瞻博 open contrail 构建的智能 sdn 网络 · 瞻博open contrail 构建的智能sdn 网络...
TRANSCRIPT
瞻博 OPEN CONTRAIL 构建的智能 SDN 网络
Juniper Networks, APAC
March, 2015
2 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
Forwarding/Data Plane
SDN Control PlaneControl Plane
Management/Orchestration
Plane
什么是 SDN
3 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
OverlaysOpenFlow
• Controller Based
• Manipulates Forwarding
Plane of devices directly
• Controller Based
• Relies on physical
network underlay for
connectivity.
• Tunnelling Based
• VxLAN
• MPLSoverGRE
• NVGRE
• STT
SDN 的开放性特质
• Puppet
• Chef
• Python
• Ansible
• Junos Scripting
• Junos SDK
Automation
4 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
什么是 “云” ? 数据中心演进
传统方式 虚拟化
LB
Policies
ACLs
FW, IPS
PoliciesSec.
Device
LB Device
Switches
Physical
Servers
Router
End-user
Sub-Optimal Device Util.
Static & Inflexible
TCO (Capex, Opex)
Physically Constrained
Silo’ed
Manual device config
Custom Policy Config
Deployment knowledge
Admin
Standalone Applications(Dedicated Resources)
Virtual
Machines
VLANs
v Security
LB
Policies
ACLs
VLAN
Config
Security
Policies
Router
End-user
Standalone Application(Virtualized Resources)
Admin
v LB
VM
Orchestrator Sub-Optimal Device Util.
Static & Inflexible
TCO (Capex, Opex)
Physically Constrained
Silo’ed
Manual device config
Custom Policy Config
Deployment knowledge
主要的挑战 解决了一些…
5 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
什么是 “云” ? “云” 数据中心
云 - SDN
Sub-Optimal Device Utilization
Static & Inflexible
TCO (Capex, Opex)
Physically Constrained
Silo’ed
Large, Manual Device Config
Custom / Complex Policy Config
Specialized deployment knowledge
Evolving Applications(on Resource Pool)
Compute
Storage
LB
Security
Admin
External Cloud
Based Resources
Virtualized Resource Pools
No ACLs
End-user
Orchestrator / Controller
All Policies
(incl. ACLs)
Virtual
NetworkVirtual
Network
Resources
Across DC’s
所有挑战都被解决…
6 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
“云” 业务需要更智能的弹性网络
Virtualized
Network
Compute &
Storage
Network Services
Orchestration
RT Analytics
Resource
Orchestration
Network
OrchestrationEvents, Logs,
Statistics
Continuous Infra
Feedback
Policy & Security Framework
Distributed,
Real-Time Apps
7 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
Provide SDN-to-non-SDN translation, same IP subnet
Layer2
SDN to IP (Layer 2)
Layer3
Provide SDN-to-non-SDN translation, different IP subnet
SDN to IP (Layer 3)
Provide SDN-to-SDN translation, same or different IP subnet, same or different
overlay
SDN
SDN to SDN
WAN
Provide SDN-to-WAN translation, same or different IP subnet, same or different
encapsulationRemote
Data
Center
Public
CloudInternetSDN to WAN
所有设备之间都需要通信 – SDN 的应用
8 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
开源的应用情况
Base: North American and European enterprise software developers;
Source: Forrsights Developer Survey, Q1 2013
“Which of the following open source software tools/frameworks have you used for development or deployment in the past 12 months?”
