1 of 26

SDN/NFV Introduction

Marian Babik

1

2 of 26

Introduction

This is a an introduction to SDN/NFV, which includes demo/hands-on examples

Anyone should be able to re-run the same exercises on his/her laptop (or on a simple set of VMs) - setup is covered later (setup details and all interactive sessions are covered in the “transcript” version of this presentation).

The aim is to showcase core concepts and help in preparation of a potential testbed setup at the site. The focus is on site managers/site admins - only basic networking knowledge is assumed (Linux/TCP/IP stack).

Technologies covered were picked so that it’s easy to explain the core concepts (focus was given on tools/services that are simple to be explained - might not scale well in a real production setup).

2

3 of 26

Content

  • Setup details - VM1-4
  • SDN/NFV Schema, basic elements
  • Software switches
    • OpenVSwitch (OVS) introduction and basic concepts (VM1 with DOCKER)
    • Tunneling with OVS and VXLAN (VM2 and VM3 with MININET)
    • Shaping (VM2 and VM3 with MININET)
  • Controllers
    • Open Virtual Network (OVN) controller
    • OVN commands/setup (VM4 with DEVSTACK)
  • OpenStack Networking
    • Introduction to Neutron
    • Setting up VMs, creating virtual switches and router, attaching VMs (VM4 with DEVSTACK)
  • Summary

3

4 of 26

Setup details

  • 4 different VMs are needed to run the exercises
  • VM1
    • Latest CC7 image with OVS 2.9.0 and Docker-CE
  • VM2 and VM3
    • MININET 2.2.2 VM images (http://mininet.org/)
  • VM4
    • CC7 image
    • OVN with DevStack (http://docs.openvswitch.org/en/latest/tutorials/ovn-openstack/)

4

5 of 26

SDN/NFV DC Schema

Orchestrator manages critical aspects of DC

  • Compute (VMs, containers, BM)
  • Storage
  • Network

SDN Controller - manages network and network services - it’s core role is translate high-level (orchestrator) requests, e.g. create VM, connect tenant VMs to network, create network service (load balancer), setup security policies for tenant, etc.

into concrete actions on physical and virtual switches, e.g. setup overlay networks, attach VMs to ports on virtual switch, route packets btw. virtual and physical networks, etc.�

DC Network runs in a combination of virtual and physical switches, routers/gateways.

5

6 of 26

Software Switches

6

7 of 26

Software Switches

Open vSwitch (OVS) - open source multilayer virtual switch supporting standard interfaces and protocols:

  • OpenFlow, STP 802.1d, RSTP,
  • Advanced Control, Forwarding, Tunneling
  • Primarily motivated to enable VM-to-VM �networking, but grew to become the core�component in most of the existing �open source cloud networking solutions

�Runs as any other standard Linux app - user-level controller with kernel-level datapath including HW off-loading (recent) and acceleration (Intel DPDK)

Enables massive network automation …

7

8 of 26

OVS session

8

9 of 26

OVS session

9

10 of 26

OVS architecture

10

11 of 26

Tunneling/VXLAN

  • Virtual Networks (VNs) - logical construct implemented on top of physical networks
    • connects tenant VMs/containers - provide multi-tenancy
    • each tenant can have multiple VNs, each VN is isolated from other VNs
  • Virtual Networks can be implemented by different mechanisms
    • E.g. using 2 networks - physical underlay/virtual overlay networks
    • Overlay networks are implemented using dynamic “mesh” of tunnels - with various different data/control plane protocols - vxlan, gre, geneve, stt
  • VXLAN - example of L2 overlay (RFC 7348)
    • VNI - virtual network identifier
    • VTEP - VXLAN Tunnel Endpoint - performs encapsulation

11

12 of 26

Tunneling/VXLAN session

12

13 of 26

Tunneling/VXLAN session

13

14 of 26

Traffic Shaping/QoS

One of the interesting features of OVS is QoS

OVS supports both ingress/egress traffic shaping, ingress is easier to setup, so the session will focus on it, in real life egress is likely going to be used

