SDN Practice and Implementation for Inspur Cloud Platform

Scalability, complication, and security are three major problems in the current cloud computing network. In order to provide agile and intelligent networking service for various applications,Inspur delivered an application-based network controller to deal with the matter, the core functions of Inspur controller are divided into four parts, which include cloud path, cloud chain, cloud controller, and cloud decision. This presentation will describe Inspur SDN controller's architecture and implementation in detail.And in Inspur software-defined data center, its vision could not only offer optimal infrastructure for various workload but also achieve auto-scale operation efficiencies.

1.SDN Practice and Implementation for Inspur Cloud Platform Yanjun Li

2.Outline Background Inspur SDN Controller Architecture Implementation for Core modules Open Source Contribution

3.Internet Application Landscape

4.Huge Requirements for Network In Cloud Era Digital Disruption Lack of Business insight & informatization 63 million new devices will access Internet per second till 2020 year. Complication Inefficient and Frequent failure Networking Operation & Management Networking OPEX is 3 times of Networking CAPEX Security Security attack everywhere Average security detection period is 6 months

5.Most Important Value for Networking Technology Virtual networks Connections Security Policies Connectivity Policies Service Chaining New way of doing things SDN Networking should be complicated. For Inspur Not for you. Old way of doing things Pre-SDN VLANs MAC addresses IP addresses Subnets ACLs Routing Policies Manual Service Chaining VRFs Devices Ports OS-specifics

6.Inspur Cloud Platform Resource Mgmt. Container Mgmt. Zone Distribution Task Schedule Object Storage Load Balance Elastic Cloud Server Distributing Cache Cloud Search Distributing Message Key-Value Data Base Flow Data Computing Message Queue Huge Data Data Base Admin Console Tenant Console User Admin. Monitoring Network Security App. Security Platform Security Label Admin. Infrastructure Server Storage Network & Security Developer Console Available zone IaaS Environment VDC Mgmt. Service Factory Feature Admin. Data Security Security Mgmt. S a a S Cluster Mgmt. Authority Admin. System Admin Security Control Distributing Cluster Mgmt. Infrastructure Environment Infrastructure Service Big Data Service Application Service Cloud Service Opening Service API App. Management

7.SDN Requirements for Inspur Cloud Platform

8.SDN Requirements for Inspur Cloud Platform

9.Inspur Cloud Networking Controller Cloud Network VPC ( Virtual Private Cloud ) Cloud Map IDDM(Inspur Device Discovery & Management) Device Discovery Device Status Device Connection Topology System Preinstall Device Management Inventory Correlation VLAN Management IP Allocation Networking Resource Pool IP Utilization Ratio Traffic Statistics Traffic Distribution Statistics Subnet Topology Subnet Management Subnet IP Connection Configuration Subnet Routing Metering Cloud Domain OS ICD NOS(Inspur Cloud Domain NOS ) Heterogeneous Hybrid Net Convergence Compatibility Cloud Path (HNI) Transparence Multi-Chain Cross nodes Multi-Protocol Cloud Chain (SFC) Traffic Control ACL QoS Failure Analysis Cloud Controller ( QoS+TC ) Intent Auto Heal Visualization Auto Optimization Cloud Decision (AI) Infrastructure

10.Inspur SDN Controller Architecture

11.Inspur SDN Implementation Based on OpenDayLight

12.Inspur SDN Implementation Based on OpenDayLight

13.HNI Module for VxLAN & VLAN Interconnection

14.HNI M odule Implementation

15.SFC (Service Function Chain)

16.SFC Module Implementation client(VM) eth0 tap1 br-int vxlan-gpe eth1 compute1 eth2 SF(VM) eth0 proxy(VM) eth0 tap1 tap2 br-int vxlan-gpe eth1 compute2 eth2 eth1 tap3 Management Network Service Network Openstack Write sfc flow tables, make flows from proxy sfproxyserver Or proxy sfproxynetwork node Write the sfc flow tables , make flow from client proxy Configure sfc server(VM) eth0 tap1 br-int vxlan-gpe eth1 compute3 eth2 br-int vxlan-gpe eth1 network eth2 external network Add the proxy for the nsh-unaware sf eth3 add the function of north-south SFC SDN controller East-West SFC (improved) North-South SFC (Newly added) Proxy for SF (Newly added) Netvirt (improved) Add the function of listening interface change for classifier. Fix bugs. East-west service function chains : Client ->SF->server North-south service function chains : Client ->SF->network node->external network Vxlan tunnels Write flow tables, make flows access the external network Dashboard

17.Distributed QoS Mechanism compute compute network SDN controller … EIP ACL … … QoS ovs vm vm vm ovs vm vm vm ovs qr qr qr 4 2 3 5 1 Bare metal 6 openstack

18.QoS Module Implementation Br- int vm vm vm Br- qos QoS Rate limiter Br- int Br- qos queue1 queue2 queue3 …… vm vm vm vm vm Push vlan Pop vlan Ethernet NIC Depend on Inspur Controller Support North-south and West-east traffic rate limit Support dynamic QoS configuration Recognize different traffic according to destination IP address matching

19.Controller Cluster Architecture

20.Cluster Implementation Northbound Interface Southbound LB

21.Underlay Management and Configuration Configuration DS OpenConfig Operational DS OpenConfig NETCONF NX-API SNMP SSH / CLI RESTful API Network Device Configurator Service Modules Inventory Management L2 T ransaction Node/ Mountpt Manager Device Translation Unit Topology Explore Batch Configuration Power On Provisioning L3 QoS Security BGP Direct Access Translation Unit Comparator Connection RPC Unified Intent Based API Rich Service Sets Different Network Devices Uniform Internal Data Store

22.Feature Summary HNI module Provide L2 interconnection between VxLAN and VLAN VM migration support and seamless scalability SFC feature Fix N etvirt module’s bugs related to SFC Enhanced North-South service traffic control Enable multiple traffic control mode QoS module Distributed and dynamic QoS mechanism F ine-granularity QoS guarantee Cluster support Underlay auto-management and auto-configuration

23.SDN Kernel Module Testbed

24.Network Traffic Model

25.Performance Results

26.Performance Results

27.Embrace Convergence and Open Source Cloud Computing Series of Inspur Server Inspur Rack Inspur Server Products Inspur Blade Opening Technical Architecture Participate Many Standard organizations , OpenStack Gold Member , Patents & Standards related to Cloud Computing Rank First in China Software Hardware Standard Multi-Layer virtualization and Convergent Architecture ICP for Future Cloud DC Cloud Network Inspur Server

28.Inspur Contributions for Open Source Solution on SDN OpenDayLight Cloud Infrastructure Layer Networking ODL Mechanism Driver OpenStack Inspur Cloud Platform/3 rd Part Cloud Orchestrators Disaster Recovery Netvirt EIP ( one-to-one ) Port Mapping ( one-to-many ) QoS ( North-South ) ACL SFC ( East-West ) SFC ( North-South ) HNI ( Heterogeneous Network Interconnection for VxLAN & VLAN ) QoS ( East-West ) Newly added Features Improved Features

29.Recent Delivery to OpenDayLight Community Committed 5 bugs on Netvirt to OpenDayLight Community (Done) Fixed 3 bugs on Netvirt / SFC module (Done) Contribute codes to existing projects (Doing) Patch1: add the function of north-south SFC Patch2: add the proxy for nsh -unaware service function New projects proposal (Doing) EIP + QoS HNI Infrastructure Management Cluster