SlideShare ist ein Scribd-Unternehmen logo

Private cloud networking_cloudstack_days_austin

•
•
Chiradeep Vittal
Chiradeep Vittal

Presented at CloudStack Days Austin. How to succeed in your private cloud project by simplifying networking

Technologie
1 von 27
Private  Cloud  Networking  in   Apache  CloudStack Chiradeep Vittal @chiradeep CloudStack  Days  Austin April  16  2015
Overview • Private  Cloud • Issues  in  Private  Cloud  Networking • Introduction  to  CloudStack  Networking • Basic  Zone • Advanced  Zone • Hybrid  Cloud
Private  Cloud … Datacenter CloudStack Cluster Admin/User  API App  user App  user Cloud  userx Elasticity x Pay-­‐as-­‐you-­‐go ✓Self  Service ✓Resource  sharing ✓Network  access
Private  Cloud  &  your  pets … Datacenter Legacy Cloud
Friction  in  Private  Cloud • Co-­‐existence  with  legacy  infrastructure  and   operations   • Compute,  network  and  storage  still  silo’ed. • Lack  of  DevOps mentality
Friction  in  networking • DNS  and  IPAM  automation • Security  policy  automation • Switch  /  VLAN  configuration • Infrastructure  optimized  for  N-­‐S  traffic • Integration  with  middle  boxes – Load  Balancers – NAT – IDS
Middleboxes,  VLANS,  etc Backbone/Int ernet Core Routers Access Routers Aggregation Switches Load Balancers Top of Rack Switches … … Servers Packet Filters DNS/IPAM
CloudStack  Networking • “Batteries  included  but  removable” • Network  services: – Use  built-­‐in  providers  or – Integrate  with  external  providers  or – Mix-­‐and-­‐match • KISS  principle – Master  the  simplest  network  configuration  first
Network  Services Network   Services • L2   connectivity • IPAM • DNS • Routing • ACL • Firewall • NAT • VPN • LB Network   Isolation • No  isolation • VLAN   isolation • Overlays • L3  isolation Service Providers ü Virtual appliances ü Hardware firewalls ü LB appliances ü SDN controllers ü VRF ü Hypervisor
Basic  Zone • Basic :  reduced  network  setup • Group  Based  Policy  :  Security  Groups  is  the   means  of  policy  enforcement  /  isolation • AWS  EC2-­‐Classic  emulation • High  level  policy  configuration • Scalable implementation • Least friction  
Security  Groups • All  VMs  (instances)  launched  into  one  or  more   security  groups • Default-­‐deny firewalls • Contain  Rules that  allow selected  traffic • Example: – VMs  in  ‘Web’  Security  Group  are  allowed  to   communicate  on  TCP  port  3306  to  VMs  in  ‘DB’   Security  Group – Anybody  can  talk  to  a  ‘Web’  VM  on  port  80
Web   appserver db 8080 3306 Internet 80 All  ports  are  tcp /24 192.168.1.0/24 22 management 22 Security  Groups
Security  Groups • Create  security  groups >  create  securitygroup  name=web >  create  securitygroup  name=appserver >  create  securitygroup  name=db >  create  securitygroup  name=management • Add  rules >  authorize  securitygroupingress securitygroupname=management protocol=tcp startport=22  endport=22  usersecuritygrouplist=management >  authorize  securitygroupingress securitygroupname=management protocol=tcp startport=22  endport=22  cidrlist=192.168.0.1/24 >  authorize  securitygroupingress securitygroupname=web protocol=tcp startport=80  endport=80  cidr=0.0.0.0/0 >  authorize  securitygroupingress securitygroupname=appserver protocol=tcp startport=8080  endport=8080  usersecuritygrouplist=web >  authorize  securitygroupingress securitygroupname=db protocol=tcp startport=3306  endport=3306  usersecuritygrouplist=appserver • Deploy  VMs > deploy  virtualmachine securitygroupnames=management,web displayname=web0001 > deploy  virtualmachine securitygroupnames=management,web displayname=web0002 > deploy  virtualmachine securitygroupnames=management,appserver displayname=app001 > deploy  virtualmachine securitygroupnames=management,db displayname=db0001
