下载文档原格式
浅谈Overlay网络中的VxLAN技术摘要:本文针对云计算数据中心的应用场景,采用VxLAN技术解决数据中心部署虚拟化规模受4096个VLAN限制、多租户网络隔离以及应用系统无法通过自动化手段协同完成相应网络变更等问题。
深入分析并研究了VxLAN为代表的Overlay网络技术、VxLAN 网络模型,在虚拟交换机上实现了VxLAN网络技术,并优化VxLAN报文在虚拟交换机中的转发流程,最后进行了验证测试,并取得了良好效果。
关键词:VxLAN SDN Overlay网络1.引言虚拟化是在云计算环境中广泛使用的技术,虚拟机迁移是在云计算环境中实现资源灵活调度、确保高可用性等的重要手段,在云数据中心环境中为了提升对计算资源的管控能力和灵活度,对虚拟机调度边界要求越来越大,甚至会出现跨机房模块和跨数据中心的需求。
传统网络常使用的环路拓扑、STP阻塞的环境中,对于二层链路利用率不足。
尤其是在网络设备具有全连接拓扑关系时,根交换机端口拥塞严重,二层网络接入能力严重受限。
同时,传统网络中基于VLAN的区域隔离设计可以满足竖井式的应用系统部署方式,但是在云计算网路资源全面贯通、共享的环境中,4096的VLAN数量限制和MAC表项容量严重不足已经成为构建云网络的巨大障碍。
因此需要新的网络技术来解决二层网络的接入能力、VLAN数量和MAC表项不足的问题[1]。
2.Overlay技术概述2.1 Overlay技术路线近两年Overlay相关技术已经日趋成熟,并得到了广泛应用,目前主流实现的技术路线主要包括以VMware NSX和开源OpenStack Neutron为代表的面向虚拟化环境的纯软件实现方式(Host Overlay)和以Huawei AC和H3C NCFC为代表的主要面向硬件网络环境的解决方案(Network Overlay)[2]。
Host Overlay方案是利用软件实现虚拟设备(vDevice)作为Overlay网络的边缘设备和网关设备,实现隧道报文的解/封包动作。
A Survey on the Design,Applications and Enhancements of Application Layer Overlay NetworksJINU KURIAN and KAMIL SARACUniversity of Texas at DallasThis article presents a survey of recent advancements in application layer overlay networks.Some of the most important applications that have been proposed for overlays include multicast,QoS support,denial-of-service(DoS)defense and resilient routing.We look at some of the important approaches proposed for these applications and compare the advantages and disadvantages of these approaches.We also examine some of the enhancements that have been proposed in over-lay topology design,enhanced routing performance,failure resistance and the issues related to coexistence of overlay and native layers in the Internet.We conclude the article with a comment on the purist vs pluralist argument of overlay networks that has received much debate recently. Finally,we propose a new deployment model for service overlays that seeks to interpose between these two approaches.Categories and Subject Descriptors:C.2.1[Computer-Communication Networks]:Network Architecture and Design;C.2.3[Computer-Communication Networks]:Network Operations General Terms:Design,Economics,Performance,Reliability,SecurityAdditional Key Words and Phrases:Overlay Networks,Service Overlay Networks,Performance, Enhancements,Deployment Model1.INTRODUCTIONOver the last few years,overlay networks have garnered much interest in the re-search and industrial community.This interest has been sparked primarily due to several distinct advantages offered by overlay networks for the testing and deploy-ment of novel and possibly disruptive applications in the Internet.Some of the proposed applications for overlay networks include multicast[Chu et al.2000],content delivery networks[Yu et al.1999;Krishnamurthy et al.2001; Su et al.2006],quality of service[Duan et al.2003;Li and Mohapatra2004b; Subramanian et al.2004],enhanced routing performance[Andersen et al.2001; Anderson et al.1999;Akamai a],anonymity[Dingledine et al.2004;Abe1999; Anonymizer],anycast[Freedman et al.2006;Ballani and Francis2005],IPv6de-ployment[6bone],testbeds[Chun et al.2003;Touch et al.2005],denial of service (DoS)defense[Keromytis et al.2002;Andersen2003],VoIP[Amir et al.2005; Author’s addresses:The University of Texas at Dallas,Dept.of Computer Science,800West Campbell Road,Richardson,TX75080-1407Permission to make digital/hard copy of all or part of this material without fee for personal or classroom use provided that the copies are not made or distributed for profit or commercial advantage,the ACM copyright/server notice,the title of the publication,and its date appear,and notice is given that copying is by permission of the ACM,Inc.To copy otherwise,to republish, to post on servers,or to redistribute to lists requires prior specific permission and/or a fee.c 20YY ACM0000-0000/20YY/0000-0001$5.00ACM Journal Name,Vol.V,No.N,Month20YY,Pages1–0??.2·J.Kurian and K.SaracBaset and Schulzrinne2006],reliable email[Agarwal et al.2005],distributed sys-tems management[Liang et al.2005],etc.Similarly,much work has gone into enhancing some of the important requirements associated with overlay networks like topology design,failure resistance,routing