4%
31%
3%
4%
5%
3%
3%
6%
16%
6%
10%
16%
22%
35%
32%
32%
33%
2%
3%
20%
20%
21%
21%
22%
24%
26%
30%
31%
35%
45%
54%
57%
58%
66%
Other (please specify)
Have not used open source software
Management and monitoring (e.g., Nagios, Cacti, Shinken)
Release/deployment management tools (e.g., Chef, Cf Engine, Puppet)
NoSQL DBMSes (e.g., Apache Hadoop, MongoDB, Riak, Couchbase)
Business applications (Sugar CRM, Bravo)
Portals or mashup servers (e.g., Liferay, JBoss Portal, eXo)
Business intelligence tools (e.g., BIRT, Jasper Reports, Spago)
SCM tools (e.g., Git, Subversion, Mercurial)
Content management systems (e.g., Alfresco, Drupal)
Application frameworks (e.g., Spring, Rails, Zend)
Build and release management tools (e.g., Hudson/Jenkins, Maven, Ant)
Application server (e.g., JBoss, Tomcat)
Development IDEs (e.g., Eclipse, NetBeans)
Relational DBMSes (e.g., MySQL, PostgreSQL, SQLite)
Web servers (e.g., Apache, nginx)
Operating systems (e.g., Red Hat Linux, Suse, Android)
Using cloud computing/elastic applications (N = 125)
Not using cloud computing/elastic applications (N = 572)
9 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
瞻博的实现
必须支持第三方产品,提供完全的开放性
必须支持虚拟与物理的融合,提供一体化解决方案
均衡硬件的资源利用率,最大程度帮用户节省投资成本
多厂商架构的集成
开源的 Orchestration – Contrail & OpenStack
10 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
瞻博的 SDN 产品系列满足不同用户的业务需求
IT CLOUD (CONTRAIL)
Network Virtualization
Orchestration, Automation
Agility in Service Insertion
MX & QFX – SDN Gateway
IaaS, VPC(CONTRAIL)
Managed Cloud Services
L3VPN extension into DC’s
Intra, Inter-Domain
Orchestration
Multi-tenancy
CORE(NORTHSTAR)
Global Optimization for TE
Policy-based BW Allocation
Traffic Analytics
EDGE NFV(MX, CONTRAIL, NFV-O)
Virtualized Network Functions
Juniper Services …
3rd Party/Best of Breed
Orchestration and Service
Chaining
MX/vMX Service Control GW
Orchestration, Automation (APIs) and Policy Management
11 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL 的产品形态
Contrail Cloud
Reference ArchitectureContrail CloudContrail Networking
Cloud Orchestration Server Management
Distributed & Scale-out Storage
Compute Orchestration (OpenStack)
Server (Ubuntu)
+ Contrail Networking
Integrated Cloud PODs Reference Architecture – PODs
Integrated Management
+ Contrail Cloud
Cloud Networking Network Virtualization
Virtualized Network Services
Multiple Orchestration Support Openstack, VMware ESXi,
vCenter, IBM CO
INCREASING LEVELS OF INTEGRATION
12 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
什么是 OPEN CONTRAIL ?
API driven
Implements OpenStack Neutron API,
Amazon EC2 VPC API, etc.
Offers APIs to apps/ orchestration
systems to configure & monitor the
system.
Built as a scalable, resilient, and
carrier-grade network platform for
Cloud infrastructure
Juniper’s open-source cloud network
automation initiative (Apache v2)
Built using standards-based protocols
Provides all components for network
virtualization Overlay networks to
virtual machines & Linux Containers
containers and
network namespaces.
OPENCONTRAIL IS …
13 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL (多厂商) 架构的开放和支持
Physical IP Fabric
(no changes)
CONTRAIL
CONTROLLER
Linux Host + Hypervisor
ORCHESTRATOR
Linux Host Hypervisor
vRouter vRouter
Network orchestrationCompute / Storage
orchestration
…
Control Plane: BGP Control Plane
(logically centralized, physically
distributed Controller elements)
Gateway
Config Plane: Bi-directional real-time
message bus using XMPP
… …
Multi-vendor VNFs can run on
the same platform
Interoperates with different
Orchestration systems
Integrates with
different Linux Hosts,
multiple hypervisors, and
multi-vendor X86 servers
Multi-vendor SDN Gateway (any
router that can talk BGP and the
aforementioned tunneling protocols)
Data Plane: Overlay Tunnels
(MPLSoGRE, MPLSoUDP, VXLAN)
Automation: REST APIs to integrate
with different Orchestration Systems
Internet / WAN
14 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
VIRTUAL
NETWORK
GREEN
Host + Hypervisor Host + Hypervisor
虚拟化网络: 逻辑 & 物理
VIRTUAL
NETWORK
BLUE
VIRTUAL
NETWORK
YELLOW
Contrail Security
Policy
(Firewall-like)
Contrail Policy
with a Firewall
Service
IP fabric
(switch underlay)
G1 G2 G3
B1
B3B2
G1
G2
G3
Y1 Y2 Y3B1 B2 B3
Y2Y3Y1
VM and virtualized Network
function poolVM and virtualized
Network function pool
Intra-network traffic Inter-network traffic traversing a service
… …
LO
GIC
AL
(Po
licy D
efinitio
n)
PH
YS
ICA
L
(Po
licy E
nfo
rcem
en
t)
15 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
