Chair for Network Architectures and Services
Technische Universität München
Datacenter Network Virtualization in
Multi-Tenant Environments
8. DFN-Forum Kommunikationstechnologien
Viktor Goldberg, Leibniz-Rechenzentrum, TU München
Florian Wohlfart, TU München
Daniel Raumer, TU München
09.06.2015 1
Network Functions Virtualization
09.06.2015 Viktor Goldberg 2
Applications
x86 Hardware
COMPUTE VIRTUALIZATION LAYER DECOUPLED
Network Functions Virtualization
•
•
•
•
•
•
•
•
09.06.2015 Viktor Goldberg 3
Building the Network Virtualized Datacenter
•
•
•
•
•
•
•
•
Overlay Network Architecture
09.06.2015 4Viktor Goldberg
Network Virtualization Overlays
VXLAN creates logical L2 domains over standard L3 infrastructure.
• VM traffic encapsulated inside a UDP/IP frame plus VNI identifier
• VNI defines the L2 domain
• encapsulation performed by a VTEP node
• VTEP is a software or physical switch (at the ToR)
Encapsulated frames are routed to the remote VTEP.
• remote VTEP strips the IP/UDP header
• forwards original frame to the local VM
• transparent to the network core, not aware of the VXLAN overlay
• only edge VTEP nodes need to be VXLAN aware
VXLAN - How does it work?
09.06.2015 5Viktor Goldberg
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 6
Design and Architecture
•
•
•
•
controller
running in userspace
slowpath
datapath
running in kernel
fastpath
Data Plane Control Plane
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
KERNEL
Open vSwitch (OVS)
09.06.2015
Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
OpenFlow
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
OpenFlow
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
OpenFlow
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
OpenFlow
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
OpenFlow
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
OpenFlow
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
OpenFlow
USERSPACE
KERNEL
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
OpenFlow
USERSPACE
KERNEL
MGMT
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
ovs-dpctl ovs-vsctl
ovsdb-tool
OpenFlow
ovs-ofctl
USERSPACE
KERNEL
MGMT
Open vSwitch (OVS)
09.06.2015 Viktor Goldberg 7
A Deep Dive
Datapath
vswitchd ovsdb-srv
ovs-dpctl ovs-vsctl
ovsdb-tool
OpenFlow
ovs-ofctl
USERSPACE
KERNEL
MGMT
Building the Network Virtualized Datacenter
• routed traffic at the top of rack
• proven and trusted protocol for scale
• mature open standards for interoperability
• standard scalable model for virtualized and non-virtualized solutions
• minimized size of the L2 domain
• no VLAN scaling issues
Physical Infrastructure
09.06.2015 8Viktor Goldberg
Building the Network Virtualized Datacenter
Scaling an L3 network for East to West traffic
09.06.2015 9Viktor Goldberg
Network Virtualization Overlays
Mininet
• “an instant virtual network on your laptop“
• running real kernel, switch and application code in a VM
• supports Open vSwitch
Motivation
• multi-tenant environment with two tenants T1 and T2
• overlapping IP networks and addresses
• completly transparent tunneling, even broadcast traffic (like ARP, DHCP)
09.06.2015 Viktor Goldberg 10
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 11
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 11
Mininet VM Mininet VM
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 11
Mininet VM Mininet VM
DEMOSYS1
IP: 172.16.116.135
DEMOSYS2
IP: 172.16.116.136
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 11
Mininet VM Mininet VM
DEMOSYS1
IP: 172.16.116.135
DEMOSYS2
IP: 172.16.116.136
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 11
Mininet VM Mininet VM
DEMOSYS1
IP: 172.16.116.135
DEMOSYS2
IP: 172.16.116.136
00:00:00:00:00:01 00:00:00:00:00:02
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 11
Mininet VM Mininet VM
DEMOSYS1
IP: 172.16.116.135
DEMOSYS2
IP: 172.16.116.136
00:00:00:00:00:01
00:00:00:00:00:01
00:00:00:00:00:02
00:00:00:00:00:02
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 11
Mininet VM Mininet VM
DEMOSYS1
IP: 172.16.116.135
DEMOSYS2
IP: 172.16.116.13610 10
00:00:00:00:00:01
00:00:00:00:00:01
00:00:00:00:00:02
00:00:00:00:00:02
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 11
Mininet VM Mininet VM
DEMOSYS1
IP: 172.16.116.135
DEMOSYS2
IP: 172.16.116.13610 10
00:00:00:00:00:01
00:00:00:00:00:01
00:00:00:00:00:02
00:00:00:00:00:02
10
20
Network Virtualization Overlays
S1 – 172.16.116.135
sh ovs-vsctl add-port s1 vtep -- set interface vtep type=vxlan
option:remote_ip=172.16.116.136 option:key=flow ofport_request=10
S2 – 172.16.116.136
sh ovs-vsctl add-port s2 vtep -- set interface vtep type=vxlan
option:remote_ip=172.16.116.135 option:key=flow ofport_request=10
Demo - Interface Configuration
09.06.2015 12Viktor Goldberg
Network Virtualization Overlays
flows1.txt
table=0,in_port=1,actions=set_field:10->tun_id,resubmit(,1)
table=0,in_port=2,actions=set_field:20->tun_id,resubmit(,1)
table=0,actions=resubmit(,1)
table=1,tun_id=10,dl_dst=00:00:00:00:00:01,actions=output:1
table=1,tun_id=20,dl_dst=00:00:00:00:00:01,actions=output:2
table=1,tun_id=10,dl_dst=00:00:00:00:00:02,actions=output:10
table=1,tun_id=20,dl_dst=00:00:00:00:00:02,actions=output:10
...
Demo - Flow configuration excerpt
09.06.2015 13Viktor Goldberg
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 14
Demo
Network Virtualization Overlays
09.06.2015 Viktor Goldberg 15
Demo Setup VXLAN Tunneling
T1_1 ping 10.0.0.1
T2_1 ping 10.0.0.2
tcpdump –i eth0
[icmp type {0,8}]
tcpdump –i eth0
[icmp type {0,8}]
tcpdump –i eth0
[icmp type {0,8}]
Conclusion
• simple design of physical environment to provide IP end-to-end connectivity only
• logic should be placed into “Intelligent Edges“, ToR switches like OVS
• logical tenant separation through VXLAN tunneling technologies
Future Work
• identification of services and tenants with specific needs
• deployment of a test environment
• long term goal: NFV rollout and optimization of physical underlay
09.06.2015 16Viktor Goldberg
Chair for Network Architectures and Services
Technische Universität München
09.06.2015 17Viktor Goldberg
Thank You.
Questions?