SlideShare a Scribd company logo

Private cloud networking_cloudstack_days_austin

Chiradeep Vittal
Chiradeep Vittal

Presented at CloudStack Days Austin. How to succeed in your private cloud project by simplifying networking

Technology
1 of 27
Private  Cloud  Networking  in   Apache  CloudStack Chiradeep Vittal @chiradeep CloudStack  Days  Austin April  16  2015
Overview • Private  Cloud • Issues  in  Private  Cloud  Networking • Introduction  to  CloudStack  Networking • Basic  Zone • Advanced  Zone • Hybrid  Cloud
Private  Cloud … Datacenter CloudStack Cluster Admin/User  API App  user App  user Cloud  userx Elasticity x Pay-­‐as-­‐you-­‐go ✓Self  Service ✓Resource  sharing ✓Network  access
Private  Cloud  &  your  pets … Datacenter Legacy Cloud
Friction  in  Private  Cloud • Co-­‐existence  with  legacy  infrastructure  and   operations   • Compute,  network  and  storage  still  silo’ed. • Lack  of  DevOps mentality
Friction  in  networking • DNS  and  IPAM  automation • Security  policy  automation • Switch  /  VLAN  configuration • Infrastructure  optimized  for  N-­‐S  traffic • Integration  with  middle  boxes – Load  Balancers – NAT – IDS
Middleboxes,  VLANS,  etc Backbone/Int ernet Core Routers Access Routers Aggregation Switches Load Balancers Top of Rack Switches … … Servers Packet Filters DNS/IPAM
CloudStack  Networking • “Batteries  included  but  removable” • Network  services: – Use  built-­‐in  providers  or – Integrate  with  external  providers  or – Mix-­‐and-­‐match • KISS  principle – Master  the  simplest  network  configuration  first
Network  Services Network   Services • L2   connectivity • IPAM • DNS • Routing • ACL • Firewall • NAT • VPN • LB Network   Isolation • No  isolation • VLAN   isolation • Overlays • L3  isolation Service Providers ü Virtual appliances ü Hardware firewalls ü LB appliances ü SDN controllers ü VRF ü Hypervisor
Basic  Zone • Basic :  reduced  network  setup • Group  Based  Policy  :  Security  Groups  is  the   means  of  policy  enforcement  /  isolation • AWS  EC2-­‐Classic  emulation • High  level  policy  configuration • Scalable implementation • Least friction  
Security  Groups • All  VMs  (instances)  launched  into  one  or  more   security  groups • Default-­‐deny firewalls • Contain  Rules that  allow selected  traffic • Example: – VMs  in  ‘Web’  Security  Group  are  allowed  to   communicate  on  TCP  port  3306  to  VMs  in  ‘DB’   Security  Group – Anybody  can  talk  to  a  ‘Web’  VM  on  port  80
Web   appserver db 8080 3306 Internet 80 All  ports  are  tcp /24 192.168.1.0/24 22 management 22 Security  Groups
Security  Groups • Create  security  groups >  create  securitygroup  name=web >  create  securitygroup  name=appserver >  create  securitygroup  name=db >  create  securitygroup  name=management • Add  rules >  authorize  securitygroupingress securitygroupname=management protocol=tcp startport=22  endport=22  usersecuritygrouplist=management >  authorize  securitygroupingress securitygroupname=management protocol=tcp startport=22  endport=22  cidrlist=192.168.0.1/24 >  authorize  securitygroupingress securitygroupname=web protocol=tcp startport=80  endport=80  cidr=0.0.0.0/0 >  authorize  securitygroupingress securitygroupname=appserver protocol=tcp startport=8080  endport=8080  usersecuritygrouplist=web >  authorize  securitygroupingress securitygroupname=db protocol=tcp startport=3306  endport=3306  usersecuritygrouplist=appserver • Deploy  VMs > deploy  virtualmachine securitygroupnames=management,web displayname=web0001 > deploy  virtualmachine securitygroupnames=management,web displayname=web0002 > deploy  virtualmachine securitygroupnames=management,appserver displayname=app001 > deploy  virtualmachine securitygroupnames=management,db displayname=db0001
Properties  of  Security  Groups • Subnets  are  shared  between  accounts  /  VMs   in  a  security  group  may  not  share  a  subnet.
