SlideShare une entreprise Scribd logo
1  sur  38
Télécharger pour lire hors ligne
CloudStack Networking

     Chiradeep Vittal
       May 2 2012
Outline

•   CloudStack Networking Features
•   CloudStack Networking Configuration
•   CloudStack Networking APIs
•   CloudStack Network Architecture
•   Virtual Router deep dive
Feature overview
• Orchestration of L2 – L7 network services
     – IPAM, DNS, Gateway, Firewall, NAT, LB, VPN, etc
• Mix-and-match services and providers
• Out-of-the-box integration with automated deployment of virtual routers
     – Highly available network services using CloudStack HA and VRRP
• Orchestrate external providers such as hardware firewalls and load
  balancers
     – Devices can provide multiple services
     – Admin API to configure external devices
     – Plugin-based extensions for network behavior and admin API extensions
•   Multiple multi-tenancy [network isolation] options
•   Integrated traffic accounting
•   Access control
•   Software Defined Networking too
Basic vs Advanced Networking
• Segmentation based on feature set and ease-of-
  deployment
• Both are feature-rich
• Basic implements true AWS-style L3-isolation
  – Tenants do not get contiguous IP addresses or subnets
  – Network segmentation based on Security Groups
  – Tremendous scale (tens of thousands)
• Advanced Zone offers full L3 subnets
  – VLANs are default implementation (4K limit)
  – More features (source NAT, PF, VPN)
CloudStack Terminology
•   Guest network
     – The tenant network to which instances are attached
•   Storage network
     – The physical network which connects the hypervisor to primary storage
•   Management network
     – Control Plane traffic between CloudStack management server and hypervisor clusters
•   Public network
     – “Outside” the cloud *usually Internet+
     – Shared public VLANs trunked down to all hypervisors
•   All traffic can be multiplexed on to the same underlying physical network using
    VLANs
     – Usually Management network is untagged
     – Storage network usually on separate nic (or bond)
•   Admin informs CloudStack how to map these network types to the underlying
    physical network
     – Configure traffic labels on the hypervisor
     – Configure traffic labels on Admin UI
PHYSICAL NETWORK IN A ZONE

                                                Core (L3) Network


                                           Pod 1                Pod 2       Pod N

      Cloudstack            Access Switch(es)
        Server
         Cloudstack
           Servers




                                                                        …
                                    CLUSTER 1
                                           Hypervisor 1

VM Traffic                           …
                                           Hypervisor 8
Control Plane Traffic

Storage Traffic                                   Storage 2
                                                Storage 1
Public Traffic
                                      …




                                     CLUSTER 4
                                           Hypervisor N

                                           Hypervisor N+1



                                                Storage k
L2 Features
• Choice of network isolation
     – Physical, VLAN, L3 (anti-spoof), Overlay[GRE]
     – Physical isolation through network labels [limited to # of nics or bonds]
• Multi-nic
     – Deploy instance in multiple networks
     – Control default route
• Access control
     – Shared networks, project networks
     – Dedicated VLANs offer MPLS integration
•   Anti-spoofing for L3-isolated networks
•   QoS [max rate]
•   Traffic monitoring
•   Broadcast & multicast suppression in L3-isolated networks
•   Hot-plug / detach of nics [upcoming]
L3 Features
•   IPAM [DHCP], Public IP address management
     –   VR acts as DHCP server
     –   Can request multiple public IPs per tenant
•   Gateway (default gateway)
     –   Redundant VR (using VRRP)
     –   Inter-subnet routing [upcoming]
     –   Static routing control [upcoming]
•   Remote Access VPN
     –   L2TP over IPSec using PSK
     –   Virtual Router only
•   Firewall based on source cidr
•   Static NAT [1:1]
     –   Including “Elastic IP” in Basic Zone
•   Source NAT
     –   Per-network, or interface NAT
•   Public Traffic usage
     –   Monitoring on the Virtual Router / External network device
     –   Integration with sFlow collectors
•   Site-to-Site VPN [upcoming]
     –   IPSec VPN based on VR
•   L3 ACLs [upcoming]
L4 Features
• Security groups for L3-isolation
  – “Basic Zone” in docs
  – Default AWS-style networking
  – Scales much better than VLANs
• Stateful firewall for TCP, UDP and ICMP
• Port forwarding *“Advanced Zone”+
  – Conserve public Ips
L7 features
• Loadbalancer
   – VR has HAProxy built in
   – External Loadbalancer support
        • Netscaler (MPX/SDX/VPX)
        • F5 BigIP
        • Can dedicate an LB appliance to an account or share it among tenants
   –   Loadbalancer supported with L3-isolation as well
   –   Stickiness support
   –   SSL support [future]
   –   Health Checks [future]
• User-data & meta-data
   – Fetched from virtual router
• Password change server
Physical Network
       Operations
                                               Users
       Admin and
       Cloud API

                    CloudStack
                    Mgmt Server
                    Cluster               Router
                       MySQL

                                          Load Balancer
                                                              Availability Zone
                                           L3 Core Switch

  Access
   Layer
Switches


                                                            Secondary
 Servers
           …             …           …    …        …        Storage



       Pod 1         Pod 2        Pod 3        Pod N
Layer 3 cloud networking



    Web                  DB                   Web
    VM                   VM                   VM
            Web                  DB
          Security             Security
           Group                Group
    Web                  Web                  DB
    VM                   VM                   VM

…                    …                    …

    Web                  Web
    VM                   VM
Guest Networks with L3 isolation
Public     Public IP                                           Guest   Guest
Internet   address                                             1 VM    address
           65.37.141.11                                          1     10.1.0.2
                                                10.1.0.1       Guest
           65.37.141.24              Pod 1 L2                          Guest
           65.37.141.36               Switch                   2 VM    address
           65.37.141.80                                          1     10.1.0.3
                                                               Guest   Guest
                                                               1 VM    address
                          L3 Core
                                     Pod 2 L2
                                      Switch
                                                10.1.8.1
                                                           …     2     10.1.0.4
                          Switch


                                                               Guest   Guest
                            Load                10.1.16.       2 VM    address
                                     Pod 3 L2
                          Balancer              1                2     10.1.16.12
                                      Switch
                                                               Guest
                                                                       Guest
                                                               2 VM
                                                                       address
                                                                 3
                                                                       10.1.16.21
                                      …                        Guest
                                                               1 VM
                                                                       Guest
                                                                       address
                                                                 3
                                                                       10.1.16.47
                                                               Guest
                                                                       Guest
                                                               1 VM
                                                                       address
                                                                 4
                                                                       10.1.16.85
Virtual Networks (L2 isolation)

