architecture FutureCloudStack Architecture Future
CloudStack Architecture FutureKimihiko Kitase
 
Hybrid Cloud Enablement Technologies
Hybrid Cloud Enablement TechnologiesHybrid Cloud Enablement Technologies
Hybrid Cloud Enablement Technologieshybrid cloud
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018ShapeBlue
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...CloudStack - Open Source Cloud Computing Project
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIJoe Brockmeier
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack CloudStack - Open Source Cloud Computing Project
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UICloudStack - Open Source Cloud Computing Project
 
Ultimate hybrid cloud
Ultimate hybrid cloudUltimate hybrid cloud
Ultimate hybrid cloudMirantis
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyCharles Moulliard
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalleybuildacloud
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStackbuildacloud
 
CloudStack + SDN
CloudStack + SDNCloudStack + SDN
CloudStack + SDNChiradeep Vittal
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginnersRadhika Puthiyetath
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDNSebastien Goasguen
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)Chiradeep Vittal
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Chiradeep Vittal
 

More Related Content

What's hot

CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationDag Sonstebo
 
NephoScale Elastic Networking
NephoScale Elastic NetworkingNephoScale Elastic Networking
NephoScale Elastic NetworkingNephoScale
 
CloudStack Architecture Future
CloudStack Architecture FutureCloudStack Architecture Future
CloudStack Architecture FutureKimihiko Kitase
 
Hybrid Cloud Enablement Technologies
Hybrid Cloud Enablement TechnologiesHybrid Cloud Enablement Technologies
Hybrid Cloud Enablement Technologieshybrid cloud
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018ShapeBlue
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIJoe Brockmeier
 
Ultimate hybrid cloud
Ultimate hybrid cloudUltimate hybrid cloud
Ultimate hybrid cloudMirantis
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyCharles Moulliard
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalleybuildacloud
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStackbuildacloud
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 

What's hot (20)

CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overview
 
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
 
CloudStack technical overview
CloudStack technical overviewCloudStack technical overview
CloudStack technical overview
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configuration
 
NephoScale Elastic Networking
NephoScale Elastic NetworkingNephoScale Elastic Networking
NephoScale Elastic Networking
 
CloudStack Architecture Future
CloudStack Architecture FutureCloudStack Architecture Future
CloudStack Architecture Future
 
Hybrid Cloud Enablement Technologies
Hybrid Cloud Enablement TechnologiesHybrid Cloud Enablement Technologies
Hybrid Cloud Enablement Technologies
 
Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018Building clouds with apache cloudstack apache roadshow 2018
Building clouds with apache cloudstack apache roadshow 2018
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UI
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
 
Ultimate hybrid cloud
Ultimate hybrid cloudUltimate hybrid cloud
Ultimate hybrid cloud
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric Technology
 
Introduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David NalleyIntroduction to Apache CloudStack by David Nalley
Introduction to Apache CloudStack by David Nalley
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStack
 
CloudStack + SDN
CloudStack + SDNCloudStack + SDN
CloudStack + SDN
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 

Viewers also liked

The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)Chiradeep Vittal
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Chiradeep Vittal
 
Understanding Virtual Networking in the Cloud - RightScale Compute 2013
Understanding Virtual Networking in the Cloud - RightScale Compute 2013Understanding Virtual Networking in the Cloud - RightScale Compute 2013
Understanding Virtual Networking in the Cloud - RightScale Compute 2013RightScale
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined NetworkingPrasenjit Sarkar
 
Architecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudArchitecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudbradhedlund
 
aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...
aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...
aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...Mirantis
 
ODCA infrastructure as-a-service Framework & Usage Scenarios
ODCA infrastructure as-a-service Framework & Usage ScenariosODCA infrastructure as-a-service Framework & Usage Scenarios
ODCA infrastructure as-a-service Framework & Usage ScenariosOpen Data Center Alliance
 
Comparing Cloud-Based Infrastructure Services
Comparing Cloud-Based Infrastructure ServicesComparing Cloud-Based Infrastructure Services
Comparing Cloud-Based Infrastructure ServicesCDW
 
Tutorial on SDN and OpenFlow
Tutorial on SDN and OpenFlowTutorial on SDN and OpenFlow
Tutorial on SDN and OpenFlowKingston Smiler
 
What Does It Cost to Build a Data Center? (SlideShare)
What Does It Cost to Build a Data Center? (SlideShare)What Does It Cost to Build a Data Center? (SlideShare)
What Does It Cost to Build a Data Center? (SlideShare)SP Home Run Inc.
 
CLOUD RAN- Benefits of Centralization and Virtualization
CLOUD RAN- Benefits of Centralization and VirtualizationCLOUD RAN- Benefits of Centralization and Virtualization
CLOUD RAN- Benefits of Centralization and VirtualizationAricent
 
Cloud RAN fronthaul
Cloud RAN fronthaulCloud RAN fronthaul
Cloud RAN fronthaulssk
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
Network: Synchronization: IEEE1588's Future in Computing and the Data Center
Network: Synchronization: IEEE1588's Future in Computing and the Data CenterNetwork: Synchronization: IEEE1588's Future in Computing and the Data Center
Network: Synchronization: IEEE1588's Future in Computing and the Data CenterMichelle Holley
 
Simplifying Data Center Design/ Build
Simplifying Data Center Design/ BuildSimplifying Data Center Design/ Build
Simplifying Data Center Design/ BuildSchneider Electric
 
Enterprise data center design and methodology
Enterprise data center design and methodologyEnterprise data center design and methodology
Enterprise data center design and methodologyCarlos León Araujo
 
Data Center Trends 2014
Data Center Trends 2014Data Center Trends 2014
Data Center Trends 2014Belden Inc
 
Data Center Network Topologies
Data Center Network TopologiesData Center Network Topologies
Data Center Network Topologiesrjain51
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDxCentral
 

Viewers also liked (20)

The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)
 
Understanding Virtual Networking in the Cloud - RightScale Compute 2013
Understanding Virtual Networking in the Cloud - RightScale Compute 2013Understanding Virtual Networking in the Cloud - RightScale Compute 2013
Understanding Virtual Networking in the Cloud - RightScale Compute 2013
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined Networking
 
Locaweb cloud and sdn
Locaweb cloud and sdnLocaweb cloud and sdn
Locaweb cloud and sdn
 
Architecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloudArchitecting data center networks in the era of big data and cloud
Architecting data center networks in the era of big data and cloud
 
aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...
aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...
aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...
 
