SlideShare a Scribd company logo

Contrail Enabler for agile cloud services

Juniper Networks (日本)
Juniper Networks (日本)

2014/9/11 に開催しましたOpenContrail Meet-upでの弊社上野(Distinguished Engineer, SDN Team, Juniper Networks, Inc.)のセッション資料です。 ぜひ、ご覧ください。

Technology
1 of 71
Download to read offline
CONTRAIL ENABLER FOR AGILE CLOUD SERVICES OpenContrailMeetup NUENO@JUNIPER.NET DISTINGUISHED ENGINEER / SDN TEAM Nachi Ueno
This statement of direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or function depicted in this presentation
ENTERPRISE DC EVOLUTION (ITAAS) TRADITIONAL VIRTUALIZATION LB Policies ACLs FW, IPS Policies Sec. Device LB Device Switches Physical Servers Router Standalone Applications (Dedicated Resources) End-user Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Manual device config Custom Policy Config Deployment knowledge Admin Virtual Machines VLANs vSecurity LB Policies ACLs VLAN Config Security Policies Router End-user Standalone Application (Virtualized Resources) Admin vLB VM Orchestrator Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Manual device config Custom Policy Config Deployment knowledge
CLOUD CLOUD-ENABLED DATA CENTER Sub-Optimal Device Utilization Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Large, Manual Device Config Custom / Complex Policy Config Specialized deployment knowledge Evolving Applications (on Resource Pool) External Cloud Based Resources Virtualized Resource Pools Resources Across Data Centers No ACLs End-user Orchestrator / Controller All Policies (incl. ACLs) Virtual Network Virtual Network Compute Storage LB Security Admin
NFV: NETWORK EDGE SECURITY Network Function Virtualization Scalable Virtual Service on x86 Scalable Virtual Service on x86 Private networks SP DATACENTER BRAS/VPN Edge FW –IPS –PDF –DDoS FW –IPS –PDF –DDoS Service Load Balancing Service Load Balancing L3VPN-ENABLED SP CORE/BACKBONE BUSINESS EDGE Internet BROADBAND EDGE MOBILE EDGE Dynamic Service Provisioning, Scaling; Service Chaining Security Services –Firefly, Web App Secure, DdosSecure, vSA Centralized management/orchestration Software abstraction from physical infra Edge delivery of virtualized security services (Firefly, DdosSecure, Web App Secure, vSA
FLEXIBLE AND DYNAMIC CHAINING OF SERVICES Host + Hypervisor Host + Hypervisor VIRTUAL NETWORK GREEN VIRTUAL NETWORK YELLOW Service A Service B IP fabric(switch underlay) A C B G1 G2 G3 G1 G2 G3 Y1 Y2 Y3 Y2 Y3 Y1 VM and virtualized Network function pool VM and virtualized Network function pool … … LOGICAL PHYSICAL Service C
L3VPN SELF-SERVICE ENTERPRISE SERVICE CLOUD CUSTOMER A (Branch Office) VPN SITE 1 CUSTOMER B (Branch Office) VPN SITE 2 CUSTOMER A (HQ) VPN SITE 2 CUSTOMER B (HQ) VPN SITE 1 Self-service portal with quick (< 5 min) network provisioning Service automation SLA-based ‘As-a-Service’ model for services Elastic architecture with service Scale-out Standard Protocols to connect SP customer to service SLB FW UTM CDN WAN OPT SP Service Cloud Quick, Self-Service
INTERCONNECT W/ EXISTING INFRASTRUCTURE Contrail enables customers to use their legacy infrastructure for legacy apps, and expand to cloud-architectures for newer apps. VLAN -A VLAN -B VLAN -C VLAN -D Front-End Tier Back-End Tier EXISTING/ LEGACY INFRASTRUCTURE CLOUD INFRASTRUCTURE Back-End Front-End Security Tier LB Tier CONTRAIL CONTROLLER Security LB Gateway Contrail enables enterprises to continue using legacy investments and infrastructure. Can extend portions of the network or the entire infrastructure and be able to run new cloud-based as well as legacy applications
TECHNOLOGY OVERVIEW
VIRTUAL NETWORKS VIRTUALIZED SERVICES THE NEW NETWORK –BUILDINGBLOCKS GATEWAYS NETWORK AND PACKET POLICY PROVIDED BY OPEN BGP VPN TECHNOLOGIES NETWORK POLICY FOR TOPOLOGY AND PACKET FOR TRAFFIC CONTROL NETWORK FUNCTIONS AND SERVICES STITCHED TO TOPOLOGY CONNECTS VIRTUAL AND PHYSICAL DOMAINS
WHAT IS NETWORK VIRTUALIZATION •Independent of Physical Network Location or State –Logical Network across any server, any rack, any cluster, any data-center –Virtual Machines can migrate without requiring any reworking of security policies, load balancing, etc –New Workloads or Networks should not require provisioning of physical network –Nodes in Physical Network can fail without any disruption to Workload •Full Isolation for Multi-tenancy and Fault Tolerance –MAC and IP Addresses are completely private per tenant –Any failures or configuration errors by tenants do not affect other applications or tenants –Any failures in the virtual layer do not propagate to physical layer
THE IMPORTANCE OF ABSTRACTION BMSR4 OpenStack ContrailController Neutron Nova VMG1 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW PHYSICAL TOPOLOGY Complex •Low level of abstraction •Many vrouters •Many routing-instances •Many tunnels •Many routes Complex to configure Complex to troubleshoot JunosSpace
CONTRAIL –VIRTUALIZED & AUTOMATED NETWORK CONTROL PLANE, MANAGEMENT PLANE NETWORK PROGRAMMABILITY ENABLING NFV (NETWORK FUNCTION VIRTUALIZATION) VIRTUALIZED NETWORK SERVICES INTEROPERABILITY WITH PHYSICAL NETWORK NETWORK VIRTUALIZATION (PRIVATE, HYBRID) CONVERGED NETWORK ORCHESTRATION AUTOMATION, ANALYTICS
CONTRAIL PHILOSOPHY1 L3
L3 L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L3 L3 L3 L3 L3 CLOUD DC -CONTRAIL L2/L3 OVERLAY vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter Hypervisor vRouter handles L2/L3 Hypervisor vRouter performs NAT = multi-tenant VRF Service Insertion Service Insertion External Network Servers
CONTRAIL PHILOSOPHY2 Fault tolerance via Idempotence
RPC NIGHTMARE Compute Node Network Node Scheduler API Do we need Distributed transaction manager…. ?
STATE SYNCHRONIZATION Controller Agent Full Sync Full Sync Diff Check local State & Apply diff
BGP router router Update Withdraw Check local State & Update state
IFMAP Server Clinet Poll Update Check local State & Update state
Data Model
Network Subnet Subnet Port VM Port VM Router Network Subnet Network Policy Subnet Service Instance
CONTRAIL BUILDING BLOCKS
CONTRAIL & OPENSTACK COMPONENTS Horizon UI Contrail Web UI Nova (Compute Orchestration) Neutron Plugin Compute Node Storage Keystone (Identity / Access Mgmt) Cinder (Block Storage) Swift (Object Storage) Nova Agent ContrailAgent Contrail Config Contrail Control vRouter Operator User Logs in, Create tenant (projects), Create IPAM, Create virtual network, Launch VMs VM Get VM Image to spawn API Srvr Scheduler … Select Compute node to spawn VM Info to spawn VM Hypervisor VM Spawned Block Storage Assignment Xen Bi-directional message bus (XMPP interaction) Launch VM Network related interaction Get virtual network info DHCP Plug (Tap interface, Instance ID, ..) Glance (Image Server) Authentication, etc.
