Cloud Networks Uni Stuttgart

(1)

Gerhard Koch

(2)

T-Server (Genesys)

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

From QoS to QoE

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

(3)

T-Server (Genesys)

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

From QoS to QoE

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

(4)

Cloud Computing is defining new requirements for networks ...

v Evolved Network Model to support Network Virtualization and Resource

management

v Support of dynamic and mobile workloads within and between DC’s

v Workaround new scalability issues in L2 and L3 environments

v Virtualized Networks b e t w e e n Providers

v Dynamic Provisioning of Network Resources due to needs of a Cloud workload

v Enable “Real-time Cloud Workloads” such as Telco Billing, Voice and Video

v Management of “Real-time Cloud Workloads” in a distributed Cloud Architecture

v Understand the Telco network requirements when introducing cloud principles to

their IT landscape

(5)

T-Server (Genesys)

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

From QoS to QoE

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

(6)

The data center IT infrastructure evolution

…

from ad-hoc to well-architected, to reduce costs and increase responsiveness

Top IT requirements to be met:

§

Lower total costs through better device utilization and energy efficiency

§

Better IT responsiveness through rapid application deployment, including self-service

§

Better IT agility virtual resources, configurations, and workloads decoupled and

insulated from physical environment

Windows Servers Linux Servers Unix Servers Management Servers Switches Storage Firewalls, Routers Windows Server Linux Server Mainframe or Unix Server Networks Storage Multi-System Virtualization Virtual Servers, Storage, Networks Storage Servers Networks V V V Ensemble Ensemble Ensemble Dynamic / Cloud Virtualization

Scale-Out Complexity Consolidation

Device sprawl Physical consolidation System virtualization System provisioning and automation

(7)

Networks must become flexible, responsive, and managed

together with the rest of the IT infrastructure

N et w o rk S er v er / S to ra g e Dynamic / Cloud Virtualization

Scale-Out Complexity Consolidation

Device sprawl Device virtualization System virtualization System provisioning and automation

(8)

Evolution of Data Center Networking

… Data Center Network is migrating to a Single Layer

N layer

2 layer

1 layer

Aggregation Access Storage fabric Router Core Virtual Core

..

Virtual Storage Virtual Servers

Enable

Converge and Simplify

Scale

Reduced TCO

§ connect anything anywhere § connectivity is predictible

(9)

(10)

The Evolution of Access Networks

Access layer networking has evolved from a simple physical

NIC-to-physical switch connection to a complex virtual

network infrastructure living within the physical server in the

form of vNICs and vSwitches and associated technologies

(VLAN tagging, trunking, QoS, etc.).

(11)

Standards associated with Virtual Ethernet Bridging

IEEE 802.1Qbg – Edge Virtual Bridging

Edge Virtual Bridging (EVB) is the environment where physical end stations contain multiple virtual end stations that participate in the bridged LAN.

… is the effort to standardize interactions between data center subsystems in support of Virtualization and Virtual Machine Mobility.

1. Virtual Ethernet Port Aggregation (VEPA)

– Allows VM-VM communication within the same server to be done through external switch (hairpin mode) to take advantage of its advanced controls

– Leverages VEB (Virtual Ethernet Bridging) – embedded bridging in adapters 2. Multi-channel

– Allows each virtual MAC address (such as the MAC Addresses used by VMs) to carry a VLAN tag, which can be used to provide quality of service capabilities (e.g. traffic controls). – Todays pre-standards alternatives: IBM/BNT Virtual Fabric with vNIC

3. Virtual Station Interface (VSI)

– Allows external network state, also known as port profiles (i.e. VLAN Identifier, Port Access and Traffic Controls) to dynamically migrate with a VM.

– This was Automated Migration of a Port Profile (AMPP) before.

Key Proponents: IBM, HP, BNT, Juniper, Qlogic, Emulex… first products expected for late 2010 A similar proposal ist 802.1Qbh - Bridge Port Extension (Cisco’s VN-link).

(12)

Hypervisor Hypervisor

VEPA VEPA

Ethernet Virtual Bridging Standards (IEEE 802.1Qbg)

1. Virtual Ethernet Port Aggregator (VEPA) Protocol

Discovers where VM-VM communication is performed:

– Through Virtual Ethernet Bridge (VEB) within the

server, or

– Through external switch, so external switches

advanced controls can be performed on traffic.

2. Multi-channel Protocol

– Uses a Service Provider VLAN tag (STAG) to

isolate traffic to a channel.

