Under the Hood: Network Virtualization with OpenStack Neutron
38 Slides2.23 MB
Under the Hood: Network Virtualization with OpenStack Neutron and VMware NSX Somik Behera – NSX Product Manager Dimitri Desmidt - NSX Senior Technical Product Manager
Agenda Slide 2 ‣ Intro – VMware philosophy on OpenStack (2 minutes) ‣ Why Neutron NSX VMware Plugin (20minutes) ‣ Demo of OpenStack "vCenter/KVM" "Neutron/NSX VMware Plugin" (10 minutes) ‣ Q&A (10 minutes)
Agenda Slide 3 ‣ Intro – VMware philosophy on OpenStack (2 minutes) ‣ Why Neutron NSX VMware Plugin (20 minutes) ‣ Demo of OpenStack "vCenter/KVM" "Neutron/NSX VMware Plugin" (10 minutes) ‣ Q&A (10 minutes)
VMware Philosophy on OpenStack OpenStack The Foundation for IT: Software Defined Datacenter Virtual Workspace Manage access to services, applications and data for any device Private Clouds An open framework for building clouds Assembles a solution from underlying Compute, Network, Storage components. Can be managed and automated using many solutions. Public Clouds Hybrid Cloud Seamlessly extend your data center to the public cloud Software-Defined Data Center Customer Choice VMware supports Customer choice. Our support for OpenStack enables choice Virtualize the entire data center Management and Automation Storage and Availability Compute Network and Security An Opportunity for VMware SDDC 4 VMware SDDC provides best-in-class Compute, Network, Storage & management solutions for OpenStack. We view OpenStack as an opportunity for VMware SDDC portfolio.
VMware Technologies and OpenStack Tenant-Side Horizon ( Web Portal ) Nova (Compute) vSphere & vCenter CLI Tools & Scripts (DevOps Automation) Neutron (Network) Cinder (Block Storage) NSX vSAN Cloud Operator Tools (vCenter, vCOPs, Log Insight etc.) OpenStack or 3rd Party Component VMware Component 5 vCAC Application Director Glance (Image Store) vCenter (Image Catalog) Third Party Operator tools (Puppet/Chef, scripts, nagios.) Operator-Side Benefits of OpenStack API & Ecosystem Choice of best-inclass virtualization & management technologies
Agenda Slide 6 ‣ Intro – VMware philosophy on OpenStack (2 minutes) ‣ Why Neutron NSX VMware Plugin (20 minutes) ‣ Demo of OpenStack "vCenter/KVM" "Neutron/NSX VMware Plugin" (10 minutes) ‣ Q&A (10 minutes)
OpenStack main projects Dashboard (horizon) Network (Neutron) Provides UI for other projects Provides network connectivity Compute (nova) Provide s Images Provides volumes Block Storage (cinder) Provides Authentication and Service Catalog for other Projects Identity (keystone) Slide 7 Image repo (glance) Stores Images as Objects Object Storage (Swift)
Why Neutron NSX VMware Plugin Slide 8 ‣ OpenStack Networking before Neutron ‣ Why people use OpenStack with Neutron? ‣ Why people use OpenStack with Neutron NSX VMware Plugin?
OpenStack Networking before Neutron Nova offers "networking as a service" in OpenStack (nova-network) Note: It was the only offer before Quantum (old Neutron project name) Nova-network is still present today, and can be used instead of Neutron Points to keep in mind: Slide 9 Limited Network Topologies supported Only Flat, Flat DHCP and VLAN DHCP
OpenStack Networking before Neutron Nova offers "networking as a service" in OpenStack (nova-network) Note: It was the only offer before Quantum (old Neutron project name) Nova-network is still present today, and can be used instead of Neutron Points to keep in mind: Slide 10 Limited Network Topologies supported Only Flat, Flat DHCP and VLAN DHCP No 3-tier Network topology supported
OpenStack Networking before Neutron Nova offers "networking as a service" in OpenStack (nova-network) Note: It was the only offer before Quantum (old Neutron project name) Nova-network is still present today, and can be used instead of Neutron Points to keep in mind: Limited Network Topologies supported Limited Scale and Network Services supported Scale L2 (using VLAN), DHCP&DNS (using dnsmask), Security (using IPtables on hypervisors) IP address management (using SQL DB table) Limited Network Services Slide 11 No self-tenant L3, no Load Balancer, no VPN.
