SlideShare ist ein Scribd-Unternehmen logo

Implementing an IPv6 Enabled Environment for a Public Cloud Tenant

Shixiong Shang
Shixiong Shang

"Implementing an IPv6 Enabled Environment for a Public Cloud Tenant" case study I delivered in OpenStack Vancouver Summit (May, 2015) jointly with Anik and Sharmin from Cisco System.

Internet
1 von 22
Downloaden Sie, um offline zu lesen
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant Sharmin Choksey (Cisco), Anik Mazumder (Cisco), Shixiong Shang (Nephos6) * OpenStack is a trademark of OpenStack Foundation
Introduction 2 Sharmin  Choksey   Technical  Leader   Cisco  Systems  Inc.   Email:  schoksey@cisco.com Shixiong  Shang   Chief  Technology  Officer   Nephos6  (A  Cloud  and  IPv6  Company)   Twitter:  @shshang   Email:  shshang@nephos6.com Anik  Mazumder   Architect   Cisco  Systems  Inc.   Email:  amazumde@cisco.com  
Agenda IPv6 in Public Cloud Overview Architecture and Design Challenges Scalability and Performance Lessons and Learns Next Steps 3
IPv6 in Public Cloud Overcome public IP (v4) exhaustion problem by moving to IPv6 Build a public cloud without the complexities of overlapping IP address space or NAT Telcos and Mobile providers need IPv6 to cloud enable their services Facilitate cloud adoption of highly distributed services like IOE/IOT Facilitate adoption of IPv6 in public clouds Allow tenants to embrace IPv6 for their business needs Facilitate cloud adoption of network centric services Increasing demand from Asia 4
IPv6 in Public Cloud 5
Logical Architecture – Icehouse OSP 5 on RHEL 7 6 M M M Storage)Cluster RBD)Computes)Nodes Local)Storage Local)Compute Network)Nodes
Logical Scope 7 Neutron  Network  Node Neutron  Network  Node Open  vSwitch  (br-­‐int) tap-­‐  interface qdhcp  namespace dhcp  agent metadata   agent ovs   agent Open  vSwitch  (br-­‐ex) eth1 Nova  Compute  Node Nova  Compute  Node Dual  Stack  VM vnic  (ipv4  and  ipv6) Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) eth1 VLAN  Trunking HSRP ovs   agent IPv6  Router  Advertisement:            IPv6  Prefix          Default  GW  LLA          A=1,  M=0,  O=1  (dhcpv6  stateless) Linux  Bridge  (qbr) DHCPv6  Info-­‐Request DNSMASQ          dhcpv6  stateless  server          ipv4  dhcp  server DHCPv6  Info-­‐Reply   (from  dnsmasq) Provider  Networks
HSRP Challenges - Security: Reconnaissance Attack 8 VLAN  Trunking Nova  Compute  Node eth1 Linux  Bridge  (qbr) qbrd94e5c3e-­‐94:   flags=4163<UP,BROADCAST,RUNNING,MULTICAST>    mtu   1500                  inet6  fe80::493:bff:fead:c085    prefixlen  64    scopeid   0x20<link>                  ether  f2:de:90:e5:04:bf    txqueuelen  0    (Ethernet) ping6  -­‐I  eth0  ff02::1   64  bytes  from  fe80::493:bff:fead:c085:  icmp_seq=1  ttl=64   time=0.046  ms SLAAC  auto-­‐configures  various  ports   (qbr-­‐*,  qvb-­‐*,  qvo-­‐*,  int-­‐br-­‐ex,  phy-­‐br-­‐ex)     on  Compute  node  with  IPv6  Link  Local  Address Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) Hello,  my  neighbors! Hacker  can  try  to  gain  the  access  to  the  hypervisor   via  the  IPv6  Link  Local  Address    ssh  root@fe80::493:bff:fead:c085%eth0 echo  'net.ipv6.conf.default.disable_ipv6=1'  >>  /etc/sysctl.conf   echo  'net.ipv6.conf.all.disable_ipv6  =  1'  >>  /etc/sysctl.conf   sysctl  -­‐p
Challenges - Security: RA Guard 9 Neutron  Network  Node Open  vSwitch  (br-­‐int) tap-­‐  interface qdhcp  namespace DNSMASQ          dhcpv6  stateless  server          ipv4  dhcp  server Nova  Compute  Node Dual  Stack  VM vnic  (ipv4  and  ipv6) Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) VLAN  Trunking Linux  Bridge  (qbr) Nova  Compute  Node Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) Linux  Bridge  (qbr) Bogus  IPv6  RA   (i.e.  Blackhole  tenant   IPv6  traffic!) Legitimate  IPv6  RA   (from  upstream  router)   eth1 eth1 Open  vSwitch  (br-­‐ex) HSRP