ODCA infrastructure as-a-service Framework & Usage Scenarios
ODCA infrastructure as-a-service Framework & Usage ScenariosODCA infrastructure as-a-service Framework & Usage Scenarios
ODCA infrastructure as-a-service Framework & Usage Scenarios
 
Comparing Cloud-Based Infrastructure Services
Comparing Cloud-Based Infrastructure ServicesComparing Cloud-Based Infrastructure Services
Comparing Cloud-Based Infrastructure Services
 
Tutorial on SDN and OpenFlow
Tutorial on SDN and OpenFlowTutorial on SDN and OpenFlow
Tutorial on SDN and OpenFlow
 
What Does It Cost to Build a Data Center? (SlideShare)
What Does It Cost to Build a Data Center? (SlideShare)What Does It Cost to Build a Data Center? (SlideShare)
What Does It Cost to Build a Data Center? (SlideShare)
 
CLOUD RAN- Benefits of Centralization and Virtualization
CLOUD RAN- Benefits of Centralization and VirtualizationCLOUD RAN- Benefits of Centralization and Virtualization
CLOUD RAN- Benefits of Centralization and Virtualization
 
Cloud RAN fronthaul
Cloud RAN fronthaulCloud RAN fronthaul
Cloud RAN fronthaul
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSX
 
Network: Synchronization: IEEE1588's Future in Computing and the Data Center
Network: Synchronization: IEEE1588's Future in Computing and the Data CenterNetwork: Synchronization: IEEE1588's Future in Computing and the Data Center
Network: Synchronization: IEEE1588's Future in Computing and the Data Center
 
Simplifying Data Center Design/ Build
Simplifying Data Center Design/ BuildSimplifying Data Center Design/ Build
Simplifying Data Center Design/ Build
 
Enterprise data center design and methodology
Enterprise data center design and methodologyEnterprise data center design and methodology
Enterprise data center design and methodology
 
Data Center Trends 2014
Data Center Trends 2014Data Center Trends 2014
Data Center Trends 2014
 
Data Center Network Topologies
Data Center Network TopologiesData Center Network Topologies
Data Center Network Topologies
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined Networking
 

Similar to Networking in the Cloud Age (LISA 2012 Tutorial)

Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the HassleFintan Ryan
 
Microservices Without The Hassle
Microservices Without The HassleMicroservices Without The Hassle
Microservices Without The HassleWeaveworks
 
The Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivThe Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivAmazon Web Services
 
Workflows in the Virtual Observatory
Workflows in the Virtual ObservatoryWorkflows in the Virtual Observatory
Workflows in the Virtual ObservatoryJose Enrique Ruiz
 
OpenNebula Interoperability
OpenNebula InteroperabilityOpenNebula Interoperability
OpenNebula Interoperabilitydmamolina
 
Rightscale Webinar: Building Blocks for Private and Hybrid Clouds
Rightscale Webinar: Building Blocks for Private and Hybrid CloudsRightscale Webinar: Building Blocks for Private and Hybrid Clouds
Rightscale Webinar: Building Blocks for Private and Hybrid CloudsRightScale
 
Best Practices to create High Load Websites
Best Practices to create High Load WebsitesBest Practices to create High Load Websites
Best Practices to create High Load WebsitesManfred Furuholmen
 
Internet Scale Architecture
Internet Scale ArchitectureInternet Scale Architecture
Internet Scale ArchitectureRightScale
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureBob Rhubart
 
Service-oriented architecture
Service-oriented architectureService-oriented architecture
Service-oriented architectureShalva Usubov
 
Private Clouds - Business Agility Seminar
Private Clouds - Business Agility SeminarPrivate Clouds - Business Agility Seminar
Private Clouds - Business Agility SeminarExponential_e
 
Dell Management And Automation Solutions For IT Infrastructures
Dell Management And Automation Solutions For IT InfrastructuresDell Management And Automation Solutions For IT Infrastructures
Dell Management And Automation Solutions For IT InfrastructuresAgora Group
 
Building Blocks for Private and Hybrid Clouds
Building Blocks for Private and Hybrid CloudsBuilding Blocks for Private and Hybrid Clouds
Building Blocks for Private and Hybrid CloudsRightScale
 
DockerCon US 2016 - Docker Practice in Alibaba Cloud
DockerCon US 2016 - Docker Practice in Alibaba CloudDockerCon US 2016 - Docker Practice in Alibaba Cloud
DockerCon US 2016 - Docker Practice in Alibaba CloudLi Yi
 
The DIY Punk Rock DevOps Playbook
The DIY Punk Rock DevOps PlaybookThe DIY Punk Rock DevOps Playbook
The DIY Punk Rock DevOps Playbookbcantrill
 
2009.05.21.Abiquo.Entrepeneurs.Day
2009.05.21.Abiquo.Entrepeneurs.Day2009.05.21.Abiquo.Entrepeneurs.Day
2009.05.21.Abiquo.Entrepeneurs.DayAbiquo, Inc.
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
Kentucky gis
Kentucky gisKentucky gis
Kentucky gisedsai
 

Similar to Networking in the Cloud Age (LISA 2012 Tutorial) (20)

