Internet DRAFT - draft-liu-sdnrg-vn-practice
draft-liu-sdnrg-vn-practice
SDN Research Group Vic. Liu
Internet Draft JinZhu.Wang
Intended status: Informational China Mobile
March 9, 2015
Expires: September 2015
Virtualized Network Deployment Practice
draft-liu-sdnrg-vn-practice-00
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. This document may not be modified,
and derivative works of it may not be created, and it may not be
published except as an Internet-Draft.
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. This document may not be modified,
and derivative works of it may not be created, except to publish it
as an RFC and to translate it into languages other than English.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November 10,
2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Liu & Wang Expires September 9, 2015 [Page 1]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on September 9, 2015.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents carefully,
as they describe your rights and restrictions with respect to this
document. Code Components extracted from this document must include
Simplified BSD License text as described in Section 4.e of the Trust
Legal Provisions and are provided without warranty as described in
the Simplified BSD License.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents carefully,
as they describe your rights and restrictions with respect to this
document.
Abstract
In this draft, we introduce the deployment practice for virtual
network by firstly bring out the consideration of virtual network
implementation. Then with the VN architecture, discuss the five
planes in Virtual network. Afterwards, introduce the interfaces
between each planes. The Application will be add soon.
Table of Contents
1. Introduction ................................................ 3
2. Terminology ................................................. 3
3. Consideration of Virtual Network Implementation ............. 3
4. Deployment of Virtualized Network............................ 5
5. Application ................................................. 8
6. Conclusions ................................................. 9
Liu & Wang Expires September 9, 2015 [Page 2]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
7. References .................................................. 9
7.1. Normative References.................................... 9
7.2. Informative References...................................9
8. Acknowledgments ............................................. 9
1. Introduction
Today, more services are being provided through cloud system. These
trigger more research and implementation of virtual technology in
cloud datacenters. China mobile have been research in datacenter
virtualized for a period of time. We design and deploy datacenters
with virtual network to provide public cloud service. In this draft,
we share the deployment practice and some problem statement.
This draft is organized as follows:
Section 2 describes terminology for virtual technology;
Section 3 discusses the consideration while deploy the virtual
network.
Section 4 discusses the implementation of virtual network
architecture;
Section 5 discusses the interface between each layer of virtual
network;
Section 6 introduce the application deployed virtual network.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
3. Consideration of Virtual Network implementation
During the implementation of virtual network. Some issues and key
index SHOULD be considered clearly.
3.1 Virtual Network Function
a. Virtual Switch (vswitch): the vswitch is deployed at each server
to interconnect VMs on the server. The vswitch provides the Layer 2
switching function. The vswitches interconnect with each other by
using the overloay tunnel in order to break the 4K limitation of
maximum number of tenants caused by the vlan.
In order to optimize the data traffic path, the vswitch can implement
the distributed gateway function: routing the packets between
Liu & Wang Expires September 9, 2015 [Page 3]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
different subnets of the same tenant directly without sending the
packets to the gateway.
b. Virtual Router (vRouter): the vRouter is the gateway of the
tenant's network, which connects different subnets of the tenant. The
vRouter takes charge of forwarding following packets: 1.the packets
between the tenant in the DC and the users outside the DC (South-
north traffic); 2.the packets between different tenants; 3.the
packets between different subnets of the same tenant.
In addition, the vRouter can also implement the following function: 1.
NAT, which transfers the private ip address inside DC to the public
ip address outside the DC and vice versa; 2. Overlay tunnel endpoint,
which removes the tunnel capsulation for packets inside the DC to
send them outside and adds the tunnel capsulation for packets outside
the DC to forward them inside.
c. Virtual Firewall (vFw): filter or block packet flows based on the
security policies. The vFw can both process the South-north and East-
west packets flows.
d. Virtual LoadBalancer (vLB): balance the traffic load between
different VMs. The vLB can both process the South-north and East-west
packets flows
e. Virtual VPN (vVPN): the vVPN is deployed at the edge of the
network, which creates the tunnels to users outside the DC to provide
the VPN service. The tunnels can be IPsec VPN tunnel or the MPLS VPN
tunnel.
3.2 Virtual Network Performance:
Because of the large east-west traffic, virtual network performance
in datacenter should be taken into considered. The Key index in
virtual network is listed below:
a. CPU: CPU utilization is very important for VN. However, vCPU
can be allocated for VM. But it cannot allocated for hypervisor
and VSwitch.
b. Memory: Memory is not sensitive for the VN performance. There
is a consideration that the VxLAN But we
still think it should be listed as one VxLAN performance index.
c. Latency: When traffic is forwarded between VM to VM across two
different physical server. Latency should be an index.
d. Throughput: We use the benchmark as the traffic throughput.
Liu & Wang Expires September 9, 2015 [Page 4]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
e. Packet-lost: Virtual network may have few packet-lost because
of unstable of vCPU. Less than 2% of packet-lost is acceptable.
4. Deployment of Virtualized Network
In our deployment, we deployed a datacenter to provide public cloud
service with 1000 servers. On each server, we deploy 10 VMs connected
by a virtual switch. The virtual switches contains the overlay
tunnels to interconnect with each other. In the underlay physical
network, the traditional TOR switches and CORE switches are implied
for Layer2/Layer3 network forwarding.
4.1 Virtualized Network Architecture
As the figure showed as follow. There are five layers in virtual
network.
