Thanks to all who joined us for the Sept. 5 DemoFriday with PLUMgrid. Company co-founder and CTO Pere Monclus and solutions architect Faan DeSwardt showed how PLUMgrid’s OpenStack Networking Suite provides a fully distributed set of networking functions that can power a production cloud on the first day.
PLUMgrid says too many OpenStack projects have been delayed or altogether cancelled at the proof-of-concept (PoC) stage because the networking solutions lack the necessary elements to power a production cloud. Monclus and DeSwardt showed how the OpenStack Networking Suite uses a distributed VXLAN-powered overlay network to overcome many of the limitations of other OpenStack networking products, and they took questions from participants after the presentation. The Q&A follows.
You also can watch the full presentation, or check out the teaser video and other resources below.
How do you maintain tenant separation?
PLUMgrid: For OpenStack, we leverage the multitenancy capabilities built in and map to OpenStack’s multitenancy model. Every OpenStack tenant is assigned to a PLUMgrid Virtual Domain. This is how tenant separation is maintained.
Can there be more than one PLUMgrid Gateway for redundancy (n+1)?
PLUMgrid: Yes, the PLUMgrid Gateway can be configured to be a highly available pair. The demo shows a single gateway configured, but most customers specify a pair for PoC and production deployments.
Is the gateway pair in active/standby or active/active mode?
PLUMgrid: The PLUMgrid Gateway pair is configured as active/standby.
How many Virtual Domains can be created per PLUMgrid Zone?
PLUMgrid: We have validated 1,000 Virtual Domains per PLUMgrid Zone. A PLUMgrid Zone is defined as a collection of OpenStack compute nodes and PLUMgrid Gateways managed by the same PLUMgrid Director Cluster; you can run multiple PLUMgrid Zones per data center. We expect the maximum number of Virtual Domains per PLUMgrid Zone to to increase over time as we take advantage of faster x86 processors and in-memory processing.
PLUMgrid: No, IO Visor is not based on OVS. In fact, since only one can run at any given time on a Linux host, IO Visor displaces OVS. The PLUMgrid IO Visor is a fully virtualized IO engine that creates a runtime, multitenant, and programmable environment in which network function data planes can be loaded and instantiated at run-time.
Does the Plumgrid UI provide any telemetry or health monitoring capabilities?
PLUMgrid: Yes, we have visibility into both the physical and virtual network infrastructure. This was shown as part of the SDNCentral demo.
Can we insert application services into the overlay?
PLUMgrid: Yes, we support network service insertion (physical or virtual appliances) from our technology partners. See here for more details: http://www.plumgrid.com/partners/technology-partners/
Is there a limit on the number of interfaces that can be assigned to a particular Virtual Domain?
PLUMgrid: The limit on the number of interfaces is based on the processing power of the physical infrastructure, but PLUMgrid does limit the number of interfaces per Virtual Domain for licensing purposes. This allows us to accommodate the various “sweet spots” of the market for our product. PLUMgrid OpenStack Network Suite has two editions: Base and Premium. The Base edition limits the number of interfaces that a single Virtual Domain can offer in the range of hundreds of interfaces. The Premium edition provides a higher level of interfaces in the Virtual Domain.
Do you need three different directors per zone? If not, how many zones per director cluster do you support?
PLUMgrid: A PLUMgrid Zone is defined as a collection of OpenStack compute nodes and PLUMgrid Gateways managed by the same PLUMgrid Director Cluster; you can run multiple PLUMgrid Zones per data center. For PLUMgrid Zones with HA enabled, you will need three PLUMgrid Directors. For PLUMgrid Zones with HA disabled, only one PLUMgrid Director is required.
The nonstop forwarding looks like it works because ARP has been cached. What happens if the controller (director) goes down and you don’t have an ARP entry? Will connectivity still work?
PLUMgrid: Please note that PLUMgrid does not use controllers the way OpenFlow uses controllers, so an apples-to-apples comparison between PLUMgrid and OpenFlow is impossible, and the point about ARP cache is not applicable to the PLUMgrid demo. The PLUMgrid Director has a few different roles, one of which is to distribute the state of the network functions to the various compute nodes (where the VMs reside). This is why the traffic forwarding continued even after the Directors were shut down — the state of the network was still intact, and traffic from existing VMs continued to be served. Note that if a new VM appears, it won’t be able to connect to the Virtual Domain until the Directors are back online.
BTW, I am asking about the zones because your answer for the number of virtual domains stated that you support multiple zones per data center. So, I am looking for a way to exceed the 1,000 VD number — how much more PLUMgrid infrastructure I would need to do that?
PLUMgrid: The 1,000 Virtual Domains is a qualification limit, not a system limit. This is a comfortable limit that the product can achieve across many use cases and infrastructure dependencies. For customers that need to scale to larger than 1,000 Virtual Domains per PLUMgrid Zone, we provide two options:
- We will do a use case and infrastructure assessment to understand where the risk and dependencies are located. We are usually able to scale to the higher Virtual-Domain-per-Zone target.
- Deploy multiple PLUMgrid Zones per data center.
PLUMgrid: The PLUMgrid API has the superset of capabilities, so you will most likely automate via the PLUMgrid API.
Does PLUMgrid NAT require network nodes?
PLUMgrid: No, the PLUMgrid NAT VNF is fully distributed in the data plane with no hairpinning, which is a marquee capability to provide terabit scale for access to tenant VMs.
Do PLUMgrid VNFs need Layer 2-3 agents?
PLUMgrid: No agents — fully distributed in the data plane at the hypervisor end point for the data path.