Challenges - Security: DHCPv6 Guard 10 Neutron  Network  Node qdhcp  namespace eth1 Nova  Compute  Node Dual  Stack  VM vnic  (ipv4  and  ipv6) eth1 VLAN  Trunking Nova  Compute  Node DHCPv6  Info-­‐Request Bogus  DHCPv6     Info-­‐Reply   (i.e.  Poison  tenant   nameserver  entry) DHCPv6  Info-­‐Reply   (from  dnsmasq) ff02::1:2      udp/547 DNSMASQ          dhcpv6  stateless  server          ipv4  dhcp  server Open  vSwitch  (br-­‐int) tap-­‐  interface Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) Linux  Bridge  (qbr) Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) Linux  Bridge  (qbr) Open  vSwitch  (br-­‐ex) HSRP
Changes on Network Infrastructure 11 vlan  803    name  customer-­‐1   vlan  configuration  800    no  ip  igmp  snooping  optimise-­‐multicast-­‐flood vpc  domain  5      peer-­‐switch      role  priority  1      system-­‐priority  100      peer-­‐keepalive  destination  1.1.1.2  source  1.1.1.1  vrf  vpc      peer-­‐gateway      auto-­‐recovery      ip  arp  synchronize      ipv6  nd  synchronize interface  Vlan803      mtu  9216      vrf  member  customer      no  ip  redirects      ip  address  192.168.254.2/24      ipv6  address  2001:db8:cafe:b::2/64      ipv6  nd  other-­‐config-­‐flag      ipv6  nd  prefix  2001:db8:cafe:b::/64      no  ipv6  redirects      ip  arp  timeout  1740      hsrp  version  2      hsrp  803            …      hsrp  803  ipv6          authentication  md5  key-­‐chain  hsrp_auth          preempt  delay  minimum  600          priority  110  forwarding-­‐threshold  lower  0  upper  0          ip  autoconfig          track  1  decrement  20      no  shutdown
Operational Challenges 12 Image support (SLAAC + dhcpv6 Stateless)   – CentOS (6,7) RHEL (6,7) W2K8 Ubuntu(Trusty) – SLAAC supported by all – DHCP client behavior needed fix for CentOS, RHEL and Ubuntu IPv6 guest enablement criteria   – Incorrect usage of host level sysctl flags – Gating criteria has no effect on IPv6 traffic forwarding IPv6 system of record inconsistencies   – Dual-stacking an existing IPv4-only network – IPv6 SLAAC on the pre-existing IPv4 VMs   – SOR inconsistencies + missing IPv6 fire-walling Subnet validation between v4 and v6   – force_gateway_on_subnet flag   – Incorrect validation for IP in Subnet of an IPv4 scheme against an IPv6 address Compute host – Stability failures e.g. tap interfaces DOWN “Use  the  force,  Read  the  source”
Scale Testing Tools and Process 13 Objectives   – Test bed of 4K interfaces for IPv4 &IPv6 each – Generate ICMP/ICMP6 traffic for the interfaces – Test dhcp-agent (dnsmasq) resiliency – Test metada-agent resiliency – Test bed stability over a period of time Scenarios   – 2K dual stack, dual vNic VMs – 50 concurrent VM boots/reboots – Total of 8K interfaces across 3 networks performing dhcp offers/acks, dns-info, dhcp renewals – ICMP/ICMP6 across all 8K interfaces Process/Tools   – iPerf scripts – In-house scale test python package – Supports concurrent operations – VM boot, reboot, icmp/6, discovery, console_log – verification for cloud-init customizations
Scale Testing Topology / Hardware Specs 14 OpenStack  Controllers   ✓ 35  Controller  VMs  on  Service  Cloud    C240  servers   Compute  Capacity  (approx  single  core  vCPU  per  Node)   ✓ 2  x  B200s  (2x10  Physical  CPU,  256G  Mem)   ✓ 16  x  C220  (2x10  Physical  CPU,  256G  Mem)   ✓ Oversubscription  ratios  (4.0x  cpu,  1.5x  ram)   Network  Nodes   ✓ 4  x  B200M3  (all  neutron  agents)   ✓ DHCP  agents  per  network  2   ✓ 3  provider  vlan  networks  (IPv4,  IPv6)   Ceph  Cluster  (Shared)   ✓ 3  x  C220  for  Mon   ✓ 3  x  C220  Rados  GW   ✓ 6  x  C240  OSDs   Test  VM  Configuration   ✓ Flavor  Specs  (1  vCPU,  1G  RAM,  5G  Disk)   ✓ Image  (cirros-­‐0.3.3-­‐x86_64-­‐disk)   ✓ 2  vNics  per  Dual  Stack  VM
Scale Testing - VM distribution / Boot times 15
