c8 open software networking platform 2

7/28/2019 c8 Open Software Networking Platform 2

1/66

Introduction to Open Software

Networking Platform: Part 2

Introduction to Open Software

Networking Platform: Part 2

April 23, 2013

CS Hong

April 23, 2013

CS Hong


2/66

2

OpenStack

CloudStack

Open vSwitch


3/66

3

What is OpenStackWhat is OpenStack

OpenStack: The Mission

"To produce the ubiquitous Open Source cloud computing

platform that will meet the needs ofpublic and privatecloud providers regardless of size, by being simple toimplement and massively scalable."

3


4/66

4

History of OpenStackHistory of OpenStack

4


5/66

5

OpenStack Founding PrinciplesOpenStack Founding Principles

Apache 2.0 license (OSI), open developmentprocess

Open design process, 2x year public DesignSummits

Publicly available open source code repository

Open community processes documented andtransparent

Commitment to drive and adopt open standards

Modular design for deployment flexibility via APIs

5


6/66

6

Community with Broad Commercial SupportCommunity with Broad Commercial Support

6


7/66

7

OpenStack Isn't EverythingOpenStack Isn't Everything


8/66

8

Virtual Machines and StorageVirtual Machines and Storage


9/66

9

Building an OpenStack Cloud Datacenter, Hardware, and ProcessBuilding an OpenStack Cloud Datacenter, Hardware, and Process

Business Prerequisites


10/66

10

Technical PrerequisitesTechnical Prerequisites


11/66

11

Cloud Ready Datacenter RequirementsCloud Ready Datacenter Requirements

11


12/66

12

Bootstrapping the Host MachinesBootstrapping the Host Machines

12


13/66

13

Building an OpenStack Cloud Object StorageBuilding an OpenStack Cloud Object Storage

13


14/66

14

Building an OpenStack Cloud Object StorageBuilding an OpenStack Cloud Object Storage

14


15/66

15

Data Must Be Stored EfficientlyData Must Be Stored Efficiently

15


16/66

16

Object Storage SummaryObject Storage Summary


17/66

17

Object Storage Key FeaturesObject Storage Key Features


18/66

18

System ComponentsSystem Components

The Ring: Mapping of names to entities (accounts,containers, objects) on disk.

Stores data based on zones, devices, partitions, and

replicas

Weights can be used to balance the distribution of

partitions

Used by the Proxy Server for many background processes

Proxy Server: Request routing, exposes the publicAPI

Replication: Keep the system consistent, handle

failuresUpdaters: Process failed or queued updates

Auditors: Verify integrity of objects, containers,

and accounts18


19/66

19

System Components (Cont.)System Components (Cont.)

Account Server: Handles listing ofcontainers, stores as SQLite DB

Container Server: Handles listing of objects,stores as SQLite DB

Object Server: Blob storage server,

metadata kept in xattrs, data in binaryformat

Recommended to run on XFS

Object location based on hash of name &

timestamp

19


20/66

20

Software DependenciesSoftware Dependencies

Object Storage should work on most Linux

platforms with the following software (main

build target for Austin release is Ubuntu 10.04):

Python 2.6

rsync 3.0

And the following python libraries: Eventlet 0.9.8

WebOb 0.9.8

Setuptools

Simplejson

Xattr

Nose

Sphinx20


21/66

21

Evolution of Object Storage ArchitectureEvolution of Object Storage Architecture


22/66

22

OpenStack Compute Key Features

Building an OpenStack Cloud ComputeBuilding an OpenStack Cloud Compute


23/66

23

Open Stack ComputeOpen Stack Compute


24/66

24

Component Architecture DetailComponent Architecture Detail

AMQP: Advanced Message Queuing Protocol


25/66

25

System ComponentsSystem Components

API Server: Interface module for command and control requests Designed to be modular to support multiple APIs In current release: OpenStack API, EC2 Compatibility Module

Approved blueprint: Open Cloud Computing Interface (OCCI)

Message Queue: Broker to handle interactions between services Currently based on RabbitMQ

Metadata Storage: ORM(object-relationa Layer usingSQLAlchemy for datastore

abstraction In current release: MySQL

In development: PostgreSQL

User Manager: Directory service to store user identities

In current release: OpenLDAP, FakeLDAP (with Radius)

Scheduler: Determines the placement of a new resourcerequested via the API

Modular architecture to allow for optimizationBase schedulers included in Austin: Round-robin, Least busy


26/66

26

System Components (Cont.)System Components (Cont.)

