Wednesday, February 27, 2013

ApacheCon LiveBlog: Software Defined Networking (SDN) in CloudStack

This is a live blog from ApacheCon that I'm attending this week.  This session is with Chiradeep Vittal.

Usual Live Blog Disclaimer: This is more of a brain dump typing as fast as I can, please excuse typos, format, and coherent thought process in general.

  • Introduction is about how does Amazon built a cloud (see his previous session for this part)
  • SDN Definition - Separation of Control Plane from the hardware performing the forwarding hardware - Also centralized control
  • Central control eases configuration, troubleshooting, maintain over time
  • Eliminates the tedious "log into every box" idea of network maintenance, log into controller
  • OpenFlow is that SDN? - NO, it is a protocol for the control plane to talk to the forwarding elements
  • Control is on the "top" and forwarding is on the "bottom"
  • flexibility example, different route based on direction. Box A and Box B, different flow from A to B and B to A if needed
  • IaaS and SDN go hand in hand - Agility, API configuration, Scalability,  Elasticity (all the ity's!)
  • SDN enables virtual networking - the illusion of isolated networks on a physical wire
  • SDN does have issues - Discovery of virtual addresses -> physical address mapping for instance
  • He is now going over a multi-tenant topology example:

  • CloudStack model - map virtual networks to physical network - define and provision networks and manage elasticity and scale
  • CloudStack Network Model is very robust (see pic, too much to type, things in box tend to be SDN functions)
  • How de we put this together?
  • CloudStack Service Catalog - Cloud users don't see the "guts" of the configuration, the cloud admin or operator designs the service catalog and presents this to the users
    • example - Gold Network - LB + FW + VPN using virtual appliances
    • Platinum - LB + FW + VPN but using hardware devices
  • Now going over topology example of the Gold offering & Platinum (uses Juniper firewall and Netscaler to Load Balance:
  • In both examples the users has no idea if they are on the Gold or Platinum network
  • Multi-Tier virtual networking - can define application tiers and isolate based on need as well, who is connected where
  • Orchestration - He went through the Multi-Tier example and demonstrated all the steps that would have to be down manually (too many to list) and this will all be done through orchestration
  • CloudStack Orchestration Architecture (see picture) - plugin Framework allows this to happen
  • SDN works with CloudStack through the plugin model, the SDN controller talks to the plugin, today there is integration with Nicira NVP, BigSwitch, Midokura, and CloudStack Native (requires XenServer)
  • CloudStack Native Controller uses GRE and and talks to Open vSwitch on the XenServer
  • All isolation happens through the concept of a tenant key over the GRE tunnels. Each tenant has a unique key
  • What makes the CloudStack controller different? 
    • It is purpose built for IaaS and is not a general purpose SDN solution
    • Proactive model - Deny all flows except ones programmed by the end-user API - others send to central controller and may have problems at scale
    • Use the CloudStack virtual router to provide L3-L7 services (mainly because most hardware doesn't understand GRE today)

No comments: