발표제목: sddc reference architecture · 2015-07-17 ·...

2015(제8회) 한국 소프트웨어 아키텍트 대회

발표제목: SDDC Reference Architecture(w/ OpenStack & OpenDaylight)

제8회 2015 한국 소프트웨어 아키텍트 대회

2015. 07. 16

회사명 에스코어

발표자 김동현

About Me

프로필- (현) S-CORE 선행연구팀 ID Cell 장- (전) KT CLOUD OS 개발팀 매니져. - (전) 삼성전자 S-Cloud Service Platform / ChatOn Platform 개발 리더, Media-Hub Cloud Storage 부분 개발 리더. - (전) TmaxSoft R&D System Management Framework 팀장 /


- (전) TmaxSoft R&D System Management Framework 팀장 / JEUS Webservice 개발- (전) LG 전자 이동통신 연 / Erricsion-LG , RAN(Radio Access Network) system 개발.

[email protected]

Agenda

• Overview

• SDDC Reference Architecture (w/ OSS)

• SDN/NFV Reference Architecture


• SDN/NFV Reference Architecture

• Q&A...

• SDDC : Software Defined DataCenter• OSS : Open Source Software

Overview

• Virtualization / Cloud / SDDC• Data Center Provisioning (w/ Network) • Network Trends In DataCenter• Cloud & OpenStack

– Cloud Platform : OpenStack Overall Architecture (Basic)– CloudPlatform OpenStack 과 xAAS 관계.


– CloudPlatform OpenStack 과 xAAS 관계.– SDDC / SDN / NFV OpenSource 기술

Definition of SDDC

* Policy-based automation. (w/ WorkFlow)* Programmable infrastructure. (w/ API)* Unified view of physical and virtual resources.

+ Cloud Model Extension (deployment model)Private / Public / Hybrid /.

Platform

Application

Software Defined Data Center (SDDC)Separation (or abstraction) of the “control plane”

(configuration, topology awareness, management, operations) from the “data plane” (moving data, storing data). – Vmware

Overview


deployment model

Compute Network Storage

Abstraction

Physical H/W

Definition of Cloud Computing

• (인터넷을 이용하여) 사용자에게 다양한 IT 자원을 제공할 수 있는 컴퓨팅 형태

• 가상화 기술을 기반 (+ clustering)• 클라우드 컴퓨팅 서비스를 제공하기 위한 기반 기술로

서버, 스토리지, 네트 워크 등과 같은 컴퓨팅 자원을 통합 관리하면서 필요에 따라 자원을 할당함으로써 자원활용률을 높이고 운영 비용을 절감

• 서버, 스토리지, 네트워크, 애플리케이션 등 다PaaS(Platform As A Service) 의예

Overview


• 서버, 스토리지, 네트워크, 애플리케이션 등 다양한 범위의 IT 자원을 가상화하여 SaaS, PaaS, IaaS와 같은 서비스를 사용자의 요구에 따라제공

예: STaaS(storage as a service)

HA/DR 대비 포함.

Define• The orchestration of hypervisors, networking, block storage, and image, and identity services

to provide on demand virtual machines.

Characteristics• On-Demand Self-Service• Resource Pooling• Rapid Elasticity + Cloud Federation/Interaction

Cloud Computing Overview

PackagedS/W

Applications

Data

Runtime

Applications

Data

Runtime

Applications

Data

Runtime

Applications

Data

Runtime

Infrastructure(as a Service)

Platform(as a Service)

Software(as a Service)

Managed by vendor

Managed by User* IaaS, PaaS, SaaS

Overview


Middleware

O/S

Virtualization

Servers

Storage

Networking

Middleware

O/S

Virtualization

Servers

Storage

Networking

Middleware

O/S

Virtualization

Servers

Storage

Networking

Middleware

O/S

Virtualization

Servers

Storage

Networking

Before Cloud After Cloud

서버/네트워크/스토리지 할당 서비스 .. Hadoop As A Service …

편집 서비스추천 서비스개인화 스토리지 서비스..

Baremetal, Virtualization

Virtualization & CLOUD & SDDC

ApplicationIT Mgr Business

SDDC

영역

Virtualized Infra Cloud SDDC

Application ControlAutomated API Interaction- Application Level Control fo Resources- Infrastructure Monitoring can trigger actions

User ControlUser Tenants

GroupsBusiness Group Resource Allocation

Admin Control(Template-Based Policy Model)Admin Resource Allocation

Application

Overview


Application

Control

Infrastructure

Orchestration

Automation Monitoring

Cloud

영역Tenant

Compute Network Storage

Abstraction

H/W

Application

Platform

SDN 구성 레이어

(Data Plane)

(Control Plane)

Application Pattern & Consumption ModelsOverview


Data Center Software StackOverview


Cloud Platform : OpenStackOverall Architecture (Basic)

UI Manager

NETWORK RESOURCE

SWIFT

HORIZON

NEUTRON

Extended Features

OverviewCloud & OpenStack


HOSTINGRESOURCE

Image/Snapshot SERVICE

STORAGERESOURCE

Image/SnapshotSTORAGE

User Tenant

SWIFT

CINDER

KEYSTONE

NOVA

GLANCE

CloudPlatform OpenStack 과 xAAS 관계.

