Introduction to Open Software Networking Platform : Part 2

April 23, 2013 CS Hong

OpenStack CloudStack Open vSwitch

What is OpenStack
OpenStack: The Mission "To produce the ubiquitous Open Source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable."

History of OpenStack

OpenStack Founding Principles

Apache 2.0 license (OSI), open development process Open design process, 2x year public Design Summits Publicly available open source code repository Open community processes documented and transparent Commitment to drive and adopt open standards Modular design for deployment flexibility via APIs

Community with Broad Commercial Support

OpenStack Isn't Everything

Virtual Machines and Storage

Building an OpenStack Cloud Datacenter, Hardware, and Process

Business Prerequisites

Technical Prerequisites

10

Cloud Ready Datacenter Requirements

11

11

Bootstrapping the Host Machines

12

12

Building an OpenStack Cloud

Object Storage

13

13

Building an OpenStack Cloud

Object Storage

14

14

Data Must Be Stored Efficiently

15

15

Object Storage Summary

16

Object Storage Key Features

17

System Components
The Ring: Mapping of names to entities (accounts, containers, objects) on disk.
Stores data based on zones, devices, partitions, and replicas Weights can be used to balance the distribution of partitions Used by the Proxy Server for many background processes

Proxy Server: Request routing, exposes the public API Replication: Keep the system consistent, handle failures Updaters: Process failed or queued updates Auditors: Verify integrity of objects, containers, and accounts
18

18

System Components (Cont.)

Account Server: Handles listing of containers, stores as SQLite DB Container Server: Handles listing of objects, stores as SQLite DB Object Server: Blob storage server, metadata kept in xattrs, data in binary format
Recommended to run on XFS Object location based on hash of name & timestamp
19

19

Software Dependencies
Object Storage should work on most Linux platforms with the following software (main build target for Austin release is Ubuntu 10.04):
Python 2.6 rsync 3.0

And the following python libraries:

Eventlet 0.9.8 WebOb 0.9.8 Setuptools Simplejson Xattr Nose Sphinx
20

20

Evolution of Object Storage Architecture

21

Building an OpenStack Cloud Compute

OpenStack Compute Key Features

22

Open Stack Compute

23

Component Architecture Detail

AMQP: Advanced Message Queuing Protocol

24

System Components
API Server: Interface module for command and control requests
Designed to be modular to support multiple APIs In current release: OpenStack API, EC2 Compatibility Module Approved blueprint: Open Cloud Computing Interface (OCCI)

Message Queue: Broker to handle interactions between services

Currently based on RabbitMQ

Metadata Storage: ORM(object-relationa Layer using SQLAlchemy for datastore abstraction

In current release: MySQL In development: PostgreSQL

User Manager: Directory service to store user identities

In current release: OpenLDAP, FakeLDAP (with Radius)

Scheduler: Determines the placement of a new resource requested via the API
Modular architecture to allow for optimization Base schedulers included in Austin: Round-robin, Least busy
25

System Components (Cont.)

Compute Worker: Manage compute hosts through commands received on the Message Queue via the API
Base features: Run, Terminate, Reboot, Attach/Detach Volume, Get Console Output

Network Controller: Manage networking resources on compute hosts through commands received on the Message Queue via the API
Support for multiple network models Fixed (Static) IP addresses VLAN zones with NAT

Volume Worker: Interact with iSCSI Targets to manage volumes

Base features: Create, Delete, Establish

Image Store: Manage and deploy VM images to host machines

26

Hypervisor Independence
Cloud applications should be designed and packaged, abstracted from the hypervisor, deploy and test for best fit for your workload Manage application definition and workload, not the machine image
Configuration management Abstract virtual machine definition

27

Network Models
Private VMs on Project VLANs or Public VMs on flat networks

28

Network Details
Security Group: Named collection of network access rules
Access rules specify which incoming network traffic should be delivered to all VM instances in the group Users can modify rules for a group at any time
New rules are automatically enforced for all running instances and instances launched from then on

Cloudpipe: Per project VPN tunnel to connect users to the cloud

Certificate Authority: Used for Project VPNs and to decrypt bundled images Cloudpipe Image: Based on Linux with OpenVPN

29

Example of OpenStack

30

Example innovation: Simcloud

31

Apache CloudStack

IaaS

33

IaaS challenges
Not out of the box by itself Need a farm of hypervisors
Xen, KVM, VMware

Need storage
For image catalogue For volume/snapshot management

Need flexible network that can be configured on-demand

VLANS, no VLANS, existing net infra, SDN

34

IaaS is really:
A Data Center Orchestrator
Data storage Data movement Data processing

That can:
Handle failures Support large scale Be programmed

35

DevOps
Bring your developers closer to the operations Make your sys admins develop the apps Move to Software Defined Data Center, Automate everything
Dev: Java IDE Ops: Shell CLI

36

What the ASF did to CloudStack ?

