SlideShare ist ein Scribd-Unternehmen logo
1 von 17
Openstack@ebay: Practical SDN deployment with Quantum
Prod
     Prod

                                                  QA    DEV

                       PCI
 Secure
            DEV
QA                QA               DEV


                             Copyright eBay Inc. 2012         2
 Any Application Anywhere
   Dedicated physical environments cause fragmentation
 Soft Cabling
   Datacenter reconfiguration is costly and cannot be automated
 Shared Standardized Infrastructure
   Simplifies automation and improves supply chain efficiency
 Virtualize everything
   White space between applications and infrastructure helps agility
 Automate everything
   Automation helps agility and efficiency



                                     Copyright eBay Inc. 2012           3
• Translation of physical environment properties into configurations
                  • Assigned to projects (logical environments), drives scheduling and policies
                      • For example, network selection
                      Production                                                                                                        DEV
Obligations          Restrictions      Capabilities                                                         Obligations             Restrictions        Capabilities
QA Approved Builds   No Login Access   Core DB access                                                       Certified OS versions   Limited Prod        Full root
                                                                                                                                    Access
Prod OS version      No Corp Access    24/7 Incident Mgt
                                                                                                                                    Limited QA Access
Monitoring           No QA Access      Site traffic Access
                                                                                                                                    No site Traffic     Filtered Internet

                                                                            External
                                                  Obligations             Restrictions     Capabilities
                                                                          No Prod Access   Private DB

                                                  Certified OS Versions   No Corp Access   24/7 Incident Mgt

                                                  Monitoring              No QA Access     Site traffic Access




                                                                     Copyright eBay Inc. 2012                                                                               4
Core

4 spines
(Nx10Gb)
                                                                  Spine


N leaves
(48x1Gb)
                                                                  Leaves

                           48 -> N “½ racks”
M servers
2x1Gb


            Flat L3 (all switches are routers too)
            Line rate from any server to any server (oversubscription = 48/40)
            OSPF/ECMP to advertise routes

                           Copyright eBay Inc. 2012                              5
Dedicated Network                                                       VLAN Based

                                                                                        VLAN trunk




                                                                                                                               vlan 1
                                                                                            Prod

                                                                                                QA                         vlan n
          Production                    QA
- physical network build out   + Physical isolation                - Limited scale (n = 4096)        + L2 isolation
- Fragmentation                + fool proof                        - Large fault domain (STP)        + somewhat soft Cabling
- coarse grained isolation


                                                  Copyright eBay Inc. 2012                                                          6
Security Groups or Virtual Firewall




+ no/minimal infrastructure requirement        - Difficult to combine provider policies and user policies
+ good for user policies (ip tables)           - Management of rules
                                               - Impact of group membership modification
                                               - Aggregation/summarization difficult/impossible

                                      Copyright eBay Inc. 2012                                              7
Virtual Networks using Software Defined Networks




            Overlay 1
                                                           Prod
 Other
Networks
                                                            QA
            Overlay n
                                                   Cloud Fabric
           + L2 isolation                                      + Can complement L3 isolation
           + compatible with large scale                       + large number of networks (n>4096)
           + can be fully automated                            - Tunnel overhead
           + firewall can be interposed between                - L2 size limited by # of tunnels
           virtual networks

                                            Copyright eBay Inc. 2012                                 8
Traditional                                               SDN


        The                                                    The
      Network                                                Network




                                                                                  Network protocols
                           Network protocols
Routing/switching engine                               Routing/switching engine

             controls                                   The Switch/Router
                                                                    controls
        Logic
                                                               Logic                API
 The Switch/Router                                           Controller

                            Copyright eBay Inc. 2012                                                  9
Wizard      Physical Switches            OSPF/ECMP,…
            Traffic Engineering




         Virtual + Physical switches
Ninja        Overlay Networks




              Virtual Switches           ARP + L2 protocols
Nerdy
             Overlay Networks