performance,Byzantine resilience, native layer interaction,etc.Before continuing with our main discussion,wefirst answer the question:What are overlay networks and why are the required?An overlay network is a virtual network that is built on top of another.It is usually built(directly by end users or a third-party overlay service provider(OSP)) to provide an application or service not easily provided by traditional methods to interested end users.In general,overlay architectures consist of two layers:1)the overlay layer comprising of the overlay nodes and virtual links and2)the native layer over which the overlay network is built.In the Internet today,the native layer is the IP layer which provides a best effort delivery service between remote systems.The overlay layer comprises of a selection of the native layer’s nodes, logically interconnected with each other in any desired manner.Figure1shows an example of an overlay network.Note that the traditional definition of an application layer overlay network en-compasses peer to peer(P2P)networks as well.P2P networks are in general outside the scope of this survey and our definition.We concentrate on overlay networks built for the purpose of providing a specific application as described above.For a detailed overview of P2P networks,the interested reader is referred to[Lua et al. 2004].The amount of work that is related to overlay networks can be staggering to a novice reader.Yet,to date there has been no concerted effort to survey the disparate applications and the enhancements of generic overlay architectures.In this article,we aim to provide the reader with a comprehensive overview of the more significant applications for overlay networks,the issues that arise with each of these applications and some existing solutions to these issues.We will also present the pluralist vs purist view of overlay deployment and propose a deployment model for overlay networks that draws more support from the ISPs than the existing deployment models.The main motivation behind the deployment of overlay networks is to counter many limitations of the current Internet architecture that have become obvious[Rat-nasamy et al.2005]in recent years.Some of the major concerns include the inher-ent lack of security[Keromytis et al.2002;Andersen2003;Anderson et al.2003; Mirkovic et al.2002;Moore et al.2001],QoS guarantees[Subramanian et al.2004; Duan et al.2003],mobility support[Snoeren et al.2001],multicast support[Chu et al.2000;Almeroth2000],end-to-end service guarantees[Duan et al.2003;Blu-menthal and Clark2001]and the presence of unwanted and spurious traffic[Shin et al.2006;Xu and Zhang2005].While the calls for change and solutions proposed have been numerous,the acceptance and deployment of these solutions have not nearly kept pace.Many researchers have voiced their concerns about this perceived ”ossification”of the Internet[Turner and Taylor2005;Peterson et al.2004]which prevents even necessary changes in the infrastructure from taking place.In this context,overlay networks have emerged as a viable solution to this ossification by ACM Journal Name,Vol.V,No.N,Month20YY.Overlay Networks Survey·3Fig.1.Overlay model.providing third-party service providers and users with a means to address some of the aforementioned issues at a smaller scale and without requiring universal change or coordination for the deployment of new services.The rest of the article is organized as follows.Section2presents some of the more important overlay applications that have been proposed in the literature. Section3describes generalized overlay models for these applications and Section 4discusses the enhancements that have been suggested based on these generalized models.Section5discusses the purist vs pluralist view of overlays and proposes a new model of overlay deployment.Finally,Section6concludes the article.2.APPLICATIONS OF OVERLAY NETWORKSThe proposed applications for overlay networks have been numerous and largely disparate.We will consider some of the more important applications here.2.1Overlay multicastIP multicast was