Compute Worker: Manage compute hosts through commandsreceived on the Message Queue via the API

Base features: Run, Terminate, Reboot, Attach/Detach Volume, Get

Console Output

Network Controller: Manage networking resources oncompute hosts through commands received on the Message

Queue via the API

Support for multiple network models

Fixed (Static) IP addresses

VLAN zones with NAT

Volume Worker: Interact with iSCSI Targets to manage

volumes Base features: Create, Delete, Establish

Image Store: Manage and deploy VM images to host machines


27/66

27

Hypervisor IndependenceHypervisor Independence

Cloud applications should be designed and packaged,abstracted from the hypervisor, deploy and test for best fit

for your workload

Manage application definition and workload, not the machine

image Configuration management

Abstract virtual machine definition


28/66

28

Network ModelsNetwork Models

Private VMs on Project VLANs or Public VMs on flat networks


29/66

29

Network DetailsNetwork Details

Security Group: Named collection of network access rules Access rules specify which incoming network traffic should be

delivered to all VM instances in the group

Users can modify rules for a group at any time New rules are automatically enforced for all running instances and instances launched from then on

Cloudpipe: Per project VPN tunnel to connect users to thecloud

Certificate Authority: Used for Project VPNs and to decryptbundled images

Cloudpipe Image: Based on Linux with OpenVPN

l f kl f k


30/66

30

Example of OpenStackExample of OpenStack

E l i i Si l dE l i i Si l d


31/66

31

Example innovation: SimcloudExample innovation: Simcloud


32/66

Apache CloudStackpache CloudStack

I SI S


33/66

33

IaaSIaaS

IaaS challengesIaaS challenges


34/66

34

IaaS challengesIaaS challenges

Not out of the box by itself

Need a farm of hypervisors

Xen, KVM, VMware

Need storage

For image catalogue

For volume/snapshot management

Need flexible network that can be

configured on-demand

VLANS, no VLANS, existing net infra, SDN

IaaS is really:IaaS is really:


35/66

35

IaaS is really:IaaS is really:

A Data Center Orchestrator

Data storage

Data movement

Data processing

That can: Handle failures

Support large scale

Be programmed

DevOpsDevOps


36/66

36

DevOpsDevOps

Bring your developers closer to theoperations

Make your sys admins develop the apps

Move to Software Defined Data Center,Automate everything

Dev:

Java

IDE

Ops:

Shell

CLI

What the ASF did to CloudStack ?What the ASF did to CloudStack ?


37/66

37

What the ASF did to CloudStack ?What the ASF did to CloudStack ?

ASF: Apache Software Foundation


38/66

38

A little bit about the internals


39/66

39

A Very Flexible IaaS PlatformVery Flexible IaaS PlatformCompute

XenServer VMware KVMOracle

VMBare metalXenServer VMwareVMware KVM

OracleVM

Bare metal

Hypervisor

Storage

LocalDisk

iSCSI NFSFiber

ChannelSwift

LocalDisk

iSCSI NFSFiber

ChannelSwift

Block & Object

Network

NetworkType

Isolation Loadbalancer

Firewall VPNNetworkType

Isolation Loadbalancer

Firewall VPN

Network & Network Services

PrimaryStorage SecondaryStorage

http://www.slideshare.net/cloudstack/cloudstackarchitecture

Architecture / LanguageArchitecture / Language


40/66

40

Architecture / LanguageArchitecture / Language

Java application

Tomcat6, Axis2, Maven build + ant

Ant going away in 4.1Moving towards a plugin architecture

ReleasesReleases


41/66

41

ReleasesReleases

Apache CloudStack 4.0 released inNovember, 2012

Time based releases

Rather slip features but guarantee release

Apache CloudStack 4.1 planned for March22nd, 2013


42/66

42

Pod 1

.

Cluster N

rAccess Layer

Host 2Host 2

Cluster 1

CloudStack Cloud ArchitectureloudStack Cloud Architecture

Host 1Host 1

Hypervisoristhebasicunitofscale.

Clusterconsistsofoneore

morehosts

of

same

hypervisor

Allhostsinclusterhaveaccesstoshared(primary)storage

Podisoneormoreclusters,usuallywith L2switches.

AvailabilityZonehasoneormorepods,hasaccesstosecondarystorage.

Oneormorezonesrepresentcloud

PrimaryStorage

Zone 1

.

L3 core

Secondary

Storage

Pod N

CloudStackManagement

Server

Internet

Platform Optimized Design (PODs)


43/66

43

Cloud Interactionsloud Interactions

CloudStack

Clouduser

{APIclient(Fog/etc)}

End

User UI

AdminUI

MySQL

CloudStackClustered

CloudStackManagement

Server

DomainAdmin UI

CSAdmin&

EnduserAPI

Clouduser

{ec2API

client

}

ec2API

Monitoring CSAPI vSphere Cluster

Primary

Storage

vcenter

XS ClusterPrimary

Storage

XAPI

KVM ClusterPrimary

StorageJSON

OVM Cluster PrimaryStorage

NetConf

NitroAPI

JuniperSRX

Netscaler

Console

Proxy VMConsole

Proxy VM

JSON

Clouduser

HTTPSAjaxConsole

VNC

Sec.Storage

VM

NFS

Server

NFSSec.Storage

VM

HTTP(TemplateDownload)

HTTP(TemplateCopy)

HTTP(Swift)

NFS

Router VMRouter VM

Router VM

JSON

{Proxied}SSH

http://www.slideshare.net/cloudstack/cloudstackarchitecture


44/66

44

To get your feet wet

DevCloudDevCloud


45/66

45

DevCloudDevCloud

A Virtual box appliance packaged to provide

a working CloudStack environment.

