Operator's experience and perspective
on SDN with VLANs and L3 Networks
@tcpcloud
OpenStack Summit Austin 2016

Presentation Agenda
• About tcp cloud & workday
• OpenStack Networking/SDN
• SDN key criteria for enterprises
• SDN operation Use Cases
• Comparison of SDN

About tcp cloud
❖ Active in global community (OpenStack, OpenContrail, SaltStack, etc…)
❖ Partnership (Canonical, Juniper, Arrow ECS, etc…)
❖ Own Hi-Tech Datacenter (TIER III, 20kW per rack, hundreds 10Gbps ports, etc…)
❖ Focused on private open cloud solutions and services (since 2011)
❖ References (AVG Technologies, Czech Railways, Mall.cz, 100%IT)
❖ Two directions:
➢ Enterprise Private Cloud solutions (OpenStack, Kubernetes)
➢ IoT (SmartCity projects)

About Workday
● On-demand (cloud-based) financial
management and human capital management
software vendor.
● Juniper Contrail
● L3 fabric network

• All clouds are about networking
• Key and the most controversial component of
OpenStack
• High Availability, Scalability, Migration, Multi-tenancy,
Performance, Security
• LBaaS, FWaaS, VPNaaS, Service Chainning
• Multiple solutions
• 30+ plugin drivers
• It is almost impossible to choose right way
OpenStack Networking/SDN

Multiple Openstack Neutron SDN

• Provide secure multi-tenancy using strong network isolation
• Policy driven network access control within (and across)
projects/domains
• Support software driven network functions
• LBaaS, DNSaaS, etc.
• Interconnect OpenStack with bare metal storage/analytics
services
• Provide an ability for product engineering teams to define a
network topology via REST APIs
• Associate network objects dynamically with VMs, Projects
• Create and manage network access control policies within
and across projects
• Enable easier integration of applications on partner
infrastructure
General SDN Objectives

First step = Overlay or not Overlay
Cloud native way
• Cloud native apps
• No overlapping (callico
can)
• No IP failover
• No Live Migration
• No L2 between VMs
• Suitable for containers
VLANs
• 4k limit
• No failure isolation
domain
• Spanning many ToRs
• Physical device
configuration
Overlay
• Simple physical
network
• L3 between ToRs
• Controllers
orchestrate tunnel
mesh for VM
• Overlapping, NFV, VNF

First step = Overlay or not Overlay
Cloud native way
• Cloud native apps
• No overlapping (callico
can)
• No IP failover
• No Live Migration
• No L2 between VMs
• Suitable for containers
VLANs
• 4k limit
• No failure isolation
domain
• Spanning many ToRs
• Physical device
configuration
Overlay
• Simple physical
network
• L3 between ToRs
• Controllers
orchestrate tunnel
mesh for VM
• Overlapping, NFV, VNF
Legacy - not
suitable for
cloud
Future - cloud
native
applications

• NFV & VNF - LBaaS, VPNaaS
• Direct traffic datapath - East-West & North-South
• North-South - must be routed on physical routers
• Multiple external networks
• Performance & Scaling
• Bare metal connection (non virtualized servers)
SDN key criterias for enterprise

• Open source
• L3VPN, EVPN capabilities
• Multi cloud solution - Kubernetes, KVM, other
hypervisors
• Integration of physical LbaaS
• IPv6 support
• Intel DPDK, SR-IOV
SDN optionals for service providers

• Linux bridge, OVS
• External network in
port to each
compute
• L2 underlay only
• No analytics
• Too complex
Neutron DVR Complexity

• L3/L2 compatible
• open source
• no too complex
OpenContrail

• No network node
• No proprietary gateway node
(appliances)
• MPLSoverGRE or VXLAN termination in
Network devices
• L3VPN, EVPN, OVS-DB
Direct datapath North-South, East-West

• depends on encapsulation
• depends on NIC offloading
• 4 % payload overhead
• 9.6 Gbits/s North-South, East-West with MPLSoverGRE
• 5.2 Gbits/s with OVS VXLAN
Data Plane Performance

Multi Cloud networking

Multi Cloud networking

Bare metal integration

Physical LbaaS integration

IPv6 Integration

Openstack Cluster Deployment - sample logical

Openstack Cluster Deployment - sample

OpenContrail vs Neutron DVR vs Other
OpenContrail Neutron DVR Other SDN
Licensing Fully Open Source
(Commercial
support from
Juniper)
Open Source Depends
Hypervisors
Orchestrator
KVM, VMware,
Kubernetes
KVM, VMware (limited),
Docker
Depends
Gateway
Routing
(South-
North)
Any arbitrary Edge
Router (supports
MPLS, GRE) Juniper
MX, Cisco ASR, etc.
Direct from each
compute.
External routing is
provided at appliances
not network devices.
Performance Near the line speed
for both directions
(9.6 Gbits on
10Gbits)
6 Gbits for East-West
and North-South
6 Gbits for East-West. For
North-South depends on
gateway appliances, but
not more than 6Gbit.

• SDN is core capability to us offer a secure multi-
tenant cloud platform
• overlay solutions provide a strong network isolation
and access control
• Overlay provide tight container - VM integration
SDN Conclusion

Contrail is available as Open Source
www.opencontrail.org. Commercial support available from Juniper.
www.opentcpcloud.org Reference Architecture for OpenStack
deployment
Same features and scaling as commercial version
Uses proven stable standards. Production-Ready.
Permissive license
Apache 2.0
tcp cloud is main contributor
Join us at OpenContrail Community

Questions?
Marek Celoud
marek.celoud@tcpcloud.eu
@MCeloud
Jakub Pavlík
jakub.pavlik@tcpcloud.eu
@JakubPav

@tcpcloud
OpenStack Summit Austion 2016