[arch-design] Networking concepts edits
Move L2 and L3 networking to the networking concepts subsection Change-Id: Ib605a71b1fc303ade164e64f207ba0ebbb4b81af Implements: blueprint arch-design-pike
This commit is contained in:
daz
parent
4aa724c1eb
commit
b8a9196015
@ -9,8 +9,6 @@ Networking
|
||||
|
||||
design-networking/design-networking-concepts
|
||||
design-networking/design-networking-design
|
||||
design-networking/design-networking-layer2
|
||||
design-networking/design-networking-layer3
|
||||
design-networking/design-networking-services
|
||||
|
||||
OpenStack provides a rich networking environment. This chapter
|
||||
|
||||
@ -42,7 +42,7 @@ The external network is defined as the configuration and components that are
|
||||
required to provide access to cloud resources and workloads, the external
|
||||
network is defined as all the components outside of the cloud edge gateways.
|
||||
|
||||
Traffic Flow
|
||||
Traffic flow
|
||||
~~~~~~~~~~~~
|
||||
|
||||
There are two primary types of traffic flow within a cloud infrastructure, the
|
||||
@ -59,6 +59,154 @@ networks, including clients and remote services. This traffic flow is highly
|
||||
dependant on the workload within the cloud and the type of network services
|
||||
being offered.
|
||||
|
||||
Layer networking choices
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
There are several factors to take into consideration when deciding on whether
|
||||
to use Layer 2 networking architecture or a layer 3 networking architecture.
|
||||
For more information about OpenStack networking concepts, see the
|
||||
`OpenStack Networking <https://docs.openstack.org/ocata/networking-guide/intro-os-networking.html#>`_
|
||||
section in the OpenStack Networking Guide.
|
||||
|
||||
Benefits using a Layer-2 network
|
||||
--------------------------------
|
||||
|
||||
There are several reasons a network designed on layer-2 protocols is selected
|
||||
over a network designed on layer-3 protocols. In spite of the difficulties of
|
||||
using a bridge to perform the network role of a router, many vendors,
|
||||
customers, and service providers choose to use Ethernet in as many parts of
|
||||
their networks as possible. The benefits of selecting a layer-2 design are:
|
||||
|
||||
* Ethernet frames contain all the essentials for networking. These include, but
|
||||
are not limited to, globally unique source addresses, globally unique
|
||||
destination addresses, and error control.
|
||||
|
||||
* Ethernet frames contain all the essentials for networking. These include,
|
||||
but are not limited to, globally unique source addresses, globally unique
|
||||
destination addresses, and error control.
|
||||
|
||||
* Ethernet frames can carry any kind of packet. Networking at layer-2 is
|
||||
independent of the layer-3 protocol.
|
||||
|
||||
* Adding more layers to the Ethernet frame only slows the networking process
|
||||
down. This is known as nodal processing delay.
|
||||
|
||||
* You can add adjunct networking features, for example class of service (CoS)
|
||||
or multicasting, to Ethernet as readily as IP networks.
|
||||
|
||||
* VLANs are an easy mechanism for isolating networks.
|
||||
|
||||
Most information starts and ends inside Ethernet frames. Today this applies
|
||||
to data, voice, and video. The concept is that the network will benefit more
|
||||
from the advantages of Ethernet if the transfer of information from a source
|
||||
to a destination is in the form of Ethernet frames.
|
||||
|
||||
Although it is not a substitute for IP networking, networking at layer-2 can
|
||||
be a powerful adjunct to IP networking.
|
||||
|
||||
Layer-2 Ethernet usage has additional benefits over layer-3 IP network usage:
|
||||
|
||||
* Speed
|
||||
* Reduced overhead of the IP hierarchy.
|
||||
* No need to keep track of address configuration as systems move around.
|
||||
|
||||
Whereas the simplicity of layer-2 protocols might work well in a data center
|
||||
with hundreds of physical machines, cloud data centers have the additional
|
||||
burden of needing to keep track of all virtual machine addresses and
|
||||
networks. In these data centers, it is not uncommon for one physical node
|
||||
to support 30-40 instances.
