native networking or sdn

[John Cabs <li...@gmail.com>]

Hi,

I'm new on cloudstack and I'm just curiouse about SDN's. What is the native or built-in virtual network used by cloudstack? i know that it can be plugged in with 3rd party (like nicira) but what is the built-in networking stack used? For openstack they use quantum right...how about cloudstack?

Thanks.

Re: native networking or sdn

[Nux! <nu...@li.nux.ro>]

On 21.04.2013 17:24, John Cabs wrote:
> Hi Guys,
> 
> Any advice?
> 
> On 20 Apr, 2013, at 7:08 AM, John Cabs <li...@gmail.com> wrote:
> 
>> Hi,
>> 
>> I'm new on cloudstack and I'm just curiouse about SDN's. What is the 
>> native or built-in virtual network used by cloudstack? i know that it 
>> can be plugged in with 3rd party (like nicira) but what is the 
>> built-in networking stack used? For openstack they use quantum 
>> right...how about cloudstack?
>> 
>> Thanks.

Hi,

On Linux/KVM it uses good old bridge, if you run XenServer I believe 
you can use OVS.
I think OVS SDN is coming to Linux/KVM CS in 4.1.


-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro

Re: native networking or sdn

[John Cabs <li...@gmail.com>]

Hi Guys,

Any advice?

On 20 Apr, 2013, at 7:08 AM, John Cabs <li...@gmail.com> wrote:

> Hi,
> 
> I'm new on cloudstack and I'm just curiouse about SDN's. What is the native or built-in virtual network used by cloudstack? i know that it can be plugged in with 3rd party (like nicira) but what is the built-in networking stack used? For openstack they use quantum right...how about cloudstack?
> 
> Thanks.

Re: native networking or sdn

[David Nalley <da...@gnsa.us>]

On Fri, Apr 19, 2013 at 7:08 PM, John Cabs <li...@gmail.com> wrote:
> Hi,
>
> I'm new on cloudstack and I'm just curiouse about SDN's. What is the native or built-in virtual network used by cloudstack? i know that it can be plugged in with 3rd party (like nicira) but what is the built-in networking stack used? For openstack they use quantum right...how about cloudstack?
>
> Thanks.

Hi John:

So there isn't really a default.

In the old days we used to define it as 'basic' or 'advanced'
networking. I think those were misnomers. Now we talk about Isolation
types:

Some of these simply don't work on certain hypervisors.

As of 4.0

* Basic Networking - AKA Security Groups - uses a flat-layer-2 network
and has the hypervisor's bridge perform layer-3 isolation. CloudStack
takes the responsibility of orchestrating these bridges to ensure
their state is correct. This gives you a lot more scalability than
VLANs, and is less demanding on networking hardware itself, but it
also means that constructs like VLANs aren't really applicable, and
you lose broadcast traffic, etc.

* Advanced Networking - AKA VLANs Isolation - uses a pool of VLANs and
dynamically assigns them to guest networks as they are provisioned.
CloudStack uses a virtual networking appliance based on Linux to
provide an account-dedicated virtual routing device that provides
services like NAT/Port forwarding LoadBalancing, routing, etc. (the
appliance isn't directly configurable by the user, they have to do all
of it via CloudStack)

* There's also completely flat Layer-2 networking with no isolation.
(Essentially basic networking sans the security groups)

* Direct Netwoking (again horrendous naming IMO) - This is where you
had existing network elements that CloudStack wasn't going to control,
but merely consume from. There's also another extension of this where
CloudStack controls physical networking elements rather than
virtualized devices in an 'advanced network' using devices like
Juniper SRX and F5 BigIP Load Balancers.

* GRE Tunnels via OVS - This was really the first foray into SDN - and
like Security groups, CloudStack is orchestrating the tunnel
creation/definition on each hypervisor host.

* STT Isolation with Nicira NVP - Hugo wrote the Layer 2 Nicira NVP
capabilities and it first appeared in CloudStack 4.0.0. CloudStack 4.1
has Layer 3 support for NVP.

In upcoming versions (4.1 and 4.2) there's already support for:

Using Security Groups within VLANS.

BigSwitch (which IIRC will allow you to use Floodlight as your
controller (I think they said the compatible version of Floodlight
would be released by 4.1), or the proprietary BigSwitch controller.

Midokura Midonet (though I sadly haven't kept up with implementation
details at all here.)

Broadcom Load Balancers (in addition to F5 and NetScaler which are
already supported)


I wrote all of that, but most folks typically go with either Basic or
Advanced depending on the gear on hand and how scalable they need to
make it. Most enterprise shops that I have interacted with use VLANs
for isolation. I tend to think of basic as being simpler to setup and
configure - but that assumes you can wrap your head around Layer3
isolation easily. Of course you can 'mix and match' - Networks types
are set at the zone level - so I've seen folks with multiple zones in
a single datacenter to use different types of networking. I'm glossing
over and simplifying a lot of the choices here, because really it's
about what you need to do, rather than what some arbitrary default is
set as.

--David