ROLE OF CONTRAIL IN INTEGRATED STACK Service Nodes Internet VPN DCI WAN Gateway Router JunosVContrail Orchestrator Compute APIs Storage APIs Network APIs Server Virtual Machine vRouter Physical Switches vSRX, F5 …
CONTRAIL SOLUTION OVERVIEW OpenContrail Controller Configuration Analytics Control Server VM VM VM Server VM VM VM IP fabric(underlay network) Juniper Qfabric/QFX/EX or 3rdparty underlay switches Juniper MXor 3rdparty gateway routers Tenant VMs BGPFederation BGPClustering Contrail Controller REST XMPP CONTROLLER Control Orchestrator XMPP BGP + Netconf Contrail vRouter(L2 & L3) on KVM, Xenand ESXi/HyperV/Contrainersand Bare Metal in 2014 2014
CONTRAIL COMPONENTS Physical Network(no changes) Analytics OPENCONTRAIL CONTROLLER Control Configuration Physical Host with Hypervisor vRouter VM VM VM VM Physical Host with Hypervisor vRouter VM VM VM VM WAN, Internet Gateway Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine collects, stores and analyzes network elements Interacts with network elements for VM network provisioning and ensures uptime vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance TODAY 2014
OPENSTACK INTEGRATION Horizon Nova API Compute Driver Virtual-IF Driver Nova Compute Contrail Agent vRouter(kernel) Virtual Router Nova Scheduler Neutron Driver Neutron Plugin Configuration Node Control Node 1 Create an Instance (VM Info, Network, IPAM, Policies, etc) 2 Schedule an Instance on the Compute Node 3 VM Network Properties 4 Create VM Interface 6 Publish VM Intfon IFMap 5 Add Port 7 VM Interface Configover XMPP Scripts
CONTRAIL STACK -VROUTER Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
COMPUTE NODE –HYPERVISOR, VROUTER Compute Node VirtualMachine(Tenant B) VirtualMachine(Tenant C) VirtualMachine(Tenant C) vRouterForwarding Plane VirtualMachine(Tenant A) Routing Instance(Tenant A) Routing Instance(Tenant B) Routing Instance(Tenant C) vRouterAgent Flow Table FIB Flow Table FIB Flow Table FIB Overlay tunnelsMPLS over GRE or VXLAN JUNOSV CONTRAIL CONTROLLER JUNOSV CONTRAIL CONTROLLER XMPP Eth1 Kernel Tap Interfaces (vif) pkt0 User Eth0 EthN Config VRFs Policy Table Top of Rack Switch XMPP •vRouteris replaces the Linux Bridge or OVS module in Hypervisor Kernel •vRouterperforms bridging (E-VPN) and routing (L3VPN) •vRouterperforms networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing •No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT •Routes are automatically leaked into the VRF based on Policies •Support for Multiple Interfaces on the Virtual Machines •Support for Multiple Interfaces from Compute Node to the Switching Fabric
COMPUTE NODE –FORWARDING/TUNNELING Overlay tunnelsMPLS over GRE or VXLAN Compute Node vRouterForwarding Plane VirtualMachine(VN-IP1) Routing Instance Flow Table FIB Eth1 (Phy-IP1) Tap Interfaces (vif) Compute Node vRouterForwarding Plane VirtualMachine(VN-IP2) Routing Instance Flow Table FIB Eth1 (Phy-IP2) Tap Interfaces (vif) VIRTUAL PHYSICAL Virtual-IP2 Payload Virtual-IP2 Payload MPLS / VNI Phy-IP2 Virtual-IP2 Payload Virtual-IP2 Payload MPLS / VNI Phy-IP2 1.Guest OS ARPs for destination within subnet or default GW 2.VRouter receives the ARP and responds back with VRRP MAC 3.Guest OS sends traffic to the VRRP MAC, Vrouterencapsulates the packet with appropriate MPLS/VNI tag and GRE header 1.Physical Fabric Routers on Physical IP Address 1.Returning packets get forwarded to appropriate Routing Instance by the MPLS/VNI tag 1.VRouterde-capsulates the packet, and forwards it to the Guest OS
CONTRAIL STACK –CONTROL NODE Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
CONTRAIL -CONTROL PLANE NODE Control Node "BGP module" Proxies XMPP ControlNode Control Node Compute Node Compute Node Configuration Node Configuration Node IF-MAP XMPP IBGP IF-MAP Client •All Control Plane Nodes are active active •Each vRouteruses XMPP to connect with multiple Control Plane nodes for redundancy •Each Control Plane Node connects to multiple configuration nodes for redundancy •BGP and Netconfis used to connect with Physical Gateway Routers or Services Nodes •Control Plane Nodes federate using BGP •Control Nodes can run different software versions for test-before-deploy and live upgrades GatewayRouters Service Nodes
CONTROL PLANE –ROUTE DISTRIBUTION 10.1.1.1 10.1.1.2 70.10.10.1 151.10.10.1 10.1.1.2: NH = 151.10.10.1; LBL = 17 10.1.1.1: NH = 70.10.10.1; LBL = 39 10.1.1.1 10.1.1.2 PAYLOAD VRF PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1 PubSrcIP PubDstIP VM VRF PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD PriSrcIP PriDstIP VM IP Network Agent Agent XMPP XMPP Control Node Configuration Node REST/API 10.1.1.2:NH = 151.10.10.1; LBL = 17 10.1.1.1:NH = 70.10.10.1; LBL = 39 (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 Control Plane *Outer MAC header was left out intentionally to reduce clutter 10.1.1.1:NH = 70.10.10.1; LBL = 39 10.1.1.2:NH = 151.10.10.1; LBL = 17 Control Plane IF-MAP
CONTRAIL WITH L3VPN 10.1.1.1 10.1.1.2 70.10.10.1 151.10.10.1 10.1.1.2: NH = 80.20.20.1; LBL = 417 10.1.1.1 10.1.1.2 PAYLOAD VRF PriSrcIP PriDstIP VM VRF PriSrcIP PriDstIP VM IP Network Agent XMPP XMPP Configuration Management DC1 REST/API (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 10.1.1.1 10.1.1.2 PAYLOAD LBL=417 GRE 70.10.10.1 80.20.20.1 PubSrcIP PubDstIP PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 160.20.20.1 151.10.10.1 PubSrcIP PubDstIP PriSrcIP PriDstIP MX MX MPLS IP Network 80.20.20.1 160.20.20.1 Control Plane *Outer MAC header was left out intentionally to reduce clutter 10.1.1.2:NH = 80.20.20.1; LBL = 417 10.1.1.2:NH = 151.10.10.1; LBL = 17 REST/API BGP Control Nodes 10.1.1.1 10.1.1.2 PAYLOAD LBL=217 PriSrcIP PriDstIP MPLS Outer Label Control Plane I-MBGP MX I-MBGP 200.1.1.1 100.1.1.1 10.1.1.2: NH = 80.20.20.1; LBL = 417;RD;RT Configuration Management DC2 Agent BGP Control Nodes MX MX I-MBGP MX 10.1.1.2: NH = 200.1.1.1; LBL = 317;RD;RT 10.1.1.2: NH = 100.1.1.1; LBL = 217;RD;RT 10.1.1.2: NH = 160.20.20.1; LBL = 117;RD;RT 10.1.1.2: NH = 151.10.10.1; LBL = 17;RD;RT 160.20.20.1 80.20.20.1 E-MBGP E-MBGP MX MX 200.1.1.1 100.1.1.1 Service Provider 10.1.1.1 10.1.1.2 PAYLOAD
