Network Virtualization & Software-defined ... - Red Hat Summit

Agenda● Problem Statement● Definitions● Solutions

She can't take muchmore of this, captain!

Challenges

Dynamic workloads● Respond in real time● Virtualization, cloud, BYOD, mobilityVMKVMKVM

Visibility● Debugging complex networks is hard, let's goshopping

Definitions

Network● Collection of endpoints and forwarding elements● Job is to move packets between hosts● Source hosts identify destination● Forwarding elements direct traffic at eachintersection

What is SDN?● Separation of control plane from data plane● Standardized programmatic control of trafficflows● Global view of network

Traditional forwarding deviceManagement interfaceCLI, Console, SNMP, ...Control PlaneForwarding Decision (Learning, RIB Lookup),Routing Protocols (OSPF, BGP, ...)Data / Forwarding PlaneFabric, Flow Table, Forwarding Engine

SDN forwarding logicVendor SpecificProtocolSNMPApp App AppControllerControl PlaneData PlaneControl PlaneData PlaneData PlaneControl PlaneData PlaneLocal ConsoleData PlaneData PlaneControl PlaneData PlaneData Plane

Network Virtualization● Decouple logical topologies from physicaltopology●Build complete virtual network topologies●●Provide layer 2-7 network servicesIsolated tenant networks● Network is an abstraction●API to dynamically manage network abstraction

Naive VLAN mappingNova Compute NodeNova Compute NodeNova Compute NodeVLAN 1VLAN 2VLAN 3VM1 VM2 VM3VM1VM2VM3VM1VM2VM3vSwitchvSwitchvSwitchSwitchSwitchSwitchSwitch

VLAN trunkingNova Compute NodeNova Compute NodeNova Compute NodeVM1VM1VM1VM2VM2VM2VM3VM3VM3vSwitchvSwitchvSwitchSwitchSwitchSwitchSwitch

Network overlayNova Compute NodeNova Compute NodeNova Compute NodeVM1VM1VM1VM2VM2VM2VM3VM3VM3vSwitchvSwitchvSwitchSwitchSwitchSwitchSwitch

Network Service APINetwork abstractionVMVMVMVMVMVMVMVMVMLogicalSwitch Switch SwitchPhysicalSwitchSwitchSwitchSwitch

Under the hood

Data PlaneControl PlaneVirtual SwitchPhysical SwitchOpenFlowMP-BGPLinux BridgeXMPPVLANGREOpen vSwitchNVO3QuantumTremaSTTLISPRyuFloodlightVXLANMPLSOpenDaylightBeacon

OpenFlowAn Open Standard behind SDN1.Match on bits inpacket header L2-L4 plus meta data2.Execute actions● Forward to port● Drop● Send tocontroller● Mangle packetOpenFlow enables networks to evolve, by giving aremote controller the power to modify the behavior ofnetwork devices, through a well-defined "forwardinginstruction set". The growing OpenFlow ecosystem nowincludes routers, switches, virtual switches, and accesspoints from a range of vendors.ONF Website

Dynamically update flow tables in auniversal language.In the Software Defined Networking architecture,the control and data planes are decoupled, networkintelligence and state are logically centralized, andthe underlying network infrastructure is abstractedfrom the applications.Software-Defined Networking:The New Norm for NetworksONF White PaperApril 13, 2012

Fine Grained Flow Table ControlExtensive flow matching capabilities– Meta – Tunnel ID, In Port, QoS priority, skb mark– Layer 2 – MAC address, VLAN ID, Ethernet type– Layer 3 – IPv4/IPv6 fields, ARP– Layer 4 – TCP/UDP, ICMP, NDChain of actions– Output to port(s) (single, range, flood, mirror)– Discard, Resubmit to other table– Packet Mangling (Push/Pop VLAN header, TOS, ...)– Send to controller, Learn– Set tunnel ID

OpenFlow Capable DevicesSoftware Switches– Open vSwitch, Cisco Nexus 1000V, VMware vSphere, NECHyper-V, ...Hardware Switches– Brocade, Cisco, HP, IBM, Juniper Networks, NEC, ...SwitchLight– Open source firmware and agent leveraging Ethernet switchingASICs to support OpenFlow

Open vSwitchOpen vSwitch is an open, virtual multi layer switch forhypervisors providing network connectivity to virtual machines.ControllerOpenFlowOpenStackVMVMHWSwitchvSwitchOpen vSwitcheSwitch

Open vSwitch Project●Multilayer virtual switch for VMs●Portable / Multi Platform●Developed by VMware (Nicira) & Community●Apache License (User Space), GPL (Kernel)●OpenFlow 1.1+ (+ extensions)

Flow TableController programs flow table in the slow path thatfeeds the flow table in the fast path upon request.Host SystemVMVM VM VMControllerOpen vSwitchUser spaceKernelDatapathFlow tableFlow tableOpenFlowPhysical Interface

Network SegregationVLAN isolation enforces VLAN membership ofa VM without the knowledge of the guest itself.Host systemVirtual MachineVLAN 1 VLAN 2Push (add)VLAN headerPop (remove)VLAN headerVM1VM2VM3vSwitchOpen vSwitchCaveat: MAX(VLAN_ID) limited

Tunneling (Overlay Networks)Tunneling provides isolation and reducesdependencies on the physical network.Host systemControllerHost systemVNET 1 VNET 1VNET 2 VNET 2VM1VM2VM3Open FlowOpen FlowVM4VM5VM6Open vSwitchOpen vSwitch{ GRE | VXLAN | STT } TunnelHardware Switch

Visibility●Supports industry standard technology tomonitor the use of a network.●NetFlow●Port Mirroring– SPAN– RSPAN– ERSPAN

Quality of Service●Uses existing Traffic Control Layer– Policer (Ingress rate limiter)– HTB, HFSC (Egress traffic classes)●Controller (Open Flow) can select Traffic ClassHost SystemVM1VLAN 10VM21mbitport1port2Open vSwitch

Up NextMultithreading– Enables parallel processing in slow pathMegaFlows– Support for wildcard flows in the datapath– Any non-present flow component is considered a wildcard– Reduction in # of flows in datapath by ~ 40%Zerocopy Upcall– Avoid expensive memcpy() when copying packet to user space

Tunneling is not Tunnelingkernel.org– No tunnel ports– veth instead of patch ports– Flow based tunneling– VXLAN, GREopenvswitch.org– Port based Tunneling– VXLAN, GRE, LISPRegular merge

What is OpenDaylight?OpenDaylight is an Open Source Software project under theLinux Foundation with the goal of furthering the adoption andinnovation of Software Defined Networking (SDN) through thecreation of a common industry supported framework.

Who is OpenDaylight?PlatinumGoldSilverMembers as of April 8, 2013 and growing36

OpenDaylight architecture37

Putting it all togetherOpenStackNetworkingOpenDaylightControllerOpenFlowOVSOpenStack ComputeKVMOVSOpenStack ComputeKVMOVSOpenStack ComputerKVM

Questions?●OpenDaylight●Red Hat OpenStack– http://www.opendaylight.org/●Open vSwitch– http://www.openvswitch.org/●OpenFlow– http://www.openflow.org/●●– http://www.redhat.com/openstack/RDO– http://openstack.redhat.com/OpenStack– http://www.openstack.org/

Thanks for participating in the sessionNetwork Virtualization & Software-defined Networking●http://www.keysurvey.com/f/521822/17d2/Access and complete a short, less than 2 minute surveyBe entered in the Nexus7 32GB Tablet giveaway