Link Samba to Cloud Storage
Link Samba to Cloud StorageLink Samba to Cloud Storage
Link Samba to Cloud Storage
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the Hassle
 
Microservices Without The Hassle
Microservices Without The HassleMicroservices Without The Hassle
Microservices Without The Hassle
 
The Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivThe Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel Aviv
 
Workflows in the Virtual Observatory
Workflows in the Virtual ObservatoryWorkflows in the Virtual Observatory
Workflows in the Virtual Observatory
 
OpenNebula Interoperability
OpenNebula InteroperabilityOpenNebula Interoperability
OpenNebula Interoperability
 
Rightscale Webinar: Building Blocks for Private and Hybrid Clouds
Rightscale Webinar: Building Blocks for Private and Hybrid CloudsRightscale Webinar: Building Blocks for Private and Hybrid Clouds
Rightscale Webinar: Building Blocks for Private and Hybrid Clouds
 
Best Practices to create High Load Websites
Best Practices to create High Load WebsitesBest Practices to create High Load Websites
Best Practices to create High Load Websites
 
Internet Scale Architecture
Internet Scale ArchitectureInternet Scale Architecture
Internet Scale Architecture
 
Engineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the FutureEngineered Systems: Oracle’s Vision for the Future
Engineered Systems: Oracle’s Vision for the Future
 
Service-oriented architecture
Service-oriented architectureService-oriented architecture
Service-oriented architecture
 
Private Clouds - Business Agility Seminar
Private Clouds - Business Agility SeminarPrivate Clouds - Business Agility Seminar
Private Clouds - Business Agility Seminar
 
Dell Management And Automation Solutions For IT Infrastructures
Dell Management And Automation Solutions For IT InfrastructuresDell Management And Automation Solutions For IT Infrastructures
Dell Management And Automation Solutions For IT Infrastructures
 
Building Blocks for Private and Hybrid Clouds
Building Blocks for Private and Hybrid CloudsBuilding Blocks for Private and Hybrid Clouds
Building Blocks for Private and Hybrid Clouds
 
DockerCon US 2016 - Docker Practice in Alibaba Cloud
DockerCon US 2016 - Docker Practice in Alibaba CloudDockerCon US 2016 - Docker Practice in Alibaba Cloud
DockerCon US 2016 - Docker Practice in Alibaba Cloud
 
The DIY Punk Rock DevOps Playbook
The DIY Punk Rock DevOps PlaybookThe DIY Punk Rock DevOps Playbook
The DIY Punk Rock DevOps Playbook
 
2009.05.21.Abiquo.Entrepeneurs.Day
2009.05.21.Abiquo.Entrepeneurs.Day2009.05.21.Abiquo.Entrepeneurs.Day
2009.05.21.Abiquo.Entrepeneurs.Day
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack Networking
 
Hadoop on VMware
Hadoop on VMwareHadoop on VMware
Hadoop on VMware
 
Kentucky gis
Kentucky gisKentucky gis
Kentucky gis
 

More from Chiradeep Vittal

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinChiradeep Vittal
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackChiradeep Vittal
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackChiradeep Vittal
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)Chiradeep Vittal
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopChiradeep Vittal
 

More from Chiradeep Vittal (9)

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro services
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStack
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStack
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStack
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache Hadoop
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Networking in the Cloud Age (LISA 2012 Tutorial)

  • 1. Networking in the Cloud Age! With references to Apache CloudStack! ! December 11 2012! ! Chiradeep Vittal! @chiradeep! David Nalley! @ke4qqq!
  • 2. Agenda! •  Why virtual networks?! •  Basic principles of Cloud Networking! •  Service insertion in virtual networks! •  Virtual Networking using L3 isolation! •  Networking in Apache CloudStack! •  Software Defined Networking! •  Wrap-up!
  • 3. Apache CloudStack! •  Secure, multi-tenant cloud orchestration platform! –  Turnkey platform for delivering IaaS clouds! –  Over 150 commercial Build your cloud the way deployments: private and public! the world’s most successful –  Full featured GUI, end-user API clouds are built! and admin API!
  • 4. Apache CloudStack! •  Open Source! •  Apache License! •  Incubating in the Apache Software Foundation since April 2012! Build your cloud the way the world’s most successful •  Open Source since May clouds are built! 2010! •  In production since 2009!
  • 5. Networking in the Cloud Age! DRIVERS!
  • 6. Drivers! New-style! IAAS! Workload! Agility! Application owns availability! Virtualization! API! High bandwidth! Self-service! Elasticity! Scale! Low cost! Distributed! L3! Cookie cutter! Multi-tenancy! These classes of drivers (IAAS and new-style workloads) are highly complementary and therefore most new-style applications operate on IAAS!
  • 7. Traditional Style! Traditional! IAAS! Workload! Agility! Infra owns availability! Virtualization! API! Complex Packet Filters! Elasticity! Scale! High cost! Self-service! Gold-plated! Multi-tenancy! Infra! L2! It is possible to realize some of the benefits of IAAS for traditional workloads !
  • 8. Traditional infra can be IAAS! IAAS! Agility! Gold-plated! Virtualization! Infra! API! Infra owns availability! Elasticity! Scale! High cost! Self-service! Multi-tenancy! L2! Complex Packet Filters! It is possible to realize some of the benefits of IAAS for traditional infrastructure!
  • 9. Traditional! Cloud! •  10x more scaleable! •  2-5x lower cost! •  100% more open! Built for traditional Designed around big data, enterprise apps & client- massive scale & next-gen server compute! apps! •  Enterprise arch for 100s of •  Cloud architecture for 1000s hosts! of hosts! •  Scale-up (server clusters) ! •  Scale-out (multi-site server •  Apps assume reliability! farms)! •  IT Mgmt-centric [1:Dozens]! •  Apps assume failure! •  Proprietary vendor stack! •  Autonomic [1:1,000’s]! •  Open, value-added stack!
  • 10. Defining Cloud Computing (IAAS)! •  Agility! –  Re-provision complex infrastructure topologies in minutes, not days •  API! –  Automate complex infrastructure tasks •  Virtualization! –  Enables workload mobility and load sharing •  Multi-tenancy! –  Share resources and costs
  • 11. Defining Cloud Computing (IAAS)! •  Scalability! –  Ability to consume resources limited by budget, not by infrastructure •  Elasticity! –  Scale up and down on demand –  Reduce need to engineer for peak load •  Self-service! –  No IT assistance!
  • 12. Cloud Networking Requirements! •  Agile! –  Complex networking topologies created by non- network engineers •  API! –  Language to talk with the network infrastructure layer (not CLI) •  Virtualization! –  Hypervisor-level switches work together with physical infrastructure
  • 13. Cloud Networking Requirements! •  Scalability! –  Usually means L3 in the physical infrastructure •  Elasticity! –  Release resources when not in use –  Introduce new resources on demand •  Self-service! –  Novices deploying, maintaining, troubleshooting virtual networks
  • 14. Cloud-Style Workloads! •  Low cost! –  Standardized, cookie cutter infrastructure –  Highly automated and efficient •  L3! –  Applications do not need persistent ip/mac –  L2 adjacency not required •  Application owns availability! –  At scale everything breaks –  Focus on MTTR instead of MTBF
  • 15. Scale! “At scale, everything breaks”! -­‐  Urs  Hölzle,  Google! " " "! Server failure comes from:! ᵒ  70% - hard disk! 8%   ᵒ  6% - RAID controller! ᵒ  5% - memory! ᵒ  18% - other factors! Application can still fail for Annual  Failure  Rate  of  servers   other reasons:! ᵒ  Network failure! Kashi  Venkatesh  Vishwanath  and   Nachiappan  Nagappan,  Characterizing   ᵒ  Software bugs! Cloud  Compu3ng  Hardware  Reliability,   ᵒ  Human admin error! SoCC’10  
  • 16. Redundancy helps a little! • Bugs in failover 40%! mechanism! • Incorrect configuration! • Protocol issues such as TCP back-off, timeouts, and Effectiveness of network redundancy in reducing spanning tree failures! reconfiguration! Phillipa Gill, Navendu Jain & Nachiappan Nagappan, Understanding Network Failures in Data Centers: Measurement, Analysis and Implications, SIGCOMM 2011 ! 16!
  • 17. Reliability Strategies! Cloud workloads! Traditional-Style! New (“Amazon”) Style! Reliable hardware, backup Tell users to expect failure. entire cloud, and restore for Users to build apps that can users when failure happens! withstand infrastructure failure! Both styles of workloads must run reliably in the cloud!
