SlideShare ist ein Scribd-Unternehmen logo
1 von 44
Making a million firewalls sing
           Scalable Networking
                    in
            Apache CloudStack
              June 19 2012

             Chiradeep Vittal
Agenda
•   Who am I & what am I doing here?
•   Apache CloudStack
•   Networking modes in Apache CloudStack
•   Scaling challenges in Cloud Networking
•   Scale Up
•   Scale Out
Who
Chiradeep Vittal (@chiradeep)
  – Founding engineer @ Cloud.com (2008)
  – Architect @ Citrix Systems (2011-)
  – Maintainer @ Apache CloudStack (2012-)
  – Not a Network Ninja
Why
  – Challenges of Cloud Networking
  – Apache CloudStack
  – Real World Cloud Networking
Apache CloudStack


                                 • Secure, multi-tenant cloud
                                   orchestration platform
                                   – Turnkey platform for delivering IaaS
                                     clouds
                                   – Over 100 commercial deployments:
 Build your cloud the way the        private and public
world’s most successful clouds     – Full featured GUI, end-user API and
           are built
                                     admin API
Apache CloudStack

                                 • Open Source
                                    • Apache License
                                    • Incubating in the Apache
                                      Software Foundation since
                                      April 2012
 Build your cloud the way the
world’s most successful clouds      • Open Source since May 2010
           are built
                                 • In production since 2009
Apache CloudStack

                                 • Flexibility and scale
                                     • Hypervisor agnostic
                                     • Flexible network topologies
                                     • Multiple storage options
 Build your cloud the way the        • Proven to scale to tens of
world’s most successful clouds         thousands of hypervisors
           are built
Server Virtualization++                     Cloud
                                                        •   10x more
                                                            scaleable
                                                        •   2-5x lower
                                                            cost
                                                        •   100% more
                                                            open




 Built for traditional           Designed around big data,
 enterprise apps & client-       massive scale & next-gen apps
 server compute                  •Cloud architecture for 1000s of
 • Enterprise arch for 100s of   hosts
   hosts                         •Scale-out (multi-site server farms)
 • Scale-up (server clusters)    •Apps assume failure
 • Apps assume reliability       •Autonomic [1:1,000’s]
 • IT Mgmt-centric [1:Dozens]    •Open, value-added stack
 • Proprietary vendor stack
Network Flexibility
   Network
   Services
• L2
  connectivity
• IPAM
• DNS
• Routing
• ACL
• Firewall
• NAT
• VPN
• LB
• IDS
• IPS
Network Flexibility
   Network           Service
   Services         Providers
• L2              Virtual
  connectivity     appliances
• IPAM            Hardware
• DNS              firewalls
• Routing         LB
• ACL              appliances
• Firewall        SDN
• NAT              controllers
• VPN             IDS /IPS
• LB               appliances
• IDS             VRF
• IPS             Hypervisor
Network Flexibility
   Network           Service         Network
   Services         Providers        Isolation
• L2              Virtual       • No isolation
  connectivity     appliances
• IPAM            Hardware      • VLAN
• DNS              firewalls       isolation
• Routing         LB
• ACL              appliances
                                 • Overlays
• Firewall        SDN           • L3 isolation
• NAT              controllers
• VPN             IDS /IPS
• LB               appliances
• IDS             VRF
• IPS             Hypervisor
End-user experience
• Deploy a VM in a network
  – VM Template = Windows 2008 with Joomla on
    VMWare
  – Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8
    GB RAM
  – Disk Offering {Super fast}
  – Network Offering {Gold} = Source NAT + LB+ FW +
    20 Mbps Internet access
End-user experience
• Deploy a VM in a network
   –   VM Template = Windows 2008 with Joomla on VMWare
   –   Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM
   –   Disk Offering {Super fast}
   –   Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps
       Internet access
• Network Offering Gold is realized by
   –   VLAN isolation
   –   Source NAT & FW on Juniper SRX
   –   LB on F5 BigIp
   –   DHCP, DNS on virtual appliance
End-user experience
•   Deploy a VM in a network
     –   VM Template = Windows 2008 with Joomla on VMWare
     –   Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM
     –   Disk Offering {Super fast}
     –   Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps Internet access
•   Network Offering Gold is realized by
     –   VLAN isolation
     –   Source NAT & FW on Juniper SRX
     –   LB on F5 BigIp
     –   DHCP, DNS on virtual appliance
•   CloudStack orchestration:
     –   Pick a free VLAN, pick a free public IP, free private IP
     –   Pick hypervisor with spare capacity
     –   Pick primary storage of SSD type accessible in hypervisor cluster
     –   Pick a Juniper SRX and F5 with spare capacity
     –   Spin up a new virtual appliance if necessary that runs DHCP and DNS service
           •   Pick hypervisor, call hypervisor APIs to provision virtual appliance on selected VLAN
     –   Call hypervisor APIs to provision VM on selected VLAN
     –   Call SRX and F5 APIs to place their internal interfaces on the VLAN, public interfaces on public VLAN
     –   Call SRX API to provision source NAT, default FW rules
Networking Styles
Server Virt ++
• VLAN (or no) isolation
• Multiple service levels
• Interoperate with legacy
  networks at L2 or L3
• Legacy workloads requiring
  multicast and broadcast
• Assumes reliable
  infrastructure
• Difficult / expensive to scale
  out
• Bonding, multi-link, multi-
  path, redundant networks, STP
Networking Styles
Server Virt ++                     Cloud Style
• VLAN (or no) isolation           • L3 isolation or overlays
• Multiple service levels          • Single or few service levels
• Interoperate with legacy
  networks at L2 or L3             • Interoperate with legacy
• Legacy workloads requiring          networks using gateways or
  multicast and broadcast             at L3
• Assumes reliable                 • Workloads assume
  infrastructure                      unreliable infrastructure
• Difficult / expensive to scale
  out                              • Generally do not support
• Bonding, multi-link, multi-         multicast or broadcast
  path, redundant networks, STP    • Scales out massively
Software Defined Networking
• Built-in overlay controller (using vanilla GRE
  between Open vSwitch on hypervisor)
                        Or
• Integration hooks available
  – E.g., call SDN controller API to create logical switch
    when a network is created
  – Call SDN API when VM nic is added to a network
  – Nicira NVP, Midonet (more coming)
Physical Network
       Operations
                                                  End
       Admin and
                                                  Users
       Cloud API

