Network Virtualization - Ben Pfaff
1y ago
33 Views
1 Downloads
263.50 KB
25 Pages
Report/dmca
Download PDF

Transcription

Network VirtualizationBen PfaffNicira Networks, Inc.

PreviewData Centers Problems: Isolation, Connectivity Solution: Network Virtualization Network Tunnels A Network Virtualization Architecture Open vSwitch Design Questions?

Data CentersFront of a rackRear of a rackA data center has manyracks.A rack has 20-40 servers.The servers in a rackconnect to a 48-port “top ofrack” (ToR) switch.Data centers buy thecheapest ToR switches theycan find. They are prettydumb devices.“Top of Rack” switchData centers do not rewiretheir networks without areally good reason.

Data Center Network Designbefore VMsCore SwitchAggregation Switch“Top of Rack” SwitchMachine 1Machine 2.One rack of machinesother agg switchesother ToRsMachine 40

Data Center Network Designwith VMsCore SwitchAggregation Switchother agg switches“Top of Rack” Switchvirtual switch( vswitch)up to 128 VMs eachMachine 1Machine 2VM VM VMVM VM VM.One rack of machinesother ToRsMachine 40VM VM VM

Problem: IsolationAll VMs can talk to each other by default.You don't want someone in engineeringscrewing up the finance network. You don'twant a break-in to your production websiteto allow stealing human resources data.Some switches have security features but: You bought the cheap ones instead. There are hundreds of switches to set up.Core SwitchAggregation Switchother agg switches“Top of Rack” Switchvirtual switch( vswitch)up to 128 VMs eachMachine 1Machine 2VM VM VMVM VM VM.One rack of machinesother ToRsMachine 40VM VM VM

Problem: ConnectivityThe VMs in a data center can name eachother by their MAC addresses (L2addresses). This only works within a datacenter.To access machines or VMs in anotherdata center, IP addresses (L3 addresses)must be used. And those IP addresseshave to be globally routable.The InternetCore SwitchAggregation Switchother agg switches“Top of Rack” Switchvirtual switch( vswitch)up to 128 VMs eachMachine 1Machine 2VM VM VMVM VM VML3.One rack of machinesother ToRsMachine 40VM VM VML2

Non-Solution: VLANsA VLAN partitions a physical Ethernet networkinto isolated virtual Ethernet networks:Ethernet VLANIPTCPL2L3L4The Internet is an L3 network. When a packetcrosses the Internet, it loses all its L2 headers,including the VLAN tag. You lose all the isolationwhen your traffic crosses the Internet.Other problems: limited number, static allocation.

Solution: Network VirtualizationVirtualization LayeringNetwork VirtualizationVirtual ResourceVirtualization LayerPhysical ResourceVirtual Ethernet networkTunnelPhysical Ethernet networkTunneling: Separating Virtual and Physical NetworkEthernetIPPhysical HeadersGREEthernetIPTCPEthernetIPTCPVirtual Headers

Path of a Packet (No Tunnel)A packet from one VM to another passesthrough a number of switches along the way.Each switch only looks at the destinationMAC address to decide where the packetshould go.Core SwitchAggregation Switchother agg switches“Top of Rack” Switchvirtual switch( vswitch)up to 128 VMs eachMachine 1Machine 2VM VM VMVM VM VM.One rack of machinesother ToRsMachine 40VM VM VM

Path of a Packet (Via Tunnel)IPGREEthernetPhysical HeadersIPTCPVirtual HeadersroutingEthernetphysicalThe InternetAggregation Switch“Top of Rack” SwitchvirtualMachine 1 Machine 2. . . Machine 40VMVMVM VMVMVMData Center 1VMVMVMCore SwitchAggregation Switch“Top of Rack” SwitchMachine 1 Machine 2switchingCore Switch. . . Machine 40VM VMVM VM VMVMData Center 2VMVMVM

Challenges Setting up the tunnels: Initially. After VM startup/shutdown After VM migration Handling network failures Monitoring, administration Administration Use a central controller to set up the tunnels.