  • 18. Reliability Styles! Traditional workload! Cloud workload! Link aggregation! VM backup/snapshots ! Storage multi-pathing! Ephemeral resources! VM HA, fault tolerance! Chaos monkey! VM live migration! Multi-site redundancy! Expect reliability. Back-up entire Expect failure. Design app for failure. cloud. Admin controlled failure Self-service failure handling! handling! Think Amazon Web Services! Think Server Virtualization!
  • 19. Traditional Enterprise network! Backbone/ Internet! Core Routers! N-S traffic! …! Access Routers! Packet Filters! Aggregation Switches! Load Balancers! …! Top of Rack Switches! Servers!
  • 20. Enterprise networks! •  Hierarchical tree structure! –  Assumes N-S traffic predominant •  L2 domains! –  Susceptible to flooding –  Wasted capacity due to STP •  Services provided by redundant HW appliances! –  Firewall, IDS, ACL, Loadbalancer –  Often need L2 adjacency! •  Complex engineering, limited scale!
  • 21. Scaled out network! Backbone/ Internet! Spine Routers! Leaf Routers! …! Servers! Host-based! Server Load Balancing! firewalls and ACL!
  • 22. Scaled out network! •  L3 (routed) network! –  ECMP for increased bandwidth/redundancy •  No oversubscription! –  Uniform access to bandwidth •  Predominantly east-west traffic! •  Commodity hardware! •  Services provided at the host / vm level! –  Firewall, IDS, load balancing.
  • 23. Networking in the Cloud Age! VIRTUAL NETWORKING PRINCIPLES!
  • 24. The illusion of isolated networks on top of shared physical infrastructure!
  • 25. Usually requires! •  Hypervisors! –  To share the same host with multiple tenants •  Virtual (software) switches! –  Port-level control to provide isolation •  Services provided in software / virtual contexts! –  Loadbalancer / firewall virtual appliances –  Host-based firewalls
  • 26. Virtual-to-Physical Mapping! •  Option 1: VLAN! –  1 virtual network = 1 VLAN in physical infra ! •  Option 2: Tunnels! –  VxLAN! –  (NV) GRE! –  STT! –  Others: MAC-in-MAC, NVO3, MPLS!
  • 27. Virtual-to-Physical Mapping! •  Option 3: IP address re-write! –  1 tenant address mapped to 1 different provider address –  Hyper-V only (possible with KVM/Xen) •  Option 4: No mapping ! –  Tenant address is present on physical network –  Tenants isolated from each other and physical network using packet filters in hypervisor –  L3 isolation is CloudStack’s term for this mode –  Also called “Basic Networking”.
  • 28. Virtual Switches! •  Linux bridge! –  KVM, XenServer, XCP, Oracle VM •  Open vSwitch (OVS)! –  KVM, XenServer, XCP •  VMware options! –  vSphere –  Distributed vSwitch (DVS) –  Cisco Nexus 1000v
  • 29. Virtual Switches! Hypervisor Host! VM A1! VM A2! VM B1! VM C1! untagged (usually)! Virtual Nics! vswitch! vswitch! vswitch! Physical ! Nics! 192.168.1.0/24! VLAN TRUNK! VLAN 10! 192.168.1.0/24! VLAN 20! 10.1.1.0/24! VLAN 30!
  • 30. Egress Traffic from VM! Ethernet frame from VM A1 to vswitch (untagged) Payload (IP Packet) 06:00:01:AA:BB:CC 06:02:12:1D:1E 0x800 46-1500 octets Dest, addr Src, addr Type Ethernet frame from vswitch to physical nic( tagged) Payload (IP Packet) 06:00:01:AA:BB:CC 06:02:12:1D:1E 0x8100 0xA 0x800 46-1500 octets Dest, addr Src, addr 802.1Q Tag Type *not all fields shown for clarity!
  • 31. Ingress Traffic to VM! From physical nic to vswitch( tagged) Payload (IP Packet) 06:02:12:1D:1E:1F 06:00:01:AA:BB:CC 0x8100 0xA 0x800 46-1500 octets From vswitch to VM A1 (untagged) Payload (IP Packet) 06:02:12:1D:1E:1F 06:00:01:AA:BB:CC 0x800 46-1500 octets
  • 32. VLAN networking! Trunks! Trunks! Trunks! User   A   User   A   User   A   User   User   B   A   User   B   …  
  • 33. 12 bits tag = 4094 virtual networks
  • 34. VLANs – other problems! •  Configuration complexity! –  Need to program switches carefully •  Large L2 domains! –  Broadcast in one VLAN can cause unintended load on unrelated hypervisors •  Live migration limited to a single VLAN! •  Limited mac table sizes in L2 switches! –  100s of vms per hypervisor –  1000s of mac addresses on uplink port
  • 35. Tunnels! •  Map VM address (Tenant Address) to Physical address (PA) of Hypervisor! –  Software IPv4 tunnels between hypervisors –  Tunnel endpoints are PA of hypervisor –  Discriminator in tunnel header identifies tenant/ network •  GRE key in (NV) GRE tunnels (24-32 bits) •  VxLAN Network Identifier (VNI) in VxLAN (24 bits) •  Context ID in STT (64 bits)
  • 36. GRE tunnel example! GRE  Key  1   GRE  Key  2   OVS   User   1   OVS   User   1   User   1   OVS   User   OVS   User   OVS   2   1   User   2   …   …   …  
  • 37. GRE Example! Hypervisor 1! Hypervisor 2! VM   VM   VM   VM   A1   B1   A2   B2   192.168.10.55! 192.168.20.88! 192.168.10.5! 192.168.20.8! vswitch   vswitch   10.10.10.5! 10.20.20.9! 10.20.20.9! 10.10.10.5! GRE key=10! MAC A2! MAC A1! 192.168.10.5! 192.168.10.55! A1->A2! B1->B2! 10.20.20.9! 10.10.10.5! GRE key=20! MAC B2! MAC B1! 192.168.20.8! 192.168.20.88! Physical Address! Tenant L2 header! Tenant L3 header! Wire format!
  • 38. Layer 3 cloud networking! Web   DB   Web   VM   VM   VM   Web   DB     Security   Security   Group   Group   Web   Web   DB   VM   VM   VM   …   …   …   Web   Web   VM   VM  
  • 39. L3 isolation with distributed firewalls! ! Tenant 10.1.0.2 Public Public IP 1 VM 1 Internet address 65.37.141.11! 65.37.141.24! 10.1.0.1 ! Pod 1 Tenant 10.1.0.3 65.37.141.36! ! Leaf 2 VM 1 65.37.141.80! Switch ! ! Tenant 10.1.0.4 1 VM 2 L3 Core ! Pod 2 10.1.8.1 …! ! Leaf Switch 10.1.16.1 ! Load Pod 3 ! Balancer Leaf Switch … !
