SlideShare une entreprise Scribd logo

Openstack@ebay.pptx

Télécharger en tant que PPTX, PDF
OpenStack Foundation
OpenStack Foundation

true

1  sur  17
Prod Prod QA DEV PCI Secure DEV QA QA DEV Copyright eBay Inc. 2012 2
 Any Application Anywhere  Dedicated physical environments cause fragmentation  Soft Cabling  Datacenter reconfiguration is costly and cannot be automated  Shared Standardized Infrastructure  Simplifies automation and improves supply chain efficiency  Virtualize everything  White space between applications and infrastructure helps agility  Automate everything  Automation helps agility and efficiency Copyright eBay Inc. 2012 3
• Translation of physical environment properties into configurations • Assigned to projects (logical environments), drives scheduling and policies • For example, network selection Production DEV Obligations Restrictions Capabilities Obligations Restrictions Capabilities QA Approved Builds No Login Access Core DB access Certified OS versions Limited Prod Full root Access Prod OS version No Corp Access 24/7 Incident Mgt Limited QA Access Monitoring No QA Access Site traffic Access No site Traffic Filtered Internet External Obligations Restrictions Capabilities No Prod Access Private DB Certified OS Versions No Corp Access 24/7 Incident Mgt Monitoring No QA Access Site traffic Access Copyright eBay Inc. 2012 4
Core 4 spines (Nx10Gb) Spine N leaves (48x1Gb) Leaves 48 -> N “½ racks” M servers 2x1Gb Flat L3 (all switches are routers too) Line rate from any server to any server (oversubscription = 48/40) OSPF/ECMP to advertise routes Copyright eBay Inc. 2012 5
Dedicated Network VLAN Based VLAN trunk vlan 1 Prod QA vlan n Production QA - physical network build out + Physical isolation - Limited scale (n = 4096) + L2 isolation - Fragmentation + fool proof - Large fault domain (STP) + somewhat soft Cabling - coarse grained isolation Copyright eBay Inc. 2012 6
Security Groups or Virtual Firewall + no/minimal infrastructure requirement - Difficult to combine provider policies and user policies + good for user policies (ip tables) - Management of rules - Impact of group membership modification - Aggregation/summarization difficult/impossible Copyright eBay Inc. 2012 7
Virtual Networks using Software Defined Networks Overlay 1 Prod Other Networks QA Overlay n Cloud Fabric + L2 isolation + Can complement L3 isolation + compatible with large scale networks + large number of networks (n>4096) + can be fully automated - Tunnel overhead + firewall can be interposed between - L2 size limited by # of tunnels and their mgt virtual networks Copyright eBay Inc. 2012 8
Traditional SDN The The Network Network Network protocols Network protocols Routing/switching engine Routing/switching engine controls The Switch/Router controls Logic Logic API The Switch/Router Controller Copyright eBay Inc. 2012 9
Wizard Physical Switches OSPF/ECMP,… Traffic Engineering Virtual + Physical switches Ninja Overlay Networks Virtual Switches ARP + L2 protocols Nerdy Overlay Networks Copyright eBay Inc. 2012 10
 A logical environment defined as a class of service on top of shared infrastructure  Self Service VM for developers.  Access must be similar to their desktops (access to QA, Corp, …)  Should allow collaboration  Implemented as a set of L2 networks (/24) with in a given L3 (/20)  No private networks : all developers on same shared networks  No private IP space: traffic is routed within core, no need for floating Ips  Isolated from infrastructure  Overlay network using OpenVswitch / STT tunneling  Nicira NVP controllers integrated with Quantum (Essex)  Routed out through perimeter firewall Copyright eBay Inc. 2012 11
From 10.9.1.0/24 default->10.9.0.1 10.9.0.0/20 ->10.9.0.10 From 10.9.2.0/24 default->10.9.0.1 Standby Gateway Eth1/vlan 1 Dev Cloud : 10.9.0.0/20 Eth0/vlan 2 Corp 10.9.1.0/24 10.9.1.1 N gtw-xxxx trunk gtw-xxxx 10.9.0.10 10.9.0.1 Internet 10.9.2.0/24 N M 10.9.2.1 gtw-xxxx QA vswitch M Eth1/vlan 1 Eth0/vlan 2 vswitch Nicira default->10.9.2.1 Nicira Nicira Active Gateway Service Nicira Service controllers Nodes controllers Nodes vif K C Hypervisor S A Q N:Nova-network+dnsmasq K:Ubuntu + KVM vswitch C:Nova-compute A:Nova-api S:Nova-scheduler Q:Quantum M:Metadata Infrastructure/Internal Virtual network Infrastructure/External Copyright eBay Inc. 2012 12
Developer Admin Create network (project = admin, Create routes eBay Cloud Portal Cidr=10.9.x.0/24) Create instance 1 (COS,OS, size) Nova-manage Gateway 2 Get Free Networks eBay IaaS Create DNS Boot Instance Nova Network (A,PTR) (Image ID,Flavor, NIC) Create 4 3 gtw-xxxx DNS Nova API Quantum nova Management db Create Create Nova Scheduler port lswitch 13 Get IP Create port Nicira Controller Nova Compute Copyright eBay Inc. 2012
250 100 Instance 200 80 Requests 150 60 Success Failed 100 40 rate 50 20 0 0 Copyright eBay Inc. 2012 14
 Perimeter firewalls configured once, not  No capacity/policy based assignment of dependent on the instance networks – had to be implemented outside. creation/deletion/movement Moving it to nova scheduler.  Network are pre-created using nova-  One network flavor supported in Essex. manage, good for provider networks Cannot have, e.g., one gateway per network, with different behavior (dhcp)  Can be extended with other COS using same pattern  Scale out requires bigger links out of the gateway, or more gateways  Stability of both Nicira NVP and Openstack + Ubuntu + KVM  Upset the separation of concern  Looking forward to new features in Folsom – requirement: Netsec + Networking + Sys Quantum v2 Admins in same box = ‘interesting’ 15
 New classes of service  External : private networks + VIP and Floating IP on the Internet  Production : Bridged network  Scale out  80 today, going to a lot more  More gateways/10Gb  Folsom upgrade  L3 Routers  Load Balancers  Cleaner Openstack integration  Network Allocation  DNS configuration  AuthN/AuthZ 16
We are Hiring ! http://www.ebaycareers.com/ Copyright eBay Inc. 2012 17

