A global player in the telecommunications market requires Layer 3 Virtual Private Networks (VPN) tunneling to send traffic between two sites.
The Challenge
This Telco has asked us to implement L2/L3 VPN tunneling for sending network services to communicate between two OpenStack instances. A transport network is currently in use to connect these two sites together, with the transport network and sites equipped with OpenVSwitches for sending traffic to physical or virtual endpoints on the network.
As this challenge was a combinational problem and the internal staff of our customer didn’t have the required expertise, Aptira was asked to provide a solution. So, our experts in Software Defined Networking and Service Orchestration as well as Cloud Engineers got together to present a solution.
The Aptira Solution
To solve this problem, Aptira decided to use Virtual Extensible LAN (VXLAN) technology. VXLAN allows us to segment the network at scale to supporting a very large numbers of tenants. It also enables us to dynamically allocate resources within or between data centers without being constrained by Layer 2 boundaries. Another constraint of L2 tunneling is that forwarding based on Ethernet addresses sometimes do not scale sufficiently, whereas L3 VPNs are available throughout the globe on international links.
One of the challenges was the creation of VXLAN tunnel from an edge OVS machine on the OpenStack deployment to the OVS’s on a network outside the OpenStack deployment and then from there to the edge OVS located on another OpenStack site. Another challenge was the provisioning of the VXLAN tunnel and automating the service creation which can be reproducible on similar scenarios.
To solve this problem, we used:
- Cloudify as a Service Orchestrator
- OpenDayLight as an SDN controller
- Two OpenStack instances to present two sites
- OpenVSwitch as edge switches on OpenStack sites and also on the transport network
We created TOSCA blueprints for creation of transport network between these two sites as well as the creation of a L3 VPN tunnel. Creating nodes, bridges and tunnels on the transport network were automated via Cloudify. Cloudify communicates to ODL via RESTAPI, while ODL provisions the creation of these services, providing topology and stats information to upper layer if requested.
As a part of tunnel creation, a VXLAN tunnel would be created between all OVS’s, including the edge switches on the transport network and the OVS’s on the OpenStack deployment.
Another part of implementation is the integration between ODL and OpenStack, as well as updating OpenStack rules to allow communication from the virtual machines on one OpenStack deployment to the virtual machines on the other one via the VXLAN tunnel.
The Result
Aptira’s implemented solution for creating a VXLAN tunnel allowed the customer to route the network traffic between the two OpenStack deployment securely without any intervention of human being while allowed the customer to provision the network services in real-time.