Tutorial 6: Multi tenant DCN Demonstrator SDN 2016
The goal of this tutorial is to setup a small RINA-based data centre network capable of supporting isolated computing/storage "slices" for different tenants. The design exploits RINA's recursion capabilities to build a scalable DC architecture using the same building block (the DIF) in two very different scopes: the DC fabric and the tenant layers. This scenario, demonstrated at the SDN World Congress 2016, has been setup with the demonstrator, using an IRATI image with a pristine-1.5 branch snapshot.
The image above shows different details of the DC configuration. The topmost part of the image shows the physical systems: the DC has 4 racks of 8 servers, interconnected via a Top of Rack (ToR) router. Each ToR router is connected to two spine routers, forming the DC fabric. The design can scale up by just adding more servers per rack, more racks and more spines (organised in hierarchies of spines if the DC grows very large). The middle part of the figure shows the protocol layers in the design:
- The DC Fabric DIF provides connectivity over the leaf-spine fabric, which can be treated as a single distributed resource allocation domain. It runs multi-path forwarding policies to exploit the link diversity.
- Multiple VPN DIFs (4 in this tutorial) float on top of the DC fabric DIF, providing isolated computing/storage domains dedicated to customers. Each tenant DIF can be tailored to the customer requirements by plugging in different policies.
The lower part of the image shows the connectivity graph of the IPC Processes in each DIF. The DC Fabric DIF is depicted at the left, while VPN DIFs on the right (in this simple tutorial all VPN DIFs have the same connectivity graph).
The Demonstrator is command-line tool (gen.py) which allows the user to easily try and test the IRATI stack in a multi-node scenario. Each node is implemented using a light Virtual Machine (VM), run under the control of the QEMU hypervisor. All the VMs are run locally without any risk for your PC, so you don't need a dedicated machine or multiple physical machines.
To install the demonstrator you need a physical Linux machine with support for QEMU and KVM. To obtain the demonstrator, just clone its repository:
git clone https://github.com/IRATI/demonstrator.git
After that cd into the demonstrator directory.
Enter the examples directory and create a file called dcvpns.conf, with the following contents.
eth 110 100Mbps tor1 spine1
eth 120 100Mbps tor1 spine2
eth 11 25Mbps s11 tor1
eth 12 25Mbps s12 tor1
eth 13 25Mbps s13 tor1
eth 14 25Mbps s14 tor1
eth 15 25Mbps s15 tor1
eth 16 25Mbps s16 tor1
eth 17 25Mbps s17 tor1
eth 18 25Mbps s18 tor1
eth 210 100Mbps tor2 spine1
eth 220 100Mbps tor2 spine2
eth 21 25Mbps s21 tor2
eth 22 25Mbps s22 tor2
eth 23 25Mbps s23 tor2
eth 24 25Mbps s24 tor2
eth 25 25Mbps s25 tor2
eth 26 25Mbps s26 tor2
eth 27 25Mbps s27 tor2
eth 28 25Mbps s28 tor2
eth 310 100Mbps tor3 spine1
eth 320 100Mbps tor3 spine2
eth 31 25Mbps s31 tor3
eth 32 25Mbps s32 tor3
eth 33 25Mbps s33 tor3
eth 34 25Mbps s34 tor3
eth 35 25Mbps s35 tor3
eth 36 25Mbps s36 tor3
eth 37 25Mbps s37 tor3
eth 38 25Mbps s38 tor3
eth 410 100Mbps tor4 spine1
eth 420 100Mbps tor4 spine2
eth 41 25Mbps s41 tor4
eth 42 25Mbps s42 tor4
eth 43 25Mbps s43 tor4
eth 44 25Mbps s44 tor4
eth 45 25Mbps s45 tor4
eth 46 25Mbps s46 tor4
eth 47 25Mbps s47 tor4
eth 48 25Mbps s48 tor4
# DIF dcfabric
dif dcfabric tor1 110 120
dif dcfabric tor2 210 220
dif dcfabric tor3 310 320
dif dcfabric tor4 410 420
dif dcfabric spine1 110 210 310 410
dif dcfabric spine2 120 220 320 420
# DIF VPN1
dif vpn1 s11 11
dif vpn1 s12 12
dif vpn1 s13 13
dif vpn1 s14 14
dif vpn1 tor1 11 12 13 14 dcfabric
dif vpn1 s21 21
dif vpn1 s22 22
dif vpn1 s23 23
dif vpn1 s24 24
dif vpn1 tor2 21 22 23 24 dcfabric
# DIF VPN2
dif vpn2 s31 31
dif vpn2 s32 32
dif vpn2 s33 33
dif vpn2 s34 34
dif vpn2 tor3 31 32 33 34 dcfabric
dif vpn2 s41 41
dif vpn2 s42 42
dif vpn2 s43 43
dif vpn2 s44 44
dif vpn2 tor4 41 42 43 44 dcfabric
# DIF VPN3
dif vpn3 s15 15
dif vpn3 s16 16
dif vpn3 s17 17
dif vpn3 s18 18
dif vpn3 tor1 15 16 17 18 dcfabric
dif vpn3 s25 25
dif vpn3 s26 26
dif vpn3 s27 27
dif vpn3 s28 28
dif vpn3 tor2 25 26 27 28 dcfabric
# DIF VPN4
dif vpn4 s35 35
dif vpn4 s36 36
dif vpn4 s37 37
dif vpn4 s38 38
dif vpn4 tor3 35 36 37 38 dcfabric
dif vpn4 s45 45
dif vpn4 s46 46
dif vpn4 s47 47
dif vpn4 s48 48
dif vpn4 tor4 45 46 47 48 dcfabric
#Policies
#Multipath FABRIC
policy dcfabric rmt.pff multipath
policy dcfabric routing link-state routingAlgorithm=ECMPDijkstra
policy dcfabric rmt cas-ps q_max=1000
policy dcfabric efcp.*.dtcp cas-ps
The first part of the file specifies the ethernet links between the different VMs in the scenario, along with its VLAN and bandwidth restriction if any (in this setup we rate-limit links between servers and ToRs to 25Mbps and between ToRs and spines to 100 Mbps). The second part specifies how DIFs are stacked in each machine. The third part specifies non-default policies for each DIF (otherwise the demonstrator uses a default DIF configuration).
