Explore
For Enterprise
Join for Free
Log In

artes y humanidades
Negocios
Ciencias de la Computación
Ciencia de Datos
Tecnología de información
salud
Matemáticas y Lógica
Desarrollo Personal
Ciencias Físicas e Ingeniería
Ciencias sociales
Aprendizaje de un idioma
Títulos y certificados

Explorar todo lo que Coursera tiene para ofrecer

Explorar
Buscar
For Enterprise
Inicia Sesión
Únete de forma gratuita

3.4.1 Network Virtualization Case Study: NVP

Loading...

Cloud Networking

Universidad de Illinois en Urbana-Champaign

4.4 (194 calificaciones) | 21K estudiantes inscritos

Curso 5 de 6 en Informática en la nube Programa Especializado

In the cloud networking course, we will see what the network needs to do to enable cloud computing. We will explore current practice by talking to leading industry experts, as well as looking into interesting new research that might shape the cloud network’s future. This course will allow us to explore in-depth the challenges for cloud networking—how do we build a network infrastructure that provides the agility to deploy virtual networks on a shared infrastructure, that enables both efficient transfer of big data and low latency communication, and that enables applications to be federated across countries and continents? Examining how these objectives are met will set the stage for the rest of the course. This course places an emphasis on both operations and design rationale—i.e., how things work and why they were designed this way. We're excited to start the course with you and take a look inside what has become the critical communications infrastructure for many applications today.

Destrezas que aprenderás

Software-Defined Networking, Python Programming, Cloud Infrastructure, Cloud Computing

Revisiones

4.4 (194 calificaciones)

5 stars
124 ratings
4 stars
50 ratings
3 stars
9 ratings
2 stars
6 ratings
1 star
5 ratings

AH

Jan 31, 2017

Emerging helpful Course will lead to fully advanced skills in cloud networking ,traffic analysis & troubleshooting latest Issues.

PS

Aug 06, 2017

Very useful course for anyone who wants to learn about how public cloud networking works! Thanks for this course.

De la lección

Week 3

This week focuses on management and sharing of network infrastructure in cloud data centers. Traditional networking technologies require complex, error-prone network configuration, and make sharing of the network across multiple tenants in a secure manner difficult. We’ll learn how software-defined networking and network virtualization are addressing these problems.

3.1.1 Software-Defined Networking Architecture - Part 17:46

3.1.2 Software-Defined Networking Architecture - Part 213:00

3.2.1 Multi-Tenant Data Centers: The Challenges8:51

3.2.2 Multi-Tenant Data Centers Discussion2:01

3.3.1 Network Virtualization Case Study: VL2 - Part 19:02

3.3.2 Network Virtualization Case Study: VL2 - Part 29:54

3.3.3 Network Virtualization Case Study Discussion1:25

3.4.1 Network Virtualization Case Study: NVP13:58

Interview - Rob Sherwood (2015)43:30

Interview - Martin Casado (2015)50:19

Impartido por:

P. Brighten Godfrey
Associate Professor
Ankit Singla
Assistant Professor

Transcripción

[MUSIC]

Hi, okay.

So today, we're going to look at our second case study on

a multi-tenant cloud network virtualization system, which is NVP.

The network virtualization platform that was introduced in this paper,

Network Virtualization in Multi-tenant Datacenters by Teemu Koponen and

co-authors in NSDI 2014.

And this comes out of a product developed by the Nicira startup that was acquired

by VMware.

All right, now we saw last time in VL2

what the system was trying to do was build a virtual Layer 2 network.

Okay, and we're moving in the same direction now.

But there's a couple architectural ideas here,

they're going to be pretty different in NVP.

And one of them is the service that we provide is going to be

not just a Layer 2 network, but an arbitrary network topology.

Okay, so many of those will be a single Layer 2 switch that connect all of

the virtual machines for that particular tenant.

But sometimes you want a more complex network topology.

For example some Layer 2 switching connected to Layer 3 routing.

Because maybe this application expected to be deployed in an environment where there

was a Layer 2 broadcast domain, and

a separate other Layer 2 broadcasting that weren't connected.

