Software-defined networking

Edit online

Software-defined networking (SDN) virtualizes your network in a similar way that compute resources are virtualized. With SDN, you can deploy networks and change your network layout without making physical changes to your network environment. PowerVC supports SDN on PowerVM® NovaLink managed systems.

Overview

The SDN function integrated in PowerVC has the following functionality. For full details, see Components of private and public communication when using SDN.

  • Overlay network support (such as VXLAN).1 Overlay networks work with Open vSwitch (OVS) to allow virtual machines that are on different physical networks to communicate with each other over a private virtual network.
  • Support for virtual routers to connect your overlay network to your wide area network (WAN).1
  • Support for external IP addresses to assign a public IP address from your WAN to a virtual machine on the overlay network.1
1: Requires a network node. For information about network nodes, see Network nodes.
Note: Quality of service (QoS) and security groups are supported as a technical preview by using CLI commands. See this topic for details: Working with Quality of Service rules.

SDN compared to traditional networking

In traditional networking, network controls are enforced on the physical switch ports. This works well for long-running workloads that are tied to one system. However, as workloads became virtualized, one server might have hundreds of virtual machines running on it, and virtual machines are no longer tied to one physical server. Because of this, the network controls previously mentioned cannot adequately constrain virtual machine communication. Instead, network connectivity is the focus.

Figure 1. High level view of a traditional networking environment
This image illustrates a traditional networking environment that makes use of VLANs.
SDN allows you to virtualize the network and use policy based management to virtualize and control the networking on individual virtual machines.
  • Overlay networks: With SDN overlay networks, Ethernet packets are encapsulated in an IP packet. Therefore, the Ethernet ports that your PowerVM system is connected to need only one VLAN and one IP address. In traditional networking, raw Ethernet packets are put on the network. If you have many VLANs, you must put those VLANs on many switches. This makes your configuration more complex and increases your broadcast domain.
  • Virtual routers: SDN virtual networks route packets coming in to and going out of the VLAN, similar to a router in a traditional network. Because virtual routers are software, they are easier to maintain and less expensive than traditional routers.
  • External IP addresses: With SDN external IP addresses, you can dynamically add a public IP address to a virtual machine on a private network. The virtual router converts the IP address so the virtual machine is not aware that the external IP address exists. This is similar to Layer 3 routing in traditional networking, except that external IP addresses can be added dynamically.
Figure 2. High level view of an SDN networking environment
An SDN network looks a lot like the traditional network, but only the load balancer can be seen by the WAN.

Topology overview

This section gives a high level overview of the SDN topology. The PowerVC SDN solution is an implementation of the OpenStack networking topology using VRRP. If you want a more in-depth description of this topology, review the information in OpenStack Networking Guide.
Important: The OpenStack Networking Guide describes how to change configuration files. Do not modify the configuration files.
One of the major components of an SDN environment is the VXLAN overlay network. This is made up of four basic parts, which run on two systems: the compute host (NovaLink, installed in SDN mode and running Ubuntu), and a network node. A network node is a physical or virtual server that runs Ubuntu and has direct access to physical I/O. It runs Open vSwitch for virtual routing and virtual switching. The virtual machine deployed in this figure is using a VXLAN overlay network, so the packets that the virtual machine sends by using the client network adapter (CNA) go to the virtual router on the network node. That router serves as a gateway to route the traffic between the VXLAN network and the external wide area network.
Figure 3. High level SDN topology

The previous figure showed the basic components of an SDN solution for VXLAN tunnel networking in isolation, but an SDN overlay network can exist with Shared Ethernet Adapter (SEA) and Single Root I/O Virtualization (SR-IOV) networking technologies. In this figure, a virtual machine uses an SDN network through one of its network interface cards (NICs). At the same time, the virtual machine uses SEA on a different NIC. On that network, the I/O is served by the VIOS. A third network on that virtual machine uses an SR-IOV adapter, connected by a virtual function (VF). Connecting a virtual machine to multiple networking solutions allows you to use different networks for different tasks. For example, you could direct certain network traffic, such as data for a high speed database backup system, to the SR-IOV network, while using SDN for other traffic.

Figure 4. SDN with SEA and SR-IOV

As seen previously, you can use SDN in an environment with multiple networking solutions. You can also further separate your network traffic into data and management networks, as the following figure illustrates. In this example, the management traffic for both the compute host and the network node is on one physical network. Additionally, there are three different data networks: SDN , SEA, and SR-IOV. The virtual machine is still using all three data networks, while a separate physical network handles management traffic.

Figure 5. SDN with separate data and management networks