A Network VirtualizationDistributed Systemwirescontrol protocolsCore SwitchAggregation Switch“Top of Rack” SwitchThe InternetcontrollerCore SwitchAggregation Switch“Top of Rack” SwitchMachine 1OVSMachine 2OVSMachine 3OVSMachine 4OVSVM VM VMVM VM VMVM VM VMVM VM VMData Center 1Data Center 2

Controller Duties Monitor: Physical network VM locations, statesControl: Tunnel setup All packets on virtual and physical network Virtual/physical mappingTells OVS running everywhere else what to do

Open vSwitch Ethernet switch implemented in software Can be remotely controlled Tunnels (GRE and others) Integrates with VMMs, e.g. XenServer, KVM Free and open sourceopenvswitch.org

Open vSwitch: OVSDB protocol Slow-moving state: VM placement (via VMM integration) Tunnel setupBuzzwords: Lightweight Transactional Not SQL Persistent

Open vSwitch: OpenFlow protocolEthernet switchFlow table ordered list of “if-then” rules:“If this packet comes from VM A and going toVM B, then send it out via tunnel 42.”(No rule: send to controller.)

OpenFlow in the Data Center(One Possibility)wirescontrol protocols5The InternetCore Switch3Aggregation Switch“Top of Rack” Switch4controller1. VM sends packet.2. Open vSwitch checks flow table– no match. Sends packet tocontroller.Core Switch3. Controllertells OVS to set up atunnel to the destination and sendthe packeton thatSwitchtunnel.Aggregation4. OVS sends packet on the newtunnel.of Rack” Switch5. Normal“Topswitchingand routingcarry the packet to its destination inthe usual way.Machine 1OVS2Machine 2OVS3Machine4TheMachinesame processrepeatson theOVSOVSother endto send the replyback.1 VM VM VMVM VM VMThisVMis doneat most on a per-”flow”VM VMVM VM VMbasis, and other optimizations keepit from happening too frequently.Data Center 1Data Center 2

Open vSwitch: Design OverviewHypervisor physical machineVirtual machinesVM 1VNICVNICHostoperating systemVM 2VNICVM 3VNICVNICovs-vswitchdNICNIC.other network elements.AdminstrativeCLI/GUIController

Open vSwitch: Design DetailsHypervisor physical machineVirtual machinesVM 1VNICHostoperating systemVM 2VNICVNICVM 3VNICVNICOVS kernelmoduleovs-vswitchduser kernelHypervisorCache hierarchy: 1us: Kernel module 1ms: ovs-vswitchd 10ms: controllerNICControllerNIC

OpenFlow: Another UseRedundant WiringBetween Switches:123456789

OpenFlow: Another UseEffective topology withnormal L2 switching:123456789

OpenFlow: Another UseL2 routing managed by controller:123456789controller(Requires all switches to support OpenFlow)

Conclusion Companies spread VMs across data centers.Ordinary networking exposes differencesbetween VMs in the same data center andthose in different data centers.Tunnels can hide the differences.A controller and OpenFlow switches at the edgeof the network can set up and maintain thetunnels.

Questions?

A VLAN partitions a physical Ethernet network into isolated virtual Ethernet networks: Ethernet VLAN IP TCP L2 L3 L4 The Internet is an L3 network. When a packet crosses the Internet, it loses all its L2 headers, including the VLAN tag. You lose all the isolation when your traffic crosses the Internet. Other problems: limited number, static .

Related Books

Supporting Virtualization Standard for Network Devices in RTEMS Real .

Supporting Virtualization Standard for Network Devices in RTEMS Real .

Network-Based Virtualization - Cisco

Network-Based Virtualization - Cisco

Style Luxury is in the details Elegance - PFAFF

Style Luxury is in the details Elegance - PFAFF

Desktop Virtualization White Paper - Fujitsu

Desktop Virtualization White Paper - Fujitsu

Overview of Virtualization in Cloud Computing - Irjmets

Overview of Virtualization in Cloud Computing - Irjmets

Performance Evaluation of Virtualization Technologies

Performance Evaluation of Virtualization Technologies

Cloud Computing (LTAT.06.008) Lecture 2- Virtualization

Cloud Computing (LTAT.06.008) Lecture 2- Virtualization

A Fast and Flexible Hardware-based Virtualization Mechanism for .

A Fast and Flexible Hardware-based Virtualization Mechanism for .

Data center virtualization fundamentals : [understanding .

Data center virtualization fundamentals : [understanding .

Xen and the Art of Virtualization Revisited - USENIX

Xen and the Art of Virtualization Revisited - USENIX

Educational Infrastructure Using Virtualization Technologies .

Educational Infrastructure Using Virtualization Technologies .

PopularTags

Recent Views