juniper networks - network eventos ivan... · (openstack, vmware vcloud center, tivoli, chef,...

1 Copyright © 2015 Juniper Networks, Inc. www.juniper.net

JUNIPER NETWORKS This is already real: Ten times more scalability and performance in virtual networks with Juniper Contrail

Ivan Sandano - Systems Engineer


SOLUTION

ADVANTAGES

• Any physical IP network switch underlay

• Broad DCIM automation compatibility

• Virtual network management additions to

Horizon

• Multi-vendor router and switch gateways

using open standards federation:

• BGP, EVPN, OVSDB control plane

• MPLS over GRE/UDP, VXLAN data plane overlays

CONTRAIL NETWORKING OVERVIEW

DC Interconnect

controller

VM VM VM VM VM VM VM VM

VN VN VN

Network

Appliances (eg SRX)

Bare Metal (e.g. SQL Server)

e.g. IP, VCF, QF or Junos Fusion

un

de

rla

y

Any DC Edge Router

Virtual Compute Server Infrastructure

Any IP Network

e.g. MX (USG)

VL

AN

BGP control plane

vRouter

Hypervisor

vRouter

Hypervisor

vRouter

Hypervisor

VNF

XMPP control plane

includes vRouter and Controller Compute Linux BMS

DCIM $fab


MARKET CONTEXT & TRENDS


WHAT IS CLOUD ? DATA CENTER EVOLUTION

TRADITIONAL VIRTUALIZATION

LB

Policies

ACLs

FW, IPS

Policies Sec.

Device

LB Device

Switches

Physical

Servers

Router

End-user

Sub-Optimal Device Util.

Static & Inflexible

TCO (Capex, Opex)

Physically Constrained

Silo’ed

Manual device config

Custom Policy Config

Deployment knowledge

Admin

Standalone Applications (Dedicated Resources)

Virtual

Machines

VLANs

v Security

LB

Policies

ACLs

VLAN

Config

Security

Policies

Router

End-user

Standalone Application (Virtualized Resources)

Admin

v LB

VM

Orchestrator Sub-Optimal Device Util.

Static & Inflexible

TCO (Capex, Opex)

Physically Constrained

Silo’ed

Manual device config

Custom Policy Config

Deployment knowledge

Main Challenges Some are solved …


DYNAMIC APPS

CUSTOM APPS

ENTERPRISE EVOLUTION TRENDS

EXCHANGE

(e.g. Equinix, etc.)

… ENTERPRISE PRIVATE CLOUDS (100’s)

TRADITIONAL / STANDARD APPS

Email

CRM

ERP Auth

BI

Expense Database

…

…

Helpdesk PUBLIC CLOUDS

…

MULTIPLE SAAS CLOUDS

…

What-If

Analysis Analytics

Provide high

speed connectivity

enabling Hybrid

Clouds

EMERGENCE OF SAAS CLOUDS

App Vendors are migrating to

SaaS Clouds Almost every

traditional app has a SaaS

offering

ENTERPRISE DC (1000’s)

Today large number of enterprises

run all Ent. Apps on-prem

PRIVATE CLOUDS (100’s)

