OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014

1,357 views

Published on

Ankur Singla presents OpenContrail @ OpenStack Days Event in Tokyo Japan - February 13, 2014

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,357
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
79
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Networking has barely evolved beyond CLI for managing systems. It seems like the innovations like Web 2.0 and System Simplifications never really made it to Network Management Systems of today.
  • Answer to every problem has been to build a bigger networking system..
  • Everything equates to a box – I can imagine Checkpoint Firewall and F5 Load Balancer as a box, but even Infoblox delivers a box for IPAM and DNS. It’s a symptom of our industry and not an issue of the technology. Its easier to sell a System.
  • Physical Devices like Load Balancers, Firewalls, etcLimitations of VLANs and Policy Enforcement on the Physical Switching and Routing Infrastructure
  • Network Virtualization that seamlessly ties in Compute and Storage VirtualizationThe Physical Network is a pure Transport Network and Edge
  • Physical Devices like Load Balancers, Firewalls, etcLimitations of VLANs and Policy Enforcement on the Physical Switching and Routing Infrastructure
  • Managing L2 Networks is painful – for example, Multi-chassis LAG in order to avoid STP related link utilization issues CLOS network is nearly impossible to build and manage with traditional L2 approach
  • VLANs cannot span L3 boundaries or need to pull L2 all the way to Core network
  • With traditional VLAN based approach, there is a challenge with Overlapping Address space for tenants/applications
  • Enabling VRFs require expensive Hardware in the Spine and/or Core layer
  • CLOS Networks are becoming very common for full cross-section bandwidth across the entire clusterNo Layer-2 in the Underlay Netowrk
  • Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time.
  • Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time.
  • Enterprise can avail compute and storage capacity on-demand from SP-IaaS and Virtual Private Cloud providers. Virtual Networks can be seamlessly orchestrated to enable secured segmentation of resources.SP L3VPN customers can extend their private enterprise network into IaaS networks seamlessly. Service Chaining can be instrumented to insert services like FW, Load-balancing, IPS or DDoS mitigation etc. in a horizontally scalable way.Fast provisioning and end to end automation can make business agile with lower response time.
  • OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014

    1. 1. OPENSTACK DAYS TOKYO, FEB ‘14 Juniper Restricted Confidential - Do not distribute externally
    2. 2. ISSUES FROM VENDOR VIEWPOINT 2 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    3. 3. LOST DECADE OF NETWORKING 2001 2011 … cool new logos 3 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    4. 4. THE RAGE OF 2011-2013 Solution looking for a problem ….. …. and it did find a few interesting ones 4 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    5. 5. WHAT ARE THE REAL PROBLEMS… CONFIGURED, MA NAGED Whatever happened to Web2.0? 5 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    6. 6. WHAT ARE THE REAL PROBLEMS… SCALE-UP SYSTEMS Cloud? Scale-out? …. 6 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    7. 7. WHAT ARE THE REAL PROBLEMS… HARDWARE SERVICES Virtualization? Orchestration? 