sdn controller in virtual data center - …€¦ · sdn controller in virtual data center emil g...
TRANSCRIPT
SDN CONTROLLERIN VIRTUAL DATA CENTERIN VIRTUAL DATA CENTER
Emil Gągała
PLNOG, 30.09.2013, Kraków
INSTEAD OF AGENDA
2 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
ACKLOWLEDGEMENTS
Many thanks to Bruno Rijsman for his contributions to the development of this technology
3 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
SDN IS A NEW PARADIGM AND ARCHITECTURE
SDN’s definition encompasses 3 elements:
Centralized 2
AbstractNorth-Bound Interfaces
1
Logically
Network Programming
Model
5 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
With Standards
Control, Data, Management and
ServicePlane Separation
3
Centralized Control Plane2 Logically
Centralized
SDN
NETWORK AS A SERVICE
Management Plane
Service Plane
M
SSS
6 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Control Plane
Forwarding Plane
CVMs on x86
C
Control
Forwarding
THE SYSTEMAS A PLATFORM
THE NETWORKAS A PLATFORM
BRIDGING PHYSICAL/VIRTUAL NETWORKA GENERAL PURPOSE SDN PLATFORM
Control Plane - Physical, VirtualOpen, standards-based, federated controller
Scalable and resilientControl Plane
Configuration manager, Automation
Control Plane Control Plane
Orchestration, Automation, AnalyticsOpen source and partner eco system of orchestrators
Api and sdk for integration with OSS / BSS OSS
8 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Physical NetworkInteroperability with traditional network devices
Any-to-any non-blocking low-latency fabric: Q-Fabric or Clos
Virtual Network OverlayMulti-tenancy for private and virtual public clouds
Gateway functions - connect to virtual to physical network
Service chaining (physical and virtual)
MarketingHRFinance
ENTERPRISE PRIVATE CLOUDSP IaaS, VPC OPTIMIZED SP CORE SP UNIVERSAL EDGE
SDN USE-CASES
9 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
• IT-as-a-Service(Internal Managed
Svcs)
• Orchestration
• Automation
• Agility
• Managed Cloud Services
• L3VPN extensioninto DC’s
• Intra, Inter-Domain Orchestration
• Multi-tenancy
• Global Optimization for TE
• Policy-based BW Allocation
• Network Functions Virtualization
• Service Orchestration and Chaining
ENTERPRISE PRIVATE CLOUD
Dynamic resource allocationAutomated configurationDynamic service chains
Manual configuration of VLANs at every switch
Administration and configuration is complex and slow
Scale : 4096 Tenant IDs
12 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Finance HR Marketing Finance HR Marketing
VLAN
Physical Service
Appliances
VirtualNetwork
VirtualServices
(NFV)
SERVICE PROVIDER CLOUD (IAAS, VPC)
Public Cloud Providers, Content Providers, ...
End-to-End Virtual Network Orchestration and Automa tion
13 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Service ProviderInfrastructure as a Service (IaaS)
Service ProviderL3VPN, E-VPN
Service ProviderManaged Virtual Private Cloud (VPC)
Enterprise Offices Enterprise Data Center
SDN CONTROLLERARCHITECTURE OVERVIEW
15 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
ARCHITECTURE OVERVIEW
ROLE OF CONTROLLER IN A VIRTUALIZED ENVIRONMENT
OrchestratorOpenStack, CloudStack
Contrail Controller"Logically Centralized, Physically Distributed"
Sto
rage
Com
pute
Com
puteN
etw
ork
High Level Abstraction
16 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Physical Network(Fabric)
Physical and
VirtualNetworkServices
VM
VM VM
VM
Server Server
Storage
Physical Network(Gateway)
Network (Physical and Virtual)
Low Level Realization
Contrail vRouter
BUILDING BLOCK: MULTI-TENANCY
17 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
L3 Network L2 NetworkL3 routerL2 Network L2 Network
Physical Topology
Logical Topology
BUILDING BLOCK: GATEWAY FUNCTIONS