                                          Core (L3) Network


                                     Pod K                Pod M                        Pod N

                      Access Switch(es)                                                        V
                                                                                        Hypervisor
                                                                                        V
                                                                     V
                                                              Hypervisor
                                                              R




                                                                               …
                              CLUSTER 1
                                     Hypervisor 1
                                     R
VM Traffic                     …
                                     Hypervisor 8
Public Traffic
                                …




                               CLUSTER 4
                                      V V
                                     Hypervisor N
                                                                           V   Tenant VM
                                     Hypervisor N+1
                                          V
                                                                           R   Tenant Virtual Router
Guest virtual layer-2 network
                                                Guest Virtual Network
                                                10.1.1.0/24
            Public  Public IP                                    Guest
                                        Gateway                           Guest
            Network address                                       1 VM
                                        address                           address
                    65.37.141.11                                    1
                                        10.1.1.1                          10.1.1.2
                    65.37.141.36
                                 Guest 1                         Guest    Guest
 Public                           Virtual                         1 VM    address
 Internet                         Router                            2     10.1.1.3
                               NAT
                                                                 Guest    Guest
                               DHCP
                                                                  1 VM    address
                               Load
                                                                    3     10.1.1.4
                               Balancing
                               VPN                               Guest    Guest
                                                                  1 VM    address
                                                                    4     10.1.1.5
                                               Guest Virtual Network
                    Public IP                  10.1.1.0/24
                    address             Gateway                   Guest   Guest
                    65.37.141.24        address                   2 VM    address
                    65.37.141.80        10.1.1.1                    1     10.1.1.2
                                 Guest 2                          Guest   Guest
                                  Virtual                         2 VM    address
                                  Router                            2     10.1.1.3
                               NAT
                                                                  Guest   Guest
                               DHCP
                                                                  2 VM    address
                               Load
                                                                    3     10.1.1.4
                               Balancing
                               VPN
Layer-2 Guest Virtual Network

  CS Virtual Router provides Network Services                          External Devices provide Network Services


                                  Guest Virtual Network 10.1.1.1/8                                    Guest Virtual Network 10.1.1.1/8
                                  VLAN 100                                                            VLAN 100

Public                                                                Public
Network/Intern                                                        Network/Intern
et                                                       Guest        et                                                    Guest
                                                                     Public IP                 Private IP      10.1.1.1
                                            10.1.1.1     VM 1                                  10.1.1.111                   VM 1
                            Gateway                                  65.37.141.11 Juniper
Public IP                                                            1                SRX
                            address
65.37.141.11       CS                                                               Firewall
                            10.1.1.1                     Guest                                                              Guest
                 Virtual
                                            10.1.1.3     VM 2                                                  10.1.1.3     VM 2
                 Router
                                                                      Public IP                Private IP
               DHCP, DNS                                              65.37.141.   NetScaler   10.1.1.112
               NAT                                       Guest        112            Load                                   Guest
               Load Balancing               10.1.1.4     VM 3                       Blancer                                 VM 3
                                                                                                               10.1.1.4
               VPN

                                                         Guest                                                              Guest
                                             10.1.1.5    VM 4                                                  10.1.1.5     VM 4

                                                                                                              CS
                                                                                                    DHCP, Virtual
                                                                                                          Router
                                                                                                    DNS
Other Topologies

No services [Static Ips]                                   Dedicated VLAN with DHCP and DNS
                                                           User can request specific IP[s] for NIC

                       Guest Virtual Network 10.1.1.0/24                              Guest Virtual Network 10.1.1.0/24
                       VLAN 100                                                       VLAN 100



                                              Guest                                                         Guest
                                              VM 1                                             10.1.1.1     VM 1
                                  10.1.1.1
                Gateway address
                10.1.1.1
                                              Guest                                                         Guest
                                  10.1.1.3    VM 2                         Gateway             10.1.1.3     VM 2
                                                                           address
                                                                           10.1.1.1
                                              Guest                                                         Guest
    Core switch                   10.1.1.4    VM 3                                                          VM 3
                                                                                               10.1.1.4


                                              Guest
                                                               Core switch                                  Guest
                                   10.1.1.5   VM 4                                             10.1.1.5     VM 4

                                                                                              CS
                                                                                  DHCP, Virtual
                                                                                          Router
                                                                                  DNS
                                                                                  User-data
Other topologies

MPLS                                                       Shared VLAN with DHCP and DNS


                       Guest Virtual Network 10.1.1.0/24                           Guest Virtual Network 10.1.1.0/24
                       VLAN 100                                                    VLAN 100



MPLS VLAN 100                                  Guest                                                     Guest
                                               VM 1                                         10.1.1.1     VM 1
                              10.1.1.100
                Gateway address
                10.1.1.1
                                               Guest                                                     Guest
                                    10.1.1.200 VM 2                     Gateway             10.1.1.3     VM 2
                                                                        address
                                                                        10.1.1.1
                                               Guest                                                     Guest
   Core switch              10.1.1.101         VM 3                                                      VM 3
                                                                                            10.1.1.4


                                               Guest
                                                              Core switch                                Guest
                                10.1.1.11      VM 4                                         10.1.1.5     VM 4
                                5
                               CS                                                          CS
                     DHCP, Virtual                                             DHCP, Virtual
                             Router                                                    Router
                     DNS                                                       DNS
                     User-data                                                 User-data
Multi-tier network

  Multi-tier network


                                                           Virtual Network                            Virtual Network
                          Virtual Network                  10.1.2.0/24                                10.1.3.0/24
                          10.1.1.0/24                      VLAN 1001                                  VLAN 141
Public                    VLAN 100
Network/Intern                                                                           App VM
                                                                             10.1.2.31      1       10.1.3.21
et                                                     Web VM
Public IP                  Private IP       10.1.1.1     1      10.1.2.21
65.37.141.11 Juniper       10.1.1.111
1               SRX                                                                      App VM
              Firewall                                                       10.1.2.24              10.1.3.45
                                                       Web VM                               2
                                            10.1.1.3     2      10.1.2.18
 Public IP                Private IP
 65.37.141.   Netscaler   10.1.1.112
 112            Load                                   Web VM
              Balancer                      10.1.1.4     3      10.1.2.38                                       10.1.3.24 DB VM 1