7 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    8. 8. WHAT ARE THE REAL PROBLEMS… LOW VISIBILITY Big Data? Analytics? …. 8 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    9. 9. NETWORKING PROBLEMS IN A NUTSHELL CONFIGURED, MA NAGED POOR MANAGE-ABILITY SCALE-UP SYSTEMS INFLEXIBLE SYSTEMS HARDWARE SERVICES HARDWARE CENTRIC LOW VISIBILITY 9 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    10. 10. ISSUES FROM CUSTOMER VIEWPOINT 10 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    11. 11. DATA-CENTER CHALLENGES Admin Config Centralized Management & Control, Policy provisioning LOAD BALANCER LOAD BALANCER MARKETING HR FINANCE FIREWALL FIREWALL VIRTUALIZED VLANS VLANS FINANCE Physical Servers HR Local Hard MARKETING Drives Network Virtualization and Centralized Services Management 13 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    12. 12. DATA CENTER CHALLENGES SCALABILITY PROGRAMABILITY No programmatic API at the network level for integrated orchestration SERVICE INSERTION Appliance-based network functions limits service velocity INTER-CLOUD ORCHESTRATION 14 Tying per-tenant information to physical network restricts scale Inability to orchestrate multicloud/hybrid cloud environments Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    13. 13. SERVICE PROVIDER NETWORK CHALLENGES PCRF Scalable Virtual Service on x86 MOBILE EDGE Services – Firefly, Web App Secure, Ddos Secure, vSA FW – IPS – PDF – DDoS SP DATACENTER SGSN / MME CACHING Mobile Edge GGSN / P-GW BROADBAND EDGE Business Edge BUSINESS EDGE Service Load Balancing DPI L3VPN-ENABLED SLB SP CORE/BACKBONE Service Load Core / Balancing Backbone Private networks FW Broadband Edge BRAS/VPN Edge SBC Scalable Virtual Service on x86 Dynamic Service Provisioning, Scaling; Service Chaining Media Gateway FW – IPS – PDF – DDoS NFV: Virtualized Network Services with Centralized Management & Orchestration 17 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    14. 14. SERVICE PROVIDER CHALLENGES SCALABILITY PROGRAMABILITY No programmatic API at the network level for OSS/BSS Agility & Automation SERVICE INSERTION Appliance-based network functions limit service velocity DISTRIBUTED, MULTIVEN DOR SYSTEM 18 Very Large Number of Network Applications, Services, Subscribers Challenges in orchestration of distributed cloud built using multivendor hardware and software Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    15. 15. NETWORK VIRTUALIZATION TECHNIQUES FOR OPENSTACK 19 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    16. 16. LEGACY DC - L2/VLAN BASED APPROACH L3 L3 L2/L3 L2/L3 L2/L3 L2/L3 Multi-Chassis LAG TRUNK L2 Switch L2 Switch ToR L2 L2 L2 L2 L2 L2 L2 L2 VMs Servers 20 Copyright © 2013 Juniper Networks, Inc. L2 Switch L2 Switch ToR Juniper Restricted Confidential - Do not distribute externally. L2 L2 L2 L2
    17. 17. LEGACY DC - LIMITED VLAN SPAN L3 L3 Routing & Filtering between VLANs Routing & Filtering between VLANs FW No VLANs Across L3 L2/L3 L2/L3 L2/L3 FW L2/L3 LB LB Multi-Chassis LAG TRUNK L2 Switch L2 Switch ToR L2 L2 L2 L2 L2 L2 L2 L2 VLAN Span Limit 21 Copyright © 2013 Juniper Networks, Inc. L2 Switch L2 Switch ToR Juniper Restricted Confidential - Do not distribute externally. L2 L2 L2 L2
    18. 18. LEGACY DC - NO MULTI-TENANCY L3 FW L2/L3 L2/L3 L3 L2/L3 Single Routing Table (No support for overlapping multi-tenant space) LB FW L2/L3 LB Multi-Chassis LAG TRUNK L2 Switch L2 Switch ToR L2 L2 L2 L2 L2 L2 L2 L2 VMs VLAN Span Limit 22 Copyright © 2013 Juniper Networks, Inc. L2 Switch L2 Switch ToR Juniper Restricted Confidential - Do not distribute externally. L2 L2 L2 L2