Fewer Private Clouds

Financials, Healthcare, Hi-Tech,

Oil & Gas & Govt. sectors

Cost, Compliance & Security

primary drivers

PUBLIC CLOUD MIGRATION

Custom Apps are migrating to

Public and SaaS Clouds

Dynamic Apps are migrating to

Public Clouds – but some still

remain on-prem


HYPERVISORS AND CONTAINERS

Type 1 Hypervisor VMWare, Hyper-V, Xen

Type 2 Hypervisor KVM/QEMU, VirtualBox

Container LXC, Docker


• Containers are “orders of

magnitude” better then virtual

machines

• Share OS

• Multi-tenancy at OS Level

• Building VMs take minutes

instead of hours

• Launching VMs takes seconds

instead of minutes

• Less storage requirements

• Less memory requirements

• Limited tools / OS options

• Weaker isolation

HYPERVISORS AND CONTAINERS


CLOUD PROVIDERS ARE INNOVATING FASTER

Time to Service

Deployment

Operating

Expenses

Operational

Complexity

Servers managed per admin

# of SKUs to manage

Code to production launch Telco: 6-7 Months

Amazon: Few seconds

Telco: < 100

Google: 1 per 15,000 srvrs

Google: 10 Configs

Telcos: 1,000’s

Every 11 seconds; Avg 10K or max 30K servers at

a time using continuous integration & deployment

China Mobile Quote: 6-7 months per service; mostly manually

Operator DC: Each admin can manage upto ~100 servers large headcount

Each admin can operate ~15,000 servers

NSN: 1000’s of SKUs to manage makes it overly complex

Google: ~10 shared hardware system bundles

Opportunity for accelerating TTM, reducing costs and optimizing operations for Telcos.

Dynamic network service automation is the key priority for Service Providers


Bundle of open source software to orchestrate compute, networking and storage, in order to manage and

offer virtual machines

Allow enterprises/Service Providers to built their on AWS-like cloud

WHAT IS OPENSTACK


OPENSTACK ECOSYSTEM


CLOUD CUSTOMER ASKS INTERCONNECT MULTIPLE HETEROGENOUS ENVIRONMENTS

LB

WAN OPT

FIREWALL

Physical Svc Appliances

Virtualized

Svc VMs Legacy Servers & Storage

(VLAN, VMware based) Public Clouds

AWS

…

SE

RV

ICE

OV

ER

LA

Y

UN

DE

RL

AY

GCE

Legacy

Interconnect

Hybrid

Cloud

DC or POP 2

Multi-DC

Distributed

Cloud

Phy + Virt

Interconnect

Phy. + Virtual

Svc Insertion

MG

MT

VMs & Containers

DC or POP 1

Gateway

router

Gateway

router

Bare-metal Servers & Storage

CPE

Customer Branch

vCPE


PRODUCT OVERVIEW


PRODUCT EVOLUTION

Contrail Cloud

Reference Architecture Contrail Cloud Contrail Networking

Cloud Orchestration Server Management

Distributed & Scale-out Storage

Compute Orchestration (OpenStack)

Server (Ubuntu)

+ Contrail Networking

Integrated Cloud PODs Reference Architecture – PODs

Integrated Management

+ Contrail Cloud

Cloud Networking Network Virtualization

Virtualized Network Services

Multiple Orchestration Support Openstack, VMware ESXi,

vCenter, IBM CO

INCREASING LEVELS OF INTEGRATION


CONTROLLER BASED VS. CONTROLLER-LESS FABRIC

Centralized management

Higher level of abstraction Group based policies & service chaining Integration with virtualization stack (VMWare, Contrail)

Network centric view

Lower level of abstraction Serves Bare-metal workloads

Overlay at the network edge instead of host


OPENSTACK LOGICAL DEPLOYMENT TOPOLOGY


OPENSTACK & CONTRAIL

Horizon UI

Contrail Web UI

Nova

(Compute Orchestration)

Neutron Plugin

Compute Node

Storage

Keystone

(Identity / Access

Mgmt)

Cinder

(Block Storage)

Swift

(Object Storage)

Nova Agent

Contrail Agent

Contrail Config

Contrail Control

vRouter

Operator

User Logs in, Create tenant

(projects), Create IPAM, Create

virtual network, Launch VMs

VM

Get VM Image to

spawn

API

Srvr Scheduler …

Select Compute node

to spawn VM

Info to

spawn VM

Hypervisor

VM Spawned

Block Storage

Assignment

Xen

Bi-directional message bus

(XMPP interaction)

Launch VM

Network related interaction

Get virtual network info

DHCP

Plug (Tap interface, Instance ID, ..)

Glance

(Image Server)

Authentication, etc.