Performance and Scale - PING 16 IPv4 Min Response Time ResponseTime(ms) 0 0.065 0.13 0.195 0.26 Number of VMs 0 25 50 75 100 IPv4 Avg Response Time ResponseTime(ms) 0 0.15 0.3 0.45 0.6 Number of VMs 0 25 50 75 100 IPv4 Max Response Time ResponseTime(ms) 0 2.5 5 7.5 10 Number of VMs 0 25 50 75 100 IPv6 Min Response Time ResponseTime(ms) 0 0.065 0.13 0.195 0.26 Number of VMs 0 25 50 75 100 IPv6 Avg Response Time ResponseTime(ms) 0 0.15 0.3 0.45 0.6 Number of VMs 0 25 50 75 100 IPv6 Max Response Time ResponseTime(ms) 0 2.5 5 7.5 10 Number of VMs 0 25 50 75 100
IPv4 v.s. IPv6 Throughput Within A Compute Node 17 Note:  All  tests  were  run  for  200  secs  based   on  1470  payload  size Average  IPv4  TCP   throughput*:   13.1  Gbits/sec Average  IPv6  TCP   throughput*:   12.7  Gbits/sec IPv4 UDP Throughput Throughput(Mbits/sec) 0 175 350 525 700 Number of Samples 0 25 50 75 100 IPv6 UDP Throughput Throughput(Mbits/sec) 0 175 350 525 700 Number of Samples 0 25 50 75 100 Average  IPv4  UDP   throughput*:   648  Mbits/sec Average  IPv6  UDP   throughput*:   603  Mbits/sec Note:  All  tests  were  run  for  200  secs  based   on  1450  payload  size IPv6 TCP Throughput Throughput(Gbits/sec) 0 4 8 12 16 Number of Samples 0 25 50 75 100 IPv4 TCP Throughput Throughput(Gbits/sec) 0 4 8 12 16 Number of Samples 0 25 50 75 100
IPv4 v.s. IPv6 Throughput Between Two Compute Nodes 18 IPv4 TCP Throughput Throughput(Gbits/sec) 0 2.5 5 7.5 10 Number of Samples 0 25 50 75 100 IPv6 TCP Throughput Throughput(Gbits/sec) 0 2.5 5 7.5 10 Number of Samples 0 25 50 75 100 Note:  All  tests  were  run  for  200  secs  based   on  1470  payload  size Average  IPv4  TCP   throughput*:   8.57  Gbits/sec Average  IPv6  TCP   throughput*:   8.29  Gbits/sec IPv4 UDP Throughput Throughput(Mbits/sec) 0 200 400 600 800 Number of Samples 0 25 50 75 100 IPv6 UDP Throughput Throughput(Mbits/sec) 0 200 400 600 800 Number of Samples 0 25 50 75 100 Average  IPv4  UDP   throughput*:   692  Mbits/sec Average  IPv6  UDP   throughput*:   682  Mbits/sec Note:  All  tests  were  run  for  200  secs  based   on  1450  payload  size
Value Adding to Icehouse Release 19 Filled Feature Gaps   – API validation on Neutron Server is not adequate – DHCPv6 Guard   Bridged Gaps on Unit Test   – Dnsmasq process launch for IPv6 subnet in SLAAC mode was not included   – Security group and ip6table rules were not verified for DHCPv6 Stateless mode Fixed bugs   – DHCPv6 Stateful and DHCPv6 Stateless modes are treated the same   – DHCP agent cannot reload dnsmasq process properly during subnet addition/deletion   – IPv6 default route is still statically inserted Enhanced IPv6 Testing Capability   – A total of 22 Tempest functional/API/negative test cases   – A total of 14 Rally scalability/performance test scenarios We  will  contribute  back  to  the  community!
Lessons and Learns Community provides good reference architecture to the adopter. However, customization maybe be required Security, performance/scalability and operations should be taken into the consideration as part of the design Process doesn’t always introduce overhead. Right SDLC process can provide the quality assurance We need think about how IPv6 solves a problem, NOT how to solve the problem of IPv6 We invite YOU to share YOUR lessons and learns, instead of features and functionalities, to accelerate the adoption of IPv6 20
Next Steps OpenStack tenant networking Native L3 connectivity between tenant networks without the need for NAT Direct routing to Internet from Tenant networks without the need for NAT Allow tenant to choose between deploying IPv6 only, IPv4 only or Dual Stack networks Allow cloud provider to centrally manage tenant IPv6 address space – we do not have the problem of overlapping IP address space with IPv6 Allow multiple prefixes Allow private interconnects between tenant network in cloud and tenant’s own enterprise network 21
Thank  you!