Aimed at developers but has other use cases:

Xen PV hosts gives nested virtualization

Local EC2/S3 Cloud on your laptop

Networking experiments ?

Self-ContainedSelf-Contained


46/66

46

DevCloud: as HostDevCloud: as Host


47/66

47

RunCloudStack on

local

machine

UseDevCloud tosetuphosts

CloudMonkeyCloudMonkey


48/66

48

The CloudStack CLI, developed by RohitYadav

~600 lines of Python

pip install cloudmonkey

Lots of features: Auto-completion

Tabular output

Help , scriptable, interactive shell

InfoInfo


49/66

49

Apache incubator projecthttp://incubator.apache.org/cloudstack#cloudstack and #cloudstack-dev on irc.freenode.net

@CloudStack on Twitterhttp://www.slideshare.net/cloudstackhttp://incubator.apache.org/cloudstack/mailing-lists.html

Collaboration Conference, Nov 30th -Dec 2nd http://collab12.cloudstack.org/ http://www.youtube.com/diycloudcomputing

Welcoming contributions and feedback, Join the fun !

What is Open vSwitchWhat is Open vSwitch


50/66

50

Open vSwitch is a production quality,multilayer virtual switch licensed underthe open source Apache 2.0 license. It isdesigned to enable massive networkautomation through programmaticextension, while still supportingstandard management interfaces andprotocols (e.g. NetFlow, sFlow, SPAN,RSPAN, CLI, LACP, 802.1ag).

What is VirtualizationWhat is Virtualization


51/66

51

Multiple virtual machines on thesame physical host

Lowest layer is the hypervisor,

which provides the illusion

Built by OS people

Historically, simple

bridge Physical Switch

Whats been missing?Whats been missing?


52/66

52

Lacked visibility that network administratorsexpected

Lack of fine-grain control

Brittle of in face of mobility

Virtualized Networking is DifferentVirtualized Networking is Different


53/66

53

Greater context MAC/IP addresses

Host identifiers (UUID)

Multicast membership

Machine start/stop/move events

MobilityStrong isolation between tenants

Advanced Edge SwitchesAdvanced Edge Switches


54/66

54

Tight integration with hypervisorApproaching feature -parity with hardware

switches

Visibility

ACLs

Quality of ServiceCentralized management

Hardware off-loading

Examples: Vmware vSwitch, Cisco Nexus

1000V, Open vSwitch

PackagingPackaging


55/66

55

Default networking stack for Xen CloudPlatform (XCP)

Ships with Citrix XenServer and basis for

their Distributed Virtual Switch (DVS)

Distribution packaging

Debian Ubuntu

SUSE

Red Hat

Goal is to upstream kernel module

Visibility and ControlVisibility and Control


56/66

56

Visibility NetFlow

sFlow

Mirroring (SPAN/RSPAN/ERSPAN)

Fine-grained ACL and QoS policies

L2-L4 matching Actions to forward, drop, modify, and queue

HTB and HFSC queuing disciplines

- Hierarchical Fair Service Curve (HFSC)- Hierarchical token bucket (HTB)

sFlow with Open vSwitchsFlow with Open vSwitch


57/66

57

ForwardingForwarding


58/66

58

LACPPortbonding

Source-MAC load--balancing

TCP load-balancing

Active/backup

802.1ag CFM (Connectivity Fault Mgmt)Fast Ethernet-over-GRE tunneling

LACP: Link Aggregation Control Protocol

Main ComponentsMain Components


59/66

59

Forwarding ComponentsForwarding Components


60/66

60

ovs-vswitchd (Slow Path) Forwarding logic (learning, mirroring, VLANs,

and bonding)

Remote configuration and visibility

openvswitch_mod.ko (Fast Path)

Packet lookup, modification, and forwarding Tunnel encapsulation/decapsulation

Centralized ControlCentralized Control


61/66

61

One OpenFlow connection per datapath Exports idealized view of swtichs datapath

Lookup based on L2L4

Full wildcarding and priorities

Actions: forward, drop, modify, and queue

Missed flows go to central controller

One management channel per system

Switch-level configuration

Resources Counters

Distributed Virtual SwitchDistributed Virtual Switch


62/66

62

Citrix DVS ControllerCitrix DVS Controller


63/66

63

PerformancePerformance


64/66

64

ReferencesReferences


65/66

65

http://www.openstack.org/http://www.slideshare.net/cloudstack

http://openvswitch.orgSource repository:

gitclonegit://openvswitch.org/openvswitch

65


66/66

Thank y ou !hank y ou !

c8 open software networking platform 2

Documents