                    CloudStack
                    Mgmt Server
                    Cluster                 Router
                       MySQL

                                          Edge Services         Availability Zone
                                           L3/L2 Core

  Access
   Layer
Switches


                                                              Secondary
 Servers
           …             …           …    …               …   Storage



       Pod 1         Pod 2        Pod 3            Pod N
Network virtualization with VLANs
                                  Tenant 1 Virtual Network 10.1.1.0/24

                                                      Tenant    10.1.1.2
                           Gateway address            1 VM 1
                           10.1.1.1

                                                      Tenant    10.1.1.3
                                                      1 VM 2


Internet                                              Tenant   10.1.1.4
                                                      1 VM 3


                                                      Tenant    10.1.1.5
                                                      1 VM 4
Network virtualization with VLANs
                                                       Tenant 1 Virtual Network 10.1.1.0/24

              Public    Public IP address                                  Tenant
              Network   65.37.141.11                                                 10.1.1.2
                                                Gateway address            1 VM 1
                        65.37.141.36            10.1.1.1
                                         Tenant 1                          Tenant    10.1.1.3
                                       Edge Services                       1 VM 2
                                       Appliance(s)
                                      NAT
Internet                              DHCP
                                                                           Tenant   10.1.1.4
                                                                           1 VM 3
                                      FW

                                                                           Tenant    10.1.1.5
                                                                           1 VM 4
Network virtualization with VLANs
                                                         Tenant 1 Virtual Network 10.1.1.0/24

              Public    Public IP address                                    Tenant
              Network   65.37.141.11                                                   10.1.1.2
                                                  Gateway address            1 VM 1
                        65.37.141.36              10.1.1.1
                                         Tenant 1                            Tenant    10.1.1.3
                                       Edge Tenant 1
                                            Services                         1 VM 2
                                         Edge Services
                                       Appliance(s)
                                          Appliance(s)
                                      NAT
Internet                              DHCP
                                                                             Tenant   10.1.1.4
                                                                             1 VM 3
                                      FW
                                      Load
                                      Balancing
                                      VPN                                    Tenant    10.1.1.5
                                                                             1 VM 4
Network virtualization with VLANs
                                                         Tenant 1 Virtual Network 10.1.1.0/24

              Public    Public IP address                                    Tenant
              Network   65.37.141.11                                                    10.1.1.2
                                                  Gateway address            1 VM 1
                        65.37.141.36              10.1.1.1
                                         Tenant 1                            Tenant     10.1.1.3
                                       Edge Tenant 1
                                            Services                         1 VM 2
                                         Edge Services
                                       Appliance(s)
                                          Appliance(s)
                                      NAT
Internet                              DHCP
                                                                             Tenant    10.1.1.4
                                                                             1 VM 3
                                      FW
                                      Load
                                      Balancing
                                      VPN                                    Tenant     10.1.1.5
                                                                             1 VM 4

                                                         Tenant 2 Virtual Network 10.1.1.0/24
                        Public IP address
                        65.37.141.24              Gateway address            Tenant     10.1.1.2
                        65.37.141.80              10.1.1.1                   2 VM 1


                                         Tenant 2                            Tenant     10.1.1.3
                                       Edge Services                         2 VM 2
                                        Appliance
                                      VPN
                                                                             Tenant     10.1.1.4
                                      NAT
                                                                             2 VM 3
                                      DHCP
Scaling with VLANs

  Scale out edge services using virtual appliances


                                  10.1.1.0/24
                                  VLAN 100




                                                           VM 1
                                            10.1.1.2
65.37.141.11                10.1.1.1
1                  CS
65.37.141.11     Virtual                                   VM 2
2                Router                     10.1.1.3

               DHCP, DNS
               NAT
               Load Balancing              10.1.1.4        VM 3
               VPN


                                                           VM 4
                                                10.1.1.5
Scaling with VLANs

  Scale out edge services using virtual appliances                  Scale up using hardware devices


                                  10.1.1.0/24                                                       10.1.1.0/24
                                  VLAN 100                                                          VLAN 100




                                                           VM 1   65.37.141.11              10.1.1.1         10.1.1.2    VM 1
                                            10.1.1.2
                                                                  1              Juniper
65.37.141.11                                                                       SRX
                            10.1.1.1                                                        NAT,
1                  CS                                                            Firewall
65.37.141.11     Virtual                                   VM 2                             VPN                          VM 2
                                            10.1.1.3                                                         10.1.1.3
2                Router
                                                                   65.37.141.112            10.1.1.112
               DHCP, DNS                                                        Netscaler
               NAT                                                                 Load
               Load Balancing              10.1.1.4        VM 3                                                          VM 3
                                                                                 Balancer                    10.1.1.4
               VPN


                                                           VM 4                                                          VM 4
                                                10.1.1.5                                                      10.1.1.5

                                                                                                            CS
                                                                                                   DHCP, Virtual
                                                                                                         Router
                                                                                                   DNS
Multi-tier virtual networking
                                 Internet



        Loadbalancer                          Virtual appliance/
                                              Hardware Devices
       (virtual or HW)



Network Services
• IPAM
• DNS                                Web VM
                                       1
• LB [intra]
• S-2-S VPN
• Static Routes                      Web VM
• ACLs                                 2
• NAT, PF
• FW [ingress & egress]                                    VLAN 353
                                     Web VM
• BGP                                  3


                                     Web VM
                                       4
                   Web subnet
                   10.1.1.0/24   VLAN 101
Multi-tier virtual networking
                                     Internet



            Loadbalancer                          Virtual appliance/
                                                  Hardware Devices
           (virtual or HW)
                                                                                      MPLS VLAN


Network Services
                                                                       App VM
• IPAM                                                                    1
• DNS                                    Web VM
                                           1
• LB [intra]
• S-2-S VPN                                                            App VM
• Static Routes                          Web VM                           2            VLAN 2724
• ACLs                                     2
• NAT, PF
• FW [ingress & egress]                                        VLAN 353
                                         Web VM
• BGP                                      3                                                  DB VM 1



                                         Web VM
                                           4
                       Web subnet                   App subnet                  DB Subnet
                       10.1.1.0/24   VLAN 101       10.1.2.0/24                 10.1.3.0/24
Multi-tier virtual networking
                                     Internet