Properties  of  Security  Groups • Anti-­‐spoofing  protection. • Multiple  IP  addresses  per  VM  (single  NIC) • No  multicast  /  broadcast • Stateful firewall • More: https://cloudierthanthou.wordpress.com/2015/04/07/cloudstack-­‐basic-­‐networking-­‐deeper-­‐dive/
Scaled  out  network  for  Basic  Zone … Servers Leaf Routers Spine Routers Host-based firewalls and ACL Server Load Balancing Backbone/Int ernet
10.1.0.0/2 4 L3  Core Rack  1  L2   Switch Rack 24  L2   Switch 10.22.16.0/24 VM  1 10.1.0.2 VM  2 10.1.0.3 VM  3 10.1.0.99 Rack  1  Host  1 VM  4 10.1.0.43 VM  5 10.1.0.87 Rack  1  Host  8 VM  6 10.1.0.43 VM  7 10.1.0.87 Rack  24  Host  5 VM  8 10.1.0.43 10.1.0.87 Rack  24  Host  9 VM  9 VM  Placement  in  Basic  Zone
Adding  Services  to  Basic  Zone • Static  NAT  (aaS) • Load  Balancer  (aaS) • Use  Citrix  Netscaler integration  or • Run  a  PaaS on  CloudStack
Advanced  Zone • Virtual  networking  using  either – VLANs  or – Overlay • Rich  array  of  services  and  virtual  networking  providers • Out-­‐of-­‐the-­‐box  (batteries  included) – VLAN,  GRE  isolation – Virtual  Router  provides  scale  out  (per  tenant)  services  including • VPNaaS • LBaaS • FWaaS • DHCP,  DNS – Physical  Device  Integration  via  plugins • F5,  Netscaler • Juniper  SRX
Keeping  it  simple • Network  Offerings   – Catalog  of  potential  virtual  network  designs – Created  by  operator • Simplest  network  offering  :“Shared  Network” – Only  services  offered  are • DNS,  DHCP • User  data,  password  change – VLAN-­‐based  virtual  networks – Inter-­‐network  routing  using  static  routing  in  TOR
Service  insertion  with  VLANs 10.1.1.5 Tenant 2 VM 2 Tenant 2 VM 3 Tenant 2 VM 1 Tenant 2 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 VPN NAT DHCP 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 2 Edge Services Appliance Public IP address 65.37.141.24 65.37.141.80 Internet / rest of DC Tenant 1 VM 4 Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 “Public Network” Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 NAT DHCP FW Public IP address 65.37.141.11 65.37.141.36 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 1 Edge Services Appliance(s) Tenant 1 Edge Services Appliance(s) Load Balancing Public  IPs  can  be  RFC1918 Virtual Router
Device  Integration 10.1.1.0/24 VLAN 100 DHCP, DNS CS Virtual Router 10.1.1.11265.37.141.112 10.1.1.2 VM 1 10.1.1.3 VM 2 10.1.1.4 VM 3 10.1.1. 5 VM 4 Netscaler Load Balancer 10.1.1.165.37.141.111 Juniper SRX Firewall NAT, VPN
Multi-­‐tier  virtual  networking VLAN2724 DB VM 1 Web VM 1 Web VM 3 Web VM 2 VLAN101 App VM 1 App VM 2 VLAN398Virtual Router Internet / Rest of DC Remote DC IPSec VPN Integration VLANLoadbalancer   (HW  or   Virtual) Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress]
Virtual  networking  with  overlays GREKEY2724 DB VM 1 Web VM 1 Web VM 3 Web VM 2 GREKEY101 App VM 1 App VM 2 GREKEY398VR + vSwitches Internet / Rest of DC Remote DC IPSec VPN Private GatewayLoadbalancer   (Virtual) Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress]
SDN  /  Other  Overlays/Other  Devices • Plugins  available  for – Midokura – NVP – Nuage – BigSwitch – Palo  Alto • VxLAN on  KVM
Private   Cloud Your   Workload “On  prem” Public  Cloud Hybrid  Cloud  Networking • AWS  VPN  Gateway • AWS  Direct  Connect • Google  Carrier  Interconnect • GCE  VPN • Azure  ExpressRoute • Azure  VPN • Citrix  CloudBridge Your  router
Wrap-­‐up • Private  Cloud  :  Keep  it  simple • Choose  Basic  Zone  for – Simplicity – Low  friction – Scale – Cost • Choose  Advanced  Zone  for – vSphere – Multiple  NICs – IPv6 – Control  over  IP  addressing – Device  integration • Start  with  simplest  network  offering  with  Advanced  Zone

Recommended

Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13Chiradeep Vittal
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribibuildacloud
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 
Neutron scaling
Neutron scalingNeutron scaling
Neutron scalingVinay Bannai
 