|
||||
|
||||
.. Important::
|
||||
|
||||
Networking at the frame level says nothing about the presence or
|
||||
absence of IP addresses at the packet level. Almost all ports, links, and
|
||||
devices on a network of LAN switches still have IP addresses, as do all the
|
||||
source and destination hosts. There are many reasons for the continued need
|
||||
for IP addressing. The largest one is the need to manage the network. A
|
||||
device or link without an IP address is usually invisible to most
|
||||
management applications. Utilities including remote access for diagnostics,
|
||||
file transfer of configurations and software, and similar applications
|
||||
cannot run without IP addresses as well as MAC addresses.
|
||||
|
||||
Layer-2 architecture limitations
|
||||
--------------------------------
|
||||
|
||||
Layer-2 network architectures have some limitations that become noticeable when
|
||||
used outside of traditional data centers.
|
||||
|
||||
* Number of VLANs is limited to 4096.
|
||||
* The number of MACs stored in switch tables is limited.
|
||||
* You must accommodate the need to maintain a set of layer-4 devices to handle
|
||||
traffic control.
|
||||
* MLAG, often used for switch redundancy, is a proprietary solution that does
|
||||
not scale beyond two devices and forces vendor lock-in.
|
||||
* It can be difficult to troubleshoot a network without IP addresses and ICMP.
|
||||
* Configuring ARP can be complicated on a large layer-2 networks.
|
||||
* All network devices need to be aware of all MACs, even instance MACs, so
|
||||
there is constant churn in MAC tables and network state changes as instances
|
||||
start and stop.
|
||||
* Migrating MACs (instance migration) to different physical locations are a
|
||||
potential problem if you do not set ARP table timeouts properly.
|
||||
|
||||
It is important to know that layer-2 has a very limited set of network
|
||||
management tools. It is difficult to control traffic as it does not have
|
||||
mechanisms to manage the network or shape the traffic. Network
|
||||
troubleshooting is also troublesome, in part because network devices have
|
||||
no IP addresses. As a result, there is no reasonable way to check network
|
||||
delay.
|
||||
|
||||
In a layer-2 network all devices are aware of all MACs, even those that belong
|
||||
to instances. The network state information in the backbone changes whenever an
|
||||
instance starts or stops. Because of this, there is far too much churn in the
|
||||
MAC tables on the backbone switches.
|
||||
|
||||
Furthermore, on large layer-2 networks, configuring ARP learning can be
|
||||
complicated. The setting for the MAC address timer on switches is critical
|
||||
and, if set incorrectly, can cause significant performance problems. So when
|
||||
migrating MACs to different physical locations to support instance migration,
|
||||
problems may arise. As an example, the Cisco default MAC address timer is
|
||||
extremely long. As such, the network information maintained in the switches
|
||||
could be out of sync with the new location of the instance.
|
||||
|
||||
Benefits using a Layer-3 network
|
||||
--------------------------------
|
||||
|
||||
In layer-3 networking, routing takes instance MAC and IP addresses out of the
|
||||
network core, reducing state churn. The only time there would be a routing
|
||||
state change is in the case of a Top of Rack (ToR) switch failure or a link
|
||||
failure in the backbone itself. Other advantages of using a layer-3
|
||||
architecture include:
|
||||
|
||||
* Layer-3 networks provide the same level of resiliency and scalability
|
||||
as the Internet.
|
||||
|
||||
* Controlling traffic with routing metrics is straightforward.
|
||||
|
||||
* You can configure layer-3 to use Border Gateway Protocol (BGP) confederation
|
||||
for scalability. This way core routers have state proportional to the number
|
||||
of racks, not to the number of servers or instances.
|
||||
|
||||
* There are a variety of well tested tools, such as Internet Control Message
|
||||
Protocol (ICMP) to monitor and manage traffic.
|
||||
|
||||
* Layer-3 architectures enable the use of :term:`quality of service (QoS)` to
|
||||
manage network performance.
|
||||
|
||||
Layer-3 architecture limitations
|
||||
--------------------------------
|
||||
|
||||
The main limitation of layer-3 networking is that there is no built-in
|
||||
isolation mechanism comparable to the VLANs in layer-2 networks. Furthermore,
|
||||
the hierarchical nature of IP addresses means that an instance is on the same
|
||||
subnet as its physical host, making migration out of the subnet difficult. For
|
||||
these reasons, network virtualization needs to use IP encapsulation and
|
||||
software at the end hosts. This is for isolation and the separation of the
|
||||
addressing in the virtual layer from the addressing in the physical layer.