              Copyright eBay Inc. 2012                    10
 A logical environment defined as a class of service on top of shared infrastructure
   Self Service VM for developers.
   Access must be similar to their desktops (access to QA, Corp, …)
   Should allow collaboration
 Implemented as a set of L2 networks (/24) with in a given L3 (/20)
   No private networks : all developers on same shared networks
   No private IP space: traffic is routed within core, no need for floating Ips
 Isolated from infrastructure
   Overlay network using OpenVswitch / STT tunneling
   Nicira NVP controllers integrated with Quantum (Essex)
   Routed out through perimeter firewall


                                       Copyright eBay Inc. 2012                     11
From 10.9.1.0/24 default->10.9.0.1                                                   10.9.0.0/20 ->10.9.0.10
                From 10.9.2.0/24 default->10.9.0.1
                                                                     Standby Gateway
                                                                                         Eth1/vlan 1
                  Dev Cloud : 10.9.0.0/20
                                                                                              Eth0/vlan 2                                            Corp
10.9.1.0/24                                             10.9.1.1                   N
                                                                   gtw-xxxx




                                                                                                                  trunk
                                                                     gtw-xxxx                10.9.0.10                      10.9.0.1
                                                                                                                                                  Internet
10.9.2.0/24                                                                       N
                                                                                  M
                                                        10.9.2.1
                                                                   gtw-xxxx
                                                                                                                                                        QA
                                                                         vswitch  M    Eth1/vlan 1
                                                                                             Eth0/vlan 2
                                                                       vswitch
                                                                                                                                 Nicira
                                    default->10.9.2.1                                                                           Nicira             Nicira
                                                                     Active Gateway                                             Service           Nicira
                                                                                                                               Service           controllers
                                                                                                                                 Nodes          controllers
                                                                                                                               Nodes

       vif
  K              C       Hypervisor                     S          A          Q
                                                                                                                          N:Nova-network+dnsmasq        K:Ubuntu + KVM
      vswitch                                                                                                             C:Nova-compute                A:Nova-api
                                                                                                                          S:Nova-scheduler              Q:Quantum
                                                                                                                          M:Metadata
                                                                                                                      Infrastructure/Internal          Virtual network
                                                                                                                                    Infrastructure/External


                                                                       Copyright eBay Inc. 2012                                                                          12
Developer                                                              Admin
                                                                               Create network
                                                                               (project = admin,           Create routes
        eBay Cloud Portal                                                      Cidr=10.9.x.0/24)

                    Create instance
               1    (COS,OS, size)
                                                                                   Nova-manage                  Gateway
                                               2   Get Free Networks
              eBay IaaS

 Create DNS               Boot Instance                                            Nova Network
 (A,PTR)                  (Image ID,Flavor, NIC)
                                                                                                               Create
  4                                     3                                                                      gtw-xxxx


   DNS                          Nova API                                                Quantum
                                                           nova
Management                                                  db
                                                                               Create          Create
                            Nova Scheduler                                     port            lswitch
                                                                                                                           13
                                                          Get IP
                                                          Create port             Nicira Controller
                            Nova Compute

                                                    Copyright eBay Inc. 2012
250   100

            Instance
200   80
            Requests

150   60         Success
                 Failed
100   40         rate


 50   20

  0   0




             Copyright eBay Inc. 2012   14
 Perimeter firewalls configured once, not        No capacity/policy based assignment of
  dependent on the instance                        networks – had to be implemented outside.
  creation/deletion/movement                       Moving it to nova scheduler.
 Network are pre-created using nova-             One network flavor supported in Essex.
  manage, good for provider networks
                                                   Cannot have, e.g., one gateway per
                                                   network, with different behavior (dhcp)
 Can be extended with other COS using same
  pattern
                                                  Scale out requires bigger links out of the
                                                   gateway, or more gateways
 Stability of both Nicira NVP and Openstack +
  Ubuntu + KVM
                                                  Upset the separation of concern
 Looking forward to new features in Folsom –      requirement: Netsec + Networking + Sys
  Quantum v2                                       Admins in same box = ‘interesting’


                                                                                                15
 New classes of service
   External : private networks + VIP and Floating IP on the Internet
   Production : Bridged network
 Scale out
   80 today, going to a lot more
   More gateways/10Gb
 Folsom upgrade
   L3 Routers
   Load Balancers
 Cleaner Openstack integration
   Network Allocation
   DNS configuration
   AuthN/AuthZ

                                                                        16
We are Hiring !

http://www.ebaycareers.com/




         Copyright eBay Inc. 2012   17

Weitere ähnliche Inhalte

Was ist angesagt?