                                                                         IPSec or SSL site-to-site VPN
            Loadbalancer                          Virtual appliance/                                         Customer
                                                  Hardware Devices                                           Premises
           (virtual or HW)
                                                                                          MPLS VLAN


Network Services
                                                                       App VM
• IPAM                                                                    1
• DNS                                    Web VM
                                           1
• LB [intra]
• S-2-S VPN                                                            App VM
• Static Routes                          Web VM                           2                VLAN 2724
• ACLs                                     2
• NAT, PF
• FW [ingress & egress]                                        VLAN 353
                                         Web VM
• BGP                                      3                                                       DB VM 1



                                         Web VM
                                           4
                       Web subnet                   App subnet                      DB Subnet
                       10.1.1.0/24   VLAN 101       10.1.2.0/24                     10.1.3.0/24
Problem:
Manage Configuration of
  1000s of virtual appliances (or VRF)
  Dozens of HW appliances
Problem:
Manage Configuration of
  1000s of virtual appliances (or VRF)
  Dozens of HW appliances
Solution:
Database-driven state management of appliances
   Message queues + Retry Logic
   Idempotent updates,
   Recreatable virtual appliances
Problem:
Manage Configuration of
  1000s of virtual appliances (or VRF)
  Dozens of HW appliances
Solution:
Database-driven state management of appliances
   Message queues + Retry Logic
   Idempotent updates,
   Recreatable virtual appliances


Problem:
Single-tenant HW appliances
Solution:
CloudStack API layers multi-tenancy, provides abstraction
   No direct access to devices
Problem:
Hardware appliances with no APIs
   CLI only
   Limited concurrent login sessions
Solution:
Recommend appliances with APIs
Integrate with Network Orchestrators
Problem:

4094 VLAN Limit
Layer 3 cloud networking



           Web                                 DB                                Web
           VM                                  VM                                VM
                      Web                                 DB
                    Security                            Security
                     Group                               Group
          Web                                 Web                                 DB
          VM                                  VM                                  VM

      …                                   …                                  …

          Web                                 Web
          VM                                  VM


Ingress Rule: Allow VMs in Web Security Group access to VMs in DB Security Group on Port 3306
L3 isolation with distributed firewalls
                                                                 Tenant   10.1.0.2
Public     Public IP address
                                                                 1 VM 1
Internet   65.37.141.11
           65.37.141.24
           65.37.141.36                          10.1.0.1
                                      Pod 1 L2                   Tenant   10.1.0.3
           65.37.141.80                Switch                    2 VM 1


                                                                 Tenant   10.1.0.4
                                                                 1 VM 2

                           L3 Core
                                      Pod 2 L2
                                       Switch
                                                 10.1.8.1
                                                             …

                                                 10.1.16.1
                             Load     Pod 3 L2
                           Balancer    Switch




                                       …
L3 isolation with distributed firewalls
                                                                 Tenant   10.1.0.2
Public     Public IP address
                                                                 1 VM 1
Internet   65.37.141.11
           65.37.141.24
           65.37.141.36                          10.1.0.1
                                      Pod 1 L2                   Tenant   10.1.0.3
           65.37.141.80                Switch                    2 VM 1


                                                                 Tenant   10.1.0.4
                                                                 1 VM 2

                           L3 Core
                                      Pod 2 L2
                                       Switch
                                                 10.1.8.1
                                                             …

                                                 10.1.16.1
                             Load     Pod 3 L2
                           Balancer    Switch




                                       …                         Tenant
                                                                 1 VM 3
                                                                          10.1.16.47


                                                                 Tenant
                                                                          10.1.16.85
                                                                 1 VM 4
L3 isolation with distributed firewalls
                                                                 Tenant   10.1.0.2
Public     Public IP address
                                                                 1 VM 1
Internet   65.37.141.11
           65.37.141.24
           65.37.141.36                          10.1.0.1
                                      Pod 1 L2                   Tenant   10.1.0.3
           65.37.141.80                Switch                    2 VM 1


                                                                 Tenant   10.1.0.4
                                                                 1 VM 2

                           L3 Core
                                      Pod 2 L2
                                       Switch
                                                 10.1.8.1
                                                             …
                                                                 Tenant   10.1.16.12
                                                 10.1.16.1       2 VM 2
                             Load     Pod 3 L2
                           Balancer    Switch
                                                                 Tenant
                                                                 2 VM 3   10.1.16.21



                                       …                         Tenant
                                                                 1 VM 3
                                                                          10.1.16.47


                                                                 Tenant
                                                                          10.1.16.85
                                                                 1 VM 4
1 Firewall per Virtual Machine
A Million Firewalls?
VM      VM       VM
…       …                   VM       VM
                 …          …
VM      VM                           …
                 VM         VM
VM                                   VM
        VM       VM         VM       VM
VM      VM       VM
…       …                   VM       VM
                 …          …
VM      VM                           …
                 VM         VM
VM                                   VM
        VM       VM         VM       VM
VM      VM       VM
…       …                   VM       VM
                 …          …
VM      VM                           …
                 VM         VM
VM                                   VM
        VM       VM         VM       VM
VM      VM       VM
…       …                   VM       VM
                 …          …
VM      VM                           …
                 VM         VM
VM                                   VM
        VM       VM         VM       VM
VM      VM       VM
…       …                   VM       VM
                 …          …
VM      VM                           …
                 VM         VM
VM                                   VM
        VM       VM         VM       VM
VM
…
VM
        VM
        …
        VM
                 VM
                 …
                            VM
                            …    …   VM
                                     …
                 VM         VM
VM                                   VM
        VM       VM         VM       VM
VM      VM       VM
…       …                   VM       VM
                 …          …
VM      VM                           …
                 VM         VM
VM                                   VM
        VM       VM         VM       VM
VM      VM       VM
…       …                   VM       VM
                 …          …
VM      VM                           …
                 VM         VM
VM                                   VM
        VM       VM         VM       VM
Problem:
Manage the state of 100s of thousands of firewalls
Problem:
Manage the state of 100s of thousands of firewalls