Applications

Data

Runtime

Middleware

O/S

Paa

SSa

aSApplication Deployment w/ Scale Out Architecture

Overview

Private Cloud 구축 w/ OpenStack

Cloud & OpenStack


NETWORK RESOURCE

SERVERRESOURCE

STORAGERESOURCE

O/S

Virtualization

Servers

Storage

Networking

NEUTRON

CINDERNOVA

IaaS

Cloud(&SDDC) ToBe

클라우드는 개발자중심, 하이브리드와 오픈, 서비스중개 으로 발전할 것으로 전망

1 2 3Developer Centric Brokering Service Multi/Hybrid Delivery

Overview


Public, Private Cloud와 LegacyIT의 하이브리드 환경에서 서비스 운영

오픈 아키택쳐를 통해 하이브리드 딜리버리 모델 실현

Container 기반으로 Delivery / 운영 환경 확장

VM제공만으로는 의미있는 개발 효율개선을 기대하기 어려움

개발자들에게 필요한 개발환경을 제공함으로써, 개발 그 자체에 보다 집중하도록 지원 필요

Legacy IT의 서비스 구축에서 서비스 제공으로 역할 변경

서비스 제공자는 비즈니스 지원을 위한최적 클라우드 서비스 중재

InterCloud.. / Cloud 표준..(TBD)

Application Deployment LifeCycle Multi Cloud & Bursting

Deployment w/ DevTools

Cloud Brokerage Service

Source : HP

Data Center Provisioning (w/ Network)

Virtual Connection

Server or VM ConfigurationIP Address / SubnetGatewayDNS ServersApplication TypeServer Name

Network Edge ConfigurationVLAN/QoS/ACL/Rate-Limit

Network Core ConfigurationLoad Balancer / Firewall / Router

Overview


Access Control In The Data Center

Network (Trends) In DataCenter Overview

* Towards A New Area In Networking


* Connectivity Service Chaining

Network Orchestration

NetworkingCompute

Network Virtualization

Storage Virtualization

Server Virtualization

Storage (FS)

Distrubured

Server API Network API Storage API

& C

ontr

ol

Virtu

aliz

atio

nA

PIs

Orchestration EngineWorkflow

Orchestrator

VNF Manager

Orchestation & Asset

Overview


Server Network Storage

DistruburedStorage

Clo

ud M

gt

& C

ontr

ol

Infr

astr

uct

ure

Virtu

aliz

atio

n

VNF

Orch + Cloud Ctl + VNF ManagerPolicy 수초내

- Net QoS- 서비스 스케일링- 다이나믹 컨낵션

Orchestration/Asset (수분내)- 서비스/Network 프로비저닝

SDDC / SDN / NFV OpenSource 기술

• SDDC : – Open Source 기반의 Cloud OS 기술

• Cloud OS : – Like OpenStack

• Container Cluster / PaaS Platform / PaaS Enabler

• SDN :

…



• SDN : – Open Source 기반의 SDN/NFV 를 포함한 Network OS 기술

• SDN 향 Network OS :– Like OpenDaylight / OPNFV, OSS SDN Controller & Solution

SDN / NFV (w/ DataCenter)Overview


NFVSDN

Data Path, Flow Control, Monitoring (TE).. Multi DataCenter, Network Function, ManagementService Chaining

OPNFV , OpenStack, OpenDaylightOverview

Cloud & OpenStack


SDN/NFV in (Cloud) SDDC

WAN HandlingRouteFlowOpenFlow

NFV- Firewall- LB- CDN- IDS/IPS …Overlay (Tunel mgt)

Service Chaining Service Insertion

Provisioning Target

NFVIaaS

NFVIaaS + Service Chain



STEP 1 : SDDC Platform 솔루션 : Infra Orchestration / Automation

SDN Controller

Network OS

DC

DC

DC

Service Node

NFV

NFVIaaS

IaaS(NaaS)

Orchestration

NFV

Reference Architecture

• (OSS 기반) SDDC Reference Architecture – DataCenter Architecture (w/ OSS)– SDDC 기술 요소– OSS 기반 DataCenter 구성– SDN/NFV in (Cloud) SDDC– > Building an Open, Adaptive & Responsive Data Center using

OpenDaylight


• SDN / NFV Reference Architecture– SDDC Reference Architecture (for Network)

• w/ OpenStack & OpenDaylight• VTN• OVS DB

– Use Case – OPNFV

* OSS : OpenSource Software

DataCenter Architecture (w/ OSS)

Resource VirtualizationSoftware DefinedFull Orchestration/Automation (Infra,Service)

Resource VirtualizationSoftware DefinedFull Orchestration/Automation (Infra,Service)

아키텍처아키텍처

Cloud Mgt (OpenStack.)Network Mgt (OpenDayLight.)VMM (KVM, Docker, BM.)vSwitch (OpenVirtualSwtich.)….

Cloud Mgt (OpenStack.)Network Mgt (OpenDayLight.)VMM (KVM, Docker, BM.)vSwitch (OpenVirtualSwtich.)….

오픈소스 S/W오픈소스 S/W

Commodity H/WOpen Compute…

Commodity H/WOpen Compute…

오픈 H/W오픈 H/W

Architecture : DataCenter & Service Architecture

Platform 화의 진행표준, OpenSource

Reference Architecture(OSS 기반) SDDC Reference Architecture


민첩성 : Deployment Platform = Orchestration + Automation (+ WorkFlow)for Network / Storage / Compute & SDx Resource.

관리성 : Management = Diagnostics & Management. & Standardization. 비용 : Comodity H/W + (Compute/Storage/Network) Resource Utilization

SDDC Platform + CloudOS, NetworkOS Extension

: SDDC Platform (Platform , Manager, Asset)Cloud OS Enhance + Network OS Enhance

1) SDDC Platform의 진행 Plan과 연계- WorkFlow, Diagnostics , HA/DR , NG Network/Infra Management.

2) Network OS : Network 개선 (SDN / NFV 기반)3) CloudOS : IDC & Cloud Handling

Open Source 기반의 Cloud OS 기술, SDN/NFV 를 포함한 Network OS 기술+ Platform Components

SDDC PlatformSDDC Platform

데이터센터 / Cloud 상의Software Define된 가상화레이어를 제공하고가상화된 리소스의 기존의Legacy 시스템과의 연계 관리Orchestration 지원 을 하는오픈소스 기반의 플랫폼.

