Abstract image of a woman sitting on books and studying on a laptop

Contrail Enabler for agile cloud services

Juniper Networks (日本), profile picture
Juniper Networks (日本)

The document discusses Juniper Networks' Contrail, a framework designed for enhancing cloud services through network function virtualization (NFV) and improved orchestration of resources in a cloud-enabled data center. It highlights the evolution from traditional virtualization to a more flexible, efficient, and automated infrastructure that supports legacy applications and new cloud-based applications. Key features include comprehensive network programmability, centralized management, and the ability to integrate with existing legacy systems while allowing for elastic and scalable service provisioning.

Technology
1 of 71
Downloaded 248 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
CONTRAIL ENABLER FOR AGILE CLOUD SERVICES OpenContrailMeetup NUENO@JUNIPER.NET DISTINGUISHED ENGINEER / SDN TEAM Nachi Ueno
This statement of direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or function depicted in this presentation
ENTERPRISE DC EVOLUTION (ITAAS) TRADITIONAL VIRTUALIZATION LB Policies ACLs FW, IPS Policies Sec. Device LB Device Switches Physical Servers Router Standalone Applications (Dedicated Resources) End-user Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Manual device config Custom Policy Config Deployment knowledge Admin Virtual Machines VLANs vSecurity LB Policies ACLs VLAN Config Security Policies Router End-user Standalone Application (Virtualized Resources) Admin vLB VM Orchestrator Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Manual device config Custom Policy Config Deployment knowledge
CLOUD CLOUD-ENABLED DATA CENTER Sub-Optimal Device Utilization Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Large, Manual Device Config Custom / Complex Policy Config Specialized deployment knowledge Evolving Applications (on Resource Pool) External Cloud Based Resources Virtualized Resource Pools Resources Across Data Centers No ACLs End-user Orchestrator / Controller All Policies (incl. ACLs) Virtual Network Virtual Network Compute Storage LB Security Admin
NFV: NETWORK EDGE SECURITY Network Function Virtualization Scalable Virtual Service on x86 Scalable Virtual Service on x86 Private networks SP DATACENTER BRAS/VPN Edge FW –IPS –PDF –DDoS FW –IPS –PDF –DDoS Service Load Balancing Service Load Balancing L3VPN-ENABLED SP CORE/BACKBONE BUSINESS EDGE Internet BROADBAND EDGE MOBILE EDGE Dynamic Service Provisioning, Scaling; Service Chaining Security Services –Firefly, Web App Secure, DdosSecure, vSA Centralized management/orchestration Software abstraction from physical infra Edge delivery of virtualized security services (Firefly, DdosSecure, Web App Secure, vSA
FLEXIBLE AND DYNAMIC CHAINING OF SERVICES Host + Hypervisor Host + Hypervisor VIRTUAL NETWORK GREEN VIRTUAL NETWORK YELLOW Service A Service B IP fabric(switch underlay) A C B G1 G2 G3 G1 G2 G3 Y1 Y2 Y3 Y2 Y3 Y1 VM and virtualized Network function pool VM and virtualized Network function pool … … LOGICAL PHYSICAL Service C
L3VPN SELF-SERVICE ENTERPRISE SERVICE CLOUD CUSTOMER A (Branch Office) VPN SITE 1 CUSTOMER B (Branch Office) VPN SITE 2 CUSTOMER A (HQ) VPN SITE 2 CUSTOMER B (HQ) VPN SITE 1 Self-service portal with quick (< 5 min) network provisioning Service automation SLA-based ‘As-a-Service’ model for services Elastic architecture with service Scale-out Standard Protocols to connect SP customer to service SLB FW UTM CDN WAN OPT SP Service Cloud Quick, Self-Service
INTERCONNECT W/ EXISTING INFRASTRUCTURE Contrail enables customers to use their legacy infrastructure for legacy apps, and expand to cloud-architectures for newer apps. VLAN -A VLAN -B VLAN -C VLAN -D Front-End Tier Back-End Tier EXISTING/ LEGACY INFRASTRUCTURE CLOUD INFRASTRUCTURE Back-End Front-End Security Tier LB Tier CONTRAIL CONTROLLER Security LB Gateway Contrail enables enterprises to continue using legacy investments and infrastructure. Can extend portions of the network or the entire infrastructure and be able to run new cloud-based as well as legacy applications
TECHNOLOGY OVERVIEW
VIRTUAL NETWORKS VIRTUALIZED SERVICES THE NEW NETWORK –BUILDINGBLOCKS GATEWAYS NETWORK AND PACKET POLICY PROVIDED BY OPEN BGP VPN TECHNOLOGIES NETWORK POLICY FOR TOPOLOGY AND PACKET FOR TRAFFIC CONTROL NETWORK FUNCTIONS AND SERVICES STITCHED TO TOPOLOGY CONNECTS VIRTUAL AND PHYSICAL DOMAINS
WHAT IS NETWORK VIRTUALIZATION •Independent of Physical Network Location or State –Logical Network across any server, any rack, any cluster, any data-center –Virtual Machines can migrate without requiring any reworking of security policies, load balancing, etc –New Workloads or Networks should not require provisioning of physical network –Nodes in Physical Network can fail without any disruption to Workload •Full Isolation for Multi-tenancy and Fault Tolerance –MAC and IP Addresses are completely private per tenant –Any failures or configuration errors by tenants do not affect other applications or tenants –Any failures in the virtual layer do not propagate to physical layer
THE IMPORTANCE OF ABSTRACTION BMSR4 OpenStack ContrailController Neutron Nova VMG1 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW PHYSICAL TOPOLOGY Complex •Low level of abstraction •Many vrouters •Many routing-instances •Many tunnels •Many routes Complex to configure Complex to troubleshoot JunosSpace
CONTRAIL –VIRTUALIZED & AUTOMATED NETWORK CONTROL PLANE, MANAGEMENT PLANE NETWORK PROGRAMMABILITY ENABLING NFV (NETWORK FUNCTION VIRTUALIZATION) VIRTUALIZED NETWORK SERVICES INTEROPERABILITY WITH PHYSICAL NETWORK NETWORK VIRTUALIZATION (PRIVATE, HYBRID) CONVERGED NETWORK ORCHESTRATION AUTOMATION, ANALYTICS
CONTRAIL PHILOSOPHY1 L3
L3 L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L3 L3 L3 L3 L3 CLOUD DC -CONTRAIL L2/L3 OVERLAY vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter Hypervisor vRouter handles L2/L3 Hypervisor vRouter performs NAT = multi-tenant VRF Service Insertion Service Insertion External Network Servers
CONTRAIL PHILOSOPHY2 Fault tolerance via Idempotence
RPC NIGHTMARE Compute Node Network Node Scheduler API Do we need Distributed transaction manager…. ?
STATE SYNCHRONIZATION Controller Agent Full Sync Full Sync Diff Check local State & Apply diff
BGP router router Update Withdraw Check local State & Update state
IFMAP Server Clinet Poll Update Check local State & Update state
Data Model
Network Subnet Subnet Port VM Port VM Router Network Subnet Network Policy Subnet Service Instance
CONTRAIL BUILDING BLOCKS