Solution:
Well-known software scaling techniques
• Message queues
• Consistency tradeoffs
• Idempotent configuration & retries
CloudStack uses
• special purpose queues
• optimized for large security groups
• eventual consistency for rule updates
Problem:
Firewall (iptables) rules explosion on the host firewall
    Allow Security Group {Web} on TCP port 3060



    -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.16.31 – j ACCEPT
    -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.45.112 – j ACCEPT
    -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.189.5 – j ACCEPT
                           …
    -A FORWARD -m tcp –p tcp –dport 3060 –src 10.21.9.77 – j ACCEPT




 For large security groups, performance suffers
Problem:
Firewall (iptables) rules explosion on the host firewall


Solution:
Use ipsets:
   ipset –N web_sg iptreemap
   ipset –A web_sg 10.1.16.31
   ipset –A web_sg 10.1.16.112
   ipset –A web_sg 10.1.189.5
           …
   ipset –A web_sg 10.21.9.77

   -A FORWARD –p tcp –m tcp –dport 3060 –m set –match-set web_sg src -j ACCEPT
Multi-tier networking with Overlay
                                 Internet


                                                                  IPSec or SSL site-to-site VPN
        Loadbalancer                                                                                  Customer
                                               Virtual Router
                                                                                                      Premises
     (virtual appliance)
                                                                                   MPLS VLAN


Network Services                                                App VM
• IPAM                               Web VM
                                                                   1
• DNS                                  1
• LB [intra]
                                                                App VM
• S-2-S VPN
                                     Web VM                        2                GRE Key 2724
• Static Routes                        2
• ACLs
• NAT, PF
• FW [ingress & egress]              Web VM               GRE Key 353
                                                                                            DB VM 1
• BGP                                  3


                                     Web VM
                                       4
                   Web subnet                  App subnet                    DB Subnet
                   10.1.1.0/24   GRE Key 101   10.1.2.0/24                   10.1.3.0/24
Multi-tier networking with Overlay
                                 Internet



                                                    vswitches
        Loadbalancer
     (virtual appliance)



Network Services                                             App VM
• IPAM                                                          1
                                     Web VM
• DNS                                  1
• LB [intra]
• S-2-S VPN                                                  App VM
                                     Web VM                     2            GRE Key 2724
• Static Routes
                                       2
• ACLs
• NAT, PF
• FW [ingress & egress]              Web VM            GRE Key 353
                                                                                    DB VM 1
• BGP                                  3


                                     Web VM
                                       4
                   Web subnet                  App subnet             DB Subnet
                   10.1.1.0/24   GRE Key 101   10.1.2.0/24            10.1.3.0/24
Check it Out
• Apache CloudStack
  – http://wiki.cloudstack.org
  – Download it
  – Use it
  – Contribute to it
• Citrix CloudPlatform
  – Based on Apache CloudStack
  – Commercial support

Weitere ähnliche Inhalte

Was ist angesagt?

2 architectural at CloudStack Developer Day
2  architectural at CloudStack Developer Day2  architectural at CloudStack Developer Day
2 architectural at CloudStack Developer DayKimihiko Kitase
 
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012The Linux Foundation
 
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 PreviewCloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 PreviewChip Childers
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationDag Sonstebo
 
CloudStack Performance Testing
CloudStack Performance TestingCloudStack Performance Testing
CloudStack Performance Testingbuildacloud
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1tcloudcomputing-tw
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Tim Mackey
 
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup   MidoNet with scalable virtual router12th Japan CloudStack User Group Meetup   MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual routerTakeshi Nakajima
 
Open stack journey from folsom to grizzly
Open stack journey from folsom to grizzlyOpen stack journey from folsom to grizzly
Open stack journey from folsom to grizzlyopenstackindia
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIJoe Brockmeier
 
Quantum - The Network Mechanics
Quantum - The Network MechanicsQuantum - The Network Mechanics
Quantum - The Network MechanicsKiran Murari
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyCharles Moulliard
 

Was ist angesagt? (20)

2 architectural at CloudStack Developer Day
2  architectural at CloudStack Developer Day2  architectural at CloudStack Developer Day
2 architectural at CloudStack Developer Day
 
CloudStack Architecture
CloudStack ArchitectureCloudStack Architecture
CloudStack Architecture
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
Virtualization in the Cloud @ Build a Cloud Day SFO May 2012
 
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 PreviewCloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
CloudStack DC Meetup - Apache CloudStack Overview and 4.1/4.2 Preview
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configuration
 
CloudStack Performance Testing
CloudStack Performance TestingCloudStack Performance Testing
CloudStack Performance Testing
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overview
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
 
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup   MidoNet with scalable virtual router12th Japan CloudStack User Group Meetup   MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
 
Open stack journey from folsom to grizzly
Open stack journey from folsom to grizzlyOpen stack journey from folsom to grizzly
Open stack journey from folsom to grizzly
 
Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UI
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
 
Xen and Apache cloudstack
Xen and Apache cloudstack  Xen and Apache cloudstack
Xen and Apache cloudstack
 
Quantum - The Network Mechanics
Quantum - The Network MechanicsQuantum - The Network Mechanics
Quantum - The Network Mechanics
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
 
iPaas with Fuse Fabric Technology
iPaas with Fuse Fabric TechnologyiPaas with Fuse Fabric Technology
iPaas with Fuse Fabric Technology
 

Ähnlich wie Scalable networking in Apache CloudStack

Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewgavin_lee
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-DayKimihiko Kitase
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittalbuildacloud
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
Directions for CloudStack Networking
Directions for CloudStack  NetworkingDirections for CloudStack  Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingBrian Bullard
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureHui Cheng
 
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackIntroduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackbuildacloud
 
Presentation citrix cloud platform for infrastructure as a service
Presentation   citrix cloud platform for infrastructure as a servicePresentation   citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a servicexKinAnx
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructurelaurabeckcahoon
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master classCitrix
 
OSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OSDC 2012 - OpenNebula: Open-source Solution for Data Center VirtualizationOSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OSDC 2012 - OpenNebula: Open-source Solution for Data Center VirtualizationOpenNebula Project
 
NephoScale Elastic Networking
NephoScale Elastic NetworkingNephoScale Elastic Networking
NephoScale Elastic NetworkingNephoScale
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestke4qqq
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
CloudOpen 2012 OpenNebula talk
CloudOpen 2012 OpenNebula talkCloudOpen 2012 OpenNebula talk
CloudOpen 2012 OpenNebula talkOpenNebula Project
 