one of thefirst value-added services that was proposed in the Internet.Highly efficient in multi-receiver applications it received a lot of research interest for its development.IP Multicast was however plagued with many problems which have prevented its widespread deployment.Today,IP multicast has been de-ployed primarily in the intra-domain scale without much inter-domain connectivity. The MBone overlay[Macedonia and Brutzman1994;Almeroth2000]was one of thefirst attempts to interconnect disjoint multicast zones to each other.IP tunnel-ing was used for the purpose of transporting data over multicast-unaware routers. MBone provided the required connectivity but was plagued with problems of un-reliability,heavy loss,low throughput,difficult management etc.Application layer multicast was proposed as a viable alternative to IP multicast.In application layer multicast,a multicast tree is built at the application layer between participating group members.Data delivery is provided through unicast tunneling mechanisms on a hop-by-hop basis between the group participants.Unlike IP multicast where data is replicated by the routers,in overlay multicast data is replicated by overlay nodes.The operation of multicast overlays is shown in Figure2.ACM Journal Name,Vol.V,No.N,Month20YY.4·J.Kurian and K.SaracFig.2.Multicast overlays(adapted from ESM).Narada:Narada or End System Multicast(ESM)was one of thefirst multicast overlays proposed.In ESM,overlay nodes initially create an overlay mesh between all group members.Once the mesh is created,a shortest path tree to the source is built on top of the mesh.This tree building approach used in ESM is called the meshfirst approach1.Although not as efficient as IP Multicast,ESM offers some distinct deployment advantages over it.ESM allows the deployment of multicast services without manifestable changes in the network and maintains the networks’stateless nature.Since unicast tunneling is used between overlay nodes,inter-domain connectivity is also not an issue.Although unicast is the primary mode of transport,ESM is more efficient than native unicast for multi-receiver applications. As is the case with IP multicast,the source has to transmit only a single packet to the overlay network which is then replicated by the overlay nodes for data delivery. This reduces the overhead on the sender and the network and makes for more efficient data delivery.ESM while seminal in multicast overlays,has several issues that restrict is ef-fectiveness.One of the more significant issues with ESM is that its scalability is detrimentally affected by the group management protocol used.The model pro-posed by ESM has been enhanced over the years to allow for much larger group sizes.We will consider one approach next which allows for much better scalability. There have been other significant improvements also allowing for more efficient tree construction,higher data rates,better failure resistance and for optimizing various parameters like delay,data loss,overlay deployment costs,link stress,load bal-ancing etc.Some of the significant improvements include ALMI[Pendarakis et al. 2001],Scattercast[Chawathe2003],Yoid[Francis],NICE[Banerjee et al.2002], Overcast[Jonnatti et al.2000]),Bullet[Kostic et al.2003])and TAG[Kwon and Fahmy2002].NICE:NICE[Banerjee et al.2002]attempts to build a very low overhead over-lay network which can scale to a very large number of nodes.Significant in the NICE architecture is the use of a layered,hierarchical approach.By distributed1The mesh first approach is in contrast with the treefirst approach where the tree is constructed directly between the group participants[Abad et al.2004]ACM Journal Name,Vol.V,No.N,Month20YY.Overlay Networks Survey·5 management of the overlay and providing addressing in a hierarchical manner,the amount of information that is required to be maintained at each node is significantly reduced.The hierarchial addressing used in NICE is as follows.Nodes are organized into layers,with nodes in each layer further organized into clusters.Each cluster has a cluster leader which is the