SlideShare uma empresa Scribd logo

VXLAN Distributed Service Node

David Lapsley
David Lapsley

VXLAN is a point to point, UDP-based "tunneling" protocol, that enables L2 encapsulation over an L3 "undernet", while also allowing up to 16 million Virtual Networks. One challenge with deploying VXLAN is that by default VXLAN requires multicast support for Broadcast, Unknown and Multi-cast packets. Often this is not possible in customer networks. An alternative approach is to use the Service Node concept where dedicated node(s)/process(es) are responsible for flooding Broadcast, Unknown, and Multicast packets throughout a network. This removes the need for multi-cast, and greatly simplifies network configuration. However, it does require a scalable, and highly available implementation.

Internet
1 de 50
Baixar para ler offline
David Lapsley (@devlaps), Chet Burgess (@cfbIV), Kahou Lei (@kahou82) May 20, 2015 OpenStack Vancouver Summit VXLAN Distributed Service Node
Virtualization in the data center has changed network requirements
Number of end hosts  Number of networks  Bandwidth requirements 
This is a problem for traditional data center networks
• L2 Access with L3 Aggregation • Wasted capacity: STP blocks ports to prevent loops • VLAN Exhaustion: only 4K with 802.1Q label • ToR Scalability: hw tables need to scale with endpoints Traditional Data Centers
L3 to the edge can help
• L3 is Scalable • Well known and supported • Equal Cost Multi-Path (ECMP) Routing • Each link active at all times L3
How do we scope tenants/projects?
• MAC over UDP/IP overlay • Re-uses existing IP core (L3 ECMP, No STP) • Reduces pressure on ToR L2 tables • Supports over 16M+ VLANs • Maintains L2 bridging semantics VXLAN
VXLAN Encapsulation
• Virtual Network Identifier • 24 bits  16+ million • VXLAN Tunnel End Point (VTEP) • Encapsulation, Decapsulation • Listen on UDP port 4789 (IANA), 8472 (Linux default) for incoming VXLAN packets • VNI to VTEP IP mapping VXLAN Components
VXLAN Example Deployment Hypervisor 1 VM1 VM2 VTEP (vxlan100) Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) L3 Network eth0 Hypervisor 2 Tenant bridge (br100) VM3 VM4 VTEP (vxlan100) Tenant bridge (br101) VM3 VM4 VTEP (vxlan101) eth0 VXLAN 100 VXLAN 101 DMAC SMAC 802.1Q EType Payload CRC Outer MAC Outer IP Outer UDP VXLAN CRCPayload VXLAN Network Identifier (24 bits) VXLAN Flags (8 bits) Reserved (24 bits) Reserved (8 bits) Tenant bridge (br100)
• Broadcast, Unknown, and Multicast packets (e.g. ARP, DHCP, multi-cast, etc.) are flooded to all VTEPs for the given VNI • Two mechanisms used: • Multicast • Multi-cast address and VNI configured for each VXLAN segment • VTEP sends IGMP join/leave as VMs spin up/down • Broadcast domain implemented using multicast • Service Node: • Use a “central” service node to maintain mapping of VNIs to VTEP IPs Broadcast, Unknown and Multicast Packets
Service Node Hypervisor 1 VM1 VM2 vxlan100 (1.1.1.1) Tenant bridge (br101) VM1 VM2 vxlan101 (3.3.3.3) L3 Network eth0 Hypervisor 2 Tenant bridge (br100) VM3 VM4 vxlan100 (2.2.2.2) Tenant bridge (br101) VM3 VM4 vxlan101 (4.4.4.4) eth0 VXLAN 100 VXLAN 101 Tenant bridge (br100) VNI VTEPs 100 1.1.1.1 2.2.2.2 101 3.3.3.3 4.4.4.4 Remote Service Node
Service Node
Central Service Node
Central Service Node
Distributed Service Node
Distributed Service Node
Distributed Service Node
Distributed Service Node
VXLAN Distributed Service Node
Design
Design
Design Controller 1 Controller 2 Controller 3 L3 Network Hypervisor 1 Tenant bridge (br100) VM1 VM2 Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 Hypervisor 500 Tenant bridge (br100) VM1 VM2 VTEP (vxlan100) Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 eth0 VTEP (vxlan100) eth0 eth0 Distributed VXLAN Service Node Distributed VXLAN Service Node mcrouter memcache mcrouter memcache mcrouter memcache
Design Controller 1 Controller 2 Controller 3 L3 Network Hypervisor 1 Tenant bridge (br100) VM1 VM2 Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 Hypervisor 500 Tenant bridge (br100) VM1 VM2 VTEP (vxlan100) Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 eth0 VTEP (vxlan100) eth0 eth0 Distributed VXLAN Service Node Distributed VXLAN Service Node mcrouter memcache mcrouter memcache mcrouter memcache
