Page Notifications Off
Share page
  1. CloudStack Docs and Knowledge Base
  2. CloudStack Documentation
  3. Design Documents
  4. Network as a Service
Was this article helpful?

Network as a Service

Modified 15:27, 28 Oct 2011 by David Nalley | Page History
  1. 1. Introduction
    1. 1.1. Related Bugs
    2. 1.2. Physical Network
    3. 1.3. Network Service
    4. 1.4. Network Service Provider
    5. 1.5. Network
    6. 1.6. Network Offerings
  2. 2. Functional Specification
    1. 2.1. Network Offerings
    2. 2.2. Adding physical networks to zones
    3. 2.3. Adding network service providers to physical networks.
    4. 2.4. Configuring the virtual router
    5. 2.5. Networks
      1. 2.5.1. Virtual Networks
      2. 2.5.2. Shared Networks
  3. 3. Use Cases
    1. 3.1. Deploying a basic zone
      1. 3.1.1. Setup
      2. 3.1.2. End User
    2. 3.2. Deploying an virtual zone
      1. 3.2.1. Setup
      2. 3.2.2. End User
    3. 3.3. Adding more service providers to a basic zone setup.
      1. 3.3.1. Setup
      2. 3.3.2. End User Deploying a new VM
      3. 3.3.3. End User Upgrading an existing VM
    4. 3.4. Upgrading network offering for an isolated network
      1. 3.4.1. Setup
      2. 3.4.2. End User
  4. 4. Migration
  5. 5. Related

Introduction

CloudStack fully supports the concept of multi-tenant networks within a data center.  It is desirable to allow different classes of service to be provided to the same multi-tenant networks.  For example, while the underlying physical wiring may be the same for two tenants, tenant A may only need a simple firewall protection for their website while tenant B may be running a web server farm and requires a scalable firewall solution, load balancing solution, and alternate networks for accessing their database backend.  This spec defines how it is done in CloudStack.

Since CloudStack 2.2, multi-tenant networks and the services provided on them have been conceptualized.  In CloudStack 3.0, these concepts are being rolled out to enable cloud providers to do the following things:

  • Bundle different types of network services into network offerings to be offered to their users.
  • Allow different network service providers to be used on the same network.
  • Offer up-selling to end users who need better class of service on their network.
  • Provide different ways for a network to be accessed by the end users.  i.e. via projects.

Related Bugs

8903

11817

Currently This is targeted for the Acton release, however the bugs are the canonical location for release planning

Physical Network

In 3.0, a physical network is the actual wiring that has been put into place in an availability zone.  Pre-3.0, the concept of physical networks is implied by a combination of zone configuration, global configurations, and hypervisor configuration.  In 3.0, the physical network is fully flushed out.  An admin can

  • Add/Remove/Update physical networks in a zone
  • Configure the VLANs available on the physical network
  • Configure the name to recognize the physical network on different types hypervisors
  • Configure the network service providers available on the physical network
  • Configure the ip addresses that are trunked to a physical network
  • Specify functionalities of the physical network

Network Service

A network service is the network function that is provided on the network for use by the virtual machines on that network.  This concept was introduced in 2.2.  There may be multiple providers for the same service.  Each service has a list of capabilities.  The current services available for configuration are:

  • DHCP
  • Source Nat
  • Gateway
  • Load Balancing
  • Firewall
  • VPN
  • Port Forwarding

Network Service Provider

A network service provider is a provider of network service.  There can be multiple providers for the same network service. For example, a firewall service may be provided by a Cisco provider or Juniper provider.  Another name for network service provider is network element.  If different providers can provide the same service on the network, then it is up to the administrator to create network offerings to specify which network service provider to use for that same service.  Cloud stack will match a network offering to the network service provider.  An administrator may deploy multiple instances of the same network element in a network.  However, in this case, it is up to the network service provider to maintain the state of the instances. 

  • Network service providers are notified by the cloud stack of the following things
    • Virtual machines starting and stopping in the network where they provide service.
    • Networks being implemented and garbage collected.
    • Network rules (firewall rules, port forwarding rules, etc) being programmed.
    • Network being reprogrammed or restarted.

Network

Network is introduced in 2.2.  It conceptualizes the network a virtual machine can access and the services provided on it.  A network can be shared or dedicated.  In order to conserve limited network resources, a network may be in conceptualized stage to begin with and becomes a concrete network when a virtual machine starts in the network.  When all virtual machines have left the network, the concrete network is garbage collected and returned back to the conceptualized stage.  The process of making a network “concrete” allocates network resources such as VLAN to make the network usable on the physical network. 