Reference ArchitectureSDDC 기술 요소 (OSS 기반) SDDC Reference Architecture


SDDC PlatformSDDC Platform

Deployment Platform Deployment Platform

Data ProtectionServiceData ProtectionService

Diagnostics PlatformDiagnostics Platform

Workflow/ Orchestration : Software Defined Resource OrchestrationCloud 인프라 및 Application 배포, 라이프 사이클 제공Multi Cloud / Hybrid Cloud 를 위한 Resource Layer 제공

Workflow/ Orchestration : Software Defined Resource OrchestrationCloud 인프라 및 Application 배포, 라이프 사이클 제공Multi Cloud / Hybrid Cloud 를 위한 Resource Layer 제공

인프라 계층에서 발생하는 이벤트를 진단하여, 액션을 위한, 데이터 수집 및 모니터링 체계 및 Rule Engine 제공인프라 계층에서 발생하는 이벤트를 진단하여, 액션을 위한, 데이터 수집 및 모니터링 체계 및 Rule Engine 제공

Backup/Sync 기술 기반의 Infra Service 레이어별 HA/DR 서비스 제공Backup/Sync 기술 기반의 Infra Service 레이어별 HA/DR 서비스 제공

Resource Virtualization (Compute/Storage/Network), Tenant ManagementResource Virtualization (Compute/Storage/Network), Tenant Management

Network OS : SDN Network Controller + Legacy Net 연계 기술Network OS : SDN Network Controller + Legacy Net 연계 기술

Cloud OS Cloud OS

Network OS Network OS Pla

tform

Pla

tform

Core

Core

Platform AssetPlatform Asset

Management(Platform/common)Management(Platform/common)

System / Monitoring Management 제공HA/DR Management Deployment Management (Orchestration / Automation )

System / Monitoring Management 제공HA/DR Management Deployment Management (Orchestration / Automation )

DataCenter 구성 재현을 위한 Platform Asset.DataCenter 구성 재현을 위한 Platform Asset.Man

agem

ent

Man

agem

ent

SDDC Platform Landscape w/ OSSOSS 기반 DataCenter 구성



+ Amanda / Gluster / Swift

OSS 기반 DataCenter 구성 요소 기술 및 단계

유휴 Baremetal 서버의 클라우드 노드로의 구성(OpenStack Ironic / TrippleO / Tuskar) + OCP

CI/CD 프로세스 연계한 인프라 업그레이드 방안

OpenStack / OpenDaylight / Docker & Kubernetes / ….


OSS 기반 DataCenter 구성(OSS 기반) SDDC Reference Architecture


SDN/NFV를 접목한 클라우드 네트워크 등. (Tenant Network & Network Service w/ OpenDaylight)

SDN Application : HonnyPOD , Perimeter, …

CI/CD 프로세스 연계한 인프라 업그레이드 방안(OpenStack TrippleO / Rally)

클라우드에 PaaS Platform 적용 방안(Kubernetes + CoreOS on OverCloud)

Multi / Hybrid Cloud (OpenStack Nova / Heat Resource Handler Enhancement)

NFV IaaS w/ OpenStack

NFV Architecturing(NFV) Python ProjectAgentEngine

IpTablesKeepAlivedRouteManage

ManoOpenstack Driver

NFV Scheme Base

OpenStack w/ OpenDaylight


OSS 기반 DataCenter 구성(OSS 기반) SDDC Reference Architecture


NFV with Service Chaining

NFV with Openstack Network Nodes

OPNFV

NFV In OpenStack

SDN/NFV in (Cloud) SDDC

2

SD DataCenter 자동화 연계 프로세스 적용된 관제시스템

SDN NMS in SDDC OSS/BSS



SDDC Infra1

3

SDN OpenSource/Vendor solution 구성

소프트웨어 정의 데이터 센터의 buildup 기술

SDN /NFV ArchitecturingEnhancement

flow

DataCenter & Service Architecture Reference Architecture


Source : wuawei

SDN / NFV Reference Architecture

• OpenStack Network• SDN w/ OpenDaylight• OpenStack ML2

– OpenStack & OpenDaylight Plugin (Overlay/VTN)

• Reference Architecture– Overlay Network w/ Legacy.– Inter DC



– Inter DC• SDN + MPLS Scen• SDN WAN (PCEP, BGP-LS, BGP-FS, Segment Routing)• WAN Orchestate, WAE demo.

– vCPE NFV– w/ GPB(Group Policy)– LISP– w/ Monitoring ..

OpenStack Networking IssuesReference Architecture

OpenStack NetworkSDN / NFV Reference Architecture


w/ ODL

Extension

Neutron ArchitectureReference Architecture


Network Node

Controller Side

Queue


Compute Node

Network Devices Reference Architecture


제8회 2015 한국 소프트웨어 아키텍트 대회32

Neutron w/ SDN ArchitectureReference Architecture



NB

SB

Neutron w/ SDN ArchitectureOpenDaylight Integration

Reference ArchitectureSDN / NFV Reference Architecture


• OpenDaylight exposes a single common OpenStack Service Northbound• API exposed matches Neutron API Precisely• Different implementations plug in under it, in ODL, as Provides

• OpenDaylight OpenStack Neutron Plugin simply passes through• Simplifies OpenStack Plugin• Pushes complexity to OpenDaylight

Neutron w/ SDN ArchitectureOpenDaylight Integration



OpenStack ML2 : OpenDaylight PluginReference Architecture



OpenDaylight Status Reference Architecture

ControllerVTNOpenDoveAffinity Management ServiceLISP Mapping ServiceYang ToolsDefense4AllBGP-LS/PCEPOpenFlow ProtocolOpenFlow SB PluginOVSDBSNMP4SDNDLUXSIT



