Mais conteúdo relacionado Semelhante a OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014 (20) OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 20142. ISSUES FROM VENDOR VIEWPOINT
2
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
3. LOST DECADE OF NETWORKING
2001
2011
… cool new logos
3
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
4. THE RAGE OF 2011-2013
Solution looking for a problem …..
…. and it did find a few interesting ones
4
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
5. WHAT ARE THE REAL PROBLEMS…
CONFIGURED, MA
NAGED
Whatever happened to Web2.0?
5
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
6. WHAT ARE THE REAL PROBLEMS…
SCALE-UP
SYSTEMS
Cloud? Scale-out? ….
6
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
7. WHAT ARE THE REAL PROBLEMS…
HARDWARE
SERVICES
Virtualization? Orchestration?
7
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
8. WHAT ARE THE REAL PROBLEMS…
LOW VISIBILITY
Big Data? Analytics? ….
8
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
9. NETWORKING PROBLEMS IN A NUTSHELL
CONFIGURED, MA
NAGED
POOR MANAGE-ABILITY
SCALE-UP
SYSTEMS
INFLEXIBLE SYSTEMS
HARDWARE
SERVICES
HARDWARE CENTRIC
LOW VISIBILITY
9
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
10. ISSUES FROM CUSTOMER VIEWPOINT
10
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
11. DATA-CENTER CHALLENGES
Admin
Config
Centralized Management & Control, Policy provisioning
LOAD BALANCER
LOAD BALANCER
MARKETING
HR
FINANCE
FIREWALL
FIREWALL
VIRTUALIZED
VLANS
VLANS
FINANCE
Physical
Servers
HR
Local Hard MARKETING
Drives
Network Virtualization and Centralized Services Management
13
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
12. DATA CENTER CHALLENGES
SCALABILITY
PROGRAMABILITY
No programmatic API at the network
level for integrated orchestration
SERVICE INSERTION
Appliance-based network functions
limits service velocity
INTER-CLOUD
ORCHESTRATION
14
Tying per-tenant information to
physical network restricts scale
Inability to orchestrate multicloud/hybrid cloud environments
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
13. SERVICE PROVIDER NETWORK CHALLENGES
PCRF
Scalable Virtual
Service on x86
MOBILE EDGE
Services – Firefly, Web
App Secure, Ddos
Secure, vSA
FW – IPS – PDF – DDoS
SP DATACENTER
SGSN / MME
CACHING
Mobile Edge
GGSN /
P-GW
BROADBAND EDGE
Business
Edge
BUSINESS EDGE
Service Load
Balancing
DPI
L3VPN-ENABLED
SLB
SP CORE/BACKBONE
Service Load
Core /
Balancing
Backbone
Private
networks
FW
Broadband
Edge
BRAS/VPN Edge
SBC
Scalable Virtual
Service on x86
Dynamic Service Provisioning,
Scaling; Service Chaining
Media
Gateway
FW – IPS – PDF – DDoS
NFV: Virtualized Network Services with Centralized Management & Orchestration
17
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
14. SERVICE PROVIDER CHALLENGES
SCALABILITY
PROGRAMABILITY
No programmatic API at the network
level for OSS/BSS Agility & Automation
SERVICE INSERTION
Appliance-based network functions
limit service velocity
DISTRIBUTED, MULTIVEN
DOR SYSTEM
18
Very Large Number of Network
Applications, Services, Subscribers
Challenges in orchestration of
distributed cloud built using multivendor hardware and software
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
16. LEGACY DC - L2/VLAN BASED APPROACH
L3
L3
L2/L3
L2/L3
L2/L3
L2/L3
Multi-Chassis LAG
TRUNK
L2 Switch
L2 Switch ToR
L2
L2
L2
L2
L2
L2
L2
L2
VMs
Servers
20
Copyright © 2013 Juniper Networks, Inc.
L2 Switch
L2 Switch ToR
Juniper Restricted Confidential - Do not distribute externally.
L2
L2
L2
L2
17. LEGACY DC - LIMITED VLAN SPAN
L3
L3
Routing & Filtering
between VLANs
Routing & Filtering
between VLANs
FW
No VLANs Across L3
L2/L3
L2/L3
L2/L3
FW
L2/L3
LB
LB
Multi-Chassis LAG
TRUNK
L2 Switch
L2 Switch ToR
L2
L2
L2
L2
L2
L2
L2
L2
VLAN Span Limit
21
Copyright © 2013 Juniper Networks, Inc.