Recommandé

Nic teaming and converged fabric
Nic teaming and converged fabricNic teaming and converged fabric
Nic teaming and converged fabric
hypervnu
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
scarisbrick
 
Experiences with High-Definition Video Conferencing
Experiences with High-Definition Video ConferencingExperiences with High-Definition Video Conferencing
Experiences with High-Definition Video Conferencing
Videoguy
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloud
Khazret Sapenov
 
SG Security Switch Brochure
SG Security Switch BrochureSG Security Switch Brochure
SG Security Switch Brochure
Shotaro Kaida
 
Windows Server 2012 Hyper-V Networking Evolved
Windows Server 2012 Hyper-V Networking Evolved Windows Server 2012 Hyper-V Networking Evolved
Windows Server 2012 Hyper-V Networking Evolved
Microsoft TechNet - Belgium and Luxembourg
 
QLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized EnvironmentsQLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized Environments
QLogic Corporation
 

Recommandé

Nic teaming and converged fabric
Nic teaming and converged fabricNic teaming and converged fabric
Nic teaming and converged fabric
hypervnu
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
The Network\'s IN the (virtualised) Server: Virtualized Io In Heterogeneous M...
scarisbrick
 
Experiences with High-Definition Video Conferencing
Experiences with High-Definition Video ConferencingExperiences with High-Definition Video Conferencing
Experiences with High-Definition Video Conferencing
Videoguy
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloud
Khazret Sapenov
 
SG Security Switch Brochure
SG Security Switch BrochureSG Security Switch Brochure
SG Security Switch Brochure
Shotaro Kaida
 
Windows Server 2012 Hyper-V Networking Evolved
Windows Server 2012 Hyper-V Networking Evolved Windows Server 2012 Hyper-V Networking Evolved
Windows Server 2012 Hyper-V Networking Evolved
Microsoft TechNet - Belgium and Luxembourg
 
QLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized EnvironmentsQLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized Environments
QLogic Corporation
 
Project by Koushik
Project by KoushikProject by Koushik
Project by Koushik
mrkoushikmondal
 
SSNS 2012 Detailed Services Presentation
SSNS 2012 Detailed Services PresentationSSNS 2012 Detailed Services Presentation
SSNS 2012 Detailed Services Presentation
campojo
 
Xensummit2009 Io Virtualization Performance
Xensummit2009 Io Virtualization PerformanceXensummit2009 Io Virtualization Performance
Xensummit2009 Io Virtualization Performance
The Linux Foundation
 
2011 04-dsi-javaee-in-the-cloud-andreadis
2011 04-dsi-javaee-in-the-cloud-andreadis2011 04-dsi-javaee-in-the-cloud-andreadis
2011 04-dsi-javaee-in-the-cloud-andreadis
dandre
 
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Softcorp
 
CISCO
CISCOCISCO
CISCO
srilasitha
 
Integration Platform For JMPS Using DDS
Integration Platform For JMPS Using DDSIntegration Platform For JMPS Using DDS
Integration Platform For JMPS Using DDS
Supreet Oberoi
 
Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...
Khazret Sapenov
 
Scalar Brocade Toronto Roadshow 2013
Scalar Brocade Toronto Roadshow 2013Scalar Brocade Toronto Roadshow 2013
Scalar Brocade Toronto Roadshow 2013
patmisasi
 
Roy omap validation_dvc_lub_092106
Roy omap validation_dvc_lub_092106Roy omap validation_dvc_lub_092106
Roy omap validation_dvc_lub_092106
Obsidian Software
 
Trill spb-comparison-extract
Trill spb-comparison-extractTrill spb-comparison-extract
Trill spb-comparison-extract
IssacYuan
 
Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012
Lai Yoong Seng
 
гибридная облачная модель на базе System center 2012 sp1
гибридная облачная модель на базе System center 2012 sp1гибридная облачная модель на базе System center 2012 sp1
гибридная облачная модель на базе System center 2012 sp1
Expolink
 
Cloud Connect
Cloud ConnectCloud Connect
Cloud Connect
ctrlsblog
 
Comp tia n+_session_08
Comp tia n+_session_08Comp tia n+_session_08
Comp tia n+_session_08
Niit Care
 
Comp tia n+_session_03
Comp tia n+_session_03Comp tia n+_session_03
Comp tia n+_session_03
Niit Care
 
Nevmug Green Pages Cisco Nexus January 2009
Nevmug Green Pages Cisco Nexus January 2009Nevmug Green Pages Cisco Nexus January 2009
Nevmug Green Pages Cisco Nexus January 2009
csharney
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
IPv6no
 
Openstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with QuantumOpenstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with Quantum
Jean-Christophe "JC" Martin
 
NFV SDN for carriers
NFV SDN for carriersNFV SDN for carriers
NFV SDN for carriers
Marie-Paule Odini
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network Design
Randy Bias
 
Nicira chef webinar-merged
Nicira chef webinar-mergedNicira chef webinar-merged
Nicira chef webinar-merged
Stathy Touloumis
 

Contenu connexe

Tendances

Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...
Khazret Sapenov
 
Roy omap validation_dvc_lub_092106
Roy omap validation_dvc_lub_092106Roy omap validation_dvc_lub_092106
Roy omap validation_dvc_lub_092106
Obsidian Software
 
Trill spb-comparison-extract
Trill spb-comparison-extractTrill spb-comparison-extract
Trill spb-comparison-extract
IssacYuan
 
Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012
Lai Yoong Seng
 
гибридная облачная модель на базе System center 2012 sp1
гибридная облачная модель на базе System center 2012 sp1гибридная облачная модель на базе System center 2012 sp1
гибридная облачная модель на базе System center 2012 sp1
Expolink
 
Cloud Connect
Cloud ConnectCloud Connect
Cloud Connect
ctrlsblog
 
Comp tia n+_session_08
Comp tia n+_session_08Comp tia n+_session_08
Comp tia n+_session_08
Niit Care
 