  • 40. Networking in the Cloud Age! SERVICES!
  • 41. Virtual Network Services! •  Provide L2-L7 network services that applications expect:! –  Load balancing, firewall, IDS, VPN, NAT, etc. •  Services are inserted in the virtual network topology! –  usually in the path to the public network •  Services are on-demand (api-driven), scalable, elastic!
  • 42. Virtual Network Appliances! Network services are often provided by virtual appliances.! These are either commercial appliances in the virtual form factor or Linux-based networking appliances! Virtual Router! Public Network Nic! Virtual Network Nic! Control Network Nic!
  • 43. Service insertion example! Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP ! Tenant 10.1.1.2 Network address Gateway 1 VM 1 65.37.141.11! address 10.1.1.1 65.37.141.36 ! Tenant 1 ! Tenant 10.1.1.3 Edge 1 VM 2 Services ! Appliance(s) NAT! Internet! ! Tenant 10.1.1.4 DHCP! 1 VM 3 FW ! Tenant 10.1.1.5 1 VM 4
  • 44. Service insertion with VLAN ! Trunks! Trunks! Trunks! Tena nt  1   Tena nt  1   Tena nt  1   Tena Tena nt  2   Rout nt  1   er   VM  1   …   Public VLAN! Public VLAN! Public VLAN! Rout er   VM  2  
  • 45. Network Services! Network Services! •  L2 connectivity! •  IPAM! •  DNS! •  Routing! •  ACL! •  Firewall! •  NAT! •  VPN! •  LB! •  IDS! •  IPS! !
  • 46. Network Services! Network Service Services! Providers! •  L2 ü  Virtual connectivity! appliances! •  IPAM! ü  Hardware •  DNS! firewalls! •  Routing! ü  LB •  ACL! appliances! •  Firewall! ü  SDN •  NAT! controllers! •  VPN! ü  IDS /IPS •  LB! appliances! •  IDS! ü  VRF! •  IPS! ü  Hypervisor! !
  • 47. Network Services! Network Service Network Services! Providers! Isolation! •  L2 ü  Virtual •  No connectivity! appliances! •  IPAM! isolation! ü  Hardware •  DNS! firewalls! •  VLAN •  Routing! ü  LB isolation! •  ACL! appliances! •  Firewall! ü  SDN •  Overlays! •  NAT! controllers! •  L3 •  VPN! ü  IDS /IPS isolation! •  LB! appliances! •  IDS! ü  VRF! •  IPS! ü  Hypervisor! !
  • 48. Service Catalog! •  Cloud users are not exposed to the nature of the service provider! •  Cloud operator designs a service catalog and offers them to end users.! –  Gold = {LB + FW, using virtual appliances} –  Platinum = {LB + FW + VPN, using hardware appliances} –  Silver = {FW using virtual appliances, 10Mbps}
  • 49. End-user experience! •  Deploy a VM in a network! –  VM Template = Windows 2008 with Joomla on VMWare! –  Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM! –  Disk Offering {Super fast}! –  Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps Internet access!
  • 50. End-user experience! •  Deploy a VM in a network! –  VM Template = Windows 2008 with Joomla on VMWare –  Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM –  Disk Offering {Super fast} –  Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps Internet access •  Network Offering Gold is realized by! –  VLAN isolation –  Source NAT & FW on Juniper SRX –  LB on F5 BigIp –  DHCP, DNS on virtual appliance
  • 51. End-user experience! •  CloudStack orchestration:! –  Pick a free VLAN, pick a free public IP, free private IP –  Pick hypervisor with spare capacity –  Pick primary storage of SSD type accessible in hypervisor cluster –  Pick a Juniper SRX and F5 with spare capacity –  Spin up a new virtual appliance if necessary that runs DHCP and DNS service •  Pick hypervisor, call hypervisor APIs to provision virtual appliance on selected VLAN –  Call hypervisor APIs to provision VM on selected VLAN –  Call SRX and F5 APIs to place their internal interfaces on the VLAN, public interfaces on public VLAN –  Call SRX API to provision source NAT, default FW rules
  • 52. Network services with VLANs! Tenant 1 Virtual Network 10.1.1.0/24 ! Tenant 10.1.1.2 Gateway 1 VM 1 address 10.1.1.1 ! Tenant 10.1.1.3 1 VM 2 Internet! ! Tenant 10.1.1.4 1 VM 3 ! Tenant 10.1.1.5 1 VM 4
  • 53. Network virtualization with VLANs! Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP ! Tenant 10.1.1.2 Network address Gateway 1 VM 1 65.37.141.11! address 10.1.1.1 65.37.141.36 ! Tenant 1 ! Tenant 10.1.1.3 Edge 1 VM 2 Services Interne ! Appliance(s) NAT! ! Tenant t! DHCP! 1 VM 3 10.1.1.4 FW ! Tenant 10.1.1.5 1 VM 4
  • 54. Network virtualization with VLANs! Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP ! Tenant 10.1.1.2 Network address Gateway 1 VM 1 65.37.141.11! address 10.1.1.1 65.37.141.36 ! Tenant 1 ! Tenant 10.1.1.3 Edge 1 ! Tenant 1 VM 2 Edge Services Services Appliance(s) NAT! ! ! Appliance(s) Internet! ! Tenant 10.1.1.4 DHCP! 1 VM 3 FW Load Balancing! ! VPN Tenant 10.1.1.5 1 VM 4
  • 55. Service insertion with VLANs! Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP ! Tenant 10.1.1.2 Network address Gateway 1 VM 1 65.37.141.11! address 10.1.1.1 65.37.141.36 ! Tenant 1 ! Tenant 10.1.1.3 Edge 1 ! Tenant 1 VM 2 Edge Services Services Appliance(s) NAT! ! ! Internet! Appliance(s) ! Tenant 10.1.1.4 DHCP! 1 VM 3 FW Load Balancing! ! Tenant 10.1.1.5 1 VM 4 Tenant 2 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.24! Gateway address Tenant 2 VM 1 ! 10.1.1.2 65.37.141.80 10.1.1.1 ! Tenant 2 ! Tenant 10.1.1.3 Edge 2 VM 2 ! Services Appliance VPN! NAT! DHCP Tenant 2 VM 3 ! 10.1.1.4