L2 Switch
L2 Switch ToR
Juniper Restricted Confidential - Do not distribute externally.
L2
L2
L2
L2
18. LEGACY DC - NO MULTI-TENANCY
L3
FW
L2/L3
L2/L3
L3
L2/L3
Single Routing Table
(No support for overlapping
multi-tenant space)
LB
FW
L2/L3
LB
Multi-Chassis LAG
TRUNK
L2 Switch
L2 Switch ToR
L2
L2
L2
L2
L2
L2
L2
L2
VMs
VLAN Span Limit
22
Copyright © 2013 Juniper Networks, Inc.
L2 Switch
L2 Switch ToR
Juniper Restricted Confidential - Do not distribute externally.
L2
L2
L2
L2
19. LEGACY DC - MULTI-TENANCY WITH VRF
Tenant Specific
HW Appliance
Services
L3-MPLS
L3-MPLS
FW
LB
FW
LB
MPLS – Enabled links
FW
LB
FW
LB
L2/L3 -MPLS L2/L3 -MPLS
FW
LB
L2/L3 -MPLS L2/L3 -MPLS
VRF for multi-tenant isolation
Tenant-VRF
FW
LB
Tenant-VRF
Multi-Chassis LAG
TRUNK
L2 Switch
L2 SwitchToR
L2
L2
L2
L2
L2
L2
L2
L2
VLAN Span Limit
23
Copyright © 2013 Juniper Networks, Inc.
L2 Switch
L2 Switch
ToR
Juniper Restricted Confidential - Do not distribute externally.
L2
L2
L2
L2
20. CLOUD DC – ECMP CLOS NETWORK
L3
L3
L3
External Network
L3
L3
L3 ToR
L2-SW
24
L3
L3 ToR
L2-SW
L2-SW
L2-SW
L2-SW
Copyright © 2013 Juniper Networks, Inc.
Servers
VXLAN
L2-SW
L2-SW
L3
L3 ToR
L3 ToR
L2-SW
L2-SW
Juniper Restricted Confidential - Do not distribute externally.
L2-SW
L2-SW
L2-SW
21. CLOUD DC - TYPICAL L2 OVERLAY
L3
L3
Hypervisor Switch performs L2 forwarding
L3
Separate VM does L3 Routing and NAT
External Network
External Network
L3
L3
L3 ToR
L3
L3 ToR
VXLAN
L3
L3 ToR
L3 ToR
VXLAN
L2-SW
VXLAN
L2-SW
L2-SW
L2-SW
L2-SW
L2-SW
L2-SW
L2-SW
L2-SW
Servers
25
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
L2-SW
L2-SW
L2-SW
22. CLOUD DC - CONTRAIL L2/L3 OVERLAY
= multi-tenant VRF
L3
L3
L3
Hypervisor vRouter handles L2/L3
External Network
Hypervisor vRouter performs NAT
L3
L3
L3 ToR
vRouter
L2/L3
L3 ToR
vRouter
L2/L3
Servers
26
L3
vRouter
L2/L3
vRouter
L2/L3
vRouter
L2/L3
Service Insertion
Copyright © 2013 Juniper Networks, Inc.
L3
L3 ToR
L3 ToR
vRouter
L2/L3
vRouter
L2/L3
vRouter
L2/L3
vRouter
L2/L3
Service Insertion
Juniper Restricted Confidential - Do not distribute externally.
vRouter
L2/L3
vRouter
L2/L3
vRouter
L2/L3
24. ROLE OF CONTRAIL IN OPENSTACK ENVIRONMENT
Openstack
Nova APIs
Neutron APIs
Cinder/Switft APIs
Contrail
Virtual Machine
vRouter
Physical Switches
Server
Service Nodes
Gateway Router
vSRX, F5 …
Internet
28
VPN
Copyright © 2013 Juniper Networks, Inc.
DCI WAN
Juniper Restricted Confidential - Do not distribute externally.
25. PHYSICAL DATACENTER TOPOLOGY VIEW
Network
Gateway
Router
Gateway
Router
No VM IP information in
the Underlay Network
BGP
Spine Switch
Spine Switch
Spine Switch
L3 ECMP
OSPF/BGP
L3
Leaf Switch Leaf Switch
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Control Node
Control Node
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Config Node
(Openstack)
(Cloudstack)
Config Node
(Openstack)
(Cloudstack)
Analytics Node
Analytics Node
WebUI Node
WebUI Node
Compute & Storage Rack
29
Leaf Switch Leaf Switch
Hypervisor
Hypervisor
Hypervisor
Hypervisor
L2, L3
Leaf Switch Leaf Switch
Compute & Storage Rack
Copyright © 2013 Juniper Networks, Inc.