PACKET FLOW FOR EVPN ON IP NETWORK MAC1 MAC2 70.10.10.1 151.10.10.1 MAC2: NH = 151.10.10.1; LBL = 17 MAC1: NH = 70.10.10.1; LBL = 39 VRF MAC1 MAC2 PAYLOAD SrcMAC DstMAC VM VRF MAC1 MAC2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1 PubSrcIP PubDstIP SrcMAC DstMAC VM IP Network Agent Agent XMPP XMPP BGP Based Control Plane Configuration Management REST/API MAC2:NH = 151.10.10.1; LBL = 17 MAC1:NH = 70.10.10.1; LBL = 39 (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 Control Plane *Outer MAC header was left out intentionally to reduce clutter MAC1:NH = 70.10.10.1; LBL = 39 MAC2:NH = 151.10.10.1; LBL = 17 MAC1 MAC2 PAYLOAD SrcMAC DstMAC
CONTRAIL STACK –CONFIG NODE Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
CONTRAIL –SDN AS A “COMPILER” OrchestrationSystem SDN System Network(Physical and Virtual) South-BoundNetwork Element Interfaces East-WestPeering Interface (BGP) Application2 ApplicationN Applications North-bound APIs Data Model 1 Data Model 2 Data Model M Data Model Extensions Interface 1 Interface 2 Interface K Plug-ins Compilergenerates APIs Compilergenerates APIs
CONFIGURATION NODE Configuration Node REST API Server Schema Transformer Orchestrator(OpenStack) REST DHT DB IF-MAPserver Configuration Node ControlNode ControlNode IF-MAP Distributed Synchronization 1.API Server provides Northbound REST Interface –Orchestration System provisions using this API service 2.DHT/NoSQLDatabase is used for Persistence and High Availability of Configuration 3.Schema Transformer “compiles” the high level data model to low level model for vRouter, Service Nodes, and Gateway Routers 1.IF-MAP is used to represent the data-model – Control Nodes subscribe to the subset of configuration Configuration Node DHT DB DHT DB Message Bus
LOGICAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R PN VMFW Virtual Network Tenant Virtual Machines Virtual Firewall Physical Gateway Router Physical Network (Internet, L3VPN, ...)
PHYSICAL TOPOLOGY OpenStack ContrailController Neutron Nova Virtualized Server Hypervisor with Contrail vRouter Underlay Switches Gateway Router to Internet or L3VPN
MAPPING OF LOGICAL TO VIRTUAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R L3VPN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL
STARTING POINTEMPTY LOGICAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL
CREATE GREEN TENANTCREATE VIRTUAL NETWORK "GREEN" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VN G
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VM G1Attach to VN G Nova: Create VM VMG1
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Neutron: Attach VM to VN Create VM G1Attach to VN G XMPP: Create routing-instance
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VM G2Attach to VN G VMG1 Nova: Create VM VMG2
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Neutron: Attach VM to VN Create VM G2Attach to VN G VMG2 XMPP: Create routing-instance VMG2
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Create VM G2Attach to VN G VMG2 XMPP: Exchange routes Create tunnels VMG2
CREATE GREEN TENANTFORWARDING TABLES AND ENCAPSULATION VMG1 VMG2 IP prefix Nexthop VM G1 Virtual ethernet port to VM G1 Green routing-instance IP FIB VM G2 Push label L2 + GRE encapsto server S2 MPLS label Nexthop L1 Pop + Green routing-instance Global MPLS FIB IP prefix Nexthop Server S2 Physical ethernet port Global IP FIB IP prefix Nexthop VM G1 Push label L1GRE encapsto server S1 Green routing-instance IP FIB VM G2 Virtual ethernet port to VM G2 MPLS label Nexthop L2 Pop + Green routing-instance Global MPLS FIB IP prefix Nexthop Server S1 Physical ethernet port Global IP FIB Inner IP header Payload VM G1 Source IP VM G2 DestIP ... MPLS L2 Label GRE ... Outer IP header Server S1 Source IP Server S2 DestIP Ethernet Server S1 Source MAC Server S2 DestMAC Packet S1 S2
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G Nova: Create VM VMG3
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G VMG3 Neutron: Attach VM to VN XMPP: Create routing-instance
CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G VMG3 XMPP: Exchange routes Create tunnels
CREATE GREEN TENANTEND STATE VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3
CREATE RED TENANTSAME STEPS AS GREEN TENANT VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2
CONNECT GREEN TO RED TENANT VIA FIREWALLCREATE VIRTUAL MACHINE FOR FIREWALL VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 Create VM FWAttach to VN GAttach to VN R VMFW Nova: Create VM VMFW
CONNECT GREEN TO RED TENANT VIA FIREWALLATTACH FIREWALL TO RED AND GREEN VIRTUAL NETWORKS VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 Create VM FWAttach to VN GAttach to VN R VMFW VMFW Neutron: Attach VM to VNs XMPP: Create routing-instance
CONNECT GREEN TO RED TENANT VIA FIREWALLAPPLY POLICY, EXCHANGE ROUTES, AND CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW Apply Policy VN G ↔ VN R XMPP: Exchange routes Create tunnels
CONNECT GREEN TO RED TENANT VIA FIREWALLEND STATE VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW
CONNECT GREEN TO RED TENANT VIA FIREWALLDATA PLANE: RED ↔ GREEN TRAFFIC FORCED THROUGH THE FIREWALL VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW
CONNECT RED TENANT TO PHYSICAL L3VPNCONFIGURE L3VPN ROUTING INSTANCE VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN Netconf: Configure routing-instance
CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH PHYSICAL ROUTER, CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN BGP: Exchange routes Create tunnels
CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH VROUTERS, CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN XMPP: Exchange routes Create tunnels
VROUTERHA Discovery Server eth0 eth1 TOR SPINE Gateway LACP Linux Bonding Controller 1 Controller 2 vRouter
CONTRAIL COMPONENT HA Controller 1 Discovery Server IFMap Neutron API IFMap Neutron API Neutron API Discovery Server Neutron API Neutron API ConfigAPI HAProxy + VIP HAProxy + VIP HAProxy + VIP Controller 1 Neutron API Cassandra Cassandra Neutron API Cassandra zookeeper Neutron API Neutron API RabbitMQ HAProxy + VIP
HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer
HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down
HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down 1) Configuration node send ALL data to Control node to sync Control node information 2) Overwrite new information
HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down Sync!
DEMO
Contrail Enabler for agile cloud services