    19. 19. LEGACY DC - MULTI-TENANCY WITH VRF Tenant Specific HW Appliance Services L3-MPLS L3-MPLS FW LB FW LB MPLS – Enabled links FW LB FW LB L2/L3 -MPLS L2/L3 -MPLS FW LB L2/L3 -MPLS L2/L3 -MPLS VRF for multi-tenant isolation Tenant-VRF FW LB Tenant-VRF Multi-Chassis LAG TRUNK L2 Switch L2 SwitchToR L2 L2 L2 L2 L2 L2 L2 L2 VLAN Span Limit 23 Copyright © 2013 Juniper Networks, Inc. L2 Switch L2 Switch ToR Juniper Restricted Confidential - Do not distribute externally. L2 L2 L2 L2
    20. 20. CLOUD DC – ECMP CLOS NETWORK L3 L3 L3 External Network L3 L3 L3 ToR L2-SW 24 L3 L3 ToR L2-SW L2-SW L2-SW L2-SW Copyright © 2013 Juniper Networks, Inc. Servers VXLAN L2-SW L2-SW L3 L3 ToR L3 ToR L2-SW L2-SW Juniper Restricted Confidential - Do not distribute externally. L2-SW L2-SW L2-SW
    21. 21. CLOUD DC - TYPICAL L2 OVERLAY L3 L3 Hypervisor Switch performs L2 forwarding L3 Separate VM does L3 Routing and NAT External Network External Network L3 L3 L3 ToR L3 L3 ToR VXLAN L3 L3 ToR L3 ToR VXLAN L2-SW VXLAN L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW L2-SW Servers 25 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally. L2-SW L2-SW L2-SW
    22. 22. CLOUD DC - CONTRAIL L2/L3 OVERLAY = multi-tenant VRF L3 L3 L3 Hypervisor vRouter handles L2/L3 External Network Hypervisor vRouter performs NAT L3 L3 L3 ToR vRouter L2/L3 L3 ToR vRouter L2/L3 Servers 26 L3 vRouter L2/L3 vRouter L2/L3 vRouter L2/L3 Service Insertion Copyright © 2013 Juniper Networks, Inc. L3 L3 ToR L3 ToR vRouter L2/L3 vRouter L2/L3 vRouter L2/L3 vRouter L2/L3 Service Insertion Juniper Restricted Confidential - Do not distribute externally. vRouter L2/L3 vRouter L2/L3 vRouter L2/L3
    23. 23. CONTRAIL NETWORK VIRTUALIZATION 27 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    24. 24. ROLE OF CONTRAIL IN OPENSTACK ENVIRONMENT Openstack Nova APIs Neutron APIs Cinder/Switft APIs Contrail Virtual Machine vRouter Physical Switches Server Service Nodes Gateway Router vSRX, F5 … Internet 28 VPN Copyright © 2013 Juniper Networks, Inc. DCI WAN Juniper Restricted Confidential - Do not distribute externally.
    25. 25. PHYSICAL DATACENTER TOPOLOGY VIEW Network Gateway Router Gateway Router No VM IP information in the Underlay Network BGP Spine Switch Spine Switch Spine Switch L3 ECMP OSPF/BGP L3 Leaf Switch Leaf Switch Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor Control Node Control Node Hypervisor Hypervisor Hypervisor Hypervisor Config Node (Openstack) (Cloudstack) Config Node (Openstack) (Cloudstack) Analytics Node Analytics Node WebUI Node WebUI Node Compute & Storage Rack 29 Leaf Switch Leaf Switch Hypervisor Hypervisor Hypervisor Hypervisor L2, L3 Leaf Switch Leaf Switch Compute & Storage Rack Copyright © 2013 Juniper Networks, Inc. Leaf Switch Leaf Switch Optional Redundancy Orchestration & Services Racks Juniper Restricted Confidential - Do not distribute externally.
    26. 26. CONTRAIL NETWORKING STACK Customer OSS/BSS Openstack Cloudstack REST APIs (Configuration, Operational, and Analytics) Analytics Engine Analytics Engine Analytics Engine Configuration Nodes Control Plane Compute Node (Virtual Router) 30 Copyright © 2013 Juniper Networks, Inc. Control Plane Gateway Node (MX, EX/QFX, ...) Control Plane Service Nodes (SRX, F5, ...) Juniper Restricted Confidential - Do not distribute externally.