Design Controller 1 Controller 2 Controller 3 L3 Network Hypervisor 1 Tenant bridge (br100) VM1 VM2 Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 Hypervisor 500 Tenant bridge (br100) VM1 VM2 VTEP (vxlan100) Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 eth0 VTEP (vxlan100) eth0 eth0 Distributed VXLAN Service Node Distributed VXLAN Service Node mcrouter memcache mcrouter memcache mcrouter memcache
• Multi-threaded python program (multiprocessing module) • Runs on every hypervisor • Shares state using Distributed Cache • FB Mcrouter – memcached protocol router (5B requests /second @ peak!) • Listens for new VTEP registrations • Forwards new mappings to Distributed Cache • Listens for Broadcast, Unknown, Multicast packets • Floods to all VTEPs in the Virtual Network VXLAN Distributed Service Node
Service Node
Service Node
Configuring VXLAN
ip link add vxlan1 type vxlan id 1 remote 169.254.1.1 dev eth0 ip addr add 172.16.1.1 dev vxlan1 ip link set dev vxlan1 mtu 1450 ip link set dev vxlan1 up Creating VXLAN interfaces
root@mhv2:~# ip addr show vxlan1 4: vxlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether f2:af:3f:62:cf:65 brd ff:ff:ff:ff:ff:ff inet 172.16.1.5/24 scope global vxlan1 valid_lft forever preferred_lft forever inet6 fe80::f0af:3fff:fe62:cf65/64 scope link valid_lft forever preferred_lft forever Configured VXLAN Interface
iptables –t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp - -dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
-t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp --dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
-t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp --dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
-t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp --dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
-t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp --dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
Demo
Demo Setup Controller 1 Controller 2 Controller 3 L3 Network Hypervisor 1 VTEP (172.16.3.4) 192.168.225.231 Hypervisor 500 192.168.225.232 192.168.225.226 VTEP1 (172.16.1.4) 192.168.225.227 192.168.225.228 VTEP1 (172.16.1.4) VTEP (172.16.3.6)VTEP1 (172.16.1.5) VTEP1 (172.16.1.5) VXLAN Distributed Service Node VXLAN Distributed Service Node mcrouter memcache mcrouter memcache mcrouter memcache
• Open source VDSN source code • Integration with Neutron (if community interest) • Performance and scalability testing Future work
References
• Presentation slides: http://bit.ly/vdsn-presentation • VDSN Source Code and Ansible playbooks: • Simple, accessible model, horizontal scaling • http://bit.ly/vdsn-ansible • VDSN code coming soon (@devlaps, #devlaps) • Production Code: • Multi-area VXLAN! Highly optimized, requires expertise to configure/troubleshoot • http://bit.ly/multi-area-vxlan References
• C. Burgess, N. Leake, L3 + VXLAN Made Practical, OpenStack Summit Spring 2014. • M. Mahalingam, et. Al, Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks, https://tools.ietf.org/html/rfc7348 References
• Sanjay K. Hooda, Shyam Kapadia, Padmanabhan Krishnan, Using TRILL, FabricPath, and VXLAN: Designing Massively Scalable Data Centers (MSDC) with Overlays, Cisco Press, 2014. • Introducing McRouter, http://bit.ly/introducing-mcrouter References
• McRouter on github, https://github.com/facebook/mcrouter • Pyroute2, https://pypi.python.org/pypi/pyroute2 • Maintaining a set in Memcached, http://bit.ly/memcache- sets • Ansible, http://docs.ansible.com References
@devlaps, dlapsley@cisco.com Thank You
VXLAN Distributed Service Node

Recomendados

Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
VXLAN
VXLANVXLAN
VXLANSAliyev1
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlanMohammed Umair
 
VXLAN Practice Guide
VXLAN Practice GuideVXLAN Practice Guide
VXLAN Practice GuidePrasenjit Sarkar
 
Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)Virtual Extensible LAN (VXLAN)
Virtual Extensible LAN (VXLAN)KHNOG
 