CONTRAIL & OPENSTACK COMPONENTS Horizon UI Contrail Web UI Nova (Compute Orchestration) Neutron Plugin Compute Node Storage Keystone (Identity / Access Mgmt) Cinder (Block Storage) Swift (Object Storage) Nova Agent ContrailAgent Contrail Config Contrail Control vRouter Operator User Logs in, Create tenant (projects), Create IPAM, Create virtual network, Launch VMs VM Get VM Image to spawn API Srvr Scheduler … Select Compute node to spawn VM Info to spawn VM Hypervisor VM Spawned Block Storage Assignment Xen Bi-directional message bus (XMPP interaction) Launch VM Network related interaction Get virtual network info DHCP Plug (Tap interface, Instance ID, ..) Glance (Image Server) Authentication, etc.
ROLE OF CONTRAIL IN INTEGRATED STACK Service Nodes Internet VPN DCI WAN Gateway Router JunosVContrail Orchestrator Compute APIs Storage APIs Network APIs Server Virtual Machine vRouter Physical Switches vSRX, F5 …
CONTRAIL SOLUTION OVERVIEW OpenContrail Controller Configuration Analytics Control Server VM VM VM Server VM VM VM IP fabric(underlay network) Juniper Qfabric/QFX/EX or 3rdparty underlay switches Juniper MXor 3rdparty gateway routers Tenant VMs BGPFederation BGPClustering Contrail Controller REST XMPP CONTROLLER Control Orchestrator XMPP BGP + Netconf Contrail vRouter(L2 & L3) on KVM, Xenand ESXi/HyperV/Contrainersand Bare Metal in 2014 2014
CONTRAIL COMPONENTS Physical Network(no changes) Analytics OPENCONTRAIL CONTROLLER Control Configuration Physical Host with Hypervisor vRouter VM VM VM VM Physical Host with Hypervisor vRouter VM VM VM VM WAN, Internet Gateway Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine collects, stores and analyzes network elements Interacts with network elements for VM network provisioning and ensures uptime vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance TODAY 2014
OPENSTACK INTEGRATION Horizon Nova API Compute Driver Virtual-IF Driver Nova Compute Contrail Agent vRouter(kernel) Virtual Router Nova Scheduler Neutron Driver Neutron Plugin Configuration Node Control Node 1 Create an Instance (VM Info, Network, IPAM, Policies, etc) 2 Schedule an Instance on the Compute Node 3 VM Network Properties 4 Create VM Interface 6 Publish VM Intfon IFMap 5 Add Port 7 VM Interface Configover XMPP Scripts
CONTRAIL STACK -VROUTER Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
COMPUTE NODE –HYPERVISOR, VROUTER Compute Node VirtualMachine(Tenant B) VirtualMachine(Tenant C) VirtualMachine(Tenant C) vRouterForwarding Plane VirtualMachine(Tenant A) Routing Instance(Tenant A) Routing Instance(Tenant B) Routing Instance(Tenant C) vRouterAgent Flow Table FIB Flow Table FIB Flow Table FIB Overlay tunnelsMPLS over GRE or VXLAN JUNOSV CONTRAIL CONTROLLER JUNOSV CONTRAIL CONTROLLER XMPP Eth1 Kernel Tap Interfaces (vif) pkt0 User Eth0 EthN Config VRFs Policy Table Top of Rack Switch XMPP •vRouteris replaces the Linux Bridge or OVS module in Hypervisor Kernel •vRouterperforms bridging (E-VPN) and routing (L3VPN) •vRouterperforms networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing •No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT •Routes are automatically leaked into the VRF based on Policies •Support for Multiple Interfaces on the Virtual Machines •Support for Multiple Interfaces from Compute Node to the Switching Fabric
COMPUTE NODE –FORWARDING/TUNNELING Overlay tunnelsMPLS over GRE or VXLAN Compute Node vRouterForwarding Plane VirtualMachine(VN-IP1) Routing Instance Flow Table FIB Eth1 (Phy-IP1) Tap Interfaces (vif) Compute Node vRouterForwarding Plane VirtualMachine(VN-IP2) Routing Instance Flow Table FIB Eth1 (Phy-IP2) Tap Interfaces (vif) VIRTUAL PHYSICAL Virtual-IP2 Payload Virtual-IP2 Payload MPLS / VNI Phy-IP2 Virtual-IP2 Payload Virtual-IP2 Payload MPLS / VNI Phy-IP2 1.Guest OS ARPs for destination within subnet or default GW 2.VRouter receives the ARP and responds back with VRRP MAC 3.Guest OS sends traffic to the VRRP MAC, Vrouterencapsulates the packet with appropriate MPLS/VNI tag and GRE header 1.Physical Fabric Routers on Physical IP Address 1.Returning packets get forwarded to appropriate Routing Instance by the MPLS/VNI tag 1.VRouterde-capsulates the packet, and forwards it to the Guest OS
CONTRAIL STACK –CONTROL NODE Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
CONTRAIL -CONTROL PLANE NODE Control Node "BGP module" Proxies XMPP ControlNode Control Node Compute Node Compute Node Configuration Node Configuration Node IF-MAP XMPP IBGP IF-MAP Client •All Control Plane Nodes are active active •Each vRouteruses XMPP to connect with multiple Control Plane nodes for redundancy •Each Control Plane Node connects to multiple configuration nodes for redundancy •BGP and Netconfis used to connect with Physical Gateway Routers or Services Nodes •Control Plane Nodes federate using BGP •Control Nodes can run different software versions for test-before-deploy and live upgrades GatewayRouters Service Nodes
CONTROL PLANE –ROUTE DISTRIBUTION 10.1.1.1 10.1.1.2 70.10.10.1 151.10.10.1 10.1.1.2: NH = 151.10.10.1; LBL = 17 10.1.1.1: NH = 70.10.10.1; LBL = 39 10.1.1.1 10.1.1.2 PAYLOAD VRF PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1 PubSrcIP PubDstIP VM VRF PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD PriSrcIP PriDstIP VM IP Network Agent Agent XMPP XMPP Control Node Configuration Node REST/API 10.1.1.2:NH = 151.10.10.1; LBL = 17 10.1.1.1:NH = 70.10.10.1; LBL = 39 (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 Control Plane *Outer MAC header was left out intentionally to reduce clutter 10.1.1.1:NH = 70.10.10.1; LBL = 39 10.1.1.2:NH = 151.10.10.1; LBL = 17 Control Plane IF-MAP
CONTRAIL WITH L3VPN 10.1.1.1 10.1.1.2 70.10.10.1 151.10.10.1 10.1.1.2: NH = 80.20.20.1; LBL = 417 10.1.1.1 10.1.1.2 PAYLOAD VRF PriSrcIP PriDstIP VM VRF PriSrcIP PriDstIP VM IP Network Agent XMPP XMPP Configuration Management DC1 REST/API (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 10.1.1.1 10.1.1.2 PAYLOAD LBL=417 GRE 70.10.10.1 80.20.20.1 PubSrcIP PubDstIP PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 160.20.20.1 151.10.10.1 PubSrcIP PubDstIP PriSrcIP PriDstIP MX MX MPLS IP Network 80.20.20.1 160.20.20.1 Control Plane *Outer MAC header was left out intentionally to reduce clutter 10.1.1.2:NH = 80.20.20.1; LBL = 417 10.1.1.2:NH = 151.10.10.1; LBL = 17 REST/API BGP Control Nodes 10.1.1.1 10.1.1.2 PAYLOAD LBL=217 PriSrcIP PriDstIP MPLS Outer Label Control Plane I-MBGP MX I-MBGP 200.1.1.1 100.1.1.1 10.1.1.2: NH = 80.20.20.1; LBL = 417;RD;RT Configuration Management DC2 Agent BGP Control Nodes MX MX I-MBGP MX 10.1.1.2: NH = 200.1.1.1; LBL = 317;RD;RT 10.1.1.2: NH = 100.1.1.1; LBL = 217;RD;RT 10.1.1.2: NH = 160.20.20.1; LBL = 117;RD;RT 10.1.1.2: NH = 151.10.10.1; LBL = 17;RD;RT 160.20.20.1 80.20.20.1 E-MBGP E-MBGP MX MX 200.1.1.1 100.1.1.1 Service Provider 10.1.1.1 10.1.1.2 PAYLOAD