Properties  of  Security  Groups • Subnets  are  shared  between  accounts  /  VMs   in  a  security  group  may  not  share  a  subnet.
Properties  of  Security  Groups • Anti-­‐spoofing  protection. • Multiple  IP  addresses  per  VM  (single  NIC) • No  multicast  /  broadcast • Stateful firewall • More: https://cloudierthanthou.wordpress.com/2015/04/07/cloudstack-­‐basic-­‐networking-­‐deeper-­‐dive/
Scaled  out  network  for  Basic  Zone … Servers Leaf Routers Spine Routers Host-based firewalls and ACL Server Load Balancing Backbone/Int ernet
10.1.0.0/2 4 L3  Core Rack  1  L2   Switch Rack 24  L2   Switch 10.22.16.0/24 VM  1 10.1.0.2 VM  2 10.1.0.3 VM  3 10.1.0.99 Rack  1  Host  1 VM  4 10.1.0.43 VM  5 10.1.0.87 Rack  1  Host  8 VM  6 10.1.0.43 VM  7 10.1.0.87 Rack  24  Host  5 VM  8 10.1.0.43 10.1.0.87 Rack  24  Host  9 VM  9 VM  Placement  in  Basic  Zone
Adding  Services  to  Basic  Zone • Static  NAT  (aaS) • Load  Balancer  (aaS) • Use  Citrix  Netscaler integration  or • Run  a  PaaS on  CloudStack
Advanced  Zone • Virtual  networking  using  either – VLANs  or – Overlay • Rich  array  of  services  and  virtual  networking  providers • Out-­‐of-­‐the-­‐box  (batteries  included) – VLAN,  GRE  isolation – Virtual  Router  provides  scale  out  (per  tenant)  services  including • VPNaaS • LBaaS • FWaaS • DHCP,  DNS – Physical  Device  Integration  via  plugins • F5,  Netscaler • Juniper  SRX
Keeping  it  simple • Network  Offerings   – Catalog  of  potential  virtual  network  designs – Created  by  operator • Simplest  network  offering  :“Shared  Network” – Only  services  offered  are • DNS,  DHCP • User  data,  password  change – VLAN-­‐based  virtual  networks – Inter-­‐network  routing  using  static  routing  in  TOR
Service  insertion  with  VLANs 10.1.1.5 Tenant 2 VM 2 Tenant 2 VM 3 Tenant 2 VM 1 Tenant 2 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 VPN NAT DHCP 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 2 Edge Services Appliance Public IP address 65.37.141.24 65.37.141.80 Internet / rest of DC Tenant 1 VM 4 Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 “Public Network” Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 NAT DHCP FW Public IP address 65.37.141.11 65.37.141.36 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 1 Edge Services Appliance(s) Tenant 1 Edge Services Appliance(s) Load Balancing Public  IPs  can  be  RFC1918 Virtual Router
Device  Integration 10.1.1.0/24 VLAN 100 DHCP, DNS CS Virtual Router 10.1.1.11265.37.141.112 10.1.1.2 VM 1 10.1.1.3 VM 2 10.1.1.4 VM 3 10.1.1. 5 VM 4 Netscaler Load Balancer 10.1.1.165.37.141.111 Juniper SRX Firewall NAT, VPN
Multi-­‐tier  virtual  networking VLAN2724 DB VM 1 Web VM 1 Web VM 3 Web VM 2 VLAN101 App VM 1 App VM 2 VLAN398Virtual Router Internet / Rest of DC Remote DC IPSec VPN Integration VLANLoadbalancer   (HW  or   Virtual) Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress]
Virtual  networking  with  overlays GREKEY2724 DB VM 1 Web VM 1 Web VM 3 Web VM 2 GREKEY101 App VM 1 App VM 2 GREKEY398VR + vSwitches Internet / Rest of DC Remote DC IPSec VPN Private GatewayLoadbalancer   (Virtual) Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress]
SDN  /  Other  Overlays/Other  Devices • Plugins  available  for – Midokura – NVP – Nuage – BigSwitch – Palo  Alto • VxLAN on  KVM
Private   Cloud Your   Workload “On  prem” Public  Cloud Hybrid  Cloud  Networking • AWS  VPN  Gateway • AWS  Direct  Connect • Google  Carrier  Interconnect • GCE  VPN • Azure  ExpressRoute • Azure  VPN • Citrix  CloudBridge Your  router
Wrap-­‐up • Private  Cloud  :  Keep  it  simple • Choose  Basic  Zone  for – Simplicity – Low  friction – Scale – Cost • Choose  Advanced  Zone  for – vSphere – Multiple  NICs – IPv6 – Control  over  IP  addressing – Device  integration • Start  with  simplest  network  offering  with  Advanced  Zone