Ähnlich wie Scalable networking in Apache CloudStack (20)

Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
CloudStack-Developer-Day
CloudStack-Developer-DayCloudStack-Developer-Day
CloudStack-Developer-Day
 
The Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep VittalThe Future of SDN in CloudStack by Chiradeep Vittal
The Future of SDN in CloudStack by Chiradeep Vittal
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
Directions for CloudStack Networking
Directions for CloudStack  NetworkingDirections for CloudStack  Networking
Directions for CloudStack Networking
 
OpenStack Quantum
OpenStack QuantumOpenStack Quantum
OpenStack Quantum
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Integrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing InfrastructureIntegrating OpenStack To Existing Infrastructure
Integrating OpenStack To Existing Infrastructure
 
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStackIntroduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
Introduction: Build infrastucture-as-a-service Clouds with Apache CloudStack
 
Presentation citrix cloud platform for infrastructure as a service
Presentation   citrix cloud platform for infrastructure as a servicePresentation   citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a service
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructure
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master class
 
OSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OSDC 2012 - OpenNebula: Open-source Solution for Data Center VirtualizationOSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
OSDC 2012 - OpenNebula: Open-source Solution for Data Center Virtualization
 
NephoScale Elastic Networking
NephoScale Elastic NetworkingNephoScale Elastic Networking
NephoScale Elastic Networking
 
CloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWestCloudStack - LinuxFest NorthWest
CloudStack - LinuxFest NorthWest
 
Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStack
 
CloudOpen 2012 OpenNebula talk
CloudOpen 2012 OpenNebula talkCloudOpen 2012 OpenNebula talk
CloudOpen 2012 OpenNebula talk
 

Mehr von Chiradeep Vittal

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinChiradeep Vittal
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackChiradeep Vittal
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackChiradeep Vittal
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)Chiradeep Vittal
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopChiradeep Vittal
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)Chiradeep Vittal
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Chiradeep Vittal
 

Mehr von Chiradeep Vittal (10)

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro services
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStack
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStack
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache Hadoop
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)
 

Kürzlich hochgeladen

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 

Kürzlich hochgeladen (20)