PACKET FLOW FOR EVPN ON IP NETWORK MAC1 MAC2 70.10.10.1 151.10.10.1 MAC2: NH = 151.10.10.1; LBL = 17 MAC1: NH = 70.10.10.1; LBL = 39 VRF MAC1 MAC2 PAYLOAD SrcMAC DstMAC VM VRF MAC1 MAC2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1 PubSrcIP PubDstIP SrcMAC DstMAC VM IP Network Agent Agent XMPP XMPP BGP Based Control Plane Configuration Management REST/API MAC2:NH = 151.10.10.1; LBL = 17 MAC1:NH = 70.10.10.1; LBL = 39 (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 Control Plane *Outer MAC header was left out intentionally to reduce clutter MAC1:NH = 70.10.10.1; LBL = 39 MAC2:NH = 151.10.10.1; LBL = 17 MAC1 MAC2 PAYLOAD SrcMAC DstMAC
CONTRAIL STACK –CONFIG NODE Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
CONTRAIL –SDN AS A “COMPILER” OrchestrationSystem SDN System Network(Physical and Virtual) South-BoundNetwork Element Interfaces East-WestPeering Interface (BGP) Application2 ApplicationN Applications North-bound APIs Data Model 1 Data Model 2 Data Model M Data Model Extensions Interface 1 Interface 2 Interface K Plug-ins Compilergenerates APIs Compilergenerates APIs
CONFIGURATION NODE Configuration Node REST API Server Schema Transformer Orchestrator(OpenStack) REST DHT DB IF-MAPserver Configuration Node ControlNode ControlNode IF-MAP Distributed Synchronization 1.API Server provides Northbound REST Interface –Orchestration System provisions using this API service 2.DHT/NoSQLDatabase is used for Persistence and High Availability of Configuration 3.Schema Transformer “compiles” the high level data model to low level model for vRouter, Service Nodes, and Gateway Routers 1.IF-MAP is used to represent the data-model – Control Nodes subscribe to the subset of configuration Configuration Node DHT DB DHT DB Message Bus
LOGICAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R PN VMFW Virtual Network Tenant Virtual Machines Virtual Firewall Physical Gateway Router Physical Network (Internet, L3VPN, ...)
PHYSICAL TOPOLOGY OpenStack ContrailController Neutron Nova Virtualized Server Hypervisor with Contrail vRouter Underlay Switches Gateway Router to Internet or L3VPN
MAPPING OF LOGICAL TO VIRTUAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R L3VPN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL
STARTING POINTEMPTY LOGICAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL
CREATE GREEN TENANTCREATE VIRTUAL NETWORK "GREEN" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VN G
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VM G1Attach to VN G Nova: Create VM VMG1
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Neutron: Attach VM to VN Create VM G1Attach to VN G XMPP: Create routing-instance
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VM G2Attach to VN G VMG1 Nova: Create VM VMG2
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Neutron: Attach VM to VN Create VM G2Attach to VN G VMG2 XMPP: Create routing-instance VMG2
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Create VM G2Attach to VN G VMG2 XMPP: Exchange routes Create tunnels VMG2
CREATE GREEN TENANTFORWARDING TABLES AND ENCAPSULATION VMG1 VMG2 IP prefix Nexthop VM G1 Virtual ethernet port to VM G1 Green routing-instance IP FIB VM G2 Push label L2 + GRE encapsto server S2 MPLS label Nexthop L1 Pop + Green routing-instance Global MPLS FIB IP prefix Nexthop Server S2 Physical ethernet port Global IP FIB IP prefix Nexthop VM G1 Push label L1GRE encapsto server S1 Green routing-instance IP FIB VM G2 Virtual ethernet port to VM G2 MPLS label Nexthop L2 Pop + Green routing-instance Global MPLS FIB IP prefix Nexthop Server S1 Physical ethernet port Global IP FIB Inner IP header Payload VM G1 Source IP VM G2 DestIP ... MPLS L2 Label GRE ... Outer IP header Server S1 Source IP Server S2 DestIP Ethernet Server S1 Source MAC Server S2 DestMAC Packet S1 S2
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G Nova: Create VM VMG3
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G VMG3 Neutron: Attach VM to VN XMPP: Create routing-instance
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G VMG3 XMPP: Exchange routes Create tunnels
CREATE GREEN TENANTEND STATE VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3
CREATE RED TENANTSAME STEPS AS GREEN TENANT VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2
CONNECT GREEN TO RED TENANT VIA FIREWALLCREATE VIRTUAL MACHINE FOR FIREWALL VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 Create VM FWAttach to VN GAttach to VN R VMFW Nova: Create VM VMFW
CONNECT GREEN TO RED TENANT VIA FIREWALLATTACH FIREWALL TO RED AND GREEN VIRTUAL NETWORKS VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 Create VM FWAttach to VN GAttach to VN R VMFW VMFW Neutron: Attach VM to VNs XMPP: Create routing-instance
CONNECT GREEN TO RED TENANT VIA FIREWALLAPPLY POLICY, EXCHANGE ROUTES, AND CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW Apply Policy VN G ↔ VN R XMPP: Exchange routes Create tunnels
CONNECT GREEN TO RED TENANT VIA FIREWALLEND STATE VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW
CONNECT GREEN TO RED TENANT VIA FIREWALLDATA PLANE: RED ↔ GREEN TRAFFIC FORCED THROUGH THE FIREWALL VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW
CONNECT RED TENANT TO PHYSICAL L3VPNCONFIGURE L3VPN ROUTING INSTANCE VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN Netconf: Configure routing-instance
CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH PHYSICAL ROUTER, CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN BGP: Exchange routes Create tunnels
CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH VROUTERS, CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN XMPP: Exchange routes Create tunnels
VROUTERHA Discovery Server eth0 eth1 TOR SPINE Gateway LACP Linux Bonding Controller 1 Controller 2 vRouter
CONTRAIL COMPONENT HA Controller 1 Discovery Server IFMap Neutron API IFMap Neutron API Neutron API Discovery Server Neutron API Neutron API ConfigAPI HAProxy + VIP HAProxy + VIP HAProxy + VIP Controller 1 Neutron API Cassandra Cassandra Neutron API Cassandra zookeeper Neutron API Neutron API RabbitMQ HAProxy + VIP
HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer
HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down
HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down 1) Configuration node send ALL data to Control node to sync Control node information 2) Overwrite new information
HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down Sync!
DEMO
Contrail Enabler for agile cloud services