Vxlan frame format and forwarding
Vxlan frame format and forwardingVxlan frame format and forwarding
Vxlan frame format and forwardingMohammed Umair
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...OpenNebula Project
 

Mais conteúdo relacionado

Mais procurados

Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PROIDEA
 
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...Toshiaki Hatano
 
Scaleway Approach to VXLAN EVPN Fabric
Scaleway Approach to VXLAN EVPN FabricScaleway Approach to VXLAN EVPN Fabric
Scaleway Approach to VXLAN EVPN FabricScaleway
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLANIndonesia Network Operators Group
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNCisco Canada
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
OTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEOTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEnetworkershome
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEnetworkershome
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEnetworkershome
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)NetProtocol Xpert
 
Operationalizing VRF in the Data Center
Operationalizing VRF in the Data CenterOperationalizing VRF in the Data Center
Operationalizing VRF in the Data CenterCumulus Networks
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 
vPC techonology for full ha from dc core to baremetel server.
vPC techonology for full ha from dc core to baremetel server.vPC techonology for full ha from dc core to baremetel server.
vPC techonology for full ha from dc core to baremetel server.Ajeet Singh
 

Mais procurados (20)

Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routing
 
VXLAN with Cumulus
VXLAN with CumulusVXLAN with Cumulus
VXLAN with Cumulus
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...
 
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...
Linux Native VXLAN Integration - CloudStack Collaboration Conference 2013, Sa...
 
Scaleway Approach to VXLAN EVPN Fabric
Scaleway Approach to VXLAN EVPN FabricScaleway Approach to VXLAN EVPN Fabric
Scaleway Approach to VXLAN EVPN Fabric
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
Building DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPNBuilding DataCenter networks with VXLAN BGP-EVPN
Building DataCenter networks with VXLAN BGP-EVPN
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
 
OTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEOTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOME
 
Otv notes
Otv notesOtv notes
Otv notes
 
Vpc notes
Vpc notesVpc notes
Vpc notes
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
 
10.) vxlan
10.) vxlan10.) vxlan
10.) vxlan
 
VPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOMEVPC PPT @NETWORKERSHOME
VPC PPT @NETWORKERSHOME
 
Fabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOMEFabric Path PPT by NETWORKERS HOME
Fabric Path PPT by NETWORKERS HOME
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)
 
Operationalizing VRF in the Data Center
Operationalizing VRF in the Data CenterOperationalizing VRF in the Data Center
Operationalizing VRF in the Data Center
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
 
vPC techonology for full ha from dc core to baremetel server.
vPC techonology for full ha from dc core to baremetel server.vPC techonology for full ha from dc core to baremetel server.
vPC techonology for full ha from dc core to baremetel server.
 

Semelhante a VXLAN Distributed Service Node

Cloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper ContrailCloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper Contrailbuildacloud
 
VXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfVXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfNelAlv1
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutronvivekkonnect
 
Atf 3 q15-5 - streamlining and automating virtual network control
Atf 3 q15-5 - streamlining and automating virtual network controlAtf 3 q15-5 - streamlining and automating virtual network control
Atf 3 q15-5 - streamlining and automating virtual network controlMason Mei
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話upaa
 
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco NexusРазвитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco NexusCisco Russia
 
CisCon 2017 - I problemi di scalabilità delle tradizionali reti IP nei modern...
CisCon 2017 - I problemi di scalabilità delle tradizionali reti IP nei modern...CisCon 2017 - I problemi di scalabilità delle tradizionali reti IP nei modern...
CisCon 2017 - I problemi di scalabilità delle tradizionali reti IP nei modern...AreaNetworking.it
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld
 
evpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfevpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfThanhTrungBui5
 
Logical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxLogical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxAnwarAnsari40
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2Juli Yaret
 

Semelhante a VXLAN Distributed Service Node (20)

Cloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper ContrailCloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper Contrail
 
VXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfVXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdf
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
 
Atf 3 q15-5 - streamlining and automating virtual network control
Atf 3 q15-5 - streamlining and automating virtual network controlAtf 3 q15-5 - streamlining and automating virtual network control
Atf 3 q15-5 - streamlining and automating virtual network control
 
NSX-MH
NSX-MHNSX-MH
NSX-MH
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
 
Day 14.2 inter vlan
Day 14.2 inter vlanDay 14.2 inter vlan
Day 14.2 inter vlan
 
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco NexusРазвитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
Развитие операционной системы NX-OS коммутаторов для ЦОД Cisco Nexus
 
nested-kvm
nested-kvmnested-kvm
nested-kvm
 
CisCon 2017 - I problemi di scalabilità delle tradizionali reti IP nei modern...
CisCon 2017 - I problemi di scalabilità delle tradizionali reti IP nei modern...CisCon 2017 - I problemi di scalabilità delle tradizionali reti IP nei modern...
CisCon 2017 - I problemi di scalabilità delle tradizionali reti IP nei modern...
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
Opencontrail network virtualization
Opencontrail network virtualizationOpencontrail network virtualization
Opencontrail network virtualization
 
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
VMworld 2013: Troubleshooting VXLAN and Network Services in a Virtualized Env...
 