                                                       Web VM
                                            10.1.1.5     4      10.1.2.39

                                          CS                    DHCP,     CS                      DHCP,
                                        Virtual                         Virtual                   DNS        CS
                                DHCP,                           DNS,    Router                             Virtual
                                        Router
                                                                User-                             User-
                                DNS                                                                        Router
                                                                data                              data,
                                User-
                                                                                                  Source
                                data                                                                       Public IP
                                                                                                  -NAT,
                                                                                                           65.37.141.115
Bring-your-own Service
                                    Public VLAN(s)


                         VR

                                    Guest VLAN
Customer
installs static
route to point
to his routing                                  Your
vm                  VM    VM   VM              Routing
                                                 VM




                                              Monitoring VLAN
                                              (shared)
Bring-your-own Service[site-to-site-vpn]
                                           Public VLAN(s)


                                VR

                                           Guest VLAN
Customer
installs static
route
(manually/au                                           Your
tomated                    VM    VM   VM              Routing
config) to                                              VM
point to his
routing vm.
Routing VM
provides Site-                                       Shared Public VLAN
to-site VPN
(configured
directly on
routing VM,
not by
CloudStack)
Multi-tier unified [vision]
                                 Internet


                                                                         IPSec or SSL site-to-site VPN
                                                         CS
                                                  Virtual Router /                                            Customer
           Loadbalancer                                Other                                                  Premises

                                                                                          Monitoring VLAN


Virtual Router Services
                                                                       App VM
• IPAM                                                     10.1.2.31      1
• DNS                         10.1.1.1
                                         Web VM
                                           1
• LB [intra]
• S-2-S VPN                                                            App VM
                                                           10.1.2.24
• Static Routes                          Web VM                           2
• ACLs                       10.1.1.3      2
• NAT, PF
• FW [ingress & egress]
                                         Web VM
• BGP                         10.1.1.4     3                                              10.1.3.24 DB VM 1



                                         Web VM
                              10.1.1.5     4
                     Virtual Network               Virtual Network                  Virtual Network
                     10.1.1.0/24                   10.1.2.0/24                      10.1.3.0/24
                     VLAN 100                      VLAN 1001                        VLAN 141
Multi-tier unified with SDN[vision]
                                     Internet


                                                                           IPSec or SSL site-to-site VPN
                                                           CS
            Loadbalancer                            Virtual Router /                                            Customer
                                                         Other                                                  Premises
          Virtual Appliance
                                                                                            Monitoring VLAN


Virtual Router Services
                                                                         App VM
• IPAM                                                       10.1.2.31      1
• DNS                           10.1.1.1
                                           Web VM
                                             1
• LB [intra]
• S-2-S VPN                                                              App VM
                                                             10.1.2.24
• Static Routes                            Web VM                           2
• ACLs                         10.1.1.3      2
• NAT, PF
• FW [ingress & egress]
                                           Web VM
• BGP                           10.1.1.4     3                                              10.1.3.24 DB VM 1



                                           Web VM
                                10.1.1.5     4
                       Overlay                       Overlay                          Overlay
                       Network                       Network                          Network
                       10.1.1.0/24                   10.1.2.0/24                      10.1.3.0/24
Network Offerings
• Cloud provider defines the
  feature set for guest networks
• Toggle features or service levels
   –   Security groups on/off
   –   Load balancer on/off
   –   Load balancer software/hardware
   –   VPN, firewall, port forwarding
• User chooses network offering
  when creating network
• Enables upgrade between
  network offerings
• Default offerings built-in
   – For classic CloudStack networking
Service Offerings
Specify Resource Levels           Configure Properties                       Define Scope


              Compute                         Disk                       Network



     Name                            Name                       Name



 CPU Cores                Custom Disk Size               Network Rate



 CPU (MHz)                   Disk Size (GB)              Redundant VR



                               Storage Tag                    Firewall
Memory (MB)


                                                         Load balancer
   Host Tag



  Enable HA                          Public                     Public



   CPU Cap



     Public
CloudStack Network Service Providers
• A Network Service Provider is hardware or virtual
  appliance that makes a network service possible in
  CloudStack ; for example, a Citrix NetScaler
  appliance can be installed in the cloud to provide
  Load-Balancing services.
• Administrators can have multiple instances of the
  same service provider in a network; for example,
  more than one Citrix NetScaler or Juniper SRX
  device can be added to CloudStack
• CloudStack supports the following Network
  Providers:
    –   CloudStack Virtual Router (default)
    –   Citrix NetScaler SDX, VPX and MPX models
    –   Juniper SRX
    –   F5 BigIP
Adding an Additional Network Offerings




           Network    Network
           Offering   Offering Order
           Status     control
Network Service Providers Matrix
• Network offerings is basically a definition of what Network Services are
  available when this offering is used. The available Network Services are: VPN,
  DHCP, DNS, Firewall, Load Balancer, User Data, Source NAT, Static NAT, Port
  Forwarding and Security Groups*
Feature                  Virtual Router   Citrix       Juniper SRX   F5 BigIP
                                          NetScaler
Remote Access VPN             YES              N/A         N/A          N/A
Firewall                      YES              N/A          YES         N/A
Source NAT                    YES              N/A          YES         N/A
Static NAT                    YES              YES          YES         N/A
Load Balancing                YES              YES         N/A          YES
Port Forwarding               YES              N/A          YES         N/A
Elastic IP                    N/A              YES         N/A          N/A
Elastic LB                    N/A              YES         N/A          N/A
DHCP/DNS/User Data            YES              N/A         N/A          N/A
CloudStack User APIs [sample]
• Networks (L2)
  – createNetwork [requires network offering id],
  – deleteNetwork (A), listNetworks,
  – restartNetwork (A): restarts all devices (if allowed)
    supporting the network and re-applies
    configuration
  – updateNetwork: update network offering and
    restart network
Adding a Shared Guest Network
• Only Administrators can add a Shared Guest Network for an Advanced zone
Adding a Shared Guest Network


                           VLAN required!
Editing Guest Networks




When editing a guest network
users can change the network
offering. They can either upgrade
to a “premium” network offering
(for example offering that uses
hardware Load-balancer) or
downgrade to a “cheaper”
network.
Restarting and Cleaning Up a Guest Network

• Restarting the network will
  simply resend all the LB,
  Firewall and Port-Forwarding
  rules to the network provider
• Restarting the Network with
  “Clean up”:
 • restarting network elements - virtual
   routers, DHCP servers
 • If virtual router is used, it will be destroyed
   and recreated
 • Reapplying all public IPs to the network
   provider
 • Reapplying load-Balancing/Port-
   Forwarding/Firewall rules
Deleting a Guest Network