So the idea's we want to replicate the environment,

that arbitrary network environment that a particular application or

tenant was expecting and allows us to move that into the cloud, okay?

So what do we need of the physical network.

Well, a physical network might be a close network that we've come to know and

love, but actually NVP is not going to depend on what that network looks like.

It's just going to expect to see any standard Layer 3 network,

a bunch of servers with IP addresses.

And we're not going to dip into special mechanisms on the top layer switches, or

decapsulation on particular top of racks, switches, or use of any cast.

We're just going to see a regular Layer 3 network, and

the virtualization is going to happen in software, outside of that.

Now, the service and

the physical network are brought together with this network hypervisor layer.

And here the intuition of this architecture that we're seeing on this

slide is an analogy to virtualization of servers where

we can take an arbitrary machine, and run it on unmodified hardware and

the virtual machine doesn't even know necessarily where it's running.

Okay, and the virtualization layer decouples that virtual and

physical environment, okay.

So what NVP is doing is much more explicitly building

a network virtualization layer that separates

an arbitrary network service from an arbitrary physical network.

What is that service that it provides?

Let's look in a little bit more detail here.

So, we might have this virtual network that the tenant wants to build.

With a Layer 2 switch connected to a Layer 3 router,

connected to another Layer 2 switch.

Okay, what does that mean exactly?

So in NVP, that is modeled as

a sequence of data path elements that represent those switches.

And these data path elements, each one of them is a OpenFlow forwarding table.

That means the table will match on certain signature of packet headers and

take certain resulting actions like dropping the packet,

modifying certain fields in the packet, or forwarding the packet on.

So the idea's that we can model the switching, and

routing gear with the right sequences of the right OpenFlow tables that we set up.

So walking through it we have a virtual machine.

And it's going to send packets through what it thinks is it's neck, okay?

Go to the network virtualization layer that realizes that this particular tenant

virtual machine is connected to this particular virtual network.

And the first pop in to that virtual network is this Layer 2 switch,

represented by this logical data path.

So the packet is going to make its way through each of the tables.

It's going to be checked by the inbound ACL, access control list table.

And then will be handed off to the Layer 2 forwarding table, the outbound ACL.

And then sent out of this virtual network element, the Layer 2 switch.

And the hypervisor, the network hypervisor, will realize that,

all right that network element now connected to this logical Layer 3 router.

The packet again proceeds through these hops, is again mapped by the network

hypervisor into the last virtual switch, and there it reaches the end.

Now at this point, going through this software data plane,

we now have determined what is the output location

of this particular packet in the virtual network.

We know which virtual port it's going out.

In other words, which virtual machine it's destined for.

And at that point, all of this still occurring on the sender side host,

we tunnel it to the final destination across

the underlying Layer 3 network fabric.

Okay, so, that walkthrough is the network service.

So, we're a little more explicitly providing two interfaces here.

There's a packet abstraction where virtual machines are able to

inject traffic into the virtual network.

And there's a control abstraction where the tenant was able to define this

entire virtual network pipeline, that sequence of OpenFlow flow tables.

That's the interface that the tenant is given, at least the lowest level

interface, that the tenant is given to be able to program their virtual network.

Okay, so how does this get built into the overall system.

So we start with our underlying physical fabric, and

what NVP sees is a bunch of hosts with IP addresses connected to this fabric.

Now, some of those servers are going to be running a particular tenant's

virtual machine.

And that tenant, let's say once this particular control abstraction,

this particular virtual network.

It decides to construct this layer two switch,

Layer 3 router, and another Layer 2 switch.

Using APIs at the network hypervisor controllers,

it's going to say here's the service I want to define.

Here's the virtual network I want to define.

And the controller will than instantiate that old program,

the underlying software switching data plane which is at

the virtualization layer of each of those servers on which the tenant's VM resides.

And that is the virtual switch, that it's actual program is called Open VSwitch,

and notice the virtual network, and instance of the virtual network is present

at each one of those servers where the tenant's VM resides, all right?

So, when the VM injects packets into the virtual network,

we are on the local copy at that server

processing the packet through the pipeline till we know the destination.

And then it gets tunneled with tunnels that we now set up between each of these

VM pairs to the final destination.