SIT

ContainerMulti-tenant를 제공해주는 개념네트윅 장비들은 Default Container 에 연결 되어 제공됨

Static RoutingStatic Routing 경로 추가 삭제 및 조회

Connection ManagerController 에 연결된 Node 관리

Controller NorthboundAPIBase Network Service Function API

TopologyController에서 관리하는 네트웍 디바이스의 topology 정보를 제공하는 API

Switch ManagerNodes, NodeConnector 및 해당 속성 정보 조회/생성/삭제

User Manager사용자 등록 및 삭제 기능

ODL Release ModelVirtualization Edition & Network Virtualization Model



Physical Network Control- Topology Detection- Isolation of Tenants- Traffic Control..

Network Modeling

• OpenDaylight Projects:– Controller– Yang Tools– GUI– Integration Testing– VTN– OpenDove– Affinity Management Servi

ce– LISP Mapping Service– Defense4All– BGP-LS/PCEP Plugin– OpenFlow SB Plugin– OVSDB Plugin– SNMP4SDN– OpenStack– OpenFlow Protocol


ODL Release ModelSDN / NFV Reference Architecture


OpenDaylight 1st Release : Hydrogen

Application

• Management GUI/CLI• VTN Coordinator• OpenStack Neutron• DDoS Protection

ServiceLayer

• DOVE Manager• Affinity Metadata Service• Traffic Redirection• LISP Service • VTN Manager




Controller BaseNetworkService

• Topology Manager• Stats Manager• Switch Manager• Host Tracker• Shortest Path Forwarding

ServiceAbstractionLayer

• Plugin Manager• Capability Abstractions• Flow Programming• Inventory

South Bound OpenFlow, OVSDB, Netconf, LISP, BGP, PCEP, SNMP

Builder Open Source (Java)

Physical Network Topology Infra-Architecture Defined

ODL Hydrogen PoCs

• vCPE PoC : Extending the L2 network overlay using in datacenter to the Operator’s Access network (Border Network Gateway BNG)

– Configuration of both DC network (using OpenStack neutron) and heterogeneous network elements (vSwitches, IP routers..) using OVSDB and OF interfaces.

– ODL is in charge of deploying all the VXLAN tunnels required and of managing the flow rules– > Some Contributions and bugs have been reported to ODL

• Self-Healing network PoC– Self-modeling based Diagnosis– Using ODL topology manager to automatically generate a model of the network topology– Drawbacks: it takes long time to retrieve the topology



• L2/L3 VPN PoC– Dynamic L2 and L3 VPN provisioning using L2 and L3 network elements and NETCONF interface

• Patches have been submitted to solve the NETCONF interop issues with commercial network element

• PCE based SDN WAN Controller PoC– Test BGP-LS for topology discovery and synchronization– Test PCEP for Tunnels discovery and enforcement– > Drawbacks : Adding our own Path Computation Algorithms seems very complex

OpenDaylight 2nd Release : Helium

Application

• DLUX• VTN Coordinator• OpenStack Neutron• SDNI Wrapper• DDoS Protection

ServiceLayer

• OpenStack Service

• GBP Service• SFC • AAA• LISP Service• L2Switch• SNBI Service• SDNI Aggregation

• VTN Manager• OVSDB Neutron• Plugin20C




Controller

BaseNetworkService

• Topology Manager• Stats Manager• Switch Manager• FRM • Host Tracker

ServiceAbstractionLayer

• Plugin Manager • Capability Abstractions• Flow Programming• Inventory

South Bound OpenFlow, OVSDB, Netconf, PCMM/COPS, SNBI, Plugin , LISP, BGP, PCEP, SNMP

Builder Open Source (Java)

Physical Network Topology Infra-Architecture Defined

Lithium Project Dependencies Reference Architecture



Block Architecture & ODL Reference ArchitectureSDN / NFV Reference Architecture


Source : IBM

OpenStack for NFV

• OpenStack : Management & Orchestration platform for– Virtualized Infrastructure (Neutron)– VNFs

• Create cloud-based, multi-tenant networks for NFV (XaaS)• Resource manager & Scheduler• Could become an open solution for service chaining• NaaS

– Silver of Network (connectivity) + resources (compute, storage) + apps



– Silver of Network (connectivity) + resources (compute, storage) + apps– VNOs (Virtual Network Operators)– Bandwidth-on-demand(to tenants, users)– New business models (auction/brokering, ephemeral clouds)

• Extend OpenStack to include monitoring & analytics tools for NFV

• Richness of APIs

SCENARIO

• USE CASE FOR DC• Overlay Network w/ Legacy.• LISP (Mobile Network)• DDoS Protection

• USE CASE FOR DC WAN– WAN SDN

Reference Architecturew/ ODL


• USE CASE FOR ENT NET – vCPE NFV

• Application Awared Architecture– w/ GPB(Group Policy)– w/ Monitoring

USE CASE FOR DATA CENTER

Why SDN Needed Benefits ODL

Network Virtualization –Multi Tenant Net

DC 브로드캐스트 도메인이나 숫자(4K)에 대한 VLAN의 한계를 극복하여데이터센터 내에서 동적으로 토폴로지를 생성

데이터 센터 자원 사용량의 20~30% 정도향상 할 수 있는 예상을 하며, 대형화 할수록 효과는 더 클 수 있다. 자동화 API를 사용하면 개별 네트워크의 생성 시간을 주(週) 단위 시간에서 분(分) 단위 시간까지단축 할 수 있다.