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 

Scalable networking in Apache CloudStack

  • 1. Making a million firewalls sing Scalable Networking in Apache CloudStack June 19 2012 Chiradeep Vittal
  • 2. Agenda • Who am I & what am I doing here? • Apache CloudStack • Networking modes in Apache CloudStack • Scaling challenges in Cloud Networking • Scale Up • Scale Out
  • 3. Who Chiradeep Vittal (@chiradeep) – Founding engineer @ Cloud.com (2008) – Architect @ Citrix Systems (2011-) – Maintainer @ Apache CloudStack (2012-) – Not a Network Ninja Why – Challenges of Cloud Networking – Apache CloudStack – Real World Cloud Networking
  • 4. Apache CloudStack • Secure, multi-tenant cloud orchestration platform – Turnkey platform for delivering IaaS clouds – Over 100 commercial deployments: Build your cloud the way the private and public world’s most successful clouds – Full featured GUI, end-user API and are built admin API
  • 5. Apache CloudStack • Open Source • Apache License • Incubating in the Apache Software Foundation since April 2012 Build your cloud the way the world’s most successful clouds • Open Source since May 2010 are built • In production since 2009
  • 6. Apache CloudStack • Flexibility and scale • Hypervisor agnostic • Flexible network topologies • Multiple storage options Build your cloud the way the • Proven to scale to tens of world’s most successful clouds thousands of hypervisors are built
  • 7. Server Virtualization++ Cloud • 10x more scaleable • 2-5x lower cost • 100% more open Built for traditional Designed around big data, enterprise apps & client- massive scale & next-gen apps server compute •Cloud architecture for 1000s of • Enterprise arch for 100s of hosts hosts •Scale-out (multi-site server farms) • Scale-up (server clusters) •Apps assume failure • Apps assume reliability •Autonomic [1:1,000’s] • IT Mgmt-centric [1:Dozens] •Open, value-added stack • Proprietary vendor stack
  • 8. Network Flexibility Network Services • L2 connectivity • IPAM • DNS • Routing • ACL • Firewall • NAT • VPN • LB • IDS • IPS
  • 9. Network Flexibility Network Service Services Providers • L2  Virtual connectivity appliances • IPAM  Hardware • DNS firewalls • Routing  LB • ACL appliances • Firewall  SDN • NAT controllers • VPN  IDS /IPS • LB appliances • IDS  VRF • IPS  Hypervisor
  • 10. Network Flexibility Network Service Network Services Providers Isolation • L2  Virtual • No isolation connectivity appliances • IPAM  Hardware • VLAN • DNS firewalls isolation • Routing  LB • ACL appliances • Overlays • Firewall  SDN • L3 isolation • NAT controllers • VPN  IDS /IPS • LB appliances • IDS  VRF • IPS  Hypervisor
  • 11. End-user experience • Deploy a VM in a network – VM Template = Windows 2008 with Joomla on VMWare – Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM – Disk Offering {Super fast} – Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps Internet access
  • 12. End-user experience • Deploy a VM in a network – VM Template = Windows 2008 with Joomla on VMWare – Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM – Disk Offering {Super fast} – Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps Internet access • Network Offering Gold is realized by – VLAN isolation – Source NAT & FW on Juniper SRX – LB on F5 BigIp – DHCP, DNS on virtual appliance
  • 13. End-user experience • Deploy a VM in a network – VM Template = Windows 2008 with Joomla on VMWare – Service offering {m1.large} = 2 x CPU x 2.0Ghz, 8 GB RAM – Disk Offering {Super fast} – Network Offering {Gold} = Source NAT + LB+ FW + 20 Mbps Internet access • Network Offering Gold is realized by – VLAN isolation – Source NAT & FW on Juniper SRX – LB on F5 BigIp – DHCP, DNS on virtual appliance • CloudStack orchestration: – Pick a free VLAN, pick a free public IP, free private IP – Pick hypervisor with spare capacity – Pick primary storage of SSD type accessible in hypervisor cluster – Pick a Juniper SRX and F5 with spare capacity – Spin up a new virtual appliance if necessary that runs DHCP and DNS service • Pick hypervisor, call hypervisor APIs to provision virtual appliance on selected VLAN – Call hypervisor APIs to provision VM on selected VLAN – Call SRX and F5 APIs to place their internal interfaces on the VLAN, public interfaces on public VLAN – Call SRX API to provision source NAT, default FW rules
  • 14. Networking Styles Server Virt ++ • VLAN (or no) isolation • Multiple service levels • Interoperate with legacy networks at L2 or L3 • Legacy workloads requiring multicast and broadcast • Assumes reliable infrastructure • Difficult / expensive to scale out • Bonding, multi-link, multi- path, redundant networks, STP
  • 15. Networking Styles Server Virt ++ Cloud Style • VLAN (or no) isolation • L3 isolation or overlays • Multiple service levels • Single or few service levels • Interoperate with legacy networks at L2 or L3 • Interoperate with legacy • Legacy workloads requiring networks using gateways or multicast and broadcast at L3 • Assumes reliable • Workloads assume infrastructure unreliable infrastructure • Difficult / expensive to scale out • Generally do not support • Bonding, multi-link, multi- multicast or broadcast path, redundant networks, STP • Scales out massively
  • 16. Software Defined Networking • Built-in overlay controller (using vanilla GRE between Open vSwitch on hypervisor) Or • Integration hooks available – E.g., call SDN controller API to create logical switch when a network is created – Call SDN API when VM nic is added to a network – Nicira NVP, Midonet (more coming)
  • 17. Physical Network Operations End Admin and Users Cloud API CloudStack Mgmt Server Cluster Router MySQL Edge Services Availability Zone L3/L2 Core Access Layer Switches Secondary Servers … … … … … Storage Pod 1 Pod 2 Pod 3 Pod N
  • 18. Network virtualization with VLANs Tenant 1 Virtual Network 10.1.1.0/24 Tenant 10.1.1.2 Gateway address 1 VM 1 10.1.1.1 Tenant 10.1.1.3 1 VM 2 Internet Tenant 10.1.1.4 1 VM 3 Tenant 10.1.1.5 1 VM 4
  • 19. Network virtualization with VLANs Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP address Tenant Network 65.37.141.11 10.1.1.2 Gateway address 1 VM 1 65.37.141.36 10.1.1.1 Tenant 1 Tenant 10.1.1.3 Edge Services 1 VM 2 Appliance(s) NAT Internet DHCP Tenant 10.1.1.4 1 VM 3 FW Tenant 10.1.1.5 1 VM 4
  • 20. Network virtualization with VLANs Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP address Tenant Network 65.37.141.11 10.1.1.2 Gateway address 1 VM 1 65.37.141.36 10.1.1.1 Tenant 1 Tenant 10.1.1.3 Edge Tenant 1 Services 1 VM 2 Edge Services Appliance(s) Appliance(s) NAT Internet DHCP Tenant 10.1.1.4 1 VM 3 FW Load Balancing VPN Tenant 10.1.1.5 1 VM 4