• An Isolated Guest Network can only be deleted if no VMs are
  using these network (e.g. Completely destroyed and expunged)
• Deleting a Network will Destroy the Virtual Router (if used) and
  will release the Public IPs back to the IP Pool
Extending CloudStack Networking
                                 2. prepare (Network, Nic, DeployDestination, VmInfo)
 1. prepare (part of start vm)


                     Network                           Network Element                           PluggableService
                     Manager



                                                       Needs to be added as of 5/2/2012                              Device Configuration
                                                                                                 MyDnsDeviceSer      Admin API (CRUD)
                                                            DnsService
                                                                                                     vice

                                                                         3. addDnsRecord(ip, fqdn)


Demonstrates one way to                                                                          MyDnsDeviceMa               MySQL
                                                          MyDnsElement
inform an external DNS                                                                               nager
server when an instance
starts.                                                                                                              AgentManag
                                                                            4.Enqueue AddDnsRecord                    er Queue
Classes shaded blue form a
plugin / service bundle to
integrate an external DNS                                                                        MyDnsDeviceRes
server. Clients of the                                                                               ource
instance can then use DNS
names to access the                                                                       5.API call to Dns Device
instance.
CloudStack Virtual Router (Virtual
                Router)
• The Virtual Router will be deployed once (when the first
  instance is deployed in a Zone) when a Shared Network is used
  providing DHCP and DNS services for the Zone’s Instances (IPs
  will be allocated from the Public IP Range entered in
  CloudStack)
• When Advanced is used the Router will be deployed Per-
  Account (and Per Unique Isolated Guest Network)
• Virtual Router can serve and isolate VMs even if deployed on a
  different Hypervisor
CloudStack Virtual Router
• The Virtual Router will have 3 NICs:
    –   Eth0 will be connected to the Isolated Guest Network (for Advanced VLAN). It will have the first IP in
        the CIDR (for example10.1.1.1) and it will be the DNS, DHCP and Gateway for the Instances in the
        Private Guest Network.
    –   Eth1 resides on local-link network (only for KVM and XenServer) or the Management Network (on
        VMware) and is used by CloudStack to configure the virtual router. On VMware it will use an IPs from
        the Management Network IP Range (e.g. Pod Private Range)
    –   Eth2 resides on the Public Network and assigned with a Public IP from the range entered in CloudStack
        (users can ‘Acquire New IPs’ if needed)
• In the default Isolated Mode - Source NAT is automatically configured on
  the virtual router to forward outbound traffic for all guest VMs and block all
  incoming traffic (users can manage incoming rules from UI)
Virtual Router Information (applies to
                 all Sys. VMs)
•   Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security
    APT repository. No extraneous accounts
•   32-bit for enhanced performance on Xen/VMWare
•   Only essential software packages are installed. Services such as, printing, ftp, telnet, X, kudzu,
    dns, sendmail are not installed.
•   SSHd only listens on the private/link-local interface. SSH port has been changed to a non-
    standard port. SSH logins only using keys (keys are generated at install time and are unique for
    every customer)
•   pvops kernel with Xen paravirt drivers + KVM virtio drivers + VMware tools for optimum
    performance on all hypervisors. Xen tools inclusion allows performance monitoring
•   Template is built from scratch and is not polluted with any old logs or history
•   Latest versions of haproxy, iptables, ipsec, apache from debian repository ensures improved
    security and speed
•   Latest version of jre from Oracle ensures improved security and speed

Contenu connexe

Tendances

What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19ShapeBlue
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski buildacloud
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackBackroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackShapeBlue
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
 
CloudStack vs OpenStack
CloudStack vs OpenStackCloudStack vs OpenStack
CloudStack vs OpenStackVictor Zhang
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneYoshikazu Nojima
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overviewsedukull
 
CloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVCloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVgavin_lee
 
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingBuilding Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingJoe Huang
 
Linux-HA with Pacemaker
Linux-HA with PacemakerLinux-HA with Pacemaker
Linux-HA with PacemakerKris Buytaert
 
Backup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVMBackup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVMShapeBlue
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVMPradeep Kumar
 
Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huangbuildacloud
 
VMware vSphere 6.0 - Troubleshooting Training - Day 4
VMware vSphere 6.0 - Troubleshooting Training - Day 4VMware vSphere 6.0 - Troubleshooting Training - Day 4
VMware vSphere 6.0 - Troubleshooting Training - Day 4Sanjeev Kumar
 

Tendances (20)

What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
 
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
Troubleshooting Strategies for CloudStack Installations by Kirk Kosinski
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackBackroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
 
CloudStack vs OpenStack
CloudStack vs OpenStackCloudStack vs OpenStack
CloudStack vs OpenStack
 
VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
 
CloudStack Overview
CloudStack OverviewCloudStack Overview
CloudStack Overview
 
CloudStack Best Practice in PPTV
CloudStack Best Practice in PPTVCloudStack Best Practice in PPTV
CloudStack Best Practice in PPTV
 
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack CascadingBuilding Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
Building Multi-Site and Multi-OpenStack Cloud with OpenStack Cascading
 
Linux-HA with Pacemaker
Linux-HA with PacemakerLinux-HA with Pacemaker
Linux-HA with Pacemaker
 
The kvm virtualization way
The kvm virtualization wayThe kvm virtualization way
The kvm virtualization way
 
Backup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVMBackup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVM
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
 
Virtualization Architecture & KVM
Virtualization Architecture & KVMVirtualization Architecture & KVM
Virtualization Architecture & KVM
 
Apache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex HuangApache CloudStack Architecture by Alex Huang
Apache CloudStack Architecture by Alex Huang
 
VMware vSphere 6.0 - Troubleshooting Training - Day 4
VMware vSphere 6.0 - Troubleshooting Training - Day 4VMware vSphere 6.0 - Troubleshooting Training - Day 4
VMware vSphere 6.0 - Troubleshooting Training - Day 4
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 

Similaire à CloudStack Networking

OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and AutomationAdam Johnson
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum openstackindia
 
Technical introduction to MidoNet
Technical introduction to MidoNetTechnical introduction to MidoNet
Technical introduction to MidoNetMidoNet
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantumMiguel Lavalle
 
3.5 SDN CloudStack Developer Day
3.5  SDN CloudStack Developer Day3.5  SDN CloudStack Developer Day
3.5 SDN CloudStack Developer DayKimihiko Kitase
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1tcloudcomputing-tw
 