– Allows a mix of internal (VEB) and external (VEPA)

based switching approaches on the same server

physical port.

3. Virtual Station Interface (VSI) Protocol

– Used to associate and de-associate VM MAC

Addresses to a port profile.

– Enables port profiles to dynamically migrate with a

VM.

Server

VM OS Drv App.

Server

VM OS Drv App.

3

VM OS Drv App. VM OS Drv App.

2

1

A Port Profile consists of network state associated with the VM, such as VLAN ID, Access,

QoS & Security Controls.

2

(13)

Multi-Channel:

… allows VEB, VEPA & dedicated links on the same switch port

VM VM VM V E P A Provides the ability to support a vSwitch and VEPA on the same switch port (with a single NIC) NEVA/EVB VM VM VM VM VEB

VM Edge Switch Edge

11/9/2010 13 M u lti -C h a n n e l _Mu lt i-C h a n n e l Server Edge L2 net(s)

The type of link (VEB, VEPA, or direct) could be

specified as part of the port profile.

(14)

Hypervisor

VM

OS

Identity

App.

Server

Hypervisor

VM

OS

Identity

App.

VM

OS

Identity

App.

Server

Today’s VM Migration (VMware, PowerVM, …)

Port Profile Options:

Use same Port Profiles à All VMs must be same type. Move after VM à Can’t tell Migrated vs Reincarnated VM. Manually move the Port Profile à Reduces virtualization value.

Today:

Internal virtual switch Port Profiles, move with a VM.

But external Port Profiles do not move with the VM.

A Port Profile consists of network state associated

with the VM, such as VLAN ID, Access, QoS & Security Controls.

(15)

Hypervisor

VM

OS

Identity

App.

Server

Hypervisor

VM

OS

Identity

App.

VM

OS

Identity

App.

Server

Solving VM Automation Challenges

2010 Products

We are working with partners & the industry to provide a standards based approach for: 1) Selecting where Virtual Switching is done:

Server vs external switch (Virtual Ethernet Port Aggregation).

2) Automating the

migration of port profiles (Virtual Station Interface or Automated Migration of a Port Profile).

(16)

VMready Switch

BNT’s VM aware Network - VMready™

VM 1

1. VMready creates a virtual port for each VM can be configured for VLANs, ACLs, QoS etc. 2. Virtual port configurations can be synchronized with vSwitches via APIs

3. VMready see the packets sent from VMs as they migrate and moves the virtual ports and policies in real time with Nmotion™ - Virtual Machines stay attached and secure.

VM 2 VM X

Virtual Switch

Virtual port VLAN 100 ACL filters TX/RX limits

1

2

Virtual port VLAN 100 ACL filters TX/RX limits

3 VMready runs

on the switch

(17)

Virtual Fabric for IBM System x

9-Nov-10

BLADE Network Technologies | Confidential ₁₇

Divide a 10G adapter port into 2, 3 or 4 adjustable virtual pipes

• Reduce acquisition cost up to 75% and energy cost up to 45%

• Reduce complexity

• up to 86% less cables and 75% less switches & adapters

• Ability to dynamically allocate I/O bandwidth (100Mb increments)

• Exceptional security by providing isolation between virtual NICs

• High availability isolate failures of vNICs or virtual groups

• OS/Hypervisor sees up to 4 NICs per port (data, mgmt, Vmotion)

• Control Transmit and receive directions

Emulex OneConnect NIC 10G Link Virtual Pipes BLADE G8124 x86 Architecture BLADE 10G Switch

(18)

Virtual Pipe Architecture

Hypervisor/OS

vNIC1 vNIC2 vNIC3 vNIC4

P a c k e ts w ith O T 2 0 O T !0 O T 2 0 OT 3 0 P a c k e ts w ith O T 3 0 P a c k e ts w ith O T 1 0 P a c k e ts w ith O T 4 0 O T 4 0 Hypervisor/OS

vNIC1 vNIC2 vNIC3 vNIC4

P a c k e ts w ith O T 2 0 O T !0 O T 2 0 OT 5 0 P a c k e ts w ith O T 4 0 P a c k e ts w ith O T 1 0 P a c k e ts w ith O T 5 0 O T 6 0 vNIC Group 10 vNIC Group 20 vNIC Group 30 vNIC Group 40 vNIC Group 50