PRODUCT PHILOSOPHY

Use standard protocols for multi-vendor system integration (BGP, XMPP, OVSDB, …)

Support 3rd Party / Multi-vendor NF out-of-the-box (Technology alliance partners VNF validation, enable svc chaining using routing …)

Support both virtual and physical (installed base) (VNF + PNF, Bare Metal Server integration…)

Open-source product (Contrail Networking, OpenStack …)

Leverage Hardware Offload wherever possible (Offload to NIC, Smart NICs, etc. …)


CONTRAIL KEY FEATURES

Routing & Switching

(IPv4, v6)

Network Services

(IPAM, DNS, DHCP

SNAT, FIP, QoS)

Load Balancing

(customizable ECMP)

Security Policy Enf.,

Distributed FW 3rd Party Netw. Svc.

Gateway Services

(L2, L3 GW)

Rich Analytics,

Overlay-Underlay

Correlation

Service Chaining

(PNF, VNF, etc.) High Availability API Services

(multi-vendor Orch.)


ARCHITECTURE


Physical IP Fabric

(no changes)

CONTRAIL ARCHITECTURE

CONTRAIL

CONTROLLER

ORCHESTRATOR

Host O/S vRouter

Network / Storage

orchestration

Gateway

…

Internet / WAN or Legacy Env.

(Config, Control, Analytics, Svr Mgmt)

(Windows, Linux ….) on BMS

TOR

Compute

orchestration

Virtual Network

Blue

Virtual Network

Red

FW

Logical View

…

Cen

traliz

ed

Po

licy D

efinitio

n

Dis

trib

ute

d

Po

licy E

nfo

rcem

ent

BGP

BGP XMPP OVSDB


CONTRAIL (MULTI-VENDOR) ARCHITECTURE

Physical IP Fabric

(no changes)

CONTRAIL

CONTROLLER

ORCHESTRATOR

Host O/S vRouter

Network / Storage

orchestration

Compute orchestration

Gateway

Config Plane: Bi-directional real-time

message bus using XMPP

…

Scale-out Multi-vendor VNFs can

run on the same platform

Interoperates with different

Orchestration systems

Integrates with

different Linux Hosts,

multiple hypervisors, Containers

multi-vendor X86 servers Multi-vendor SDN Gateway (any router that can

talk BGP and the dynamic tunneling protocols)

Data Plane: Overlay Tunnels

(MPLSoGRE, MPLSoUDP, VXLAN)

Control Plane: BGP Control Plane

(logically centralized, physically

distributed Controller elements)

Automation: REST APIs to integrate

with different Orchestration Systems

Internet / WAN or Legacy Env.

(Config, Control, Analytics, Svr Mgmt)

Control /Config Plane: for Bare Metal

support - OVSDB

Multi-vendor TOR support to connect

Bare Metal Servers, using standard

control plane & config plane protocols

(Windows, Linux ….) on BMS

TOR


DATA PLANE FOR LAYER 3 OVERLAYS (MPLS/GRE)

VM

G1

VM

G2

Payload IP

Src = IP G1

Dst = IP G2

Server S1 Server S2

Eth

Src = MAC G1

Dst = 00-00-5E-00-01-00

Packet

VM G1 ARPs for VM G2

vRouter S1 replies to VM G1 ARP request with VRRP MAC

VM G1 sends packet to VM G2


VM

G1

VM

G2

L3 forwarding table

VM G2 → Push MPLS label allocated by vRouter S2 +

Send over GRE tunnel to server S2

Server S1 Server S2

Packet

Payload IP

Src = IP G1

Dst = IP G2



VM

G1

VM

G2

Server S1 Server S2

Payload IP

Src = IP G1

Dst = IP G2

MPLS

Label allocated

by vRouter S2

GRE

IP

Src = IP S1

Dst = IP S2

Eth

Src = MAC S1

Dst = MAC S2

L2 forwarding table

MAC S2 → Switch X3

L2 forwarding table

MAC S2 → Switch X2

L2 forwarding table

MAC S2 → Server S2

Switch

X1

Switch

X2 Switch

X3

Packet



VM

G1

VM

G2

L3 forwarding table

VM G2 → Local, send to virtual interface of VM G2

Server S1 Server S2

Payload IP

Src = IP G1

Dst = IP G2

Packet



VM

G1

VM

G2

Server S1 Server S2

Payload IP

Src = IP G1

Dst = IP G2

Packet

Eth

Src = 00-00-5E-00-01-00

Dst = MAC G2


Junos Automation Architecture Overview / saltstack

Compute and Storage

Virtualized

servers

Non-

virtualized

servers

Storage

Physical Network

Routers (MX, PTX, T ...)