Netflix Velocity Conference 2011
Netflix Velocity Conference 2011Netflix Velocity Conference 2011
Netflix Velocity Conference 2011Adrian Cockcroft
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignRandy Bias
 
#CCevent Cloud is awesome but not as flexible as you think
#CCevent Cloud is awesome but not as flexible as you think#CCevent Cloud is awesome but not as flexible as you think
#CCevent Cloud is awesome but not as flexible as you thinkPete Johnson
 
Cloud computing - co daje firmie?
Cloud computing - co daje firmie? Cloud computing - co daje firmie?
Cloud computing - co daje firmie? Biznes to Rozmowy
 
The Cloud Revolution - Philippines Cloud Summit
The Cloud Revolution - Philippines Cloud SummitThe Cloud Revolution - Philippines Cloud Summit
The Cloud Revolution - Philippines Cloud SummitRandy Bias
 
Cloud Architecture Tutorial - Why and What (1of 3)
Cloud Architecture Tutorial - Why and What (1of 3) Cloud Architecture Tutorial - Why and What (1of 3)
Cloud Architecture Tutorial - Why and What (1of 3) Adrian Cockcroft
 
IBM and OpenStack: Collaboration Beyond the Code
IBM and OpenStack: Collaboration Beyond the CodeIBM and OpenStack: Collaboration Beyond the Code
IBM and OpenStack: Collaboration Beyond the CodeDaniel Krook
 
Developing and Deploying Microservices to IBM Cloud Private
Developing and Deploying Microservices to IBM Cloud PrivateDeveloping and Deploying Microservices to IBM Cloud Private
Developing and Deploying Microservices to IBM Cloud PrivateShikha Srivastava
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Greg Ferro
 
Cloud Architecture Tutorial - Running in the Cloud (3of3)
Cloud Architecture Tutorial - Running in the Cloud (3of3)Cloud Architecture Tutorial - Running in the Cloud (3of3)
Cloud Architecture Tutorial - Running in the Cloud (3of3)Adrian Cockcroft
 
Netflix Global Applications - NoSQL Search Roadshow
Netflix Global Applications - NoSQL Search RoadshowNetflix Global Applications - NoSQL Search Roadshow
Netflix Global Applications - NoSQL Search RoadshowAdrian Cockcroft
 
Docker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITDocker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITStijn Wijndaele
 
Netflix Cloud Platform Building Blocks
Netflix Cloud Platform Building BlocksNetflix Cloud Platform Building Blocks
Netflix Cloud Platform Building BlocksSudhir Tonse
 
Netflix Global Cloud Architecture
Netflix Global Cloud ArchitectureNetflix Global Cloud Architecture
Netflix Global Cloud ArchitectureAdrian Cockcroft
 
Build an hybrid cloud on IBM Power Systems and IBM softlayer
Build an hybrid cloud on IBM Power Systems and IBM softlayerBuild an hybrid cloud on IBM Power Systems and IBM softlayer
Build an hybrid cloud on IBM Power Systems and IBM softlayerGuilhaume Garcia
 
eNovance Make Your Cloud
eNovance Make Your CloudeNovance Make Your Cloud
eNovance Make Your CloudeNovance
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaAmazon Web Services
 

Was ist angesagt? (20)

Netflix Velocity Conference 2011
Netflix Velocity Conference 2011Netflix Velocity Conference 2011
Netflix Velocity Conference 2011
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network Design
 
#CCevent Cloud is awesome but not as flexible as you think
#CCevent Cloud is awesome but not as flexible as you think#CCevent Cloud is awesome but not as flexible as you think
#CCevent Cloud is awesome but not as flexible as you think
 
Cloud computing - co daje firmie?
Cloud computing - co daje firmie? Cloud computing - co daje firmie?
Cloud computing - co daje firmie?
 