14

15 of 26

Controllers

15

16 of 26

Open Virtual Networking (OVN)

Simple SDN controller with specific focus on Compute

  • Works on same platform as OVS (comes packaged with OVS)
  • Integration with OpenStack, Kubernetes, Docker/Swarm�

Open-source L2/L3 network virtualization for OpenVSwitch

  • Logical switches
  • IPv4/IPv6 logical routers
  • L2/L3/L4 ACLs (Security Groups)
  • Tunnel overlays (Geneve, VXLAN)
  • Logical load-balancing
  • TOR-based logical-to-physical L2 gateways
  • Software-based L2/L3 logical-to-physical gateways

16

17 of 26

OVN architecture

17

18 of 26

OVN session

18

19 of 26

OpenStack Networking

19

20 of 26

OpenStack Networking with OVN

20

Cf. slides 9 and 15

21 of 26

OpenStack Networking with OVN session

21

22 of 26

Summary

I have merely scratched the surface on this topic, but hopefully enough information was provided for basic orientation in SDN/NFV.

Technologies/tools that were shown have existing production deployment

SDN/NFV use cases for Compute have strong backing in the commercial space (multi-tenancy is a strong requirement for any cloud provider) - this will clearly impact how the technology/tools will evolve in the future

There are many other approaches apart from the one shown (e.g. OpenContrail, OpenDaylight, OpenStack neutron agents, etc.) - establishing testbeds and evaluating them can be done by setting up full featured OpenStack cluster

22

23 of 26

Summary/Next steps

  • Many topics not covered:
    • Physical-to-virtual connection, integration with physical switches/routers
    • Advanced OVS features (LACP, bonding, ACLs, STP/RSTP, HFSC qdisc, etc.)
    • OVS alternatives (VRouter/Contrail, CumulusLinux, etc.)
    • OVN alternatives (OpenContrail/Tungsten, OpenDaylight, Ryu, etc.)
    • Tunneling protocols/techniques (MPLS over GRE, Geneve, STT, etc.)
    • Distributed routing/distributed gateways
    • Performance/Scalability evaluation (Intel DPDK)
    • Others ?
  • We should gradually cover all of them within the WG - provided there is sufficient effort - volunteers ?
  • We should discuss what are our priorities - which areas we want to explore next
  • Documentation to host what we have learnt so far - proposing to create github hosted (written in markdown) - starting with this tutorial

23

24 of 26

References

https://www.youtube.com/user/mahler711

http://mininet.org/

http://netseminar.stanford.edu/seminars/01_19_17.pdf

http://docs.openvswitch.org/en/latest/tutorials/ovn-openstack/

http://containertutorials.com/network/ovs_docker.html

https://github.com/openvswitch/ovn-kubernetes

http://www.opencontrail.org/opencontrail-architecture-documentation/

https://docs.openstack.org/arch-design/design-networking.html

24

25 of 26

Backup

25

26 of 26

Open vSwitch Features

  • Visibility into inter-VM communication via NetFlow, sFlow(R), IPFIX, SPAN, RSPAN, and GRE-tunneled mirrors
  • LACP (IEEE 802.1AX-2008)
  • Standard 802.1Q VLAN model with trunking
  • Multicast snooping
  • IETF Auto-Attach SPBM and rudimentary required LLDP support
  • BFD and 802.1ag link monitoring
  • STP (IEEE 802.1D-1998) and RSTP (IEEE 802.1D-2004)
  • Fine-grained QoS control
  • Support for HFSC qdisc
  • Per VM interface traffic policing
  • NIC bonding with source-MAC load balancing, active backup, and L4 hashing
  • OpenFlow protocol support (including many extensions for virtualization)
  • IPv6 support
  • Multiple tunneling protocols (GRE, VXLAN, STT, and Geneve, with IPsec support)
  • Remote configuration protocol with C and Python bindings
  • Kernel and user-space forwarding engine options
  • Multi-table forwarding pipeline with flow-caching engine
  • Forwarding layer abstraction to ease porting to new software and hardware platforms

26