Empfohlen

Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13Chiradeep Vittal
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribibuildacloud
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 
Neutron scaling
Neutron scalingNeutron scaling
Neutron scalingVinay Bannai
 
Neutron scale
Neutron scaleNeutron scale
Neutron scaleJustin Hammond
 
OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise Cisco Canada
 

Empfohlen

Network Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackNetwork Functions Virtualization and CloudStack
Network Functions Virtualization and CloudStackChiradeep Vittal
 
Directions for CloudStack Networking
Directions for CloudStack NetworkingDirections for CloudStack Networking
Directions for CloudStack NetworkingChiradeep Vittal
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13Chiradeep Vittal
 
L4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef LaribiL4-L7 services for SDN and NVF by Youcef Laribi
L4-L7 services for SDN and NVF by Youcef Laribibuildacloud
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 
Neutron scaling
Neutron scalingNeutron scaling
Neutron scalingVinay Bannai
 
Neutron scale
Neutron scaleNeutron scale
Neutron scaleJustin Hammond
 
OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise OpenStack Deployment in the Enterprise
OpenStack Deployment in the Enterprise Cisco Canada
 
Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack NetworkingShapeBlue
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
CloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack - Open Source Cloud Computing Project
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftDaniel Krook
 
Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Keith Tobin
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack openstackcisco
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Cloud Native Day Tel Aviv
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle ShapeBlue
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Apache Kafka Security
Apache Kafka Security Apache Kafka Security
Apache Kafka Security DataWorks Summit/Hadoop Summit
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDNinakipascual
 
High Availability for OpenStack
High Availability for OpenStackHigh Availability for OpenStack
High Availability for OpenStackKamesh Pemmaraju
 
OpenStack HA
OpenStack HAOpenStack HA
OpenStack HAKenneth Hui
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...Cloud Native Day Tel Aviv
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupShapeBlue
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Networks
 
Guaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike TutkowskiGuaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike Tutkowskibuildacloud
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure ServicesBizTalk360
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack NetworkingShapeBlue
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - PivotalOpenStack Korea Community
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftDaniel Krook
 
Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Keith Tobin
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack openstackcisco
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Cloud Native Day Tel Aviv
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle ShapeBlue
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceEvan McGee
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDNinakipascual
 
High Availability for OpenStack
High Availability for OpenStackHigh Availability for OpenStack
High Availability for OpenStackKamesh Pemmaraju
 
OpenStack HA
OpenStack HAOpenStack HA
OpenStack HAKenneth Hui
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...Cloud Native Day Tel Aviv
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupShapeBlue
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Networks
 
Guaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike TutkowskiGuaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike Tutkowskibuildacloud
 

Was ist angesagt? (20)

Introduction to CloudStack Networking
Introduction to CloudStack NetworkingIntroduction to CloudStack Networking
Introduction to CloudStack Networking
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
CloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community works
 
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack SwiftAdvanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
Advanced Data Retrieval and Analytics with Apache Spark and Openstack Swift
 
Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)Openstack architecture for the enterprise (Openstack Ireland Meet-up)
Openstack architecture for the enterprise (Openstack Ireland Meet-up)
 
Agile Networking with OpenStack
Agile Networking with OpenStack Agile Networking with OpenStack
Agile Networking with OpenStack
 
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
Avishay Traeger & Shimshon Zimmerman, Stratoscale - Deploying OpenStack Cinde...
 
Simplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with RomanaSimplifying the OpenStack and Kubernetes network stack with Romana
Simplifying the OpenStack and Kubernetes network stack with Romana
 
CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle CloudStack European User Group - controlCircle
CloudStack European User Group - controlCircle
 
FreeSWITCH as a Microservice
FreeSWITCH as a MicroserviceFreeSWITCH as a Microservice
FreeSWITCH as a Microservice
 
Apache Kafka Security
Apache Kafka Security Apache Kafka Security
Apache Kafka Security
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDN
 
High Availability for OpenStack
High Availability for OpenStackHigh Availability for OpenStack
High Availability for OpenStack
 
OpenStack HA
OpenStack HAOpenStack HA
OpenStack HA
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack
 
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
OpenStack & OVS: From Love-Hate Relationship to Match Made in Heaven - Erez C...
 