3rd party)

Gateways (MX, EX ...)

Switches (EX, QFX, QFabric ...)

Services (SRX, SDG, SA ...)

Virtual Network

vMX &

vRouters

vSwitches (3rd party)

vServices (Juniper or

3rd party)

CSD SD ND

Space Platform

Space System

REST

NetConf / YANG

XMPP BGP / NetConf

NetConf

Orchestration System (OpenStack, VMware vCloud Center, Tivoli, Chef, Puppet or proprietary OSS/BSS)

Ansible

Chef

Puppet

Cobbler

Ganglia…

REST / Other

REST / Other

REST / Other

App

1

App

2

App

N

3rd Party

Applications

API / NetConf /

Rest

Scripts & Tools

NetConf / YANG

/OpenConfig /

PCEP / I2RS / REST /

OpenFlow / SLAX / SNMP

REST REST/ Other

REST / Other

App 1 App 2 App K

Contrail Platform

Contrail System

NorthStar controller

PCEP

…

REST / Other Management Protocols

REST


SECURITY AND SERVICE CHAINING


VIRTUAL

NETWORK

GREEN

Host + Hypervisor Host + Hypervisor

MICROSEGMENTATION / DISTRIBUTED FW

VIRTUAL

NETWORK

BLUE

VIRTUAL

NETWORK

YELLOW

Contrail Security Policy

(e.g. allow only HTTP traffic)

Contrail Policy

with a Firewall

Service

IP fabric

(switch underlay)

G1 G2 G3

B3

B1 B2

G1

G3

G2

Y1 Y2 Y3 B1 B2 B3

Y2 Y3 Y1

VM and virtualized Network

function pool

Intra-network traffic Inter-network traffic traversing a service

… …

LO

GIC

AL

(Po

licy D

efinitio

n)

PH

YS

ICA

L

(Po

licy E

nfo

rcem

en

t)

Non-HTTP

traffic

Security

Groups


MICROSEGMENTATION - NETWORK POLICIES

At a high level of abstraction, applied at the boundaries of virtual networks


MICROSEGMENTATION - SERVICE CHAINING

Policy based application of virtual and physical services with scale-out

Firewall, IPS, Load Balancer, Cache, WAN Optimizer, etc...


