Open contrail slides for BANV meetup
32
MEETUP – JAN 20 TH 2014 Juniper Restricted Confidential - Do not distribute externally
-
Upload
scott-edwards -
Category
Technology
-
view
2.414 -
download
1
description
Ankur Singla's slides from the Jan 20, 2014 meetup with Bay Area Network Virtualization group
Transcript of Open contrail slides for BANV meetup
MEETUP – JAN 20TH 2014
Juniper Restricted Confidential - Do not distribute externally
2 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
PROBLEM DEFINITION
3 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
LOST DECADE OF NETWORKING
2001 2011
… cool new logos
4 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
THE RAGE OF 2011-2013
Solution looking for a problem …..
…. and it did find a few interesting ones
5 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
WHAT ARE THE REAL PROBLEMS…
CONFIGURED, MANAGED
Whatever happened to Web2.0?
6 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
WHAT ARE THE REAL PROBLEMS…
Cloud? Scale-out? ….
SCALE-UPSYSTEMS
7 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
WHAT ARE THE REAL PROBLEMS…
Virtualization? Orchestration?
HARDWARE SERVICES
8 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
WHAT ARE THE REAL PROBLEMS…
Big Data? Analytics? ….
LOW VISIBILITY
9 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
NETWORKING PROBLEMS IN A NUTSHELL
CONFIGURED, MANAGED
HARDWARE SERVICES
LOW VISIBILITY
SCALE-UPSYSTEMS
POOR MANAGE-ABILITY
INFLEXIBLE SYSTEMS
HARDWARE CENTRIC
10 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
CUSTOMER PROBLEMS
11 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DATA-CENTER NETWORKING
LOAD BALANCER
FIREWALL
VLANS VLANS
FINANCE HR MARKETINGPhysical Servers
Local Hard Drives
LOAD BALANCER
FIREWALL
Admin
Config
MARKETING FINANCE HR
VIRTUALIZED
Centralized Management & Control, Policy provisioning
Network Virtualization and Centralized Services Management
12 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
SERVICE PROVIDER NETWORK
SGSN / MME
SBC
Media Gateway
FW
SLB
DPI
CACHING
GGSN / P-GW
Mobile Edge
Broadband Edge
Business Edge Core /
Backbone
PCRF
Scalable Virtual Service on x86
Scalable Virtual Service on x86
Private networks
SP DATACENTER
BRAS/VPN Edge
FW – IPS – PDF – DDoS
FW – IPS – PDF – DDoS
Service Load Balancing
Service Load Balancing
L3VPN-ENABLEDSP CORE/BACKBONE
BUSINESS EDGE
BROADBAND EDGE
MOBILE EDGE
Dynamic Service Provisioning, Scaling; Service ChainingDynamic Service Provisioning, Scaling; Service Chaining
Services – Firefly, Web App Secure, Ddos Secure, vSA
Services – Firefly, Web App Secure, Ddos Secure, vSA
NFV: Virtualized Network Services with Centralized Management & Orchestration
13 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
NETWORK VIRTUALIZATION TECHNIQUES
14 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
LEGACY DC - L2/VLAN BASED APPROACH
VMs
ToR ToR
Servers
15 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
Routing & Filteringbetween VLANs
VLAN Span Limit
LEGACY DC - LIMITED VLAN SPAN
ToR ToR
Routing & Filteringbetween VLANs
No VLANs Across L3 FW
LB
FW
LB
16 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
LEGACY DC - NO MULTI-TENANCY
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
VLAN Span Limit
VMs
ToR ToR
FW
LB
FW
LBSingle Routing Table
(No support for overlapping multi-tenant space)
17 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L2/L3 -MPLS