Solid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User GroupSolid fire cloudstack storage overview - CloudStack European User Group
Solid fire cloudstack storage overview - CloudStack European User Group
 
Cumulus Linux 2.5 Overview
Cumulus Linux 2.5 OverviewCumulus Linux 2.5 Overview
Cumulus Linux 2.5 Overview
 
Guaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike TutkowskiGuaranteeing Storage Performance by Mike Tutkowski
Guaranteeing Storage Performance by Mike Tutkowski
 

Ähnlich wie Private cloud networking_cloudstack_days_austin

DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure ServicesBizTalk360
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master classCitrix
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stackNitin Mehta
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overviewhowie YU
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep DiveDocker, Inc.
 
Docker 1.12 networking deep dive
Docker 1.12 networking deep diveDocker 1.12 networking deep dive
Docker 1.12 networking deep diveMadhu Venugopal
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailPriti Desai
 
cyfuture-dc-services
cyfuture-dc-services cyfuture-dc-services
cyfuture-dc-services Vishal Yadav
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...Guillaume Morini
 
eMagic-Data Center Management System
eMagic-Data Center Management SystemeMagic-Data Center Management System
eMagic-Data Center Management SystemSandesh Sonar
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884Nisha Qazi
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014Amazon Web Services
 

Ähnlich wie Private cloud networking_cloudstack_days_austin (20)

DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master class
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overview
 
Hacking apache cloud stack
Hacking apache cloud stackHacking apache cloud stack
Hacking apache cloud stack
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
 
Cloud stack overview
Cloud stack overviewCloud stack overview
Cloud stack overview
 
Citrix Day 2015 Net Scaler Release 10.5 Update v10
Citrix Day 2015 Net Scaler Release 10.5 Update v10Citrix Day 2015 Net Scaler Release 10.5 Update v10
Citrix Day 2015 Net Scaler Release 10.5 Update v10
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
Docker Networking Deep Dive
Docker Networking Deep DiveDocker Networking Deep Dive
Docker Networking Deep Dive
 
Docker 1.12 networking deep dive
Docker 1.12 networking deep diveDocker 1.12 networking deep dive
Docker 1.12 networking deep dive
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
 
cyfuture-dc-services
cyfuture-dc-services cyfuture-dc-services
cyfuture-dc-services
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
 
eMagic-Data Center Management System
eMagic-Data Center Management SystemeMagic-Data Center Management System
eMagic-Data Center Management System
 
State of the OpenDaylight Union
State of the OpenDaylight UnionState of the OpenDaylight Union
State of the OpenDaylight Union
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
 

Mehr von Chiradeep Vittal

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureChiradeep Vittal
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackChiradeep Vittal
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackChiradeep Vittal
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)Chiradeep Vittal
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopChiradeep Vittal
 
Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Chiradeep Vittal
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)Chiradeep Vittal
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Chiradeep Vittal
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 

Mehr von Chiradeep Vittal (12)

Loadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro servicesLoadbalancers: The fabric for your micro services
Loadbalancers: The fabric for your micro services
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
Load Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native ArchitectureLoad Balancing for Containers and Cloud Native Architecture
Load Balancing for Containers and Cloud Native Architecture
 
StackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStackStackWatch: A prototype CloudWatch service for CloudStack
StackWatch: A prototype CloudWatch service for CloudStack
 
StackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStackStackMate - CloudFormation for CloudStack
StackMate - CloudFormation for CloudStack
 
SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)SDN in Apache CloudStack (ApacheCon NA 2013)
SDN in Apache CloudStack (ApacheCon NA 2013)
 
Scalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache HadoopScalable Object Storage with Apache CloudStack and Apache Hadoop
Scalable Object Storage with Apache CloudStack and Apache Hadoop
 
Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)Networking in the Cloud Age (LISA 2012 Tutorial)
Networking in the Cloud Age (LISA 2012 Tutorial)
 
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
The Future of Apache CloudStack (Not So Cloudy) (Collab 2012)
 
Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)Evolution of CloudStack Architecture (Collab 2012)
Evolution of CloudStack Architecture (Collab 2012)
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStack
 
CloudStack + SDN
CloudStack + SDNCloudStack + SDN
CloudStack + SDN
 

KĂźrzlich hochgeladen

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

KĂźrzlich hochgeladen (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Private cloud networking_cloudstack_days_austin