ODL- VTN- OPENDOVEIBM- SDN-VE

Network Virtualization –Stretched

Networks

DC 랙(Rack)간(間)이나 데이터 센터 간(間)에 VM의 이동이나 동적으로 자원을 다시 할당하는 경우 물리적 위치와 독립적으로 생성 가능한 관리

복잡한 코딩 없는 쉬운 애플리케이션으로작업이 가능한 VM들에 자원이 할당되어Disaster 센터 등의 복구 시간을 향상 한다. 정책에 따라 에너지를 절감하는 솔루션으로 응용이 가능하다.

ODL- LISP- VM Migration

(Ip Sustain + Data Path Tunneling)

MOBILITY

TENANT

HYBRID



Path Tunneling)

Service Insertion(Service

Chaining)

테넌트(Tenant)별 필요한 L4-7 서비스 연결을 동적으로 생성하여 필요한 서비스를 제공 하거나 DDoS공격의 경우 정책 기반으로 필요한 방화벽, IPS 그리고 DPI 기능등을 서비스체이닝으로 빠르게 제공

서비스 제공 시간은 주(週) 단위 시간에서분(分) 단위까지 단축 할 수 있어 낮은 비용으로 빠른 서비스 제공이나 새로운 매출의기회를 제공 할 수 있다. 그리고 새로운 공격에 대해 빠르게 대응 할 수 있다.

ODL- Defense4All

SECURITY

CHAINING

HYBRID

VTN(Virtual Tenant network) : Tenant OpenFlow 가상화 모델

Single Single vBridgevBridge Multi Controller with VTN CoordinatorMulti Controller with VTN Coordinator

VTN (Virtual Tenant Network) • Virtual network environment • Each VTN network is isolated with each other vBridge (Virtual Bridge) • Virtual L2 switch in VTN • Construct virtual broadcast domain by associating

the physical network with vBridge

(Multi-Tenancy 구성) w/ VTN Coordinator & VTN Manager

USE CASE FOR DATA CENTERNetwork Virtualization – Multi Tenant Net



Single Single vBridgevBridge Multi Controller with VTN CoordinatorMulti Controller with VTN Coordinator

ODMC : OpenDOVE Management ConsoleOVS-DS : OVS-based DOVE switchODCS : OpenDOVE Connectivity ServiceODGW : OpenDOVE GatewayODCS-CSP : CDS Client/Server ProtocolODCS-CP : DCS Cluster ProtocolDaylight Clustering : native clustering from Daylight controller platform

OpenDOVE: Tenant Overlay 가상화 모델

USE CASE FOR DATA CENTERReference Architecture

w/ ODL

Network Virtualization – Multi Tenant Net


L2/L3 연결과 access control 정책을 통해 통신을 제어할 수 있는 기능을 제공하여 각 tenant가 가상 네트워크 추상화될 수 있도록 해준다. Virtual Network와 Gateway 설정에 따른 VM간 traffic을 테스트 한다.

DOVE GatewayDOVE Gateway

DOVEEncap / Decap

DOVEEncap / Decap

ExternalConnection

ExternalConnection

VLANConnection

VLANConnection

DOVE Overlay NetworkDOVE Overlay Network

DOVE Overlay NetworkDOVE Overlay Network

VMVM VMVM VMVM

VMVM VMVM VMVM

10.1.1.5 10.1.1.7 10.1.1.8

10.1.2.6 10.1.2.3 10.1.2.8

VMVM VMVM

10.1.2.6 10.1.2.3

VLAN Segment

129.42.56.158(ibm.com)

74.125.227.96(google.com)

Extenal / PhysicalNetwork

Overlay Network w/ Legacy.

• ODL Architecture w/ OVS DB– 서버팜 내부 Overlay SDN (with VxLAN)


w/ ODL

§ VxLAN/NVGRE 등을 사용하여 터널링 기술을 통한 네트워크 가상화 방법§ 단일 도메인 내부의 네트워크 경로 가상화

Cloud Controller

SDN Controller

Compute 1 Compute 2

Network Virtualization – Multi Tenant Net


Network Domain

VxLAN

VM1 VM2

LANTORSwitch

TORSwitch

VxLAN

VM3 VM4

OVS OVS

Security

• Defense4All : Detecting and mitigating DDoS attacks


w/ ODL


Detecting and mitigating DDoS attacks

1. Protected traffic 경로 확인.2. Attacked traffic으로 판명된 traffic 경로 AMS(Attack Mitigration Services) 로 수정

• Defense4All position

Network application,Orchestartion, and servicesNetwork application,Orchestartion, and services

ODL API (REST)ODL API (REST)

User InterfaceUser InterfaceNetwork applications, orchestration, and services

Defense4All APIDefense4All API

AnormalyDetectorAnormalyDetector

Mitigation Mgr

Mitigation Mgr

StatisticsService APIStatistics

Service APITrafficRedirection Service APITrafficRedirection Service API

Defense4All

Security USE CASE FOR DATA CENTERReference Architecture

w/ ODL


Service Abstraction Layer(SAL)Service Abstraction Layer(SAL)

Network Service Functions

Network Service Functions

Platform ServicesPlatform Services

Data plane elements(virtual switches, physical device interfaces)

OpenFlowOpenFlow

Controllerplatform

Southbound interfaces & protocols

Other standard protocols(ONF, IETF,…)

Other standard protocols(ONF, IETF,…)

vendor-specificinterfaces

vendor-specificinterfaces

StatisticsService

StatisticsService

TrafficRedirection Service


Mitigation Device(s)

Defense4All APIDefense4All API

Defense4All

Anomaly Detector• Builds peace time (normal) traffic baselines• Identifies deviations from normal traffic baselines• Pluggable system to support:

• Multiple vendors• Different detection techniques• Extensiblity (detect new attacks)• etc