  • 21. Network virtualization with VLANs Tenant 1 Virtual Network 10.1.1.0/24 Public Public IP address Tenant Network 65.37.141.11 10.1.1.2 Gateway address 1 VM 1 65.37.141.36 10.1.1.1 Tenant 1 Tenant 10.1.1.3 Edge Tenant 1 Services 1 VM 2 Edge Services Appliance(s) Appliance(s) NAT Internet DHCP Tenant 10.1.1.4 1 VM 3 FW Load Balancing VPN Tenant 10.1.1.5 1 VM 4 Tenant 2 Virtual Network 10.1.1.0/24 Public IP address 65.37.141.24 Gateway address Tenant 10.1.1.2 65.37.141.80 10.1.1.1 2 VM 1 Tenant 2 Tenant 10.1.1.3 Edge Services 2 VM 2 Appliance VPN Tenant 10.1.1.4 NAT 2 VM 3 DHCP
  • 22. Scaling with VLANs Scale out edge services using virtual appliances 10.1.1.0/24 VLAN 100 VM 1 10.1.1.2 65.37.141.11 10.1.1.1 1 CS 65.37.141.11 Virtual VM 2 2 Router 10.1.1.3 DHCP, DNS NAT Load Balancing 10.1.1.4 VM 3 VPN VM 4 10.1.1.5
  • 23. Scaling with VLANs Scale out edge services using virtual appliances Scale up using hardware devices 10.1.1.0/24 10.1.1.0/24 VLAN 100 VLAN 100 VM 1 65.37.141.11 10.1.1.1 10.1.1.2 VM 1 10.1.1.2 1 Juniper 65.37.141.11 SRX 10.1.1.1 NAT, 1 CS Firewall 65.37.141.11 Virtual VM 2 VPN VM 2 10.1.1.3 10.1.1.3 2 Router 65.37.141.112 10.1.1.112 DHCP, DNS Netscaler NAT Load Load Balancing 10.1.1.4 VM 3 VM 3 Balancer 10.1.1.4 VPN VM 4 VM 4 10.1.1.5 10.1.1.5 CS DHCP, Virtual Router DNS
  • 24. Multi-tier virtual networking Internet Loadbalancer Virtual appliance/ Hardware Devices (virtual or HW) Network Services • IPAM • DNS Web VM 1 • LB [intra] • S-2-S VPN • Static Routes Web VM • ACLs 2 • NAT, PF • FW [ingress & egress] VLAN 353 Web VM • BGP 3 Web VM 4 Web subnet 10.1.1.0/24 VLAN 101
  • 25. Multi-tier virtual networking Internet Loadbalancer Virtual appliance/ Hardware Devices (virtual or HW) MPLS VLAN Network Services App VM • IPAM 1 • DNS Web VM 1 • LB [intra] • S-2-S VPN App VM • Static Routes Web VM 2 VLAN 2724 • ACLs 2 • NAT, PF • FW [ingress & egress] VLAN 353 Web VM • BGP 3 DB VM 1 Web VM 4 Web subnet App subnet DB Subnet 10.1.1.0/24 VLAN 101 10.1.2.0/24 10.1.3.0/24
  • 26. Multi-tier virtual networking Internet IPSec or SSL site-to-site VPN Loadbalancer Virtual appliance/ Customer Hardware Devices Premises (virtual or HW) MPLS VLAN Network Services App VM • IPAM 1 • DNS Web VM 1 • LB [intra] • S-2-S VPN App VM • Static Routes Web VM 2 VLAN 2724 • ACLs 2 • NAT, PF • FW [ingress & egress] VLAN 353 Web VM • BGP 3 DB VM 1 Web VM 4 Web subnet App subnet DB Subnet 10.1.1.0/24 VLAN 101 10.1.2.0/24 10.1.3.0/24
  • 27. Problem: Manage Configuration of 1000s of virtual appliances (or VRF) Dozens of HW appliances
  • 28. Problem: Manage Configuration of 1000s of virtual appliances (or VRF) Dozens of HW appliances Solution: Database-driven state management of appliances Message queues + Retry Logic Idempotent updates, Recreatable virtual appliances
  • 29. Problem: Manage Configuration of 1000s of virtual appliances (or VRF) Dozens of HW appliances Solution: Database-driven state management of appliances Message queues + Retry Logic Idempotent updates, Recreatable virtual appliances Problem: Single-tenant HW appliances Solution: CloudStack API layers multi-tenancy, provides abstraction No direct access to devices
  • 30. Problem: Hardware appliances with no APIs CLI only Limited concurrent login sessions Solution: Recommend appliances with APIs Integrate with Network Orchestrators
  • 32. Layer 3 cloud networking Web DB Web VM VM VM Web DB Security Security Group Group Web Web DB VM VM VM … … … Web Web VM VM Ingress Rule: Allow VMs in Web Security Group access to VMs in DB Security Group on Port 3306
  • 33. L3 isolation with distributed firewalls Tenant 10.1.0.2 Public Public IP address 1 VM 1 Internet 65.37.141.11 65.37.141.24 65.37.141.36 10.1.0.1 Pod 1 L2 Tenant 10.1.0.3 65.37.141.80 Switch 2 VM 1 Tenant 10.1.0.4 1 VM 2 L3 Core Pod 2 L2 Switch 10.1.8.1 … 10.1.16.1 Load Pod 3 L2 Balancer Switch …
  • 34. L3 isolation with distributed firewalls Tenant 10.1.0.2 Public Public IP address 1 VM 1 Internet 65.37.141.11 65.37.141.24 65.37.141.36 10.1.0.1 Pod 1 L2 Tenant 10.1.0.3 65.37.141.80 Switch 2 VM 1 Tenant 10.1.0.4 1 VM 2 L3 Core Pod 2 L2 Switch 10.1.8.1 … 10.1.16.1 Load Pod 3 L2 Balancer Switch … Tenant 1 VM 3 10.1.16.47 Tenant 10.1.16.85 1 VM 4
  • 35. L3 isolation with distributed firewalls Tenant 10.1.0.2 Public Public IP address 1 VM 1 Internet 65.37.141.11 65.37.141.24 65.37.141.36 10.1.0.1 Pod 1 L2 Tenant 10.1.0.3 65.37.141.80 Switch 2 VM 1 Tenant 10.1.0.4 1 VM 2 L3 Core Pod 2 L2 Switch 10.1.8.1 … Tenant 10.1.16.12 10.1.16.1 2 VM 2 Load Pod 3 L2 Balancer Switch Tenant 2 VM 3 10.1.16.21 … Tenant 1 VM 3 10.1.16.47 Tenant 10.1.16.85 1 VM 4
  • 36. 1 Firewall per Virtual Machine
  • 37. A Million Firewalls? VM VM VM … … VM VM … … VM VM … VM VM VM VM VM VM VM VM VM VM VM … … VM VM … … VM VM … VM VM VM VM VM VM VM VM VM VM VM … … VM VM … … VM VM … VM VM VM VM VM VM VM VM VM VM VM … … VM VM … … VM VM … VM VM VM VM VM VM VM VM VM VM VM … … VM VM … … VM VM … VM VM VM VM VM VM VM VM VM … VM VM … VM VM … VM … … VM … VM VM VM VM VM VM VM VM VM VM VM … … VM VM … … VM VM … VM VM VM VM VM VM VM VM VM VM VM … … VM VM … … VM VM … VM VM VM VM VM VM VM VM
  • 38. Problem: Manage the state of 100s of thousands of firewalls
  • 39. Problem: Manage the state of 100s of thousands of firewalls Solution: Well-known software scaling techniques • Message queues • Consistency tradeoffs • Idempotent configuration & retries CloudStack uses • special purpose queues • optimized for large security groups • eventual consistency for rule updates
  • 40. Problem: Firewall (iptables) rules explosion on the host firewall Allow Security Group {Web} on TCP port 3060 -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.16.31 – j ACCEPT -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.45.112 – j ACCEPT -A FORWARD -m tcp –p tcp –dport 3060 –src 10.1.189.5 – j ACCEPT … -A FORWARD -m tcp –p tcp –dport 3060 –src 10.21.9.77 – j ACCEPT For large security groups, performance suffers
  • 41. Problem: Firewall (iptables) rules explosion on the host firewall Solution: Use ipsets: ipset –N web_sg iptreemap ipset –A web_sg 10.1.16.31 ipset –A web_sg 10.1.16.112 ipset –A web_sg 10.1.189.5 … ipset –A web_sg 10.21.9.77 -A FORWARD –p tcp –m tcp –dport 3060 –m set –match-set web_sg src -j ACCEPT
  • 42. Multi-tier networking with Overlay Internet IPSec or SSL site-to-site VPN Loadbalancer Customer Virtual Router Premises (virtual appliance) MPLS VLAN Network Services App VM • IPAM Web VM 1 • DNS 1 • LB [intra] App VM • S-2-S VPN Web VM 2 GRE Key 2724 • Static Routes 2 • ACLs • NAT, PF • FW [ingress & egress] Web VM GRE Key 353 DB VM 1 • BGP 3 Web VM 4 Web subnet App subnet DB Subnet 10.1.1.0/24 GRE Key 101 10.1.2.0/24 10.1.3.0/24
  • 43. Multi-tier networking with Overlay Internet vswitches Loadbalancer (virtual appliance) Network Services App VM • IPAM 1 Web VM • DNS 1 • LB [intra] • S-2-S VPN App VM Web VM 2 GRE Key 2724 • Static Routes 2 • ACLs • NAT, PF • FW [ingress & egress] Web VM GRE Key 353 DB VM 1 • BGP 3 Web VM 4 Web subnet App subnet DB Subnet 10.1.1.0/24 GRE Key 101 10.1.2.0/24 10.1.3.0/24
  • 44. Check it Out • Apache CloudStack – http://wiki.cloudstack.org – Download it – Use it – Contribute to it • Citrix CloudPlatform – Based on Apache CloudStack – Commercial support