MULTI-VENDOR SERVICE CHAINING

SVC 1 VM SVC 2 VM

L4 L6

L3

L5 L3

R1 R2

L4

Srvr IP =

S1

Server IP =

S2 Srvr IP =

S4

L5 L6

Srvr IP =

S3

Locally significant MPLS Labels

Seamless insertion of Juniper & unmodified

3rd Party services using existing L3VPN

connections

Allows multiple Services in a chain

Allows multiple service chains between virtual

networks

Supports L3 services without the use of a

gateway

RI for non-svc-chain traffic

LO

GIC

AL

P

HY

SIC

AL

G1 G2

VIF 2

L2

Interf = VIF 1

Label = L1

VIF 4

L8

Interface = VIF 3

Label = L7

Dst Next Hop

G1 S2 L3

G2 S2 L3

R1 VIF 1

R2 VIF 2

Dst Next Hop

R1 S1 L1

R2 S1 L2

Dst Next Hop

G1 S3 L5

G2 S3 L5

Dst Next Hop

R1 S2 L4

R2 S2 L4

Dst Next Hop

G1 S4 L7

G2 S4 L8

Dst Next Hop

R1 S3 L6

R2 S3 L6

G1 VIF 3

G2 VIF 4

SVC 1 VM SVC 2 VM

X86 Servers

Routing Instances

R1 R2

Virtual Network

Red

L2 L1

Virtual Network

Green

G1 G2

L7 L8

IP Fabric


SERVICE CHAINING SALIENT FEATURES

SVC 1 VM SVC 2 VM

R1 R2

Virtual Network

Red

Virtual Network

Green

G1 G2

Service Policy

(for all traffic between

VN-red and VN-Green

use the SFC

Multiple Services in a Service Chain Multiple Service Chains between 2 networks

SVC 1 VM SVC 2 VM

R1 R2

Virtual Network

Red

Virtual Network

Green

G1 G2

SVC 3 VM

Policy-based Service Chaining

(e.g. for a particular 5-tuple use SFC 1 else use SFC2)

SVC 1 VM SVC 2 VM

R1 R2

Virtual Network

Red

Virtual Network

Green

G1 G2

Scale out Services

(Active-Active HA)

Multiple Service Instances (Scale-out aka active-active HA)

SVC 1 VM SVC 2 VM

R1 R2

Virtual Network

Red

Virtual Network

Green

G1 G2

Service Instances Active-backup HA

Active-back-up

Services


GATEWAY AND BARE METAL INTEGRATION


BMS INTEGRATION WITH L2 / L3 GATEWAY

Bare Metal

Server

Virtual Machines on

any Hypervisor

Top of Rack Switch

Virtual

Network

VM1

VM2

L3 GW

…

VLAN

Green

PHYSICAL

VM1

VM2

WAN / Internet

L3 GW

LOGICAL

Control using EVPN (BGP) for QFX

Config using OVS-DB/XMPP / Netconf

Config using XMPP / Netconf

Control using BGP (L3VPN / EVPN)

VXLAN

Tunnels

Contrail enables Legacy VLAN based

architecture interconnecting with a Cloud

architecture

Does not need a gateway when going from

one VN to another on the Contrail overlay

VLAN

Blue

Green

VM4

VM5 VM4

VM5

Blue

VM3

Virtual

Network

VM3

Contrail allows inter-VN traffic

in the overlay without having to

go through the L3 GW

For traffic from VM in overlay

to non-overlay VMs or BMS,

traffic needs to go through the

L3 GW

Intra-VN traffic from VM to

BMS goes through the TOR.


Router V-Server

V-Server

V-Server

Server

Switch

Switch

Legacy

Appliance

Legacy

Server


ANALYTICS


CONTRAIL ANALYTICS


ANALYTICS - UNDERLAY-OVERLAY CORRELATION

Visual representation of

topology (discovered

using LLDP)

What underlay path are

taken by flows (active or

historical)

Delails of VMs,

vRouters, and underlay

components

Details of active flows

Ability to show historical

flows as well


CONTRAIL PHYSICAL AND VIRTUAL TOPOLOGY DISCOVERY AND VISUALIZATION

Physical topology discovery using

SNMP and LLDP MIB

Physical to virtual adjacency

discovery using SNMP and MAC MIB

Virtual topology discovery using

OpenStack integration


CONTRAIL MAP OVERLAY FLOW TO UNDERLAY PATH – CURRENT FLOWS (PROBE)

Current flows

Find path using standard

probe (without detailed

statistics)


CONTRAIL MAP OVERLAY FLOW TO UNDERLAY PATH – HISTORICAL FLOWS

Choose from list of

all observed flows

(even past flows)

Underlay path discovery

uses sFlow or IPFIX

Overlay to underlay

mapping using vRouter

Sandesh

Many flows in overlay map to

64K flows in underlay (entropy

in source port).


VMWARE INTEGRATION


VMWARE VCENTER


VCENTER & CONTRAIL

ESXi Host KVM Host

ESXi Host KVM Host

Nova Compute

vCenter

ESXi Host

vCenter

OPTION 1:

OpenStack

with ESXi

(Currently

Supported)

OPTION 3:

Planned

“vCenter as a

Compute”

OPTION 4:

vCenter with

L2/L3

Gateway

(Planned

with OVSDB

support)

OPTION 2:

vSphere with

Contrail

(currently

supported)

Operator

Operator

Operator

ESXi Host KVM Host

L2 / L3 GW VXLAN

VLAN

OVSDB

vCenter Operator

XMPP XMPP

XMPP XMPP

Network Orchestration

Compute Orchestration

Admin UI Interaction

Nova

Compute


CONTAINER INTEGRATION


KUBERNETES & CONTRAIL

Kubernetes is Google’s Open Source orchestration system for Docker containers.

Handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure

that their state matches the users declared intentions.

Using the concepts of ”services" and "pods", it groups the containers which make up an

application into logical units for easy management and discovery. Uses “labels” for annotations.

O V E R V I E W

I M P L E M E N T A T I O N D E T A I L S F E A T U R E S

New daemon - listens to Kubernetes API on the

Master.

Creates virtual networks on demand.

Connects VNs together using the Labels /

Annotations present in app deployment template.

A plugin script running on the minion/node then

connects the container veth-pair to the

OpenContrail vrouter rather than the

docker0 bridge.

OpenShift Origin v3 leverages the K8s + Contrail

implementation

Virtual Network – for a collection of

PODs. (replicated using RC)

IP per POD.

Floating IP for Cluster IP (for policies)

ECMP Load-balancing across Service

PODs.

vRouter on Nodes

Source: http://googlecloudplatform.blogspot.com/2015_01_01_archive.html

Listens to

K8s API

Daemon

http://googlecloudplatform.blogspot.com/2015_01_01_archive.html

http://googlecloudplatform.blogspot.com/2015_01_01_archive.html


OVERLAY PERFORMANCE - HOW FAST SW HAS TO WORK

1.488 Millions of 64 bytes per second on 1GE Interface

14.88 Millions of 64 bytes per second on 10GE Interface

1.8Ghz -> 1 cycle = 0.56ns

1 packet -> 120 cycles * 0.56 = 67.2ns


VROUTER OVERVIEW - STANDARD

vRouter

Kernel Space

User SpaceQEMU Layer

Kernel Space

User Space

Guest VM

tap-xyz(vif)

vHOST

tap-xyz(vif)

VIRTIO

Nova Agent

vRouter Host Agent

Application VM

Linux Kernel Overhead

• System calls

• Data Copying from kernel to user space

• Interrupt handling in kernel

• Context switching on blocking I/O

950 ns


DPDK VROUTER OVERVIEW

Kernel Space

User SpaceQEMU Layer

Kernel Space

User Space

Application VMDPDK

Guest VMNova Agent

vRouter Host Agent

vRouter (VRFWD)

eth0

VIF: TAP

eth1

VIF: TAP

The Data Plane Development Kit (DPDK) is a set

of data plane libraries and network interface

controller drivers for fast packet processing. The

DPDK provides a programming framework for

Intel x86 processors and enables faster

development of high speed data packet

networking applications.

DPDK can improve packet processing

performance by up to ten times. It's possible to

achieve over 80 Mbps throughput on a single

Intel® Xeon® processor, and double that with a

dual-processor configuration.


DPDK VROUTER ARCHITECTURE

VM (Virtual Machine)

VIRTIO RingVIRTIO

Frontend

User Space vHost (libvirt 1.2.7)

vHost-Net : Kernel Space (Before QEUMU 2.1) vHost-User: User Space vHost (QEMU 2.1)

vRouter (User-Space)

VRFWD hugetlbfs (DPDK Ring)

User-Space

Qemu Uvhost client

Kernel Space

Virtio ring

Mmap’ed memory in VRFWD from hugetlbfs

Uvhost Server

Unix Socket(Message exchanged

once VM isUP)

1 2 3 4

NIC Queues (1,2..N)

DPDK NIC

DPDK vRouter

1 2 3 4

DPDK lcores

Lcores to NIC Queue Mapping 1-1

Poll

vRouter Forwarding

netlink

pkt0

VRF

Config

Policy Tables

vRouter Agent(vnswad)

Uvhost Server: Assigns lcore to virtio interfaces based on Unix Socket Message communications