More Related Content

PPTX
Open contrail slides for BANV meetup
Scott Edwards
 
PDF
Banv meetup-contrail
nvirters
 
PPTX
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
ozkan01
 
PPSX
Juniper Contrail VNS A BASIC introduction
MarketingArrowECS_CZ
 
PPTX
Secure Multi Tenant Cloud with OpenContrail
Priti Desai
 
PDF
Cloud Network Virtualization with Juniper Contrail
buildacloud
 
PDF
[OpenStack 스터디] OpenStack With Contrail
OpenStack Korea Community
 
PPTX
OpenStack MeetUp - OpenContrail Presentation
Stacy Véronneau
 
Open contrail slides for BANV meetup
Scott Edwards
 
Banv meetup-contrail
nvirters
 
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
ozkan01
 
Juniper Contrail VNS A BASIC introduction
MarketingArrowECS_CZ
 
Secure Multi Tenant Cloud with OpenContrail
Priti Desai
 
Cloud Network Virtualization with Juniper Contrail
buildacloud
 
[OpenStack 스터디] OpenStack With Contrail
OpenStack Korea Community
 
OpenStack MeetUp - OpenContrail Presentation
Stacy Véronneau
 

What's hot (20)

PDF
PLNOG 13: Nicolai van der Smagt: SDN
PROIDEA
 
PPTX
SDN Controller
tcp cloud
 
PPSX
Service Chaining - Cloud Network Services at Scale
MarketingArrowECS_CZ
 
PPTX
Contrail Basics
Kimberly Macias
 
PDF
ONIC Japan 2016 - Contrail アップデート
Juniper Networks (日本)
 
PDF
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
eurobsdcon
 
PPSX
Contrail Deep-dive - Cloud Network Services at Scale
MarketingArrowECS_CZ
 
PPTX
Cloudstack conference open_contrail v4
ozkan01
 
PPTX
The Juniper SDN Landscape
Chris Jones
 
PDF
WAN - trends and use cases
MarketingArrowECS_CZ
 
PDF
Campus
MarketingArrowECS_CZ
 
PDF
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PROIDEA
 
PDF
NFV в сетях операторов связи
TERMILAB. Интернет - лаборатория
 
PDF
Deployment of Juniper Contrail in AVG Technologies
MarketingArrowECS_CZ
 
PPTX
Reference design for v mware nsx
solarisyougood
 
PPSX
vSRX
MarketingArrowECS_CZ
 
PDF
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
ozkan01
 
PDF
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Gade Gowtham
 
PPTX
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PROIDEA
 
PPSX
From virtual to high end HW routing for the adult
MarketingArrowECS_CZ
 
PLNOG 13: Nicolai van der Smagt: SDN
PROIDEA
 
SDN Controller
tcp cloud
 
Service Chaining - Cloud Network Services at Scale
MarketingArrowECS_CZ
 
Contrail Basics
Kimberly Macias
 
ONIC Japan 2016 - Contrail アップデート
Juniper Networks (日本)
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
eurobsdcon
 
Contrail Deep-dive - Cloud Network Services at Scale
MarketingArrowECS_CZ
 
Cloudstack conference open_contrail v4
ozkan01
 
The Juniper SDN Landscape
Chris Jones
 
WAN - trends and use cases
MarketingArrowECS_CZ
 
Campus
MarketingArrowECS_CZ
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PROIDEA
 
NFV в сетях операторов связи
TERMILAB. Интернет - лаборатория
 
Deployment of Juniper Contrail in AVG Technologies
MarketingArrowECS_CZ
 
Reference design for v mware nsx
solarisyougood
 
vSRX
MarketingArrowECS_CZ
 
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
ozkan01
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Gade Gowtham
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PROIDEA
 
From virtual to high end HW routing for the adult
MarketingArrowECS_CZ
 
Ad

Viewers also liked (20)

PDF
Software Defined Future
Colt Technology Services
 
PDF
Colt Novitas SDN World Congress 2015
Colt Technology Services
 
PPTX
Webinar how to ensure sdn-nfv doesn't break your network
Qualitest
 
PPTX
Overture presentation on Central Office (Exchange): Home to the New Telco Clo...
Overture Networks
 
PDF
Colt: The Future of Telco Cloud
Colt Technology Services
 
PDF
2016 interop sdi_showcase_contrail
Daisuke Nakajima
 
PPTX
Colt inter-provider SDN NNIs and APIs
Colt Technology Services
 
PPTX
SDN/NFV architecture vision and reality
Colt Technology Services
 
PPTX
○○○で作るOpenStack+Contrail環境
VirtualTech Japan Inc.
 
PPTX
OpenStack Telco Cloud Challenges, David Fick, Oracle
Sriram Subramanian
 
PDF
2014年を振り返る 今年の技術トレンドとDockerについて
Masahito Zembutsu
 
PDF
Using OpenContrail with Kubernetes
Matt Baldwin
 
PDF
Telco Cloud - An evolution approach 2016
Fernando Herrera
 
PPTX
Container sig#1 ansible-container
Naoya Hashimoto
 
PPSX
Contrail Demo
MarketingArrowECS_CZ
 
PPTX
The Modern Telco Network: Defining The Telco Cloud
Marco Rodrigues
 
PDF
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
PPTX
OCP Serverを用いた OpenStack Containerの検証
Takashi Sogabe
 
PDF
OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介
Takashi Sogabe
 
PDF
DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)
さくらインターネット株式会社
 
Software Defined Future
Colt Technology Services
 
Colt Novitas SDN World Congress 2015
Colt Technology Services
 
Webinar how to ensure sdn-nfv doesn't break your network
Qualitest
 
Overture presentation on Central Office (Exchange): Home to the New Telco Clo...
Overture Networks
 
Colt: The Future of Telco Cloud
Colt Technology Services
 
2016 interop sdi_showcase_contrail
Daisuke Nakajima
 
Colt inter-provider SDN NNIs and APIs
Colt Technology Services
 
SDN/NFV architecture vision and reality
Colt Technology Services
 
○○○で作るOpenStack+Contrail環境
VirtualTech Japan Inc.
 