Hinweis der Redaktion

  1. Need a better slide than this
  2. Need a better slide than this
  3. Need a better slide than this
  4. Two broad classes of workloads are emerging: traditional enterprise workloads architected with reliable infrastructure assumptions, and a new cloud style where reliability tends to be the responsibility of the application
  5. Flexibility in CloudStack Networking means being able to support various combinations of network services being delivered to the cloud user. The cloud operator should be able to configure different levels of service with different combinations of services and offer them as packages in a catalog, much like service offerings and disk offerings
  6. Given a service there are many ways of realizing a service. A cloud operator may want to use one or more of these service providers (e.g., virtual appliances, hardware devices) to provide these services.
  7. The combination of services and service providers have to work in different isolation contexts in a multi-tenant cloud. Some cloud operators do not want any isolation and merely want the self-service nature of the cloud. Others want to use traditional vlan isolation in order to interoperate with legacy services and equipment. Others want to adopt SDN approaches using overlays. By far the most scalable way is to use L3 isolation and security groups.
  8. Cloud user wants to deploy a vm into a network with specified service offering m1.large, disk offering “Super Fast” and the “Gold” network offering. The gold offering translates into the following combination of services: source NAT, load balancing, firewall and 20 Mbps internet access
  9. The cloud operator has configured the “Gold” offering to be realized by the following service providers: isolation with VLAN, source NAT and FW on a Juniper SRX, LB on F5 etc
  10. When the user calls the deploy API (or clicks the last button on the deploy wizard) the following steps need to happen. CloudStack orchestrates the hypervisors, storage and network devices so that these elements deliver the chosen levels of service.
  11. For the 2 styles of cloud, the reference network architecture tends to be quite different. For server virt with self service, it tends to use VLAN etc.
  12. The new style of networking (called “Basic Zone” in CloudStack) uses L3 at all levels of the datacenter architecture.
  13. CloudStack also supports L2-style networking on an L3-architected datacenter using overlays.
  14. With VLAN or L2 isolation, each tenant gets a contiguous range of ips in each network they create.
  15. We can provide NAT, DHCP and FW services for example by starting a virtual appliance to provide gateway services to this network and provide the edge services. The virtual appliance has one NIC on the public VLAN and one nic on the VLAN assigned to the network.
  16. If we wanted additional services like LB and VPN, the same virtual appliance or additional appliances or hardware devices can provide services (for example, load balancer and VPN)
  17. Every network created by any tenant can get its own unique set of services either by sharing hardware devices with other tenants or using dedicated appliances / devices. Each network gets its own VLAN
  18. Since there are hundreds to thousands of tenants in a datacenter, we can scale out the edge services using multiple virtual appliances. Virtual appliances are cheap and disposable – if they fail, they can be recreated automatically by CloudStack.
  19. If some tenants require more performance than that can be offered with a virtual appliance, they can choose a network offering that is backed by more powerful hardware appliances. For example, CloudStack can orchestrate a Juniper SRX and a Citrix Netscaler device together to offer a combination of powerful firewall and load balancing services.
  20. A 3-tier web app can be setup by a cloudstack end-user by simply making api calls to instantiate different networks with different services. A virtual router or other device provides services such as inter-vlan routing, ACLs and internet access via source NAT. A separate LB appliance or device can provide performant LB for the web tier.
  21. You can add the app tier and web tier as well. These tiers don’t require load balancing..
  22. Additionally you can connect the entire set of networks to a site-to-site VPN using ipsec or an MPLS VLAN.
  23. No solution to this problem. For this we turn to using L3 isolation which requires a different set of APIs and a different way of architecting the network
  24. Related VMs are placed into security groups: for example, web vms are placed in the web security group and the db vms are in the DB security group. By default all ingress traffic to the vm is dropped. To allow web vms to communicate to DB vms, the cloud user calls an api to allow access on the database’s tcp port.
  25. Each pod has a different subnet. When a VM is started in a pod, it acquires a free ip in that pod’s subnet. Different tenants can land up in the same pod and hence share the same L2 subnet. Because security groups deny all by default, each VM needs a host-based firewall (embedded in the hypervisor dom0) to enforce this. This also prevents stuff like DHCP and ARP snooping. To prevent attacks, multicast and broadcast are blocked by the firewall
  26. As a tenant starts more vms, the vms can land in different pods. The cloud user cannot make any assumptions about L2 connectivity between their vms.
  27. As vms get created and destroyed, CloudStack has to ensure the configuration of the host-based firewalls (iptables) is consistent with the security group rules programmed by the cloud user
  28. 40,000 hypervisors in a data center x 25 vms / hypervisor = 1 million firewalls to be orchestrated by CloudStack
  29. If there are 1000 vms in the web security group, they do not have easily summarizable ips since they draw their ips from different subnets (pods). To allow web vms on tcp port 3060, therefore the DB VM firewall would need 1000 separate iptables rules. When a packet from the web vm arrives at the DB vm firewall, up to 1000 rules might have to be checked before a match is found and the packet is let through. The sequential matching imposed by iptables can cause latency issues.
  30. An ipset is a kerneldatastructure that can match an ip very efficiently against a large set of ips. For example, using a tree structure, an ip address can be quickly tested for containment. The ipset is supplied to the iptables rule leading to a single iptable rule.
  31. Using the L3 networking layout, we can impose an L2 overlay using techniques such as GRE tunnels, NVGRE, VxLAN and STT. For example, instead of using VLANs for isolation, we could use GRE keys (a 32-bit id) to scale it well beyond 4k networks. VLANs could still be used to interoperate with MPLS and legacy services.
  32. Xenserver and KVM have open vswitch built in. This can be used to replace some of the traditional virtual router functions such as inter-network routing and ACLs. Most edge services would have to be provided using virtual appliances in this case since hardware devices usually do not terminate the overlay technologies.