TCP Connection

(routes/nexthops/

interfaces/flows

Created by DPDK EAL(Environment Abstraction Layer)

Created by DPDK EAL(Environment Abstraction Layer)

VIRTIOBandend

HostCompute Node

QEMU 2.2 Process Per VM

Host Process per VM

DPDK 2.0 Libraries

Guest


VROUTER PERFORMANCE WITH DPDK

Setup has 2 compute nodes, dual socket Xeon E5-2640 (2.5GHz)

Each server has one VM running a DPDK application

VM1 sends a continuous stream of 64 byte packets to VM2

One core in vrouter dedicated to reading packets transmitted by VM on sender (as multi-queue virtio is not

supported), others are forwarding cores

Performance (pps) measured as a function of number of cores used by vrouter on sender

Number of forwarding

cores on sender

64bytes PPS Bits per second

2 2.8M 1.34 Gbps

3 4.9M 2.35 Gbps

4 7.0M 3.34 Gbps

5 8.9M 4.25 Gbps


VROUTER PERFORMANCE SMARTNIC


25M 12 Gbps


2.5M 1.2 Gbps

Contrail vRouter with SmartNIC OVS with DPDK


OPENSTACK OVS VERSUS CONTRAIL VROUTER COMPARISON

OVS (OpenVswitch)

scale limitations per architectural challenges.

Limited Network throughput

No Analytics

No ISSU

Contrail vRouter

Tested with at least 2000 nodes and 10k VMs

SmartNIC and DPDK allow for Mpps scaling for Telco VNFs

Detail Cluster real time and historical analysis information

200 nodes

2000 nodes

OVS

Contrail


OPENCONTRAIL


CONTRAIL IS OPENSOURCE www.opencontrail.org


IN SUMMARY …


CASES

SaaS / IaaS Enterprise Private Cloud Service Provider

SaaS Enterprise Security Enterprise

SaaS Social Net. Public Cloud

Hosting IaaS/Enterprise


Perf Monitoring

TECHNOLOGY PARTNERS

NFV

Cloud,

System

Integrators

Elastic CDN vSBC ADC / LB, vLB / Ph. LB

NFV Orch. (NCSO)

Ubuntu, OIL, Juju MOS, Fuel RHEL/RHOSP, OSPd, OpenShift

DPI (VPTS)

ICO 2.4, ICM 4.3

WAN Optimization

Smart NIC Agilio, vRouter Smart NIC Smart NIC


Case Studies


Key Requirements • Agile DevTest environment

• Reduce manual intervention/avoid mistakes

• Best overlay for any underlay

• Clear segmentation between departments

Contrail Empowers: • On-demand & scale-out network services

• Fully automated network provisioning

• Massive amount of ROI with existing gateway

• Secure multitenancy

http://www.juniper.net/us/en/company/case-studies/service-provider/symantec/

Agile Private Cloud for IaaS








SAAS CLOUD Solution Description Customer Needs

1 Integration of Private & VPC using Openstack

Multiple Private DCs & Public Cloud Service Locations

Same Security Framework across Hybrid Cloud

3 Strong Security & Governance Framework

Reduced Security Rules Complexity on Firewall All Traffic

Flows are Logged and Stored

4 On-Demand Virtualized Network Services

FW-as-a-Service implemented using Virtual SRX

LB-as-a-Service implemented using F5 BIG-IP or Contrail

Highly Multi-tenanted & High Scale SaaS Workloads

Security framework for Governance, Audit, and Compliance

Self Service Environment for Test-Dev & Production

Hybrid Cloud Support – Public & Private

2 Self-service with Mix of Resource Types across IaaS

Developer can request services across multiple clouds (AZs)

Some Applications not Virtualized (KVM) – run on Docker (BM)

Controlled migration from development to production on

Shared Cloud

2 3

1

PRODUCTION

Public Clouds Internet

DEVELOP-

MENT

“Open Compute” Platform, Openstack Orchestrator, KVM &

Docker, Contrail Network Virtualization

SRX

F5

4


SDWAN / CLOUD CPE ELASTIC SERVICE INFRASTRUCTURE (NTTI3)

