Network Virtualization with quantum

Network Virtualization with quantum

• 1.
  Network Virtualization with Quantum Chandan Dutta Chowdhury Juniper Networks InStackers Meeting
• 2.
  Agenda  Overview anduse case of Network virtualization  Quantum Overview  Network Isolation at Layer 2 in Quantum  Quantum L3 isolation  Security groups
• 3.
  Overview and usecase of Network virtualization “network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.” -Wikipedia
• 4.
  Single tier deployment AllVMs connect to a Linux bridge, which is uplinked to the switch using a physical NIC on the server Physical Server VM Bridge NIC
• 5.
  2 tier deploymentUse Case We have a web server and a DB server and don’t want to provide direct access to DB server Physical Server Database WWW Bridge Bridge NIC
• 6.
  VMs on multiplePhysical servers Private Network Physical Server Physical Server Database WWW NIC NIC Bridge Bridge Bridge NIC Bridge NIC Public Network
• 7.
  Multi Tenants VMson multiple Physical servers Private Network Physical Server Physical Server NIC NIC VM VM VM VM VM VM VM VM VM VM Switch Switch
• 8.
  Introduction to Quantum Features Implementation  Provides network as a service to  Exposes REST APIs connect the VMs in the cloud  Self-service API for virtual  provides plug-in based network creation architecture to support different vendor provided networking  It provides features like equipments.  L2 isolation L3 isolation   Extensions are supported to add Firewalls functionality in addition to core   Load Balancer etc. APIs  Supports various networking modes
• 9.
  OpenStack big picture
• 10.
  Quantum Architecture Quantum REST API Extensions Plug-in Network Device Agents Message Queue Database
• 11.
  Quantum network modes Single Flat Network  Mixed Flat and Private Network
• 12.
  Quantum network modes Provider Router with Private Networks
• 13.
  Quantum Core APIs  Network  Network. An isolated virtual  Create network layer-2 domain. A network can  Update network also be a virtual, or logical, switch  Delete network  List network  Show network  Subnet. An IP version 4 or version 6 address block from  Subnet which IP addresses that are  Create Subnet assigned to VMs on a specified  Update Subnet network are selected.  Delete Subnet  List Subnet  Port. A virtual, or logical, switch  Show Subnet port on a specified network  Port  Create Port  Update Port  Delete Port  List Port  Show Port
• 14.
  Network Isolation atLayer 2 in Quantum  Quantum creates a isolated L2 domain per virtual network  On the backend it uses a combination of the following to provide the isolated l2 domain  VLANs  GRE tunnels  Linux Bridges  OVS  CLI  quantum net-create net1  quantum subnet-create net1 10.0.0.0/24  quantum port-create --fixed-ip subnet_id=<subnet- id>,ip_address=192.168.57.101 <net-id>
• 15.
  Linux Bridge basedvirtual networks  A sub interface is created per virtual network (virtual network being represented by vlan)  A separate bridge is used to connect the VMs to each other VLAN Sub-Interface Nova Compute Nova Compute Linux Bridge vlan10 Linux Bridge vlan10 Linux Bridge vlan20 NIC Linux Bridge vlan20 NIC vlan30 Linux Bridge vlan30 Linux Bridge
• 16.
  OVS based virtualnetwork  A vlan is created in OVS per virtual network Nova Compute Nova Compute OVS OVS Vlan 10 NIC Vlan 10 NIC Vlan 20 Vlan 20 Vlan 30 Vlan 30
• 17.
  Quantum Plug-in andExtensions Plug-ins Extensions  Quantum plug-ins are used  Extensions provide a way to to configure vendor provided extend the APIs provided by switch for virtual networking. quantum. E.g. L3 functionality in quantum is provided as extension.  Extensions are used to provide new/ experimental functionality in quantum.
• 18.
  Advanced Networking Concepts
• 19.
  Quantum L3 networking extension  L3 extension allows to creation of routers to connect 2 or more networks NIC Layer 3 Router1 Gateway Layer 2 Net1 Net2 Net3 VM VM VM
• 20.
  Quantum L3 isolation Layer 3 networking :Virtual  Default implementation of Routers router is done using Linux network namespaces  Router can also be used to Physical Server provide external Database connectivity and NAT functionality WWW Bridge Router NIC Bridge
• 21.
  Quantum L3 CLI CLI  quantum router-create router1  quantum router-interface-add router1 <subnet1-uuid>  quantum router-interface-add router1 <subnet2-uuid>
• 22.
  Security group  Security groups and security group rules allows administrators and tenants the ability to specify the type of traffic and direction (ingress/egress) that is allowed to pass through a port. A Security Group is a named set of rules that get applied to the incoming packets for the instances  By default this group will drop all ingress traffic and allow all egress Physical Server Database WWW Bridge Router NIC Bridge
• 23.
  Security Groups CLI quantum security-group-list  quantum security-group-rule-create --direction ingress - -protocol tcp --port_range_min 80 --port_range_max 80 <security_group_uuid>  quantum port-create <network_id> --security_groups list=true <security_group_id> <security_group_id>  quantum port-update <port_id> --security_groups=None  quantum security-group-rule-list  quantum security-group-rule-delete <security_group_rule_uuid>
• 24.
  THANK YOU ALL