  • 56. Scaling services with VLANs! Scale out edge services using virtual appliances! 10.1.1.0/24! VLAN 100 VM 1! 10.1.1. 2 65.37.141.1 10.1.1.1 11! CS! 65.37.141.1 Virtual VM 2! 12 Router! 10.1.1. 3 DHCP, DNS! NAT! Load 10.1.1.4 VM 3! Balancing! VPN VM 4! 10.1.1.5
  • 57. Scaling services with VLANs! Scale out edge services using virtual appliances! Scale up using hardware devices! 10.1.1.0/24! 10.1.1.0/24! VLAN 100 VLAN 100 VM 1! 65.37.141.11 10.1.1.1 10.1.1.2 VM 1! 10.1.1. 1 Juniper 2 SRX! 65.37.141.1 10.1.1.1 11! CS! Firewall! NAT, 65.37.141.1 Virtual VM 2! VPN! VM 2! 10.1.1. 10.1.1.3 12 Router! 3 65.37.141.11 10.1.1.112 DHCP, DNS! 2 Netscaler! NAT! Load Load 10.1.1.4 VM 3! VM 3! Balancer! 10.1.1.4 Balancing! VPN VM 4! VM 4! 10.1.1.5 10.1.1. 5 CS! DHCP, Virtual Router! DNS!
  • 58. Multi-tier virtual networking! Internet! ! Loadbalancer Virtual appliance/! Hardware Devices! (virtual or HW)! Network Services! •  IPAM! •  DNS! Web VM 1! •  LB [intra]! •  S-2-S VPN! •  Static Routes! Web VM •  ACLs! 2! •  NAT, PF! •  FW [ingress & egress]! Web VM 3! Web VM 4! Web subnet ! 10.1.1.0/24! VLAN 101
  • 59. Multi-tier virtual networking! Internet! ! Loadbalancer Virtual appliance/! Hardware Devices! (virtual or HW)! Network Services! App VM •  IPAM! 1! •  DNS! Web VM 1! •  LB [intra]! •  S-2-S VPN! App VM •  Static Routes! Web VM 2! VLAN 2724 •  ACLs! 2! •  NAT, PF! •  FW [ingress & egress]! VLAN 353 Web VM DB VM •  BGP! 3! 1! Web VM 4! Web subnet ! App subnet DB Subnet! 10.1.1.0/24! VLAN 101 10.1.2.0/24! 10.1.3.0/24!
  • 60. Multi-tier virtual networking! Internet! IPSec or SSL site-to-site VPN! ! Custome Loadbalancer Virtual appliance/! r! Hardware Devices! (virtual or HW)! Premises! MPLS VLAN! Network Services! App VM •  IPAM! 1! •  DNS! Web VM 1! •  LB [intra]! •  S-2-S VPN! App VM •  Static Routes! Web VM 2! VLAN 2724 •  ACLs! 2! •  NAT, PF! •  FW [ingress & egress]! VLAN 353 Web VM DB VM •  BGP! 3! 1! Web VM 4! Web subnet ! App subnet DB Subnet! 10.1.1.0/24! VLAN 101 10.1.2.0/24! 10.1.3.0/24!
  • 61. Multi-tier networking with Overlay! Internet! IPSec or SSL site-to-site VPN! Loadbalancer ! Custome (virtual Virtual Router! r! Premises! appliance)! MPLS VLAN! Network Services! App VM •  IPAM! Web VM 1! •  DNS! 1! •  LB [intra]! App VM •  S-2-S VPN! 2! •  Static Routes! Web VM GRE Key 2724 2! •  ACLs! •  NAT, PF! •  FW [ingress & egress]! Web VM GRE Key 353 DB VM •  BGP! 3! 1! Web VM 4! Web subnet ! App subnet DB Subnet! 10.1.1.0/24! GRE Key 101 10.1.2.0/24! 10.1.3.0/24!
  • 62. Multi-tier networking with Overlay! Internet! Loadbalancer vswitches! (virtual appliance)! App VM 1! Web VM 1! App VM Web VM 2! GRE Key 2724 2! Web VM GRE Key 353 DB VM 3! 1! Web VM 4! Web subnet ! App subnet DB Subnet! 10.1.1.0/24! GRE Key 101 10.1.2.0/24! 10.1.3.0/24!
  • 63. Networking in the Cloud Age! LAYER 3 ISOLATION!
  • 64. Layer 3 cloud networking! Web DB Web VM! VM! VM! Web! DB ! Security Security Group! Group! Web Web DB VM! VM! VM! …! …! …! Web Web VM! VM! Ingress Rule: Allow VMs in Web Security Group access to VMs in DB Security Group on Port 33
  • 65. L3 isolation with distributed firewalls! ! Tenant 10.1.0.2 Public Public IP 1 VM 1 Internet address 65.37.141.11! 65.37.141.24! 10.1.0.1 ! Pod 1 Tenant 10.1.0.3 65.37.141.36! ! Leaf 2 VM 1 65.37.141.80! Switch ! ! Tenant 10.1.0.4 1 VM 2 L3 Core ! Pod 2 10.1.8.1 …! ! Leaf Switch 10.1.16.1 ! Load Pod 3 ! Balancer Leaf Switch … !
  • 66. L3 isolation with distributed firewalls! ! Tenant 10.1.0.2 Public Public IP 1 VM 1 Internet address 65.37.141.11! 65.37.141.24! 10.1.0.1 ! Pod 1 Tenant 10.1.0.3 65.37.141.36! ! Leaf 2 VM 1 65.37.141.80! Switch ! ! Tenant 10.1.0.4 1 VM 2 L3 Core ! Pod 2 10.1.8.1 …! ! Leaf Switch 10.1.16.1 ! Load Pod 3 ! Balancer Leaf Switch … ! Tenant 1 VM 3 ! 10.1.16.47 ! Tenant 10.1.16.85 1 VM 4
  • 67. L3 isolation with distributed firewalls! ! Tenant 10.1.0.2 Public Public IP 1 VM 1 Internet address 65.37.141.11! 65.37.141.24! 10.1.0.1 ! Pod 1 Tenant 10.1.0.3 65.37.141.36! ! Leaf 2 VM 1 65.37.141.80! Switch ! ! Tenant 10.1.0.4 1 VM 2 L3 Core ! Pod 2 10.1.8.1 …! ! Leaf Switch ! Tenant 10.1.16.12 10.1.16.1 2 VM 2 ! Load Pod 3 ! Balancer Leaf ! Switch Tenant 2 VM 3 10.1.16.21 … ! Tenant 1 VM 3 ! 10.1.16.47 ! Tenant 10.1.16.85 1 VM 4
  • 68. 1 Firewall per Virtual Machine
  • 69. A Million Firewalls?! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! VM! VM! …! VM! VM! …! VM! VM! …! …! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! VM! …! …! VM! VM! …! …! VM! VM! …! VM! VM! VM! VM! VM! VM! VM! VM!
  • 70. Networking in the Cloud Age! SOFTWARE DEFINED NETWORKING!
  • 71. Definition! •  Separation of Control Plane from the hardware performing the forwarding function! •  Control plane is logically centralized!
  • 72. SDN Advantages! •  Centralized control makes it easier to configure, troubleshoot and maintain •  Eliminates ‘box’ mode of configuration •  Enables control at a high level
  • 73. Related to SDN! •  API layer over a collection of ‘boxes’! –  API layer communicates with boxes using box-level APIs / ssh / telnet •  OpenFlow! –  Standard protocol for the centralized control plane to talk to the forwarding elements. •  Tunnels / overlays! –  SDN is valuable for virtual topologies –  Initial target of SDN implementation