Recommended

Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetupScott Edwards
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014ozkan01
 
Juniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionJuniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionMarketingArrowECS_CZ
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailPriti Desai
 
Cloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper ContrailCloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper Contrailbuildacloud
 
[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With ContrailOpenStack Korea Community
 
OpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationOpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationStacy Véronneau
 

Recommended

Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetupScott Edwards
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014ozkan01
 
Juniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionJuniper Contrail VNS A BASIC introduction
Juniper Contrail VNS A BASIC introductionMarketingArrowECS_CZ
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailPriti Desai
 
Cloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper ContrailCloud Network Virtualization with Juniper Contrail
Cloud Network Virtualization with Juniper Contrailbuildacloud
 
[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With ContrailOpenStack Korea Community
 
OpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationOpenStack MeetUp - OpenContrail Presentation
OpenStack MeetUp - OpenContrail PresentationStacy Véronneau
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
SDN Controller
SDN ControllerSDN Controller
SDN Controllertcp cloud
 
Service Chaining - Cloud Network Services at Scale
Service Chaining - Cloud Network Services at ScaleService Chaining - Cloud Network Services at Scale
Service Chaining - Cloud Network Services at ScaleMarketingArrowECS_CZ
 
Contrail Basics
Contrail BasicsContrail Basics
Contrail BasicsKimberly Macias
 
ONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデートONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデートJuniper Networks (日本)
 
Contrail Launch: Capitalize on SDN and Cloud. Now.
Contrail Launch: Capitalize on SDN and Cloud. Now.Contrail Launch: Capitalize on SDN and Cloud. Now.
Contrail Launch: Capitalize on SDN and Cloud. Now.Juniper Networks
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleMarketingArrowECS_CZ
 
Cloudstack conference open_contrail v4
Cloudstack conference open_contrail v4Cloudstack conference open_contrail v4
Cloudstack conference open_contrail v4ozkan01
 
The Juniper SDN Landscape
The Juniper SDN LandscapeThe Juniper SDN Landscape
The Juniper SDN LandscapeChris Jones
 
WAN - trends and use cases
WAN - trends and use casesWAN - trends and use cases
WAN - trends and use casesMarketingArrowECS_CZ
 
Campus
CampusCampus
CampusMarketingArrowECS_CZ
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
NFV в сетях операторов связи
NFV в сетях операторов связиNFV в сетях операторов связи
NFV в сетях операторов связиTERMILAB. Интернет - лаборатория
 
Deployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG TechnologiesDeployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG TechnologiesMarketingArrowECS_CZ
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
vSRX
vSRXvSRX
vSRXMarketingArrowECS_CZ
 
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrailNFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrailozkan01
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Gade Gowtham
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PROIDEA
 
Software Defined Future
Software Defined FutureSoftware Defined Future
Software Defined FutureColt Technology Services
 
Colt Novitas SDN World Congress 2015
Colt Novitas SDN World Congress 2015Colt Novitas SDN World Congress 2015
Colt Novitas SDN World Congress 2015Colt Technology Services
 

More Related Content

What's hot

PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPROIDEA
 
SDN Controller
SDN ControllerSDN Controller
SDN Controllertcp cloud
 
Service Chaining - Cloud Network Services at Scale
Service Chaining - Cloud Network Services at ScaleService Chaining - Cloud Network Services at Scale
Service Chaining - Cloud Network Services at ScaleMarketingArrowECS_CZ
 
ONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデートONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデートJuniper Networks (日本)
 
Contrail Launch: Capitalize on SDN and Cloud. Now.
Contrail Launch: Capitalize on SDN and Cloud. Now.Contrail Launch: Capitalize on SDN and Cloud. Now.
Contrail Launch: Capitalize on SDN and Cloud. Now.Juniper Networks
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleMarketingArrowECS_CZ
 
Cloudstack conference open_contrail v4
Cloudstack conference open_contrail v4Cloudstack conference open_contrail v4
Cloudstack conference open_contrail v4ozkan01
 
The Juniper SDN Landscape
The Juniper SDN LandscapeThe Juniper SDN Landscape
The Juniper SDN LandscapeChris Jones
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPROIDEA
 
Deployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG TechnologiesDeployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG TechnologiesMarketingArrowECS_CZ
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrailNFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrailozkan01
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Gade Gowtham
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PROIDEA
 

What's hot (20)

PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
SDN Controller
SDN ControllerSDN Controller
SDN Controller
 
Service Chaining - Cloud Network Services at Scale
Service Chaining - Cloud Network Services at ScaleService Chaining - Cloud Network Services at Scale
Service Chaining - Cloud Network Services at Scale
 
Contrail Basics
Contrail BasicsContrail Basics
Contrail Basics
 
ONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデートONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデート
 
Contrail Launch: Capitalize on SDN and Cloud. Now.
Contrail Launch: Capitalize on SDN and Cloud. Now.Contrail Launch: Capitalize on SDN and Cloud. Now.
Contrail Launch: Capitalize on SDN and Cloud. Now.
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
 
Contrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at ScaleContrail Deep-dive - Cloud Network Services at Scale
Contrail Deep-dive - Cloud Network Services at Scale
 
Cloudstack conference open_contrail v4
Cloudstack conference open_contrail v4Cloudstack conference open_contrail v4
Cloudstack conference open_contrail v4
 
The Juniper SDN Landscape
The Juniper SDN LandscapeThe Juniper SDN Landscape
The Juniper SDN Landscape
 
WAN - trends and use cases
WAN - trends and use casesWAN - trends and use cases
WAN - trends and use cases
 
Campus
CampusCampus
Campus
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof KonkowskiPLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
 