L3-MPLS
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
VLAN Span Limit
LEGACY DC - MULTI-TENANCY WITH VRF
ToR ToR
VRF for multi-tenant isolation
Tenant-VRF Tenant-VRF
L3-MPLS
L2/L3 -MPLS L2/L3 -MPLS L2/L3 -MPLS
MPLS – Enabled links
FWLB
FWLB
FWLB
FWLB
FWLB
FWLB
Tenant Specific HW Appliance
Services
18 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L3 L3
L2-SW
L3 ToR
L3 ToR
L3 ToR
L3 ToR
L3 L3 L3 L3
L3
CLOUD DC – ECMP CLOS NETWORK
VXLAN
External Network
L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW
Servers
19 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L3 L3
L2-SW
L3 ToR
L3 ToR
L3 ToR
L3 ToR
L3 L3 L3 L3
L3
CLOUD DC - TYPICAL L2 OVERLAY
Hypervisor Switch performs L2 forwarding
Separate VM does L3 Routing and NAT
VXLAN
VXLAN
VXLAN
External NetworkExternal Network
L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW
Servers
20 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L3 L3
L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3
L3 L3 L3 L3
L3
CLOUD DC - CONTRAIL L2/L3 OVERLAY
vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter
Hypervisor vRouter handles L2/L3
Hypervisor vRouter performs NAT
= multi-tenant VRF
Service Insertion Service Insertion
External Network
Servers
21 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
CONTRAIL NETWORK VIRTUALIZATION
22 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
ROLE OF CONTRAIL IN CLOUD ENVIRONMENT
Service Nodes
Internet VPN DCI WAN
Gateway Router
JunosV Contrail
Orchestrator
Compute APIs Storage APIsNetwork APIs
Server
Virtual Machine vRouter
Physical Switches
vSRX, F5 …
23 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
CONTRAIL NETWORKING STACK
Configuration Nodes
ControlPlane
ComputeNode
(Virtual Router)
ServiceNodes
(SRX, F5, ...)
GatewayNode
(MX, EX/QFX, ...)
ControlPlane
ControlPlane
AnalyticsEngine
AnalyticsEngine
AnalyticsEngine
REST APIs (Configuration, Operational, and Analytics)
OpenstackCustomer OSS/BSS Cloudstack
24 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
CONTRAIL NETWORKING FEATURES
NAT, Routing, Switching
IPAM, Virtual DNS
Load Balancing
Security Services
3rd Party Network Srvc
Physical or Software GW
Rich Analytics
Service Chaining
High Availability
API Services
25 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
PHYSICAL DATACENTER TOPOLOGY VIEW
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch
Spine Switch Spine Switch Spine Switch
GatewayRouter
Gateway Router
Control Node
Config Node(Openstack)(Cloudstack)
Analytics Node
WebUI Node
Control Node
Config Node(Openstack)(Cloudstack)
Analytics Node
WebUI Node
Network
L2, L3
L3
OSPF/BGP
BGP
L3 ECMP
No VM IP information in the Underlay Network
Optional Redundancy
Compute & Storage Rack Compute & Storage Rack Orchestration & Services Racks
26 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
Gateway Service
Applications & Services (AS)
Configuration Management (CM)
Control Plane (CP)
Host Agent
VRouter(Data Plane)
SOLUTION OVERVIEW
26C O N F I D E N T I A L – D O N O T D I S T R I B U T E
VIRTUAL NETWORK A
VIRTUAL NETWORK B
VIRTUAL NETWORK C
CustomerL3VPN
Service Appliance
Public Internet(ISP-1)
Public Internet(ISP-2)
PE Router(Juniper MX,Cisco ASR9K)with L3VPN/VRF Support
ServiceAppliance
Service Appliance withL3VPN/VRF Support(Juniper SRX, etc)
Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc)
Bare Metal Linux/WindowsVirtualized Servers (Hypervisor)
Contrail VirtualNetwork Controller
