Open contrail slides for BANV meetup
Download as PPTX, PDF5 likes4,468 views
The document discusses network virtualization techniques for data center networks. It begins with an overview of problems with legacy approaches such as limited VLAN span and lack of multi-tenancy support. It then covers various virtualization techniques including VXLAN, network overlays using hypervisors, and Contrail for L2/L3 overlays with multi-tenant VRF support. The presentation concludes with a demo overview of Contrail for virtual network configuration, control and management planes, and dynamic service insertion.
Open contrail slides for BANV meetup
- 1. MEETUP – JAN 20TH 2014 Juniper Restricted Confidential - Do not distribute externally
- 2. PROBLEM DEFINITION 2 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 3. LOST DECADE OF NETWORKING 2001 2011 … cool new logos 3 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 4. THE RAGE OF 2011-2013 Solution looking for a problem ….. …. and it did find a few interesting ones 4 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 5. WHAT ARE THE REAL PROBLEMS… CONFIGURED, MANAGED Whatever happened to Web2.0? 5 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 6. WHAT ARE THE REAL PROBLEMS… SCALE-UP SYSTEMS Cloud? Scale-out? …. 6 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 7. WHAT ARE THE REAL PROBLEMS… HARDWARE SERVICES Virtualization? Orchestration? 7 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 8. WHAT ARE THE REAL PROBLEMS… LOW VISIBILITY Big Data? Analytics? …. 8 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 9. NETWORKING PROBLEMS IN A NUTSHELL CONFIGURED, MANAGED POOR MANAGE-ABILITY SCALE-UP SYSTEMS INFLEXIBLE SYSTEMS HARDWARE SERVICES HARDWARE CENTRIC LOW VISIBILITY 9 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 10. CUSTOMER PROBLEMS 10 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 11. DATA-CENTER NETWORKING Admin Config Centralized Management & Control, Policy provisioning LOAD BALANCER LOAD BALANCER MARKETING HR FINANCE FIREWALL FIREWALL VIRTUALIZED VLANS VLANS FINANCE Physical Servers HR Local Hard MARKETING Drives Network Virtualization and Centralized Services Management 11 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 12. SERVICE PROVIDER NETWORK PCRF Scalable Virtual Service on x86 MOBILE EDGE Services – Firefly, Web App Secure, Ddos Secure, vSA FW – IPS – PDF – DDoS SP DATACENTER SGSN / MME CACHING Mobile Edge GGSN / P-GW BROADBAND EDGE Business Edge BUSINESS EDGE Service Load Balancing DPI L3VPN-ENABLED SLB SP CORE/BACKBONE Service Load Core / Balancing Backbone Private networks FW Broadband Edge BRAS/VPN Edge SBC Scalable Virtual Service on x86 Dynamic Service Provisioning, Scaling; Service Chaining Media Gateway FW – IPS – PDF – DDoS NFV: Virtualized Network Services with Centralized Management & Orchestration 12 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 13. NETWORK VIRTUALIZATION TECHNIQUES 13 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 14. LEGACY DC - L2/VLAN BASED APPROACH L3 L3 L2/L3 L2/L3 L2/L3 L2/L3 Multi-Chassis LAG TRUNK L2 Switch L2 Switch ToR L2 L2 L2 L2 L2 L2 L2 L2 VMs Servers 14 Copyright © 2013 Juniper Networks, Inc. L2 Switch L2 Switch ToR Juniper Restricted Confidential - Do not distribute externally. L2 L2 L2 L2
- 15. LEGACY DC - LIMITED VLAN SPAN L3 L3 Routing & Filtering between VLANs Routing & Filtering between VLANs FW No VLANs Across L3 L2/L3 L2/L3 L2/L3 FW L2/L3 LB LB Multi-Chassis LAG TRUNK L2 Switch L2 Switch ToR L2 L2 L2 L2 L2 L2 L2 L2 VLAN Span Limit 15 Copyright © 2013 Juniper Networks, Inc. L2 Switch L2 Switch ToR Juniper Restricted Confidential - Do not distribute externally. L2 L2 L2 L2