Lab6.4.1
Lab6.4.1Lab6.4.1
Lab6.4.1
 
evpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfevpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdf
 
Logical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxLogical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptx
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2
 
Ccna 9
Ccna 9Ccna 9
Ccna 9
 

Mais de David Lapsley

Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!David Lapsley
 
Empowering Admins by taking away root (Improving platform visibility in Horizon)
Empowering Admins by taking away root (Improving platform visibility in Horizon)Empowering Admins by taking away root (Improving platform visibility in Horizon)
Empowering Admins by taking away root (Improving platform visibility in Horizon)David Lapsley
 
Real-time Statistics with Horizon
Real-time Statistics with HorizonReal-time Statistics with Horizon
Real-time Statistics with HorizonDavid Lapsley
 
Client-side Rendering with AngularJS
Client-side Rendering with AngularJSClient-side Rendering with AngularJS
Client-side Rendering with AngularJSDavid Lapsley
 
20141002 delapsley-socalangularjs-final
20141002 delapsley-socalangularjs-final20141002 delapsley-socalangularjs-final
20141002 delapsley-socalangularjs-finalDavid Lapsley
 
20141001 delapsley-oc-openstack-final
20141001 delapsley-oc-openstack-final20141001 delapsley-oc-openstack-final
20141001 delapsley-oc-openstack-finalDavid Lapsley
 
20140821 delapsley-cloudopen-public
20140821 delapsley-cloudopen-public20140821 delapsley-cloudopen-public
20140821 delapsley-cloudopen-publicDavid Lapsley
 
OpenStack Horizon: Controlling the Cloud using Django
OpenStack Horizon: Controlling the Cloud using DjangoOpenStack Horizon: Controlling the Cloud using Django
OpenStack Horizon: Controlling the Cloud using DjangoDavid Lapsley
 
Openstack Quantum Security Groups Session
Openstack Quantum Security Groups SessionOpenstack Quantum Security Groups Session
Openstack Quantum Security Groups SessionDavid Lapsley
 
Openstack Quantum + Devstack Tutorial
Openstack Quantum + Devstack TutorialOpenstack Quantum + Devstack Tutorial
Openstack Quantum + Devstack TutorialDavid Lapsley
 
Openstack Nova and Quantum
Openstack Nova and QuantumOpenstack Nova and Quantum
Openstack Nova and QuantumDavid Lapsley
 

Mais de David Lapsley (11)

Learn you some Ansible for great good!
Learn you some Ansible for great good!Learn you some Ansible for great good!
Learn you some Ansible for great good!
 
Empowering Admins by taking away root (Improving platform visibility in Horizon)
Empowering Admins by taking away root (Improving platform visibility in Horizon)Empowering Admins by taking away root (Improving platform visibility in Horizon)
Empowering Admins by taking away root (Improving platform visibility in Horizon)
 
Real-time Statistics with Horizon
Real-time Statistics with HorizonReal-time Statistics with Horizon
Real-time Statistics with Horizon
 
Client-side Rendering with AngularJS
Client-side Rendering with AngularJSClient-side Rendering with AngularJS
Client-side Rendering with AngularJS
 
20141002 delapsley-socalangularjs-final
20141002 delapsley-socalangularjs-final20141002 delapsley-socalangularjs-final
20141002 delapsley-socalangularjs-final
 
20141001 delapsley-oc-openstack-final
20141001 delapsley-oc-openstack-final20141001 delapsley-oc-openstack-final
20141001 delapsley-oc-openstack-final
 
20140821 delapsley-cloudopen-public
20140821 delapsley-cloudopen-public20140821 delapsley-cloudopen-public
20140821 delapsley-cloudopen-public
 
OpenStack Horizon: Controlling the Cloud using Django
OpenStack Horizon: Controlling the Cloud using DjangoOpenStack Horizon: Controlling the Cloud using Django
OpenStack Horizon: Controlling the Cloud using Django
 
