© 2017 SWITCH | 2
Infrastructure & Data Services
Our offer
Our customers
Your added value
© 2017 SWITCH | 3
Your added value
SWITCH made – Swiss made • Swiss law and data location • Scalable storage and computing power on
demand with immediate availability in accordance to the need of – and controlled by – the institutions
• Flexible usage and charging model, no up-front investment
• Simple administration; integrated into the academic network of SWITCH; security and identity services included
• Support for academic use cases • Created together with you
© 2017 SWITCH | 4
Our customers
Higher education • Cantonal universities • ETH domain with research institutions • Universities of applied sciences • Universities of teacher education
University-related organizations • Spin-Offs • Research institutions • eLearning Center • University hospitals
© 2017 SWITCH | 5
Our offer
• SWITCHengines • Virtual Private Cloud (VPC) • SCALE-UP (Project)*
* For developing academic services with 9 universities, as part of the „Scientific Information“ projects mandated by swissuniversities.
© 2017 SWITCH | 6
SWITCHengines
Customer tailored computing and storage performance for universities, research and teaching –further developed in the SCALE-UP project mandated by Swiss universities.
Your benefits • Your data in Switzerland • Integrated network and security • Support for academic use cases • Simple administration and billing • Created together with you
Customers • Universities • Research
institutions • eLearning Center • University
hospitals • Spin-Offs
Services • SWITCHengines (IaaS) • Virtual Private Cloud (VPC) • SCALE-UP (academic project)
© 2017 SWITCH | 7
Goal • Integration of Cloud VMs in campus network (bring
behind firewall).
Benefits • Access to internal services from VMs. • Use Cloud VMs to enhance redundancy. • Use Cloud VMs to scale out local the infrastructure.
Virtual Private Cloud
7
© 2017 SWITCH | 8
Terms • SWITCHengines: SWITCH IaaS (Infrastructure as a
Service), running on OpenStack
• SCALE-UP WP10 is about Virtual Private Cloud (VPC). Persons Involved • Fachhochschule St. Gallen (FHSG): Tom Schönenberger
(work package leader), Stephan Gerber • SWITCH: Patrik Schnellmann, Saverio Proto, Alexander
Gall, Harald Staub
SCALE-UP WP10: Virtual Private Cloud
8
© 2017 SWITCH | 9
Example Use Cases of FHSG • Domino Server, e.g. Web Server • Windows Domain Controller, e.g. DNS Server
Example Use Cases
9
© 2017 SWITCH | 10
Tunnel in 2 Parts • Cross the backbone (not cloud-specific).
• In SWITCHengines connect a Tenant network to a physical network • In routing at L3 • In bridging at L2
Solution
10
© 2017 SWITCH | 11
Tunnel Part: Cross Backbone
11
• Layer 2 Connection • VPN box managed remotely by SWITCH Global LAN as an
appliance. • ALX Box (Agile LAN eXtender)
© 2017 SWITCH | 12
Tunnel Part: OpenStack
12
OpenStack “Provider Network” • Layer 3 Connection
© 2017 SWITCH | 13
• /etc/neutron/plugins/ml2/ml2_conf.ini – type_drivers = flat,vxlan,vlan
• On the network node • plugins/ml2/openvswitch_agent.ini
– bridge_mappings =physnet1:brex,physnet2:br-eth4
Openstack Integration Configs
13
© 2017 SWITCH | 14
# With ADMIN credentialopenstack network create --no-share \--project <uuid> \--provider-physical-network physnetN \--provider-network-type flat UUID-p2p-net
Openstack operators part
14
© 2017 SWITCH | 15
# With USER credentialopenstack network create --no-share cloudcampusneutron subnet-create --allocation-pool start=10.250.250.100,end=10.250.250.200 --name cloudcampussub --gateway 10.250.250.1 cloudcampus 10.250.250.0/24
neutron subnet-create --name p2p UUID-p2p-net --disable-dhcp --gateway 195.176.16.126 195.176.16.0/24
Openstack user part – subnets
15
© 2017 SWITCH | 16
neutron router-create vpnrouterneutron router-interface-add \ vpnrouter p2pneutron router-interface-add \ vpnrouter cloudcampussubopenstack router set --route \ destination='0.0.0.0/0',gateway='195.176.16.1' vpnrouter
Openstack user part - router
16
© 2017 SWITCH | 17
Tunnel Part: OpenStack
17
OpenStack “l2gw” Neutron Plugin • Layer 2 Connection
© 2017 SWITCH | 18
l2-gateway-create --device \ name="myphyswitch",interface_names=”ethX” \ customername
l2-gateway-connection-create \ <GATEWAY-NAME/UUID> <NETWORK-NAME/UUID>
Openstack operators
18
© 2017 SWITCH | 19
ALX Box Hardware
19
• Advantech networking appliance • Several 1GE interfaces. • Typically one 1 GE interface for IPMI and Access. • Dual 10 GE. • Single CPU Socket: Intel Xeon 4 Core • Redundant Power Supply
© 2017 SWITCH | 20
ALX Box Requirements
20
Requirements: • IPv6 • MTU >> 1’500 on router → • Both requirements already fulfilled by SWITCH router
(no restrictions for the university network). • Box can be placed deeper inside the university site
(more flexible than MPLS)
© 2017 SWITCH | 21
ALX Software
21
• NixOS: Linux distribution with good handling of Releases (precise definition, easy upgrades and rollbacks)
• Snabb: toolkit for fast networking in user space (Lua) • l2vpn: Layer-2-VPN (Snabb application) • ALX (Agile LAN eXtender) → • written by Alexander Gall, SWITCH
© 2017 SWITCH | 22
Alternatives to VPC
22
• OpenStack VPNaaS • Dedicated VPN VM • VM including VPN Client
© 2017 SWITCH | 23
• Pilot phase with FH St. Gallen • Further deployments in 2017 as limited Beta • OpenStack Neutron L2-GW • Interested ? please contact:
Saverio Proto [email protected]
Next Steps
23
© 2017 SWITCH | 24
www.switch.ch/30years
SWITCH – an integral part of the Swiss academic community since 1987.