OpenStack Networking before Neutron Nova offers "networking as a service" in OpenStack (nova-network) Note: It was the only offer before Quantum (old Neutron project name) Nova-network is still present today, and can be used instead of Neutron Points to keep in mind: Limited Network Topologies supported Limited Network Services supported No integration with 3rd party Network solutions Slide 12 No ability to use 3rd parties to overcome the limitations of nova-network
OpenStack Networking before Neutron Nova offers "networking as a service" in OpenStack (nova-network) Note: It was the only offer before Quantum (old Neutron project name) Nova-network is still present today, and can be used instead of Neutron Points to keep in mind: Limited Network Topologies supported Limited Network Services supported No integration with 3rd party Network solutions Complex/Limited HA and management/monitoring Slide 13
Why Neutron NSX VMware Plugin Slide 14 ‣ OpenStack Networking before Neutron ‣ Why people use OpenStack with Neutron? ‣ Why people use OpenStack with Neutron NSX VMware Plugin?
Why people use OpenStack with Neutron? Neutron improves nova-network in multiple areas Larger number of Network Topologies and services supported Slide 15 L3: Self-Tenant provisioning Security (ingress egress rules support) LBaSS VPNaSS (coming)
Why people use OpenStack with Neutron? Neutron improves nova-network in multiple areas Larger number of Network Topologies and services supported L3: Self-Tenant provisioning Security (ingress egress rules support) LBaSS VPNaSS (coming) Supports overlay VM Remove the VLAN limitation (using overlay with GRE) VM Hypervisor Any L2/L3 Fabric Slide 16 VM VM Hypervisor1-IP@ Hypervisor2-IP@ [GRE VM1-IP@ VM2-IP@] VM VM VM VM VM VM VM1-IP@ VM2-IP@ VM
Why people use OpenStack with Neutron? Neutron improves over nova-network in multiple areas Larger number of Network Topologies and services supported L3: Self-Tenant provisioning Security (ingress egress rules support) LBaSS VPNaSS (coming) Supports overlay Remove the VLAN limitation (using overlay with GRE) Open Solution Slide 17 Open to 3rd party solution: VMware NSX Plugin (Nicira Plugin) LinuxBridge Plugin OVS Plugin Cisco UCS / Nexus 5000 Plugin NEC Ryu Plugin etc
Why Neutron NSX VMware Plugin Slide 18 ‣ OpenStack Networking before Neutron ‣ Why people use OpenStack with Neutron? ‣ Why people use OpenStack with Neutron NSX VMware Plugin?
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale Very high scale (thanks to the distribution "active/active" of the Control elements) Per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release) Activ e/ Activ e NSX Controller Cluster VM VM VM Hyperviso r Any L2/L3 Fabric Slide 19 VM VM VM VM VM VM
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale Very high scale (thanks to the distribution "active/active" of the Control elements) Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release) Very high throughput (thanks to the encapsulation off-loaded on the NIC) Per hypervisor: 20Gbps (with 2x10Gbps NIC bonding) NSX Controller Cluster VM VM Hypervisor Any L2/L3 Fabric Slide 20 VM VM 20Gbps bi-directional VM VM VM VM VM
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale Very high scale (thanks to the distribution "active/active" of the Control elements) Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release) Very high throughput (thanks to the distribution "active/active" of the NVP Network Elements) Per NVP Gateway: 10Gbps Physical Layer NSX Controll er Cluster VM VM VM Hypervis or Slide 21 Any L2/L3 Fabric VM VM VM Activ e/ Activ NSX L2/L3Gateway NSX e L2/L3Gateway NSX 10Gbps bi-directional per NVP-GW L2/L3Gateway
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale Very high scale (thanks to the distribution "active/active" of the Control elements) Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release) Very high throughput (thanks to the encapsulation off-loaded on the NIC) Today per hypervisor: 20Gbps (with 2x10Gbps NIC bonding) Optimized traffic (thanks to the distribution of L3 and Security) A world without NSX Web App DB Web Hypervisor Hypervisor x86 Server DC Fabric int o P ke o h Neutron Router C on Neutron Server Slide 22