- 16. LEGACY DC - NO MULTI-TENANCY L3 FW L2/L3 L2/L3 L3 L2/L3 Single Routing Table (No support for overlapping multi-tenant space) LB FW L2/L3 LB Multi-Chassis LAG TRUNK L2 Switch L2 Switch ToR L2 L2 L2 L2 L2 L2 L2 L2 VMs VLAN Span Limit 16 Copyright © 2013 Juniper Networks, Inc. L2 Switch L2 Switch ToR Juniper Restricted Confidential - Do not distribute externally. L2 L2 L2 L2
- 17. LEGACY DC - MULTI-TENANCY WITH VRF Tenant Specific HW Appliance Services L3-MPLS L3-MPLS FW LB FW LB MPLS – Enabled links FW LB FW LB L2/L3 -MPLS L2/L3 -MPLS FW LB L2/L3 -MPLS L2/L3 -MPLS VRF for multi-tenant isolation Tenant-VRF FW LB Tenant-VRF Multi-Chassis LAG TRUNK L2 Switch L2 SwitchToR L2 L2 L2 L2 L2 L2 L2 L2 VLAN Span Limit 17 Copyright © 2013 Juniper Networks, Inc. L2 Switch L2 Switch ToR Juniper Restricted Confidential - Do not distribute externally. L2 L2 L2 L2
- 18. CLOUD DC – ECMP CLOS NETWORK L3 L3 L3 External Network L3 L3 L3 ToR L2-SW 18 L3 L3 ToR L2-SW L2-SW L2-SW L2-SW Copyright © 2013 Juniper Networks, Inc. Servers VXLAN L2-SW L2-SW L3 L3 ToR L3 ToR L2-SW L2-SW Juniper Restricted Confidential - Do not distribute externally. L2-SW L2-SW L2-SW
- 19. CLOUD DC - TYPICAL L2 OVERLAY L3 L3 Hypervisor Switch performs L2 forwarding L3 Separate VM does L3 Routing and NAT External Network External Network L3 L3 L3 ToR L3 L3 ToR VXLAN L3 L3 ToR L3 ToR VXLAN L2-SW VXLAN L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW Servers 19 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally. L2-SW L2-SW L2-SW
- 20. CLOUD DC - CONTRAIL L2/L3 OVERLAY = multi-tenant VRF L3 L3 L3 Hypervisor vRouter handles L2/L3 External Network Hypervisor vRouter performs NAT L3 L3 L3 ToR vRouter L2/L3 L3 ToR vRouter L2/L3 Servers 20 L3 vRouter L2/L3 vRouter L2/L3 vRouter L2/L3 Service Insertion Copyright © 2013 Juniper Networks, Inc. L3 L3 ToR L3 ToR vRouter L2/L3 vRouter L2/L3 vRouter L2/L3 vRouter L2/L3 Service Insertion Juniper Restricted Confidential - Do not distribute externally. vRouter L2/L3 vRouter L2/L3 vRouter L2/L3
- 21. CONTRAIL NETWORK VIRTUALIZATION 21 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 22. ROLE OF CONTRAIL IN CLOUD ENVIRONMENT Orchestrator Compute APIs Network APIs Storage APIs JunosV Contrail Virtual Machine vRouter Physical Switches Server Service Nodes Gateway Router vSRX, F5 … Internet 22 VPN Copyright © 2013 Juniper Networks, Inc. DCI WAN Juniper Restricted Confidential - Do not distribute externally.
- 23. CONTRAIL NETWORKING STACK Customer OSS/BSS Openstack Cloudstack REST APIs (Configuration, Operational, and Analytics) Analytics Engine Analytics Engine Analytics Engine Configuration Nodes Control Plane Compute Node (Virtual Router) 23 Copyright © 2013 Juniper Networks, Inc. Control Plane Gateway Node (MX, EX/QFX, ...) Control Plane Service Nodes (SRX, F5, ...) Juniper Restricted Confidential - Do not distribute externally.
- 24. CONTRAIL NETWORKING FEATURES NAT, Routing, Switching Load Balancing Security Services 3rd Party Network Srvc Physical or Software GW 24 IPAM, Virtual DNS Rich Analytics Service Chaining High Availability API Services Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 25. PHYSICAL DATACENTER TOPOLOGY VIEW Network Gateway Router Gateway Router No VM IP information in the Underlay Network BGP Spine Switch Spine Switch Spine Switch L3 ECMP OSPF/BGP L3 Leaf Switch Leaf Switch Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor Control Node Control Node Hypervisor Hypervisor Hypervisor Hypervisor Config Node (Openstack) (Cloudstack) Config Node (Openstack) (Cloudstack) Analytics Node Analytics Node WebUI Node WebUI Node Compute & Storage Rack 25 Leaf Switch Leaf Switch Hypervisor Hypervisor Hypervisor Hypervisor L2, L3 Leaf Switch Leaf Switch Compute & Storage Rack Copyright © 2013 Juniper Networks, Inc. Leaf Switch Leaf Switch Optional Redundancy Orchestration & Services Racks Juniper Restricted Confidential - Do not distribute externally.
