This document summarizes a presentation about new networking capabilities in Apache CloudStack (ACS) and how to leverage them for virtual network function (VNF) deployments. The presentation discusses the history of challenges with VNFs in CloudStack, past enhancements, the current state of ACS networking in version 4.17, and the future of ACS networking in version 4.18 and beyond. Specific capabilities covered include user-driven VLAN selection, user-shared networks, programmable MTU, configurable protocol options in firewall rules, and configurable source NAT IP ranges. Ideas for further enhancements like policy-based routing, routed IPv4, and dynamic routing are also discussed.

1. New networking capabilities in
ACS – and how to leverage them for
VNF deployments
Alexandre Mattioli - Cloud Architect, ShapeBlue
CloudStack Collaboration Conference 2022

2. Who’s talking?
Alexandre Mattioli -
Cloud Architect at Shapeblue
• Brazilian, now based in Prague
• 30 years experience in Technology
• Worked in many fields of IT
• Involved with CloudStack since 2012
• @ShapeBlue since 2020.

3. What will we talk about?
• What are VNFs
• Historical challenges with VNFs in CloudStack
• Past enhancements
• Current state of ACS’s networking (4.17)
• The future in ACS networking (4.18+)
• Q&A
Related talks on CCC 2022:
Wei-Zhou: VM Autoscaling With CloudStack VR (14:55)
Abhishek Kumar: Edge Zones In CloudStack (15:50)

4. What are VNFs?
Virtual Network Function

5. Journey to VNFs
• Very expensive
• Highly proprietary
• ASIC based
• Long development cycle
• More affordable
• Off the shelf
• x86 based
• Shorter development cycle
• Scalable cost
• Very easy to trial
• Fast releases

6. NFV

7. ETSI Framework VNF -> ACS VR

8. • Templates with multiple disks
• Deployment time settings
• Specialized hypervisor features
• L2 connectivity for service-chaining
Challenges back then

9. Service Chaining

10. 4.9 -> 4.16

11. Routed Dual Stack VR

12. Statically Routed IPv6
• 4.17 IPv6 Implementation
• VPCs and Isolated Networks
• Statically Routed
• Nat’ed IPv4

13. User driven VLAN selection

14. User-Shared Networks
Previously not available for Shared Networks

15. User-Shared Networks
Normal end-user (aka non-root admin)
We have a new field

16. User-Shared Networks
API response to listnetworks
lists the associated networks
Networks with which a given
network can be associated with.

17. Use Case – User VNF Deployment

18. Use Case – User VNF Deployment
Isolated Network
Add Isolated Network
ACS VR

19. Use Case – User VNF Deployment
Deploy VNF Template
VNF’s upstream interface on Isolated Network
Isolated Network
ACS VR
SDWAN VNF

20. Use Case – User VNF Deployment
1:1 NAT ACS VR<->VNF
Isolated Network
ACS VR
Acquire Public IP for StaticNAT SDWAN VNF

21. Use Case – User VNF Deployment
Create Layer2 Network
Attach to VNF’s downstream Interface
Isolated Network
ACS VR
L2 Network
SDWAN VNF

22. Use Case – User VNF Deployment
Create UserShared Network
Associate to L2 Link Network
Isolated Network
ACS VR
L2 Network
UserShared

23. Use Case – User VNF Deployment
Isolated Network
ACS VR
UserShared (VLAN A)
SDWAN VNF
User VMs

24. Use Case – User VNF Deployment

25. Use Case – User VNF Chaining
Create
Isolated

26. Use Case – User VNF Chaining
Deploy VNF
VM

27. Use Case – User VNF Chaining
Acquire
Public IP and
apply Static
NAT

28. Use Case – User VNF Chaining
Create Layer2
Network
L2 Network

29. Use Case – User VNF Chaining
Deploy
another VNF

30. Use Case – User VNF Chaining
Create Another
Layer 2 Network

31. Use Case – User VNF Chaining
Add user-
shared with
associated
network

32. Use Case – User VNF Chaining

33. Use Case – User VNF Deployment IPv6
IPv6 all the way
IPv6
IPv6

34. Use Case – User VNF Deployment IPv6
IPv4
NAT 6to4 VNF
IPv6

35. User-Driven Private Gateways
Operational Overhead

36. User-Driven Private Gateways
Not scalable

37. User-Driven Private Gateways

38. User-Driven Private Gateways

39. User-Driven Private Gateways

40. User-Driven Private Gateways

41. User-Driven Private Gateways

42. User-Driven Private Gateways

43. User-Driven Private Gateways - VNF

44. Associated Networks
• Available in 4.17
• Empowers end-user
• Enables richer topologies
• Reduces operational overhead

45. Fixing the Problems

46. Programmable MTU
New fields for Isolated Networks
Public Interface MTU
Private Interface MTU
Global and Zone level settings:
vr.public.interface.max.mtu
vr.private.interface.max.mtu

47. Programmable MTU
Private – MTU 1500
Public – MTU 1440

48. Configurable protocol option in firewall rules
Static NAT

49. Configurable protocol option in firewall rules
Somewhat limited

50. Configurable protocol option in firewall rules

51. Configurable SourceNAT IP
Can’t be changed
Decommissioning an IP range assigned to a zone is extremely disruptive

52. Configurable SourceNAT IP
Now it can be changed
Make SourceNat
Make SourceNat
Make SourceNat
New option

53. Enhancement Ideas

54. Policy Based Routing
Routing decisions taken
on:
• Source subnet
• Port number
• Type of Traffic
• Network protocol
• Packet size
• Access list
• Etc..etc..
Source 10.10.1.0/24 via VPC’s default gateway
Source 10.10.2.0/24 via VPC’s private gateway

55. Routed IPv4
• Proposal:
• Similar implementation as IPv6
• Dual-stack fully routed
• Challenges:
• Presentation of IPv4 ranges to ACS
• Wasteful subnetting

56. Dynamic Routing
• We all want it
• We all need it
• Many ideas how to do it
• Let’s talk…

57. Taking ACS to the Edge
15:50
New York
City Hall

58. Questions?