opencontrail presentation at openstack days tokyo japan feb 13 2014
DESCRIPTION
Ankur Singla presents OpenContrail @ OpenStack Days Event in Tokyo Japan - February 13, 2014TRANSCRIPT
OPENSTACK DAYSTOKYO, FEB ‘14
Juniper Restricted Confidential - Do not distribute externally
2 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
ISSUES FROM VENDOR VIEWPOINT
3 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
LOST DECADE OF NETWORKING
2001 2011
… cool new logos
4 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
THE RAGE OF 2011-2013
Solution looking for a problem …..
…. and it did find a few interesting ones
5 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
WHAT ARE THE REAL PROBLEMS…
CONFIGURED, MANAGED
Whatever happened to Web2.0?
6 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
WHAT ARE THE REAL PROBLEMS…
Cloud? Scale-out? ….
SCALE-UPSYSTEMS
7 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
WHAT ARE THE REAL PROBLEMS…
Virtualization? Orchestration?
HARDWARE SERVICES
8 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
WHAT ARE THE REAL PROBLEMS…
Big Data? Analytics? ….
LOW VISIBILITY
9 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
NETWORKING PROBLEMS IN A NUTSHELL
CONFIGURED, MANAGED
HARDWARE SERVICES
LOW VISIBILITY
SCALE-UPSYSTEMS
POOR MANAGE-ABILITY
INFLEXIBLE SYSTEMS
HARDWARE CENTRIC
10 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
ISSUES FROM CUSTOMER VIEWPOINT
13 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DATA-CENTER CHALLENGES
LOAD BALANCER
FIREWALL
VLANS VLANS
FINANCE HR MARKETINGPhysical Servers
Local Hard Drives
LOAD BALANCER
FIREWALL
Admin
Config
MARKETING FINANCE HR
VIRTUALIZED
Centralized Management & Control, Policy provisioning
Network Virtualization and Centralized Services Management
14 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DATA CENTER CHALLENGES
INTER-CLOUD ORCHESTRATION
Inability to orchestrate multi-cloud/hybrid cloud environments
PROGRAMABILITY No programmatic API at the network level for integrated orchestration
SERVICE INSERTION Appliance-based network functions limits service velocity
SCALABILITY Tying per-tenant information to physical network restricts scale
17 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
SERVICE PROVIDER NETWORK CHALLENGES
SGSN / MME
SBC
Media Gateway
FW
SLB
DPI
CACHING
GGSN / P-GW
Mobile Edge
Broadband Edge
Business Edge Core /
Backbone
PCRF
Scalable Virtual Service on x86
Scalable Virtual Service on x86
Private networks
SP DATACENTER
BRAS/VPN Edge
FW – IPS – PDF – DDoS
FW – IPS – PDF – DDoS
Service Load Balancing
Service Load Balancing
L3VPN-ENABLEDSP CORE/BACKBONE
BUSINESS EDGE
BROADBAND EDGE
MOBILE EDGE
Dynamic Service Provisioning, Scaling; Service ChainingDynamic Service Provisioning, Scaling; Service Chaining
Services – Firefly, Web App Secure, Ddos Secure, vSA
Services – Firefly, Web App Secure, Ddos Secure, vSA
NFV: Virtualized Network Services with Centralized Management & Orchestration
18 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
SERVICE PROVIDER CHALLENGES
DISTRIBUTED, MULTIVENDOR SYSTEM
Challenges in orchestration of distributed cloud built using multi-vendor hardware and software
PROGRAMABILITY No programmatic API at the network level for OSS/BSS Agility & Automation
SERVICE INSERTION Appliance-based network functions limit service velocity
SCALABILITY Very Large Number of Network Applications, Services, Subscribers
19 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
NETWORK VIRTUALIZATION TECHNIQUES FOR OPENSTACK
20 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
LEGACY DC - L2/VLAN BASED APPROACH
VMs
ToR ToR
Servers
21 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
