Unleash Your Potential - Namagunga Girls Coding Club
Network Virtualization for Cloud Services Infrastructure
1. Network virtualization for cloud
services infrastructure
I NDUST RIA L PR OJ E CT WI T H A LCAT E L -LUCENT
SHA HR YA R A L I
2. Problem statement
• Cloud computing has increased the requirements on the network
infrastructure.
• Traditional Data center networks are less scalable, complex and inflexible.
• Technologies like VLANs and STP does not meet the requirements of Multitenant virtualized data centers.
4. Project objectives
Investigating multitenant data centers
Investigating the
limitations of multitenant data centers
and solutions
Examining recent IETF
drafts
Use of Software
Defined Networks
Understanding
Data center
Networking
Understanding
the limitations of
Multi-tenant data
centers
Comparative
Analysis
OpenFlow as
control plane for
VXLAN
Analyzing Multitenant virtualized
data centers
Analyzing the
Network
virtualization
solutions.
Limitations of
VXLAN
Lab Simulation
Proposing an
OpenStack based
solution
5. Literature Review : Cloud Computing
• Cloud Computing types
1.
Public
2.
Private
3.
Hybrid
• Cloud Computing types of service
1.
Software as a service (SaaS)
2.
Platform as a service (PaaS)
3.
Infrastructure as a service (IaaS)
6. Literature review : Virtualization
• Virtualization basics
2.
Virtual machine(VM)
• Why virtualize?
1. To avoid server sprawl
2. Reduce costs
3. Isolate applications
VM2
Application
Application
Guest OS
Virtual Hardware
Hypervisor
VM1
Guest OS
1.
Virtual Hardware
Host Operating system or Hypervisor
Physical Server (Memory, CPU)
7. Investigating multi-tenant virtualized Data
centers
Data center Networking
• Data center networking architecture
1.
Core layer
2.
Aggregation layer
3.
Access layer
• Networking protocols essentials
1.
IP, TCP, UDP
2.
ARP, Ethernet
3.
VLANs and STP
8. Multi-tenant virtualized data centers
• Multi-tenancy
• Multi-tenant data center designs
1.
Top of Rack(ToR)
2.
End of Row(EoR)
10. Understanding the limitations of multi-tenant
data centers
• VLAN limitations
• 12 bit VLAN ID
• STP limitations
• Limits bandwidth
• Multi-tenant address separation
• Duplicate IP and MAC addresses
• VM mobility
• Mobility across subnets
• Slow convergence
• Complexity
• No dynamic provisioning
11. What is Network virtualization?
Faithful reproduction of the physical
network .
• Use of overlay networks
1.
MAC-in-MAC encapsulation
2.
MAC-in-IP encapsulation
• Dynamic network provisioning,
simplified network management.
• Symmetry between the compute and
Network parts.
Network virtualization with L2 overlay over
L3 (MAC-in-IP encapsulation)
1.
Virtual extensible LANs( VXLAN)
2.
Network virtualization with GRE (NVGRE)
3.
Stateless transport tunneling protocol (STT)
12. Virtual extensible LANs( VXLAN)
• Backed by VMware, Cisco systems, Arista Networks, Brocade, and Redhat.
• Exclusively to address the limitations caused by multi-tenancy.
• 24-bit ID called Virtual Network Identifier (VNI).
• VXLAN uses UDP encapsulation.
13. Virtual extensible LANs( VXLAN)
• VXLAN segment identified by VNI between
tunnel endpoints called Virtual Tunnel End
Points (VTEPs).
• Ideally each VNI is associated to a seperate
multicast group.
• VTEPs join a particular multicast group
using Internet Group management
protocol(IGMP).
• Switches learn about groups using IGMP
snooping.
14. NVGRE
• Backed by Microsoft, HP, and Dell.
STT
• STT is VMware’s (originally Nicira’s) proposal.
• Addresses the same problems as VXLAN. • Also addresses the problem of large packets
size (MTU) which VXLAN and NVGRE does
not.
• Generic routing encapsulation(GRE) as a
tunneling protocol.
• STT leverages the advantages of TSO(TCP
segmentation offload).
