Copyright 2015 Blue Chip Tek

Software Defined Networking That Works

Dave UngerSenior Solutions Architect

Copyright 2015 Blue Chip Tek

Agenda

• Introduction to Contrail• Physical components of Contrail reference

architecture• Contrail demo• Q & A

3 Copyright © 2013 Juniper Networks, Inc. www.juniper.net

CONTRAIL INTRODUCTION

4 Copyright © 2013 Juniper Networks, Inc. www.juniper.net

CONTRAIL - BASED ON MPLS VPN TECHNOLOGY

VM

Hypervisor with vRouter

Server

Tenant VRF

Encapsulation Tunnel

XMPP (BGP)

Datacenter

RouteReflector

BGP

Provider Network

L3 VPNs for Inter-Site ConnectivityTraffic segmentation in the WANMPLS over MPLS label encapsulation tunnels

BGP route signaling

Contrail Virtual Networks in DatacentersTraffic segmentation in the LANMPLS over GRE or VXLAN label encapsulation tunnelsXMPP (with BGP payload) route signaling

Protocols,Architecture

Customer Site

CE Router

PE Router

Customer VRF

Encapsulation Tunnel

OpenStack Cloud Manager

ContrailController

Copyright 2015 Blue Chip Tek

UnderlaySwitch

vRouter

ControlNode

ControlNode

UnderlaySwitch

vRouterVM VM

IBGP

XMPP

MPLS over GRE or VXLAN

ConfigNode

Orchestrator

AnalyticsNode

SDN System

Contrail

P PPE PE

RouteReflector

RouteReflector

CECE

IBGP

IBGP

MPLS over MPLS

Network Management System (NMS)

DMI

MPLS L3VPN / E-VPNGateway

BGP

Copyright 2015 Blue Chip Tek

Contrail Abstraction ArchitectureOrchestration, AutomationOpen source and partner ecosystem of orchestratorsAPI and SDK for integration with OSS / BSS

OSS

Virtual Network OverlayOverlay encapsulation implemented in hypervisorMulti-tenancy for private and virtual public cloudsGateway functions - connect to virtual to physical networkService chaining (physical and virtual)

Physical NetworkInteroperability with traditional network devicesAny-to-any non-blocking low-latency fabric: Q-Fabric or Clos

Control Plane - Physical, VirtualOpen, standards-based, federated controllerScalable and resilient

Control Plane

Configuration modelAutomation

Control Plane Control Plane

Policies and requests

AnalyticsDistributed collectionGlobal viewConsolidationAggregation

State and status

Copyright 2015 Blue Chip Tek

Contrail Components

Physical Network(no changes)

Collector

OPENCONTRAIL CONTROLLER

ControlConfiguration

Physical Host with Hypervisor

vRouter

VM VM VM VM

Physical Host with Hypervisor

vRouter

VM VM VM VM

WAN, Internet

Gateway

Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine

collects, stores and analyzes network elements

Interacts with network elements for VM network provisioning and ensures uptime

vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node

Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance

Copyright 2015 Blue Chip Tek

Scale Out, Highly Available Architecture

ConfigurationNodes

ControlNodes

CollectorNodes

IF-MAP

REST REST

XMPP

BGP

BGP, Netconf

vRouters Gateways

BGP

Logically Centralized(Physically Distributed)

Horizontally Scalable

Highly Available(Active-Active)

Federated

9 Copyright © 2013 Juniper Networks, Inc. www.juniper.net

CONTRAIL FEATURES BY RELEASE

Copyright 2015 Blue Chip Tek

Sept 2014 (Rel 1.1)RELEASED

Feb/June 2015 (Rel 2.1 & 2.2)RELEASED

Late 2015Dec 2014 (Rel 2.0)RELEASED

CONTRAIL FEATURES BY RELEASE

NETWORK

Multiple L3 service chaining Route Target Filtering Allowed Address Pair Extn. Multiple Subnets/VN Syslog Integration Policy Logging QoS – rate limiting per VM

Contrail OpenStack – Havana OpenStack HA Neutron v2 API’s Per Tenant Quota for Neutron Piston OpenStack 3.5

SERVICES, INFRA, APIs

COMPUTE

Server Mgmt/Provisioning – CLI Cinder/Swift/Ceph – storage

mgmt DKMS Support - Ubuntu vRouter –Simple GW (for EFT’s)