Solution Description Customer Needs

1 Flexible Service Chaining

Service Catalog / Marketplace with choice of services

Service Chaining of Security and Network services

Services run in POP or customer premises (ESE)

APIs integration with self-service portal

Multi-tenant LBaaS, FWaaS, WanOpt-aaS capability

Reduced TCO from low-cost CPE devices, ( cust support costs)

Improved agility in introducing new (& upgrading existing) services

Self-care portal for service enablement

Scale-out and on-demand security and connectivity services to

business customers with light-weight device at customer

premise

3 Open, interoperable Carrier-grade SDN Platform

OpenContrail - scalable, performant & available SDN

platform

BGP & other standards-based protocol for interoperability

4 Software Defined WAN

Built on top of the Internet, using secure connection for data

and control traffic

Integrates with existing L3VPN (wherever applicable)

2 Central management, monitoring, troubleshooting

ESI Controller manages & monitors the environment

centrally

OpenStack Heat to create service templates

Customer

Branch

Customer

DC

Software

Defined WAN

(L3VPN)

ESI

Controller

4

2

ESE ESE

ESE ESE ESE

ESI POP

ESE ESE ESE

ESI POP

ESE ESE Customer

HQ

Customer

Premise

ESI POP

(NTT DC)

COTS HW (X86, ARM, )

SDN / NFV Software Stack

VNFs MARKET PLACE

…

3

1

Internet


VIRTUAL CPE Solution Description Customer Needs

Multi-tenant VPNaaS, FWaaS, WanOpt-aaS capability

Reduced TCO from low-cost CPE devices, and reduced customer

support costs

Improved agility in introducing new (& upgrading existing) services

Self-care portal for service enablement

Scale-out and on-demand security and connectivity services to

business customers with light-weight device at customer

premise 1 Contrail enabling Service Chaining on the vCPE

Security and connectivity services chained at the PE

Svcs co-located with PE (no need for separate SP svc DC)

APIs integration with self-care portal

3 Contrail’s robust L3VPN overlay architecture

Seamless integration with SP’s existing L3VPN offering

Integrates with existing / legacy underlay networks

4 Integration with MX (PE)

Dynamic traffic steering to services, using standards-based

approach (BGP Flowspec)

Anchor point for service chains

2 Multi-tenant services for business customers

Separate VNF instance for separate customers

Traffic segregation between customers using virtual networks

Overlapping address space for tenants

Basic

CE

Basic

CE PE PE

VPN IP/MPLS

VCPE VCPE

Contrail /

OpenStack

Internet

4

1

2

3


ENTERPRISE PRIVATE CLOUD (HADOOP) Solution Description Customer Needs

1 Contrail overlay on L3 underlay

Pure L3 routing in underlay to the top of rack switch

CLOS-based network architecture to provide high-

bandwidth capacity between compute nodes

Virtualized (compute) and bare metal (Hadoop) servers

3 Centralized security policy definition, distributed enforcement

API-based policy definition

Security policy at virtual network level and VM level

4 Self-provisioned service / app deployment

Controlled migration of apps from development to production

clouds

Seamless integration of new features / apps

2 Juniper MX / SRX

MX as a gateway router to Interconnect public internet &

L3VPN capability

SRX used as a firewall

Contrail enabling a private cloud infrastructure for Big Data

application development and deployment Secure, multi-tenant private cloud environment

On-demand creation and dynamic scale-out of custom services

Rapid, seamless deployment of new services to internal users

Hadoop support: massive storage, on-demand data ingest,

real-time stream processing, DB-as-a-Service (NoSQL / SQL)

‘As-a-service’ model for network functions (LB-aaS, DNS-aaS)

Contrail /

Openstack

Big Data Racks Infra Racks Openstack Racks

MX GW

SRX Dynamically scaled

application edge

Scale-out Big Data Apps

A10

2

1

4 3


Thank you Thank you

juniper networks - network eventos ivan... · (openstack, vmware vcloud center, tivoli, chef,...

Documents