Comp tia n+_session_03
Comp tia n+_session_03Comp tia n+_session_03
Comp tia n+_session_03
Niit Care
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
IPv6no
 

Tendances (18)

Project by Koushik
Project by KoushikProject by Koushik
Project by Koushik
 
SSNS 2012 Detailed Services Presentation
SSNS 2012 Detailed Services PresentationSSNS 2012 Detailed Services Presentation
SSNS 2012 Detailed Services Presentation
 
Xensummit2009 Io Virtualization Performance
Xensummit2009 Io Virtualization PerformanceXensummit2009 Io Virtualization Performance
Xensummit2009 Io Virtualization Performance
 
2011 04-dsi-javaee-in-the-cloud-andreadis
2011 04-dsi-javaee-in-the-cloud-andreadis2011 04-dsi-javaee-in-the-cloud-andreadis
2011 04-dsi-javaee-in-the-cloud-andreadis
 
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...
 
CISCO
CISCOCISCO
CISCO
 
Integration Platform For JMPS Using DDS
Integration Platform For JMPS Using DDSIntegration Platform For JMPS Using DDS
Integration Platform For JMPS Using DDS
 
Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...
 
Scalar Brocade Toronto Roadshow 2013
Scalar Brocade Toronto Roadshow 2013Scalar Brocade Toronto Roadshow 2013
Scalar Brocade Toronto Roadshow 2013
 
Roy omap validation_dvc_lub_092106
Roy omap validation_dvc_lub_092106Roy omap validation_dvc_lub_092106
Roy omap validation_dvc_lub_092106
 
Trill spb-comparison-extract
Trill spb-comparison-extractTrill spb-comparison-extract
Trill spb-comparison-extract
 
Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012Network Virtualization in Windows Server 2012
Network Virtualization in Windows Server 2012
 
гибридная облачная модель на базе System center 2012 sp1
гибридная облачная модель на базе System center 2012 sp1гибридная облачная модель на базе System center 2012 sp1
гибридная облачная модель на базе System center 2012 sp1
 
Cloud Connect
Cloud ConnectCloud Connect
Cloud Connect
 
Comp tia n+_session_08
Comp tia n+_session_08Comp tia n+_session_08
Comp tia n+_session_08
 
Comp tia n+_session_03
Comp tia n+_session_03Comp tia n+_session_03
Comp tia n+_session_03
 
Nevmug Green Pages Cisco Nexus January 2009
Nevmug Green Pages Cisco Nexus January 2009Nevmug Green Pages Cisco Nexus January 2009
Nevmug Green Pages Cisco Nexus January 2009
 
Ole Ipv4onlifesupport
Ole Ipv4onlifesupport Ole Ipv4onlifesupport
Ole Ipv4onlifesupport
 

Similaire à Openstack@ebay.pptx

Openstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with QuantumOpenstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with Quantum
Jean-Christophe "JC" Martin
 
Nicira chef webinar-merged
Nicira chef webinar-mergedNicira chef webinar-merged
Nicira chef webinar-merged
Stathy Touloumis
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
responsedatacomms
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
responsedatacomms
 
Verification of Wireless SoCs: No Longer in the Dark Ages
Verification of Wireless SoCs: No Longer in the Dark AgesVerification of Wireless SoCs: No Longer in the Dark Ages
Verification of Wireless SoCs: No Longer in the Dark Ages
DVClub
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)
hypervnu
 

Similaire à Openstack@ebay.pptx (20)

Openstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with QuantumOpenstack@ebay: Practical SDN deployment with Quantum
Openstack@ebay: Practical SDN deployment with Quantum
 
NFV SDN for carriers
NFV SDN for carriersNFV SDN for carriers
NFV SDN for carriers
 
Networking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network DesignNetworking is NOT Free: Lessons in Network Design
Networking is NOT Free: Lessons in Network Design
 
Nicira chef webinar-merged
Nicira chef webinar-mergedNicira chef webinar-merged
Nicira chef webinar-merged
 
OpenStack and OpenFlow Demos
OpenStack and OpenFlow DemosOpenStack and OpenFlow Demos
OpenStack and OpenFlow Demos
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfv
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
 