Leaf Switch Leaf Switch
Optional Redundancy
Orchestration & Services Racks
Juniper Restricted Confidential - Do not distribute externally.
26. CONTRAIL NETWORKING STACK
Customer OSS/BSS
Openstack
Cloudstack
REST APIs (Configuration, Operational, and Analytics)
Analytics
Engine
Analytics
Engine
Analytics
Engine
Configuration
Nodes
Control
Plane
Compute
Node
(Virtual Router)
30
Copyright © 2013 Juniper Networks, Inc.
Control
Plane
Gateway
Node
(MX, EX/QFX, ...)
Control
Plane
Service
Nodes
(SRX, F5, ...)
Juniper Restricted Confidential - Do not distribute externally.
27. CONTRAIL NETWORKING FEATURES
NAT, Routing,
Switching
Load
Balancing
Security
Services
3rd Party
Network Srvc
Physical or
Software GW
31
IPAM, Virtual
DNS
Rich
Analytics
Service
Chaining
High
Availability
API Services
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
28. SOLUTION OVERVIEW
Customer
L3VPN
Dashboard
Public Internet
(ISP-1)
Public Internet
(ISP-2)
Console
V
R
F
Service
Appliance
Management, Configuration,
Orchestration, Analytics
V
R
F
PE Router
(Juniper MX,
Cisco ASR9K)
with L3VPN/
VRF Support
V
R
F
vRouter
Agent
Contrail Virtual
Network Controller
CM CP
CM CP
Service
Appliance
Contrail SW
Gateway
Service Appliance with
L3VPN/VRF Support
(Juniper SRX, etc)
CM CP
vRouter
Agent
AS CP
Contrail SW Gateway- L2 Service
Appliances (F5 Load Balancer,etc)
Gateway Service
Applications & Services (AS)
Configuration Management (CM)
Control Plane (CP)
Host Agent
VRouter(Data Plane)
32
32
vRouter
Agent
VM
VM
VM
vRouter
vRouter
Agent
vRouter
Agent
VM
VM
Bare Metal Linux/Windows
Juniper Restricted Confidential - Do not distribute externally.
C O N F I D E N T I AL
–
D O
N O T
VIRTUAL NETWORK A
VIRTUAL NETWORK B
VM
Virtualized Servers (Hypervisor)
Copyright © 2013 Juniper Networks, Inc.
vRouter
D I S T R I B U T E
VIRTUAL NETWORK C
29. SOLUTION OVERVIEW – CONTROL & MGMT PLANE
Customer
L3VPN
Dashboard
Public Internet
(ISP-1)
Public Internet
(ISP-2)
Console
V
R
F
Service
Appliance
Management, Configuration,
Orchestration, Analytics
V
R
F
PE Router
(Juniper MX,
Cisco ASR9K)
with L3VPN/
VRF Support
V
R
F
vRouter
Agent
Contrail Virtual
Network Controller
CM CP
Contrail SW
Gateway
Service Appliance with
L3VPN/VRF Support
(Juniper SRX, etc)
BGP/Control, Netconf/Mgmt
CM CP
CM CP
Service
Appliance
AS CP
vRouter
Agent
XMPP (Control, Mgmt)
Contrail SW Gateway- L2 Service
Appliances (F5 Load Balancer,etc)
Gateway Service
Applications & Services (AS)
VIRTUAL NETWORK A
Configuration Management (CM)
Control Plane (CP)
Host Agent
vRouter
Agent
VM
VM
VM
vRouter
vRouter
Agent
vRouter
Agent
VM
VM
vRouter
VIRTUAL NETWORK B
VM
Virtualized Servers (Hypervisor)
Bare Metal Linux/Windows
VRouter(Data Plane)
33
33
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
C O N F I D E N T I AL
–
D O
N O T
D I S T R I B U T E
VIRTUAL NETWORK C
30. SOLUTION OVERVIEW – DATA PLANE
Customer
L3VPN
Dashboard
Public Internet
(ISP-1)
Public Internet
(ISP-2)
Console
V
R
F
Service
Appliance
Management, Configuration,
Orchestration, Analytics
V
R
F
PE Router
(Juniper MX,
Cisco ASR9K)
with L3VPN/
VRF Support
V
R
F
vRouter
Agent
Contrail Virtual
Network Controller
CM CP
CM CP
Service
Appliance
Contrail SW
Gateway
Service Appliance with
L3VPN/VRF Support
(Juniper SRX, etc)
Dynamically Insert Services
(Physical & Virtual)
CM CP
Route Across/within VNs (L3VPN)
Bridge within VNs (EVPN)
AS CP
vRouter
Agent
Contrail SW Gateway- L2 Service
Appliances (F5 Load Balancer,etc)
Gateway Service
VIRTUAL NETWORK A
