CloudStack Networking: - With and Without MidoNet - 12th CloudStack User Group Meet-up 2013.3.22
May 12, 2015
CloudStack Networking:
- With and Without MidoNet -
12th CloudStack User Group Meet-up2013.3.22
Introduction
Dave Cahill
Software Engineer
● MidoNet CloudStack Integration Team
Outline
1. How the default Virtual Router on CloudStack works
2. The problems with default Virtual Router
3. How MidoNet solves the problem with its scalable distributed architecture
Outline
1. How the default Virtual Router on CloudStack works
2. The problems with default Virtual Router
3. How MidoNet solves the problem with its scalable distributed architecture
● Provides network functions like Routing, Firewall rules, NAT DHCP
● A Debian-based VM running haproxy, dnsmasq etc
● On VPC Mode, there's one Virtual Router for each VPC
What is the Virtual Router?
VR VM
VPC Logical View (example)
UserVM
UserVM
Virtual RouterVM
UserVMUser
VM
UserVMUser
VMUserVM
Orange Tier Purple Tier
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
Virtual RouterVM
UserVM
System VM(SSVM)
System VM(CPVM)
Physical View - VPC with default CS networking
I
E
Physical Packet Flow
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
Virtual RouterVM
UserVM
System VM(SSVM)
System VM(CPVM)
E
I Ingress Point
Egress Point
I
E
Physical Packet Flow
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
Virtual RouterVM
UserVM
System VM(SSVM)
System VM(CPVM)
E
I Ingress Point
Egress Point
Outline
1. How the default Virtual Router on CloudStack works
2. The problems with default Virtual Router
3. How MidoNet solves the problem with its scalable distributed architecture
The problem with this model
● The Virtual Router is a traffic bottleneck, and causes scalability issues
● VLANs are used to isolate the separate "tiers", which causes the following issues:
○ Max 4096 VLANs issue : Scalability issue
○ Cumbersome manual configuration and operation
Outline
1. How the default Virtual Router on CloudStack works
2. The problems with default Virtual Router
3. How MidoNet solves the problem with its scalable distributed architecture
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
NSD
Network State Database (Clustered)
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
System VM(SSVM)
System VM(CPVM)
No Virtual Router
VM
NSD
The Network State Database (clustered, fault-tolerant)contains logical topology of the network, firewall rules etc
UserVM
UserVM
Router
UserVMUser
VM
UserVMUser
VMUserVM
Orange Tier Purple Tier
NSD
The Network State Database (clustered, fault-tolerant)contains logical topology of the network, firewall rules etc
UserVM
UserVM
Router
UserVMUser
VM
UserVMUser
VMUserVM
Orange Tier Purple Tier
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
NSD
The Network State Database (clustered, fault-tolerant)contains logical topology of the network, firewall rules etc
UserVM
UserVM
Router
UserVMUser
VM
UserVMUser
VMUserVM
Orange Tier Purple Tier
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
"Intelligence at the edge"
Network State Database
NSD
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
System VM(SSVM)
System VM(CPVM)
I
E
E
I Ingress Point
Egress Point
How MidoNet Works- Packet Pass Case -
MidoNet Agent
出
UserVM
UserVM
Router
UserVMUser
VM
UserVMUser
VMUserVM
Orange Tier Purple Tier
Flow Rules : None
I E
MidoNet does a logical simulation of the packet flow
How MidoNet Works- Packet Pass Case -
MidoNet Agent
出
UserVM
UserVM
Router
UserVMUser
VM
UserVMUser
VMUserVM
Orange Tier Purple Tier
Flow Rules : None
I E
MidoNet does a logical simulation of the packet flow
NSD
Network State Database (Clustered)
IP Tunnel
I
E
E
I Ingress Point
Egress Point
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
System VM(SSVM)
System VM(CPVM)
NSD
Network State Database (Clustered)
IP Tunnel
I
E
E
I Ingress Point
Egress Point
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
System VM(SSVM)
System VM(CPVM)
How MidoNet Works- Packet Drop Case -
MidoNet Agent
出
Flow Rule
I E
UserVM
UserVM
Router
UserVMUser
VM
UserVMUser
VMUserVM
Orange Tier Purple Tier
I E
MidoNet does a logical simulation of the packet flow
E
I Ingress Point
Egress Point
How MidoNet Works- Packet Drop Case -
MidoNet Agent
出
Flow Rule
I E
UserVM
UserVM
Router
UserVMUser
VM
UserVMUser
VMUserVM
Orange Tier Purple Tier
I E
MidoNet does a logical simulation of the packet flow
E
I Ingress Point
Egress Point
NSD
Network State Database (Clustered)
I
E
E
I Ingress Point
Egress Point
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
System VM(SSVM)
System VM(CPVM)
Packet dropped at source host without being put on the wire - "intelligence at the edge"
NSD
Network State Database (Clustered)
I
E
E
I Ingress Point
Egress Point
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
MidoNetAgent
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
UserVM
System VM(SSVM)
System VM(CPVM)
Packet dropped at source host without being put on the wire - "intelligence at the edge"
Midokura CloudStack plugin UI
RoadmapHypervisor:
KVMXenServer(Planned)
Submitted to CloudStack master codebase:Advanced Isolated Mode:
L2, L3, DHCP, Firewall, Source NAT, Static NAT, Port Forwarding
Implemented but not upstream:VPC Mode:
L2, L3, DHCP, Firewall, Source NAT, Static NAT, Port Forwarding
Calling for Customers! We'd like to discuss with you
which features / functions to add next!
Today we covered
1. How the default Virtual Router on CloudStack works
2. The problems with default Virtual Router
3. How MidoNet solves the problem with its scalable distributed architecture
Websitewww.midokura.jp
Twitter@MidokuraJapan@davecahill
Book"CloudStack 徹底入門"
Chapter 10 (10.3.3) "Midokura"
Thanks for listening.