Data Center 1 Data Center 2
Tenant
VPN
Internet
18 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
BA CA
WAN
BD DA
Gateway Router Gateway
Non
Virtualized
Server
Gateway Switch
BUILDING BLOCK: SERVICE CHAINING (NFV)
FW LBTenant
Network
A
Internet
NATTenant
Network
Tenant
NetworkFW
19 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
NATNetwork
A
Network
B
FW
Tenant
Network
A1
Tenant
Network
A2
FW
CONTRAIL MULTI-TENANCY IMPLEMENTATION
Contrail SDN Controller
OpenStack
Configuration Analytics
Control
Quantum
VM VM VM
VM VM VM
Tenant
Network
A
20 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Virtualized Server
VM VM VM
Virtualized Server
VM VM VMIP fabric
(underlay network)
VM VM VM
Data Center
VM VM VM
Tenant
Network
B
CONTRAIL IS BASED ON MPLS VPN TECHNOLOGY
BGP
BGP
IBGP
Network Management System (NMS)
DMI ConfigNode
Orchestrator
AnalyticsNode
SDN System
RouteReflector
RouteReflector
ControlNode
ControlNode
21 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
P PPE PECECE
UnderlaySwitch
vRouter
UnderlaySwitch
VM
VM
VM
VM
vRouterVM VM
XMPP
MPLS over MPLS
MPLS over GRE, MPLS over UDP, VXLAN, NVGRE, etc
SDN System
L3VPN / E-VPN Contrail
CONTRAIL MULTI-TENANCY IMPLEMENTATION
Contrail SDN Controller
OpenStack
Configuration Analytics
Control
Quantum
OpenStack OrchestratorQuantum Plug-in
Contrail SDN Controller
XMPP
22 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Virtualized Server
VM VM VM
Virtualized Server
VM VM VMIP fabric
(underlay network)
KVM Hypervisor + Contrail vRouter
XMPP
Underlay switches
Tenant VMs
VXLAN or MPLS/GRE or MPLS/UDP
CONTRAIL MULTI-TENANCY IMPLEMENTATION
23 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
CONTRAIL GATEWAY IMPLEMENTATION
Contrail SDN Controller
OpenStack
Configuration Analytics
Control
Quantum
VM VM VM
Tenant
Network
A
VM VM VM
Tenant
Network
B
Data Center
24 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Virtualized Server
VM VM VM
Virtualized Server
VM VM VMIP fabric
(underlay network) Customer A
L3VPN
Customer B
L3VPN
L3VPN
CONNECT PHYSICAL L3VPN TO VIRTUAL NETWORKFOR CLOUD ACCESS AND/OR SERVICE CHAINING
VM VM
Red
L3VPN Red VN
WAN DC / POP Underlay
BGP Route Reflector Contrail Controller
Tenant VM or
Service VM
BGP BGPBGP XMPP XMPPBGP
25 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VM VM
Green
L3VPN
Green VN
DC / POP Underlay
WAN
MPLS over TE-LSP
Data Center
MPLS over GRE
similar to "Inter-AS Option (b)"
OVERLAY ENCAPSULATIONS
EthernetIPGREMPLSIPL4-L7
Encapsulated payload
Tenant identification
EthernetIPGREMPLSEthernetL4-L7
L3 over MPLS over GRE
L2 over MPLS over GRE IP
Transport tunnel
26 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
EthernetIPUDPVXLANEthernetL3-L7L2 over VXLAN
EthernetIPUDPMPLSIPL4-L7
EthernetIPUDPMPLSEthernetL4-L7L2 over MPLS over UDP IP
L3 over MPLS over UDP
CONTRAIL SERVICE CHAINING IMPLEMENTATIONIN THE DATA CENTER
Contrail SDN Controller
OpenStack
Configuration Analytics
Control
Neutron
NA
VM VM VM
Tenant Network
A
27 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Virtualized Server
VM VM VM
Virtualized Server
VM VM VMIP fabric(underlay network)
Virtualized Server
NAT
Virtualized Server
FW
FW
T
VM VM VM
Tenant Network
B
Data Center
‘All packets from VN A to VN B must pass through NAT, FW services’
CONTRAIL SERVICE CHAINING IMPLEMENTATION
28 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
SDN CONTROLLERDETAILED WALK -THROUGH
29 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DETAILED WALK -THROUGH
LOGICAL TOPOLOGY
VMG1
VMG2
VMG3
VN G
VMFW
Virtual Network
Tenant Virtual MachinesVirtual Firewall
30 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
BMSR4
Physical Gateway RouterNon-Virtualized (Bare Metal) Server
Physical Network (Internet, L3VPN, ...)