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Damir Bersinic
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStackChiradeep Vittal
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingBrian Bullard
 
Architectures with Windows Azure
Architectures with Windows AzureArchitectures with Windows Azure
Architectures with Windows AzureDamir Dobric
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)hypervnu
 
Hyper-V 3.0 Overview
Hyper-V 3.0 OverviewHyper-V 3.0 Overview
Hyper-V 3.0 OverviewTudor Damian
 
Tudor Damian - Hyper-V 3.0 overview
Tudor Damian - Hyper-V 3.0 overviewTudor Damian - Hyper-V 3.0 overview
Tudor Damian - Hyper-V 3.0 overviewITCamp
 
21.10.09 Microsoft Event, Microsoft Presentation
21.10.09 Microsoft Event, Microsoft Presentation21.10.09 Microsoft Event, Microsoft Presentation
21.10.09 Microsoft Event, Microsoft Presentationdataplex systems limited
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first partlilliput12
 

Similaire à CloudStack Networking (20)

Xen and Apache cloudstack
Xen and Apache cloudstack  Xen and Apache cloudstack
Xen and Apache cloudstack
 
OpenStack Networking and Automation
OpenStack Networking and AutomationOpenStack Networking and Automation
OpenStack Networking and Automation
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum
 
Technical introduction to MidoNet
Technical introduction to MidoNetTechnical introduction to MidoNet
Technical introduction to MidoNet
 
Network virtualization with open stack quantum
Network virtualization with open stack quantumNetwork virtualization with open stack quantum
Network virtualization with open stack quantum
 
3.5 SDN CloudStack Developer Day
3.5  SDN CloudStack Developer Day3.5  SDN CloudStack Developer Day
3.5 SDN CloudStack Developer Day
 
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-12012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
2012 CloudStack Design Camp in Taiwan--- CloudStack Overview-1
 
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
 
Scalable networking in Apache CloudStack
Scalable networking in Apache CloudStackScalable networking in Apache CloudStack
Scalable networking in Apache CloudStack
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015Network and Service Virtualization tutorial at ONUG Spring 2015
Network and Service Virtualization tutorial at ONUG Spring 2015
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Architectures with Windows Azure
Architectures with Windows AzureArchitectures with Windows Azure
Architectures with Windows Azure
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)
 
Hyper-V 3.0 Overview
Hyper-V 3.0 OverviewHyper-V 3.0 Overview
Hyper-V 3.0 Overview
 
Tudor Damian - Hyper-V 3.0 overview
Tudor Damian - Hyper-V 3.0 overviewTudor Damian - Hyper-V 3.0 overview
Tudor Damian - Hyper-V 3.0 overview
 
21.10.09 Microsoft Event, Microsoft Presentation
21.10.09 Microsoft Event, Microsoft Presentation21.10.09 Microsoft Event, Microsoft Presentation
21.10.09 Microsoft Event, Microsoft Presentation
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
 
Network Management in System Center 2012 SP1 - VMM
Network Management in System Center 2012  SP1 - VMM Network Management in System Center 2012  SP1 - VMM
Network Management in System Center 2012 SP1 - VMM
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first part
 

Plus de CloudStack - Open Source Cloud Computing Project

Plus de CloudStack - Open Source Cloud Computing Project (20)

Apache CloudStack from API to UI
Apache CloudStack from API to UIApache CloudStack from API to UI
Apache CloudStack from API to UI
 
CloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community worksCloudStack Hyderabad Meetup: How the Apache community works
CloudStack Hyderabad Meetup: How the Apache community works
 
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS cloudsCloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
CloudStack Hyderabad Meetup: Migrating applications to IaaS clouds
 
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS cloudsCloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
CloudStack Hyderabad Meetup: Using CloudStack to build IaaS clouds
 
CloudStack technical overview
CloudStack technical overviewCloudStack technical overview
CloudStack technical overview
 
vBACD July 2012 - Apache Hadoop, Now and Beyond
vBACD July 2012 - Apache Hadoop, Now and BeyondvBACD July 2012 - Apache Hadoop, Now and Beyond
vBACD July 2012 - Apache Hadoop, Now and Beyond
 
vBACD July 2012 - Scaling Storage with Ceph
vBACD July 2012 - Scaling Storage with CephvBACD July 2012 - Scaling Storage with Ceph
vBACD July 2012 - Scaling Storage with Ceph
 
vBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
vBACD July 2012 - Deploying Private PaaS with ActiveState StackatovBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
vBACD July 2012 - Deploying Private PaaS with ActiveState Stackato
 
vBACD July 2012 - Xen Cloud Platform
vBACD July 2012 - Xen Cloud PlatformvBACD July 2012 - Xen Cloud Platform
vBACD July 2012 - Xen Cloud Platform
 
vBACD- July 2012 - Crash Course in Open Source Cloud Computing
vBACD- July 2012 - Crash Course in Open Source Cloud ComputingvBACD- July 2012 - Crash Course in Open Source Cloud Computing
vBACD- July 2012 - Crash Course in Open Source Cloud Computing
 
Virtualization in the cloud
Virtualization in the cloudVirtualization in the cloud
Virtualization in the cloud
 
Build a Cloud Day San Francisco - Ubuntu Cloud
Build a Cloud Day San Francisco - Ubuntu CloudBuild a Cloud Day San Francisco - Ubuntu Cloud
Build a Cloud Day San Francisco - Ubuntu Cloud
 
CloudStack Scalability
CloudStack ScalabilityCloudStack Scalability
CloudStack Scalability
 
Cloudstack UI Customization
Cloudstack UI CustomizationCloudstack UI Customization
Cloudstack UI Customization
 
Management server internals
Management server internalsManagement server internals
Management server internals
 
Introduction to CloudStack
Introduction to CloudStack Introduction to CloudStack
Introduction to CloudStack
 
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
vBACD - Introduction to Puppet, Configuration Management and IT Automation So...
 