node with minimum distance to all other nodes in the cluster.The cluster leaders of each layer are the only nodes joined to the next higher layer.In this arrangement Layer0is the lowest level of hierarchy and con-tains all the nodes.This means that the worst case information to be maintained by a node is about O(log N)other nodes(as opposed to O(N)for ESM).Data delivery also follows the hierarchical delivery path.A source-specific tree is built from the source of the message for this purpose.TAG:The importance of topology awareness in overlay construction is well stud-ied.We will discuss this in more detail in Section4.1.Topology aware group-ing[Kwon and Fahmy2002](TAG)was proposed to exploit underlying network topology information to build a more efficient tree.The tree construction in TAG uses network measurements to optimally place new nodes in the network.When a new member desires to join a multicast session,the source S calculates the shortest path between itself and the new node(using a tool like traceroute and pathchar or from OSPF topology servers).It then uses a path matching algorithm tofind the overlap between its currently used paths and the shortest path to the new node. The purpose of the path matching algorithm is to ensure that new node can join the multicast tree using an existing path in the tree at the point of overlap closest to it.Another advantage of TAG is that unlike most multicast overlays which aim to optimize a single metric like delay,bandwidth or loss rate,TAG can use both delay and bandwidth(because of the measurements made prior to overlay construction) as joint considerations during overlay construction.To achieve efficiency and fault tolerance,in TAG the intermediate nodes and the root nodes participate in periodic probing.As with most probing based overlays,this probing can be expensive if the overlay is very large.Thefield of application level multicast has received much attention over the years.Figure3provides a tabular comparison between some different approaches. For a more thorough overview of multicast overlays,the interested reader is referred to[Abad et al.2004].2.2QoS guaranteesOver the years,much effort has gone into providing end-to-end QoS at the network layer in the Internet.IntServ[Braden et al.1994]and DiffServ[Carpenter and Nichols2002;Blake et al.1998]were proposed and established as QoS standards for the Internet.However,similar to IP Multicast,network layer QoS faced several deployment problems in a large scale.One of thefirst solutions to the lack of deployment of QoS was an overlay based testbed,Qbone[QBone].Since then, researchers have proposed the construction of overlay networks which can provide QoS guarantees to applications using the overlay network.ACM Journal Name,Vol.V,No.N,Month20YY.6·J.Kurian and K.Sarac specif trees based on RPF Mesh first source-Mesh first,centralized to build a MST based Tree first new nodes become child of an existing parent Optimizingparameter ALMINarada TAG NICE Yoid Overcast centralized to place nodes in a tree Hierarchial trees based on splitting nodes into clusters Tree first,centralized, nodesdecide position wrta root nodeon inter-node probes Topology AwareNo No No No Tree first,Tree construction Strategy Reliability Delay andbandwidth LatencyYes Yes No No No Yes Delay Delay Delay Group Size Very Large Large LargeLarge Small Large No Pathchar andOSPF info used parison of various Multicast overlays.SON:The service overlay network (SON)[Duan et al.2003]approach aims to pro-vide QoS guarantees in the inter-domain scale through an overlay network.QoS is provided for the overlay network by purchasing bandwidth from ISPs via bilateral SLAs with certain QoS guarantees.The overlay nodes are logically interconnected through these bandwidth guaranteed connections to provide end-to-end QoS guar-antees.The use of SON allows the deployment of QoS sensitive applications in the network without the overhead required for network layer QoS.SON also simplifies QoS provisioning for ISPs by allowing QoS provisioning for a larger granularity of individual SONs