Mitigation Manager• Configuring the network such that the

suspicious traffic (and only the suspicious traffic) is diverted to scrubbing center

• After attacks, restores the network to original configuration

• Configures external mitigation device(s)• e.g. pass to device baselines to

expedite detection• Monitoring of extenal mitigation devic

e(s)e.g. attack ended

Security USE CASE FOR DATA CENTERReference Architecture

w/ ODL


Anormaly DetectorAnormaly Detector Mitigation MgrMitigation Mgr

StatisticsService APIStatistics

Service APITrafficRedirection S

ervice APITrafficRedirection S

ervice API

StatisticsService

StatisticsService



Statistics Service• addCounter(selector)• readCounter()• removeCounter()• resetCounter()

DetectorPlugin

DetectorPlugin

MitigatorDriver

MitigatorDriver

Mitigation Device(s)

e(s)• e.g. attack ended

Vendor independent• Interested vendors/service providers ca

n connect to the system by written a Mitigator Driver (think device driver in OS)

Network Virtualization – Stretched NET

: (동작중인) VM을 이전시. 실제 수행시에는 Network Issue

– 세션 유지– VM의 MAC/IP 주소가 변경되지

않아야 함• QoS 설정, ACL, 방화벽 정책,

보안 정책의 변경/이전• VM 자체나 vSwitch 내의 실시

간 동작 정보 유지• MAC 테이블, ARP 테이블, 멀

티케스트의 멤버쉽 테이블등의 업데이트

Use Case : VM Migration Net via SDN Controller + LISP (IP sustaining)

HypervisorHypervisor

Network/Network/

Data Center Data Center

HypervisorHypervisor

VM1

VM1

VM2VM2VM1

VM1

VM2VM2

Service Manager

Service Manager

SDN Controller

SDN Controller

Ip sustaining w/ LISP


w/ ODL


의 업데이트Network/Router/Switch

es

Network/Router/Switch

esTunnelTunnelNetwork/

Router/SwitchesNetwork/

Router/Switches

Data Plane :

Encapsulation protocol to build a Multitenant Overlay

MAC in IP / IP in IP

Control Plane :

Mapping of Overlay address Space to underlying physical Network including policy routing

Any Physical Network :

- LAN, WAN, Hybrid

Network Virtualization – Stretched NET

• Locator/ID Separation Protocol - policy

Data Plane :

Multitenant Overlay

Control Plane :

Mapping (+policy) of overlay to underlaying network

policy :

- Multihoming


w/ ODL


Data Plane :

Multitenant Overlay

Control Plane :

Mapping (+policy) of overlay to underlaying network

policy :

- Traffic Engineering

- Service Chaining

- Multihoming

- Load Balancing

- Disaster Recovery

USE CASE FOR WAN

Why SDN Needed Benefits ODL

Dynamic WAN reroute

Service Provider/Enterprise Edge

인증 받은 프로그램으로 접속이 가능한접속 위치에서 API를 사용하여 플로우수준의 바이패스로 레거시 네트워크를연동 (신뢰하는 데이터는 서비스를 위한기기들의 바이패스 경로 구성)

신뢰하는 트래픽에 대해 고가의 10Gbps 또는100Gbps L4-7 방화벽, 로드밸런서, IPS/IDS 등의 불필요한 프로세싱을 하지 않아 투자를 절약한다.

Dynamic WAN interconnects

Service Provider

비용 효율적인 고성능의 스위치를 사용하는 기업들 간이나 서비스 사업자들 간

연결을 자동화 하여 스스로 동적으로 즉시 생성연결 하는 기능은 운영 비용을 절약.

WAN



interconnects Provider 하는 기업들 간이나 서비스 사업자들 간에 동적인 WAN 접속을 생성

연결 하는 기능은 운영 비용을 절약.

Bandwidth on Demand

Service Provider

프로그램 제어가 가능하여 필요시 요청한 추가의 대역폭을 제공 할 수 있는 기능 (e.g. DR, backups)

가입자에 의한 셀프서비스가 가능하여 운영 비용을 절약 할 뿐만 아니라 비즈니스의 신속성(Agility)을 이용한 새로운 서비스 제공 가능 (향후 Big Data 서비스 등에 활용)

NetApp- Automated QoS : VLAN-Based QoSModel for VoIP ODL - PCMM

WAN

WAN

Inter DC SDN

• Inter DC– SDN + MPLS Scen– SDN WAN (PCEP, BGP-LS, BGP-FS, Segment Routing)– WAN Orchestrate, WAE demo.

USE CASE FOR WAN SDNReference Architecture

w/ ODL


Google SDN Architecture (WAN SDN)

Dynamic WAN reroute (w/ TE)

q WAN (w/ Path & Topology Mgt)

Application

Control Plane

SDN Controller

Application

PathDB

TopologyDB

Orchestration

Policy

SDN Ctr

Orchestation & Asset

Service-chaining across physical and virtual network elements (for WAN Control : DCI Handle)


w/ ODL


DEMO : SDN + MPLS OpenDaylight REST CONF a PCEP/BGP-LS

• PCE (Path Computation Elelement) : PATH 수정• BGP-LS (Link State) : TOPOLOGY 상태 갱신• RESTCONF a YANG

Plane

Data Plane

MPLS Net

PCEP BPG-LS

SDN-initiatedExplicit Path

* DCI : Data Center Interconnection

Dynamic WAN reroute (w/ TE)

ANALYZE OPTIMIZE VIRTUALIZE

Routing CSPF Algorithms PCEP Netconf/YANG

Topology Discovery Path Computation Path Installation

Netconf/YANG (may include : BGP, DMI, OpenFlow, I2RS)

PCEP installs TE LSPIGP(ISIS/OSPF) & BGP-LS(One session per head node)


w/ ODL


PCEP installs TE LSP(One session per head node)

(One session per head node)

Why SDN Needed Benefits

Dynamic WAN reroute

Service Provider/Enterprise Edge

인증 받은 프로그램으로 접속이 가능한접속 위치에서 API를 사용하여 플로우수준의 바이패스로 레거시 네트워크를연동 (신뢰하는 데이터는 서비스를 위한 기기들의 바이패스 경로 구성)

신뢰하는 트래픽에 대해 고가의 10Gbps 또는100Gbps L4-7 방화벽, 로드밸런서, IPS/IDS 등의불필요한 프로세싱을 하지 않아 투자를 절약 한다.

