Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Automating Access Control Lists with OpenDaylight and OpenVSwitch

Gustavo Pantuza
September 11, 2017
Programming
0
400

Automating Access Control Lists with OpenDaylight and OpenVSwitch

This presentation shows how globo.com solved a problem with TCAM specialized memory limitation on the top of rack switches through a Software Defined Networking approach.

Gustavo Pantuza

September 11, 2017
Tweet

More Decks by Gustavo Pantuza

See All by Gustavo Pantuza
Projeto experimental comparando gRPC e Thrift
pantuza
0
22
eQUIC Gateway: Maximizing QUIC throughput using a Gateway Service based on eBPF + XDP
pantuza
0
180
Danian: tail latency reduction of networking application through an O(1) scheduler
pantuza
0
88
Wrapping C libraries into Python modules
pantuza
0
160
Computação Serverless: Conceitos, Aplicações e Desafios
pantuza
0
70
Makefile, automating daily tasks & simplifying Gettings Started
pantuza
2
720
Building reliable and efficient services through gRPC
pantuza
3
250
Building Python services through gRPC
pantuza
0
91
Microservices Challenges
pantuza
0
77

Other Decks in Programming

See All in Programming
DevToolsではじめる簡単Nostrプロトコル (Nostr勉強会 #0)
heguro
0
160
ゲームQAはノーコードの自動化で救えるのか? / Why QA learns programming?
tomotaka_yamasaki
1
150
CSC308 Lecture 23
javiergs
PRO
0
130
prototype大全 / YAPC::Kyoto 2023
utgwkk
0
460
SREは何を目指すのか
paper2
5
1.3k
230307北海道オープンデータ推進セミナー
furukawayasuto
1
180
ブックマークレットを使おう!
yamish123
0
2.6k
コルーチンのエラーをテストするためのTips / Tips for testing Kotlin Coroutine errors
tkmnzm
0
150
Spring Modulithで始めるモジュラモノリス開発
yutootsuka
2
190
Kotlinにおける型の世界と エラーハンドリング / Type World and Error Handling in Kotlin
makomakok
0
210
ヘッドレスCMSのリッチエディタを支えるヘッドレス○○
microcms
1
160
ゴーファーくんと辿るプログラミング言語の歴史/history-of-programming-languages-with-gopher
iwasiman
12
5.4k

Featured

See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
22
1.5k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
109
16k
Making the Leap to Tech Lead
cromwellryan
117
7.7k
Designing for humans not robots
tammielis
245
24k
Debugging Ruby Performance
tmm1
67
11k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
The Brand Is Dead. Long Live the Brand.
mthomps
48
3k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
121
29k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
44
14k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
24
5.1k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
19k
Building Applications with DynamoDB
mza
86
5k

Transcript

  1. Automating Access Control Lists
    with OpenDaylight and OpenVSwitch
    Gustavo Pantuza, Leopoldo Mauricio

    View Slide

  2. Agenda
    Context Problem Solution

    View Slide

  3. View Slide

  4. Largest media group in Latin America
    17 years

    View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. View Slide

  9. View Slide

  10. Datacenter
    5000
    s e r v e r s B a n d w i d t h
    2.4
    Tb/s

    View Slide

  11. Fabric PoDs
    ToR
    VMs
    Containers
    Bare metal

    View Slide

  12. Cloud

    View Slide

  13. Cloud

    View Slide

  14. Xen Clusters
    Host
    Hypervisor
    OvS
    VMs

    View Slide

  15. Xen Clusters

    View Slide

  16. Environments
    Backend - BE
    Frontend - FE

    View Slide

  17. Datacenter
    Spine
    Leaf
    Core
    ECMP BGP

    View Slide

  18. Access Control Lists

    View Slide

  19. 50000+
    A C L s
    ACL API

    View Slide

  20. Environment segmentation
    BE FE
    BE VRF FE VRF
    BE FE
    BE VRF FE VRF

    View Slide

  21. TCAM
    Expensive
    Upgrade
    Small

    View Slide

  22. View Slide

  23. No policies on
    networks

    View Slide

  24. Moving forward
    SDN

    View Slide

  25. Network API
    8000+ Networks
    500+ Equipments
    6300+ Vlans
    1700+ Environments

    View Slide

  26. Xen Clusters
    Host
    Hypervisor
    OvS
    VMs

    View Slide

  27. Network API

    View Slide

  28. Controller

    View Slide

  29. Virtual switch

    View Slide

  30. View Slide

  31. Network API

    View Slide

  32. {
    "kind": "backend#acl",
    "rules": [{
    "action": "permit",
    "description": "Access from application A on port 80",
    "destination": "10.0.42.0/24",
    "id": "222222",
    "owner": "user",
    "protocol": "ip",
    "source": "10.5.190.0/24"
    }]
    }

    View Slide

  33. {
    ...
    }

    View Slide

  34. Workers
    16
    w o r k e r s

    View Slide

  35. SDN control
    56
    s e r v e r s
    6
    c l u s t e r s

    View Slide

  36. Controller requests per second
    62.5
    r e q s / s e c

    View Slide

  37. View Slide

  38. No first packet
    delay

    View Slide

  39. Network API
    Resilience

    View Slide

  40. Transparent for
    users

    View Slide

  41. Integration of all our cloud services
    Tsuru https://tsuru.io
    DBaas https://github.com/globocom/database-as-a-service
    NetowrkAPI https://github.com/globocom/GloboNetworkAPI
    ACL API
    FSaas
    DNSaaS

    View Slide

  42. https://opensource.globo.com/

    View Slide

  43. View Slide

  44. View Slide

  45. [email protected] [email protected]
    https://github.com/pantuza Linkedin

    View Slide