ØvNICs are identified by unique VLAN tags ØUser assigns vNIC(s) and uplink(s) to a vNIC group (outer VLAN) in the switch ØOne server port may belong to only

one vNIC group

ØOne uplink may belong to only one

vNIC group

ØSwitch does bandwidth metering based on vNIC VLAN tag and the port

ØThere will no forwarding between the uplinks

ServeràSwitch Packet Flow

•NIC inserts vNIC’s VLAN tag

•Switch has a vNIC groups for every vNIC tag

•Unicast Packet goes out on the right port – server port or uplink port •vNIC VLAN tag is stripped before sending out on uplink

•vNIC VLAN tag is not stripped before sending out on server port •Broadcast, multicast and unknown unicast packets are flooded in

the vNIC group

SwitchàServer Packet Flow

•Switch inserts vNIC group’s VLAN tag based on the ingress uplink port

•Unicast Packet goes out on the right server port

•Broadcast, multicast and unknown unicast packets are flooded in the vNIC group

•Switch applies egress bandwidth meter on the vNIC VLAN on a per port basis

(19)

(20)

(21)

TRILL as option from Network Perspective when connecting Cloud

DC‘s – Transparent Interconnection of Lots of Links

(22)

(23)

T-Server (Genesys)

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

From QoS to QoE

Network Inhibitors today to Cloud technologies

Role of the Network

in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

From QoS to QoE

(24)

(25)

Virtualized Physical Switches

Virtualized Instances of FW/IDS

Vswitches Vswitches

Virtualized Physical Routers with Services Blades

VCO‘s VCO‘s

Data Center - Cloud Network topology – there is even more to cloudify

(26)

2626

Data Center - Cloud Network topology – Service Activation

(Virtualized) Nw Instances

Vswitches VCO‘s NVM NVM VCO‘s Vswitches

(27)

Dynamic (Network) Provisioning – Network Overlay (VCO‘s)

§ A network ensemble has

– Several network end points (NEP’s) • Places where using entities connect. • Network end points are fixed

§ Each user entity has

– Exactly one application end point • An abstraction with identity. § Virtual Connectivity Object (VCO’s)

– Has two or more Service end points (SEPs)

– A current mapping from one service end point to one

network end-point

• Location is a mapping between an SEP and the

NEP

§ Configuration and Monitoring of NEPs

– Is performed by one or more Element Managers provided by the device manufacturer

§ Service Appliances

– Firewalls, load-balancers or caches type network devices

– Can be inserted into a connectivity overlay to provide desired QoS/security characteristics

NEP NEP NEP NEP NEP NEP NEP NEP Server SEP Storage SEP Storage SEP Server SEP Service App SEP V C O ‘s VCO‘s

(28)

(29)

TSAM Integration

• Exits Defined

• Activations Completed

• Return Workflow Values

RunBook Automation

• Defined Workflow

• Workflow Orchestrated

• NCM API’s Called

• CDM Network Parameters Passed

Network Activated

• Virtual Network

• Physical Network

Defined Network Activation

Requirements

• Activate Ethernet Ports (virtual and physical)

• Activate Routing

• Activate VLANS

• Activate Security Access Control Lists

Tpae Workflow

1

2

3

4 RunBook Completed

• State and Status Returned

5 What network activation am I being asked to perform?

Workflow nested within the network space.

How does TSAM interact?

Do it.

(30)

CCMP (Core) Components Relevant to Networking

Cloud Service Developer Cloud Service

Developer Cloud Service Provider

Common Cloud Management Platform

Cloud Service Consumer Cloud Service Consumer Customer In-house IT Customer In-house IT Consumer Administrator Consumer Business Manager Developer

Service Business Manager Service Operations Manager Consumer

End user

Metering, Analytics & Reporting Metering, Analytics & Reporting

Service Development Tools Service Definition Tools Service Definition Tools Image Creation Tools Image Creation Tools Change & Configuration

Management Change & Configuration

Management

Service Automation Management Service Automation Management

Virtualization Mgmt Virtualization Mgmt Provisioning Provisioning Monitoring & Event Management Monitoring &

Event Management IT Asset & License ManagementIT Asset & License Management Service Request Management

Service Request Management

IT Service Level Management IT Service Level Management Image Lifecycle Management Image Lifecycle Management

Capacity & Performance ManagementCapacity & Performance Management Incident & Problem