  • 1. Private  Cloud  Networking  in   Apache  CloudStack Chiradeep Vittal @chiradeep CloudStack  Days  Austin April  16  2015
  • 2. Overview • Private  Cloud • Issues  in  Private  Cloud  Networking • Introduction  to  CloudStack  Networking • Basic  Zone • Advanced  Zone • Hybrid  Cloud
  • 3. Private  Cloud … Datacenter CloudStack Cluster Admin/User  API App  user App  user Cloud  userx Elasticity x Pay-­‐as-­‐you-­‐go ✓Self  Service ✓Resource  sharing ✓Network  access
  • 4. Private  Cloud  &  your  pets … Datacenter Legacy Cloud
  • 5. Friction  in  Private  Cloud • Co-­‐existence  with  legacy  infrastructure  and   operations   • Compute,  network  and  storage  still  silo’ed. • Lack  of  DevOps mentality
  • 6. Friction  in  networking • DNS  and  IPAM  automation • Security  policy  automation • Switch  /  VLAN  configuration • Infrastructure  optimized  for  N-­‐S  traffic • Integration  with  middle  boxes – Load  Balancers – NAT – IDS
  • 7. Middleboxes,  VLANS,  etc Backbone/Int ernet Core Routers Access Routers Aggregation Switches Load Balancers Top of Rack Switches … … Servers Packet Filters DNS/IPAM
  • 8. CloudStack  Networking • “Batteries  included  but  removable” • Network  services: – Use  built-­‐in  providers  or – Integrate  with  external  providers  or – Mix-­‐and-­‐match • KISS  principle – Master  the  simplest  network  configuration  first
  • 9. Network  Services Network   Services • L2   connectivity • IPAM • DNS • Routing • ACL • Firewall • NAT • VPN • LB Network   Isolation • No  isolation • VLAN   isolation • Overlays • L3  isolation Service Providers ß Virtual appliances ß Hardware firewalls ß LB appliances ß SDN controllers ß VRF ß Hypervisor
  • 10. Basic  Zone • Basic :  reduced  network  setup • Group  Based  Policy  :  Security  Groups  is  the   means  of  policy  enforcement  /  isolation • AWS  EC2-­‐Classic  emulation • High  level  policy  configuration • Scalable implementation • Least friction  
  • 11. Security  Groups • All  VMs  (instances)  launched  into  one  or  more   security  groups • Default-­‐deny firewalls • Contain  Rules that  allow selected  traffic • Example: – VMs  in  ‘Web’  Security  Group  are  allowed  to   communicate  on  TCP  port  3306  to  VMs  in  ‘DB’   Security  Group – Anybody  can  talk  to  a  ‘Web’  VM  on  port  80
  • 12. Web   appserver db 8080 3306 Internet 80 All  ports  are  tcp /24 192.168.1.0/24 22 management 22 Security  Groups
  • 13. Security  Groups • Create  security  groups >  create  securitygroup  name=web >  create  securitygroup  name=appserver >  create  securitygroup  name=db >  create  securitygroup  name=management • Add  rules >  authorize  securitygroupingress securitygroupname=management protocol=tcp startport=22  endport=22  usersecuritygrouplist=management >  authorize  securitygroupingress securitygroupname=management protocol=tcp startport=22  endport=22  cidrlist=192.168.0.1/24 >  authorize  securitygroupingress securitygroupname=web protocol=tcp startport=80  endport=80  cidr=0.0.0.0/0 >  authorize  securitygroupingress securitygroupname=appserver protocol=tcp startport=8080  endport=8080  usersecuritygrouplist=web >  authorize  securitygroupingress securitygroupname=db protocol=tcp startport=3306  endport=3306  usersecuritygrouplist=appserver • Deploy  VMs > deploy  virtualmachine securitygroupnames=management,web displayname=web0001 > deploy  virtualmachine securitygroupnames=management,web displayname=web0002 > deploy  virtualmachine securitygroupnames=management,appserver displayname=app001 > deploy  virtualmachine securitygroupnames=management,db displayname=db0001
  • 14. Properties  of  Security  Groups • Subnets  are  shared  between  accounts  /  VMs   in  a  security  group  may  not  share  a  subnet.
