Automation for Hybrid Cloud
advertisement
Understanding Software Defined Networks
Importance for Hybrid Cloud
Term Paper for LTEC 4550
Michael Goodspeed
-1-
Preface
The emergence of public cloud computing has created an irreversible trend in
information technology with computing resources. But public clouds raise
issues regarding regulations with respect to data location and security along
with sheer data size needed for many enterprise applications. Organizations
are moving to Private Clouds to take advantage of cloud capabilities while
maintaining control over data. Many Information Technology (IT)
organizations depend upon private clouds for these mission critical
workloads. IT organizations want the global footprint with the elastic,
scalability that public cloud provides to users combined with the safety of
their private cloud operations. For these organizations to take advantage of
both public and private clouds develops the need toward multi-cloud
deployments or know within industry as “Hybrid Cloud”.
Automation becomes very key in provisioning and controlling access within
the hybrid cloud. Automation of the network with seamless deployment of
applications across the hybrid cloud enables move toward scalable Software
as a Service (SaaS) solutions.
-2-
Table of Contents
Preface
Introduction
Automation for Hybrid Cloud
Hybrid Cloud infrastructure model for SDN use
Using Microsoft Azure SDN for Multi-Cloud Instances
-3-
-2-4-4- 10 - 11 -
Introduction
According to the Gartner Data Center Conference poll-December 2013, Private cloud computing is just past
the peak of the hype cycle and deployments are increasing throughout 2014 and beyond. Around 35% of
the respondents had already deployed Private Cloud in some form or the other. A significant number of
respondents(52% of respondents) indicated they were putting a private Cloud plan together and around
22% were considering deploying the Private Clouds by the end of 2014. Management, operational
processes and security are still considered to be among the top 3 challenges in a private cloud computing
service among respondents. All of the challenges are also encountered within a hybrid cloud enterprise,
private and public clouds in combination to deliver resources to the business and applications.
The use of automation across the hybrid enterprise can assist with the management and operational
process issues and security can be standardized with consistent provisioning in the network connectivity
architecture.
Automation for Hybrid Cloud
A survey conducted to understand automation use within IT, using Gartner 2013 reference data, shows a changing
landscape within cloud and legacy data center workloads that by 2015, 75% of large enterprises will have more than
four diverse automation technologies within their IT management portfolio, up from less than 20% in 2013. Some of
the major reasons listed for contributing to this increasing number of automation tools proliferating are:
1. Management tools for virtualization and cloud environments often embed orchestration functionality that is
extensible beyond cloud management
2. The need to remove the risks associated with human interaction
3. Almost all vendors have multiple automation tools, and IT organizations often have multiple vendor tools
4. New DevOps initiatives focus on "infrastructure as code" that will require solutions to orchestrate this
automation
5. Most operations and cloud management solutions embed IT process automation (ITPA) functionality, making
it difficult for IT organizations to streamline consistent use
Now lets review the major reasons that will work against the number of automation tools increasing:
1. IT infrastructure complexity is making automated change processes overly complex, high risk, and expensive
to develop and maintain
2. Organizations are not ready, or are unwilling, to consistently embrace automation as a way to make IT
infrastructure changes
3. Our major focus in the rest of this paper will be on the issue regarding an increasing number of IT
organizations that are architecting their data center towards cloud transformations and are aligning to fewer
vendors, which will reduce the number of redundant tools
Lets now breakdown the different areas that automation is addressing and how the focus towards cloud
transformations lead towards a SDN approach for network, a very key component within the cloud framework:
IT process automation –
Cloud Orchestration –
Infrastructure provisioning –
DevOps –
provisioning with change management for configuration change (compute,
storage, network, applications)
uses service catalog with IT process automation to provide dynamic provisioning of
resources for IT users
compute and storage blueprints along with virtual VLAN definitions, load
balancing, and firewall access
provisioning for test / dev applications development
Software Defined Networks assist with all of the above approaches to automation tools with dynamic, virtual network
layer to assist resource provisioning in real time delivery to requesting users.
-4-
Diagram 1 – Cloud Management Platform Approach
Referencing diagram 1, SDN will enable the network resources provisioning for IaaS, PaaS, and SaaS
solutions in cloud transformation projects and services.
With the above architectural model, the key requirements that the automation tool mix must support within
the hybrid cloud are:
Service-Oriented Infrastructure – Cloud users can use a web-based portal to commission and
manage their own infrastructure resources. This provides agility for the cloud user as well as
relieving administrators from repetitive, low-level infrastructure tasks. Example of a current gap
is with service management regarding change management tracking and CMDB updates in
most solutions for cloud.
Utility – Infrastructure resources are optimized and highly utilized by sharing resources among all
cloud users as appropriate. Utility computing includes utilization monitoring for chargeback /
showback.