Liu & Wang Expires September 9, 2015 [Page 5]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
-------------------
| Management plane |
-------------------
|
-------------------------------
| |
|
--------------- ------------------------
| Control Plane | | Service function Plane |
--------------- ------------------------
/ \
/ \
/ \
/ \
----------------- -----------------
| Underlay Plane | | Underlay Plane |
----------------- -----------------
Figure of VN architecture
a. Underlay Plane
The underlay plane contains physical switches, which are divided into
access switches and core switches. The core switches can use both the
Layer-2 switching and Layer-3 routing to interconnect with the access
switches. The underlay plane is independent of the overlay plane.
b. Overlay data plane
A gateway is deployed at the edge of the datacenter network, which is
responsible for 1: routing packets between different subnets (east-
west traffic) and between users inside the DC and outside the DC
(south-north traffic); 2. Overlay tunnel endpoint, which removes the
tunnel capsulation for packets inside the DC to send them outside and
adds the tunnel capsulation for packets outside the DC to forward
them inside.
c. Service function plane
We also adopt virtual network functions, which includes the virtual
Firewall, the virtual Load Balancer, and the virtual VPN.
The sequence of the vFw, vLB and vPN which the packet flow pass can
be flexible arranged according to user requirement.
d. Control Plane
Liu & Wang Expires September 9, 2015 [Page 6]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
We deploy a controller to control all virtual switches and the
gateway. The protocols between the SDN controller and virtual
switches are: 1. OVSDB, which is used to configure the virtual switch,
and 2. OpenFlow1.3, which is used to manage virtual switch
dynamically. The protocol between the SDN controller and the router
is OpenFlow1.3 or netconf.
e. Management plane
Above the controller, we use the OpenStack to manage public cloud.
The OpenStack neutron cooperates with the SDN controller to control
the virtual network: 1. the SDN controller communicates with the ML2
plugin in the neutron to receive the Layer 2 virtual network
configuration and configure the virtual switches; 2. The SDN
controller communicates with the L3 plugin in the neutron to receive
Layer 3 virtual network configuration and configure both the virtual
switches and the gateway.
4.2 Interfaces in Virtual Network
a. Control plane to underlay plane: This is the interface of controller
to gateway. For the gateway, it either can be the hardware gateway or
the software gateway (VRouter run within the server). This interface is
implemented by OpenFlow and Netconf. The controller use the interface to
management virtual switch to allow the legacy server connect with
overlay network.
b. Control plane to overlay data plane: control plane include controller
and the data plane include the VSwitch and VRouter. The interface of
Controller to VSwitch is implemented by OVSDB and OpenFlow. The
interface of Controller to the VRouter is implemented by Netconf and
Openflow.
c. Management plane to control plane: This is a controller interface
that connected with OpenStack Neutron by Restful API to provide L2 and
L3 management.
Liu & Wang Expires September 9, 2015 [Page 7]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
------------- ------------ -----------
| OpenStack | -> |ML2 Plugin| |L3 Plugin|
| Neutron | -> ------------ -----------
------------- | |
| |
---------------
| REST API |
---------------
|
------------
| Controller |
------------
Figure of controller north band interface
d. Service function interfaces: The service function interfaces include
interface between management(OpenStack) to vFW/vLB/vVPN and controller
to vFW/vLB/vVPN. The detail is showed as figure below.
------------- ------------ ----------- -------------------------
| OpenStack | -> |ML2 Plugin| |L3 Plugin| |Service Function Plugin|
| Neutron | -> ------------ ----------- ------------------------
------------- | | |
| | |
----------------------------------
| REST API |
----------------------------------
| |
------------ -------------
| Controller |---------| vFW/vLB/vVPN|
------------ -------------
Figure of Service Function Interfaces
5. Application
5.1 VPC
TBD.
5.2 SFC
TBD.
Liu & Wang Expires September 9, 2015 [Page 8]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
6. Conclusions
In this draft, we introduce the deployment practice for virtual
network by firstly bring out the consideration of virtual network
implementation. Then with the VN architecture, discuss the five
planes in Virtual network. Afterwards, introduce the interfaces
between each planes. The Application will be add soon.
7. References
7.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[2] Crocker, D. and Overell, P.(Editors), "Augmented BNF for
Syntax Specifications: ABNF", RFC 2234, Internet Mail
Consortium and Demon Internet Ltd., November 1997.
[RFC2119] Bradner, S., "Key words for use in RFCs to
Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2234] Crocker, D. and Overell, P.(Editors), "Augmented
BNF for Syntax Specifications: ABNF", RFC 2234, Internet
Mail Consortium and Demon Internet Ltd., November 1997.
7.2. Informative References
[3] Faber, T., Touch, J. and W. Yue, "The TIME-WAIT state in TCP
and Its Effect on Busy Servers", Proc. Infocom 1999 pp. 1573-
1583.
[Fab1999] Faber, T., Touch, J. and W. Yue, "The TIME-WAIT
state in TCP and Its Effect on Busy Servers", Proc. Infocom
1999 pp. 1573-1583.
8. Acknowledgments
This document was prepared using 2-Word-v2.0.template.dot.
Liu & Wang Expires September 9, 2015 [Page 9]
Internet-Draft draft-liu-sdnrg-vn-practice-00 March 2015
Authors' Addresses
Vic Liu
China Mobile
Email: liuzhiheng@chinamobile.com
Jinzhu Wang
China Moible
Email: Wangjinzhu@chinamobile.com
Liu & Wang Expires September 9, 2015 [Page 10]