Applications & Services (AS)
Configuration Management (CM)
Control Plane (CP)
Host Agent
vRouter
Agent
VM
VM
VM
vRouter
vRouter
Agent
vRouter
Agent
VM
VM
vRouter
VIRTUAL NETWORK B
VM
Virtualized Servers (Hypervisor)
Bare Metal Linux/Windows
VRouter(Data Plane)
34
34
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
C O N F I D E N T I AL
–
D O
N O T
D I S T R I B U T E
VIRTUAL NETWORK C
32. DEMO – PHYSICAL TOPOLOGY
LAB NETWORK
MX-80
MX-80
OSPF
EX-4500
EX-4500
EX-4500
OSPF
L3
Leaf Switch
L2, L3
Leaf Switch
Hypervisor
Hypervisor
Hypervisor
Compute & Storage Rack
36
Hypervisor
Hypervisor
Compute & Storage Rack
Copyright © 2013 Juniper Networks, Inc.
Leaf Switch
Leaf Switch
Control Node
Config Node
Openstack Srvcs
Control Node
Analytics Node
Openstack Srvcs
Orchestration & Services Racks
Juniper Restricted Confidential - Do not distribute externally.
33. DEMO – LOGICAL TOPOLOGY
LAB NETWORK
Dashboard
Console
V
R
F
Management, Configuration,
Orchestration, Analytics
V
R
F
V
R
F
V
R
F
CM
CP
AP
V
R
F
MX-80
MX-80
Controller Nodes
V
R
F
MPLSoGRE,
VXLAN
BGP
CP
XMPP
MPLSoUDP, VXLAN
vRouter
Agent
VM
vRouter
Agent
VM
VM
VM
vRouter
Agent
VM
VM
vRouter
Agent
VM
Compute Nodes
37
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
VM
vRouter
Agent
VM
VM
34. OPEN CONTRAIL
Contrail is available as Open Source
www.opencontrail.org. Commercial support available from Juniper.
Same features and scaling as commercial version
Uses proven stable standards. Production-Ready
Permissive license
Apache 2.0 (Controller), GPL (vRouter)
Integrated into open source virtualization stacks
OpenStack (production), CloudStack (beta)
38
Copyright © 2013 Juniper Networks, Inc.
Juniper Restricted Confidential - Do not distribute externally.
Notas do Editor Networking has barely evolved beyond CLI for managing systems. It seems like the innovations like Web 2.0 and System Simplifications never really made it to Network Management Systems of today. Answer to every problem has been to build a bigger networking system.. Everything equates to a box – I can imagine Checkpoint Firewall and F5 Load Balancer as a box, but even Infoblox delivers a box for IPAM and DNS. It’s a symptom of our industry and not an issue of the technology. Its easier to sell a System. Physical Devices like Load Balancers, Firewalls, etcLimitations of VLANs and Policy Enforcement on the Physical Switching and Routing Infrastructure Network Virtualization that seamlessly ties in Compute and Storage VirtualizationThe Physical Network is a pure Transport Network and Edge Physical Devices like Load Balancers, Firewalls, etcLimitations of VLANs and Policy Enforcement on the Physical Switching and Routing Infrastructure Managing L2 Networks is painful – for example, Multi-chassis LAG in order to avoid STP related link utilization issues CLOS network is nearly impossible to build and manage with traditional L2 approach VLANs cannot span L3 boundaries or need to pull L2 all the way to Core network With traditional VLAN based approach, there is a challenge with Overlapping Address space for tenants/applications Enabling VRFs require expensive Hardware in the Spine and/or Core layer CLOS Networks are becoming very common for full cross-section bandwidth across the entire clusterNo Layer-2 in the Underlay Netowrk Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time. Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time. Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time.