  • 74. Centralized control plane! Admin/User  API   Controller  Cluster   MySQL/NoSQL   Openflow/ssh/netconf/other! Boxes!
  • 75. SDN problems! •  Discovery of virtual address -> physical address mapping! –  VxLAN = multicast –  GRE = programmed by control plane –  L3 isolation = no mapping, no discovery
  • 76. SDN problems! •  State maintenance! –  Large number of endpoints + flows –  High arrival rate of new flows –  Needs fast and scalable storage and processing
  • 77. CloudStack and SDN! Hypervisor   Hypervisor   Resource   5 4 Resource   Hyperviso Hyperviso r  Plugins   r  Plugins   Plugin   Framew 6 ork   Network   API   7 SDN   Resource   Network     API   Network   controller   OrchestraSon  Engine   Plugins   1   API   Plugins     2 8 Allocator   9 3 Storage   Plugins   Plugins   Storage   Storage   Resource   Resource   Allocator   Allocator   Plugins   Plugins   Physical Resources ! Network plugin is the glue that understands the SDN controller’s API!
  • 78. Virtual Networking "! NETWORKING IN APACHE CLOUDSTACK!
  • 79. Regions and Zones! •  A cluster of CloudStack management servers manage the physical resources of a region –  Single API endpoint per region •  Each region consists of zones •  Zones are physically proximate, but provide distinct failure domains (e.g., flood, earthquake, power) •  Zones are interconnected with high speed low latency links
  • 80. Region “West” Region “East” Geographic separation Internet Low Latency Region “South”
  • 81. Region “West” Zone “West-Beta” Zone “West-Alpha” High Speed Backbone (e.g., SONET ring) Zone “West-Delta” Zone “West-Gamma”
  • 82. Inside a zone! Admin/User  API   End  users   CloudStack  Cluster   DC  Edge   MySQL   L2/L3  core   Leaf  Sw   Hypervisor  (Xen   /VMWare/KVM)   Secondary  Storage   Primary  Storage   NFS/ISCSI/FC   Pod   Pod   Pod   Pod   Pod  
  • 83. Orchestration! •  Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware and services –  Wikipedia!
  • 84. CloudStack Architecture! Hypervisor   Hypervisor   Plugins   Plugins   Plugin   Framework   Network  Plugins   OrchestraSon  Engine   Network  Plugins   Allocator   Allocator   Plugins   Plugins   Storage  Plugins  
  • 85. CloudStack Architecture! •  XenServer   • VMWare   • KVM   • OracleVM   Hypervisor     Hypervisor   Plugins   Plugins   Plugin   Framework   Nicira   •  • Netscaler   • Brocade   Network  Plugins   OrchestraSon  Engine   Network  Plugins   idoNet   • M   Allocator   •  Random   Allocator   • User-­‐ Plugins   Plugins   concentrated   • Intel  TXT   • Affinity    
  • 86. CloudStack Architecture! Hypervisor   Hypervisor   Resource   5 4 Resource   Hyperviso Hyperviso r  Plugins   r  Plugins   Plugin   Framew 6 ork   Network   API   7 Network   Resource   Network     API   Network   Resource   OrchestraSon  Engine   Plugins   1   API   Plugins     2 8 Allocator   9 3 Storage   Plugins   Plugins   Storage   Storage   Resource   Resource   Allocator   Allocator   Plugins   Plugins   Physical Resources ! Orchestration steps can be executed in parallel or in sequence!
  • 87. Problem: Manage Configuration of! 1000s of virtual appliances (or VRF) Dozens of HW appliances Solution: Database-driven state management of appliances! Message queues + Retry Logic Idempotent updates, Recreatable virtual appliances
  • 88. Problem: Manage Configuration of! 1000s of virtual appliances (or VRF) Dozens of HW appliances Solution: Database-driven state management of appliances! Message queues + Retry Logic! Idempotent updates,! Recreatable virtual appliances! !
  • 89. Problem:! Single-tenant HW appliances! Solution:! CloudStack API layers multi-tenancy, provides abstraction! No direct access to devices!
  • 90. Problem: Hardware appliances with no APIs CLI only Limited concurrent login sessions Solution: Recommend appliances with APIs Integrate with Network Orchestrators !
  • 91. Problem: Manage the configuration of 100s of thousands of firewalls Solution: Well-known software scaling techniques •  Message queues •  Consistency tradeoffs •  Idempotent configuration & retries CloudStack uses •  special purpose queues •  optimized for large security groups •  eventual consistency for rule updates
  • 92. Problem: Firewall (iptables) rules explosion on the host firewall! Allow Security Group {Web} on TCP port 3060 ! ! -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.16.31 – j ACCEPT -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.45.112 – j ACCEPT -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.189.5 – j ACCEPT …! -A FORWARD -m tcp –p tcp –dport 3060 –src 10.21.9.77 – j ACCEPT For large security groups, performance suffers
  • 93. Problem: Firewall (iptables) rules explosion on the host firewall ! Solution:! Use ipsets: ! ipset –N web_sg iptreemap ipset –A web_sg 10.1.16.31 ipset –A web_sg 10.1.16.112 ipset –A …! web_sg 10.1.189.5 ipset –A web_sg 10.21.9.77 -A FORWARD –p tcp –m tcp –dport 3060 –m set –match-set web_sg src -j ACCEPT
  • 94. Apache CloudStack! •  Apache CloudStack! –  http://www.cloudstack.org/! –  Download it! –  Use it! –  Contribute to it! •  Citrix CloudPlatform! –  Based on Apache CloudStack! –  Commercial support!