The Cloud Revolution - Philippines Cloud Summit
The Cloud Revolution - Philippines Cloud SummitThe Cloud Revolution - Philippines Cloud Summit
The Cloud Revolution - Philippines Cloud Summit
 
NetflixOSS Meetup
NetflixOSS MeetupNetflixOSS Meetup
NetflixOSS Meetup
 
Cloud Architecture Tutorial - Why and What (1of 3)
Cloud Architecture Tutorial - Why and What (1of 3) Cloud Architecture Tutorial - Why and What (1of 3)
Cloud Architecture Tutorial - Why and What (1of 3)
 
IBM and OpenStack: Collaboration Beyond the Code
IBM and OpenStack: Collaboration Beyond the CodeIBM and OpenStack: Collaboration Beyond the Code
IBM and OpenStack: Collaboration Beyond the Code
 
Developing and Deploying Microservices to IBM Cloud Private
Developing and Deploying Microservices to IBM Cloud PrivateDeveloping and Deploying Microservices to IBM Cloud Private
Developing and Deploying Microservices to IBM Cloud Private
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425
 
Cloud Architecture Tutorial - Running in the Cloud (3of3)
Cloud Architecture Tutorial - Running in the Cloud (3of3)Cloud Architecture Tutorial - Running in the Cloud (3of3)
Cloud Architecture Tutorial - Running in the Cloud (3of3)
 
Netflix Global Applications - NoSQL Search Roadshow
Netflix Global Applications - NoSQL Search RoadshowNetflix Global Applications - NoSQL Search Roadshow
Netflix Global Applications - NoSQL Search Roadshow
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Docker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-ITDocker and Cloud - Enables for DevOps - by ACA-IT
Docker and Cloud - Enables for DevOps - by ACA-IT
 
Netflix Cloud Platform Building Blocks
Netflix Cloud Platform Building BlocksNetflix Cloud Platform Building Blocks
Netflix Cloud Platform Building Blocks
 
Netflix Global Cloud Architecture
Netflix Global Cloud ArchitectureNetflix Global Cloud Architecture
Netflix Global Cloud Architecture
 
Build an hybrid cloud on IBM Power Systems and IBM softlayer
Build an hybrid cloud on IBM Power Systems and IBM softlayerBuild an hybrid cloud on IBM Power Systems and IBM softlayer
Build an hybrid cloud on IBM Power Systems and IBM softlayer
 
Netflix and Open Source
Netflix and Open SourceNetflix and Open Source
Netflix and Open Source
 
eNovance Make Your Cloud
eNovance Make Your CloudeNovance Make Your Cloud
eNovance Make Your Cloud
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
 

Andere mochten auch

Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designAlexander Petrovskiy
 
Yuri M. Brovman, Data Scientist, eBay
Yuri M. Brovman, Data Scientist, eBayYuri M. Brovman, Data Scientist, eBay
Yuri M. Brovman, Data Scientist, eBayMLconf
 
Byron Galbraith, Chief Data Scientist, Talla, at MLconf NYC 2017
Byron Galbraith, Chief Data Scientist, Talla, at MLconf NYC 2017 Byron Galbraith, Chief Data Scientist, Talla, at MLconf NYC 2017
Byron Galbraith, Chief Data Scientist, Talla, at MLconf NYC 2017 MLconf
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDxCentral
 
Colt SD-WAN experience learnings and future plans
Colt SD-WAN experience learnings and future plansColt SD-WAN experience learnings and future plans
Colt SD-WAN experience learnings and future plansColt Technology Services
 
Пилотные зоны для тестирования и апробирования SDN&NFV разработок и решений в...
Пилотные зоны для тестирования и апробирования SDN&NFV разработок и решений в...Пилотные зоны для тестирования и апробирования SDN&NFV разработок и решений в...
Пилотные зоны для тестирования и апробирования SDN&NFV разработок и решений в...ARCCN
 
Software-Defined Networking (SDN): Unleashing the Power of the Network
Software-Defined Networking (SDN): Unleashing the Power of the NetworkSoftware-Defined Networking (SDN): Unleashing the Power of the Network
Software-Defined Networking (SDN): Unleashing the Power of the NetworkRobert Keahey
 

Andere mochten auch (8)

SDN Cosa è?
SDN Cosa è?SDN Cosa è?
SDN Cosa è?
 
Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network design
 
Yuri M. Brovman, Data Scientist, eBay
Yuri M. Brovman, Data Scientist, eBayYuri M. Brovman, Data Scientist, eBay
Yuri M. Brovman, Data Scientist, eBay
 
Byron Galbraith, Chief Data Scientist, Talla, at MLconf NYC 2017
Byron Galbraith, Chief Data Scientist, Talla, at MLconf NYC 2017 Byron Galbraith, Chief Data Scientist, Talla, at MLconf NYC 2017
Byron Galbraith, Chief Data Scientist, Talla, at MLconf NYC 2017
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined Networking
 
Colt SD-WAN experience learnings and future plans
Colt SD-WAN experience learnings and future plansColt SD-WAN experience learnings and future plans
Colt SD-WAN experience learnings and future plans
 
Пилотные зоны для тестирования и апробирования SDN&NFV разработок и решений в...
Пилотные зоны для тестирования и апробирования SDN&NFV разработок и решений в...Пилотные зоны для тестирования и апробирования SDN&NFV разработок и решений в...
Пилотные зоны для тестирования и апробирования SDN&NFV разработок и решений в...
 
Software-Defined Networking (SDN): Unleashing the Power of the Network
Software-Defined Networking (SDN): Unleashing the Power of the NetworkSoftware-Defined Networking (SDN): Unleashing the Power of the Network
Software-Defined Networking (SDN): Unleashing the Power of the Network
 

Ähnlich wie Openstack@ebay: Practical SDN deployment with Quantum

Nicira chef webinar-merged
Nicira chef webinar-mergedNicira chef webinar-merged
Nicira chef webinar-mergedStathy Touloumis
 
OpenStack and OpenFlow Demos
OpenStack and OpenFlow DemosOpenStack and OpenFlow Demos
OpenStack and OpenFlow DemosBrent Salisbury
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvIntel
 
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios
 
Cloud Foundry Open Tour - London
Cloud Foundry Open Tour - LondonCloud Foundry Open Tour - London
Cloud Foundry Open Tour - Londonmarklucovsky
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
Verification of Wireless SoCs: No Longer in the Dark Ages
Verification of Wireless SoCs: No Longer in the Dark AgesVerification of Wireless SoCs: No Longer in the Dark Ages
Verification of Wireless SoCs: No Longer in the Dark AgesDVClub
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructurelaurabeckcahoon
 
Solace Systems The Evolution of Messaging The Rise of the Appliance
Solace Systems The Evolution of Messaging The Rise of the ApplianceSolace Systems The Evolution of Messaging The Rise of the Appliance
Solace Systems The Evolution of Messaging The Rise of the ApplianceIosif Itkin
 
Extent 2013 Obninsk High Performance Messaging
Extent 2013 Obninsk High Performance MessagingExtent 2013 Obninsk High Performance Messaging
Extent 2013 Obninsk High Performance Messagingextentconf Tsoy
 
QLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized EnvironmentsQLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized EnvironmentsQLogic Corporation
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)hypervnu
 
Learn OpenStack from trystack.cn ——Folsom in practice
Learn OpenStack from trystack.cn  ——Folsom in practiceLearn OpenStack from trystack.cn  ——Folsom in practice
Learn OpenStack from trystack.cn ——Folsom in practiceOpenCity Community
 
Scalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage NetworksScalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage NetworksScott Sneddon
 
Dell web monsters-oct2011-v6-public
Dell web monsters-oct2011-v6-publicDell web monsters-oct2011-v6-public
Dell web monsters-oct2011-v6-publicBarton George
 

Ähnlich wie Openstack@ebay: Practical SDN deployment with Quantum (20)

Openstack@ebay.pptx
Openstack@ebay.pptxOpenstack@ebay.pptx
Openstack@ebay.pptx
 
NFV SDN for carriers
NFV SDN for carriersNFV SDN for carriers
NFV SDN for carriers
 
Nicira chef webinar-merged
Nicira chef webinar-mergedNicira chef webinar-merged
Nicira chef webinar-merged
 
OpenStack and OpenFlow Demos
OpenStack and OpenFlow DemosOpenStack and OpenFlow Demos
OpenStack and OpenFlow Demos
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfv
 