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale Very high scale (thanks to the distribution "active/active" of the Control elements) Today per NSX Domain: 60k VMs, 15k tenants, 1k hypervisors (and improved in each release) Very high throughput (thanks to the encapsulation off-loaded on the NIC) Today per hypervisor: 20Gbps (with 2x10Gbps NIC bonding) Optimized traffic (thanks to the distribution of L3 and Security) A world with NSX Web App Hypervisor DB Web Hypervisor x86 Server DC Fabric NSX "North/South" Router Slide 23
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale (scale/throughput/optimization) HA and management/monitoring High-Availability of the Network Services is offered by design "for the management" Management Layer NSX Controller Cluster Active/ Active VM VM VM Hyperviso r Any L2/L3 Fabric Slide 24 VM VM VM VM VM VM
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale (scale/throughput/optimization) HA and management/monitoring High-Availability of the Network Services is offered by design "for the transport" with stateful failover for L3 and NAT Physical Layer NSX Controll er Cluster VM VM VM VM VM VM VM VM VM Activ e/ Activ NSX L2/L3Gateway NSX e L2/L3Gateway NSX L2/L3Gateway Hypervis or Slide 25 Any L2/L3 Fabric 802.1q
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale (scale/throughput/optimization) HA and management/monitoring Slide 26 High-Availability of the Network Services is offered by design on both management transport Management and Monitoring tools (statistics, port monitoring, port mirroring, connection tool, seamless upgrade, etc)
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale (scale/throughput/optimization) HA and management/monitoring Advanced popular network services L3 with static routing 172.16.1.0/24 192.168.10.0/24 Default GW: 10.20.2.1 Default GW: 10.20.2.1 192.168.1.0/24 next-hop 10.20.2.2 Default GW: 10.20.2.1 192.168.1.0/24 next-hop 10.20.2.2 172.16.1.0/24 action blackhole .2 Logical Networks .1 .11 .12 LS-1A VM Slide 27 10.20.2.0/24 LS-2A LS-1B VM VM VM VM VM
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale (scale/throughput/optimization) HA and management/monitoring Advanced popular network services L3 with static routing L2 "logical-physical" Physical Layer NSX Controll er Cluster VM VM VM Hypervis or Slide 28 Any L2/L3 Fabric VM VM VM VM VM VM NSX L2/L3Gateway NSX L2/L3Gateway NSX L2/L3Gateway 802.1q
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale (scale/throughput/optimization) HA and management/monitoring Advanced popular network services L3 with static routing L2 "logical-physical" ACL Security Groups applied here .1 ACL applied here Logical Networks .11 VLAN 10 .12 LS-1A VM Slide 29 10.20.2.0/24 VM LS-2A LS-1B VM VM VM VM
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale (scale/throughput/optimization) HA and management/monitoring Advanced popular network services L3 with static routing L2 "logical-physical" ACL QoS Tenant A TA TA VM1 VM1 VM VM Hypervisor Any L2/L3 Fabric Slide 30 VM Tenant B TA TA VM2 VM2 Logical Switch A DSCP marking for QoS on the physical fabric TB TB VM1 VM1 VM VM TB TB VM2 VM2 VMLogical VM BB VM Logical Switch Switch VM VM GOLD traffic VM
Why people use OpenStack with Neutron NSX VMware Plugin? NSX VMware Plugin improves Neutron in multiple areas Scale (scale/throughput/optimization) HA and management/monitoring Advanced popular network services L3 with static routing L2 "logical-physical" ACL QoS Optimization of Broadcast/Multicast traffic VM VM VM Hyperviso r Any L2/L3 Fabric Slide 31 VM VM VM VM VM VM
Agenda Slide 32 ‣ Intro – VMware philosophy on OpenStack (2 minutes) ‣ Why Neutron NSX VMware Plugin (20 minutes) ‣ Demo of OpenStack "vCenter/KVM" "Neutron/NSX VMware Plugin" (10 minutes) ‣ Q&A (10 minutes)
Demo1 Demonstrate: 2 Tiers-Architecture with "logical/physical" communication L3 and L2 Mix of KVM and ESXi hypervisors Slide 33
Demo2 Demonstrate: VMotion Port-Mirroring Failure of NVP-L3-GW Slide 34
Demo3 Demonstrate: How to build a 2-tier architecture Slide 35
Agenda Slide 36 ‣ Intro – VMware philosophy on OpenStack (2 minutes) ‣ Why Neutron NSX VMware Plugin (20 minutes) ‣ Demo of OpenStack "vCenter/KVM" "Neutron/NSX VMware Plugin" (10 minutes) ‣ Q&A (10 minutes)
Recap: Why OpenStack on VMware NSX VMware believes in enabling customer choice. Nicira/VMware was among the founders of Neutron project. VMware NSX with OpenStack is used by leading Enterprises & Service Providers. NSX Slide 37 VMware NSX with OpenStack is supported by many OpenStack ecosystem companies.
Select OpenStack & VMware NSX customers Public Clouds Slide 38 Enterprise Private Clouds