Management Incident & Problem

Management BSS Business Support Services OSS Operational Support Services

Service Transition Manager

Service Security Manager

Security & Resiliency

Service Delivery Catalog Service Delivery Catalog

Service Templates Service Templates A P I A P I S e rv ic e D e liv e ry P o rta l S e rv ic e D e liv e ry P o rta l S e rv ic e D e v e lo p m e n t P o rta l S e rv ic e D e v e lo p m e n t P o rta l

Service Provider Portal Service Provider Portal Offering Mgmt Offering Mgmt Order Mgmt Order Mgmt General accounting General accounting Customer Mgmt Customer Mgmt Entitlement Mgmt Entitlement Mgmt

Contract & agreement Mgmt

Contract & agreement Mgmt Opportunity to OrderOpportunity to Order

Pricing & Rating Pricing & Rating

Peering & Settlement Peering & Settlement Subscriber Mgmt Subscriber Mgmt Service Offering Catalog Service Offering Catalog Invoicing

Invoicing BillingBilling

Cloud Services

IT capability provided to Cloud Service Consumer

(Virtualized) Infrastructure – Server, Storage, Network, Facilities

Infrastructure for hosting Cloud Services and Common Cloud Manag ement Platform

Cloud Services

Infrastructure for hosting Cloud Services and Common Cloud Manag ement Platform

Infrastructure for hosting Cloud Services and Common Cloud Manag ement Platform Cloud Service Integration Tools Cloud Service Integration Tools

Virtualized Network Services E.g., create virtual overlay with QoS, security,

availability requirements.

How virtual network overlays are charged wrt SLA.

Deploy/create virtual network overlay over (virtualized) infrastructure,

that satisfies requirements. Monitor infrastructure for SLA compliance.

Virtual network overlay configuration/change management.

(31)

T-Server (Genesys)

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

From QoS to QoE

Network Inhibitors today to Cloud technologies

Role of the Network

in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

(32)

Cloud Networks what is still missing …

guess what ?

(33)

(34)

(35)

(36)

(37)

(38)

(39)

(40)

OPENFLOW

(41)

(42)

(43)

Open Flow - Initial Use Cases

(44)

T-Server (Genesys)

Network Inhibitors today to Cloud technologies

Role of the Network in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

From QoS to QoE

Network Inhibitors today to Cloud technologies

Role of the Network

in Cloud DC‘s

Concrete Realization Scenarios – Cloud ready Networks

Future Cloud & Network Virtualization Options

(45)

Defining QoE ...

– Definition (ITU-T p.10/G.100)

• Quality of Experience (QoE) is the overall acceptability of an application or

service, as perceived subjectively by the end-user.

– (New Proposed) Definition

• Quality of Experience is the overall acceptability of an application or service,

as perceived by the end-user. It incorporates the end-to-end Network Quality

of Service (NQoS) metrics, the QoS metrics specific to the application or

service (AQoS) and the subjective overall customer satisfaction Mean Opinion

Score (CMOS) collected for the user during and/or at the end of using the

(46)

(47)

QoE Components

QoE

Measured

Perceived

Objective / Quantitative Subjective / Qualtitative

E2E

Client

Core

Servers

Laptops, desktops, PDAs, Smart phones

Wireless, wireline Intranet, internet, IP, MPLS, VPN, VMs, Storage, Security, Imaging

Access

Customer Satisfaction Rating

Overall

Service

Customer Care

Billing, Security,..

Recommend?

Physican Efficiency Patient Quality of Care Image Processing Collaboration Retrieval,Translation Business Recovery Data Preservation Compliance Patient Confidentiality Helpfullness Responsiveness

SLA

Aggregation

Metro Ethernet, etc

N

Q

o

S

A

Q

o

S

(48)

QoE - Why doing this ?

… because it is critical to the adoption of Cloud Services

14% Application

Degradation Ref[8]

Delays Led to Decrease in:

Revenue Sales Traffic Productivity Customer Satisfaction

Network Delays Amazon 100 ms Ref[31] 1% Google 500 ms Ref[28] 20% Bing 2000 ms Ref[28] 2.10% Application Delays Web Apps 1000 ms Ref[1] 16% Computer world UK Application Degradation Ref[31] 15% 14% Application Degradation Ref[8]

Delays Led to Decrease in:

Revenue Sales Traffic Productivity Customer Satisfaction

Network Delays Amazon 100 ms Ref[31] 1% Google 500 ms Ref[28] 20% Bing 2000 ms Ref[28] 2.10% Application Delays Web Apps 1000 ms Ref[1] 16% Computer world UK Application Degradation Ref[31] 15%

(49)