Project Calico: A Pure Layer 3 Approach to Virtual Networking

Transcript

1. A Pure Layer 3 Approach to Virtual Networking

2. Who Am I? • Cory Benfield • Experienced open-source contributor:

   • Requests (Core) • urllib3 (Core) • Hyper (Maintainer) • Project Calico (Core) • Software Engineer @ Metaswitch Networks • IETF Participant (HTTPBis)

3. @lukasa @lukasaoz

4. * [email protected] [email protected]

5. The State Of The Art •Layer 2 Virtualisation •VLAN tags

   or Encapsulation (e.g. VXLAN) •vSwitches (e.g. OVS)

6. The Good News •This totally works!

7. The Bad News •…sort of

8. The Bad News •All have problems at scale •VLAN tags

   are limited •GRE has flooding problems •So does VXLAN •L2 broadcast is tricky •Trouble with geographically distributed sites

9. What To Do? •Can we extend current solutions? •Maybe –

   but maybe not •What about an alternative?

10. Initial Question •If data centers are going to be networks

    of thousands/millions of endpoints, why not use the Internet as a model?

11. Project Calico •Majority of cloud workloads only need IP •Of

    those, almost all don’t care what IP address they have •Use these restrictions to build approach focused on simplicity and scale

12. Project Calico An (Apache licensed) open source project to enable

    networking of workloads in a data center / cloud environment Objectives: Simple Scale Open Thousands of servers, 100k’s of workloads Don’t demand users to be networking experts Open source and open standards

13. The Standard Model Virtual L2 segments, implemented in software by

    virtual switch vSwitch vSwitch vSwitch Linux Linux Linux Encap / de-encap (& flooding!) Outer MAC Outer IP Outer UDP VXLAN VM MAC VM IP VM TCP/UDP VM Data Router service required to hop between tenants NAT required for public Internet access On/off-ramp required to get to NAS, etc. Virtual L2 segments, implemented in software by virtual switch

14. The Calico Model BGP IP App IP App IP App

    Compute Node VMs / LXCs Router Host MAC VM IP VM TCP/UDP VM Data IP App IP App IP App Compute Node VMs / LXCs Router Any capable IP transport fabric (L2, L3, RFC1149…) Router BGP BGP

15. Core Principles •Highly efficient vRouter built on Linux kernel forwarding

    engine •Propagates reachability via BGP •Includes BGP route reflectors for internet-scale •Policy configured via ACLs

16. Simple •Packets now accurately reflect source and destination: no encap

    •No need to flood •Routing decisions are simple •Debugging is easy •No new code on the data path •No NAT •Everything is just IP

17. Scalable •Built like the Internet •Linux kernel handles many routes

    and ACLs quickly •Route reflectors allow BGP scale •Distributed routing is fault tolerant •All L3 fault-tolerance tools work

18. Freebies •Easy to integrate bare metal •Easy to span DCs

    •Easy to interop (e.g. with LXCs) •Relatively easy to merge multiple orchestration systems

19. Freebies •IPv6 just works •Even in OpenStack Icehouse(!) •Today. Right

    now •Yes, really •Works well on any IP transport backbone •Can use known L3 technologies: • ECMP • Anycast

20. Project Status •Open source: available now •Apache 2.0 licensed •Neutron

    ML2 driver available •Open API for extension •Open source Docker PoC

21. Roadmap •Full control-plane HA •Address-space isolation •ECMP by default •Anycast

    loadbalancing •DPDK integration •Bridging multiple orchestrators •Much more!

22. Get involved! •http://www.projectcalico.org/ •Mailing list • http://lists.projectcalico.org/listinfo/calico •GitHub: Metaswitch/calico •Docs

    @ GitHub: • Metaswitch/calico-docs/wiki •Twitter (@projectcalico)
23. None