Ixia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsetsIxia anue maximum roi from your existing toolsets
Ixia anue maximum roi from your existing toolsets
 
Runner sv q307
Runner sv q307Runner sv q307
Runner sv q307
 
Verification of Wireless SoCs: No Longer in the Dark Ages
Verification of Wireless SoCs: No Longer in the Dark AgesVerification of Wireless SoCs: No Longer in the Dark Ages
Verification of Wireless SoCs: No Longer in the Dark Ages
 
Solace Systems The Evolution of Messaging The Rise of the Appliance
Solace Systems The Evolution of Messaging The Rise of the ApplianceSolace Systems The Evolution of Messaging The Rise of the Appliance
Solace Systems The Evolution of Messaging The Rise of the Appliance
 
Extent 2013 Obninsk High Performance Messaging
Extent 2013 Obninsk High Performance MessagingExtent 2013 Obninsk High Performance Messaging
Extent 2013 Obninsk High Performance Messaging
 
Nagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - MerlinNagios Conference 2012 - Andreas Ericsson - Merlin
Nagios Conference 2012 - Andreas Ericsson - Merlin
 
An introduction to cloud stack networking
An introduction to cloud stack networkingAn introduction to cloud stack networking
An introduction to cloud stack networking
 
The SDN Opportunity
The SDN OpportunityThe SDN Opportunity
The SDN Opportunity
 
Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)Windows server 8 hyper v networking (aidan finn)
Windows server 8 hyper v networking (aidan finn)
 
Cloud Foundry Open Tour - London
Cloud Foundry Open Tour - LondonCloud Foundry Open Tour - London
Cloud Foundry Open Tour - London
 
SDN
SDNSDN
SDN
 
OpenFlow Beyond the Data Centre at IP Expo
OpenFlow Beyond the Data Centre at IP ExpoOpenFlow Beyond the Data Centre at IP Expo
OpenFlow Beyond the Data Centre at IP Expo
 
Integrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructureIntegrating OpenStack to Existing infrastructure
Integrating OpenStack to Existing infrastructure
 

Plus de OpenStack Foundation

Plus de OpenStack Foundation (20)

Sponsor Webinar - OpenStack Summit Vancouver 2018
Sponsor Webinar - OpenStack Summit Vancouver 2018Sponsor Webinar - OpenStack Summit Vancouver 2018
Sponsor Webinar - OpenStack Summit Vancouver 2018
 
OpenStack Summits 101: A Guide For Attendees
OpenStack Summits 101: A Guide For AttendeesOpenStack Summits 101: A Guide For Attendees
OpenStack Summits 101: A Guide For Attendees
 
OpenStack Marketing Plan - Community Presentation
OpenStack Marketing Plan - Community PresentationOpenStack Marketing Plan - Community Presentation
OpenStack Marketing Plan - Community Presentation
 
OpenStack 5th Birthday - User Group Parties
OpenStack 5th Birthday - User Group PartiesOpenStack 5th Birthday - User Group Parties
OpenStack 5th Birthday - User Group Parties
 
Liberty release: Preliminary marketing materials & messages
Liberty release: Preliminary marketing materials & messagesLiberty release: Preliminary marketing materials & messages
Liberty release: Preliminary marketing materials & messages
 
OpenStack Foundation 2H 2015 Marketing Plan
OpenStack Foundation 2H 2015 Marketing PlanOpenStack Foundation 2H 2015 Marketing Plan
OpenStack Foundation 2H 2015 Marketing Plan
 
OpenStack Summit Tokyo Sponsor Webinar
OpenStack Summit Tokyo Sponsor Webinar OpenStack Summit Tokyo Sponsor Webinar
OpenStack Summit Tokyo Sponsor Webinar
 
Cinder Updates - Liberty Edition
Cinder Updates - Liberty Edition Cinder Updates - Liberty Edition
Cinder Updates - Liberty Edition
 
Glance Updates - Liberty Edition
Glance Updates - Liberty EditionGlance Updates - Liberty Edition
Glance Updates - Liberty Edition
 
Heat Updates - Liberty Edition
Heat Updates - Liberty EditionHeat Updates - Liberty Edition
Heat Updates - Liberty Edition
 