Openstack Quantum Security Groups Session
Openstack Quantum Security Groups SessionOpenstack Quantum Security Groups Session
Openstack Quantum Security Groups Session
 
Openstack Quantum + Devstack Tutorial
Openstack Quantum + Devstack TutorialOpenstack Quantum + Devstack Tutorial
Openstack Quantum + Devstack Tutorial
 
Openstack Nova and Quantum
Openstack Nova and QuantumOpenstack Nova and Quantum
Openstack Nova and Quantum
 

VXLAN Distributed Service Node

  • 1. David Lapsley (@devlaps), Chet Burgess (@cfbIV), Kahou Lei (@kahou82) May 20, 2015 OpenStack Vancouver Summit VXLAN Distributed Service Node
  • 2. Virtualization in the data center has changed network requirements
  • 3. Number of end hosts  Number of networks  Bandwidth requirements 
  • 4. This is a problem for traditional data center networks
  • 5. • L2 Access with L3 Aggregation • Wasted capacity: STP blocks ports to prevent loops • VLAN Exhaustion: only 4K with 802.1Q label • ToR Scalability: hw tables need to scale with endpoints Traditional Data Centers
  • 6. L3 to the edge can help
  • 7. • L3 is Scalable • Well known and supported • Equal Cost Multi-Path (ECMP) Routing • Each link active at all times L3
  • 8. How do we scope tenants/projects?
  • 9. • MAC over UDP/IP overlay • Re-uses existing IP core (L3 ECMP, No STP) • Reduces pressure on ToR L2 tables • Supports over 16M+ VLANs • Maintains L2 bridging semantics VXLAN
  • 11. • Virtual Network Identifier • 24 bits  16+ million • VXLAN Tunnel End Point (VTEP) • Encapsulation, Decapsulation • Listen on UDP port 4789 (IANA), 8472 (Linux default) for incoming VXLAN packets • VNI to VTEP IP mapping VXLAN Components
  • 12. VXLAN Example Deployment Hypervisor 1 VM1 VM2 VTEP (vxlan100) Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) L3 Network eth0 Hypervisor 2 Tenant bridge (br100) VM3 VM4 VTEP (vxlan100) Tenant bridge (br101) VM3 VM4 VTEP (vxlan101) eth0 VXLAN 100 VXLAN 101 DMAC SMAC 802.1Q EType Payload CRC Outer MAC Outer IP Outer UDP VXLAN CRCPayload VXLAN Network Identifier (24 bits) VXLAN Flags (8 bits) Reserved (24 bits) Reserved (8 bits) Tenant bridge (br100)
  • 13. • Broadcast, Unknown, and Multicast packets (e.g. ARP, DHCP, multi-cast, etc.) are flooded to all VTEPs for the given VNI • Two mechanisms used: • Multicast • Multi-cast address and VNI configured for each VXLAN segment • VTEP sends IGMP join/leave as VMs spin up/down • Broadcast domain implemented using multicast • Service Node: • Use a “central” service node to maintain mapping of VNIs to VTEP IPs Broadcast, Unknown and Multicast Packets
  • 14. Service Node Hypervisor 1 VM1 VM2 vxlan100 (1.1.1.1) Tenant bridge (br101) VM1 VM2 vxlan101 (3.3.3.3) L3 Network eth0 Hypervisor 2 Tenant bridge (br100) VM3 VM4 vxlan100 (2.2.2.2) Tenant bridge (br101) VM3 VM4 vxlan101 (4.4.4.4) eth0 VXLAN 100 VXLAN 101 Tenant bridge (br100) VNI VTEPs 100 1.1.1.1 2.2.2.2 101 3.3.3.3 4.4.4.4 Remote Service Node
  • 25. Design Controller 1 Controller 2 Controller 3 L3 Network Hypervisor 1 Tenant bridge (br100) VM1 VM2 Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 Hypervisor 500 Tenant bridge (br100) VM1 VM2 VTEP (vxlan100) Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 eth0 VTEP (vxlan100) eth0 eth0 Distributed VXLAN Service Node Distributed VXLAN Service Node mcrouter memcache mcrouter memcache mcrouter memcache
  • 26. Design Controller 1 Controller 2 Controller 3 L3 Network Hypervisor 1 Tenant bridge (br100) VM1 VM2 Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 Hypervisor 500 Tenant bridge (br100) VM1 VM2 VTEP (vxlan100) Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 eth0 VTEP (vxlan100) eth0 eth0 Distributed VXLAN Service Node Distributed VXLAN Service Node mcrouter memcache mcrouter memcache mcrouter memcache