PHYSICAL TOPOLOGY
OpenStackContrail
ControllerNeutronNova
Virtualized Server
Hypervisor with Contrail vRouter
31 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
Non-Virtualized (Bare Metal) Server
Underlay Switches
Gateway Router to Internet or L3VPN
MAPPING OF LOGICAL TO VIRTUAL TOPOLOGY
VMG1
VMG2
VMG3
VN G
VMFW
OpenStackContrail
ControllerNeutronNova
32 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
L3VPN
PHYSICAL LOGICAL
BMSR4
STARTING POINTEMPTY LOGICAL TOPOLOGY
VMG1
VMG2
VMG3
VN G
VMFW
OpenStackContrail
ControllerNeutronNova
33 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
CREATE GREEN TENANTCREATE VIRTUAL NETWORK "GREEN"
VMG1
VMG2
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
Create VN G
34 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1"
VMG1
VMG2
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
Create VM G1Attach to VN G
Nova: Create VM
VMG1
35 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1"
VMG1
VMG2
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
Neutron:Attach VM to VN
Create VM G1Attach to VN G
XMPP:Create routing-instance
36 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2"
VMG1
VMG2
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
Create VM G2Attach to VN G
VMG1
Nova: Create VM
VMG2
37 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2"
VMG1
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
Neutron:Attach VM to VN
Create VM G2Attach to VN G
VMG2
XMPP:Create routing-instance
VMG2
38 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2"
VMG1
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
Create VM G2Attach to VN G
VMG2
XMPP:Exchange routesCreate tunnels
VMG2
39 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
CREATE GREEN TENANTFORWARDING TABLES AND ENCAPSULATION
VMG1
VMG2
Green routing-instance IP FIB Green routing-instance IP FIB
Inner IP headerPayload
VM G1
Source IP
VM G2
Dest IP
...
MPLS
L2
LabelGRE
...
Outer IP header
Server S1
Source IP
Server S2
Dest IP
Ethernet
Server S1
Source MAC
Server S2
Dest MAC
Packet
S1 S2
40 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
IP prefix Nexthop
VM G1Virtual ethernet port
to VM G1
Green routing-instance IP FIB
VM G2Push label L2 +
GRE encaps to server S2
MPLS label Nexthop
L1 Pop + Green routing-instance
Global MPLS FIB
IP prefix Nexthop
Server S2 Physical ethernet port
Global IP FIB
IP prefix Nexthop
VM G1Push label L1
GRE encaps to server S1
Green routing-instance IP FIB
VM G2Virtual ethernet port
to VM G2
MPLS label Nexthop
L2 Pop + Green routing-instance
Global MPLS FIB
IP prefix Nexthop
Server S1 Physical ethernet port
Global IP FIB
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3"
VMG1
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2
Create VM G3Attach to VN G
41 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
Nova: Create VM
VMG3
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3"
VMG1
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2
Create VM G3Attach to VN G
Neutron:Attach VM to VN
42 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
VMG3
XMPP:Create routing-instance
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3"
VMG1
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2
Create VM G3Attach to VN G
XMPP:Exchange routesCreate tunnels
43 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
VMG3
CREATE GREEN TENANTEND STATE
VMG1
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2
44 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
VMG3
CREATE RED TENANTSAME STEPS AS GREEN TENANT
VMG1
VMG3VM
FW
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2
45 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
CONNECT GREEN TO RED TENANT VIA FIREWALLCREATE VIRTUAL MACHINE FOR FIREWALL
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2
Create VM FWAttach to VN GAttach to VN R
VMFW
Nova: Create VM
46 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
CONNECT GREEN TO RED TENANT VIA FIREWALLATTACH FIREWALL TO RED AND GREEN VIRTUAL NETWORKS
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2
Create VM FWAttach to VN GAttach to VN R
VMFW
Neutron:Attach VM to VNs
47 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PN
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
XMPP: Create routing-instance
CONNECT GREEN TO RED TENANT VIA FIREWALLAPPLY POLICY, EXCHANGE ROUTES, AND CREATE TUNNELS
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
Apply PolicyVN G ↔ VN R
XMPP:Exchange routes
Create tunnels
48 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
L3VPN
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
CONNECT GREEN TO RED TENANT VIA FIREWALLEND STATE
