SDN at schuberg philis

SDN at Schuberg Philis

!Who is that guy anyway?

» Hugo Trippaers – Mission Critical Engineer @ Schuberg Philis – PMC @ Apache CloudStack – Contributor @ OpenDaylight OVSDB – Gamer @ Home !

» Contact – @Spark404 @ Twitter – Hugo Trippaers @ LinkedIn – [email protected]

2

mailto:[email protected]

!SDN at Schuberg Philis

» Why did we opt for SDN? » Our setup » Where is the automation?

3

Software Defined Networking

“In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications. As a result, enterprises and carriers gain unprecedented programmability, automation, and network control, enabling them to build highly scalable, flexible networks that readily adapt to changing business needs.” — Software-Defined Networking: The New Norm for Networks ONF White Paper April 13, 2012

4

!Why did we opt for SDN?

» Theoretical versus Practical limits – How much VLAN can you really configure on a switch? – Is 4094 VLANs enough for everybody?

5


» Security – How isolated is a VLAN? – Stacked VLAN tags

6


» Automation is key. – Automated hypervisor deployments using bare metal provisioning – Automated VM deployment using CloudStack – Automated Application deployment using Chef – – Manual network deployment using ssh.

7

!Our setup

8

!Our overlay networking solution - VMware NSX (Nicira NVP)

» A commercial SDN solution developed by Nicira and acquired by VMWare. Uses both OpenVSwitch and OpenFlow to build overlay tunnels on an existing network. !

» Pros – STT tunnel protocol is optimized for

high-bandwidth – Includes a gateway to link existing L3 or

L2 networks to the virtual switch

9

!A little more detail

10

Controllers

Virtual Router

STT / GRE / VXLAN Tunnels

Service Nodes

Hypervisors (OpenVswitch)


11

Virtual Router

STT / GRE / VXLAN Tunnels

Gateways L2 or L3

Legacy Host

VLAN

Controllers


12

Virtual Router

Controllers

REST APIManager

!Numbers

13

» BetaCloud » Controllers: 3 » Service Nodes: 2 » Gateways: 1 » Hypervisors: 14 » Logical Switches: 120 » Logical Switchports: 404 !

» ~ 28 hosts / hv

!Numbers

» BetaCloud » Controllers: 3 » Service Nodes: 2 » Gateways: 1 » Hypervisors: 14 » Logical Switches: 120 » Logical Switchports: 404 !

» ~ 28 hosts / hv

14

» Mission Critical Cloud » Controllers: 3 » Service Nodes: 2 » Gateways: 21 » Hypervisors: 37 » Logical Switches: 185 » Logical Switchports: 816 !

» ~ 22 hosts / hv

!Where is the automation part?

15

» Cloud Orchestration Framework » Compute (XenServer, KVM, VMWare, HyperV) » Storage (NFS, S3, Swift, Nexenta, NetApp) » Network (Juniper, F5, Palo Alto, Netscaler)

» SDN (VMWare NSX, Midokura, OpenContrail, Stratosphere, OpenDaylight,…)

16

!CloudStack networking - the five minute version

» Separate low-level network configuration from function definition. » Admin configures devices, services » Admin assigns a mix of networking features to a network

offering » Tenant selects a network offering and uses the network

17

CloudStack Networking - Basic Network

» Basic Networking » Amazon style L3 network » Tenant isolation on L3 (security groups)

18

External Router

Public IP Space

Security Group

CloudStack Networking - Advanced Network

» Advanced Networking » Tenant isolation on L2 (VLAN, SDN) » Advanced services model per network

19

External Router

Public IP Space

Virtual Router

CloudStack Networking - Advanced Network VPC

» Advanced Networking » Tenant isolation on L2 (VLAN, SDN) » Advanced services model per network » Tiered networking » Private gateway

20

External Router

Public IP Space

VPC Virtual Router

Future Goals

» Replacing the Virtual Router and the VPC Router with an SDN routing construct.

» ACS Bridging support to manage L2 gateways. !

» And lets not forget the underlay network…

21

!Thats all there is to it

» Questions & Answers !

22

Technology

SDN at schuberg philis