Go back to the main demonstrator folder, and type the following command:
./gen.py -m 1024 -e full-mesh --vhost -f virtio-net-pci -c examples/dcvpns.conf
This will generate a number of configuration files and two scripts: up.sh and down.sh. In this case we are using VMs with 1024 MBs of RAM, you can run smaller machines (512 or even 256 if you don't plan to run rina-tgen should be ok). We are also telling the script to enroll all IPCPs to each other (full-mesh option) as long as they have connectivity via an N-1 DIF. The text output after running this script should be the following one:
You want to run a lot of nodes, so it's better if I give each node some time to boot (since the boot is CPU-intensive)
I am going to enroll spine1 to DIF dcfabric against neighbor tor2, through lower DIF 210
I am going to enroll spine1 to DIF dcfabric against neighbor tor3, through lower DIF 310
I am going to enroll spine1 to DIF dcfabric against neighbor tor4, through lower DIF 410
I am going to enroll spine1 to DIF dcfabric against neighbor tor1, through lower DIF 110
I am going to enroll spine2 to DIF dcfabric against neighbor tor1, through lower DIF 120
I am going to enroll spine2 to DIF dcfabric against neighbor tor3, through lower DIF 320
I am going to enroll spine2 to DIF dcfabric against neighbor tor4, through lower DIF 420
I am going to enroll spine2 to DIF dcfabric against neighbor tor2, through lower DIF 220
I am going to enroll s38 to DIF vpn4 against neighbor tor3, through lower DIF 38
I am going to enroll s45 to DIF vpn4 against neighbor tor4, through lower DIF 45
I am going to enroll s35 to DIF vpn4 against neighbor tor3, through lower DIF 35
I am going to enroll s37 to DIF vpn4 against neighbor tor3, through lower DIF 37
I am going to enroll s36 to DIF vpn4 against neighbor tor3, through lower DIF 36
I am going to enroll s46 to DIF vpn4 against neighbor tor4, through lower DIF 46
I am going to enroll s47 to DIF vpn4 against neighbor tor4, through lower DIF 47
I am going to enroll tor3 to DIF vpn4 against neighbor tor4, through lower DIF dcfabric
I am going to enroll s48 to DIF vpn4 against neighbor tor4, through lower DIF 48
I am going to enroll s13 to DIF vpn1 against neighbor tor1, through lower DIF 13
I am going to enroll s12 to DIF vpn1 against neighbor tor1, through lower DIF 12
I am going to enroll s11 to DIF vpn1 against neighbor tor1, through lower DIF 11
I am going to enroll s14 to DIF vpn1 against neighbor tor1, through lower DIF 14
I am going to enroll s22 to DIF vpn1 against neighbor tor2, through lower DIF 22
I am going to enroll s23 to DIF vpn1 against neighbor tor2, through lower DIF 23
I am going to enroll s21 to DIF vpn1 against neighbor tor2, through lower DIF 21
I am going to enroll tor1 to DIF vpn1 against neighbor tor2, through lower DIF dcfabric
I am going to enroll s24 to DIF vpn1 against neighbor tor2, through lower DIF 24
I am going to enroll tor3 to DIF vpn2 against neighbor tor4, through lower DIF dcfabric
I am going to enroll s34 to DIF vpn2 against neighbor tor3, through lower DIF 34
I am going to enroll s31 to DIF vpn2 against neighbor tor3, through lower DIF 31
I am going to enroll s33 to DIF vpn2 against neighbor tor3, through lower DIF 33
I am going to enroll s32 to DIF vpn2 against neighbor tor3, through lower DIF 32
I am going to enroll s44 to DIF vpn2 against neighbor tor4, through lower DIF 44
I am going to enroll s41 to DIF vpn2 against neighbor tor4, through lower DIF 41
I am going to enroll s42 to DIF vpn2 against neighbor tor4, through lower DIF 42
I am going to enroll s43 to DIF vpn2 against neighbor tor4, through lower DIF 43
I am going to enroll s18 to DIF vpn3 against neighbor tor1, through lower DIF 18
I am going to enroll s25 to DIF vpn3 against neighbor tor2, through lower DIF 25
I am going to enroll s17 to DIF vpn3 against neighbor tor1, through lower DIF 17
I am going to enroll s16 to DIF vpn3 against neighbor tor1, through lower DIF 16
I am going to enroll s15 to DIF vpn3 against neighbor tor1, through lower DIF 15
I am going to enroll tor1 to DIF vpn3 against neighbor tor2, through lower DIF dcfabric
I am going to enroll s27 to DIF vpn3 against neighbor tor2, through lower DIF 27
I am going to enroll s26 to DIF vpn3 against neighbor tor2, through lower DIF 26
I am going to enroll s28 to DIF vpn3 against neighbor tor2, through lower DIF 28