VRF
VRF
VRF
CM CP CM CP
CM CP AS CP
VM VM VM VM VM VM
AgentvRouter
AgentvRouter
Dashboard Console
Management, Configuration, Orchestration, Analytics
AgentvRouter
AgentvRouter
AgentvRouter vRouter vRouter
Contrail SWGateway
27 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
SOLUTION OVERVIEW – CONTROL & MGMT PLANE
27C O N F I D E N T I A L – D O N O T D I S T R I B U T E
VIRTUAL NETWORK A
VIRTUAL NETWORK B
VIRTUAL NETWORK C
CustomerL3VPN
Service Appliance
Public Internet(ISP-1)
Public Internet(ISP-2)
PE Router(Juniper MX,Cisco ASR9K)with L3VPN/VRF Support
ServiceAppliance
Service Appliance withL3VPN/VRF Support(Juniper SRX, etc)
Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc)
Virtualized Servers (Hypervisor)
Contrail VirtualNetwork Controller
VRF
VRF
VRF
CM CP CM CP
CM CP AS CP
VM VM VM VM VM VM
AgentvRouter
AgentvRouter
Dashboard Console
Management, Configuration, Orchestration, Analytics
AgentvRouter
AgentvRouter
AgentvRouter
BGP/Control, Netconf/Mgmt
XMPP (Control, Mgmt)
Bare Metal Linux/Windows
vRouter vRouter
Contrail SWGateway
Gateway Service
Applications & Services (AS)
Configuration Management (CM)
Control Plane (CP)
Host Agent
VRouter(Data Plane)
28 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
SOLUTION OVERVIEW – DATA PLANE
28C O N F I D E N T I A L – D O N O T D I S T R I B U T E
VIRTUAL NETWORK A
VIRTUAL NETWORK B
VIRTUAL NETWORK C
CustomerL3VPN
Service Appliance
Contrail SWGateway
Public Internet(ISP-1)
Public Internet(ISP-2)
PE Router(Juniper MX,Cisco ASR9K)with L3VPN/VRF Support
ServiceAppliance
Service Appliance withL3VPN/VRF Support(Juniper SRX, etc)
Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc)
Virtualized Servers (Hypervisor)
Contrail VirtualNetwork Controller
VRF
VRF
VRF
CM CP CM CP
CM CP AS CP
VM VM VM VM VM VM
AgentvRouter
AgentvRouter
Dashboard Console
Management, Configuration, Orchestration, Analytics
AgentvRouter
AgentvRouter
AgentvRouter
Bare Metal Linux/Windows
vRouter vRouter
Route Across/within VNs (L3VPN)
Bridge within VNs (EVPN)
Dynamically Insert Services (Physical &
Virtual)
Gateway Service
Applications & Services (AS)
Configuration Management (CM)
Control Plane (CP)
Host Agent
VRouter(Data Plane)
29 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DEMO OVERVIEW
30 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DEMO – PHYSICAL TOPOLOGY
Hypervisor
HypervisorHypervisor
Hypervisor
Hypervisor
Leaf Switch Leaf Switch Leaf Switch Leaf Switch
EX-4500 EX-4500 EX-4500
MX-80 MX-80
Control NodeConfig NodeOpenstack Srvcs
LAB NETWORK
L2, L3
L3
OSPF
OSPF
Compute & Storage Rack Compute & Storage Rack Orchestration & Services Racks
Control NodeAnalytics NodeOpenstack Srvcs
31 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DEMO – LOGICAL TOPOLOGY
LAB NETWORK
Controller Nodes
AP CP
Dashboard Console
Management, Configuration, Orchestration, Analytics
VRF
VRF
VRF
VM VM
AgentvRouter
CM CP
VRF
VRF
VRF
MX-80 MX-80
VM
VM VM
AgentvRouter
VM
AgentvRouter
VM VM
AgentvRouter
VM VM
AgentvRouter
Compute Nodes
BGP
XMPP
MPLSoUDP, VXLAN
MPLSoGRE,VXLAN
32 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
OPEN CONTRAIL
Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper.
Same features and scaling as commercial versionUses proven stable standards. Production-Ready
Permissive license Apache 2.0 (Controller), GPL (vRouter)
Integrated into open source virtualization stacksOpenStack, CloudStack (beta)