  • 27. Design Controller 1 Controller 2 Controller 3 L3 Network Hypervisor 1 Tenant bridge (br100) VM1 VM2 Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 Hypervisor 500 Tenant bridge (br100) VM1 VM2 VTEP (vxlan100) Tenant bridge (br101) VM1 VM2 VTEP (vxlan101) eth0 eth0 VTEP (vxlan100) eth0 eth0 Distributed VXLAN Service Node Distributed VXLAN Service Node mcrouter memcache mcrouter memcache mcrouter memcache
  • 28. • Multi-threaded python program (multiprocessing module) • Runs on every hypervisor • Shares state using Distributed Cache • FB Mcrouter – memcached protocol router (5B requests /second @ peak!) • Listens for new VTEP registrations • Forwards new mappings to Distributed Cache • Listens for Broadcast, Unknown, Multicast packets • Floods to all VTEPs in the Virtual Network VXLAN Distributed Service Node
  • 32. ip link add vxlan1 type vxlan id 1 remote 169.254.1.1 dev eth0 ip addr add 172.16.1.1 dev vxlan1 ip link set dev vxlan1 mtu 1450 ip link set dev vxlan1 up Creating VXLAN interfaces
  • 33. root@mhv2:~# ip addr show vxlan1 4: vxlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether f2:af:3f:62:cf:65 brd ff:ff:ff:ff:ff:ff inet 172.16.1.5/24 scope global vxlan1 valid_lft forever preferred_lft forever inet6 fe80::f0af:3fff:fe62:cf65/64 scope link valid_lft forever preferred_lft forever Configured VXLAN Interface
  • 34. iptables –t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp - -dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
  • 35. -t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp --dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
  • 36. -t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp --dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
  • 37. -t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp --dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
  • 38. -t nat -A OUTPUT -d 169.254.1.1/32 -p udp -m udp --dport 8472 -j DNAT --to-destination 127.0.0.1:8473 The @cfbIV rule
  • 39. Demo
  • 40. Demo Setup Controller 1 Controller 2 Controller 3 L3 Network Hypervisor 1 VTEP (172.16.3.4) 192.168.225.231 Hypervisor 500 192.168.225.232 192.168.225.226 VTEP1 (172.16.1.4) 192.168.225.227 192.168.225.228 VTEP1 (172.16.1.4) VTEP (172.16.3.6)VTEP1 (172.16.1.5) VTEP1 (172.16.1.5) VXLAN Distributed Service Node VXLAN Distributed Service Node mcrouter memcache mcrouter memcache mcrouter memcache
  • 41.
  • 42.
  • 43. • Open source VDSN source code • Integration with Neutron (if community interest) • Performance and scalability testing Future work
  • 45. • Presentation slides: http://bit.ly/vdsn-presentation • VDSN Source Code and Ansible playbooks: • Simple, accessible model, horizontal scaling • http://bit.ly/vdsn-ansible • VDSN code coming soon (@devlaps, #devlaps) • Production Code: • Multi-area VXLAN! Highly optimized, requires expertise to configure/troubleshoot • http://bit.ly/multi-area-vxlan References
  • 46. • C. Burgess, N. Leake, L3 + VXLAN Made Practical, OpenStack Summit Spring 2014. • M. Mahalingam, et. Al, Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks, https://tools.ietf.org/html/rfc7348 References
  • 47. • Sanjay K. Hooda, Shyam Kapadia, Padmanabhan Krishnan, Using TRILL, FabricPath, and VXLAN: Designing Massively Scalable Data Centers (MSDC) with Overlays, Cisco Press, 2014. • Introducing McRouter, http://bit.ly/introducing-mcrouter References
  • 48. • McRouter on github, https://github.com/facebook/mcrouter • Pyroute2, https://pypi.python.org/pypi/pyroute2 • Maintaining a set in Memcached, http://bit.ly/memcache- sets • Ansible, http://docs.ansible.com References

Notas do Editor

  1. http://en.wikipedia.org/wiki/IEEE_802.1Q
  2. BUM packets only
  3. BUM packets only
  4. BUM packets only
  5. BUM packets only
  6. BUM packets only
  7. BUM packets only
  8. BUM packets only