Empfohlen

OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6Shixiong Shang
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6Shixiong Shang
 
Инновации Cisco для операторов связи
Инновации Cisco для операторов связиИнновации Cisco для операторов связи
Инновации Cisco для операторов связиCisco Russia
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
 
Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Cumulus Networks
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)Motonori Shindo
 

Empfohlen

OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6Shixiong Shang
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6Shixiong Shang
 
Инновации Cisco для операторов связи
Инновации Cisco для операторов связиИнновации Cisco для операторов связи
Инновации Cisco для операторов связиCisco Russia
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
 
Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Cumulus Networks
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)Motonori Shindo
 
Software Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVSoftware Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVYoshihiro Nakajima
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDCCumulus Networks
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...VirtualTech Japan Inc.
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Building Scalable Data Center Networks
Building Scalable Data Center NetworksBuilding Scalable Data Center Networks
Building Scalable Data Center NetworksCumulus Networks
 
WAN - trends and use cases
WAN - trends and use casesWAN - trends and use cases
WAN - trends and use casesMarketingArrowECS_CZ
 
Neutron IPv6
Neutron IPv6Neutron IPv6
Neutron IPv6Rohit Agarwalla
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 
BGP persistence
BGP persistenceBGP persistence
BGP persistenceBertrand Duvivier
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
Multicast in OpenStack
Multicast in OpenStackMulticast in OpenStack
Multicast in OpenStackVikram G Hosakote
 
IPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletIPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletРегистар националног Интернет домена Србије - РНИДС
 
IPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletIPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletРегистар националног Интернет домена Србије - РНИДС
 
Hurricane Electric - Ipv6 implementation in Europe
Hurricane Electric - Ipv6 implementation in EuropeHurricane Electric - Ipv6 implementation in Europe
Hurricane Electric - Ipv6 implementation in EuropeFrance IX Services
 
IPv6 Implementation challenges
IPv6 Implementation challengesIPv6 Implementation challenges
IPv6 Implementation challengesFarwa Ansari
 

Weitere ähnliche Inhalte

Was ist angesagt?

Software Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVSoftware Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVYoshihiro Nakajima
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalJim St. Leger
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDCCumulus Networks
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...VirtualTech Japan Inc.
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
Building Scalable Data Center Networks
Building Scalable Data Center NetworksBuilding Scalable Data Center Networks
Building Scalable Data Center NetworksCumulus Networks
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 

Was ist angesagt? (20)

Software Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFVSoftware Stacks to enable SDN and NFV
Software Stacks to enable SDN and NFV
 
DPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun RajagopalDPDK Summit 2015 - Sprint - Arun Rajagopal
DPDK Summit 2015 - Sprint - Arun Rajagopal
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the Host
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDC
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack Neutron
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
Building Scalable Data Center Networks
Building Scalable Data Center NetworksBuilding Scalable Data Center Networks
Building Scalable Data Center Networks
 
WAN - trends and use cases
WAN - trends and use casesWAN - trends and use cases
WAN - trends and use cases
 
Neutron IPv6
Neutron IPv6Neutron IPv6
Neutron IPv6
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface Manager
 
BGP persistence
BGP persistenceBGP persistence
BGP persistence
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
 
Multicast in OpenStack
Multicast in OpenStackMulticast in OpenStack
Multicast in OpenStack
 
IPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletIPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi Palet
 
IPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletIPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi Palet
 

Andere mochten auch

Hurricane Electric - Ipv6 implementation in Europe
Hurricane Electric - Ipv6 implementation in EuropeHurricane Electric - Ipv6 implementation in Europe
Hurricane Electric - Ipv6 implementation in EuropeFrance IX Services
 