- 26. SOLUTION OVERVIEW Customer L3VPN Dashboard Public Internet (ISP-1) Public Internet (ISP-2) Console V R F Service Appliance Management, Configuration, Orchestration, Analytics V R F PE Router (Juniper MX, Cisco ASR9K) with L3VPN/ VRF Support V R F vRouter Agent Contrail Virtual Network Controller CM CP CM CP Service Appliance Contrail SW Gateway Service Appliance with L3VPN/VRF Support (Juniper SRX, etc) CM CP vRouter Agent AS CP Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc) Gateway Service Applications & Services (AS) Configuration Management (CM) Control Plane (CP) Host Agent VRouter(Data Plane) 26 26 vRouter Agent VM VM VM vRouter vRouter Agent vRouter Agent VM VM Bare Metal Linux/Windows Juniper Restricted Confidential - Do not distribute externally. C O N F I D E N T I AL – D O N O T VIRTUAL NETWORK A VIRTUAL NETWORK B VM Virtualized Servers (Hypervisor) Copyright © 2013 Juniper Networks, Inc. vRouter D I S T R I B U T E VIRTUAL NETWORK C
- 27. SOLUTION OVERVIEW – CONTROL & MGMT PLANE Customer L3VPN Dashboard Public Internet (ISP-1) Public Internet (ISP-2) Console V R F Service Appliance Management, Configuration, Orchestration, Analytics V R F PE Router (Juniper MX, Cisco ASR9K) with L3VPN/ VRF Support V R F vRouter Agent Contrail Virtual Network Controller CM CP Contrail SW Gateway Service Appliance with L3VPN/VRF Support (Juniper SRX, etc) BGP/Control, Netconf/Mgmt CM CP CM CP Service Appliance AS CP vRouter Agent XMPP (Control, Mgmt) Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc) Gateway Service Applications & Services (AS) VIRTUAL NETWORK A Configuration Management (CM) Control Plane (CP) Host Agent vRouter Agent VM VM VM vRouter vRouter Agent vRouter Agent VM VM vRouter VIRTUAL NETWORK B VM Virtualized Servers (Hypervisor) Bare Metal Linux/Windows VRouter(Data Plane) 27 27 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally. C O N F I D E N T I AL – D O N O T D I S T R I B U T E VIRTUAL NETWORK C
- 28. SOLUTION OVERVIEW – DATA PLANE Customer L3VPN Dashboard Public Internet (ISP-1) Public Internet (ISP-2) Console V R F Service Appliance Management, Configuration, Orchestration, Analytics V R F PE Router (Juniper MX, Cisco ASR9K) with L3VPN/ VRF Support V R F vRouter Agent Contrail Virtual Network Controller CM CP CM CP Service Appliance Contrail SW Gateway Service Appliance with L3VPN/VRF Support (Juniper SRX, etc) Dynamically Insert Services (Physical & Virtual) CM CP Route Across/within VNs (L3VPN) Bridge within VNs (EVPN) AS CP vRouter Agent Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc) Gateway Service VIRTUAL NETWORK A Applications & Services (AS) Configuration Management (CM) Control Plane (CP) Host Agent vRouter Agent VM VM VM vRouter vRouter Agent vRouter Agent VM VM vRouter VIRTUAL NETWORK B VM Virtualized Servers (Hypervisor) Bare Metal Linux/Windows VRouter(Data Plane) 28 28 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally. C O N F I D E N T I AL – D O N O T D I S T R I B U T E VIRTUAL NETWORK C
- 29. DEMO OVERVIEW 29 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
- 30. DEMO – PHYSICAL TOPOLOGY LAB NETWORK MX-80 MX-80 OSPF EX-4500 EX-4500 EX-4500 OSPF L3 Leaf Switch L2, L3 Leaf Switch Hypervisor Hypervisor Hypervisor Compute & Storage Rack 30 Hypervisor Hypervisor Compute & Storage Rack Copyright © 2013 Juniper Networks, Inc. Leaf Switch Leaf Switch Control Node Config Node Openstack Srvcs Control Node Analytics Node Openstack Srvcs Orchestration & Services Racks Juniper Restricted Confidential - Do not distribute externally.
- 31. DEMO – LOGICAL TOPOLOGY LAB NETWORK Dashboard Console V R F Management, Configuration, Orchestration, Analytics V R F V R F V R F CM CP AP V R F MX-80 MX-80 Controller Nodes V R F MPLSoGRE, VXLAN BGP CP XMPP MPLSoUDP, VXLAN vRouter Agent VM vRouter Agent VM VM VM vRouter Agent VM VM vRouter Agent VM Compute Nodes 31 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally. VM vRouter Agent VM VM
- 32. OPEN CONTRAIL Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper. Same features and scaling as commercial version Uses proven stable standards. Production-Ready Permissive license Apache 2.0 (Controller), GPL (vRouter) Integrated into open source virtualization stacks OpenStack, CloudStack (beta) 32 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
Editor's Notes
- #6: Networking has barely evolved beyond CLI for managing systems. It seems like the innovations like Web 2.0 and System Simplifications never really made it to Network Management Systems of today.
- #7: Answer to every problem has been to build a bigger networking system..
- #8: Everything equates to a box – I can imagine Checkpoint Firewall and F5 Load Balancer as a box, but even Infoblox delivers a box for IPAM and DNS. It’s a symptom of our industry and not an issue of the technology. Its easier to sell a System.
- #12: Physical Devices like Load Balancers, Firewalls, etcLimitations of VLANs and Policy Enforcement on the Physical Switching and Routing Infrastructure
- #15: Managing L2 Networks is painful – for example, Multi-chassis LAG in order to avoid STP related link utilization issues CLOS network is nearly impossible to build and manage with traditional L2 approach
- #16: VLANs cannot span L3 boundaries or need to pull L2 all the way to Core network
- #17: With traditional VLAN based approach, there is a challenge with Overlapping Address space for tenants/applications
- #18: Enabling VRFs require expensive Hardware in the Spine and/or Core layer
- #19: CLOS Networks are becoming very common for full cross-section bandwidth across the entire clusterNo Layer-2 in the Underlay Netowrk
- #27: Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time.
- #28: Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time.
- #29: Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time.