Neutron Updates - Liberty Edition
Neutron Updates - Liberty Edition Neutron Updates - Liberty Edition
Neutron Updates - Liberty Edition
 
Nova Updates - Liberty Edition
Nova Updates - Liberty EditionNova Updates - Liberty Edition
Nova Updates - Liberty Edition
 
Sahara Updates - Liberty Edition
Sahara Updates - Liberty EditionSahara Updates - Liberty Edition
Sahara Updates - Liberty Edition
 
Searchlight Updates - Liberty Edition
Searchlight Updates - Liberty EditionSearchlight Updates - Liberty Edition
Searchlight Updates - Liberty Edition
 
Trove Updates - Liberty Edition
Trove Updates - Liberty EditionTrove Updates - Liberty Edition
Trove Updates - Liberty Edition
 
OpenStack: five years in
OpenStack: five years inOpenStack: five years in
OpenStack: five years in
 
Swift Updates - Liberty Edition
Swift Updates - Liberty EditionSwift Updates - Liberty Edition
Swift Updates - Liberty Edition
 
Congress Updates - Liberty Edition
Congress Updates - Liberty EditionCongress Updates - Liberty Edition
Congress Updates - Liberty Edition
 
Release Cycle Management Updates - Liberty Edition
Release Cycle Management Updates - Liberty EditionRelease Cycle Management Updates - Liberty Edition
Release Cycle Management Updates - Liberty Edition
 
OpenStack Day CEE 2015: Real-World Use Cases
OpenStack Day CEE 2015: Real-World Use CasesOpenStack Day CEE 2015: Real-World Use Cases
OpenStack Day CEE 2015: Real-World Use Cases
 