Neutron scale
Neutron scaleNeutron scale
Neutron scaleJustin Hammond
 
OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise Cisco Canada
 

Recommended

Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13Chiradeep Vittal
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribibuildacloud
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 
Neutron scaling
Neutron scalingNeutron scaling
Neutron scalingVinay Bannai
 
Neutron scale
Neutron scaleNeutron scale
Neutron scaleJustin Hammond
 
OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise Cisco Canada
 
Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack NetworkingShapeBlue
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
CloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack - Open Source Cloud Computing Project
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftDaniel Krook
 
Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Keith Tobin
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack openstackcisco
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Cloud Native Day Tel Aviv
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle ShapeBlue
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Apache Kafka Security
Apache Kafka Security Apache Kafka Security
Apache Kafka Security DataWorks Summit/Hadoop Summit
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDNinakipascual
 
High Availability for OpenStack
High Availability for OpenStackHigh Availability for OpenStack
High Availability for OpenStackKamesh Pemmaraju
 
OpenStack HA
OpenStack HAOpenStack HA
OpenStack HAKenneth Hui
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...Cloud Native Day Tel Aviv
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupShapeBlue
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Networks
 
Guaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike TutkowskiGuaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike Tutkowskibuildacloud
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure ServicesBizTalk360
 

More Related Content

What's hot

Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack NetworkingShapeBlue
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftDaniel Krook
 
Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Keith Tobin
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack openstackcisco
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Cloud Native Day Tel Aviv
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle ShapeBlue
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDNinakipascual
 
High Availability for OpenStack
High Availability for OpenStackHigh Availability for OpenStack
High Availability for OpenStackKamesh Pemmaraju
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...Cloud Native Day Tel Aviv
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupShapeBlue
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Networks
 
Guaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike TutkowskiGuaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike Tutkowskibuildacloud
 

What's hot (20)

Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack Networking
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
CloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community works
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
 
Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with Romana
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a Microservice
 
Apache Kafka Security
Apache Kafka Security Apache Kafka Security
Apache Kafka Security
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDN
 
High Availability for OpenStack
High Availability for OpenStackHigh Availability for OpenStack
High Availability for OpenStack
 
OpenStack HA
OpenStack HAOpenStack HA
OpenStack HA
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack
 
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User Group
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 Overview
 
Guaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike TutkowskiGuaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike Tutkowski
 

Similar to Private cloud networking_cloudstack_days_austin

DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure ServicesBizTalk360
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master classCitrix
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Docker 1.12 networking deep dive
Docker 1.12 networking deep diveDocker 1.12 networking deep dive
Docker 1.12 networking deep diveMadhu Venugopal
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailPriti Desai
 
cyfuture-dc-services
cyfuture-dc-services cyfuture-dc-services
cyfuture-dc-services Vishal Yadav
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...Guillaume Morini
 
eMagic-Data Center Management System
eMagic-Data Center Management SystemeMagic-Data Center Management System
eMagic-Data Center Management SystemSandesh Sonar
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014Amazon Web Services
 

Similar to Private cloud networking_cloudstack_days_austin (20)

DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master class
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overview
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
Citrix Day 2015 Net Scaler Release 10.5 Update v10
Citrix Day 2015 Net Scaler Release 10.5 Update v10Citrix Day 2015 Net Scaler Release 10.5 Update v10
Citrix Day 2015 Net Scaler Release 10.5 Update v10
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
 
Docker 1.12 networking deep dive
Docker 1.12 networking deep diveDocker 1.12 networking deep dive
Docker 1.12 networking deep dive
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
 
cyfuture-dc-services
cyfuture-dc-services cyfuture-dc-services
cyfuture-dc-services
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
 
eMagic-Data Center Management System
eMagic-Data Center Management SystemeMagic-Data Center Management System
eMagic-Data Center Management System
 
State of the OpenDaylight Union
State of the OpenDaylight UnionState of the OpenDaylight Union
State of the OpenDaylight Union
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
 

More from Chiradeep Vittal

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackChiradeep Vittal
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackChiradeep Vittal
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)Chiradeep Vittal
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopChiradeep Vittal
 
Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Chiradeep Vittal
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)Chiradeep Vittal
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Chiradeep Vittal
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 

More from Chiradeep Vittal (12)

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro services
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStack
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStack
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache Hadoop
 
Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStack
 
CloudStack + SDN
CloudStack + SDNCloudStack + SDN
CloudStack + SDN
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Private cloud networking_cloudstack_days_austin