OpenStack Telco Cloud Challenges, David Fick, Oracle
Sriram Subramanian
 
2014年を振り返る 今年の技術トレンドとDockerについて
Masahito Zembutsu
 
Using OpenContrail with Kubernetes
Matt Baldwin
 
Telco Cloud - An evolution approach 2016
Fernando Herrera
 
Container sig#1 ansible-container
Naoya Hashimoto
 
Contrail Demo
MarketingArrowECS_CZ
 
The Modern Telco Network: Defining The Telco Cloud
Marco Rodrigues
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
OCP Serverを用いた OpenStack Containerの検証
Takashi Sogabe
 
OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介
Takashi Sogabe
 
DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)
さくらインターネット株式会社
 
Ad

Similar to Contrail Enabler for agile cloud services (20)

PDF
Banv meetup 04162014
ozkan01
 
PDF
Opencontrail network virtualization
Nicolai van der Smagt
 
PDF
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
Indonesia Network Operators Group
 
PPTX
PLNOG 13: Michał Dubiel: OpenContrail software architecture
PROIDEA
 
PDF
Ct nyc-philly open stack meetups april 2014 final
ozkan01
 
PDF
Accelerating SDN Applications with Open Source Network Overlays
Cumulus Networks
 
PDF
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.
Semihalf
 
PPTX
Raga_SDN_NSX_1
Ranjith Kumar
 
PDF
PLNOG 17 - Nicolai van der Smagt - Building and connecting the eBay Classifie...
PROIDEA
 
PPTX
Ключевые тенденции отрасли в последнее время
SkillFactory
 
PPTX
Understanding and deploying Network Virtualization
SDN Hub
 
PDF
Using Software-Defined WAN implementation to turn on advanced connectivity se...
RedHatTelco
 
PDF
Different approaches to performance enhancements in network virtualization fo...
Michelle Holley
 
PPTX
M.Tech Internet of Things Unit - IV.pptx
AvinashAvuthu2
 
PDF
Opening Up Your Network with SDN
Open Networking Summits
 
PPTX
Dave Chandler Presents SDN at World Wide Technology's TECday - St. Louis
World Wide Technology
 
PDF
Carrier-grade-virtual-platform-use-case
Sheryl Zhang
 
PPTX
nested-kvm
sethuraman ramanathan
 
PPTX
Contrail SD-WAN: Secure, Automated Multicloud and Multi-site SD-Branch Connec...
James Kelly
 
PPTX
Operators experience and perspective on SDN with VLANs and L3 Networks
Jakub Pavlik
 
Banv meetup 04162014
ozkan01
 
Opencontrail network virtualization
Nicolai van der Smagt
 
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
Indonesia Network Operators Group
 
PLNOG 13: Michał Dubiel: OpenContrail software architecture
PROIDEA
 
Ct nyc-philly open stack meetups april 2014 final
ozkan01
 
Accelerating SDN Applications with Open Source Network Overlays
Cumulus Networks
 
Software Defined Networks (SDN) na przykładzie rozwiązania OpenContrail.
Semihalf
 
Raga_SDN_NSX_1
Ranjith Kumar
 
PLNOG 17 - Nicolai van der Smagt - Building and connecting the eBay Classifie...
PROIDEA
 
Ключевые тенденции отрасли в последнее время
SkillFactory
 
Understanding and deploying Network Virtualization
SDN Hub
 
Using Software-Defined WAN implementation to turn on advanced connectivity se...
RedHatTelco
 
Different approaches to performance enhancements in network virtualization fo...
Michelle Holley
 
M.Tech Internet of Things Unit - IV.pptx
AvinashAvuthu2
 
Opening Up Your Network with SDN
Open Networking Summits
 
Dave Chandler Presents SDN at World Wide Technology's TECday - St. Louis
World Wide Technology
 
Carrier-grade-virtual-platform-use-case
Sheryl Zhang
 
nested-kvm
sethuraman ramanathan
 
Contrail SD-WAN: Secure, Automated Multicloud and Multi-site SD-Branch Connec...
James Kelly
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Jakub Pavlik
 

More from Juniper Networks (日本) (20)

PDF
【Interop Tokyo 2024】ShowNetにおけるジュニパーネットワークスの取り組み
Juniper Networks (日本)
 
PDF
【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み
Juniper Networks (日本)
 
PDF
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
Juniper Networks (日本)
 
PDF
Juniper Festa @ Interop Tokyo 2021
Juniper Networks (日本)
 
PDF
【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介
Juniper Networks (日本)
 
PDF
【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...
Juniper Networks (日本)
 
PDF
Juniper Festa @ Interop Tokyo 2019
Juniper Networks (日本)
 
PDF
【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース
Juniper Networks (日本)
 
PDF
【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~
Juniper Networks (日本)
 
PDF
【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション
Juniper Networks (日本)
 
PDF
【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化
Juniper Networks (日本)
 
PDF
【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS
Juniper Networks (日本)
 
PDF
【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札
Juniper Networks (日本)
 
PDF
【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?
Juniper Networks (日本)
 
PDF
Juniper Festa @ Interop Tokyo 2018
Juniper Networks (日本)
 
PDF
Virtual Chassis Fabric for Cloud Builder
Juniper Networks (日本)
 
PDF
Juniper Festa @ Interop Tokyo 2017
Juniper Networks (日本)
 
PDF
AppFormix勉強会資料
Juniper Networks (日本)
 
PDF
FlexEのご紹介 - JANOG 39.5 発表資料
Juniper Networks (日本)
 
PDF
Junos SpaceによるJunos機器の運用管理
Juniper Networks (日本)
 
【Interop Tokyo 2024】ShowNetにおけるジュニパーネットワークスの取り組み
Juniper Networks (日本)
 
【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み
Juniper Networks (日本)
 
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
Juniper Networks (日本)
 
Juniper Festa @ Interop Tokyo 2021
Juniper Networks (日本)
 
【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介
Juniper Networks (日本)
 
【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...
Juniper Networks (日本)
 
Juniper Festa @ Interop Tokyo 2019
Juniper Networks (日本)
 
【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース
Juniper Networks (日本)
 
【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~
Juniper Networks (日本)
 
【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション
Juniper Networks (日本)
 
【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化
Juniper Networks (日本)
 
【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS
Juniper Networks (日本)
 
【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札
Juniper Networks (日本)
 
【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?
Juniper Networks (日本)
 
Juniper Festa @ Interop Tokyo 2018
Juniper Networks (日本)
 
Virtual Chassis Fabric for Cloud Builder
Juniper Networks (日本)
 
Juniper Festa @ Interop Tokyo 2017
Juniper Networks (日本)
 
AppFormix勉強会資料
Juniper Networks (日本)
 
FlexEのご紹介 - JANOG 39.5 発表資料
Juniper Networks (日本)
 
Junos SpaceによるJunos機器の運用管理
Juniper Networks (日本)
 

Recently uploaded (20)

PDF
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PPTX
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
PDF
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PPTX
TEXTILE technology diploma scope and career opportunities
kriti38
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
How IoT Sensor Integration in 2025 is Transforming Industries Worldwide
Rejig Digital
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
TEXTILE technology diploma scope and career opportunities
kriti38
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 