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
vBACD - Distributed Petabyte-Scale Cloud Storage with GlusterFS - 2/28
 
vBACD - Crash Course in Open Source Cloud Computing - 2/28
vBACD - Crash Course in Open Source Cloud Computing - 2/28vBACD - Crash Course in Open Source Cloud Computing - 2/28
vBACD - Crash Course in Open Source Cloud Computing - 2/28
 
vBACD - Introduction to Opscode Chef - 2/29
vBACD - Introduction to Opscode Chef - 2/29vBACD - Introduction to Opscode Chef - 2/29
vBACD - Introduction to Opscode Chef - 2/29
 

Dernier

Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 

Dernier (20)

Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 

CloudStack Networking

  • 1. CloudStack Networking Chiradeep Vittal May 2 2012
  • 2. Outline • CloudStack Networking Features • CloudStack Networking Configuration • CloudStack Networking APIs • CloudStack Network Architecture • Virtual Router deep dive
  • 3. Feature overview • Orchestration of L2 – L7 network services – IPAM, DNS, Gateway, Firewall, NAT, LB, VPN, etc • Mix-and-match services and providers • Out-of-the-box integration with automated deployment of virtual routers – Highly available network services using CloudStack HA and VRRP • Orchestrate external providers such as hardware firewalls and load balancers – Devices can provide multiple services – Admin API to configure external devices – Plugin-based extensions for network behavior and admin API extensions • Multiple multi-tenancy [network isolation] options • Integrated traffic accounting • Access control • Software Defined Networking too
  • 4. Basic vs Advanced Networking • Segmentation based on feature set and ease-of- deployment • Both are feature-rich • Basic implements true AWS-style L3-isolation – Tenants do not get contiguous IP addresses or subnets – Network segmentation based on Security Groups – Tremendous scale (tens of thousands) • Advanced Zone offers full L3 subnets – VLANs are default implementation (4K limit) – More features (source NAT, PF, VPN)
  • 5. CloudStack Terminology • Guest network – The tenant network to which instances are attached • Storage network – The physical network which connects the hypervisor to primary storage • Management network – Control Plane traffic between CloudStack management server and hypervisor clusters • Public network – “Outside” the cloud *usually Internet+ – Shared public VLANs trunked down to all hypervisors • All traffic can be multiplexed on to the same underlying physical network using VLANs – Usually Management network is untagged – Storage network usually on separate nic (or bond) • Admin informs CloudStack how to map these network types to the underlying physical network – Configure traffic labels on the hypervisor – Configure traffic labels on Admin UI
  • 6. PHYSICAL NETWORK IN A ZONE Core (L3) Network Pod 1 Pod 2 Pod N Cloudstack Access Switch(es) Server Cloudstack Servers … CLUSTER 1 Hypervisor 1 VM Traffic … Hypervisor 8 Control Plane Traffic Storage Traffic Storage 2 Storage 1 Public Traffic … CLUSTER 4 Hypervisor N Hypervisor N+1 Storage k
  • 7. L2 Features • Choice of network isolation – Physical, VLAN, L3 (anti-spoof), Overlay[GRE] – Physical isolation through network labels [limited to # of nics or bonds] • Multi-nic – Deploy instance in multiple networks – Control default route • Access control – Shared networks, project networks – Dedicated VLANs offer MPLS integration • Anti-spoofing for L3-isolated networks • QoS [max rate] • Traffic monitoring • Broadcast & multicast suppression in L3-isolated networks • Hot-plug / detach of nics [upcoming]
  • 8. L3 Features • IPAM [DHCP], Public IP address management – VR acts as DHCP server – Can request multiple public IPs per tenant • Gateway (default gateway) – Redundant VR (using VRRP) – Inter-subnet routing [upcoming] – Static routing control [upcoming] • Remote Access VPN – L2TP over IPSec using PSK – Virtual Router only • Firewall based on source cidr • Static NAT [1:1] – Including “Elastic IP” in Basic Zone • Source NAT – Per-network, or interface NAT • Public Traffic usage – Monitoring on the Virtual Router / External network device – Integration with sFlow collectors • Site-to-Site VPN [upcoming] – IPSec VPN based on VR • L3 ACLs [upcoming]
  • 9. L4 Features • Security groups for L3-isolation – “Basic Zone” in docs – Default AWS-style networking – Scales much better than VLANs • Stateful firewall for TCP, UDP and ICMP • Port forwarding *“Advanced Zone”+ – Conserve public Ips
  • 10. L7 features • Loadbalancer – VR has HAProxy built in – External Loadbalancer support • Netscaler (MPX/SDX/VPX) • F5 BigIP • Can dedicate an LB appliance to an account or share it among tenants – Loadbalancer supported with L3-isolation as well – Stickiness support – SSL support [future] – Health Checks [future] • User-data & meta-data – Fetched from virtual router • Password change server
  • 11. Physical Network Operations Users Admin and Cloud API CloudStack Mgmt Server Cluster Router MySQL Load Balancer Availability Zone L3 Core Switch Access Layer Switches Secondary Servers … … … … … Storage Pod 1 Pod 2 Pod 3 Pod N
  • 12. Layer 3 cloud networking Web DB Web VM VM VM Web DB Security Security Group Group Web Web DB VM VM VM … … … Web Web VM VM
  • 13. Guest Networks with L3 isolation Public Public IP Guest Guest Internet address 1 VM address 65.37.141.11 1 10.1.0.2 10.1.0.1 Guest 65.37.141.24 Pod 1 L2 Guest 65.37.141.36 Switch 2 VM address 65.37.141.80 1 10.1.0.3 Guest Guest 1 VM address L3 Core Pod 2 L2 Switch 10.1.8.1 … 2 10.1.0.4 Switch Guest Guest Load 10.1.16. 2 VM address Pod 3 L2 Balancer 1 2 10.1.16.12 Switch Guest Guest 2 VM address 3 10.1.16.21 … Guest 1 VM Guest address 3 10.1.16.47 Guest Guest 1 VM address 4 10.1.16.85
  • 14. Virtual Networks (L2 isolation) Core (L3) Network Pod K Pod M Pod N Access Switch(es) V Hypervisor V V Hypervisor R … CLUSTER 1 Hypervisor 1 R VM Traffic … Hypervisor 8 Public Traffic … CLUSTER 4 V V Hypervisor N V Tenant VM Hypervisor N+1 V R Tenant Virtual Router
