Network Virtualization in Multi tenant Datacenters

virtualization 5

ABSTRACT. Multi-tenant datacenters represent an extremely challeng- ing networking environment. Tenants want the ability to migrate unmodified workloads from their enterprise networks to service provider datacenters, retaining the same networking configurations of their home network. The service providers must meet these needs without operator intervention while preserving their own operational flexibility and efficiency. Traditional networking approaches have failed to meet these tenant and provider requirements. Responding to this need, we present the design and implementation of a network virtualization solution for multi-tenant datacenters.

networking has long had a number of virtualization primitives such as VLAN (virtualized L2 domain), VRFs (virtualized L3 FIB), NAT (virtualized IP address space), and MPLS (virtualized path). However, these are traditionally configured on a box-by-box basis, with no single unifying abstraction that can be invoked in a more global manner. As a result, making the network changes needed to support server virtualization requires operators to configure many boxes individually, and update these configurations in response to changes or failures in the network. The result is excessive operator overhead and the constant risk of misconfiguration and error, which has led to painstaking change log systems used as best practice in most environments.

It is our experience in numerous customer environments that while compute provisioning is generally on the order of minutes, network provisioning can take months. Our experience is commonly echoed in analyst reports [7, 29].

the creation, configuration and management of these virtual networks is done through global abstractions rather than pieced together through box-by-box configuration.

2.1 Abstractions

Control abstraction: allow tenants to define a set of logical network elements (or, as we will call them, logical datapaths) that they can configure (through their control planes) as they would physical network elements.
Packet abstraction: must enable packets sent by endpoints in the MTD to be given the same switching, routing and filtering service they would have in the tenant’s home network.

2.3 Design Challenges

Declarative programming.: The controller cluster is responsible for computing all forwarding state and then disseminating it to the virtual switches.

reference

[7] D. W. Cearley, D. Scott, J. Skorupa, and T. J. Bittman. Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models. Gartner, February 2013. http://www.grafismoestudio.com/gartnersummit/AADI/goldresearch.pdf
[29] B. Munch. IT Market Clock for Enterprise Networking Infrastructure, 2013. Gartner, September 2013.

2015/12/21 13:23:23

a network hypervisor: provides the right network virtualization abs; sits on top of the service provider infrastructure and provides the tenant control planes with a control abstraction and VMs with a packet abstraction

declarative programming

the controller cluster is responsible for computing all forwarding state and then disseminating it to the virtual switches — to minimize the cost of re-computation, ensures consistency …

hand-written state machine to compute and update the forwarding state incrementally … in response to input change events … impractical due to the number of event types … as well as their arbitrary interleaving …

declarative ndlog for computing the network forwarding state … only internally by its developer; user interact with NVP via the API

NVP exposes an HTTP-based REST API in which network elements, physical or logical, presented as objects