  • 1. Private  Cloud  Networking  in   Apache  CloudStack Chiradeep Vittal @chiradeep CloudStack  Days  Austin April  16  2015
  • 2. Overview • Private  Cloud • Issues  in  Private  Cloud  Networking • Introduction  to  CloudStack  Networking • Basic  Zone • Advanced  Zone • Hybrid  Cloud
  • 3. Private  Cloud … Datacenter CloudStack Cluster Admin/User  API App  user App  user Cloud  userx Elasticity x Pay-­‐as-­‐you-­‐go ✓Self  Service ✓Resource  sharing ✓Network  access
  • 4. Private  Cloud  &  your  pets … Datacenter Legacy Cloud
  • 5. Friction  in  Private  Cloud • Co-­‐existence  with  legacy  infrastructure  and   operations   • Compute,  network  and  storage  still  silo’ed. • Lack  of  DevOps mentality
  • 6. Friction  in  networking • DNS  and  IPAM  automation • Security  policy  automation • Switch  /  VLAN  configuration • Infrastructure  optimized  for  N-­‐S  traffic • Integration  with  middle  boxes – Load  Balancers – NAT – IDS
  • 7. Middleboxes,  VLANS,  etc Backbone/Int ernet Core Routers Access Routers Aggregation Switches Load Balancers Top of Rack Switches … … Servers Packet Filters DNS/IPAM
  • 8. CloudStack  Networking • “Batteries  included  but  removable” • Network  services: – Use  built-­‐in  providers  or – Integrate  with  external  providers  or – Mix-­‐and-­‐match • KISS  principle – Master  the  simplest  network  configuration  first
  • 9. Network  Services Network   Services • L2   connectivity • IPAM • DNS • Routing • ACL • Firewall • NAT • VPN • LB Network   Isolation • No  isolation • VLAN   isolation • Overlays • L3  isolation Service Providers ü Virtual appliances ü Hardware firewalls ü LB appliances ü SDN controllers ü VRF ü Hypervisor
  • 10. Basic  Zone • Basic :  reduced  network  setup • Group  Based  Policy  :  Security  Groups  is  the   means  of  policy  enforcement  /  isolation • AWS  EC2-­‐Classic  emulation • High  level  policy  configuration • Scalable implementation • Least friction  
  • 11. Security  Groups • All  VMs  (instances)  launched  into  one  or  more   security  groups • Default-­‐deny firewalls • Contain  Rules that  allow selected  traffic • Example: – VMs  in  ‘Web’  Security  Group  are  allowed  to   communicate  on  TCP  port  3306  to  VMs  in  ‘DB’   Security  Group – Anybody  can  talk  to  a  ‘Web’  VM  on  port  80
  • 12. Web   appserver db 8080 3306 Internet 80 All  ports  are  tcp /24 192.168.1.0/24 22 management 22 Security  Groups
  • 13. Security  Groups • Create  security  groups >  create  securitygroup  name=web >  create  securitygroup  name=appserver >  create  securitygroup  name=db >  create  securitygroup  name=management • Add  rules >  authorize  securitygroupingress securitygroupname=management protocol=tcp startport=22  endport=22  usersecuritygrouplist=management >  authorize  securitygroupingress securitygroupname=management protocol=tcp startport=22  endport=22  cidrlist=192.168.0.1/24 >  authorize  securitygroupingress securitygroupname=web protocol=tcp startport=80  endport=80  cidr=0.0.0.0/0 >  authorize  securitygroupingress securitygroupname=appserver protocol=tcp startport=8080  endport=8080  usersecuritygrouplist=web >  authorize  securitygroupingress securitygroupname=db protocol=tcp startport=3306  endport=3306  usersecuritygrouplist=appserver • Deploy  VMs > deploy  virtualmachine securitygroupnames=management,web displayname=web0001 > deploy  virtualmachine securitygroupnames=management,web displayname=web0002 > deploy  virtualmachine securitygroupnames=management,appserver displayname=app001 > deploy  virtualmachine securitygroupnames=management,db displayname=db0001
  • 14. Properties  of  Security  Groups • Subnets  are  shared  between  accounts  /  VMs   in  a  security  group  may  not  share  a  subnet.