Contrail Enabler for agile cloud services

  • 1. CONTRAIL ENABLER FOR AGILE CLOUD SERVICES OpenContrailMeetup NUENO@JUNIPER.NET DISTINGUISHED ENGINEER / SDN TEAM Nachi Ueno
  • 2. This statement of direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or function depicted in this presentation
  • 3. ENTERPRISE DC EVOLUTION (ITAAS) TRADITIONAL VIRTUALIZATION LB Policies ACLs FW, IPS Policies Sec. Device LB Device Switches Physical Servers Router Standalone Applications (Dedicated Resources) End-user Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Manual device config Custom Policy Config Deployment knowledge Admin Virtual Machines VLANs vSecurity LB Policies ACLs VLAN Config Security Policies Router End-user Standalone Application (Virtualized Resources) Admin vLB VM Orchestrator Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Manual device config Custom Policy Config Deployment knowledge
  • 4. CLOUD CLOUD-ENABLED DATA CENTER Sub-Optimal Device Utilization Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Large, Manual Device Config Custom / Complex Policy Config Specialized deployment knowledge Evolving Applications (on Resource Pool) External Cloud Based Resources Virtualized Resource Pools Resources Across Data Centers No ACLs End-user Orchestrator / Controller All Policies (incl. ACLs) Virtual Network Virtual Network Compute Storage LB Security Admin
  • 5. NFV: NETWORK EDGE SECURITY Network Function Virtualization Scalable Virtual Service on x86 Scalable Virtual Service on x86 Private networks SP DATACENTER BRAS/VPN Edge FW –IPS –PDF –DDoS FW –IPS –PDF –DDoS Service Load Balancing Service Load Balancing L3VPN-ENABLED SP CORE/BACKBONE BUSINESS EDGE Internet BROADBAND EDGE MOBILE EDGE Dynamic Service Provisioning, Scaling; Service Chaining Security Services –Firefly, Web App Secure, DdosSecure, vSA Centralized management/orchestration Software abstraction from physical infra Edge delivery of virtualized security services (Firefly, DdosSecure, Web App Secure, vSA
  • 6. FLEXIBLE AND DYNAMIC CHAINING OF SERVICES Host + Hypervisor Host + Hypervisor VIRTUAL NETWORK GREEN VIRTUAL NETWORK YELLOW Service A Service B IP fabric(switch underlay) A C B G1 G2 G3 G1 G2 G3 Y1 Y2 Y3 Y2 Y3 Y1 VM and virtualized Network function pool VM and virtualized Network function pool … … LOGICAL PHYSICAL Service C
  • 7. L3VPN SELF-SERVICE ENTERPRISE SERVICE CLOUD CUSTOMER A (Branch Office) VPN SITE 1 CUSTOMER B (Branch Office) VPN SITE 2 CUSTOMER A (HQ) VPN SITE 2 CUSTOMER B (HQ) VPN SITE 1 Self-service portal with quick (< 5 min) network provisioning Service automation SLA-based ‘As-a-Service’ model for services Elastic architecture with service Scale-out Standard Protocols to connect SP customer to service SLB FW UTM CDN WAN OPT SP Service Cloud Quick, Self-Service
  • 8. INTERCONNECT W/ EXISTING INFRASTRUCTURE Contrail enables customers to use their legacy infrastructure for legacy apps, and expand to cloud-architectures for newer apps. VLAN -A VLAN -B VLAN -C VLAN -D Front-End Tier Back-End Tier EXISTING/ LEGACY INFRASTRUCTURE CLOUD INFRASTRUCTURE Back-End Front-End Security Tier LB Tier CONTRAIL CONTROLLER Security LB Gateway Contrail enables enterprises to continue using legacy investments and infrastructure. Can extend portions of the network or the entire infrastructure and be able to run new cloud-based as well as legacy applications
  • 10. VIRTUAL NETWORKS VIRTUALIZED SERVICES THE NEW NETWORK –BUILDINGBLOCKS GATEWAYS NETWORK AND PACKET POLICY PROVIDED BY OPEN BGP VPN TECHNOLOGIES NETWORK POLICY FOR TOPOLOGY AND PACKET FOR TRAFFIC CONTROL NETWORK FUNCTIONS AND SERVICES STITCHED TO TOPOLOGY CONNECTS VIRTUAL AND PHYSICAL DOMAINS
  • 11. WHAT IS NETWORK VIRTUALIZATION •Independent of Physical Network Location or State –Logical Network across any server, any rack, any cluster, any data-center –Virtual Machines can migrate without requiring any reworking of security policies, load balancing, etc –New Workloads or Networks should not require provisioning of physical network –Nodes in Physical Network can fail without any disruption to Workload •Full Isolation for Multi-tenancy and Fault Tolerance –MAC and IP Addresses are completely private per tenant –Any failures or configuration errors by tenants do not affect other applications or tenants –Any failures in the virtual layer do not propagate to physical layer
  • 12. THE IMPORTANCE OF ABSTRACTION BMSR4 OpenStack ContrailController Neutron Nova VMG1 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW PHYSICAL TOPOLOGY Complex •Low level of abstraction •Many vrouters •Many routing-instances •Many tunnels •Many routes Complex to configure Complex to troubleshoot JunosSpace
  • 13. CONTRAIL –VIRTUALIZED & AUTOMATED NETWORK CONTROL PLANE, MANAGEMENT PLANE NETWORK PROGRAMMABILITY ENABLING NFV (NETWORK FUNCTION VIRTUALIZATION) VIRTUALIZED NETWORK SERVICES INTEROPERABILITY WITH PHYSICAL NETWORK NETWORK VIRTUALIZATION (PRIVATE, HYBRID) CONVERGED NETWORK ORCHESTRATION AUTOMATION, ANALYTICS
  • 15. L3 L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L3 L3 L3 L3 L3 CLOUD DC -CONTRAIL L2/L3 OVERLAY vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter Hypervisor vRouter handles L2/L3 Hypervisor vRouter performs NAT = multi-tenant VRF Service Insertion Service Insertion External Network Servers
  • 16. CONTRAIL PHILOSOPHY2 Fault tolerance via Idempotence
  • 17. RPC NIGHTMARE Compute Node Network Node Scheduler API Do we need Distributed transaction manager…. ?
  • 18. STATE SYNCHRONIZATION Controller Agent Full Sync Full Sync Diff Check local State & Apply diff
  • 19. BGP router router Update Withdraw Check local State & Update state
  • 20. IFMAP Server Clinet Poll Update Check local State & Update state
  • 22. Network Subnet Subnet Port VM Port VM Router Network Subnet Network Policy Subnet Service Instance
  • 24. CONTRAIL & OPENSTACK COMPONENTS Horizon UI Contrail Web UI Nova (Compute Orchestration) Neutron Plugin Compute Node Storage Keystone (Identity / Access Mgmt) Cinder (Block Storage) Swift (Object Storage) Nova Agent ContrailAgent Contrail Config Contrail Control vRouter Operator User Logs in, Create tenant (projects), Create IPAM, Create virtual network, Launch VMs VM Get VM Image to spawn API Srvr Scheduler … Select Compute node to spawn VM Info to spawn VM Hypervisor VM Spawned Block Storage Assignment Xen Bi-directional message bus (XMPP interaction) Launch VM Network related interaction Get virtual network info DHCP Plug (Tap interface, Instance ID, ..) Glance (Image Server) Authentication, etc.