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - Merlin
 
Cloud Foundry Open Tour - London
Cloud Foundry Open Tour - LondonCloud Foundry Open Tour - London
Cloud Foundry Open Tour - London
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
Runner sv q307
Runner sv q307Runner sv q307
Runner sv q307
 
Verification of Wireless SoCs: No Longer in the Dark Ages
Verification of Wireless SoCs: No Longer in the Dark AgesVerification of Wireless SoCs: No Longer in the Dark Ages
Verification of Wireless SoCs: No Longer in the Dark Ages
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructure
 
The SDN Opportunity
The SDN OpportunityThe SDN Opportunity
The SDN Opportunity
 
Solace Systems The Evolution of Messaging The Rise of the Appliance
Solace Systems The Evolution of Messaging The Rise of the ApplianceSolace Systems The Evolution of Messaging The Rise of the Appliance
Solace Systems The Evolution of Messaging The Rise of the Appliance
 
Extent 2013 Obninsk High Performance Messaging
Extent 2013 Obninsk High Performance MessagingExtent 2013 Obninsk High Performance Messaging
Extent 2013 Obninsk High Performance Messaging
 
QLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized EnvironmentsQLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized Environments
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)
 
SDN
SDNSDN
SDN
 
Learn OpenStack from trystack.cn ——Folsom in practice
Learn OpenStack from trystack.cn  ——Folsom in practiceLearn OpenStack from trystack.cn  ——Folsom in practice
Learn OpenStack from trystack.cn ——Folsom in practice
 
Scalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage NetworksScalable Enterprise Ready Neutron Networking with Nuage Networks
Scalable Enterprise Ready Neutron Networking with Nuage Networks
 
Dell web monsters-oct2011-v6-public
Dell web monsters-oct2011-v6-publicDell web monsters-oct2011-v6-public
Dell web monsters-oct2011-v6-public
 