All right, so that's how the system comes together.

Now, building this system did bring several performance challenges,

and some of them are at the controller side.

Because there's a lot of state to compute here, right.

We are ultimately computing a full virtual network state,

and a full instance of the virtual network at every host with the tenant's VM, so

it can locally do that virtual network processing and

decide what the ultimate destination of the packet is.

And also we have to set up tunnels connecting each of the VMs.

So if you have nVMs in a particular tenant, each one of them has to connect

with n minus one other VM so we have in the order of n squared tunnels.

So one part of the solution that NVP adopted

is that this total state is not recomputed from scratch at all times.

There's going to be changes but you want to do that incrementally.

You want to make incremental changes.

And that's done automatically, not by hand,

not with a hand constructed state machine but with a declarative language.

That NVP developed called NLog to specify the data path and

automatically make incremental adaptations.

A second part of the solution to the performance challenge,

is that the controller does not compute

the low level forwarding tables of every instance of the virtual network.

What it does instead is it computer a higher level representation of that called

universal flows, that's an instance that is good enough for

any one of the hypervisors, hosting that tenant's VM.

And then it's sent out to these physical controllers that more locally compute

that universal flow abstraction, and translate it down to

the exact OpenFlow forwarding table entries at that particular host.

Now there are also performance challenges.

After we solve the performance challenges at the controller,

there are also performance challenges at each host.

So first, we're processing in software, entirely in software,

this data flow pipeline.

And there can be many elements in that pipeline and

we're doing it in the software virtual switch.

That can be slow.

So, one solution here is that NVP does send

the first packet of each flow through this entire pipeline does the computation.

But subsequent packets of the same flow that will be handled the same way can

be cached, so to speak, in the kernel of the operating system.

And now this is done,

rather than with the complex matching operations that appear in OpenFlow.

Once you know the result that should happen to that particular packet,

you can cache it with an exact match,

exact match on a packet header in certain fields produces this result.

A second challenge here is that tunneling interferes with TCP segmentation offload.

Recall that TSO allows the operating system to

offload the work of splitting up a data stream into smaller

chunks to be sent over the wire with TCP, and some of the check summing and so on.

Offloading some of that TCP dirty work to the hardware NIC,

network interface card, okay?

And if we're tunneling the packet, slapping an IP header on the front

an additional IP header,

the NIC doesn't see that the TCP header where it expects it to be.

So, the solution here is a approach called STT, where we

add a fake outer TCP header that there just for the connivence of the neck.

What we saw this week was one of the first killer apps for

software define networking.

We needed to automate control of a rapidly changing dynamic environment.

It wasn't suited to any past solution.

But we can see in NVP, I think very strongly,

the features of SDN architecture.

We have a API to the data plane.

We're programming Open vSwitch with the OpenFlow protocol.

We have a centralized controller that's orchestrating that programming.

And then we have high-level control abstractions,

both in terms of the declarative language, and

also applications that construct certain kinds of virtual networks,

so that the tenants don't have to program OpenFlow themselves.

So we see, the data plan API,

we see the centralized controller, we see the high-level control abstractions.

Those SDN principles come through very strongly, but

next week we're going to see another example of an SDN system

that is also very much SDN, but ends up looking very different.

So rather than providing arbitrary virtual networks as a service, it's going to be

oriented towards optimization of network performance and utilization.

And rather than programming software switches entirely at the edge

of the network, we're going to have more direct control of forwarding hardware.

And we'll see that as we move on next week into the wide area

needs of cloud networking.

[MUSIC]

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.

© 2019 Coursera Inc. Todos los derechos reservados.

Descargar en la App Store

Consíguelo en Google Play

Coursera
Acerca de
Liderazgo
Empleo
Catálogo
Certificados
Certificados MasterTrack™
Grados
For Enterprise
For Government

Comunidad
Learners
Partners
Developers
Beta Testers
Translators

Conectar
Blog
Facebook
LinkedIn
Twitter
Instagram
Youtube
Blog de Tecnología

Más
Términos
Privacidad
Ayuda
Accesibilidad
Prensa
Contacto
Directorio
Afiliados