$30 off During Our Annual Pro Sale. View Details »

Automating Access Control Lists with OpenDaylight and OpenVSwitch

Gustavo Pantuza
September 11, 2017
Programming
0
410

Automating Access Control Lists with OpenDaylight and OpenVSwitch

This presentation shows how globo.com solved a problem with TCAM specialized memory limitation on the top of rack switches through a Software Defined Networking approach.

Gustavo Pantuza

September 11, 2017
Tweet

More Decks by Gustavo Pantuza

See All by Gustavo Pantuza
[Kubecon Europe 2023] Ingesting 6.5 Tb of Telemetry Data Daily Through Open Telemetry Protocol and Collectors
pantuza
0
410
Projeto experimental comparando gRPC e Thrift
pantuza
0
30
eQUIC Gateway: Maximizing QUIC throughput using a Gateway Service based on eBPF + XDP
pantuza
0
270
Danian: tail latency reduction of networking application through an O(1) scheduler
pantuza
0
120
Wrapping C libraries into Python modules
pantuza
0
200
Computação Serverless: Conceitos, Aplicações e Desafios
pantuza
0
96
Makefile, automating daily tasks & simplifying Gettings Started
pantuza
3
780
Building reliable and efficient services through gRPC
pantuza
3
280
Building Python services through gRPC
pantuza
0
130

Other Decks in Programming

See All in Programming
「defineCustomElement」を活用した サービス共通のUIコンポーネントライブラリ
piyoppi
0
230
クソアプリを作ってみた💩 / kusojaku
uhooi
0
180
集団意思決定の落とし穴と誰も望まない技術的負債
h0r15h0
0
2.7k
Second-System Syndrome: A tale of power-assert
twada
PRO
9
3.6k
ゆめみの Flutter エンジニア育成方法
morikann
0
260
Kyo - Functional Scala 2023
fwbrasil
0
1.9k
アーキテクチャ刷新の現場 / Scene of architectural renewal
nrslib
6
950
Intro to Stateful Services or How to get 1 million RPS from a single node
antyadev
0
140
エンジニアもUIを作るならユーザーについて知ろう!
ohakutsu
1
120
Next.js App Router での MPA フロントエンド刷新
mugi_uno
28
9.4k
Accelerating App Dev with Cloudflare Workers
chimame
1
210
アクセシビリティを理解するとフロントエンドのテストが楽になる!
nano72mkn
1
1.9k

Featured

See All Featured
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
10
1.3k
What's in a price? How to price your products and services
michaelherold
236
10k
How to Ace a Technical Interview
jacobian
272
22k
No one is an island. Learnings from fostering a developers community.
thoeni
14
1.8k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
53
33k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k
Intergalactic Javascript Robots from Outer Space
tanoku
264
26k
Designing Experiences People Love
moore
133
23k
Code Review Best Practice
trishagee
53
14k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.7k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.5k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.4k

Transcript

  1. Automating Access Control Lists
    with OpenDaylight and OpenVSwitch
    Gustavo Pantuza, Leopoldo Mauricio

    View Slide

  2. Agenda
    Context Problem Solution

    View Slide

  3. View Slide

  4. Largest media group in Latin America
    17 years

    View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. View Slide

  9. View Slide

  10. Datacenter
    5000
    s e r v e r s B a n d w i d t h
    2.4
    Tb/s

    View Slide

  11. Fabric PoDs
    ToR
    VMs
    Containers
    Bare metal

    View Slide

  12. Cloud

    View Slide

  13. Cloud

    View Slide

  14. Xen Clusters
    Host
    Hypervisor
    OvS
    VMs

    View Slide

  15. Xen Clusters

    View Slide

  16. Environments
    Backend - BE
    Frontend - FE

    View Slide

  17. Datacenter
    Spine
    Leaf
    Core
    ECMP BGP

    View Slide

  18. Access Control Lists

    View Slide

  19. 50000+
    A C L s
    ACL API

    View Slide

  20. Environment segmentation
    BE FE
    BE VRF FE VRF
    BE FE
    BE VRF FE VRF

    View Slide

  21. TCAM
    Expensive
    Upgrade
    Small

    View Slide

  22. View Slide

  23. No policies on
    networks

    View Slide

  24. Moving forward
    SDN

    View Slide

  25. Network API
    8000+ Networks
    500+ Equipments
    6300+ Vlans
    1700+ Environments

    View Slide

  26. Xen Clusters
    Host
    Hypervisor
    OvS
    VMs

    View Slide

  27. Network API

    View Slide

  28. Controller

    View Slide

  29. Virtual switch

    View Slide

  30. View Slide

  31. Network API

    View Slide

  32. {
    "kind": "backend#acl",
    "rules": [{
    "action": "permit",
    "description": "Access from application A on port 80",
    "destination": "10.0.42.0/24",
    "id": "222222",
    "owner": "user",
    "protocol": "ip",
    "source": "10.5.190.0/24"
    }]
    }

    View Slide

  33. {
    ...
    }

    View Slide

  34. Workers
    16
    w o r k e r s

    View Slide

  35. SDN control
    56
    s e r v e r s
    6
    c l u s t e r s

    View Slide

  36. Controller requests per second
    62.5
    r e q s / s e c

    View Slide

  37. View Slide

  38. No first packet
    delay

    View Slide

  39. Network API
    Resilience

    View Slide

  40. Transparent for
    users

    View Slide

  41. Integration of all our cloud services
    Tsuru https://tsuru.io
    DBaas https://github.com/globocom/database-as-a-service
    NetowrkAPI https://github.com/globocom/GloboNetworkAPI
    ACL API
    FSaas
    DNSaaS

    View Slide

  42. https://opensource.globo.com/

    View Slide

  43. View Slide

  44. View Slide

  45. [email protected] [email protected]
    https://github.com/pantuza Linkedin

    View Slide