Routing & Filteringbetween VLANs
VLAN Span Limit
LEGACY DC - LIMITED VLAN SPAN
ToR ToR
Routing & Filteringbetween VLANs
No VLANs Across L3 FW
LB
FW
LB
22 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
LEGACY DC - NO MULTI-TENANCY
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
VLAN Span Limit
VMs
ToR ToR
FW
LB
FW
LBSingle Routing Table
(No support for overlapping multi-tenant space)
23 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L2/L3 -MPLS
L3-MPLS
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
VLAN Span Limit
LEGACY DC - MULTI-TENANCY WITH VRF
ToR ToR
VRF for multi-tenant isolation
Tenant-VRF Tenant-VRF
L3-MPLS
L2/L3 -MPLS L2/L3 -MPLS L2/L3 -MPLS
MPLS – Enabled links
FWLB
FWLB
FWLB
FWLB
FWLB
FWLB
Tenant Specific HW Appliance
Services
24 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L3 L3
L2-SW
L3 ToR
L3 ToR
L3 ToR
L3 ToR
L3 L3 L3 L3
L3
CLOUD DC – ECMP CLOS NETWORK
VXLAN
External Network
L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW
Servers
25 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L3 L3
L2-SW
L3 ToR
L3 ToR
L3 ToR
L3 ToR
L3 L3 L3 L3
L3
CLOUD DC - TYPICAL L2 OVERLAY
Hypervisor Switch performs L2 forwarding
Separate VM does L3 Routing and NAT
VXLAN
VXLAN
VXLAN
External NetworkExternal Network
L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW
Servers
26 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
L3 L3
L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3
L3 L3 L3 L3
L3
CLOUD DC - CONTRAIL L2/L3 OVERLAY
vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter
Hypervisor vRouter handles L2/L3
Hypervisor vRouter performs NAT
= multi-tenant VRF
Service Insertion Service Insertion
External Network
Servers
27 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
CONTRAIL NETWORK VIRTUALIZATION
28 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
ROLE OF CONTRAIL IN OPENSTACK ENVIRONMENT
Service Nodes
Internet VPN DCI WAN
Gateway Router
Contrail
Openstack
Nova APIs Cinder/Switft APIsNeutron APIs
Server
Virtual Machine vRouter
Physical Switches
vSRX, F5 …
29 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
PHYSICAL DATACENTER TOPOLOGY VIEW
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch Leaf Switch
Spine Switch Spine Switch Spine Switch
GatewayRouter
Gateway Router
Control Node
Config Node(Openstack)(Cloudstack)
Analytics Node
WebUI Node
Control Node
Config Node(Openstack)(Cloudstack)
Analytics Node
WebUI Node
Network
L2, L3
L3
OSPF/BGP
BGP
L3 ECMP
No VM IP information in the Underlay Network
Optional Redundancy
Compute & Storage Rack Compute & Storage Rack Orchestration & Services Racks
30 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
CONTRAIL NETWORKING STACK
Configuration Nodes
ControlPlane
ComputeNode
(Virtual Router)
ServiceNodes
(SRX, F5, ...)
GatewayNode
(MX, EX/QFX, ...)
ControlPlane
ControlPlane
AnalyticsEngine
AnalyticsEngine
AnalyticsEngine
REST APIs (Configuration, Operational, and Analytics)
OpenstackCustomer OSS/BSS Cloudstack
31 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
CONTRAIL NETWORKING FEATURES
NAT, Routing, Switching
IPAM, Virtual DNS
Load Balancing
Security Services
3rd Party Network Srvc
Physical or Software GW
Rich Analytics
Service Chaining
High Availability
API Services
32 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
Gateway Service
Applications & Services (AS)
Configuration Management (CM)
Control Plane (CP)
Host Agent
VRouter(Data Plane)
SOLUTION OVERVIEW
32C O N F I D E N T I A L – D O N O T D I S T R I B U T E
VIRTUAL NETWORK A
VIRTUAL NETWORK B
VIRTUAL NETWORK C
CustomerL3VPN
Service Appliance
Public Internet(ISP-1)
Public Internet(ISP-2)