IPv6 – overlay (w. DHCP) Source NAT (CLI only)

IBM CO 2.4 - POC Contrail OpenStack – Icehouse Contrail NW w/ Juno – beta OpenStack Heat Template

support

Server Mgmt / Provisioning-UI Ubuntu 14.04 LTS, OIL interop RHEL 7/RHOS 5.x integ ESXi workloads (vRouter,

OpenStack)

OVSDB/VXLAN – ToR QoS – marking Control plane sec (auth) FWaaS API Support MX/vMX - VRF config via Netconf DPDK Integration with ESXi (beta) LBaaS API Support Underlay/overlay correlation

Contrail NW OpenStack – Juno/Kilo Contrail Cloud - Juno Keystone v3 API’s RBAC – Admin UI Server Monitoring Integration with IBM CO2.4 OpenStack Ceilometer, Heat

Service auto-scaling w/SSP Openstack – vCenter API’s vRouter performance w/ DPDK vRouter SW Gateway – Ph2 Docker with OpenStack PNF Service Chaining

BGP flowspec QoS - queuing Overlay ping/traceroute EVPN/VXLAN - QFX w/Netconf EVPN/VXLAN – QFX/MX w/XMPP IPv6 service chaining vRouter as distr FW Multiple L3 interfaces IPv6-Floating IP, NAT 6-4

Smart NIC (vRouter in NIC) SCG – Netconf, TLB P+V Service Chaining

Contrail Cloud – Kilo Multiple AZ’s VM affinity / anti-affinity groups Control plane (encrypt XMPP)

vRouter

Copyright 2015 Blue Chip Tek

Compute Node – Hypervisor/Container with vRouter

Compute Node

VirtualMachine

(Tenant B)

VirtualMachine

(Tenant B)

vRouter Forwarding Plane

VirtualMachine

(Tenant A)

Routing Instance

(Network X)

Routing Instance

(Network Y)

Routing Instance

(Network Z)

vRouter Agent

Flow Table

FIB

Flow Table

FIB

Flow Table

FIB

Overlay tunnelsMPLS over GRE or VXLAN

JUNOSV CONTRAIL CONTROLLERCONTRAIL CONTROLLER

XMPP

Eth1Kernel

pkt0

UserEth0 EthN

Config

VRFs Policy Table

Top of Rack Switch

XMPP

• vRouter is replaces the Linux Bridge or OVS module in Hypervisor Kernel

• vRouter performs bridging (E-VPN) and routing (L3VPN)

• vRouter performs networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing

• No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT

• Routes are automatically leaked into the VRF based on Policies

• Support for Multiple Interfaces on the Virtual Machines

• Support for Multiple Interfaces from Compute Node to the Switching Fabric

Tap Interfaces (vif)

Copyright 2015 Blue Chip Tek

Compute Node – Forwarding/Tunneling

VIRTUAL

PHYSICAL

Overlay tunnelsMPLS over GRE or VXLAN

Compute Node

vRouter Forwarding Plane

VirtualMachine(VN-IP1)

Routing Instance

Flow Table

FIB

Eth1 (Phy-IP1)

Tap Interfaces (vif)

Compute Node

vRouter Forwarding Plane

VirtualMachine(VN-IP2)

Routing Instance

Flow Table

FIB

Eth1 (Phy-IP2)

Tap Interfaces (vif)

Virtual-IP2

Payload

Virtual-IP2

Payload

MPLS / VNI

Phy-IP2

Virtual-IP2

Payload

Virtual-IP2

Payload

MPLS / VNI

Phy-IP2

Control Plane and Route Distribution

Copyright 2015 Blue Chip Tek

Contrail – control node• Control Plane Nodes federate using BGP

• Each vRouter uses XMPP to connect with multiple Control Plane nodes for redundancy

• All Control Plane Nodes are active active

• Each Control Plane Node connects to multiple configuration nodes for redundancy

• BGP is used to connect with Physical Gateway Routers or Services Nodes

• Control Nodes can run different software versions for test-before-deploy and live upgrades

Configuration Node

Configuration Node

IF-MAP

Compute Node Compute Node

XMPP

Control Node

"BGP module"