as opposed to individual flows.The significant challenge in the SON architecture is for the OSP to purchase bandwidth in an efficient manner from ISPs.Since this purchase of bandwidth is a capital-intensive affair,the bandwidth requirements need to be carefully calculated to minimize capital expense.On the other hand,the SON must be provided ade-quate bandwidth to support the QoS requirements of the services that it aims to support.Provisioning also needs to be made for possibly fluctuating requirements without excessive penalty.The authors in [Duan et al.2003]model the bandwidth provisioning requirements as optimization problems for static and dynamic band-width requirements and suggest approximate solutions to these problems.Other issues which have been studied in the context of SON include the design of an efficient SON topology [Vieira and Liebeherr 2004a]and reconfiguring the service overlay to optimize the cost of using the overlay [Fan and Ammar 2006].One of the unique attributes of the SON approach is its dependence on ISPs to deploy the overlay.This is contrary to the general wisdom of complete indepen-ACM Journal Name,Vol.V,No.N,Month 20YY.Overlay Networks Survey·7 dence from ISPs in overlay operation and deployment.We will call this overlay deployment model the SON model of deployment.The SON model is contrary to the deployment model wherein the overlay is completely independent from the ISPs (we call this model the P2P model)in its operation and deployment.As we will discuss later,the involvement of ISPs can provide significant advantages to over-lay based applications.The SON deployment model has been adapted by various authors in creating service architectures for various applications.The Service Ori-ented Internet(SOI)[Chandrashekar et al.2003]architecture is one instantiation of a SON overlay as a working infrastructure to provide VoIP.Another example which we discuss next is QRON which can be considered as an implementation based on the SON model.QRON:In QRON the authors propose the creation of a bandwidth provisioned overlay network(OSN)similar to SON.The overlay network consists of overlay brokers(nodes)with bandwidth guaranteed connections between them.As with SON,QRON can provide a QoS-guaranteed overlay path to the application.QRON additionally tackles some of the architectural and functional aspects of a practical SON overlay.One relevant issue with a practical SON overlay is its scalability to a large number of nodes.In QRON,the solution is to organize the overlay using a hierarchical clustering and naming scheme.Overlay nodes are clustered into several levels with level-1being the highest level cluster consisting of level-2clusters and so on.The clustering is done such that nodes within the same AS and those that are physically close to each other are clustered together.Additionally,if the overlay nodes/clusters have multiple overlay links between each other they are clustered together.This clustering approach ensures that nodes are clustered to have low latency between each other and a high degree of connectivity.The naming scheme used follows directly from the clustering scheme.A i-level cluster has a i-tuple for its name,e.g a3-level cluster has a x.y.z tuple as its name.The clustering scheme reduces the overhead of propagating reachability and addressing information.Local information is broadcast within the cluster only.Reachability between clusters is then provided by organizing the gateway nodes of each cluster into an overlay mesh.Routing on top of the overlay is another important consideration.The authors propose two routing schemes which aim to select paths with the best available band-width in addition to the traditional shortest paths.Finally,the authors posit the presence of an overlay service layer(OSL)above the transport layer at all overlay nodes which provides common functionalities like overlay routing,topology discov-ery,overlay link performance estimation,resource allocation etc to the application layer.Generally,QoS is a difficult application to provide without explicit ISP sup-port[Crowcroft