Elasticity – As application workloads wax and wane, the utility’s resources can be commissioned
and decommissioned to accommodate changing requirements.
Ubiquity – Private cloud resources can be managed as a service wherever internet/intranet access
is provided for user access.
Now let’s review the capabilities for SDN configurations for use in hybrid cloud.
-5-
Software Defined Network Capabilities
Open Networking Foundation (ONF) is the Industry consortium founded in 2011 by Deutsche Telekom,
Facebook, Google, Microsoft, Verizon and Yahoo! with the goal of making OpenFlow-based SDNs the
norm for networks, now roughly 85 members.
Types of vendors:
Switch vendors: Cisco, Extreme, HP, NEC, IBM, Plexxi
Telecom service providers: Colt, Verizon, Deutsche Telekom
Merchant Silicon Vendors: Broadcom, LSI, Intel
Network Appliance Vendors: Riverbed, Radware, Infoblox, A10
SDN/Network Virtualization: Big Switch, Nicira (now part of VMware), Vello, NEC, IBM
Hyperscale data center providers: Facebook, Google, now Microsoft Azure
Test equipment vendors: Ixia, Spirent
Management vendors: Netscout
When a packet arrives at an OpenFlow switch, either software or hardware to the physical
network layer:
1. The header fields are compared to the table entries
2. If a match if found, the packet is either forwarded to the specified port or dropped
3. If a match is not found, the packet is sent to the controller
4. The controller informs the switch how the packet is to be processed and to create a new flow entry
Traditional Network Virtualization uses Virtual Routing and Forwarding Instances (VRF)
and Virtual LANs (VLANs)
• VRFs provide form of Layer 3 virtualization
• Working with VRFs are physical routers supporting multiple virtual router instances
– each running its own routing protocol instance and maintaining its own forwarding table.
• VLANs partition an Ethernet network into as many as 4,096 broadcast domain
• Rely on a 12 bit VLAN ID tag in the Ethernet header
• Used to separate different types of traffic that share the same switched Ethernet LAN
The majority of IT organizations have virtualized at least some of their data center servers
with either virtualization hypervisors such as VMware, Microsoft’s Hyper-V, or Xen. The adoption
of virtual servers continues with a wider array of applications along with new services such as
Infrastructure as a service (IaaS), Platform as a service (PaaS), and Software as a service (SaaS)
now being supported on virtual machines (VMs). Server virtualization created significant benefits and
significant challenges:
• Benefits: Cost savings and agility
• Challenges: The dynamic movement of VMs
VMs can migrate between physical servers for myriad reasons. If the VMs cross a Layer 3 boundary,
it can require time consuming reconfiguration. Overlay tunneling techniques eliminate the problem by
encapsulating traffic inside of IP packets so that the traffic can cross Layer 3 boundaries.
-6-
There are multiple ways to implement overlay networks outlined are the three following standards:
• VXLAN
Virtual Extensible Lan initially created by Vmware, Arista Networks, and
Cisco with additional backers being Dell, Redhat, Citrix, and Broadcom
• NVGRE
Network Virtualization using Generic Routing Encapsulation with its
principal backer being Microsoft used within Azure SDN architecture
with additional backers being F5 Networks, Intel, Dell, HP, Emulex,
Arista Networks. We will focus upon standard this later in the paper.
• STT
Stateless Transport Tunneling new overlay approach from internet
engineering task force (IETF) supported by Nicira, Broadcom,eBay,
Rackspace, Intel, and Yahoo.
Endpoints are assigned to a virtual network by using a 24 bit identifier – 16 million possibilities. The
endpoints belong to that virtual network regardless of their location on the underlying physical network.
Can leverage OpenFlow to create virtual networks with one technique: Use a filter in the SDN controller
to isolate sets of MAC addresses.
Key capabilities of SDN according Gartner’s 2013 data center conference include:
•
•
•
•
Significantly improve network operations agility.
Reduce the time required to provision, network resources for a new VM from weeks to minutes.
Bridge the gap between applications and the network.
A multipathing network topology supporting both north-south and east-west traffic, without VLAN and
STP.
There are currently three architectural approaches for networking within hybrid clouds, they have now
merged into Software Defined Networking (SDN):
Diagram #2 - Virtual Switch Clustering
The number of switches appear as one switch, allows multipathing:
Cisco VLAN deployments with Nexus
Maintain existing architecture and switches.
Do not yet scale to large networks.
Good for small networks or as a gap filler
-7-
Diagram #3 – Network Fabric
A number of switches are interconnected via multipath, removing STP and VLAN within the fabric:
Brocade converged fabric is an example of a implementation approach
Solves congestion and latency.
