Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization Overlay
MidoNet Differentiation and Overview
-
Upload
midokura -
Category
Technology
-
view
278 -
download
0
Transcript of MidoNet Differentiation and Overview
Confidential
About the company• Founded in 2010, Midokura is a global
company with offices in Tokyo, San Francisco, Barcelona and Munich
• Pioneer in network virtualization – provides software for networking using overlay approach. Pedigree includes Amazon, Cisco, VMware and Google
• Received $20M+ in first round of funding April 2013 from Innovation Network Corporation of Japan, NTT and NEC
• Named by CRN as amongst the top 10 networking stories of 2013 and also amongst 10 coolest startups in the world
• Won Nokia’s Silicon Valley Innovation Challenge – 2014
• Named AlwaysOn award winner for the second consecutive year
• Significant contributor to the OpenStack Networking (Neutron)
• First SDN vendor to be certified for Red Hat OpenStack environment
• Early member of the Open DayLight Project (ODP)
• Broad and deep technical partnerships with network switch vendors, software companies and solution providers
Confidential
v
Any Application
MidoNet Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical Layer 4
Load Balancer
Logical L3
KVM, ESXI, LXC, Docker
Logical Switching – Layer 2 over Layer 3,
decoupled from the physical network
Logical Routing – Routing between virtual
networks without exiting the software
container
Distributed Firewall – Provides ACLs, high
performance kernel integrated firewall via a
flexible rule chain system
VXLAN/GRE – VxLAN and GRE tunneling
Provides L2 connectivity across L3
transport.
Logical Layer 4 Load Balancer –
Application Load Balancing in software
MidoNet API – Alignment with OpenStack
Neutron’s API for integration into compatible
cloud management software
MidoNet Network Virtualization Platform
ConfidentialDo it BiggerDo it Faster
Va
lue
AgilityProvide rapid
provisioning of isolated
network infrastructure for
labs and devops.
Logical Network Provisioning
Automated Provisioning
Isolated Sandboxes
ControlNetwork admins can
better secure, control &
view network traffic.
Single Pane of Glass OpsTools
Enhanced Security
Enable Compliance
Do it Better
IaaS
CloudBuild multi-tenant
clouds with visibility
into usage.
Tenant
Control
Metering
Automated
Self Service
PerformanceImprove network
performance using edge
overlay & complementary
technologies.
Single Hop Virtual Networking
VXLAN Hardware Gateway
Massive performance
with 40Gb Support
Scale
Add virtual network infra
& services simply &
resiliently without
hardware & bottlenecks.
Distributed Logical
NetworkingFW, LB, L2/3, NAT
Limitless “VLANs”
Scale out L3 Gateway
Bridge legacy VLANs
IPv6
Solution for
OpenStack
Networking
Use MN to overcome
limitations of Neutron for
OpenStack users.
Replaces OVS
Plugin
Confidential
MidoNet Distributed Advantage:Comparing with OVS and Centralized Controller Approaches
7
Confidential
OVS Open Source Plugin
8
Overlay Networking
GRE Tunnels
Uses Open vSwitch Project
Components:
• Neutron OVS Agent
• Neutron DHCP Agent
• Neutron L3 Agent
• IPTables
Neutron Network Node
Neutron-Server + OVS Plugin
L3 Agent DHCP Agent OVS Agent
NAT /Floating IPs
IP Tables / Routing
dnsmasqovsdb/
vswitchd
Linux Kernel / IP Stack
Compute Node
nova compute
OVS Agent KVM
VM VM
Linux Kernel / IP Stack
ovsdb/vswitchd
IP Tables
Compute Node
nova compute
OVS Agent KVM
VM VM
Linux Kernel / IP Stack
ovsdb/vswitchd
IP Tables
GRE Tunnels
IP UnderlayWAN
security groups security groups
Confidential
Challenges with OVS Plugin
9
Neutron Network Node is a SPOF
Need to use corosync, etc for active/standby failover.
Challenging at Scale
Since there’s a single network node, this becomes a bottleneck
fairly quickly.
Inefficient Networking
IPTables, L3 Agent, multiple hops for single flow are causing
unnecessary traffic and added latency on your physical network
Confidential 10
Private IP Network
SDN Controller
Active Gateway Standby Gateway
Internet
Service Node
Linux Kernel
Open vSwitch Agent
VM
IP Tables
SDN Controller centrally
processes flows, and
programs virtual switches
remotely
VM VM
Linux Kernel
Open vSwitch Agent
VM
IP Tables
VM VM
Centralized Controller Model
Confidential 11
Private IP Network
Network State Database
Internet
MidoNet Agents act as
distributed controller
MidoNet Distributed Model
Network State DatabaseNetwork State Database
Linux Kernel
MidoNet Agent
VMVM VM
Linux Kernel
MidoNet Agent
VMVM VM
Active GatewayActive Gateway
Active Gateways
Distributed scale out
Gateways
Logical Network
topology stored in
distributed database
MidoNet Agent removes
need for Service Nodes and
IPTables
Confidential 12
Private IP Network
SDN Controller
Service Node
Service node centrally
responsible network services
like NAT, routing, Load
balancing
Linux Kernel
Open vSwitch Agent
VM
IP Tables
VM VM
Centralized Controller Model
Confidential 13
Private IP Network
Network State Database
MidoNet Agent programs the
Kernel to provide services like
security groups, routing, load
balancing, and floating IPs
Linux Kernel
VMVM VM
MidoNet’s Distributed Edge Model
MidoNet Agent
Confidential 14
Private IP Network
SDN Controller
Active Gateway Standby Gateway
Internet
Linux Kernel
Open vSwitch Agent
VM
IP Tables
All outgoing flows travel
through the active gateway
node.
VM VM
Linux Kernel
Open vSwitch Agent
VM
IP Tables
VM VM
Active/Standby GW Model
Confidential 15
Private IP Network
Active Gateway 1
Active Gateway 2
Internet
Linux Kernel
Open vSwitch Agent
VM
IP Tables
Outgoing and Incoming flows
balanced across MidoNet
Distributed Gateways
VM VM
Linux Kernel
Open vSwitch Agent
VM
IP Tables
VM VM
Active Gateway 3
Network State DatabaseNetwork State Database
Network State Database
Fully Distributed GW Model
Confidential
Why L3 Gateway?
16
• Static routes suck
• Provides HA out of the box
• Inbound distributed NAT, routing, L4LB,
and Firewalls
• Can provide VPC like multi-tenant BGP
capabilities
Confidential
VxLAN Gateway (VXGW)
17
• Connect to non-virtualized workloads
without a software gateway
• One less hop required
• More port density