IPv6 Implementation challenges
IPv6 Implementation challengesIPv6 Implementation challenges
IPv6 Implementation challengesFarwa Ansari
 
Implementation & Challenges of IPv6
Implementation & Challenges of IPv6 Implementation & Challenges of IPv6
Implementation & Challenges of IPv6 Farwa Ansari
 
Business plan of a software house
Business plan of a software houseBusiness plan of a software house
Business plan of a software houseFarwa Ansari
 

Andere mochten auch (6)

Hurricane Electric - Ipv6 implementation in Europe
Hurricane Electric - Ipv6 implementation in EuropeHurricane Electric - Ipv6 implementation in Europe
Hurricane Electric - Ipv6 implementation in Europe
 
IPv6 Implementation challenges
IPv6 Implementation challengesIPv6 Implementation challenges
IPv6 Implementation challenges
 
Implementation & Challenges of IPv6
Implementation & Challenges of IPv6 Implementation & Challenges of IPv6
Implementation & Challenges of IPv6
 
Ipv6
Ipv6 Ipv6
Ipv6
 
Business plan of a software house
Business plan of a software houseBusiness plan of a software house
Business plan of a software house
 
Vodafone presentation
Vodafone presentationVodafone presentation
Vodafone presentation
 

Ähnlich wie Implementing an IPv6 Enabled Environment for a Public Cloud Tenant

Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Nat Morris
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Jisc
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center supportKrunal Shah
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
OpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationOpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationStacy Véronneau
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxM.Qasim Arham
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...LinuxCon ContainerCon CloudOpen China
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane Michelle Holley
 
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...Haidee McMahon
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...LinuxCon ContainerCon CloudOpen China
 
NAT 64 FPGA Implementation
NAT 64 FPGA ImplementationNAT 64 FPGA Implementation
NAT 64 FPGA ImplementationJanith Rukman
 
Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3David Pasek
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話upaa
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 

Ähnlich wie Implementing an IPv6 Enabled Environment for a Public Cloud Tenant (20)

Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014Hardware accelerated switching with Linux @ SWLUG Talks May 2014
Hardware accelerated switching with Linux @ SWLUG Talks May 2014
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44Ipv6 deployment at the university of warwick - networkshop44
Ipv6 deployment at the university of warwick - networkshop44
 
Cisco data center support
Cisco data center supportCisco data center support
Cisco data center support
 
nested-kvm
nested-kvmnested-kvm
nested-kvm
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
OpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationOpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail Presentation
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptx
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
 
Day 20.i pv6 lab
Day 20.i pv6 labDay 20.i pv6 lab
Day 20.i pv6 lab
 
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
Intel's Out of the Box Network Developers Ireland Meetup on March 29 2017 - ...
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
 
NAT 64 FPGA Implementation
NAT 64 FPGA ImplementationNAT 64 FPGA Implementation
NAT 64 FPGA Implementation
 
Network performance test plan_v0.3
Network performance test plan_v0.3Network performance test plan_v0.3
Network performance test plan_v0.3
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Inf net2227 heath
Inf net2227 heathInf net2227 heath
Inf net2227 heath
 
FD.io - The Universal Dataplane
FD.io - The Universal DataplaneFD.io - The Universal Dataplane
FD.io - The Universal Dataplane
 

Kürzlich hochgeladen

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...sonatiwari757
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 

Kürzlich hochgeladen (20)

AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 

Implementing an IPv6 Enabled Environment for a Public Cloud Tenant

  • 1. Implementing an IPv6 Enabled Environment for a Public Cloud Tenant Sharmin Choksey (Cisco), Anik Mazumder (Cisco), Shixiong Shang (Nephos6) * OpenStack is a trademark of OpenStack Foundation
  • 2. Introduction 2 Sharmin  Choksey   Technical  Leader   Cisco  Systems  Inc.   Email:  schoksey@cisco.com Shixiong  Shang   Chief  Technology  Officer   Nephos6  (A  Cloud  and  IPv6  Company)   Twitter:  @shshang   Email:  shshang@nephos6.com Anik  Mazumder   Architect   Cisco  Systems  Inc.   Email:  amazumde@cisco.com  
  • 3. Agenda IPv6 in Public Cloud Overview Architecture and Design Challenges Scalability and Performance Lessons and Learns Next Steps 3
  • 4. IPv6 in Public Cloud Overcome public IP (v4) exhaustion problem by moving to IPv6 Build a public cloud without the complexities of overlapping IP address space or NAT Telcos and Mobile providers need IPv6 to cloud enable their services Facilitate cloud adoption of highly distributed services like IOE/IOT Facilitate adoption of IPv6 in public clouds Allow tenants to embrace IPv6 for their business needs Facilitate cloud adoption of network centric services Increasing demand from Asia 4
  • 5. IPv6 in Public Cloud 5
  • 6. Logical Architecture – Icehouse OSP 5 on RHEL 7 6 M M M Storage)Cluster RBD)Computes)Nodes Local)Storage Local)Compute Network)Nodes
  • 7. Logical Scope 7 Neutron  Network  Node Neutron  Network  Node Open  vSwitch  (br-­‐int) tap-­‐  interface qdhcp  namespace dhcp  agent metadata   agent ovs   agent Open  vSwitch  (br-­‐ex) eth1 Nova  Compute  Node Nova  Compute  Node Dual  Stack  VM vnic  (ipv4  and  ipv6) Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) eth1 VLAN  Trunking HSRP ovs   agent IPv6  Router  Advertisement:            IPv6  Prefix          Default  GW  LLA          A=1,  M=0,  O=1  (dhcpv6  stateless) Linux  Bridge  (qbr) DHCPv6  Info-­‐Request DNSMASQ          dhcpv6  stateless  server          ipv4  dhcp  server DHCPv6  Info-­‐Reply   (from  dnsmasq) Provider  Networks
  • 8. HSRP Challenges - Security: Reconnaissance Attack 8 VLAN  Trunking Nova  Compute  Node eth1 Linux  Bridge  (qbr) qbrd94e5c3e-­‐94:   flags=4163<UP,BROADCAST,RUNNING,MULTICAST>    mtu   1500                  inet6  fe80::493:bff:fead:c085    prefixlen  64    scopeid   0x20<link>                  ether  f2:de:90:e5:04:bf    txqueuelen  0    (Ethernet) ping6  -­‐I  eth0  ff02::1   64  bytes  from  fe80::493:bff:fead:c085:  icmp_seq=1  ttl=64   time=0.046  ms SLAAC  auto-­‐configures  various  ports   (qbr-­‐*,  qvb-­‐*,  qvo-­‐*,  int-­‐br-­‐ex,  phy-­‐br-­‐ex)     on  Compute  node  with  IPv6  Link  Local  Address Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) Hello,  my  neighbors! Hacker  can  try  to  gain  the  access  to  the  hypervisor   via  the  IPv6  Link  Local  Address    ssh  root@fe80::493:bff:fead:c085%eth0 echo  'net.ipv6.conf.default.disable_ipv6=1'  >>  /etc/sysctl.conf   echo  'net.ipv6.conf.all.disable_ipv6  =  1'  >>  /etc/sysctl.conf   sysctl  -­‐p
  • 9. Challenges - Security: RA Guard 9 Neutron  Network  Node Open  vSwitch  (br-­‐int) tap-­‐  interface qdhcp  namespace DNSMASQ          dhcpv6  stateless  server          ipv4  dhcp  server Nova  Compute  Node Dual  Stack  VM vnic  (ipv4  and  ipv6) Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) VLAN  Trunking Linux  Bridge  (qbr) Nova  Compute  Node Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) Linux  Bridge  (qbr) Bogus  IPv6  RA   (i.e.  Blackhole  tenant   IPv6  traffic!) Legitimate  IPv6  RA   (from  upstream  router)   eth1 eth1 Open  vSwitch  (br-­‐ex) HSRP