|
||||
Other potential disadvantages of layer-3 networking include the need to design
|
||||
an IP addressing scheme rather than relying on the switches to keep track of
|
||||
the MAC addresses automatically, and to configure the interior gateway routing
|
||||
protocol in the switches.
|
||||
|
||||
Networking service (neutron)
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
|
||||
@ -1,107 +0,0 @@
|
||||
==================
|
||||
Layer 2 networking
|
||||
==================
|
||||
|
||||
This section describes the concepts and choices to take into
|
||||
account when deciding on the configuration of Layer 2 networking.
|
||||
|
||||
Layer-2 architecture advantages
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
A network designed on layer-2 protocols has advantages over a network designed
|
||||
on layer-3 protocols. In spite of the difficulties of using a bridge to perform
|
||||
the network role of a router, many vendors, customers, and service providers
|
||||
choose to use Ethernet in as many parts of their networks as possible. The
|
||||
benefits of selecting a layer-2 design are:
|
||||
|
||||
* Ethernet frames contain all the essentials for networking. These include, but
|
||||
are not limited to, globally unique source addresses, globally unique
|
||||
destination addresses, and error control.
|
||||
|
||||
* Ethernet frames contain all the essentials for networking. These include,
|
||||
but are not limited to, globally unique source addresses, globally unique
|
||||
destination addresses, and error control.
|
||||
|
||||
* Ethernet frames can carry any kind of packet. Networking at layer-2 is
|
||||
independent of the layer-3 protocol.
|
||||
|
||||
* Adding more layers to the Ethernet frame only slows the networking process
|
||||
down. This is known as nodal processing delay.
|
||||
|
||||
* You can add adjunct networking features, for example class of service (CoS)
|
||||
or multicasting, to Ethernet as readily as IP networks.
|
||||
|
||||
* VLANs are an easy mechanism for isolating networks.
|
||||
|
||||
Most information starts and ends inside Ethernet frames. Today this applies
|
||||
to data, voice, and video. The concept is that the network will benefit more
|
||||
from the advantages of Ethernet if the transfer of information from a source
|
||||
to a destination is in the form of Ethernet frames.
|
||||
|
||||
Although it is not a substitute for IP networking, networking at layer-2 can
|
||||
be a powerful adjunct to IP networking.
|
||||
|
||||
Layer-2 Ethernet usage has these additional advantages over layer-3 IP network
|
||||
usage:
|
||||
|
||||
* Speed
|
||||
* Reduced overhead of the IP hierarchy.
|
||||
* No need to keep track of address configuration as systems move around.
|
||||
|
||||
Whereas the simplicity of layer-2 protocols might work well in a data center
|
||||
with hundreds of physical machines, cloud data centers have the additional
|
||||
burden of needing to keep track of all virtual machine addresses and
|
||||
networks. In these data centers, it is not uncommon for one physical node
|
||||
to support 30-40 instances.
|
||||
|
||||
.. Important::
|
||||
|
||||
Networking at the frame level says nothing about the presence or
|
||||
absence of IP addresses at the packet level. Almost all ports, links, and
|
||||
devices on a network of LAN switches still have IP addresses, as do all the
|
||||
source and destination hosts. There are many reasons for the continued need
|
||||
for IP addressing. The largest one is the need to manage the network. A
|
||||
device or link without an IP address is usually invisible to most
|
||||
management applications. Utilities including remote access for diagnostics,
|
||||
file transfer of configurations and software, and similar applications
|
||||
cannot run without IP addresses as well as MAC addresses.
|
||||
|
||||
Layer-2 architecture limitations
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Layer-2 network architectures have some limitations that become noticeable when
|
||||
used outside of traditional data centers.
|
||||
|
||||
* Number of VLANs is limited to 4096.
|
||||
* The number of MACs stored in switch tables is limited.
|
||||
* You must accommodate the need to maintain a set of layer-4 devices to handle
|
||||
traffic control.
|
||||
* MLAG, often used for switch redundancy, is a proprietary solution that does
|
||||
not scale beyond two devices and forces vendor lock-in.
|
||||
* It can be difficult to troubleshoot a network without IP addresses and ICMP.