  • 15. Properties  of  Security  Groups • Anti-­‐spoofing  protection. • Multiple  IP  addresses  per  VM  (single  NIC) • No  multicast  /  broadcast • Stateful firewall • More: https://cloudierthanthou.wordpress.com/2015/04/07/cloudstack-­‐basic-­‐networking-­‐deeper-­‐dive/
  • 16. Scaled  out  network  for  Basic  Zone … Servers Leaf Routers Spine Routers Host-based firewalls and ACL Server Load Balancing Backbone/Int ernet
  • 17. 10.1.0.0/2 4 L3  Core Rack  1  L2   Switch Rack 24  L2   Switch 10.22.16.0/24 VM  1 10.1.0.2 VM  2 10.1.0.3 VM  3 10.1.0.99 Rack  1  Host  1 VM  4 10.1.0.43 VM  5 10.1.0.87 Rack  1  Host  8 VM  6 10.1.0.43 VM  7 10.1.0.87 Rack  24  Host  5 VM  8 10.1.0.43 10.1.0.87 Rack  24  Host  9 VM  9 VM  Placement  in  Basic  Zone
  • 18. Adding  Services  to  Basic  Zone • Static  NAT  (aaS) • Load  Balancer  (aaS) • Use  Citrix  Netscaler integration  or • Run  a  PaaS on  CloudStack
  • 19. Advanced  Zone • Virtual  networking  using  either – VLANs  or – Overlay • Rich  array  of  services  and  virtual  networking  providers • Out-­‐of-­‐the-­‐box  (batteries  included) – VLAN,  GRE  isolation – Virtual  Router  provides  scale  out  (per  tenant)  services  including • VPNaaS • LBaaS • FWaaS • DHCP,  DNS – Physical  Device  Integration  via  plugins • F5,  Netscaler • Juniper  SRX
  • 20. Keeping  it  simple • Network  Offerings   – Catalog  of  potential  virtual  network  designs – Created  by  operator • Simplest  network  offering  :“Shared  Network” – Only  services  offered  are • DNS,  DHCP • User  data,  password  change – VLAN-­‐based  virtual  networks – Inter-­‐network  routing  using  static  routing  in  TOR
  • 21. Service  insertion  with  VLANs 10.1.1.5 Tenant 2 VM 2 Tenant 2 VM 3 Tenant 2 VM 1 Tenant 2 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 VPN NAT DHCP 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 2 Edge Services Appliance Public IP address 65.37.141.24 65.37.141.80 Internet / rest of DC Tenant 1 VM 4 Tenant 1 VM 1 Tenant 1 VM 2 Tenant 1 VM 3 “Public Network” Tenant 1 Virtual Network 10.1.1.0/24 Gateway address 10.1.1.1 NAT DHCP FW Public IP address 65.37.141.11 65.37.141.36 10.1.1.2 10.1.1.3 10.1.1.4 Tenant 1 Edge Services Appliance(s) Tenant 1 Edge Services Appliance(s) Load Balancing Public  IPs  can  be  RFC1918 Virtual Router
  • 22. Device  Integration 10.1.1.0/24 VLAN 100 DHCP, DNS CS Virtual Router 10.1.1.11265.37.141.112 10.1.1.2 VM 1 10.1.1.3 VM 2 10.1.1.4 VM 3 10.1.1. 5 VM 4 Netscaler Load Balancer 10.1.1.165.37.141.111 Juniper SRX Firewall NAT, VPN
  • 23. Multi-­‐tier  virtual  networking VLAN2724 DB VM 1 Web VM 1 Web VM 3 Web VM 2 VLAN101 App VM 1 App VM 2 VLAN398Virtual Router Internet / Rest of DC Remote DC IPSec VPN Integration VLANLoadbalancer   (HW  or   Virtual) Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress]
  • 24. Virtual  networking  with  overlays GREKEY2724 DB VM 1 Web VM 1 Web VM 3 Web VM 2 GREKEY101 App VM 1 App VM 2 GREKEY398VR + vSwitches Internet / Rest of DC Remote DC IPSec VPN Private GatewayLoadbalancer   (Virtual) Network Services • IPAM • DNS • LB [intra] • S-2-S VPN • Static Routes • ACLs • NAT, PF • FW [ingress & egress]
  • 25. SDN  /  Other  Overlays/Other  Devices • Plugins  available  for – Midokura – NVP – Nuage – BigSwitch – Palo  Alto • VxLAN on  KVM
  • 26. Private   Cloud Your   Workload “On  prem” Public  Cloud Hybrid  Cloud  Networking • AWS  VPN  Gateway • AWS  Direct  Connect • Google  Carrier  Interconnect • GCE  VPN • Azure  ExpressRoute • Azure  VPN • Citrix  CloudBridge Your  router
  • 27. Wrap-­‐up • Private  Cloud  :  Keep  it  simple • Choose  Basic  Zone  for – Simplicity – Low  friction – Scale – Cost • Choose  Advanced  Zone  for – vSphere – Multiple  NICs – IPv6 – Control  over  IP  addressing – Device  integration • Start  with  simplest  network  offering  with  Advanced  Zone