    27. 27. CONTRAIL NETWORKING FEATURES NAT, Routing, Switching Load Balancing Security Services 3rd Party Network Srvc Physical or Software GW 31 IPAM, Virtual DNS Rich Analytics Service Chaining High Availability API Services Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    28. 28. SOLUTION OVERVIEW Customer L3VPN Dashboard Public Internet (ISP-1) Public Internet (ISP-2) Console V R F Service Appliance Management, Configuration, Orchestration, Analytics V R F PE Router (Juniper MX, Cisco ASR9K) with L3VPN/ VRF Support V R F vRouter Agent Contrail Virtual Network Controller CM CP CM CP Service Appliance Contrail SW Gateway Service Appliance with L3VPN/VRF Support (Juniper SRX, etc) CM CP vRouter Agent AS CP Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc) Gateway Service Applications & Services (AS) Configuration Management (CM) Control Plane (CP) Host Agent VRouter(Data Plane) 32 32 vRouter Agent VM VM VM vRouter vRouter Agent vRouter Agent VM VM Bare Metal Linux/Windows Juniper Restricted Confidential - Do not distribute externally. C O N F I D E N T I AL – D O N O T VIRTUAL NETWORK A VIRTUAL NETWORK B VM Virtualized Servers (Hypervisor) Copyright © 2013 Juniper Networks, Inc. vRouter D I S T R I B U T E VIRTUAL NETWORK C
    29. 29. SOLUTION OVERVIEW – CONTROL & MGMT PLANE Customer L3VPN Dashboard Public Internet (ISP-1) Public Internet (ISP-2) Console V R F Service Appliance Management, Configuration, Orchestration, Analytics V R F PE Router (Juniper MX, Cisco ASR9K) with L3VPN/ VRF Support V R F vRouter Agent Contrail Virtual Network Controller CM CP Contrail SW Gateway Service Appliance with L3VPN/VRF Support (Juniper SRX, etc) BGP/Control, Netconf/Mgmt CM CP CM CP Service Appliance AS CP vRouter Agent XMPP (Control, Mgmt) Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc) Gateway Service Applications & Services (AS) VIRTUAL NETWORK A Configuration Management (CM) Control Plane (CP) Host Agent vRouter Agent VM VM VM vRouter vRouter Agent vRouter Agent VM VM vRouter VIRTUAL NETWORK B VM Virtualized Servers (Hypervisor) Bare Metal Linux/Windows VRouter(Data Plane) 33 33 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally. C O N F I D E N T I AL – D O N O T D I S T R I B U T E VIRTUAL NETWORK C
    30. 30. SOLUTION OVERVIEW – DATA PLANE Customer L3VPN Dashboard Public Internet (ISP-1) Public Internet (ISP-2) Console V R F Service Appliance Management, Configuration, Orchestration, Analytics V R F PE Router (Juniper MX, Cisco ASR9K) with L3VPN/ VRF Support V R F vRouter Agent Contrail Virtual Network Controller CM CP CM CP Service Appliance Contrail SW Gateway Service Appliance with L3VPN/VRF Support (Juniper SRX, etc) Dynamically Insert Services (Physical & Virtual) CM CP Route Across/within VNs (L3VPN) Bridge within VNs (EVPN) AS CP vRouter Agent Contrail SW Gateway- L2 Service Appliances (F5 Load Balancer,etc) Gateway Service VIRTUAL NETWORK A Applications & Services (AS) Configuration Management (CM) Control Plane (CP) Host Agent vRouter Agent VM VM VM vRouter vRouter Agent vRouter Agent VM VM vRouter VIRTUAL NETWORK B VM Virtualized Servers (Hypervisor) Bare Metal Linux/Windows VRouter(Data Plane) 34 34 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally. C O N F I D E N T I AL – D O N O T D I S T R I B U T E VIRTUAL NETWORK C
    31. 31. DEMO OVERVIEW 35 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.
    32. 32. DEMO – PHYSICAL TOPOLOGY LAB NETWORK MX-80 MX-80 OSPF EX-4500 EX-4500 EX-4500 OSPF L3 Leaf Switch L2, L3 Leaf Switch Hypervisor Hypervisor Hypervisor Compute & Storage Rack 36 Hypervisor Hypervisor Compute & Storage Rack Copyright © 2013 Juniper Networks, Inc. Leaf Switch Leaf Switch Control Node Config Node Openstack Srvcs Control Node Analytics Node Openstack Srvcs Orchestration & Services Racks Juniper Restricted Confidential - Do not distribute externally.
    33. 33. DEMO – LOGICAL TOPOLOGY LAB NETWORK Dashboard Console V R F Management, Configuration, Orchestration, Analytics V R F V R F V R F CM CP AP V R F MX-80 MX-80 Controller Nodes V R F MPLSoGRE, VXLAN BGP CP XMPP MPLSoUDP, VXLAN vRouter Agent VM vRouter Agent VM VM VM vRouter Agent VM VM vRouter Agent VM Compute Nodes 37 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally. VM vRouter Agent VM VM
    34. 34. OPEN CONTRAIL Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper. Same features and scaling as commercial version Uses proven stable standards. Production-Ready Permissive license Apache 2.0 (Controller), GPL (vRouter) Integrated into open source virtualization stacks OpenStack (production), CloudStack (beta) 38 Copyright © 2013 Juniper Networks, Inc. Juniper Restricted Confidential - Do not distribute externally.

    ×