1. BGP-LS를 통한 세션 정보 얻음2. Topology 찾고 Path 계산3. 경로 수정

BGP & BGP-TEEx) MPLS Net & MPLS-TE

WAN Interconnects

• SDN & ROUTING DOMAIN INTEGRATION- DC 구간의 SDN 과 WAN 구간의 Edge Rouging Handing

Routing- Interworking w/ VPN- Proven Scalability- Flexible transport

: L2/L3, P2P, MP2MP

OpenFlow- Optimized for fast protection- Scale by distribution

OSS/Service Orchestration

DC Orche

DC Orche

SDN Controller

SDNController

BGP/VPN


w/ ODL


Why SDN Needed BenefitsDynamic WAN interconnects

Service Provider

비용 효율적인 고성능의 스위치를 사용하는 기업들 간이나 서비스 사업자들 간에 동적인 WAN 접속을 생성

기업들 간의 연결을 자동화 하여 스스로 동적으로즉시 생성 연결 하는 기능은 운영 비용을 절약한다.

- Optimized for fast protection- Scale by distribution- Continue to build extension

LDP/RSVPOptional w/ IP PWE

Virtual PE (HW/SW GW) Virtual PE (SW Overlay)

Forwarding

DC Fabric

EDGE

EDGEMPLSMPLS DC Fabric

Forwarding

앞선 Rerouting Scen 과의 관계Interconnection 구간(DCI) 에 대한Dynamic Rerouting

* DCI : Data Center Interconnect

Dynamic WAN Interconnection

L3 Gateway

L2 Gateway


w/ ODL


• DCI를 위한 방법들 : – Inter DC : V(x)LAN DOVE/ OTV(LISP)/ MPLS/…– Intra DC : V(x)LAN, VPLS, EVPN, GRE …

• L3 Gateway Capability– Intra-Data Center VxLAN Routing– Inter-Data Center VxLAN Routing– L3 Multicast routing for VXLAN

q L2 Gateway Capability- Physical Data Center Connectivity

- Hybrid Cloud

- VM Motion over Distance

* (Dynamic)WAN Interconnection - Used Streched Network Backend

Bandwidth on Demand

• Bandwidth On Demand in SDN

w/ Policy Based ModelAutomated QoS Network Service Application Overview


w/ ODL


QOS CASE- 가입자 단에 QoS (split bandwidth) + vEdge. 서비스. - 백본단에 QoS (reroute)

Bandwidth on Demand

q VLAN-Based QoS Model for VoIP


w/ ODL


Why SDN Needed Benefits

Bandwidth on Demand

프로그램 제어가 가능하여 필요시 요청한추가의 대역폭을 제공 할 수 있는 기능(e.g. DR, backups)

가입자에 의한 셀프서비스가 가능하여 운영 비용을 절약 할 뿐만 아니라 비즈니스의 신속성(Agility)을 이용한 새로운 서비스 제공 가능(향후 Big Data 서비스 등에 활용)

NetApp- Automated QoS : VLAN-Based QoSModel for VoIP ODL - PCMM

• Packet PCMM (Subscribe QoS)Bandwidth on Demand USE CASE FOR WAN SDN



Media Cable Network 제어. - SDN APP 으로 부터 정책(User/Contents) 받아서- PCMM 장비 제어 / 케이블 모뎀 밴드 조절. (High/Low)

* PCMM : Packet Cable MultiMedia* CMTS : Cable Model Ternination System

Use Case for Service Provider Net

Why SDN Needed Benefits VendorVirtual Edge Service

Provider Access Networks

가상 에지를 서비스하는 NFV와 결합하여 기존의 댁내나 비즈니스 용으로설치한 CPE (Customer Premises Equipment) 장비를 대체. 대체한 단순하고 동일한 기능을 제공하는 경량의 장비로 복잡한 기능은 SP 데이터센터나 POP (points-of-presence) 에서 처리

단말 장치의 수명을 연장하고, 장애 해결을 개선하며, 수송량을 줄이고 새로운 서비스에 대한 유연성을 제공 한다.

HOST –CONNECTION to WAN

• Large L2 + Inter DC + DCI.

Service Provider Net.



• Large L2 + Inter DC + DCI. • Campus Network. (Inter Domain) + Large L2

Virtual Edge• UseCase : EDGE to DC Interconnect (vCPE NFV + Service Chaining)

OSS / Service Orchestrator OSS / Service Orchestrator

DC Orchestrator

DC Orchestrator

SDNController

SDNController

BGP L2/L3 VPN

IGP

Service VMEdge VPNConfiguration

Service Edge 와 DC 간의 Interconnect 핸들링을 통한 서비스 채널 생성. Orchestration & Asset


Use Case for Service Provider Net.


