TOAST Meetup2015 - TOAST Cloud tenant isolation / 김태형

  • Published on
    07-Jan-2017

  • View
    532

  • Download
    7

Embed Size (px)

Transcript

  • TOAST CloudTENANT ISOLATION / NHN

    2015.11.26

  • Tenant Isolation?

    How?

  • TENANT ISOLATION?

    TENANT ISOLATION

    Cloud == Shared Resource

    Isolation

    Compute / Storage / Network

    Tenant Network Limitation

    NETWORK COMPUTE STORAGE

  • NETWORK

    FIP

    PROBLEM

    NETWORK NODE

    COMPUTE

    PRIVATE

    COMPUTE

    PUBLIC

    R

  • BLOODY 4.16

    Network node on VM

    Rollback Fail

    LBaaS, DHCP

  • SOLUTION #1

    1ST APPROACH

    Network Node

    NETWORK

    FIP

    COMPUTE

    PRIVATE

    COMPUTE

    PUBLIC

    R

    NETWORK

    FIPR

  • NOT ENOUGH

    IS IT OK?

    NETWORK

    FIP

    COMPUTE

    R

  • LOAD BALANCER

    WORST CASE

    NETWORK

    FIP

    COMPUTE

    R

  • SOLUTION #2

    2ND APPROACH

  • DVR?

    DVR

    NETWORK

    COMPUTE COMPUTE

    R

    R R

    FIP

  • BETTER

    !

    NETWORK

    COMPUTE COMPUTE

    R

    R R

    LOAD BALANCER

    R FIP

    FIP

  • DVR

    DVR

    ...

  • NOT ENOUGH YET

    ?

    NETWORK

    COMPUTE COMPUTE

    R

    R R

    LOAD BALANCER

    R FIP

  • NEW SOLUTION

    LOAD BALANCER FARM

    NETWORK

    COMPUTE COMPUTE

    R

    R R

    LOAD BALANCER FARM

    LB LB LB

    FUTURE

  • TENANT NETWORK

    4K vs 16M

  • VXLAN

    Flooding

    Performance

  • DPDK

    VxLAN Offloading

    OVS upgrade

    & Partitioning

    ?

    TODO

  • ?

    DVR + HA Router

    Openstack Liberty

    Back port

    VxLAN

    Partitioning

  • SUMMARY

    SUMMARY

    Network node Tenant

    DVR + Network node /

    infra

  • Q&A

  • Thank you.