et al.2003].OverQoS[Subramanian et al.2004]however provides a different perspective without such explicit support.In OverQoS,overlay nodes implement forward error correction(FEC)and automatic repeat request(ARQ) schemes to provide an upper bound on the loss experienced by traffic to provide a measure of QoS guarantees on top of overlay architectures.Figure4shows a tabular comparison between the different QoS approaches we have discussed in this section.ACM Journal Name,Vol.V,No.N,Month20YY.8·J.Kurian and K.Sarac Depends on overlayover which it isdeployed Hierarchial with nodes deployed globallyDepends on AS-level topology Depends on the overlay over which it isdeployedOverQoS QRON SONInter-connectedQoS provisionedlinks Forward Error Corrction and ARQ to provide delivery guarentees Bandwith provisioned links with QoS aware routingNA MSDP and PBSP required ?Underlay provisioningYes No YesTopology RoutingStrategy parison of various QoS overlays.2.3Improving the end-to-end performance and resiliency of Internet routingTo improve scalability and to hide local policies,ISPs traditionally heavily filter and aggregate their BGP route announcements to peers.As a direct result of this,when faults occur,BGP fault recovery and routing convergence can be exceedingly slow [Balakrishnan et al.1997;Labovitz et al.2000;Paxon 1997].Additionally,ISPs typically choose their inter-domain paths to suit local policy requirements,rather than choosing the path with best performance [Savage et al.1999].This results in Internet paths which suffer from low resiliency and ers are thus often provided with sub-optimal performance in end-to-end latency,packet loss rate and TCP throughput [Anderson et al.1999].The Detour [Anderson et al.1999]project identified some of the significant prob-lems mentioned above in the Internet.Their studies conducted via a framework of geographically distributed overlay nodes identified the presence of superior alter-nate paths in the Internet.In fact in 30-80%of the cases measured,the alternate path was significantly better than the default unicast route.To exploit this inher-ent path redundancy in the Internet,routing overlay networks have been proposed.A routing overlay can avoid slow BGP convergence by routing around the failure through its intermediate nodes.Through active probing between overlay nodes,overlay networks can also quickly detect and recover from failures in the network.Finally by routing through paths that provide the best end-to-end performance irrespective of ISP policies,overlay routing can provide better performance than network layer routing.This operation of routing overlays is shown in Figure 5.RON:RON [Andersen et al.2001]was the first large scale routing overlay imple-mentation and testbed dedicated to providing improved resiliency and performance ACM Journal Name,Vol.V,No.N,Month 20YY.Overlay Networks Survey·9Fig.5.Operation of Routing overlays.over default network level paths.The RON overlay consists of nodes deployed at various locations across the Internet,logically interconnected to form a full mesh. The RON overlay nodes are deployed by end users without any support from the ISPs for their operation(the P2P model).The main objectives of the RON overlay are tofind the best possible path to a destination and to provide resiliency and quick recovery in case the chosen path fails.RON nodes thus constantly probe each other to obtain topology and perfor-mance information.The collected information is then disseminated throughout the overlay network using a link-state protocol.To provide the best routes,the source RON node creates a forwarding table based on the collected information for one of three metrics,i)latency,ii)packet loss and iii)throughput.Failure resistance also depends on the probes.If a probe is lost,the low frequency probes are replaced by a succession of probes separated by a short interval.If the probes are not responded to after a certain threshold,the path is considered broken.Based on the active probes and intelligent path selection,RON nodes can gener-ally detect failures earlier,route