NFV в сетях операторов связи
NFV в сетях операторов связиNFV в сетях операторов связи
NFV в сетях операторов связи
 
Deployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG TechnologiesDeployment of Juniper Contrail in AVG Technologies
Deployment of Juniper Contrail in AVG Technologies
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsx
 
vSRX
vSRXvSRX
vSRX
 
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrailNFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
 

Viewers also liked

Webinar how to ensure sdn-nfv doesn't break your network
Webinar how to ensure sdn-nfv doesn't break your networkWebinar how to ensure sdn-nfv doesn't break your network
Webinar how to ensure sdn-nfv doesn't break your networkQualitest
 
Overture presentation on Central Office (Exchange): Home to the New Telco Clo...
Overture presentation on Central Office (Exchange): Home to the New Telco Clo...Overture presentation on Central Office (Exchange): Home to the New Telco Clo...
Overture presentation on Central Office (Exchange): Home to the New Telco Clo...Overture Networks
 
2016 interop sdi_showcase_contrail
2016 interop sdi_showcase_contrail2016 interop sdi_showcase_contrail
2016 interop sdi_showcase_contrailDaisuke Nakajima
 
○○○で作るOpenStack+Contrail環境
○○○で作るOpenStack+Contrail環境○○○で作るOpenStack+Contrail環境
○○○で作るOpenStack+Contrail環境VirtualTech Japan Inc.
 
OpenStack Telco Cloud Challenges, David Fick, Oracle
OpenStack Telco Cloud Challenges, David Fick, OracleOpenStack Telco Cloud Challenges, David Fick, Oracle
OpenStack Telco Cloud Challenges, David Fick, OracleSriram Subramanian
 
2014年を振り返る 今年の技術トレンドとDockerについて
2014年を振り返る 今年の技術トレンドとDockerについて2014年を振り返る 今年の技術トレンドとDockerについて
2014年を振り返る 今年の技術トレンドとDockerについてMasahito Zembutsu
 
Using OpenContrail with Kubernetes
Using OpenContrail with KubernetesUsing OpenContrail with Kubernetes
Using OpenContrail with KubernetesMatt Baldwin
 
Telco Cloud - An evolution approach 2016
Telco Cloud - An evolution approach 2016Telco Cloud - An evolution approach 2016
Telco Cloud - An evolution approach 2016Fernando Herrera
 
Container sig#1 ansible-container
Container sig#1 ansible-containerContainer sig#1 ansible-container
Container sig#1 ansible-containerNaoya Hashimoto
 
The Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudThe Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudMarco Rodrigues
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsThomas Morin
 
OCP Serverを用いた OpenStack Containerの検証
OCP Serverを用いた OpenStack Containerの検証 OCP Serverを用いた OpenStack Containerの検証
OCP Serverを用いた OpenStack Containerの検証Takashi Sogabe
 
OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介
OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介
OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介Takashi Sogabe
 
DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)
DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)
DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)さくらインターネット株式会社
 

Viewers also liked (20)

Software Defined Future
Software Defined FutureSoftware Defined Future
Software Defined Future
 
Colt Novitas SDN World Congress 2015
Colt Novitas SDN World Congress 2015Colt Novitas SDN World Congress 2015
Colt Novitas SDN World Congress 2015
 
Webinar how to ensure sdn-nfv doesn't break your network
Webinar how to ensure sdn-nfv doesn't break your networkWebinar how to ensure sdn-nfv doesn't break your network
Webinar how to ensure sdn-nfv doesn't break your network
 
Overture presentation on Central Office (Exchange): Home to the New Telco Clo...
Overture presentation on Central Office (Exchange): Home to the New Telco Clo...Overture presentation on Central Office (Exchange): Home to the New Telco Clo...
Overture presentation on Central Office (Exchange): Home to the New Telco Clo...
 
Colt: The Future of Telco Cloud
Colt: The Future of Telco Cloud Colt: The Future of Telco Cloud
Colt: The Future of Telco Cloud
 
2016 interop sdi_showcase_contrail
2016 interop sdi_showcase_contrail2016 interop sdi_showcase_contrail
2016 interop sdi_showcase_contrail
 
Colt inter-provider SDN NNIs and APIs
Colt inter-provider SDN NNIs and APIsColt inter-provider SDN NNIs and APIs
Colt inter-provider SDN NNIs and APIs
 
SDN/NFV architecture vision and reality
SDN/NFV architecture vision and reality SDN/NFV architecture vision and reality
SDN/NFV architecture vision and reality
 
○○○で作るOpenStack+Contrail環境
○○○で作るOpenStack+Contrail環境○○○で作るOpenStack+Contrail環境
○○○で作るOpenStack+Contrail環境
 
OpenStack Telco Cloud Challenges, David Fick, Oracle
OpenStack Telco Cloud Challenges, David Fick, OracleOpenStack Telco Cloud Challenges, David Fick, Oracle
OpenStack Telco Cloud Challenges, David Fick, Oracle
 
2014年を振り返る 今年の技術トレンドとDockerについて
2014年を振り返る 今年の技術トレンドとDockerについて2014年を振り返る 今年の技術トレンドとDockerについて
2014年を振り返る 今年の技術トレンドとDockerについて
 
Using OpenContrail with Kubernetes
Using OpenContrail with KubernetesUsing OpenContrail with Kubernetes
Using OpenContrail with Kubernetes
 
Telco Cloud - An evolution approach 2016
Telco Cloud - An evolution approach 2016Telco Cloud - An evolution approach 2016
Telco Cloud - An evolution approach 2016
 
Container sig#1 ansible-container
Container sig#1 ansible-containerContainer sig#1 ansible-container
Container sig#1 ansible-container
 
Contrail Demo
Contrail DemoContrail Demo
Contrail Demo
 
The Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco CloudThe Modern Telco Network: Defining The Telco Cloud
The Modern Telco Network: Defining The Telco Cloud
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
 
OCP Serverを用いた OpenStack Containerの検証
OCP Serverを用いた OpenStack Containerの検証 OCP Serverを用いた OpenStack Containerの検証
OCP Serverを用いた OpenStack Containerの検証
 
OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介
OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介
OpenStack + OpenContrailで実現するマルチテナントIaaSのご紹介
 
DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)
DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)
DDoS vs. Dockerコンテナホスティング Arukas(Container SIG Meet-up 2016 Fall)
 

Similar to Contrail Enabler for agile cloud services

09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad IrzanIndonesia Network Operators Group
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowMyNOG
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
Banv meetup 04162014
Banv meetup 04162014Banv meetup 04162014
Banv meetup 04162014ozkan01
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPROIDEA
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvIntel
 
Ct nyc-philly open stack meetups april 2014 final
Ct nyc-philly open stack meetups april 2014 finalCt nyc-philly open stack meetups april 2014 final
Ct nyc-philly open stack meetups april 2014 finalozkan01
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization toolDaljeet Singh Randhawa
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PROIDEA
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation Network Innovations Driving Business Transformation
 Network Innovations Driving Business TransformationCisco Service Provider
 