Maintain control and path establishment in the switches, using distributed protocols
Does not easily integrate control with virtual servers and application
Diagram #4 - Software-defined Networking
Control is placed centrally for end-to-end policy based path management:
Public Clouds – Amazon and Microsoft Azure
Private Cloud – Microsoft Azure Pack (MAP)
Offer integration with virtual servers and applications.
Very new, solutions just emerging
Diagram #5 – SDN, A new Network Model
Gartner 2013
-8-
Value of SDN to the Information Technology organization for hybrid cloud deployments are increasing
agility (allows for external control and automation of the network), management (Improves operational
efficiencies), and cost (promises ability to leverage low-cost hardware i.e., "white-box" switches). Also
major benefits with client satisfaction by decoupling network software and hardware for provisioning and
can increase innovation in each layer. Also provides value with reduced time from user request for
services to delivery of resources.
Within the private cloud in a data center, SDN benefits the LAN support:
Support the dynamic movement of VMs
Improve network utilization
Automate more provisioning and management
Within the WAN, SDN has been deployed by Google; however most organizations have focused on SDN
within the data center LAN.
Benefits seen by Google for their WAN are:
Google has implemented SDN in the WAN that interconnects their data centers (G-Scale WAN)
Implemented in early 2012
Uses pure OpenFlow switches developed by Google
Google built their own Traffic Engineering (TE) application
Google claims that they can run WAN links at up to 95% utilization
Possible Applications of SDN within hybrid cloud deployments focus upon Network virtualization
Network monitoring
Load balancing
Firewalls
Forward packets over the least expensive path
Dynamically adapt QoS parameters based on available bandwidth
DDoS protection
Drop suspicious packets
Our focus on SDN value for hybrid cloud is within the LAN / data center use.
-9-
Hybrid Cloud infrastructure model for SDN use
Gartner survey in December 2013 found the following treads with cloud computing within
IT industry:
Using the Microsoft Azure approach and recent annoucements from October 2013 for providing
Azure OS cloud capability into private cloud for hybrid cloud support with IaaS, PaaS, and SaaS,
Microsoft became the first public cloud vendor to now offer a private cloud approach. They have
provided the APIs to Microsoft Azure as Microsoft Azure Pack (MAP) leveraing the hyper-V
virtualization with SDN using NVGRE for SDN capability.
Microsoft Azure (public cloud)
Microsoft Azure Pack (private cloud)
- 10 -
Using Microsoft Azure SDN for Multi-Cloud Instances
Mcirosoft Network virtualization using SDN architecture with NVGRE support provides a similar capability,
in which multiple virtual network infrastructures run on the same physical network (potentially with
overlapping IP addresses), and each virtual network infrastructure operates as if it is the only virtual
network running on the shared network infrastructure. The primary component is Hyper-V Network
Virtualization and the SDN management support defined in System Center (VMM). The second
component is a part of Windows Azure Pack where tenants can create their own networks that can be tied
to the Hyper-V network virtualization environment.
The SDN support available in Azure and Azure Pack is contained within Windows 2012 R2 along
with management components in VMM (Systems center 2012 R2):
•
NVGRE NIC teaming offload support on card, not server CPU
(required for performance improvement only)
•
Network features in Windows Server 2012 R2
•
NIC teaming (WS 2012 R2)
•
QoS (WS 2012 R2)
•
Virtual Switch Extensions (WS 2012 R2)
•
Virtualization Gateway in RRAS (WS 2012 R2)
•
Hyper-V Network Virtualization (WS 2012 R2)
•
Network management features in Systems Center Server 2012 R2
•
Logical Networks (VMM 2012 R2)
•
Port Profiles (VMM 2012 R2)
•
Logical Switches (VMM 2012 R2)
•
Network Services (VMM 2012 R2)
•
Service Templates (VMM 2012 R2) Dependency 2.
Now lets look at some detail for NVGRE SDN use within a multi-cloud environment.
Large enterprises may be either hesitant, or for complance reasons,unable to move some of their services
and data to a public cloud hoster such as Google, Amazon, Microsoft or Terremark. However,enterprises
stll want to obtain the cost benefits of cloud architecture provided by Hyper-V Virtual Networking (HNV) by
consolidating their datacenter resources into a private cloud. Within a private cloud deployment,
overlapping P addresses may not be needed because corporations typically have suffcient internal nonroutable address (e.g. lO.x.x.x or 192.x.x.x}space. Consider the example shown in Diagram #.
Diagram #6 – private cloud deployment
- 11 -
Now lets review a hybrid cloud, VPN to VPN deployment, a key advantage within the Hybrid Cloud model
as shown in diagram 7, outlining HNV that it can seamlessly extend an on-premise datacenter to a
Windows Server 2012 based cloud datacenter.
Diagram #7 – hybrid cloud deployment
Each virtual network adapter in HVN is associated with two IP addresses:
•
Customer Address (CA) The IP address that is assigned by the customer, based on
their intranet infrastructure.This address enables the customer to exchange network
traffic with the virtual machine as if it had not been moved to a public or private
cloud.The CA is visible to the virtual machine and reachable by the customer.