around failures and improve the end-to-end perfor-mance of applications over traditional unicast.The RON architecture however has several shortcomings including its lack of scalability due to the full-mesh topology, high-frequency probing,uninformed selection of nodes,lack of topology awareness etc.Subsequent work on routing overlays have improved upon many aspects of mea-surement based overlay networks like RON.We will look at these in more detail in Section4.Akamai Sureroute:Akarouting or Sureroute[Akamai a]is an overlay based rout-ing service provided by Akamai.The Sureroute overlay is based on observations similar to the results obtained by Detour[Anderson et al.1999].An average gain of15-30%was observed when routing through an alternate path rather than the default path.Similar to RON,the Sureroute overlay consists of an overlay network which uses ping data to collect topology and performance information(called the Map Maker component)of its overlay nodes.The placement of overlay nodes isACM Journal Name,Vol.V,No.N,Month20YY.10·J.Kurian and K.SaracLink state basedreactive routingProbes detectfailures & gatherpath informationP2P model,end users provide nodes P2P model,end users providenodesperformanceResilency, improvedavailability and e2eResilient routing,improved e2eperformanceResilient routing,improved e2eperformanceFeedback basedproactive routinguses backup pathswhen primary fails.Detour RON MONET Sureroute P2P basedService provided Basic Startegy Deployment Failure resistance Improved e2eperformanceFind best routeto destinationvia measurementsbetween nodesNot specified Probes detectfailed paths, routingfinds new pathRON type overlaycombined withmultihomingSimilar to RON,multihoming addsresitanceRaces betweenpaths and pingdata to choose bestpathsThird party serviceproviderProbes to detectfailed paths, routearound failuresResilient routingUse inherentredundancy inP2P overlays to findalternate pathsNot specifiedNot specifiedparison of various routing overlays.topologically distributed which enables the overlay to have a large number of alter-nate paths.The best paths are chosen(by The Guide)using the concept of races between available paths.Periodically,simultaneous downloads(races)are employed through multiple paths and the winner is recorded as the path for the near future. Finally to provide the best last-hop performance,Sureroute is used in conjunction with Akamai EdgeSuite[Akamai b].Sureroute is a redirection technique which directs the user to the most optimal edge overlay node.Much of the Akamai technology is proprietary,so information about Akamai Sureroute is limited.While RON and Sureroute aim to utilize the implicit redun-dancy in the Internet through the multiple paths provided by overlay networks, there have also been proposals which seek to extend this redundancy explicitly. Next we will consider a couple of approaches which provide such explicit redun-dancy.MONET:MONET[Andersen et al.2005]proposes an overlay network similar to RON.However the authors seek to extend the inherent redundancy in the Internet with explicit redundancy in the form of multihoming.Multihoming is provided through multiple edge ISPs,contacting multiple server replicas,obtaining multiple paths in the overlay network and multiple DNS requests to mask DNS failures. Additionally to reduce the overhead imposed by path probing,MONET uses a selective path probing scheme.A path is probed only if it is likely that previous attempts have failed.The delay between probes is chosen based on the variance observed in RTT values.If a path shows a stable RTT over time,the path is less likely to be probed in the future.This ensures that the overhead produced in MONET by path probing is minimal,but it can serve path requests without too ACM Journal Name,Vol.V,No.N,Month20YY.。
Docker overlay覆盖网络及VXLAN详解在现实世界中,容器间通信的可靠性和安全性相当重要,即使容器分属于不同网络中的不同主机。
这也是覆盖网络大展拳脚的地方,它允许创建扁平的、安全的二层网络来连接多个主机,容器可以连接到覆盖网络并直接互相通信。
Docker提供了原生覆盖网络的支持,易于配置且非常安全。
其背后是基于Libnetwork 以及相应的驱动来构建的。
Libnetwork 是CNM 的典型实现,从而可以通过插拔驱动的方式来实现不同的网络技术和拓扑结构。
Docker 提供了一些诸如Overlay 的原生驱动,同时第三方也可以提供驱动。