Openstack@ebay.pptx

  • 1.
  • 2. Prod Prod QA DEV PCI Secure DEV QA QA DEV Copyright eBay Inc. 2012 2
  • 3.  Any Application Anywhere  Dedicated physical environments cause fragmentation  Soft Cabling  Datacenter reconfiguration is costly and cannot be automated  Shared Standardized Infrastructure  Simplifies automation and improves supply chain efficiency  Virtualize everything  White space between applications and infrastructure helps agility  Automate everything  Automation helps agility and efficiency Copyright eBay Inc. 2012 3
  • 4. • Translation of physical environment properties into configurations • Assigned to projects (logical environments), drives scheduling and policies • For example, network selection Production DEV Obligations Restrictions Capabilities Obligations Restrictions Capabilities QA Approved Builds No Login Access Core DB access Certified OS versions Limited Prod Full root Access Prod OS version No Corp Access 24/7 Incident Mgt Limited QA Access Monitoring No QA Access Site traffic Access No site Traffic Filtered Internet External Obligations Restrictions Capabilities No Prod Access Private DB Certified OS Versions No Corp Access 24/7 Incident Mgt Monitoring No QA Access Site traffic Access Copyright eBay Inc. 2012 4
  • 5. Core 4 spines (Nx10Gb) Spine N leaves (48x1Gb) Leaves 48 -> N “½ racks” M servers 2x1Gb Flat L3 (all switches are routers too) Line rate from any server to any server (oversubscription = 48/40) OSPF/ECMP to advertise routes Copyright eBay Inc. 2012 5
  • 6. Dedicated Network VLAN Based VLAN trunk vlan 1 Prod QA vlan n Production QA - physical network build out + Physical isolation - Limited scale (n = 4096) + L2 isolation - Fragmentation + fool proof - Large fault domain (STP) + somewhat soft Cabling - coarse grained isolation Copyright eBay Inc. 2012 6
  • 7. Security Groups or Virtual Firewall + no/minimal infrastructure requirement - Difficult to combine provider policies and user policies + good for user policies (ip tables) - Management of rules - Impact of group membership modification - Aggregation/summarization difficult/impossible Copyright eBay Inc. 2012 7
  • 8. Virtual Networks using Software Defined Networks Overlay 1 Prod Other Networks QA Overlay n Cloud Fabric + L2 isolation + Can complement L3 isolation + compatible with large scale networks + large number of networks (n>4096) + can be fully automated - Tunnel overhead + firewall can be interposed between - L2 size limited by # of tunnels and their mgt virtual networks Copyright eBay Inc. 2012 8
  • 9. Traditional SDN The The Network Network Network protocols Network protocols Routing/switching engine Routing/switching engine controls The Switch/Router controls Logic Logic API The Switch/Router Controller Copyright eBay Inc. 2012 9
  • 10. Wizard Physical Switches OSPF/ECMP,… Traffic Engineering Virtual + Physical switches Ninja Overlay Networks Virtual Switches ARP + L2 protocols Nerdy Overlay Networks Copyright eBay Inc. 2012 10
  • 11.  A logical environment defined as a class of service on top of shared infrastructure  Self Service VM for developers.  Access must be similar to their desktops (access to QA, Corp, …)  Should allow collaboration  Implemented as a set of L2 networks (/24) with in a given L3 (/20)  No private networks : all developers on same shared networks  No private IP space: traffic is routed within core, no need for floating Ips  Isolated from infrastructure  Overlay network using OpenVswitch / STT tunneling  Nicira NVP controllers integrated with Quantum (Essex)  Routed out through perimeter firewall Copyright eBay Inc. 2012 11
  • 12. From 10.9.1.0/24 default->10.9.0.1 10.9.0.0/20 ->10.9.0.10 From 10.9.2.0/24 default->10.9.0.1 Standby Gateway Eth1/vlan 1 Dev Cloud : 10.9.0.0/20 Eth0/vlan 2 Corp 10.9.1.0/24 10.9.1.1 N gtw-xxxx trunk gtw-xxxx 10.9.0.10 10.9.0.1 Internet 10.9.2.0/24 N M 10.9.2.1 gtw-xxxx QA vswitch M Eth1/vlan 1 Eth0/vlan 2 vswitch Nicira default->10.9.2.1 Nicira Nicira Active Gateway Service Nicira Service controllers Nodes controllers Nodes vif K C Hypervisor S A Q N:Nova-network+dnsmasq K:Ubuntu + KVM vswitch C:Nova-compute A:Nova-api S:Nova-scheduler Q:Quantum M:Metadata Infrastructure/Internal Virtual network Infrastructure/External Copyright eBay Inc. 2012 12
  • 13. Developer Admin Create network (project = admin, Create routes eBay Cloud Portal Cidr=10.9.x.0/24) Create instance 1 (COS,OS, size) Nova-manage Gateway 2 Get Free Networks eBay IaaS Create DNS Boot Instance Nova Network (A,PTR) (Image ID,Flavor, NIC) Create 4 3 gtw-xxxx DNS Nova API Quantum nova Management db Create Create Nova Scheduler port lswitch 13 Get IP Create port Nicira Controller Nova Compute Copyright eBay Inc. 2012
  • 14. 250 100 Instance 200 80 Requests 150 60 Success Failed 100 40 rate 50 20 0 0 Copyright eBay Inc. 2012 14
  • 15.  Perimeter firewalls configured once, not  No capacity/policy based assignment of dependent on the instance networks – had to be implemented outside. creation/deletion/movement Moving it to nova scheduler.  Network are pre-created using nova-  One network flavor supported in Essex. manage, good for provider networks Cannot have, e.g., one gateway per network, with different behavior (dhcp)  Can be extended with other COS using same pattern  Scale out requires bigger links out of the gateway, or more gateways  Stability of both Nicira NVP and Openstack + Ubuntu + KVM  Upset the separation of concern  Looking forward to new features in Folsom – requirement: Netsec + Networking + Sys Quantum v2 Admins in same box = ‘interesting’ 15
  • 16.  New classes of service  External : private networks + VIP and Floating IP on the Internet  Production : Bridged network  Scale out  80 today, going to a lot more  More gateways/10Gb  Folsom upgrade  L3 Routers  Load Balancers  Cleaner Openstack integration  Network Allocation  DNS configuration  AuthN/AuthZ 16
  • 17. We are Hiring ! http://www.ebaycareers.com/ Copyright eBay Inc. 2012 17

Notes de l'éditeur

  1. Add a title to all presentations. A subtitle is optional.