资源获取 HTTPS://GITHUB.COM/JUNIPER
16 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
获取源代码
两个办法: 手工获取,通过git 工具
git clone https://github.com/Juniper/contrail-controller
自动获取,通过ruby脚本
ruby get_file.rb Juniper 5
sh get_Juniper.sh
17 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
OPENCONTRAIL 架构图
18 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
物理连接图
19 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
CONTRAIL 安装准备工作
1. Ubuntu 服务器 12.04 LTS 服务器
http://old-releases.ubuntu.com/releases/12.04.1/ubuntu-12.04.3-
server-amd64.iso
2. Contrail 安装包
http://www.juniper.net/support/downloads/?p=contrail#sw
20 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
安装过程
1. 安装 ubutu 12.04.LTS
2. 安装 contrail-install-packages..~havana_all.deb
dpkg –i contrail-install-packages..~havana_all.deb
3. 创建contrail package repository 和 fabric工具
#cd /opt/contrail/contrail_packages
#./setup.sh
4. 修改testbed.py 文件
#cd /opt/contrail/utils/fabfile/
#cp testbed_singlebox_example.py testbed.py
21 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
安装过程
5.修改testbed.py 文件
修改ip地址和密码,等等
6. 安装contrail
#cd /opt/contrail/utils
#fab -c fabric install_contrail
7 安装 openstatck
#fab setup_all
安装完成后自动重新启动
22 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
安装过程
8. 从浏览器访问 Horizon Dashboard
http://ip_address/horizon/
9. OpenContrail的 WebUI
https://ip_address:8143
密码都是 admin/secret123, 这个密码是在testbed.py 里面设置的。
23 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL 演示视频
DDoS Protection (Contrail + DDoS Secure) http://www.youtube.com/watch?v=TnvCea4fil4
NFV through Contrail (this is the Internet / Firewall NFV aka. vCPE) http://www.youtube.com/watch?v=_64no8P2vUw
Contrail - Elastic cloud - IT as a Service http://www.youtube.com/watch?v=9g3EWV8X64s
SSLVPN on Contrail http://www.youtube.com/watch?v=vfZfdH4kkV4
Caching as a Service (Junos Content Encore on Contrail https://www.youtube.com/watch?v=-_NtC34wcRw
Hybrid Cloud https://www.youtube.com/watch?v=uC7nMW5PXdg
使用案例 – 演示视频
Bare Metal Integration through multi-vendor TOR integration https://www.youtube.com/watch?v=PjkNt0yV3H0
IPv6 DVR (Distributed Virtual Router) https://www.youtube.com/watch?v=RLO0uIXbDxo
OpenStack Neutron at Scale https://www.youtube.com/watch?v=xN0rXHD_dqk
P + V Service Chaining https://www.youtube.com/watch?v=a9HqC9x6KTg
Multi-hypervisor, Docker Integration https://www.youtube.com/watch?v=x2n5Q_ycx6o
vRouter DPDK Demo https://www.youtube.com/watch?v=ZGiQJrKoDQM
Physical + Overlay Correlation https://www.youtube.com/watch?v=B8aHoY—1Zs
产品的能力 - 演示视频
24 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
Performance Monitoring
OPEN CONTRAIL 的合作
NFV,
OSS/BSS
Cloud,
System
Integrators
vMCG (virtualized SGSN/MME) Elastic CDN Session Border Controller
ADC / LB; Demo in progress NFV Orchestration
Ubuntu, OpenStack, OIL
Piston OpenStack
RHEL and RHOS
Scalr CMP Integration
Mirantis OpenStack
Mobility (Liquid Core) solution
DPI (VPTS)
IBM CO 4.3 Integration
WAN Optimization
25 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
CONTRAIL 在 OPEN 组织的参与和贡献
Open Platform for NFV
Initiative focused on implementation of ETSI NFV standards
Linux Foundation based
Platinum Member
Contribute $, resources, and code
Details Contrail’s Engagement
Initiative focused on creating a common open-source Controller
Linux Foundation based
OpenContrail SB Plugin part of Helium release
Platinum Member;
Board Member
Contribute $, resources, and code
Initiative focused on creating an Open Cloud Platform
OpenStack Foundation based
Gold Member (one of 24 gold members)
Contribute $
Bug fixes, code etc.
ETSI NFV = an ISG (industry specifications group) within ETSI
focused on creating NFV standards
Formed by Service Providers
(ETSI = European Telecommunication Standards Institute)
Member
Contribute $, resources, and code
Initiative focused on creating an Open-sourced Cloud Networking
Platform
OpenContrail Advisory Board (OCAB)
Apache v2 license
Owner / Originator
Govern, drive, contribute code
26 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
总结: OPEN CONTRAIL 特性和优势
可编程
标准化 REST APIs 接口
屏蔽了网络层面的复杂性
允许基于策略的自动化配置
智能化快速部署
第三方的兼容和支持敏捷性
低成本
服务器资源的高效率使用
集中化管理
标准化的协议
可视化采集和分析大量网络数据并分析
提供标准化 APIs 接口为第三方提供数据(分析)
开放性 & 兼容性代码开源并与 OpenStack, KVM 等其他开源产品集成
与多厂商架构可以合作工作
27 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL 开发相关信息参考
www.opencontrail.org
www.openstack.org
www.github.org
HTTPS://GITHUB.COM/JUNIPER
28 Copyright © 2015 Juniper Networks, Inc. www.juniper.net