Openstack@ebay: Practical SDN deployment with Quantum

  • 2. Prod Prod QA DEV PCI Secure DEV QA QA DEV Copyright eBay Inc. 2012 2
  • 3.  Any Application Anywhere  Dedicated physical environments cause fragmentation  Soft Cabling  Datacenter reconfiguration is costly and cannot be automated  Shared Standardized Infrastructure  Simplifies automation and improves supply chain efficiency  Virtualize everything  White space between applications and infrastructure helps agility  Automate everything  Automation helps agility and efficiency Copyright eBay Inc. 2012 3
  • 4. • Translation of physical environment properties into configurations • Assigned to projects (logical environments), drives scheduling and policies • For example, network selection Production DEV Obligations Restrictions Capabilities Obligations Restrictions Capabilities QA Approved Builds No Login Access Core DB access Certified OS versions Limited Prod Full root Access Prod OS version No Corp Access 24/7 Incident Mgt Limited QA Access Monitoring No QA Access Site traffic Access No site Traffic Filtered Internet External Obligations Restrictions Capabilities No Prod Access Private DB Certified OS Versions No Corp Access 24/7 Incident Mgt Monitoring No QA Access Site traffic Access Copyright eBay Inc. 2012 4
  • 5. Core 4 spines (Nx10Gb) Spine N leaves (48x1Gb) Leaves 48 -> N “½ racks” M servers 2x1Gb Flat L3 (all switches are routers too) Line rate from any server to any server (oversubscription = 48/40) OSPF/ECMP to advertise routes Copyright eBay Inc. 2012 5
  • 6. Dedicated Network VLAN Based VLAN trunk vlan 1 Prod QA vlan n Production QA - physical network build out + Physical isolation - Limited scale (n = 4096) + L2 isolation - Fragmentation + fool proof - Large fault domain (STP) + somewhat soft Cabling - coarse grained isolation Copyright eBay Inc. 2012 6
  • 7. Security Groups or Virtual Firewall + no/minimal infrastructure requirement - Difficult to combine provider policies and user policies + good for user policies (ip tables) - Management of rules - Impact of group membership modification - Aggregation/summarization difficult/impossible Copyright eBay Inc. 2012 7
  • 8. Virtual Networks using Software Defined Networks Overlay 1 Prod Other Networks QA Overlay n Cloud Fabric + L2 isolation + Can complement L3 isolation + compatible with large scale + large number of networks (n>4096) + can be fully automated - Tunnel overhead + firewall can be interposed between - L2 size limited by # of tunnels virtual networks Copyright eBay Inc. 2012 8
  • 9. Traditional SDN The The Network Network Network protocols Network protocols Routing/switching engine Routing/switching engine controls The Switch/Router controls Logic Logic API The Switch/Router Controller Copyright eBay Inc. 2012 9
  • 10. Wizard Physical Switches OSPF/ECMP,… Traffic Engineering Virtual + Physical switches Ninja Overlay Networks Virtual Switches ARP + L2 protocols Nerdy Overlay Networks Copyright eBay Inc. 2012 10
  • 11.  A logical environment defined as a class of service on top of shared infrastructure  Self Service VM for developers.  Access must be similar to their desktops (access to QA, Corp, …)  Should allow collaboration  Implemented as a set of L2 networks (/24) with in a given L3 (/20)  No private networks : all developers on same shared networks  No private IP space: traffic is routed within core, no need for floating Ips  Isolated from infrastructure  Overlay network using OpenVswitch / STT tunneling  Nicira NVP controllers integrated with Quantum (Essex)  Routed out through perimeter firewall Copyright eBay Inc. 2012 11
  • 12. From 10.9.1.0/24 default->10.9.0.1 10.9.0.0/20 ->10.9.0.10 From 10.9.2.0/24 default->10.9.0.1 Standby Gateway Eth1/vlan 1 Dev Cloud : 10.9.0.0/20 Eth0/vlan 2 Corp 10.9.1.0/24 10.9.1.1 N gtw-xxxx trunk gtw-xxxx 10.9.0.10 10.9.0.1 Internet 10.9.2.0/24 N M 10.9.2.1 gtw-xxxx QA vswitch M Eth1/vlan 1 Eth0/vlan 2 vswitch Nicira default->10.9.2.1 Nicira Nicira Active Gateway Service Nicira Service controllers Nodes controllers Nodes vif K C Hypervisor S A Q N:Nova-network+dnsmasq K:Ubuntu + KVM vswitch C:Nova-compute A:Nova-api S:Nova-scheduler Q:Quantum M:Metadata Infrastructure/Internal Virtual network Infrastructure/External Copyright eBay Inc. 2012 12
  • 13. Developer Admin Create network (project = admin, Create routes eBay Cloud Portal Cidr=10.9.x.0/24) Create instance 1 (COS,OS, size) Nova-manage Gateway 2 Get Free Networks eBay IaaS Create DNS Boot Instance Nova Network (A,PTR) (Image ID,Flavor, NIC) Create 4 3 gtw-xxxx DNS Nova API Quantum nova Management db Create Create Nova Scheduler port lswitch 13 Get IP Create port Nicira Controller Nova Compute Copyright eBay Inc. 2012
  • 14. 250 100 Instance 200 80 Requests 150 60 Success Failed 100 40 rate 50 20 0 0 Copyright eBay Inc. 2012 14
  • 15.  Perimeter firewalls configured once, not  No capacity/policy based assignment of dependent on the instance networks – had to be implemented outside. creation/deletion/movement Moving it to nova scheduler.  Network are pre-created using nova-  One network flavor supported in Essex. manage, good for provider networks Cannot have, e.g., one gateway per network, with different behavior (dhcp)  Can be extended with other COS using same pattern  Scale out requires bigger links out of the gateway, or more gateways  Stability of both Nicira NVP and Openstack + Ubuntu + KVM  Upset the separation of concern  Looking forward to new features in Folsom – requirement: Netsec + Networking + Sys Quantum v2 Admins in same box = ‘interesting’ 15
  • 16.  New classes of service  External : private networks + VIP and Floating IP on the Internet  Production : Bridged network  Scale out  80 today, going to a lot more  More gateways/10Gb  Folsom upgrade  L3 Routers  Load Balancers  Cleaner Openstack integration  Network Allocation  DNS configuration  AuthN/AuthZ 16
  • 17. We are Hiring ! http://www.ebaycareers.com/ Copyright eBay Inc. 2012 17

Hinweis der Redaktion

  1. Add a title to all presentations. A subtitle is optional.
  2. L3 rules are configured in either A firewall appliance or the hypervisor