  • 25. ROLE OF CONTRAIL IN INTEGRATED STACK Service Nodes Internet VPN DCI WAN Gateway Router JunosVContrail Orchestrator Compute APIs Storage APIs Network APIs Server Virtual Machine vRouter Physical Switches vSRX, F5 …
  • 26. CONTRAIL SOLUTION OVERVIEW OpenContrail Controller Configuration Analytics Control Server VM VM VM Server VM VM VM IP fabric(underlay network) Juniper Qfabric/QFX/EX or 3rdparty underlay switches Juniper MXor 3rdparty gateway routers Tenant VMs BGPFederation BGPClustering Contrail Controller REST XMPP CONTROLLER Control Orchestrator XMPP BGP + Netconf Contrail vRouter(L2 & L3) on KVM, Xenand ESXi/HyperV/Contrainersand Bare Metal in 2014 2014
  • 27. CONTRAIL COMPONENTS Physical Network(no changes) Analytics OPENCONTRAIL CONTROLLER Control Configuration Physical Host with Hypervisor vRouter VM VM VM VM Physical Host with Hypervisor vRouter VM VM VM VM WAN, Internet Gateway Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine collects, stores and analyzes network elements Interacts with network elements for VM network provisioning and ensures uptime vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance TODAY 2014
  • 28. OPENSTACK INTEGRATION Horizon Nova API Compute Driver Virtual-IF Driver Nova Compute Contrail Agent vRouter(kernel) Virtual Router Nova Scheduler Neutron Driver Neutron Plugin Configuration Node Control Node 1 Create an Instance (VM Info, Network, IPAM, Policies, etc) 2 Schedule an Instance on the Compute Node 3 VM Network Properties 4 Create VM Interface 6 Publish VM Intfon IFMap 5 Add Port 7 VM Interface Configover XMPP Scripts
  • 29. CONTRAIL STACK -VROUTER Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
  • 30. COMPUTE NODE –HYPERVISOR, VROUTER Compute Node VirtualMachine(Tenant B) VirtualMachine(Tenant C) VirtualMachine(Tenant C) vRouterForwarding Plane VirtualMachine(Tenant A) Routing Instance(Tenant A) Routing Instance(Tenant B) Routing Instance(Tenant C) vRouterAgent Flow Table FIB Flow Table FIB Flow Table FIB Overlay tunnelsMPLS over GRE or VXLAN JUNOSV CONTRAIL CONTROLLER JUNOSV CONTRAIL CONTROLLER XMPP Eth1 Kernel Tap Interfaces (vif) pkt0 User Eth0 EthN Config VRFs Policy Table Top of Rack Switch XMPP •vRouteris replaces the Linux Bridge or OVS module in Hypervisor Kernel •vRouterperforms bridging (E-VPN) and routing (L3VPN) •vRouterperforms networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing •No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT •Routes are automatically leaked into the VRF based on Policies •Support for Multiple Interfaces on the Virtual Machines •Support for Multiple Interfaces from Compute Node to the Switching Fabric
  • 31. COMPUTE NODE –FORWARDING/TUNNELING Overlay tunnelsMPLS over GRE or VXLAN Compute Node vRouterForwarding Plane VirtualMachine(VN-IP1) Routing Instance Flow Table FIB Eth1 (Phy-IP1) Tap Interfaces (vif) Compute Node vRouterForwarding Plane VirtualMachine(VN-IP2) Routing Instance Flow Table FIB Eth1 (Phy-IP2) Tap Interfaces (vif) VIRTUAL PHYSICAL Virtual-IP2 Payload Virtual-IP2 Payload MPLS / VNI Phy-IP2 Virtual-IP2 Payload Virtual-IP2 Payload MPLS / VNI Phy-IP2 1.Guest OS ARPs for destination within subnet or default GW 2.VRouter receives the ARP and responds back with VRRP MAC 3.Guest OS sends traffic to the VRRP MAC, Vrouterencapsulates the packet with appropriate MPLS/VNI tag and GRE header 1.Physical Fabric Routers on Physical IP Address 1.Returning packets get forwarded to appropriate Routing Instance by the MPLS/VNI tag 1.VRouterde-capsulates the packet, and forwards it to the Guest OS
  • 32. CONTRAIL STACK –CONTROL NODE Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
  • 33. CONTRAIL -CONTROL PLANE NODE Control Node "BGP module" Proxies XMPP ControlNode Control Node Compute Node Compute Node Configuration Node Configuration Node IF-MAP XMPP IBGP IF-MAP Client •All Control Plane Nodes are active active •Each vRouteruses XMPP to connect with multiple Control Plane nodes for redundancy •Each Control Plane Node connects to multiple configuration nodes for redundancy •BGP and Netconfis used to connect with Physical Gateway Routers or Services Nodes •Control Plane Nodes federate using BGP •Control Nodes can run different software versions for test-before-deploy and live upgrades GatewayRouters Service Nodes
  • 34. CONTROL PLANE –ROUTE DISTRIBUTION 10.1.1.1 10.1.1.2 70.10.10.1 151.10.10.1 10.1.1.2: NH = 151.10.10.1; LBL = 17 10.1.1.1: NH = 70.10.10.1; LBL = 39 10.1.1.1 10.1.1.2 PAYLOAD VRF PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1 PubSrcIP PubDstIP VM VRF PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD PriSrcIP PriDstIP VM IP Network Agent Agent XMPP XMPP Control Node Configuration Node REST/API 10.1.1.2:NH = 151.10.10.1; LBL = 17 10.1.1.1:NH = 70.10.10.1; LBL = 39 (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 Control Plane *Outer MAC header was left out intentionally to reduce clutter 10.1.1.1:NH = 70.10.10.1; LBL = 39 10.1.1.2:NH = 151.10.10.1; LBL = 17 Control Plane IF-MAP
  • 35. CONTRAIL WITH L3VPN 10.1.1.1 10.1.1.2 70.10.10.1 151.10.10.1 10.1.1.2: NH = 80.20.20.1; LBL = 417 10.1.1.1 10.1.1.2 PAYLOAD VRF PriSrcIP PriDstIP VM VRF PriSrcIP PriDstIP VM IP Network Agent XMPP XMPP Configuration Management DC1 REST/API (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 10.1.1.1 10.1.1.2 PAYLOAD LBL=417 GRE 70.10.10.1 80.20.20.1 PubSrcIP PubDstIP PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 160.20.20.1 151.10.10.1 PubSrcIP PubDstIP PriSrcIP PriDstIP MX MX MPLS IP Network 80.20.20.1 160.20.20.1 Control Plane *Outer MAC header was left out intentionally to reduce clutter 10.1.1.2:NH = 80.20.20.1; LBL = 417 10.1.1.2:NH = 151.10.10.1; LBL = 17 REST/API BGP Control Nodes 10.1.1.1 10.1.1.2 PAYLOAD LBL=217 PriSrcIP PriDstIP MPLS Outer Label Control Plane I-MBGP MX I-MBGP 200.1.1.1 100.1.1.1 10.1.1.2: NH = 80.20.20.1; LBL = 417;RD;RT Configuration Management DC2 Agent BGP Control Nodes MX MX I-MBGP MX 10.1.1.2: NH = 200.1.1.1; LBL = 317;RD;RT 10.1.1.2: NH = 100.1.1.1; LBL = 217;RD;RT 10.1.1.2: NH = 160.20.20.1; LBL = 117;RD;RT 10.1.1.2: NH = 151.10.10.1; LBL = 17;RD;RT 160.20.20.1 80.20.20.1 E-MBGP E-MBGP MX MX 200.1.1.1 100.1.1.1 Service Provider 10.1.1.1 10.1.1.2 PAYLOAD