•
Provider Address (PA) The IP address that is assigned by the hoster or the
datacenter administrators based on their physical network infrastructure.The PA
appears in the packets on the network that are exchanged with the server running
Hyper-V that is hosting the virtual machine.The PA is visible on the physical network,
but not to the virtual machine.
The CAs maintainthe customer's network topology,which is virtualizied and decoupled from the actual
underlying physical network topology and addresses.as implemented by the PAs.The following diagram
shows the conceptual relationship between virtual machine CAs and network infrastructure PAs as a result
of network virtualization.
- 12 -
Diagram #8 Conceptual diagram of network virtualization over physical infrastructure
In the above diagram, the customer’s virtual machines are sending data packets in the CA space, which
traverse the physical network infrastructure through their own virtual networks, or "tunnels".
This simple analogy highlghted the key aspects of network virtualization:
•
Each virtual machine CA is mapped to a physical ost PA. There can be multiple CAs
associated with the same PA.
•
Virtual machines send data packets in the CA spaces,which are put nto an
"envelope" with a PA source and destination pair based onthe mapping.
•
The CA-PA mappings must allow the hosts to differentiate packets for different
customer virtual machines.
As a result.the mechanism to virtualize the network addresses used by the virtual machines.The next
section describes the actual mechanism of address virtualzation.
Network virtualization through address virtualization, HNV supports Network Virtualization for Generic
Routing Encapsulation {NVGRE} as the mechanism to virtualize the !P Address:
Generic Routing Encapsulation This network virtualization mechanism uses the Generic Routing
Encapsulation {NVGRE} as part of the tunnel header. In NVGRE,the virtual machine packets are
encapsulated inside another packet. The header of this new packet has the appropriate source and
destination PA IP addresses in addition to the Virtual Subnet ID.which is stored in the Key field of the
GRE header,as shown in diagram 9.
- 13 -
Diagram #9 Network virtualization - NVGRE encapsulation
The Virtual Subnet IO allows hosts toidentify the customer virtualmachine for any given packet even
thoughthe PA's and the CA's on the packets may overlap. This allows allvirtualmachines on the same host
to share a single PA, as shown in Figure 9.
Sharing the PA has a big impact on network: scalability. The number of P and MAC addresses that need to
be learned by the network:infrastructure can be substantially reduced. For instance,if every end host has
an average of 30 virtualmachines,the number of P and MAC addresses that need to be learned by the
networl::ing infrastructureis reduced by a factor of 30.The embedded VirtualSubnet IDsin the packets also
enable easy correlation of packets to the actualcustomers.
With Windows Server 2012 R2, HNV fully supports NVGRE out of the box, it does NOT require upgrading
or purchasing new network hardware such as N!Cs {Network: Adapters), switches, or routers.This is
because the NVGRE packet on the wire is a regular IP packet in the PA space, which is compatible with
today's network infrastructure.
Windows Server 2012 R2 development made working with standards a high priority. Along with key
industry partners: Arista, Broadcom, Dell, .Emulex, Hewlett Packard, and Intel; Microsoft published a draft
RFC that describes the use of Generic Routing Encapsulation {GRE}, which is an existing ETF
standard,as an encapsulation protocol for network virtualization within its Azure SDN cloud networking.
Summary
With now 70% of IT organization pursing hybrid cloud planning, the SDN network architecture approach will
drive both LAN and WAN implementations towards future networks that allow for traffic in a flexible
seamless way while increasing security with cloud infrastructure. Microsoft direction towards data centers
that are scalable for Azure cloud services combined with Azure Pack (private cloud services) will set the
standard for future hybrid cloud designs due to lower costs and solid standards.
- 14 -
Additional References
Bittman, Thomas (December 2013). Hybrid clouds and hybrid IT: the next frontier.
2013 Data center conference, Gartner
Colville, Ronni (December 2013). Automation: the linchpin for cloud and data center.
2013 Data center conference, Gartner
Goodspeed, Michael (April 2014). Private cloud – Azure Pack Detailed Deliverables Description Document
Unisys
Lerner, Andrew & Skorupa, Joe (December 2013). Software-Defined networking? Not a question if, a
matter of when and how. 2013 Data center conference, Gartner
Metzler, Jim (April 2013). What is SDN and why should I care
Ashton Metzler & Associates
Microsoft online reference (April 2014). Hyper-V Network Virtualization Technical details
: http://technet.microsoft.com/en-us/library/jj134174.aspx
Microsoft Online reference (April 2014). White paper on Azure Pack end to end
: http://gallery.technet.microsoft.com/Hybrid-Cloud-with-NVGRE-aa6e1e9a
- 15 -