  • 15. Guest virtual layer-2 network Guest Virtual Network 10.1.1.0/24 Public Public IP Guest Gateway Guest Network address 1 VM address address 65.37.141.11 1 10.1.1.1 10.1.1.2 65.37.141.36 Guest 1 Guest Guest Public Virtual 1 VM address Internet Router 2 10.1.1.3 NAT Guest Guest DHCP 1 VM address Load 3 10.1.1.4 Balancing VPN Guest Guest 1 VM address 4 10.1.1.5 Guest Virtual Network Public IP 10.1.1.0/24 address Gateway Guest Guest 65.37.141.24 address 2 VM address 65.37.141.80 10.1.1.1 1 10.1.1.2 Guest 2 Guest Guest Virtual 2 VM address Router 2 10.1.1.3 NAT Guest Guest DHCP 2 VM address Load 3 10.1.1.4 Balancing VPN
  • 16. Layer-2 Guest Virtual Network CS Virtual Router provides Network Services External Devices provide Network Services Guest Virtual Network 10.1.1.1/8 Guest Virtual Network 10.1.1.1/8 VLAN 100 VLAN 100 Public Public Network/Intern Network/Intern et Guest et Guest Public IP Private IP 10.1.1.1 10.1.1.1 VM 1 10.1.1.111 VM 1 Gateway 65.37.141.11 Juniper Public IP 1 SRX address 65.37.141.11 CS Firewall 10.1.1.1 Guest Guest Virtual 10.1.1.3 VM 2 10.1.1.3 VM 2 Router Public IP Private IP DHCP, DNS 65.37.141. NetScaler 10.1.1.112 NAT Guest 112 Load Guest Load Balancing 10.1.1.4 VM 3 Blancer VM 3 10.1.1.4 VPN Guest Guest 10.1.1.5 VM 4 10.1.1.5 VM 4 CS DHCP, Virtual Router DNS
  • 17. Other Topologies No services [Static Ips] Dedicated VLAN with DHCP and DNS User can request specific IP[s] for NIC Guest Virtual Network 10.1.1.0/24 Guest Virtual Network 10.1.1.0/24 VLAN 100 VLAN 100 Guest Guest VM 1 10.1.1.1 VM 1 10.1.1.1 Gateway address 10.1.1.1 Guest Guest 10.1.1.3 VM 2 Gateway 10.1.1.3 VM 2 address 10.1.1.1 Guest Guest Core switch 10.1.1.4 VM 3 VM 3 10.1.1.4 Guest Core switch Guest 10.1.1.5 VM 4 10.1.1.5 VM 4 CS DHCP, Virtual Router DNS User-data
  • 18. Other topologies MPLS Shared VLAN with DHCP and DNS Guest Virtual Network 10.1.1.0/24 Guest Virtual Network 10.1.1.0/24 VLAN 100 VLAN 100 MPLS VLAN 100 Guest Guest VM 1 10.1.1.1 VM 1 10.1.1.100 Gateway address 10.1.1.1 Guest Guest 10.1.1.200 VM 2 Gateway 10.1.1.3 VM 2 address 10.1.1.1 Guest Guest Core switch 10.1.1.101 VM 3 VM 3 10.1.1.4 Guest Core switch Guest 10.1.1.11 VM 4 10.1.1.5 VM 4 5 CS CS DHCP, Virtual DHCP, Virtual Router Router DNS DNS User-data User-data
  • 19. Multi-tier network Multi-tier network Virtual Network Virtual Network Virtual Network 10.1.2.0/24 10.1.3.0/24 10.1.1.0/24 VLAN 1001 VLAN 141 Public VLAN 100 Network/Intern App VM 10.1.2.31 1 10.1.3.21 et Web VM Public IP Private IP 10.1.1.1 1 10.1.2.21 65.37.141.11 Juniper 10.1.1.111 1 SRX App VM Firewall 10.1.2.24 10.1.3.45 Web VM 2 10.1.1.3 2 10.1.2.18 Public IP Private IP 65.37.141. Netscaler 10.1.1.112 112 Load Web VM Balancer 10.1.1.4 3 10.1.2.38 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 10.1.2.39 CS DHCP, CS DHCP, Virtual Virtual DNS CS DHCP, DNS, Router Virtual Router User- User- DNS Router data data, User- Source data Public IP -NAT, 65.37.141.115
  • 20. Bring-your-own Service Public VLAN(s) VR Guest VLAN Customer installs static route to point to his routing Your vm VM VM VM Routing VM Monitoring VLAN (shared)
  • 21. Bring-your-own Service[site-to-site-vpn] Public VLAN(s) VR Guest VLAN Customer installs static route (manually/au Your tomated VM VM VM Routing config) to VM point to his routing vm. Routing VM provides Site- Shared Public VLAN to-site VPN (configured directly on routing VM, not by CloudStack)
  • 22. Multi-tier unified [vision] Internet IPSec or SSL site-to-site VPN CS Virtual Router / Customer Loadbalancer Other Premises Monitoring VLAN Virtual Router Services App VM • IPAM 10.1.2.31 1 • DNS 10.1.1.1 Web VM 1 • LB [intra] • S-2-S VPN App VM 10.1.2.24 • Static Routes Web VM 2 • ACLs 10.1.1.3 2 • NAT, PF • FW [ingress & egress] Web VM • BGP 10.1.1.4 3 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 Virtual Network Virtual Network Virtual Network 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 VLAN 100 VLAN 1001 VLAN 141
  • 23. Multi-tier unified with SDN[vision] Internet IPSec or SSL site-to-site VPN CS Loadbalancer Virtual Router / Customer Other Premises Virtual Appliance Monitoring VLAN Virtual Router Services App VM • IPAM 10.1.2.31 1 • DNS 10.1.1.1 Web VM 1 • LB [intra] • S-2-S VPN App VM 10.1.2.24 • Static Routes Web VM 2 • ACLs 10.1.1.3 2 • NAT, PF • FW [ingress & egress] Web VM • BGP 10.1.1.4 3 10.1.3.24 DB VM 1 Web VM 10.1.1.5 4 Overlay Overlay Overlay Network Network Network 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
  • 24. Network Offerings • Cloud provider defines the feature set for guest networks • Toggle features or service levels – Security groups on/off – Load balancer on/off – Load balancer software/hardware – VPN, firewall, port forwarding • User chooses network offering when creating network • Enables upgrade between network offerings • Default offerings built-in – For classic CloudStack networking
  • 25. Service Offerings Specify Resource Levels Configure Properties Define Scope Compute Disk Network Name Name Name CPU Cores Custom Disk Size Network Rate CPU (MHz) Disk Size (GB) Redundant VR Storage Tag Firewall Memory (MB) Load balancer Host Tag Enable HA Public Public CPU Cap Public
  • 26. CloudStack Network Service Providers • A Network Service Provider is hardware or virtual appliance that makes a network service possible in CloudStack ; for example, a Citrix NetScaler appliance can be installed in the cloud to provide Load-Balancing services. • Administrators can have multiple instances of the same service provider in a network; for example, more than one Citrix NetScaler or Juniper SRX device can be added to CloudStack • CloudStack supports the following Network Providers: – CloudStack Virtual Router (default) – Citrix NetScaler SDX, VPX and MPX models – Juniper SRX – F5 BigIP
  • 27. Adding an Additional Network Offerings Network Network Offering Offering Order Status control
  • 28. Network Service Providers Matrix • Network offerings is basically a definition of what Network Services are available when this offering is used. The available Network Services are: VPN, DHCP, DNS, Firewall, Load Balancer, User Data, Source NAT, Static NAT, Port Forwarding and Security Groups* Feature Virtual Router Citrix Juniper SRX F5 BigIP NetScaler Remote Access VPN YES N/A N/A N/A Firewall YES N/A YES N/A Source NAT YES N/A YES N/A Static NAT YES YES YES N/A Load Balancing YES YES N/A YES Port Forwarding YES N/A YES N/A Elastic IP N/A YES N/A N/A Elastic LB N/A YES N/A N/A DHCP/DNS/User Data YES N/A N/A N/A