  • 10. Challenges - Security: DHCPv6 Guard 10 Neutron  Network  Node qdhcp  namespace eth1 Nova  Compute  Node Dual  Stack  VM vnic  (ipv4  and  ipv6) eth1 VLAN  Trunking Nova  Compute  Node DHCPv6  Info-­‐Request Bogus  DHCPv6     Info-­‐Reply   (i.e.  Poison  tenant   nameserver  entry) DHCPv6  Info-­‐Reply   (from  dnsmasq) ff02::1:2      udp/547 DNSMASQ          dhcpv6  stateless  server          ipv4  dhcp  server Open  vSwitch  (br-­‐int) tap-­‐  interface Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) Linux  Bridge  (qbr) Open  vSwitch  (br-­‐int) Open  vSwitch  (br-­‐ex) Linux  Bridge  (qbr) Open  vSwitch  (br-­‐ex) HSRP
  • 11. Changes on Network Infrastructure 11 vlan  803    name  customer-­‐1   vlan  configuration  800    no  ip  igmp  snooping  optimise-­‐multicast-­‐flood vpc  domain  5      peer-­‐switch      role  priority  1      system-­‐priority  100      peer-­‐keepalive  destination  1.1.1.2  source  1.1.1.1  vrf  vpc      peer-­‐gateway      auto-­‐recovery      ip  arp  synchronize      ipv6  nd  synchronize interface  Vlan803      mtu  9216      vrf  member  customer      no  ip  redirects      ip  address  192.168.254.2/24      ipv6  address  2001:db8:cafe:b::2/64      ipv6  nd  other-­‐config-­‐flag      ipv6  nd  prefix  2001:db8:cafe:b::/64      no  ipv6  redirects      ip  arp  timeout  1740      hsrp  version  2      hsrp  803            …      hsrp  803  ipv6          authentication  md5  key-­‐chain  hsrp_auth          preempt  delay  minimum  600          priority  110  forwarding-­‐threshold  lower  0  upper  0          ip  autoconfig          track  1  decrement  20      no  shutdown
  • 12. Operational Challenges 12 Image support (SLAAC + dhcpv6 Stateless)   – CentOS (6,7) RHEL (6,7) W2K8 Ubuntu(Trusty) – SLAAC supported by all – DHCP client behavior needed fix for CentOS, RHEL and Ubuntu IPv6 guest enablement criteria   – Incorrect usage of host level sysctl flags – Gating criteria has no effect on IPv6 traffic forwarding IPv6 system of record inconsistencies   – Dual-stacking an existing IPv4-only network – IPv6 SLAAC on the pre-existing IPv4 VMs   – SOR inconsistencies + missing IPv6 fire-walling Subnet validation between v4 and v6   – force_gateway_on_subnet flag   – Incorrect validation for IP in Subnet of an IPv4 scheme against an IPv6 address Compute host – Stability failures e.g. tap interfaces DOWN “Use  the  force,  Read  the  source”
  • 13. Scale Testing Tools and Process 13 Objectives   – Test bed of 4K interfaces for IPv4 &IPv6 each – Generate ICMP/ICMP6 traffic for the interfaces – Test dhcp-agent (dnsmasq) resiliency – Test metada-agent resiliency – Test bed stability over a period of time Scenarios   – 2K dual stack, dual vNic VMs – 50 concurrent VM boots/reboots – Total of 8K interfaces across 3 networks performing dhcp offers/acks, dns-info, dhcp renewals – ICMP/ICMP6 across all 8K interfaces Process/Tools   – iPerf scripts – In-house scale test python package – Supports concurrent operations – VM boot, reboot, icmp/6, discovery, console_log – verification for cloud-init customizations
  • 14. Scale Testing Topology / Hardware Specs 14 OpenStack  Controllers   ✓ 35  Controller  VMs  on  Service  Cloud    C240  servers   Compute  Capacity  (approx  single  core  vCPU  per  Node)   ✓ 2  x  B200s  (2x10  Physical  CPU,  256G  Mem)   ✓ 16  x  C220  (2x10  Physical  CPU,  256G  Mem)   ✓ Oversubscription  ratios  (4.0x  cpu,  1.5x  ram)   Network  Nodes   ✓ 4  x  B200M3  (all  neutron  agents)   ✓ DHCP  agents  per  network  2   ✓ 3  provider  vlan  networks  (IPv4,  IPv6)   Ceph  Cluster  (Shared)   ✓ 3  x  C220  for  Mon   ✓ 3  x  C220  Rados  GW   ✓ 6  x  C240  OSDs   Test  VM  Configuration   ✓ Flavor  Specs  (1  vCPU,  1G  RAM,  5G  Disk)   ✓ Image  (cirros-­‐0.3.3-­‐x86_64-­‐disk)   ✓ 2  vNics  per  Dual  Stack  VM
  • 15. Scale Testing - VM distribution / Boot times 15
