Microsoft Network Virtualization – NVGRE cloudpartneritransformers.net/meetups/NBU.pdf ·...

Microsoft Network Virtualization – NVGRE cloudpartner.de

Sofia NBU Cloud & SDN

Professionelle Cloud-Lösungen für mittelständische Systemhäuser 1

Yordan Dimov Auxo GmbH

> Fast Transitions. > Looking for more flexibility and agility. > Standartization of building blocks. > Re-architecting the network. > Remove Tiers. > Management.


Business Needs

> Cloud computing has increased the requirements on the network infrastructure. > Traditional Data center networks are less scalable, complex and inflexible. > Technologies like VLANs and STP does not meet the requirements of multi-tenant virtualized data centers.


Problem statement


Industry solutions

> Network Virtualization � TRILL (IETF), PBB (IEEE 802.1ah) SPB (IEEE 802.1aq) � VRF, MPLS-VPN � VXLAN, NVGRE, STT

> Software defined networks (SDN) � OpenFlow � OpenStack


SDN Promises

> Highly automated & dynamically provisioned

> Enables innovation, experimentation & optimization

> Virtualizes network &abstracts the hardware

> Makes the network programmable

> Enables overlays with control at edges


Cloud Computing

> Cloud Computing Types � Private � Public � Hybrid

> Cloud Computing types of services

� Software as a Service (SaaS)

� Platform as a Service (PaaS)

�  Infrastructure as a Service (IaaS)


Virtualization

> Virtualization basics � Hypervisor � Virtual Machines

> Why Virtualize � To avoid server sprawl � Reduce costs �  Isolate applications


Investigating multi-tenant virtualized Data Centers

> Data center Networking � Data center networking

architecture � Core layer � Aggregation layer � Access layer

� Networking protocols essentials �  IP, TCP, UDP � ARP, Ethernet � VLANs and STP


Multi-tenant virtualized data centers

> Multi-tenancy > Multi-tenant data center designs

� Top of Rack (ToR) � End of Row (EoR)


Multi-tenant virtualized data centers

> Multi-tenant separation � Layer 2 network virtualization � Layer 3 network virtualization


Understanding the limitations of multi-tenant data centers

> VLAN limitations � 12 bit VLAN ID

> STP limitations � Limits bandwidth � Slow convergence

> Multi-tenant address separation � Duplicate IP and MAC addresses

> VM mobility � Mobility across subnets

> Complexity � No dynamic provisioning


What is Network virtualization?

> Faithful reproduction of the physical network. � Use of overlay networks

� MAC-in-MAC encapsulation � MAC-in-IP encapsulation

> Dynamic network provisioning, simplified network management. > Virtual Networks on top of Ethernet > Network virtualization with L2 overlays over L3 (MAC-in-IP encapsulation)

� Virtual extensible LANs (VXLAN) � Network virtualization with GRE (NVGRE) � Stateless transport tunneling protocol (STT) � Virtualized Services Platform (VSP) �  IO Visor � Contrail � MidoNet


Network virtualization benefits

> Scalability - the ability to scale beyond VLAN limits to support hyper-scale datacenter network requirements.

> Multi-tenancy - each application or tenancy can have their own network and security policy via NV traffic isolation.

> Ease of implementation - no need to change the underlying physical network. > Improved performance of VM-to-VM traffic within the same server or rack. STP limitations


VLAN

> All this happens at Layer-2; > Layer-3+ information remains inside the payload of an Ethernet frame unchanged.

> The resultant frame is now tagged, and cannot be interpreted by a network device that is not expecting for this information. Similarly, a network device that is expecting this tag generally cannot interpret untagged frames.


Encapsulation


GRE

> GRE happens at Layer-3, but leaves the original Layer-2+ frame intact through encapsulation.

> Ethernet frame header containing an IP packet header. Following that header will be a GRE header, and then another Ethernet frame header. Inside the payload of that frame will be the original IP packet.


NVGRE RFC


NVGRE


Problem 1: MTU

> GRE 46 bytes > MTU reduced to 1458 > Jumbo Frames > IP fragmentation is not allowed


Microsoft Network Virtualization Concepts

> Routing Domain ID (RDID) > Virtual Subnet ID (VSID)


Packet Encapsulation

> Provider Address (PA) > Customer Address (CA)


Network Virtualization for Generic Routing Encapsulation (NVGRE)

> Provider Address (PA) > Customer Address (CA)



> Virtualization Policy

> Datacenter Management Software


Network Virtualization Lookup Records


Virtual Switch Architecture


Extensible Virtual Switch


Supported features

> Enables new scenarios � DHCP in the Virtual Network � Host and Guest Clustering

> Efficient Implementation � Uses hardware for PA multicast if configured � Administrator don’t generally like to configure PA multicast

> Falls back to intelligent PA unicast replication

� Sends only one unicast packet per host no matter how many relevant VMs are on the host

> Compliant address resolution semantics � CA space DAD, NUD and ARP fully supported for IPv4 and IPv6 � Reliable ARP proxy

> Notifies the central policy store of learned IP addresses

� New CA’s, deletion of CA’s, CA movement � Rapid dissemination of HNV routing policy � Limited network overhead for disseminating HNV routing policy


Private Cloud

> Network Virtualization Gateway > Datacenter Management Software


Hybrid Cloud

> Extensions > Datacenter Management Software


Windows Server Gateway (WSG)

> Multitenant S2S network virtualization GW

> Clustering for high availability on guest and host level

> Uses BGP for dynamic routes update

> Multitenant aware NAT for Internet access

> Integration with VMM 2012 R2 > Up to 200 S2S VPN Connections, 50 Routing domains and 500 virtual subnets

Contoso VM Network

Northwind VM Network

Fabrikam VM Network

Internet Hoster

BGP


Network Stack


TCP/IP

VM

Hyper-V switch


Multi-tenant Network Stack


TCP/IP

VM

Hyper-V switch


Future Protocols

> Generic Network Virtualization Encapsulation (GENEVE) � 24 bits are too small � Checksum offload � Multiple path decisions – ECMP � Additional information � Network state � Application identification � Application requirements � Additional Metadata

Yordan Dimov Senior Cloud Administrator, IaaS Product Development Microsoft Certified Solutions Expert [email protected]


Questions ?

www.cloudpartner.de [email protected] +49 30 5770 112-0


cloudpartner.de Auxo GmbH Windscheidstr. 18 10627 Berlin

Microsoft Network Virtualization – NVGRE cloudpartneritransformers.net/meetups/NBU.pdf ·...

Documents

Transcript of Microsoft Network Virtualization – NVGRE cloudpartneritransformers.net/meetups/NBU.pdf ·...