PE Router(Juniper MX,Cisco ASR9K)with L3VPN/VRF Support
ServiceAppliance
Service Appliance withL3VPN/VRF Support(Juniper SRX, etc)
Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc)
Bare Metal Linux/WindowsVirtualized Servers (Hypervisor)
Contrail VirtualNetwork Controller
VRF
VRF
VRF
CM CP CM CP
CM CP AS CP
VM VM VM VM VM VM
AgentvRouter
AgentvRouter
Dashboard Console
Management, Configuration, Orchestration, Analytics
AgentvRouter
AgentvRouter
AgentvRouter vRouter vRouter
Contrail SWGateway
33 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
SOLUTION OVERVIEW – CONTROL & MGMT PLANE
33C O N F I D E N T I A L – D O N O T D I S T R I B U T E
VIRTUAL NETWORK A
VIRTUAL NETWORK B
VIRTUAL NETWORK C
CustomerL3VPN
Service Appliance
Public Internet(ISP-1)
Public Internet(ISP-2)
PE Router(Juniper MX,Cisco ASR9K)with L3VPN/VRF Support
ServiceAppliance
Service Appliance withL3VPN/VRF Support(Juniper SRX, etc)
Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc)
Virtualized Servers (Hypervisor)
Contrail VirtualNetwork Controller
VRF
VRF
VRF
CM CP CM CP
CM CP AS CP
VM VM VM VM VM VM
AgentvRouter
AgentvRouter
Dashboard Console
Management, Configuration, Orchestration, Analytics
AgentvRouter
AgentvRouter
AgentvRouter
BGP/Control, Netconf/Mgmt
XMPP (Control, Mgmt)
Bare Metal Linux/Windows
vRouter vRouter
Contrail SWGateway
Gateway Service
Applications & Services (AS)
Configuration Management (CM)
Control Plane (CP)
Host Agent
VRouter(Data Plane)
34 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
SOLUTION OVERVIEW – DATA PLANE
34C O N F I D E N T I A L – D O N O T D I S T R I B U T E
VIRTUAL NETWORK A
VIRTUAL NETWORK B
VIRTUAL NETWORK C
CustomerL3VPN
Service Appliance
Contrail SWGateway
Public Internet(ISP-1)
Public Internet(ISP-2)
PE Router(Juniper MX,Cisco ASR9K)with L3VPN/VRF Support
ServiceAppliance
Service Appliance withL3VPN/VRF Support(Juniper SRX, etc)
Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc)
Virtualized Servers (Hypervisor)
Contrail VirtualNetwork Controller
VRF
VRF
VRF
CM CP CM CP
CM CP AS CP
VM VM VM VM VM VM
AgentvRouter
AgentvRouter
Dashboard Console
Management, Configuration, Orchestration, Analytics
AgentvRouter
AgentvRouter
AgentvRouter
Bare Metal Linux/Windows
vRouter vRouter
Route Across/within VNs (L3VPN)
Bridge within VNs (EVPN)
Dynamically Insert Services (Physical &
Virtual)
Gateway Service
Applications & Services (AS)
Configuration Management (CM)
Control Plane (CP)
Host Agent
VRouter(Data Plane)
35 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DEMO OVERVIEW
36 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DEMO – PHYSICAL TOPOLOGY
Hypervisor
HypervisorHypervisor
Hypervisor
Hypervisor
Leaf Switch Leaf Switch Leaf Switch Leaf Switch
EX-4500 EX-4500 EX-4500
MX-80 MX-80
Control NodeConfig NodeOpenstack Srvcs
LAB NETWORK
L2, L3
L3
OSPF
OSPF
Compute & Storage Rack Compute & Storage Rack Orchestration & Services Racks
Control NodeAnalytics NodeOpenstack Srvcs
37 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
DEMO – LOGICAL TOPOLOGY
LAB NETWORK
Controller Nodes
AP CP
Dashboard Console
Management, Configuration, Orchestration, Analytics
VRF
VRF
VRF
VM VM
AgentvRouter
CM CP
VRF
VRF
VRF
MX-80 MX-80
VM
VM VM
AgentvRouter
VM
AgentvRouter
VM VM
AgentvRouter
VM VM
AgentvRouter
Compute Nodes
BGP
XMPP
MPLSoUDP, VXLAN
MPLSoGRE,VXLAN
38 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
OPEN CONTRAIL
Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper.
Same features and scaling as commercial versionUses proven stable standards. Production-Ready
Permissive license Apache 2.0 (Controller), GPL (vRouter)
Integrated into open source virtualization stacksOpenStack (production), CloudStack (beta)