15. OpenFlow and Network virtualization
• Control plane in the controller and Data plane in the
switch.
• The action of the switch depends on the rule on which
the packet header is defined.
• Network virtualization through Flowvisor.
• OpenFlow in multi-tenant data centers
1.
To remove VLAN limitations
2.
On-demand tenant network configuration
3.
Vendor independence
16. Comparative analysis
• VXLAN versus NVGRE and STT
1.
Existing switches does not parse GRE
completely.
2.
Load balancing, firewalls and ACLs issues with
NVGRE.
3.
Large and dominant vendor community.
4.
Firewalls more likely to block STT.
• VXLAN versus MPLS
1.
Hypervisor vendors use only layer 2 model.
2.
Networking gear in the data centers does not
support MPLS.
VXLAN
NVGRE
• VMware ESXi
• Cisco Nexus 1000V
• OpenvSwitch 1.10.0
• Microsoft Windows
Server 2012
• Openvswitch 1.10.0
• Latest additions:
• Arista 7150 Series[58]
• Nauge Networks
DVRS [59]
• Brocade ADX Series
• F5 Big IP platform
• Latest additions:
• Arista 7150 Series
17. OpenFlow as control plane for VXLAN
• Limitations of VXLAN
1.
IP Multicast
2.
No control plane specified
• Advantages of OpenFlow based control
plane
1.
Less processing Load on Hypervisor.
2.
On demand flow entries.
3.
No control plane protocols in switch.
19. Lab Simulation
Tasks:
• Connecting Floodlight controller to
Open vSwitch
• Pushing static flows in Floodlight
controller using REST API
Results:
• Only point to point tunnels can be created as
there is no multicast learning in Open vSwitch.
• It is less scalable and no dynamic provisioning of
virtual networks is possible.
Solution :
• Require to build a controller module to enable
IGMP snooping.
• VXLAN tunnel configuration
between two isolated bridges
• Integrate a cloud orchestration system like
OpenStack to access the VNI to multicast
mapping.
20. Integrating OpenStack with OpenFlow based
VXLAN solution
• OpenStack can be used to provide a management
plane.
• OpenStack with Open vSwitch can be directly used
to create VXLAN tunnels using the OVS plugin.
• OpenFlow can discover the database of virtual
networks from OpenStack using the OpenStack
APIs.
21. Conclusion and Recommendations
• Traditional data centers networking needs to change to meet the requirements of
cloud computing.
• Network virtualization using overlays can address most or all of the limitations.
• VXLAN is the most viable overlay mechanism .
• OpenFlow can work as a potential control plane for VXLAN.
• Integrating OpenStack can further optimize the network virtualization solution.
22. References
• “VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks”, working
draft, version 4, Network Working Group, IETF, February 2013.
• Sridharan, M., "NVGRE: Network Virtualization using Generic Routing Encapsulation", draftsridharan-virtualization-nvgre-02, Feb 2013
• Davie, B., and J. Gross. "A stateless transport tunneling protocol for network virtualization
(STT)." draft-davie-stt-03. txt (work in progress) (2013).
• “Network Functions Virtualisation”, whitepaper, ETSI. 22 October 2012
• ONF Market Education Committee. "Software-Defined Networking: The New Norm for
Networks." ONF White Paper. Palo Alto, US: Open Networking Foundation (2012)
• “Problem Statement: Overlays for Network Virtualization draft-ietf-nvo3-overlay-problemstatement-04 ”, working draft, Network Working Group, IETF, May 2013.
23. References
• Network Virtualization Platform”, whitepaper, Nicira, 2013.
• “Virtualized services platform release 1.0 , whitepaper, Nuage Networks-An Alcatel-Lucent Venture,
2013
• Sherwood, Rob, et al. "Flowvisor: A network virtualization layer." OpenFlow Switch Consortium, Tech.
Rep (2009).
• Project Floodlight, Big Switch networks. http://www.projectfloodlight.org/floodlight.
• Open source software for building private and public clouds .Available: http://www.openstack.org/.
• Neutron plugins, https://wiki.openstack.org/wiki/Neutron.