Upload
midokura
View
520
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Network Virtualization with MidoNet in CloudStack Presented at CloudStack Collaboration Conference, June 2013 in Santa Clara, by Yoshi Tamura and Dave Cahill
Citation preview
Network Virtualization with MidoNet in
CloudStack
YOSHI TAMURAMidokura
Jun 23, 2013
Copyright ©2012 Midokura All rights reserved
Hello CloudStack community!
2
YOSHI TAMURAProduct Manager, Midokura
Copyright ©2012 Midokura All rights reserved
Agenda
3
Midokura’s focus Challenges in IaaS Cloud Network Introduction to MidoNet MidoNet and CloudStack (Dave
Cahill)
Copyright ©2012 Midokura All rights reserved
IaaS Cloud – Elasticity and Automation
4
Photo Credit: skarpi - www.skarpi.is via Compfight cc
Copyright ©2012 Midokura All rights reserved
Midokura’s Focus
5
Photo Credit: dampoint via Compfight cc
Copyright ©2012 Midokura All rights reserved
Let’s build a network for IaaS Cloud !
6
Flat L2 network!It’s simple!
7Photo Credit: Studio Toveraap via Compfight cc
Copyright ©2012 Midokura All rights reserved
Let’s build a network for IaaS Cloud !
8
How aboutVLAN then!?
9Photo Credit: CHRISTOPHER MACSURAK via Compfight cc
Copyright ©2012 Midokura All rights reserved 10
Actually, we want L3 too…
Firewall andLoad Balancer
please!
Let’s build a network for IaaS Cloud !
11Photo Credit: CHRISTOPHER MACSURAK via Compfight
ccPhoto Credit: JBurkunkvia Compfight cc
Copyright ©2012 Midokura All rights reserved
Requirements for IaaS Cloud Network
12
Copyright ©2012 Midokura All rights reserved 13
Isolated tenant network (virtual data center)
L3 isolation (similar to VPC and VRF)
Isolated L2 networks
Redundant, optimized and fault-tolerant paths to the
Internet (e.g. via BGP)
Fault-tolerant devices and links
NAT, LB, Filtering NAT, LB, and
Firewalls L3 (and L2)
VPNs
Minimize ARP broadcasts by exploiting CMS config
RESTful API for CMS
Solid integration with leading open CMS
DHCP, DNS and other services
Requirements for IaaS Cloud Network
Copyright ©2012 Midokura All rights reserved 14Photo Credit: milos milosevic via Compfight cc
Copyright ©2012 Midokura All rights reserved
VLAN
15
4096 limit on number of unique tagsLarge spanning trees terminating on many hostsHigh churn in switch control planes due to MAC
learningNeed MLAG for L2 multi-path (vendor specific)
VLAN1
VLAN2
Copyright ©2012 Midokura All rights reserved 16
Mostly used by Carriers/Telco but too much for IaaS
Network gear could be very expensive
MPLS VPN
tag
tag
Copyright ©2012 Midokura All rights reserved 17
Not scalable to cloud scaleExpensive hardwareNot fault tolerant (HSRP?)L2 and L3 isolation. What about NAT, LB, FW?
c.f. : http://infrastructureadventures.com/tag/vrf-lite/
CoreVLAN 10VLAN11VLAN12
ProductVLAN 20VLAN21VLAN22
Sales
VLAN 99
VRF VRF VRF
VRF
18
Can we do this better?
Copyright ©2012 Midokura All rights reserved 19
VM
VMEdge
EdgeEdge
Edge Edge
Edge
Virtual network changes don't
affect underlay state
Use scalable IGP to build multi-path underlay with cheap HW
IP encapsulation provides isolation without using
VLAN
Decoupled from physical network.
Wired once
Edge-to-Edge Overlays
Overlays are the best approach!
But not sufficient...
We still need a scalable control plane.
20
Copyright ©2012 Midokura All rights reserved 21
VM
VM
DB
DB
DB
Internet
EdgeMN EdgeMN
EdgeMN
Edge
MN
Edge
MN
Edge
MN
Our solution ➡ MidoNet
Stores Virtual
NW configs
Transmits the packets
through the tunnel
Emulates the whole NW
topology at ingress