  • 29. CloudStack User APIs [sample] • Networks (L2) – createNetwork [requires network offering id], – deleteNetwork (A), listNetworks, – restartNetwork (A): restarts all devices (if allowed) supporting the network and re-applies configuration – updateNetwork: update network offering and restart network
  • 30. Adding a Shared Guest Network • Only Administrators can add a Shared Guest Network for an Advanced zone
  • 31. Adding a Shared Guest Network VLAN required!
  • 32. Editing Guest Networks When editing a guest network users can change the network offering. They can either upgrade to a “premium” network offering (for example offering that uses hardware Load-balancer) or downgrade to a “cheaper” network.
  • 33. Restarting and Cleaning Up a Guest Network • Restarting the network will simply resend all the LB, Firewall and Port-Forwarding rules to the network provider • Restarting the Network with “Clean up”: • restarting network elements - virtual routers, DHCP servers • If virtual router is used, it will be destroyed and recreated • Reapplying all public IPs to the network provider • Reapplying load-Balancing/Port- Forwarding/Firewall rules
  • 34. Deleting a Guest Network • An Isolated Guest Network can only be deleted if no VMs are using these network (e.g. Completely destroyed and expunged) • Deleting a Network will Destroy the Virtual Router (if used) and will release the Public IPs back to the IP Pool
  • 35. Extending CloudStack Networking 2. prepare (Network, Nic, DeployDestination, VmInfo) 1. prepare (part of start vm) Network Network Element PluggableService Manager Needs to be added as of 5/2/2012 Device Configuration MyDnsDeviceSer Admin API (CRUD) DnsService vice 3. addDnsRecord(ip, fqdn) Demonstrates one way to MyDnsDeviceMa MySQL MyDnsElement inform an external DNS nager server when an instance starts. AgentManag 4.Enqueue AddDnsRecord er Queue Classes shaded blue form a plugin / service bundle to integrate an external DNS MyDnsDeviceRes server. Clients of the ource instance can then use DNS names to access the 5.API call to Dns Device instance.
  • 36. CloudStack Virtual Router (Virtual Router) • The Virtual Router will be deployed once (when the first instance is deployed in a Zone) when a Shared Network is used providing DHCP and DNS services for the Zone’s Instances (IPs will be allocated from the Public IP Range entered in CloudStack) • When Advanced is used the Router will be deployed Per- Account (and Per Unique Isolated Guest Network) • Virtual Router can serve and isolate VMs even if deployed on a different Hypervisor
  • 37. CloudStack Virtual Router • The Virtual Router will have 3 NICs: – Eth0 will be connected to the Isolated Guest Network (for Advanced VLAN). It will have the first IP in the CIDR (for example10.1.1.1) and it will be the DNS, DHCP and Gateway for the Instances in the Private Guest Network. – Eth1 resides on local-link network (only for KVM and XenServer) or the Management Network (on VMware) and is used by CloudStack to configure the virtual router. On VMware it will use an IPs from the Management Network IP Range (e.g. Pod Private Range) – Eth2 resides on the Public Network and assigned with a Public IP from the range entered in CloudStack (users can ‘Acquire New IPs’ if needed) • In the default Isolated Mode - Source NAT is automatically configured on the virtual router to forward outbound traffic for all guest VMs and block all incoming traffic (users can manage incoming rules from UI)
  • 38. Virtual Router Information (applies to all Sys. VMs) • Debian 6.0 ("Squeeze"), 2.6.32 kernel with the latest security patches from the Debian security APT repository. No extraneous accounts • 32-bit for enhanced performance on Xen/VMWare • Only essential software packages are installed. Services such as, printing, ftp, telnet, X, kudzu, dns, sendmail are not installed. • SSHd only listens on the private/link-local interface. SSH port has been changed to a non- standard port. SSH logins only using keys (keys are generated at install time and are unique for every customer) • pvops kernel with Xen paravirt drivers + KVM virtio drivers + VMware tools for optimum performance on all hypervisors. Xen tools inclusion allows performance monitoring • Template is built from scratch and is not polluted with any old logs or history • Latest versions of haproxy, iptables, ipsec, apache from debian repository ensures improved security and speed • Latest version of jre from Oracle ensures improved security and speed

Notes de l'éditeur

  1. Network OfferingsThe administrator starts off with deciding the network offerings they want to provide throughout their entire cloud offering. Network Offerings group together a set of network services such as firewall, dhcp, dns, etc.Network Offerings allow specific network service providers to be specified.Network Offerings can be tagged to specifically choose the underlying network.Network Offerings have the following states: Disabled, Enabled, Inactive.  All Network Offerings are created in the Disabled state.  Once a network offering has been configured to the correct stateCertain Network Offerings are for used by the system only.  This means end users cannot see them.Network Offerings can be updated to enable/disable services and providers.  Once that is done, it is up to the administrator to reprogram all of the networks that are based on that network offering.Network Offerings tags cannot be updated.  However, the tags on the physical networks can be updated and deleted.CloudStack is deployed with three default network offerings for the end users, virtual network offering and shared network offering without security group and a shared network offering with security group.
  2. * Security Groups “providers” are the hypervisors (only XenServer and KVM)
  3. NOTE: When selecting Project or Account Scope the Service Offering “Isolated Network without Source NAT” will be available.When selecting a Domain Scope, Administrators can decide if Network will be available for the domain only and its sub-domains.
  4. For latest information: http://docs.cloud.com/Knowledge_Base/Domain_Router_Security