ASF: Apache Software Foundation 37

A little bit about the internals

38

A Very Flexible IaaS Platform

Compute Hypervisor
XenServer VMware Oracle VM KVM Bare metal

Storage

Block & Object

Local Disk iSCSI
PrimaryStorage

Fiber Channel

NFS

Swift
SecondaryStorage

Network

Network & Network Services

Network Type Isolation Firewall Load balancer VPN

http://www.slideshare.net/cloudstack/cloudstackarchitecture
39

Architecture / Language
Java application Tomcat6, Axis2, Maven build + ant
Ant going away in 4.1

Moving towards a plugin architecture

40

Releases
Apache CloudStack 4.0 released in November, 2012 Time based releases
Rather slip features but guarantee release

Apache CloudStack 4.1 planned for March 22nd, 2013

41

CloudStack Cloud Architecture

CloudStack Management Server Zone 1 L3 core

Internet

Hypervisoristhebasicunitof scale. Clusterconsistsofoneore morehostsofsame hypervisor

Pod 1 Access Layer

Pod N

.
Cluster N

Secondary Storage

Allhostsinclusterhave accesstoshared(primary) storage Podisoneormoreclusters, usuallywithL2switches. AvailabilityZonehasoneor morepods,hasaccessto secondarystorage.

.
Cluster 1 Host 1 Host 2
Primary Storage

Oneormorezonesrepresent cloud
Platform Optimized Design (PODs) 42

Cloud Interactions
http://www.slideshare.net/cloudstack/cloudstackarchitecture
OVM Cluster
vcenter

Primary Storage

Monitori ng
End User UI Admin UI Domain Admin UI

CSAPI

Primary Storage vSphere Cluster

CSAdmin&

EnduserAPI

Clustered CloudStack CloudStack CloudStack Management Server

XS Cluster
XAPI

Primary Storage

JSON

Primary

KVM Cluster Storage

NetConf

JuniperSRX Clouduser {APIclient(Fog/etc)} NitroAPI JSON JSON Netscaler Console Console Proxy y VM Proxy y VM {Proxied}SSH Router VM Router VM Router VM Sec Sec. Sec Sec. Storage Storage VM VM NFS VNC

ec2API
Clouduser {ec2APIclient}

MySQ L
HTTPS

NFS Server NFS

Ajax Console

HTTP(TemplateDownload) HTTP(TemplateCopy) HTTP(Swift)

Clouduser

43

To get your feet wet

44

DevCloud
A Virtual box appliance packaged to provide a working CloudStack environment. Aimed at developers but has other use cases:
Xen PV hosts gives nested virtualization Local EC2/S3 Cloud on your laptop Networking experiments ?

45

Self-Contained

46

DevCloud: as Host RunCloudStack onlocalmachine UseDevCloud tosetuphosts

47

CloudMonkey
The CloudStack CLI, developed by Rohit Yadav ~600 lines of Python pip install cloudmonkey Lots of features:
Auto-completion Tabular output Help , scriptable, interactive shell

48

Info
Apache incubator project http://incubator.apache.org/cloudstack #cloudstack and #cloudstack-dev on irc.freenode.net @CloudStack on Twitter http://www.slideshare.net/cloudstack http://incubator.apache.org/cloudstack/mailinglists.html Collaboration Conference, Nov 30th -Dec 2nd
http://collab12.cloudstack.org/ http://www.youtube.com/diycloudcomputing

Welcoming contributions and feedback, Join the fun !

49

What is Open vSwitch

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag).

50

What is Virtualization
Multiple virtual machines on the same physical host
Lowest layer is the hypervisor, which provides the illusion Built by OS people Historically, simple bridge Physical Switch

51

Whats been missing?

Lacked visibility that network administrators expected
Lack of fine-grain control Brittle of in face of mobility

52

Virtualized Networking is Different

Greater context
MAC/IP addresses Host identifiers (UUID) Multicast membership Machine start/stop/move events

Mobility Strong isolation between tenants

53

Advanced Edge Switches

Tight integration with hypervisor Approaching feature -parity with hardware switches
Visibility ACLs Quality of Service

Centralized management Hardware off-loading Examples: Vmware vSwitch, Cisco Nexus 1000V, Open vSwitch
54

Packaging
Default networking stack for Xen Cloud Platform (XCP) Ships with Citrix XenServer and basis for their Distributed Virtual Switch (DVS) Distribution packaging
Debian Ubuntu SUSE Red Hat

Goal is to upstream kernel module

55

Visibility and Control

Visibility
NetFlow sFlow Mirroring (SPAN/RSPAN/ERSPAN)

Fine-grained ACL and QoS policies

L2-L4 matching Actions to forward, drop, modify, and queue HTB and HFSC queuing disciplines
- Hierarchical Fair Service Curve (HFSC) - Hierarchical token bucket (HTB)
56

sFlow with Open vSwitch

57

Forwarding
LACP Portbonding
Source-MAC load--balancing TCP load-balancing Active/backup

802.1ag CFM (Connectivity Fault Mgmt) Fast Ethernet-over-GRE tunneling

LACP: Link Aggregation Control Protocol

58

Main Components

59

Forwarding Components
ovs-vswitchd (Slow Path)
Forwarding logic (learning, mirroring, VLANs, and bonding) Remote configuration and visibility

openvswitch_mod.ko (Fast Path)

Packet lookup, modification, and forwarding Tunnel encapsulation/decapsulation

60

Centralized Control
One OpenFlow connection per datapath
Exports idealized view of swtichs datapath
Lookup based on L2L4 Full wildcarding and priorities Actions: forward, drop, modify, and queue Missed flows go to central controller

One management channel per system

Switch-level configuration Resources Counters
61

Distributed Virtual Switch

62

Citrix DVS Controller

63

Performance

64

References http://www.openstack.org/ http://www.slideshare.net/cloudstack

http://openvswitch.org Source repository: gitclonegit://openvswitch.org/openvswitch

65

65

Thank you !