  • 36. PACKET FLOW FOR EVPN ON IP NETWORK MAC1 MAC2 70.10.10.1 151.10.10.1 MAC2: NH = 151.10.10.1; LBL = 17 MAC1: NH = 70.10.10.1; LBL = 39 VRF MAC1 MAC2 PAYLOAD SrcMAC DstMAC VM VRF MAC1 MAC2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1 PubSrcIP PubDstIP SrcMAC DstMAC VM IP Network Agent Agent XMPP XMPP BGP Based Control Plane Configuration Management REST/API MAC2:NH = 151.10.10.1; LBL = 17 MAC1:NH = 70.10.10.1; LBL = 39 (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 Control Plane *Outer MAC header was left out intentionally to reduce clutter MAC1:NH = 70.10.10.1; LBL = 39 MAC2:NH = 151.10.10.1; LBL = 17 MAC1 MAC2 PAYLOAD SrcMAC DstMAC
  • 37. CONTRAIL STACK –CONFIG NODE Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
  • 38. CONTRAIL –SDN AS A “COMPILER” OrchestrationSystem SDN System Network(Physical and Virtual) South-BoundNetwork Element Interfaces East-WestPeering Interface (BGP) Application2 ApplicationN Applications North-bound APIs Data Model 1 Data Model 2 Data Model M Data Model Extensions Interface 1 Interface 2 Interface K Plug-ins Compilergenerates APIs Compilergenerates APIs
  • 39. CONFIGURATION NODE Configuration Node REST API Server Schema Transformer Orchestrator(OpenStack) REST DHT DB IF-MAPserver Configuration Node ControlNode ControlNode IF-MAP Distributed Synchronization 1.API Server provides Northbound REST Interface –Orchestration System provisions using this API service 2.DHT/NoSQLDatabase is used for Persistence and High Availability of Configuration 3.Schema Transformer “compiles” the high level data model to low level model for vRouter, Service Nodes, and Gateway Routers 1.IF-MAP is used to represent the data-model – Control Nodes subscribe to the subset of configuration Configuration Node DHT DB DHT DB Message Bus
  • 40. LOGICAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R PN VMFW Virtual Network Tenant Virtual Machines Virtual Firewall Physical Gateway Router Physical Network (Internet, L3VPN, ...)
  • 41. PHYSICAL TOPOLOGY OpenStack ContrailController Neutron Nova Virtualized Server Hypervisor with Contrail vRouter Underlay Switches Gateway Router to Internet or L3VPN
  • 42. MAPPING OF LOGICAL TO VIRTUAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R L3VPN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL
  • 43. STARTING POINTEMPTY LOGICAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL
  • 44. CREATE GREEN TENANTCREATE VIRTUAL NETWORK "GREEN" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VN G
  • 45. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VM G1Attach to VN G Nova: Create VM VMG1
  • 46. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Neutron: Attach VM to VN Create VM G1Attach to VN G XMPP: Create routing-instance
  • 47. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VM G2Attach to VN G VMG1 Nova: Create VM VMG2
  • 48. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Neutron: Attach VM to VN Create VM G2Attach to VN G VMG2 XMPP: Create routing-instance VMG2
  • 49. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Create VM G2Attach to VN G VMG2 XMPP: Exchange routes Create tunnels VMG2
  • 50. CREATE GREEN TENANTFORWARDING TABLES AND ENCAPSULATION VMG1 VMG2 IP prefix Nexthop VM G1 Virtual ethernet port to VM G1 Green routing-instance IP FIB VM G2 Push label L2 + GRE encapsto server S2 MPLS label Nexthop L1 Pop + Green routing-instance Global MPLS FIB IP prefix Nexthop Server S2 Physical ethernet port Global IP FIB IP prefix Nexthop VM G1 Push label L1GRE encapsto server S1 Green routing-instance IP FIB VM G2 Virtual ethernet port to VM G2 MPLS label Nexthop L2 Pop + Green routing-instance Global MPLS FIB IP prefix Nexthop Server S1 Physical ethernet port Global IP FIB Inner IP header Payload VM G1 Source IP VM G2 DestIP ... MPLS L2 Label GRE ... Outer IP header Server S1 Source IP Server S2 DestIP Ethernet Server S1 Source MAC Server S2 DestMAC Packet S1 S2
  • 51. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G Nova: Create VM VMG3
  • 52. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G VMG3 Neutron: Attach VM to VN XMPP: Create routing-instance
  • 53. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G VMG3 XMPP: Exchange routes Create tunnels
  • 54. CREATE GREEN TENANTEND STATE VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3
  • 55. CREATE RED TENANTSAME STEPS AS GREEN TENANT VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2
  • 56. CONNECT GREEN TO RED TENANT VIA FIREWALLCREATE VIRTUAL MACHINE FOR FIREWALL VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 Create VM FWAttach to VN GAttach to VN R VMFW Nova: Create VM VMFW
  • 57. CONNECT GREEN TO RED TENANT VIA FIREWALLATTACH FIREWALL TO RED AND GREEN VIRTUAL NETWORKS VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 Create VM FWAttach to VN GAttach to VN R VMFW VMFW Neutron: Attach VM to VNs XMPP: Create routing-instance
  • 58. CONNECT GREEN TO RED TENANT VIA FIREWALLAPPLY POLICY, EXCHANGE ROUTES, AND CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW Apply Policy VN G ↔ VN R XMPP: Exchange routes Create tunnels
  • 59. CONNECT GREEN TO RED TENANT VIA FIREWALLEND STATE VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW
  • 60. CONNECT GREEN TO RED TENANT VIA FIREWALLDATA PLANE: RED ↔ GREEN TRAFFIC FORCED THROUGH THE FIREWALL VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW
  • 61. CONNECT RED TENANT TO PHYSICAL L3VPNCONFIGURE L3VPN ROUTING INSTANCE VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN Netconf: Configure routing-instance
  • 62. CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH PHYSICAL ROUTER, CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN BGP: Exchange routes Create tunnels
  • 63. CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH VROUTERS, CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN XMPP: Exchange routes Create tunnels
  • 64. VROUTERHA Discovery Server eth0 eth1 TOR SPINE Gateway LACP Linux Bonding Controller 1 Controller 2 vRouter
  • 65. CONTRAIL COMPONENT HA Controller 1 Discovery Server IFMap Neutron API IFMap Neutron API Neutron API Discovery Server Neutron API Neutron API ConfigAPI HAProxy + VIP HAProxy + VIP HAProxy + VIP Controller 1 Neutron API Cassandra Cassandra Neutron API Cassandra zookeeper Neutron API Neutron API RabbitMQ HAProxy + VIP
  • 66. HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer
  • 67. HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down
  • 68. HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down 1) Configuration node send ALL data to Control node to sync Control node information 2) Overwrite new information
  • 69. HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down Sync!
  • 70. DEMO