Multi fabric sales motions jg v3
Multi fabric sales motions jg v3Multi fabric sales motions jg v3
Multi fabric sales motions jg v3Jeff Green
 
Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Patrick Lynchehaun
 
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...PROIDEA
 
Logical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxLogical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxAnwarAnsari40
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPEMichelle Holley
 
Introduction to nfv movilforum
Introduction to nfv movilforumIntroduction to nfv movilforum
Introduction to nfv movilforumvideos
 

Similar to Contrail Enabler for agile cloud services (20)

09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
 
Opencontrail network virtualization
Opencontrail network virtualizationOpencontrail network virtualization
Opencontrail network virtualization
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid Chow
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
Banv meetup 04162014
Banv meetup 04162014Banv meetup 04162014
Banv meetup 04162014
 
PLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined NetworkPLNOG 13: Jacek Wosz: User Defined Network
PLNOG 13: Jacek Wosz: User Defined Network
 
Netsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfvNetsft2017 day in_life_of_nfv
Netsft2017 day in_life_of_nfv
 
Ct nyc-philly open stack meetups april 2014 final
Ct nyc-philly open stack meetups april 2014 finalCt nyc-philly open stack meetups april 2014 final
Ct nyc-philly open stack meetups april 2014 final
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization tool
 
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
PLNOG16: VXLAN Gateway, efektywny sposób połączenia świata wirtualnego z fizy...
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
 Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation Network Innovations Driving Business Transformation
 Network Innovations Driving Business Transformation
 
Multi fabric sales motions jg v3
Multi fabric sales motions jg v3Multi fabric sales motions jg v3
Multi fabric sales motions jg v3
 
Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2Arista Nuage meetup dublin 18-2
Arista Nuage meetup dublin 18-2
 
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
PLNOG 5: Piotr Szołkowski - Data Center i nie tylko...
 
Logical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptxLogical_Routing_NSX_T_2.4.pptx.pptx
Logical_Routing_NSX_T_2.4.pptx.pptx
 
Building the SD-Branch using uCPE
Building the SD-Branch using uCPEBuilding the SD-Branch using uCPE
Building the SD-Branch using uCPE
 
Introduction to nfv movilforum
Introduction to nfv movilforumIntroduction to nfv movilforum
Introduction to nfv movilforum
 

More from Juniper Networks (日本)

【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み
【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み
【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組みJuniper Networks (日本)
 
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介Juniper Networks (日本)
 
【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介
【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介
【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介Juniper Networks (日本)
 
【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...
【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...
【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...Juniper Networks (日本)
 
【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース
【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース
【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コースJuniper Networks (日本)
 
【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~
【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~
【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~Juniper Networks (日本)
 
【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション
【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション
【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューションJuniper Networks (日本)
 
【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化
【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化
【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化Juniper Networks (日本)
 
【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS
【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS
【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OSJuniper Networks (日本)
 
【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札
【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札
【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札Juniper Networks (日本)
 
【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?
【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?
【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?Juniper Networks (日本)
 
Junos SpaceによるJunos機器の運用管理
Junos SpaceによるJunos機器の運用管理Junos SpaceによるJunos機器の運用管理
Junos SpaceによるJunos機器の運用管理Juniper Networks (日本)
 
企業ネットワークの標的型攻撃とクラウド接続の課題に同時対応するソリューション
企業ネットワークの標的型攻撃とクラウド接続の課題に同時対応するソリューション企業ネットワークの標的型攻撃とクラウド接続の課題に同時対応するソリューション
企業ネットワークの標的型攻撃とクラウド接続の課題に同時対応するソリューションJuniper Networks (日本)
 

More from Juniper Networks (日本) (20)

【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み
【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み
【Interop Tokyo 2023】ShowNetにおけるジュニパーネットワークスの取り組み
 
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
【Interop Tokyo 2022】ここが見どころ!ジュニパーのShowNetにおける取組みご紹介
 
Juniper Festa @ Interop Tokyo 2021
Juniper Festa @ Interop Tokyo 2021Juniper Festa @ Interop Tokyo 2021
Juniper Festa @ Interop Tokyo 2021
 
【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介
【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介
【ジュニパーサロン】データセンタに特化した新しい経路制御技術 RIFTの紹介
 
【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...
【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...
【ジュニパーサロン】Contrailの進化 Contrail Enterprise Multicloudとは ~Contrailを知っている人も知らない人...
 
Juniper Festa @ Interop Tokyo 2019
Juniper Festa @ Interop Tokyo 2019 Juniper Festa @ Interop Tokyo 2019
Juniper Festa @ Interop Tokyo 2019
 
【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース
【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース
【SRX】JUNOS ハンズオントレーニング資料 SRXシリーズ サービス ゲートウェイ コース
 
【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~
【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~
【Interop Tokyo 2018】 Telemetryの匠が解説~オープン技術を用いたマイクロバースト検知の最前線~
 
【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション
【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション
【Interop Tokyo 2018】 ジュニパーの簡易SD-WANソリューション
 
【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化
【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化
【Interop Tokyo 2018】 SDSN - サードパーティ連携によるサイバー脅威の検知とポリシー施行の自動化
 
【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS
【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS
【Interop Tokyo 2018】 自動化の親和性が高く、ネットワーク運用者に優しいJunos OS
 
【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札
【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札
【Interop Tokyo 2018】 マルチクラウド環境のすべてをセキュアに統合運用する切り札
 
【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?
【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?
【Interop Tokyo 2018】マルチクラウド環境における仮想基盤とネットワークの「見える化」は出来ていますか?
 
Juniper Festa @ Interop Tokyo 2018
Juniper Festa @ Interop Tokyo 2018Juniper Festa @ Interop Tokyo 2018
Juniper Festa @ Interop Tokyo 2018
 
Virtual Chassis Fabric for Cloud Builder
Virtual Chassis Fabric for Cloud BuilderVirtual Chassis Fabric for Cloud Builder
Virtual Chassis Fabric for Cloud Builder
 
Juniper Festa @ Interop Tokyo 2017
Juniper Festa @ Interop Tokyo 2017Juniper Festa @ Interop Tokyo 2017
Juniper Festa @ Interop Tokyo 2017
 
AppFormix勉強会資料
AppFormix勉強会資料AppFormix勉強会資料
AppFormix勉強会資料
 
FlexEのご紹介 - JANOG 39.5 発表資料
FlexEのご紹介 - JANOG 39.5 発表資料FlexEのご紹介 - JANOG 39.5 発表資料
FlexEのご紹介 - JANOG 39.5 発表資料
 
