sdn at schuberg philis
DESCRIPTION
My presentation about the Software Defined Networking we use at Schuberg Philis. As presented on the SDN Meetup on March 18TRANSCRIPT
![Page 1: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/1.jpg)
SDN at Schuberg Philis
![Page 2: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/2.jpg)
!Who is that guy anyway?
» Hugo Trippaers – Mission Critical Engineer @ Schuberg Philis – PMC @ Apache CloudStack – Contributor @ OpenDaylight OVSDB – Gamer @ Home !
» Contact – @Spark404 @ Twitter – Hugo Trippaers @ LinkedIn – [email protected]
2
![Page 3: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/3.jpg)
!SDN at Schuberg Philis
» Why did we opt for SDN? » Our setup » Where is the automation?
3
![Page 4: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/4.jpg)
Software Defined Networking
“In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications. As a result, enterprises and carriers gain unprecedented programmability, automation, and network control, enabling them to build highly scalable, flexible networks that readily adapt to changing business needs.” — Software-Defined Networking: The New Norm for Networks ONF White Paper April 13, 2012
4
![Page 5: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/5.jpg)
!Why did we opt for SDN?
» Theoretical versus Practical limits – How much VLAN can you really configure on a switch? – Is 4094 VLANs enough for everybody?
5
![Page 6: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/6.jpg)
!Why did we opt for SDN?
» Security – How isolated is a VLAN? – Stacked VLAN tags
6
![Page 7: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/7.jpg)
!Why did we opt for SDN?
» Automation is key. – Automated hypervisor deployments using bare metal provisioning – Automated VM deployment using CloudStack – Automated Application deployment using Chef – – Manual network deployment using ssh.
7
![Page 8: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/8.jpg)
!Our setup
8
![Page 9: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/9.jpg)
!Our overlay networking solution - VMware NSX (Nicira NVP)
» A commercial SDN solution developed by Nicira and acquired by VMWare. Uses both OpenVSwitch and OpenFlow to build overlay tunnels on an existing network. !
» Pros – STT tunnel protocol is optimized for
high-bandwidth – Includes a gateway to link existing L3 or
L2 networks to the virtual switch
9
![Page 10: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/10.jpg)
!A little more detail
10
Controllers
Virtual Router
STT / GRE / VXLAN Tunnels
Service Nodes
Hypervisors (OpenVswitch)
![Page 11: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/11.jpg)
!A little more detail
11
Virtual Router
STT / GRE / VXLAN Tunnels
Gateways L2 or L3
Legacy Host
VLAN
Controllers
![Page 12: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/12.jpg)
!A little more detail
12
Virtual Router
Controllers
REST APIManager
![Page 13: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/13.jpg)
!Numbers
13
» BetaCloud » Controllers: 3 » Service Nodes: 2 » Gateways: 1 » Hypervisors: 14 » Logical Switches: 120 » Logical Switchports: 404 !
» ~ 28 hosts / hv
![Page 14: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/14.jpg)
!Numbers
» BetaCloud » Controllers: 3 » Service Nodes: 2 » Gateways: 1 » Hypervisors: 14 » Logical Switches: 120 » Logical Switchports: 404 !
» ~ 28 hosts / hv
14
» Mission Critical Cloud » Controllers: 3 » Service Nodes: 2 » Gateways: 21 » Hypervisors: 37 » Logical Switches: 185 » Logical Switchports: 816 !
» ~ 22 hosts / hv
![Page 15: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/15.jpg)
!Where is the automation part?
15
![Page 16: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/16.jpg)
» Cloud Orchestration Framework » Compute (XenServer, KVM, VMWare, HyperV) » Storage (NFS, S3, Swift, Nexenta, NetApp) » Network (Juniper, F5, Palo Alto, Netscaler)
» SDN (VMWare NSX, Midokura, OpenContrail, Stratosphere, OpenDaylight,…)
16
![Page 17: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/17.jpg)
!CloudStack networking - the five minute version
» Separate low-level network configuration from function definition. » Admin configures devices, services » Admin assigns a mix of networking features to a network
offering » Tenant selects a network offering and uses the network
17
![Page 18: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/18.jpg)
CloudStack Networking - Basic Network
» Basic Networking » Amazon style L3 network » Tenant isolation on L3 (security groups)
18
External Router
Public IP Space
Security Group
![Page 19: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/19.jpg)
CloudStack Networking - Advanced Network
» Advanced Networking » Tenant isolation on L2 (VLAN, SDN) » Advanced services model per network
19
External Router
Public IP Space
Virtual Router
![Page 20: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/20.jpg)
CloudStack Networking - Advanced Network VPC
» Advanced Networking » Tenant isolation on L2 (VLAN, SDN) » Advanced services model per network » Tiered networking » Private gateway
20
External Router
Public IP Space
VPC Virtual Router
![Page 21: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/21.jpg)
Future Goals
» Replacing the Virtual Router and the VPC Router with an SDN routing construct.
» ACS Bridging support to manage L2 gateways. !
» And lets not forget the underlay network…
21
![Page 22: SDN at schuberg philis](https://reader034.vdocuments.site/reader034/viewer/2022051411/548099a3b4795932578b46cc/html5/thumbnails/22.jpg)
!Thats all there is to it
» Questions & Answers !
22