A network is associated with a set of network offerings which groups the services available on the network.  A network can have its network offerings upgraded or downgraded to encourage upselling of services.

Network Offerings

A Network Offering is a bundle of network services available on a certain network.  Specific network service providers can also be specified on the network offering to specify which network service provider to use. 

 

Functional Specification

Network Offerings

The administrator starts off with deciding the network offerings they want to provide throughout their entire cloud offering. 

  • Network Offerings group together a set of network services such as firewall, dhcp, dns, etc.
  • Network Offerings allow specific network service providers to be specified.
  • Network Offerings can be tagged to specifically choose the underlying network.
  • Network Offerings have the following states: Disabled, Enabled, Inactive.  All Network Offerings are created in the Disabled state.  Once a network offering has been configured to the correct state
  • Certain Network Offerings are for used by the system only.  This means end users cannot see them.
  • Network Offerings can be updated to enable/disable services and providers.  Once that is done, it is up to the administrator to reprogram all of the networks that are based on that network offering.
  • Network Offerings tags cannot be updated.  However, the tags on the physical networks can be updated and deleted.
  • CloudStack is deployed with three default network offerings for the end users, virtual network offering and shared network offering without security group and a shared network offering with security group.
createNetworkOffering – creates a network offering.  Returns a uuid.
·         DhcpService
·         DnsService
·         SourceNatService
·         PortforwardingService
·         VpnService
·         FirewallService
·         GatewayService
·         ProviderNames: names of providers on this network offering
·         Tags: tags to attach to the network offerings to match it to certain physical network.
updateNetworkOffering – updates a network offering.
·         Id: uuid of the network offering
·         DhcpService
·         DnsService
·         SourceNatService
·         PortforwardingService
·         VpnService
·         FirewallService
·         GatewayService
·         ProviderNames
·         State:
deleteNetworkOffering
·         Id: uuid of the network offering.
listNetworkOfferings
·         State: state of the network offering

Adding physical networks to zones

A zone can be setup with multiple physical networks. 

  • Functionality of the physical network: Storage, Guest, Management, and Public. 
  • VLANs can be added to the physical network. 
  • Each network can be identified by a unique name that the hypervisor can use to find that particular network.  This will replace the global variables public.network.device, private.network.device, guest.network.device, and storage.network.device. 
  • Life cycle state: Disabled, Enabled. 
    • Disabled means the physical network cannot be used yet. 
    • Enabled means it is in used. 
    • All physical networks are added in the Disabled state.  Once all network services have been added to the physical network, the admin can enable the physical network.  During enablement of the physical network, CloudStack checks if the physical network has the services it needs to provide the functionality specified for it. 
    • The admin can disable the physical network.  However, that does not mean the physical network is no longer in used but rather new networks cannot be created on it.
  • To remove the physical network, the admin can delete it.  CloudStack checks if any networks have already been created on the physical network before it can be deleted.
  • Properties of the network such as the speed of the network, jumbo frames can be specified.
  • Physical networks can be tagged to match network offerings’ tags.
  • The method of isolation is specified on the physical network.
createPhysicalNetwork – returns uuid of the physical network created.
·         zoneId: zone to create the network in
·         function: Storage, Guest, Management, Public
·         vlan: vlan or vlan range
·         name: name used to find this network on the hypervisors.
·         Tags: user specified tags to tag the network.
·         Speed: 10G / 1G
·         isolationMethod: vlan/open-switch/v-switch
deletePhysicalNetwork
·         id: uuid of the physical network
updatePhysicalNetwork
·         id: uuid of the physical network
·         enabled: state of the physical network, true or false.
·         Speed: 10G / 1G
·         isolationMethod: vlan/open-switch/v-switch
·         Tags: user specified tags.
listPhysicalNetworks
·         id: uuid of the physical network
·         zoneId: uuid of the zone
PrepareZoneForDeployment – auto-creates the networks that are for management and others in the zone.
·         Id: uuid of the zone to prepare.

Adding network service providers to physical networks.

Once a physical network has been created, network service providers are added to the physical network.