Junos SpaceによるJunos機器の運用管理
Junos SpaceによるJunos機器の運用管理Junos SpaceによるJunos機器の運用管理
Junos SpaceによるJunos機器の運用管理
 
企業ネットワークの標的型攻撃とクラウド接続の課題に同時対応するソリューション
企業ネットワークの標的型攻撃とクラウド接続の課題に同時対応するソリューション企業ネットワークの標的型攻撃とクラウド接続の課題に同時対応するソリューション
企業ネットワークの標的型攻撃とクラウド接続の課題に同時対応するソリューション
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Contrail Enabler for agile cloud services

  • 1. CONTRAIL ENABLER FOR AGILE CLOUD SERVICES OpenContrailMeetup NUENO@JUNIPER.NET DISTINGUISHED ENGINEER / SDN TEAM Nachi Ueno
  • 2. This statement of direction sets forth Juniper Networks’ current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or function depicted in this presentation
  • 3. ENTERPRISE DC EVOLUTION (ITAAS) TRADITIONAL VIRTUALIZATION LB Policies ACLs FW, IPS Policies Sec. Device LB Device Switches Physical Servers Router Standalone Applications (Dedicated Resources) End-user Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Manual device config Custom Policy Config Deployment knowledge Admin Virtual Machines VLANs vSecurity LB Policies ACLs VLAN Config Security Policies Router End-user Standalone Application (Virtualized Resources) Admin vLB VM Orchestrator Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Manual device config Custom Policy Config Deployment knowledge
  • 4. CLOUD CLOUD-ENABLED DATA CENTER Sub-Optimal Device Utilization Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo’ed Large, Manual Device Config Custom / Complex Policy Config Specialized deployment knowledge Evolving Applications (on Resource Pool) External Cloud Based Resources Virtualized Resource Pools Resources Across Data Centers No ACLs End-user Orchestrator / Controller All Policies (incl. ACLs) Virtual Network Virtual Network Compute Storage LB Security Admin
  • 5. NFV: NETWORK EDGE SECURITY Network Function Virtualization Scalable Virtual Service on x86 Scalable Virtual Service on x86 Private networks SP DATACENTER BRAS/VPN Edge FW –IPS –PDF –DDoS FW –IPS –PDF –DDoS Service Load Balancing Service Load Balancing L3VPN-ENABLED SP CORE/BACKBONE BUSINESS EDGE Internet BROADBAND EDGE MOBILE EDGE Dynamic Service Provisioning, Scaling; Service Chaining Security Services –Firefly, Web App Secure, DdosSecure, vSA Centralized management/orchestration Software abstraction from physical infra Edge delivery of virtualized security services (Firefly, DdosSecure, Web App Secure, vSA
  • 6. FLEXIBLE AND DYNAMIC CHAINING OF SERVICES Host + Hypervisor Host + Hypervisor VIRTUAL NETWORK GREEN VIRTUAL NETWORK YELLOW Service A Service B IP fabric(switch underlay) A C B G1 G2 G3 G1 G2 G3 Y1 Y2 Y3 Y2 Y3 Y1 VM and virtualized Network function pool VM and virtualized Network function pool … … LOGICAL PHYSICAL Service C
  • 7. L3VPN SELF-SERVICE ENTERPRISE SERVICE CLOUD CUSTOMER A (Branch Office) VPN SITE 1 CUSTOMER B (Branch Office) VPN SITE 2 CUSTOMER A (HQ) VPN SITE 2 CUSTOMER B (HQ) VPN SITE 1 Self-service portal with quick (< 5 min) network provisioning Service automation SLA-based ‘As-a-Service’ model for services Elastic architecture with service Scale-out Standard Protocols to connect SP customer to service SLB FW UTM CDN WAN OPT SP Service Cloud Quick, Self-Service
  • 8. INTERCONNECT W/ EXISTING INFRASTRUCTURE Contrail enables customers to use their legacy infrastructure for legacy apps, and expand to cloud-architectures for newer apps. VLAN -A VLAN -B VLAN -C VLAN -D Front-End Tier Back-End Tier EXISTING/ LEGACY INFRASTRUCTURE CLOUD INFRASTRUCTURE Back-End Front-End Security Tier LB Tier CONTRAIL CONTROLLER Security LB Gateway Contrail enables enterprises to continue using legacy investments and infrastructure. Can extend portions of the network or the entire infrastructure and be able to run new cloud-based as well as legacy applications
  • 10. VIRTUAL NETWORKS VIRTUALIZED SERVICES THE NEW NETWORK –BUILDINGBLOCKS GATEWAYS NETWORK AND PACKET POLICY PROVIDED BY OPEN BGP VPN TECHNOLOGIES NETWORK POLICY FOR TOPOLOGY AND PACKET FOR TRAFFIC CONTROL NETWORK FUNCTIONS AND SERVICES STITCHED TO TOPOLOGY CONNECTS VIRTUAL AND PHYSICAL DOMAINS
  • 11. WHAT IS NETWORK VIRTUALIZATION •Independent of Physical Network Location or State –Logical Network across any server, any rack, any cluster, any data-center –Virtual Machines can migrate without requiring any reworking of security policies, load balancing, etc –New Workloads or Networks should not require provisioning of physical network –Nodes in Physical Network can fail without any disruption to Workload •Full Isolation for Multi-tenancy and Fault Tolerance –MAC and IP Addresses are completely private per tenant –Any failures or configuration errors by tenants do not affect other applications or tenants –Any failures in the virtual layer do not propagate to physical layer
  • 12. THE IMPORTANCE OF ABSTRACTION BMSR4 OpenStack ContrailController Neutron Nova VMG1 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW PHYSICAL TOPOLOGY Complex •Low level of abstraction •Many vrouters •Many routing-instances •Many tunnels •Many routes Complex to configure Complex to troubleshoot JunosSpace
  • 13. CONTRAIL –VIRTUALIZED & AUTOMATED NETWORK CONTROL PLANE, MANAGEMENT PLANE NETWORK PROGRAMMABILITY ENABLING NFV (NETWORK FUNCTION VIRTUALIZATION) VIRTUALIZED NETWORK SERVICES INTEROPERABILITY WITH PHYSICAL NETWORK NETWORK VIRTUALIZATION (PRIVATE, HYBRID) CONVERGED NETWORK ORCHESTRATION AUTOMATION, ANALYTICS
  • 15. L3 L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L2/L3 L2/L3 L3 ToR L2/L3 L3 L3 L3 L3 L3 CLOUD DC -CONTRAIL L2/L3 OVERLAY vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter Hypervisor vRouter handles L2/L3 Hypervisor vRouter performs NAT = multi-tenant VRF Service Insertion Service Insertion External Network Servers
  • 16. CONTRAIL PHILOSOPHY2 Fault tolerance via Idempotence
  • 17. RPC NIGHTMARE Compute Node Network Node Scheduler API Do we need Distributed transaction manager…. ?
  • 18. STATE SYNCHRONIZATION Controller Agent Full Sync Full Sync Diff Check local State & Apply diff