在2015 年3 月,Docker 公司收购了一个叫作Socket Plane 的网络初创企业。
收购的原因有二,首先是因为这会给Docker 带来真正意义的网络架构,其次是让容器间联网变得非常简单,以至于开发人员都可以配置它。
Docker 公司在这两点上都取得了巨大的成功。
但是,简洁的网络命令实际由大量的组件构成。
这部分内容是在进行生产环境部署和问题定位前必须要了解的。
在Swarm 模式下构建并测试Docker 覆盖网络要完成下面的示例,需要两台Docker 主机,并通过一个路由器上两个独立的二层网络连接在一起。
如下图所示,注意节点位于不同网络之上。
可以选择Linux容器主机或者Windows 容器主机。
Linux 内核版本不能低于4.4(高版本更好),Windows 需要Windows Server 2016 版本,并且应安装最新的补丁。
1) 构建Swarm首先需要将两台主机配置为包含两个节点的Swarm 集群。
接下来会在node1 节点上运在node1 节点上运行下面的命令。
在node2 上运行下面的命令。
如果需要在Windows 环境下生效,则需要修改Windows 防火墙规则,打开2377/tcp、7946/tcp 以及7946/udp 等几个端口。
Overlay之VXLAN架构一、传统网络面临的问题随着企业业务的快速扩展需求,IT做为基础设施,快速部署和减少投入成为主要需求,云计算可以提供可用的、便捷的、按需的资源提供,成为当前企业IT建设的常规形态,而在云计算中大量采用和部署的虚拟化几乎成为一个基本的技术模式。
部署虚拟机需要在网络中无限制地迁移到目的物理位置,虚机增长的快速性以及虚机迁移成为一个常态性业务。
传统的网络已经不能很好满足企业的这种需求。
●传统网络架构限制东西流量传统网络架构以三层为主,主要是以控制南北数据流量为主,由于数据中心虚拟机的大规模使用,虚拟机迁移的特点以东西流量为主,在迁移后需要其IP地址、MAC地址等参数保持不变,如此则要求业务网络是一个二层网络。
但已有二层技术存在下面问题。
❍生成树(STP Spanning Tree Protocol)技术,部署和维护繁琐,网络规模不宜过大,限制了网络的扩展。
❍各厂家私有的IRF/vPC等网络虚拟化技术,虽然可以简化部署、同时具备高可靠性,但是对于网络的拓扑架构有严格要求,同时各厂家不支持互通,在网络的可扩展性上有所欠缺,只适合小规模网络部署,一般只适合数据中心内部网络。
❍新出现的大规模二层网络技术TRILL/SPB/FabricPath等,虽然能支持二层网络的良好扩展,但对网络设备有特殊要求,网络中的设备需要软硬件升级才能支持此类新技术,带来部署成本的上升。
●业务规模受网络设备规格限制云业务中虚拟机的大规模部署,使二层地址(MAC)表项的大小限制了云计算环境下虚拟机的规模,特别是对于接入设备而言,二层地址表项规格较小,限制了整个云计算数据中心的业务规模。
●不能适应大规模租户部署云业务需要大量租户之间的隔离,当前的主流二层网络隔离技术为VLAN,但是在大量租户部署时会有两大限制。
一是VLAN可用的数量为4K左右,远远不能满足公有云或大型私有云的部署需求;二是如果在大规模数据中心部署VLAN,会使得所有VLAN在数据中心都被允许通过,会导致任何一个VLAN的广播数据会在整个数据中心内泛滥,大量消耗网络带宽,同时带来维护的困难。
sdn 混合overlay原理SDN混合Overlay原理什么是SDN混合Overlay•SDN混合Overlay是指将软件定义网络(Software-Defined Networking)与网络Overlay技术相结合的一种网络架构。
•SDN混合Overlay可以通过将虚拟网络(Overlay Network)映射到底层物理网络中,实现网络资源的灵活分配和管理。
SDN混合Overlay的基本原理1.软件定义网络(SDN)–SDN是一种网络架构,将网络控制平面与数据平面进行分离。
–控制平面由集中的控制器进行管理,可以通过编程接口对网络进行灵活控制。
–数据平面负责转发数据的功能。
2.网络Overlay–网络Overlay是指在底层网络之上构建的一种虚拟网络。
–Overlay网络可以提供更高层次的逻辑拓扑结构,方便网络管理与故障隔离。
–Overlay网络可以通过隧道技术将底层网络抽象为一组虚拟链路。
3.SDN混合Overlay的原理–首先,在底层网络中部署SDN控制器,将网络划分为多个区域。
–然后,在每个区域中部署Overlay控制器,负责管理该区域内的虚拟网络。
–Overlay控制器通过与SDN控制器进行协商和通信,实现整个网络的协同管理。
SDN混合Overlay的优势•灵活性:SDN混合Overlay可以根据需求动态创建、修改和删除虚拟网络,灵活适应不同的应用场景。
•隔离性:SDN混合Overlay可以通过虚拟化技术实现逻辑隔离,保护网络资源免受攻击。
•可扩展性:SDN混合Overlay可以根据需要对网络进行扩展,在不影响底层网络的情况下提供更多的虚拟网络。
SDN混合Overlay的应用场景•数据中心网络:SDN混合Overlay可以提供灵活的网络划分和虚拟机迁移功能,提高数据中心网络的资源利用率。
•企业网络:SDN混合Overlay可以简化企业网络的管理,提供更好的网络隔离和安全性。
•云服务提供商:SDN混合Overlay可以帮助云服务提供商提供高效、灵活和安全的虚拟私有云服务。
Overlay云网络加速全球通信摘要:全球通信对“一个全球网络”提出了强烈的要求。
然而,公共互联网由于其固有机制在实现这一目标方面面临着巨大的挑战。
在本文中,我们提出了互联网第二平面,这是一个构建在全球公有云之上的通用高质量网络,以加速全球通信。
我们通过三个关键技术实现了第二平面。
首先,我们开发了一种自动拓扑规划技术,以选择最佳候选云节点。
其次,我们设计了一种新的时变路由技术来计算云网络的最佳路由。
第三,我们实现了一个新的动态传输层,通过云网络提供高质量的数据传输。
通过原型评估公有云平台上的云网络,结果表明,云网络的性能大大优于现有的底层网络,RTT 时延降低 15.2%,丢包率降低 1.9%,吞吐量提高10倍。
关键词:云网络;overlay;经济全球化和国际贸易自由化的趋势对全球通信提出了许多新的要求。
大量应用程序,如跨国公司通信、直播、线路游戏和购物等对“一个全球网络”有着强烈的需求,需要一个能够在全球提供高质量端到端服务的网络。
然而现有的公共互联网由于以下挑战无法提供如此高质量的服务。
首先,公共互联网由数千个分域网络组成。
这些分域网络由具有不同通信能力的不同网络提供商支持。
将上千个网络服务提供商联合起来,共同建立一个高质量的全球网络面临巨大挑战。
其次,互联网协议只提供了一个尽力而为的服务。
虽然这一机制简单有效,但无法提供覆盖全球的高质量服务。
第三,必须手动构建预留资源的昂贵专线,以为不同类别的业务需求提供SLA。
施工需要较长时间,涉及多个部门和区域的合作。
事实上,互联网已经做了很多工作改进,如专线、软件定义网络(SDN)[1]、内容分发网(CDN)[2]等。
这些方案虽然有效,但每一个都有局限性。
部署专线需要长期施工,成本高。
通过SDN进行路由规划主要需要新的硬件支持和现有的大规模更改网络设备。
通过CDN缓存成本高昂,通常仅限于高端资源。
本文中我们通过三个关键模块实现了云网络的原型,我们提出了基于公有云构建的云网络,它被定义为构建在覆盖全球的通用高质量网络。
Overlay技术传统的交换⽹络解决了⼆层的互通及隔离问题,这个架构发展了⼏⼗年已经相当成熟。
⽽随着云时代的到来,却渐渐暴露出了⼀些难以解决的瓶颈,包括多租户环境、虚拟机迁移和VLAN数量不够等问题。
为了解决上述局限性问题,不论是⽹络设备⼚商,还是虚拟化软件⼚商,都提出了⼀些新的Overlay解决⽅案,EVI(Ethernet Virtualization Interconnect)、TRILL(Transparent Interconnection of Lots of Links)、SPB(Shortest Path Bridging)等⼤⼆层技术,虚拟化软件⼚商提出的VXLAN(Virtual eXtensible LAN)、NVGRE(Network Virtualization Using Generic Routing Encapsulation)、 STT(A Stateless Transport Tunneling Protocol for Network Virtualization)等⼀系列新技术虚拟化技术按照技术领域来划分,可以分为:⽹络、存储、服务器(计算)虚拟化,在数据中⼼内部,三者是相辅相成的关系。
典型的⽹络虚拟化技术有VLAN、VPLS、VXLAN,典型的计算虚拟化技术有时分共享技术、x86技术、⼴为⼈知的存储虚拟化技术主要有RAID。
在实际应⽤时,这些虚拟化领域可能存在交叉,⽐如说vSwitch技术,其实是⽹卡虚拟化和计算虚拟化的结合,其在操作系统层⾯实现了物理⽹卡⼀虚多,并提供多张虚拟⽹卡供不同虚机使⽤。
⽽FCOE(Fiber Channel overEthernet以太⽹光纤通道)技术可以将光纤通道映射到以太⽹,从⽽让服务器-SAN存储设备的光纤通道请求和数据可以通过以太⽹连接来传输。
随着计算虚拟化的蓬勃发展,云计算数据中⼼对⽹络提出了更⾼的要求,包括⽹络对虚拟化场景的⽀持、多租户多业务的承载能⼒以及资源的灵活快速部署,从⽽暴露了传统⽹络的⼀些缺陷,具体体现在如下三个⽅⾯:⼀、虚拟化⽀持:云计算要求⽹络资源被集中管理,传统⽹络难以实现跟云平台的对接。