  • The list of network service providers are retrieved from the list of providers shipped with CloudStack and is specified in the components.xml
  • Each service provider is added with the Disabled State and must be enabled specifically.
  • Each service provider is configured using its APIs.
  • During enablement of the service provider, the service provider checks to see if it is fully configured for the physical network.
  • If a service provider supports multiple instances of the same network element type on the same physical network, the multiple instances are configured through the service providers APIs. 
  • Certain network service providers (such as firewall) will require two physical networks as they bridge between two physical networks.
listNetworkServices – returns a list of services that the CloudStack provides
listNetworkServiceProviders – returns a list of service providers
·         serviceType: type of network service
AddNetworkElement – Adds a physical network service provider to the network.  A UUID is returned.
·         physicalNetworkId: uuid of the physical network to add this to
·         destinationPhysicalNetworkId: uuid of the physical network to bridge to
·         name: name of the network service provider
updateNetworkElement
·         id: uuid of the network element
·         enabled: true/false
deleteNetworkElement
·         id: uuid of the network element
listNetworkElements
·         zoneId: uuid of the zone
·         physicalNetworkId: uuid of the physical network

Configuring the virtual router

Virtual Router is one of the most used service provider available in the CloudStack.  Pre-3.0, Virtual Router is configured by a mess of different configuration variables.  From 3.0, Virtual Router is configured specifically via its own APIs.

  • Ip range to be defined on the virtual router
  • Services the virtual router supports
  • Default domain name for the network serviced by the virtual router
  • Gateway ip address for the virtual router

The API for configuring the virtual router is left to the author for the virtual router service.

Networks

Network is a concept that virtualizes the physical network for multi-tenancy.  There are two types of networks, shared and virtual.  The following is the state transition diagram of a Network.

naas1.png

 

Virtual Networks

A Virtual Network is a network that only the virtual machines of the same end user can be on.  This is equivalent to the guest virtual network concept in pre-3.0 releases.   Virtual networks have the following properties.

  • Resources such as VLAN are allocated and garage collected dynamically.
  • There is one network offering for the entire network.
  • The network offering can be upgraded or downgraded but it is for the entire network.

Shared Networks

A Shared Network is a network that can be shared between many different users.  Network Isolation on shared networks is done via other means, such as security groups.  In pre-3.0, this is the Direct Guest Network.  However, in 3.0, this concept is enhanced as follows:

  • Shared Networks are created by the administrator
  • Shared Networks can be designated to a certain domain
  • Shared Network resources such as VLAN and physical network that it maps to are designated by the administrator
  • Shared Networks can have multiple network offerings, allowing an end user to choose the network offering to deploy their virtual machine with
  • Shared Networks are isolated by security groups
  • Public Network is a shared network that is not shown to the end users.

Use Cases

Deploying a basic zone

The administrator is deploying the cloud stack for the first time and wants to deploy the equivalent to basic zone in pre-3.0.

Setup

  1.  Enables the network offering for shared network w/security groups.
  2. Adds zone
  3. Add physical network
  4. Add shared network
  5. Associate shared network offering with shared network.

End User

  1. Deploys a VM into the shared network with the network offering.

Deploying an virtual zone

The administrator is deploying the cloud stack for the first time and wants to deploy the equivalent to virtual guest network in pre-3.0.

Setup

  1. Enable the network offering for virtual network.
  2. Add zone
  3. Add physical networks
  4. Make call to prepare zone for deployment

End User

  1. Deploys a VM with the virtual network offering.

Adding more service providers to a basic zone setup.

Setup

  1. Add more network offerings that are for shared that includes the service provider.
  2. Add service provider to the existing physical network that underlies the shared network.
  3. Enable the network offering

End User Deploying a new VM

  1. Choose the zone.
  2. Choose the shared network to deploy into
  3. Choose the network offering
  4. Deploy the VM

End User Upgrading an existing VM

  1. Choose upgrade network offerings for an existing VM
  2. Choose the new network offering.
  3. Restart the VM.

Upgrading network offering for an isolated network

This illustrates how an admin can upgrade their network with a Juniper firewall, assuming they deployed with configuration in 3.2.

Setup

  1. Add the Juniper network service provider on to the physical network.
  2. Configure the Juniper network service provider.
  3. Add network offering for virtual network.  Make sure the Juniper network service provider is specified.
  4. Enable the new network offering

End User

  1. Upgrade their network to a new network offering
  2. Reprogram the network

Migration

TBD

Related

CIDR for the guest network
In Acton, some external devices enabled network are using dynamic generated CIDR for the guest network. This page would explain how dynamic CIDR is generated. The page would also cover the condition that CIDR is specified during network creation.
Was this article helpful?
Page statistics
3181 view(s), 15 edit(s) and 16861 character(s)

Tags

This page has no custom tags set.

Comments

You must to post a comment.

Attach file

Attachments

FileVersionSizeModifiedOptions
  • naas1.png
  • v1
  • 8.76 KiB
  • 15:19, 28 Oct 2011
  •