SDN Research Group Vic. Liu Internet Draft JinZhu.Wang Intended status: Informational China Mobile March 9, 2015 Expires: September 2015 Virtualized Network Deployment Practice draft-liu-sdnrg-vn-practice-00 Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, and it may not be published except as an Internet-Draft. This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, except to publish it as an RFC and to translate it into languages other than English. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Liu & Wang Expires September 9, 2015 [Page 1] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on September 9, 2015. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract In this draft, we introduce the deployment practice for virtual network by firstly bring out the consideration of virtual network implementation. Then with the VN architecture, discuss the five planes in Virtual network. Afterwards, introduce the interfaces between each planes. The Application will be add soon. Table of Contents 1. Introduction ................................................ 3 2. Terminology ................................................. 3 3. Consideration of Virtual Network Implementation ............. 3 4. Deployment of Virtualized Network............................ 5 5. Application ................................................. 8 6. Conclusions ................................................. 9 Liu & Wang Expires September 9, 2015 [Page 2] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 7. References .................................................. 9 7.1. Normative References.................................... 9 7.2. Informative References...................................9 8. Acknowledgments ............................................. 9 1. Introduction Today, more services are being provided through cloud system. These trigger more research and implementation of virtual technology in cloud datacenters. China mobile have been research in datacenter virtualized for a period of time. We design and deploy datacenters with virtual network to provide public cloud service. In this draft, we share the deployment practice and some problem statement. This draft is organized as follows: Section 2 describes terminology for virtual technology; Section 3 discusses the consideration while deploy the virtual network. Section 4 discusses the implementation of virtual network architecture; Section 5 discusses the interface between each layer of virtual network; Section 6 introduce the application deployed virtual network. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Consideration of Virtual Network implementation During the implementation of virtual network. Some issues and key index SHOULD be considered clearly. 3.1 Virtual Network Function a. Virtual Switch (vswitch): the vswitch is deployed at each server to interconnect VMs on the server. The vswitch provides the Layer 2 switching function. The vswitches interconnect with each other by using the overloay tunnel in order to break the 4K limitation of maximum number of tenants caused by the vlan. In order to optimize the data traffic path, the vswitch can implement the distributed gateway function: routing the packets between Liu & Wang Expires September 9, 2015 [Page 3] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 different subnets of the same tenant directly without sending the packets to the gateway. b. Virtual Router (vRouter): the vRouter is the gateway of the tenant's network, which connects different subnets of the tenant. The vRouter takes charge of forwarding following packets: 1.the packets between the tenant in the DC and the users outside the DC (South- north traffic); 2.the packets between different tenants; 3.the packets between different subnets of the same tenant. In addition, the vRouter can also implement the following function: 1. NAT, which transfers the private ip address inside DC to the public ip address outside the DC and vice versa; 2. Overlay tunnel endpoint, which removes the tunnel capsulation for packets inside the DC to send them outside and adds the tunnel capsulation for packets outside the DC to forward them inside. c. Virtual Firewall (vFw): filter or block packet flows based on the security policies. The vFw can both process the South-north and East- west packets flows. d. Virtual LoadBalancer (vLB): balance the traffic load between different VMs. The vLB can both process the South-north and East-west packets flows e. Virtual VPN (vVPN): the vVPN is deployed at the edge of the network, which creates the tunnels to users outside the DC to provide the VPN service. The tunnels can be IPsec VPN tunnel or the MPLS VPN tunnel. 3.2 Virtual Network Performance: Because of the large east-west traffic, virtual network performance in datacenter should be taken into considered. The Key index in virtual network is listed below: a. CPU: CPU utilization is very important for VN. However, vCPU can be allocated for VM. But it cannot allocated for hypervisor and VSwitch. b. Memory: Memory is not sensitive for the VN performance. There is a consideration that the VxLAN But we still think it should be listed as one VxLAN performance index. c. Latency: When traffic is forwarded between VM to VM across two different physical server. Latency should be an index. d. Throughput: We use the benchmark as the traffic throughput. Liu & Wang Expires September 9, 2015 [Page 4] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 e. Packet-lost: Virtual network may have few packet-lost because of unstable of vCPU. Less than 2% of packet-lost is acceptable. 4. Deployment of Virtualized Network In our deployment, we deployed a datacenter to provide public cloud service with 1000 servers. On each server, we deploy 10 VMs connected by a virtual switch. The virtual switches contains the overlay tunnels to interconnect with each other. In the underlay physical network, the traditional TOR switches and CORE switches are implied for Layer2/Layer3 network forwarding. 