  • 15. Properties  of  Security  Groups • Anti-­‐spoofing  protection. • Multiple  IP  addresses  per  VM  (single  NIC) • No  multicast  /  broadcast • Stateful firewall • More: https://cloudierthanthou.wordpress.com/2015/04/07/cloudstack-­‐basic-­‐networking-­‐deeper-­‐dive/
  • 16. Scaled  out  network  for  Basic  Zone … Servers Leaf Routers Spine Routers Host-based firewalls and ACL Server Load Balancing Backbone/Int ernet
  • 17. 10.1.0.0/2 4 L3  Core Rack  1  L2   Switch Rack 24  L2   Switch 10.22.16.0/24 VM  1 10.1.0.2 VM  2 10.1.0.3 VM  3 10.1.0.99 Rack  1  Host  1 VM  4 10.1.0.43 VM  5 10.1.0.87 Rack  1  Host  8 VM  6 10.1.0.43 VM  7 10.1.0.87 Rack  24  Host  5 VM  8 10.1.0.43 10.1.0.87 Rack  24  Host  9 VM  9 VM  Placement  in  Basic  Zone
  • 18. Adding  Services  to  Basic  Zone • Static  NAT  (aaS) • Load  Balancer  (aaS) • Use  Citrix  Netscaler integration  or • Run  a  PaaS on  CloudStack
  • 19. Advanced  Zone • Virtual  networking  using  either – VLANs  or – Overlay • Rich  array  of  services  and  virtual  networking  providers • Out-­‐of-­‐the-­‐box  (batteries  included) – VLAN,  GRE  isolation – Virtual  Router  provides  scale  out  (per  tenant)  services  including • VPNaaS • LBaaS • FWaaS • DHCP,  DNS – Physical  Device  Integration  via  plugins • F5,  Netscaler • Juniper  SRX
  • 20. Keeping  it  simple • Network  Offerings   – Catalog  of  potential  virtual  network  designs – Created  by  operator • Simplest  network  offering  :“Shared  Network” – Only  services  offered  are • DNS,  DHCP • User  data,  password  change – VLAN-­‐based  virtual  networks – Inter-­‐network  routing  using  static  routing  in  TOR
  • 21. Service  insertion  with  VLANs 10.1.1.5 Tenant 2 VM 2 Tenant 2 VM 3 Tenant 2 VM 1 Tenant 2 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 VPN NAT DHCP 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 2 Edge Services Appliance Public IP address 65.37.141.24 65.37.141.80 Internet / rest of DC Tenant 1 VM 4 Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 “Public Network” Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 NAT DHCP FW Public IP address 65.37.141.11 65.37.141.36 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 1 Edge Services Appliance(s) Tenant 1 Edge Services Appliance(s) Load Balancing Public  IPs  can  be  RFC1918 Virtual Router
  • 22. Device  Integration 10.1.1.0/24 VLAN 100 DHCP, DNS CS Virtual Router 10.1.1.11265.37.141.112 10.1.1.2 VM 1 10.1.1.3 VM 2 10.1.1.4 VM 3 10.1.1. 5 VM 4 Netscaler Load Balancer 10.1.1.165.37.141.111 Juniper SRX Firewall NAT, VPN
  • 23. Multi-­‐tier  virtual  networking VLAN2724 DB VM 1 Web VM 1 Web VM 3 Web VM 2 VLAN101 App VM 1 App VM 2 VLAN398Virtual Router Internet / Rest of DC Remote DC IPSec VPN Integration VLANLoadbalancer   (HW  or   Virtual) Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress]
  • 24. Virtual  networking  with  overlays GREKEY2724 DB VM 1 Web VM 1 Web VM 3 Web VM 2 GREKEY101 App VM 1 App VM 2 GREKEY398VR + vSwitches Internet / Rest of DC Remote DC IPSec VPN Private GatewayLoadbalancer   (Virtual) Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress]
  • 25. SDN  /  Other  Overlays/Other  Devices • Plugins  available  for – Midokura – NVP – Nuage – BigSwitch – Palo  Alto • VxLAN on  KVM
  • 26. Private   Cloud Your   Workload “On  prem” Public  Cloud Hybrid  Cloud  Networking • AWS  VPN  Gateway • AWS  Direct  Connect • Google  Carrier  Interconnect • GCE  VPN • Azure  ExpressRoute • Azure  VPN • Citrix  CloudBridge Your  router
  • 27. Wrap-­‐up • Private  Cloud  :  Keep  it  simple • Choose  Basic  Zone  for – Simplicity – Low  friction – Scale – Cost • Choose  Advanced  Zone  for – vSphere – Multiple  NICs – IPv6 – Control  over  IP  addressing – Device  integration • Start  with  simplest  network  offering  with  Advanced  Zone