  • 16. Performance and Scale - PING 16 IPv4 Min Response Time ResponseTime(ms) 0 0.065 0.13 0.195 0.26 Number of VMs 0 25 50 75 100 IPv4 Avg Response Time ResponseTime(ms) 0 0.15 0.3 0.45 0.6 Number of VMs 0 25 50 75 100 IPv4 Max Response Time ResponseTime(ms) 0 2.5 5 7.5 10 Number of VMs 0 25 50 75 100 IPv6 Min Response Time ResponseTime(ms) 0 0.065 0.13 0.195 0.26 Number of VMs 0 25 50 75 100 IPv6 Avg Response Time ResponseTime(ms) 0 0.15 0.3 0.45 0.6 Number of VMs 0 25 50 75 100 IPv6 Max Response Time ResponseTime(ms) 0 2.5 5 7.5 10 Number of VMs 0 25 50 75 100
  • 17. IPv4 v.s. IPv6 Throughput Within A Compute Node 17 Note:  All  tests  were  run  for  200  secs  based   on  1470  payload  size Average  IPv4  TCP   throughput*:   13.1  Gbits/sec Average  IPv6  TCP   throughput*:   12.7  Gbits/sec IPv4 UDP Throughput Throughput(Mbits/sec) 0 175 350 525 700 Number of Samples 0 25 50 75 100 IPv6 UDP Throughput Throughput(Mbits/sec) 0 175 350 525 700 Number of Samples 0 25 50 75 100 Average  IPv4  UDP   throughput*:   648  Mbits/sec Average  IPv6  UDP   throughput*:   603  Mbits/sec Note:  All  tests  were  run  for  200  secs  based   on  1450  payload  size IPv6 TCP Throughput Throughput(Gbits/sec) 0 4 8 12 16 Number of Samples 0 25 50 75 100 IPv4 TCP Throughput Throughput(Gbits/sec) 0 4 8 12 16 Number of Samples 0 25 50 75 100
  • 18. IPv4 v.s. IPv6 Throughput Between Two Compute Nodes 18 IPv4 TCP Throughput Throughput(Gbits/sec) 0 2.5 5 7.5 10 Number of Samples 0 25 50 75 100 IPv6 TCP Throughput Throughput(Gbits/sec) 0 2.5 5 7.5 10 Number of Samples 0 25 50 75 100 Note:  All  tests  were  run  for  200  secs  based   on  1470  payload  size Average  IPv4  TCP   throughput*:   8.57  Gbits/sec Average  IPv6  TCP   throughput*:   8.29  Gbits/sec IPv4 UDP Throughput Throughput(Mbits/sec) 0 200 400 600 800 Number of Samples 0 25 50 75 100 IPv6 UDP Throughput Throughput(Mbits/sec) 0 200 400 600 800 Number of Samples 0 25 50 75 100 Average  IPv4  UDP   throughput*:   692  Mbits/sec Average  IPv6  UDP   throughput*:   682  Mbits/sec Note:  All  tests  were  run  for  200  secs  based   on  1450  payload  size
  • 19. Value Adding to Icehouse Release 19 Filled Feature Gaps   – API validation on Neutron Server is not adequate – DHCPv6 Guard   Bridged Gaps on Unit Test   – Dnsmasq process launch for IPv6 subnet in SLAAC mode was not included   – Security group and ip6table rules were not verified for DHCPv6 Stateless mode Fixed bugs   – DHCPv6 Stateful and DHCPv6 Stateless modes are treated the same   – DHCP agent cannot reload dnsmasq process properly during subnet addition/deletion   – IPv6 default route is still statically inserted Enhanced IPv6 Testing Capability   – A total of 22 Tempest functional/API/negative test cases   – A total of 14 Rally scalability/performance test scenarios We  will  contribute  back  to  the  community!
  • 20. Lessons and Learns Community provides good reference architecture to the adopter. However, customization maybe be required Security, performance/scalability and operations should be taken into the consideration as part of the design Process doesn’t always introduce overhead. Right SDLC process can provide the quality assurance We need think about how IPv6 solves a problem, NOT how to solve the problem of IPv6 We invite YOU to share YOUR lessons and learns, instead of features and functionalities, to accelerate the adoption of IPv6 20
  • 21. Next Steps OpenStack tenant networking Native L3 connectivity between tenant networks without the need for NAT Direct routing to Internet from Tenant networks without the need for NAT Allow tenant to choose between deploying IPv6 only, IPv4 only or Dual Stack networks Allow cloud provider to centrally manage tenant IPv6 address space – we do not have the problem of overlapping IP address space with IPv6 Allow multiple prefixes Allow private interconnects between tenant network in cloud and tenant’s own enterprise network 21