4.1 Virtualized Network Architecture As the figure showed as follow. There are five layers in virtual network. Liu & Wang Expires September 9, 2015 [Page 5] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 ------------------- | Management plane | ------------------- | ------------------------------- | | | --------------- ------------------------ | Control Plane | | Service function Plane | --------------- ------------------------ / \ / \ / \ / \ ----------------- ----------------- | Underlay Plane | | Underlay Plane | ----------------- ----------------- Figure of VN architecture a. Underlay Plane The underlay plane contains physical switches, which are divided into access switches and core switches. The core switches can use both the Layer-2 switching and Layer-3 routing to interconnect with the access switches. The underlay plane is independent of the overlay plane. b. Overlay data plane A gateway is deployed at the edge of the datacenter network, which is responsible for 1: routing packets between different subnets (east- west traffic) and between users inside the DC and outside the DC (south-north traffic); 2. Overlay tunnel endpoint, which removes the tunnel capsulation for packets inside the DC to send them outside and adds the tunnel capsulation for packets outside the DC to forward them inside. c. Service function plane We also adopt virtual network functions, which includes the virtual Firewall, the virtual Load Balancer, and the virtual VPN. The sequence of the vFw, vLB and vPN which the packet flow pass can be flexible arranged according to user requirement. d. Control Plane Liu & Wang Expires September 9, 2015 [Page 6] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 We deploy a controller to control all virtual switches and the gateway. The protocols between the SDN controller and virtual switches are: 1. OVSDB, which is used to configure the virtual switch, and 2. OpenFlow1.3, which is used to manage virtual switch dynamically. The protocol between the SDN controller and the router is OpenFlow1.3 or netconf. e. Management plane Above the controller, we use the OpenStack to manage public cloud. The OpenStack neutron cooperates with the SDN controller to control the virtual network: 1. the SDN controller communicates with the ML2 plugin in the neutron to receive the Layer 2 virtual network configuration and configure the virtual switches; 2. The SDN controller communicates with the L3 plugin in the neutron to receive Layer 3 virtual network configuration and configure both the virtual switches and the gateway. 4.2 Interfaces in Virtual Network a. Control plane to underlay plane: This is the interface of controller to gateway. For the gateway, it either can be the hardware gateway or the software gateway (VRouter run within the server). This interface is implemented by OpenFlow and Netconf. The controller use the interface to management virtual switch to allow the legacy server connect with overlay network. b. Control plane to overlay data plane: control plane include controller and the data plane include the VSwitch and VRouter. The interface of Controller to VSwitch is implemented by OVSDB and OpenFlow. The interface of Controller to the VRouter is implemented by Netconf and Openflow. c. Management plane to control plane: This is a controller interface that connected with OpenStack Neutron by Restful API to provide L2 and L3 management. Liu & Wang Expires September 9, 2015 [Page 7] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 ------------- ------------ ----------- | OpenStack | -> |ML2 Plugin| |L3 Plugin| | Neutron | -> ------------ ----------- ------------- | | | | --------------- | REST API | --------------- | ------------ | Controller | ------------ Figure of controller north band interface d. Service function interfaces: The service function interfaces include interface between management(OpenStack) to vFW/vLB/vVPN and controller to vFW/vLB/vVPN. The detail is showed as figure below. ------------- ------------ ----------- ------------------------- | OpenStack | -> |ML2 Plugin| |L3 Plugin| |Service Function Plugin| | Neutron | -> ------------ ----------- ------------------------ ------------- | | | | | | ---------------------------------- | REST API | ---------------------------------- | | ------------ ------------- | Controller |---------| vFW/vLB/vVPN| ------------ ------------- Figure of Service Function Interfaces 5. Application 5.1 VPC TBD. 5.2 SFC TBD. Liu & Wang Expires September 9, 2015 [Page 8] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 6. Conclusions In this draft, we introduce the deployment practice for virtual network by firstly bring out the consideration of virtual network implementation. Then with the VN architecture, discuss the five planes in Virtual network. Afterwards, introduce the interfaces between each planes. The Application will be add soon. 7. References 7.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [2] Crocker, D. and Overell, P.(Editors), "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, Internet Mail Consortium and Demon Internet Ltd., November 1997. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2234] Crocker, D. and Overell, P.(Editors), "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, Internet Mail Consortium and Demon Internet Ltd., November 1997. 7.2. Informative References [3] Faber, T., Touch, J. and W. Yue, "The TIME-WAIT state in TCP and Its Effect on Busy Servers", Proc. Infocom 1999 pp. 1573- 1583. [Fab1999] Faber, T., Touch, J. and W. Yue, "The TIME-WAIT state in TCP and Its Effect on Busy Servers", Proc. Infocom 1999 pp. 1573-1583. 8. Acknowledgments This document was prepared using 2-Word-v2.0.template.dot. Liu & Wang Expires September 9, 2015 [Page 9] Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015 Authors' Addresses Vic Liu China Mobile Email: liuzhiheng@chinamobile.com Jinzhu Wang China Moible Email: Wangjinzhu@chinamobile.com Liu & Wang Expires September 9, 2015 [Page 10]