MidoNet:

Network Virtualization & Policies Open Networking Summit

Hot Startups Session

March 4th, 2014

Presenter: Daniel Conde, Director of Products

3/10/2014 © 2014 Midokura 1

How we are different

• Overlay Networks

– OpenFlow did not scale. We can do better

– Working with virtual and physical networks

• Networks will be consumed by application

owners

– Policy becomes the most important thing

3/10/2014 © 2014 Midokura 2

About the company

• Pioneer in network virtualization – provides

software for networking using overlay approach

• Staff from Amazon, Cisco, Google and VMware

3/10/2014 © 2014 Midokura 3

About the company

• Received $17mm in Series-A in April 2013

• Named by CRN as among among the 10 coolest virtualization startups in the world and in the top 10 networking stories of 2013

Tech Alliance Partners

3/10/2014 © 2014 Midokura 4

About the company

• Adopted by service providers as well as enterprise customers

• Significant contributor to the OpenStack Networking (Neutron)

• SDN vendor to be certified for Red Hat Enterprise Linux OpenStack platform

• Member of the OpenDayLight Project

• Technical partnerships with network switch vendors, software companies and solution providers

3/10/2014 © 2014 Midokura 5

451 Research

• “Midokura’s distributed architecture is elegant and appears to be making strides in early adopter markets for SDN and virtual networking”

3/10/2014 © 2014 Midokura 6

About me

• Midokura – network virtualization

• Google gGRC at Reciprocity Labs – compliance system

• VMware – compute virtualization

• Rendition Networks (now HP) – Network Configuration

• NetIQ - Systems Management

• Microsoft – Windows OS, UI

• DEC – Multiprocessor UNIX (TCP, file systems)

• Xerox – Distributed Systems, dev environments

3/10/2014 © 2014 Midokura 7

MidoNet Customer Adoption

• Large scale cloud service providers:

– OpenFlow did not scale

– Overcome VLAN limits and get > 4096 tenants

– Reduce OpEx for network management

– Reduce CapEx for network device

– OpenStack based

– Tenants configure and use application template

3/10/2014 © 2014 Midokura 8

What problems did they have

• Need way to access physical network

resources

• Need info on troubleshooting from the

physical network

• Need physical network to protect their SLA

3/10/2014 © 2014 Midokura 9

History: Evolution of SDN

• Control & data separation – Tempest in 1998

– Logically centralized control system

• Languages for SDN – Frenetic in 2011

– Goal is to raise the level of abstraction

3/10/2014 © 2014 Midokura 10

How to get across chasm

• Pushing off – Pain points to address,

such as Cloud providers hitting limits on VLANs (4096 max), agility, isolate network configs to TOR and below, self-provision

• Pulling yourself – Application driven Policy &

abstractions, Physical & Virtual control

3/10/2014 © 2014 Midokura 11

General Trend

1. Virtualize resources – be logical, not

physical

2. Automate control of network

3. Abstractions drive clients of networks

• Need more progress adopt these great ideas

3/10/2014 © 2014 Midokura 12

“Virtualized” net: Hop by hop device

emulation

3/10/2014 © 2014 Midokura 13

router

switch

router

Network Simulation & overlays

3/10/2014 © 2014 Midokura 14

Simple IP Underlay

Simulation

MidoNet solution

3/10/2014 © 2014 Midokura 15

FUTURE APPROACHES

Physical and Virtual Network management and Application Centric

Policy networking

3/10/2014 © 2014 Midokura 16

Problem

Tenant 1 Tenant 2 Tenant-N

3/10/2014 © 2014 Midokura 17

Infrastructure-spanning Network

Realities

• Need to address existing

hardware and tools

• Value is in providing

agility and flexibility of a

overlay (virt) network,

and using the

capabilities of the

underlay (phys) network

3/10/2014 © 2014 Midokura 18

Can the overlay ignore the underlay?

• Can I truly deploy an underlay net, leave it

alone and contain all the changes and

management in the overlay?

• Is a simple IP bus enough?

3/10/2014 © 2014 Midokura 19

EXAMPLE 1: VXLAN TUNNEL

ENDPOINT

Virtualized and physical networks co-existing happily together

3/10/2014 © 2014 Midokura 20

VTEP

3/10/2014 © 2014 Midokura 21

10.0.1.

3

NAT

Midonet

Host

VM

119.15.112.13

7 172.16.77.48

10.0.1.5

Cumulus

Linux

Switch

Management Net

“Across the

Atlantic”

OSGi

Console

Configuration

Requests

EXAMPLE 2: POLICY AND NETWORKS

AWS has shown that infrastructure will be consumed by application

owners and designers. They think in terms of policy, not IP addresses

and ACLs

3/10/2014 © 2014 Midokura 22

Policy the old way

switch(config)# mac access-list acl-mac-01

switch(config-mac-acl)#

switch(config-mac-acl)# permit

00c0.4f00.0000 0000.00ff.ffff any

3/10/2014 © 2014 Midokura 23

Group Policy - Basics

3/10/2014 © 2014 Midokura 24

Connectivity

Group

Of App Servers

App Policies

Application Policy Model

3/10/2014 © 2014 Midokura 25

Group

Of DB

Servers

Group

Of App

Servers

Group of

Load

Balancers

Policy

Group Policies for 3-tier app

3/10/2014 © 2014 Midokura 26

What the SDN controller does

• Controller is sending policy info instead of

network flow info

• Policy abstractions are templates that are

applied to the applications that are named

as a group

3/10/2014 © 2014 Midokura 27

Networks for large scale clouds

• Tenants: understand policies

• Infrastructure: understand policies and

translate it to physical network

• Network Virtualization: Maps the virtual to

physical

3/10/2014 © 2014 Midokura 28

Benefits of this approach

• Agility & OpEx savings

• Scalable for large scale clouds

• Policy templates means easy configuration

for

– Performance

– Information assurance & compliance

3/10/2014 © 2014 Midokura 29

How we are different

• Overlay Networks

– OpenFlow did not scale. We can do better

– Working with virtual and physical networks

• Networks will be consumed by application

owners

– Policy becomes the most important thing

3/10/2014 © 2014 Midokura 30

Contacting me

• Email: dconde@midokura.com

• Web: www.midokura.com

• Twitter: @danielconde or @midokura

• LinkedIn: /in/danielconde

3/10/2014 © 2014 Midokura 31

THANK YOU

Questions?

3/10/2014 © 2014 Midokura 32

Example 2: Group Policy

• How do I shield the application owner from

understanding IP Addresses, ACLs, VLAN,

load balancing,

• All they care about is that some abstraction

of policy is applied to a group of endpoints

(typically a set of virtual machines)

3/10/2014 © 2014 Midokura 33

Investors

• Innovation Network Corporation of Japan

(INCJ), NTT Investment Partners, L.P. and

NEC Group’s Venture Fund: Innovative

Ventures Fund Investment L.P., Sunbridge

Partners

3/10/2014 © 2014 Midokura 34