|
||||
* Configuring ARP can be complicated on a large layer-2 networks.
|
||||
* All network devices need to be aware of all MACs, even instance MACs, so
|
||||
there is constant churn in MAC tables and network state changes as instances
|
||||
start and stop.
|
||||
* Migrating MACs (instance migration) to different physical locations are a
|
||||
potential problem if you do not set ARP table timeouts properly.
|
||||
|
||||
It is important to know that layer-2 has a very limited set of network
|
||||
management tools. It is difficult to control traffic as it does not have
|
||||
mechanisms to manage the network or shape the traffic. Network
|
||||
troubleshooting is also troublesome, in part because network devices have
|
||||
no IP addresses. As a result, there is no reasonable way to check network
|
||||
delay.
|
||||
|
||||
In a layer-2 network all devices are aware of all MACs, even those that belong
|
||||
to instances. The network state information in the backbone changes whenever an
|
||||
instance starts or stops. Because of this, there is far too much churn in the
|
||||
MAC tables on the backbone switches.
|
||||
|
||||
Furthermore, on large layer-2 networks, configuring ARP learning can be
|
||||
complicated. The setting for the MAC address timer on switches is critical
|
||||
and, if set incorrectly, can cause significant performance problems. So when
|
||||
migrating MACs to different physical locations to support instance migration,
|
||||
problems may arise. As an example, the Cisco default MAC address timer is
|
||||
extremely long. As such, the network information maintained in the switches
|
||||
could be out of sync with the new location of the instance.
|
||||
@ -1,45 +0,0 @@
|
||||
==================
|
||||
Layer 3 networking
|
||||
==================
|
||||
|
||||
This section describes the concepts and choices to take into
|
||||
account when deciding on the configuration of Layer 3 networking.
|
||||
|
||||
Layer-3 architecture advantages
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
In layer-3 networking, routing takes instance MAC and IP addresses out of the
|
||||
network core, reducing state churn. The only time there would be a routing
|
||||
state change is in the case of a Top of Rack (ToR) switch failure or a link
|
||||
failure in the backbone itself. Other advantages of using a layer-3
|
||||
architecture include:
|
||||
|
||||
* Layer-3 networks provide the same level of resiliency and scalability
|
||||
as the Internet.
|
||||
|
||||
* Controlling traffic with routing metrics is straightforward.
|
||||
|
||||
* You can configure layer-3 to use Border Gateway Protocol (BGP) confederation
|
||||
for scalability. This way core routers have state proportional to the number
|
||||
of racks, not to the number of servers or instances.
|
||||
|
||||
* There are a variety of well tested tools, such as Internet Control Message
|
||||
Protocol (ICMP) to monitor and manage traffic.
|
||||
|
||||
* Layer-3 architectures enable the use of :term:`quality of service (QoS)` to
|
||||
manage network performance.
|
||||
|
||||
Layer-3 architecture limitations
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The main limitation of layer-3 networking is that there is no built-in
|
||||
isolation mechanism comparable to the VLANs in layer-2 networks. Furthermore,
|
||||
the hierarchical nature of IP addresses means that an instance is on the same
|
||||
subnet as its physical host, making migration out of the subnet difficult. For
|
||||
these reasons, network virtualization needs to use IP encapsulation and
|
||||
software at the end hosts. This is for isolation and the separation of the
|
||||
addressing in the virtual layer from the addressing in the physical layer.
|
||||
Other potential disadvantages of layer-3 networking include the need to design
|
||||
an IP addressing scheme rather than relying on the switches to keep track of
|
||||
the MAC addresses automatically, and to configure the interior gateway routing
|
||||
protocol in the switches.
|
||||
@ -27,3 +27,13 @@ consider providing a dynamic DNS service to allow instances to update a
|
||||
DNS entry with new IP addresses. You can also consider making a generic
|
||||
forward and reverse DNS mapping for instances' IP addresses, such as
|
||||
``vm-203-0-113-123.example.com.``
|
||||
|
||||
DHCP
|
||||
~~~~
|
||||
|
||||
.. TODO
|
||||
|
||||
LBaaS
|
||||
~~~~~
|
||||
|
||||
.. TODO
|
||||
|
||||
Loading…
Reference in New Issue
Block a user