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
49 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
L3VPN
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
CONNECT GREEN TO RED TENANT VIA FIREWALLDATA PLANE: RED ↔ GREEN TRAFFIC FORCED THROUGH THE FIREWALL
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
50 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
L3VPN
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
CONNECT RED TENANT TO PHYSICAL L3VPNCONFIGURE L3VPN ROUTING INSTANCE
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
Apply PolicyVN R ↔ L3VPN
Netconf:Configure
routing-instance
51 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
L3VPN
CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH PHYSICAL ROUTER, CREATE TUNNEL S
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
Apply PolicyVN R ↔ L3VPN
BGP:Exchange routes
Create tunnels
52 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
L3VPN
CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH VROUTERS, CREATE TUNNELS
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
Apply PolicyVN R ↔ L3VPN
XMPP:Exchange routes
Create tunnels
53 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN R
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
L3VPN
CONNECT BARE METAL SERVER TO RED TENANTUSE TOP-OF-RACK SWITCH AS GATEWAY
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
54 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN RBMSR4
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
L3VPN
CONNECT BARE METAL SERVER TO RED TENANTCREATE ROUTING INSTANCE
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
Attach BMS R4to VN R
using switch S
Netconf:Configure
routing-instance
55 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN RBMSR4
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
L3VPN
CONNECT BARE METAL SERVER TO RED TENANTEXCHANGE ROUTES WITH PHYSICAL SWITCH, CREATE TUNNEL S
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
Attach BMS R4to VN R
using switch S
BGP:Exchange routes
Create tunnels
56 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN RBMSR4
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
L3VPN
CONNECT BARE METAL SERVER TO RED TENANTEXCHANGE ROUTES WITH VROUTERS, CREATE TUNNELS
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
Attach BMS R4to VN R
using switch S
XMPP:Exchange routes
Create tunnels
57 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN RBMSR4
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
L3VPN
CONNECT BARE METAL SERVER TO RED TENANTEND STATE
VMG1
VMG3
OpenStackContrail
ControllerNeutronNova
VN G
VMG1
VMG2 VM
G2VMFW
58 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VMR1
VMR2
VMR3
VN RBMSR4
PHYSICAL LOGICAL
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
L3VPN
SUMMARY
59 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
SUMMARY
THE IMPORTANCE OF ABSTRACTION
OpenStackContrail
ControllerNeutronNova
VMG1
VMG2
PHYSICAL TOPOLOGY
� Complex• Low level of abstraction• Many vrouters• Many routing-instances• Many tunnels• Many routes
60 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
BMSR4
VMG3
VMR1
VMR3
VMR2
VMFW
� Complex to configure
� Complex to troubleshoot
THE IMPORTANCE OF ABSTRACTION
LOGICAL TOPOLOGY
� Simple• High level of abstraction
� Simple to configure
� Simple to troubleshoot
VMG1
VMG3
VN G
VMG2VM
FW
61 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
� Simple to troubleshoot
� Contrail provides abstraction• Configure logical layer• Mapping to physical layer• "SDN as a Compiler"• Analytics at physical layer• Mapping to logical layer
VMR1
VMR2
VMR3
VN R
BMSR4
L3VPN
STANDARDS
ContrailController
� Horizontally scalable� Highly available� Federated
BGP FederationBGP
Federation
Contrail Controller
Control
ConfigurationConfigMgmtConfigMgmt
ConfigurationAnalyticsAnalytics
ControlControl
WAN Gateway
Control
N/B REST API’s
Cloud Orchestration
Overall architecture
� IETF NVO3 WG� ETSI NFV ISG
Overlay control plane protocols:
� XMPP: RFC 6120, draft-ietf-l3vpn-end-system
� BGP L3VPN: RFC 4364� BGP EVPN: draft-ietf-l2vpn-evpn� NetConf: RFC 6241� Multicast: draft-marques-l3vpn-mcast-edge
62 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
VM VM VM VM VM VMIP fabric(switch underlay)
Agent/vRouter(KVM, Xen, Linux…)
XMPP
Tunnel fabric - MPLS over GRE/UDP, VXLAN, NVGRE
Virtualized Server Virtualized Server
WAN Gateway
Underlay control plane protocols:
Existing layer-2 or layer-3 protocols
Overlay data plane encapsulation:
� MPLS over GRE: RFC 4797� VXLAN (encapsulation only): draft-mahalingam-dutt-
dcops-vxlan
WANT TO TRY?
www.opencontrail.org
63 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