Virtual MPLS PE

MPLSMPLSEdge

Core Core

DC FabricDC Fabric

GW

SW Overlay • Transparent to DC infra• No DC/HW requirements – tunnels MPLS ov

er L2/L3• Tunnels MPLS frames to VM public VNI IP

SW Overlay • Transparent to DC infra• No DC/HW requirements – tunnels MPLS ov

er L2/L3• Tunnels MPLS frames to VM public VNI IP

WAN interworking• Interconnect natively with WAN Residential Gateways an

d business PE’s• Support L2/L3 VPN and multi cast services

WAN interworking• Interconnect natively with WAN Residential Gateways an

d business PE’s• Support L2/L3 VPN and multi cast services

SDN Ctr

RegidentalGW

Tunnel (VNI)

소형사업장

Virtual Edge

• Virtual Network Function (VNF) Examples:– Infrastructure

• Addressing (NAT), load balancing, secure tunneling, EPC.

– Security • Content filtering, IPS, SFW, ALG, Anti-virus/malware, UTM

– Optimization• Content cache & delivery, WAN acceleration,

transcode/transform

– Monitoring • DPI, Intercept/tap, SLA, analysis and reporting

Appliance & Virtual Edge

Physical service appliances

virtual services on x86 pools

Service scale up service scale out (improves : HA, elasticity)

Static router configuration

Dynamics service chain controller

Appliance vs VNFs AT THE EDGE


• DPI, Intercept/tap, SLA, analysis and reporting

– Virtual CPE • hosted and managed service like DNS, DHCP, routing. Etc

– Communication • VoIP, SBC, Video and Other Communication Services

configuration

Manual provisioning API automated via B/OSS workflow (lowers time to service)

q Use Cases

- Managed service provider vCPE

Case : EDGE to DC Interconnect - Service Edge 와 DC 간의 Interconnect 핸들링을 통한 서비스 채널 생성.

* Data Center Bridging (DCB)

* ALG : Application Layer Gateway

OPNFV BootStrapReference Architecture

OPNFV


OpenDaylight Helium SR2 Reference ArchitectureOPNFV


Additional Components and SoftwareReference Architecture

OPNFV

Network setup

Describe which L2 segments are configured (i.e. for management, control, use by client VNFs, etc.), how these segments are realized (e.g. VXLAN between OVSs) and which segment numbering (e.g. VLAN IDs, VXLAN IDs) are used. Describe which IP addresses are used, which DNS entries (if any are configured), default gateways, etc. Describe if/how segments are interconnected etc.


ays, etc. Describe if/how segments are interconnected etc.

List and purpose of used subnets as defined here: Network addressing and topology blueprint - FOREMAN

Admin (Management) - 192.168.0.0/24 - Admin network for PXE Boot, node configuration via puppetPrivate (Control) - 192.168.11.0/24 - API traffic and inner-tenant communicationStorage - 192.168.12.0/24 - separate VLAN for storagePublic (Traffic) - management IP of Ostack/ODL + trafficNetwork addressing and topology blueprint - FUEL

Admin (PXE) - 10.20.0.0/16 - FUEL Admin network (PXE Boot, cobbler/nailgun/mcollective work)Public (Tagged VLAN) - Subnet is up to the users network - this is used for external communication of the Control nodes as well as for L3 Nating (configurable subnet range)Storage (Tagged VLAN)) - 192.168.1.0/24 (default)MGMT (Tagged VLAN) - 192.168.0.0/24 (default) used for Openstack CommunicationCurrently there are two approaches to VLAN tagging:

Fuel - tagging/untagging is done on the Linux hosts, the switch should be configured to pass tagged traffic.Foreman - VLANs are configured on switch and packets are coming to/from Linux hosts untagged.There was agreed not use VLAN tagging unless the target hardware lacked the appropriate number of interfaces. It is still viable however for users who want to implement the target system in a restricted hardware environment to use tagging.

Following picture shows ODL connects to Neutron through ML2 pugin and to nova-compute through OVS bridge. (not yet finished, ceph storage will be added, approach with ODL in docker container will be added.)

Reference ArchitectureOPNFV


[별첨] SDDC Platform : Application Aware Support (Network)

SDDC Platform Asset : Workload (Template&Image…)

SDN Platform Mgt : 과제 NG NMS

SDDC Platform : Deployment- Application Template

SDDC Platform : Diagnostics- Application Monitoring / Diagnostics

SDDC Platform : Deployment- Orchestration w/ Resource, Northbound API

Physical & Virtual Workloads

Simplified Management of Virtual & Physical Networks

Application Isolation and Security

Application Template(or Profile)

Network-level Application and Trouble-shooting

Network Automation

1

3

4

7 8

9

제8회 2015 한국 소프트웨어 아키텍트 대회SDN Platform : OPNFV (Switch / Router)

SDDC Platform CloudOS : - Security Group - NFV : Firewall / IDS.SDN Network OS : - Tenant Network / Tunnel..

SDDC Platform CloudOS, HA/DR : - LiveMigration

SDN Platform : - Working Group- NFVIaaS + Service Chaining

Physical & Virtual Networks (L2-3)

Security

Application Placement & Migration

L4-L7 Service Insertion and Chaining

2

4

5

6

[별첨] SDDC Platform : Application Aware Support (Network)

SDN Platform Network : OPNFV (Switch / Router)

SDDC Platform Asset : Workload (Template&Image…)

SDN Platform Mgt :

SDDC Platform CloudOS : - Security Group - NFV : Firewall / IDS.SDN Network OS :

1

2

3

4


SDN Network OS : - Tenant Network / Tunnel..

SDDC Platform CloudOS, HA/DR : - LiveMigration, Hybrid Cloud

SDN Platform : - Working Group- NFVIaaS + Service Chaining

SDDC Platform : Deployment- Application Template

SDDC Platform : Diagnostics- Application Monitoring / DiagnosticsSDDC Platform : Deployment- Orchestration w/ Resource, Northbound API

5

6

7

8

9

발표제목: sddc reference architecture · 2015-07-17 ·...

Documents