Proxies (ARP, DHCP, ..) XMPP

IF-MAP Client Control Node

Control Node

IBGP

Gateway Routers

Service Nodes

Configuration Node

Copyright 2015 Blue Chip Tek

configuration node

1. API Server provides Northbound REST Interface – Orchestration System provisions using this API service

2. DHT/NoSQL Database is used for Persistence and High Availability of Configuration

3. Schema Transformer “compiles” the high level data model to low level model for vRouter, Service Nodes, and Gateway Routers

4. IF-MAP is used to represent the data-model – Control Nodes subscribe to the subset of configuration

Configuration Node

REST API Server

Schema Transformer

Orchestrator(OpenStack)

REST

DHT DB

IF-MAPserver

Configuration Node

Control Node

ControlNode

IF-MAP

Distributed Synchronization

Configuration Node

DHT DB

DHT DB

Message Bus

Non-OpenStack Use Cases

19 Copyright © 2013 Juniper Networks, Inc. www.juniper.net

GATEWAY USE CASES

Contrail domain

Contrail

MX-Seriesrouter

Peering point

Remote datacenter

Datacenter

Hardware device (firewall/load balancer)

VMware clusters, physical servers

Other Contrail domains

Contrail

Internet Gateway

Datacenter Interconnect

Inter-Domain Gateway

Inter-Network Gateway

Appliance Insertion

Internet

Contrail

Copyright © 2014 Juniper Networks, Inc. 20

VMware Integration

Copyright © 2014 Juniper Networks, Inc. 21

Physical Server Integration with OVSDBToR Service Node

ToR Agent

OVSDBClient

ToR Agent

OVSDBClient

vRouter Forwarder

ToR Control Agent

OVSDB

OVSDB

XMPP

VM

Server

Hypervisor

VM with interface in Green VRF

Green VRF in vRouter

OVSDBOVSDB

Host OS

Host OS Host OS

VM

Contrail Controller

OpenStack

Control PlaneRoute exchange using XMPP

and OVSDB Broadcast TrafficDHCP, DNS, ARP in VXLAN

tunnels to TSN

Switches have VTEPs and runs OVSDB

Hosts connected to VTEPs directly or via VLAN

Data PlaneVXLAN tunnels between vRouters

and physical switch VTEPs

OpenStack/Contrail Domain Physical Servers

22 Copyright © 2013 Juniper Networks, Inc. www.juniper.net

CONTRAIL PACKAGING

23 Copyright © 2015 Juniper Networks, Inc. www.juniper.net

OPEN CONTRAIL

Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper.

Same features and scaling as commercial versionUses proven stable standards. Production-Ready.

Permissive license Apache 2.0

Integrated into open source virtualization stacksOpenStack, CloudStack

24 Copyright © 2015 Juniper Networks, Inc. www.juniper.net

COMMERCIAL PRODUCTS

Contrail Cloud Reference Architecture

Contrail CloudContrail Networking

Cloud Orchestration Server Management Distributed & Scale-out Storage Compute Orchestration

+ Contrail Networking

Integrated Cloud PODs Reference Architecture – PODs Integrated Management

+ Contrail Openstack

Cloud Networking Network Virtualization Virtualized Network Services Multiple Orchestration

Support Openstack, VMware ESXi,

vCenter, IBM CO

INCREASING LEVELS OF INTEGRATION

Copyright 2015 Blue Chip Tek

Contrail Reference Architecture

• What are the physical components?• What are the common choices?

Copyright 2015 Blue Chip Tek

Physical components (minimal)

Copyright 2015 Blue Chip Tek

Physical components (typical)

Copyright 2015 Blue Chip Tek

Server options – 4-nodes in 2RU

• Minimal:Infrastructure node / jumphost Compute / Storage nodeCloud / Contrail controller Compute / Storage node

Compute / Storage node Compute / Storage nodeCloud / Contrail controller Cloud / Contrail controller

• Our recommendation:Infrastructure node / jumphost Compute nodeCloud / Contrail controller Storage node

Compute node Compute nodeCloud / Contrail controller Storage node

Compute node Compute nodeCloud / Contrail controller Storage node

Copyright 2015 Blue Chip Tek

Network details

• Servers need a minimum of three connections• IPMI• Management network• Data network – can use multiple NICs for LAG / MLAG

connections• Layer 3 CLOS or VXLAN topology for data network• Data network can be one QFX switch, a virtual chassis, or

pair of discrete switches• Adding an MX router is optional

Copyright 2015 Blue Chip Tek

Any questions before we dive into the

demo?