  • 19. BGP router router Update Withdraw Check local State & Update state
  • 20. IFMAP Server Clinet Poll Update Check local State & Update state
  • 22. Network Subnet Subnet Port VM Port VM Router Network Subnet Network Policy Subnet Service Instance
  • 24. CONTRAIL & OPENSTACK COMPONENTS Horizon UI Contrail Web UI Nova (Compute Orchestration) Neutron Plugin Compute Node Storage Keystone (Identity / Access Mgmt) Cinder (Block Storage) Swift (Object Storage) Nova Agent ContrailAgent Contrail Config Contrail Control vRouter Operator User Logs in, Create tenant (projects), Create IPAM, Create virtual network, Launch VMs VM Get VM Image to spawn API Srvr Scheduler … Select Compute node to spawn VM Info to spawn VM Hypervisor VM Spawned Block Storage Assignment Xen Bi-directional message bus (XMPP interaction) Launch VM Network related interaction Get virtual network info DHCP Plug (Tap interface, Instance ID, ..) Glance (Image Server) Authentication, etc.
  • 25. ROLE OF CONTRAIL IN INTEGRATED STACK Service Nodes Internet VPN DCI WAN Gateway Router JunosVContrail Orchestrator Compute APIs Storage APIs Network APIs Server Virtual Machine vRouter Physical Switches vSRX, F5 …
  • 26. CONTRAIL SOLUTION OVERVIEW OpenContrail Controller Configuration Analytics Control Server VM VM VM Server VM VM VM IP fabric(underlay network) Juniper Qfabric/QFX/EX or 3rdparty underlay switches Juniper MXor 3rdparty gateway routers Tenant VMs BGPFederation BGPClustering Contrail Controller REST XMPP CONTROLLER Control Orchestrator XMPP BGP + Netconf Contrail vRouter(L2 & L3) on KVM, Xenand ESXi/HyperV/Contrainersand Bare Metal in 2014 2014
  • 27. CONTRAIL COMPONENTS Physical Network(no changes) Analytics OPENCONTRAIL CONTROLLER Control Configuration Physical Host with Hypervisor vRouter VM VM VM VM Physical Host with Hypervisor vRouter VM VM VM VM WAN, Internet Gateway Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine collects, stores and analyzes network elements Interacts with network elements for VM network provisioning and ensures uptime vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance TODAY 2014
  • 28. OPENSTACK INTEGRATION Horizon Nova API Compute Driver Virtual-IF Driver Nova Compute Contrail Agent vRouter(kernel) Virtual Router Nova Scheduler Neutron Driver Neutron Plugin Configuration Node Control Node 1 Create an Instance (VM Info, Network, IPAM, Policies, etc) 2 Schedule an Instance on the Compute Node 3 VM Network Properties 4 Create VM Interface 6 Publish VM Intfon IFMap 5 Add Port 7 VM Interface Configover XMPP Scripts
  • 29. CONTRAIL STACK -VROUTER Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
  • 30. COMPUTE NODE –HYPERVISOR, VROUTER Compute Node VirtualMachine(Tenant B) VirtualMachine(Tenant C) VirtualMachine(Tenant C) vRouterForwarding Plane VirtualMachine(Tenant A) Routing Instance(Tenant A) Routing Instance(Tenant B) Routing Instance(Tenant C) vRouterAgent Flow Table FIB Flow Table FIB Flow Table FIB Overlay tunnelsMPLS over GRE or VXLAN JUNOSV CONTRAIL CONTROLLER JUNOSV CONTRAIL CONTROLLER XMPP Eth1 Kernel Tap Interfaces (vif) pkt0 User Eth0 EthN Config VRFs Policy Table Top of Rack Switch XMPP •vRouteris replaces the Linux Bridge or OVS module in Hypervisor Kernel •vRouterperforms bridging (E-VPN) and routing (L3VPN) •vRouterperforms networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing •No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT •Routes are automatically leaked into the VRF based on Policies •Support for Multiple Interfaces on the Virtual Machines •Support for Multiple Interfaces from Compute Node to the Switching Fabric
  • 31. COMPUTE NODE –FORWARDING/TUNNELING Overlay tunnelsMPLS over GRE or VXLAN Compute Node vRouterForwarding Plane VirtualMachine(VN-IP1) Routing Instance Flow Table FIB Eth1 (Phy-IP1) Tap Interfaces (vif) Compute Node vRouterForwarding Plane VirtualMachine(VN-IP2) Routing Instance Flow Table FIB Eth1 (Phy-IP2) Tap Interfaces (vif) VIRTUAL PHYSICAL Virtual-IP2 Payload Virtual-IP2 Payload MPLS / VNI Phy-IP2 Virtual-IP2 Payload Virtual-IP2 Payload MPLS / VNI Phy-IP2 1.Guest OS ARPs for destination within subnet or default GW 2.VRouter receives the ARP and responds back with VRRP MAC 3.Guest OS sends traffic to the VRRP MAC, Vrouterencapsulates the packet with appropriate MPLS/VNI tag and GRE header 1.Physical Fabric Routers on Physical IP Address 1.Returning packets get forwarded to appropriate Routing Instance by the MPLS/VNI tag 1.VRouterde-capsulates the packet, and forwards it to the Guest OS
  • 32. CONTRAIL STACK –CONTROL NODE Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
  • 33. CONTRAIL -CONTROL PLANE NODE Control Node "BGP module" Proxies XMPP ControlNode Control Node Compute Node Compute Node Configuration Node Configuration Node IF-MAP XMPP IBGP IF-MAP Client •All Control Plane Nodes are active active •Each vRouteruses XMPP to connect with multiple Control Plane nodes for redundancy •Each Control Plane Node connects to multiple configuration nodes for redundancy •BGP and Netconfis used to connect with Physical Gateway Routers or Services Nodes •Control Plane Nodes federate using BGP •Control Nodes can run different software versions for test-before-deploy and live upgrades GatewayRouters Service Nodes
  • 34. CONTROL PLANE –ROUTE DISTRIBUTION 10.1.1.1 10.1.1.2 70.10.10.1 151.10.10.1 10.1.1.2: NH = 151.10.10.1; LBL = 17 10.1.1.1: NH = 70.10.10.1; LBL = 39 10.1.1.1 10.1.1.2 PAYLOAD VRF PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1 PubSrcIP PubDstIP VM VRF PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD PriSrcIP PriDstIP VM IP Network Agent Agent XMPP XMPP Control Node Configuration Node REST/API 10.1.1.2:NH = 151.10.10.1; LBL = 17 10.1.1.1:NH = 70.10.10.1; LBL = 39 (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 Control Plane *Outer MAC header was left out intentionally to reduce clutter 10.1.1.1:NH = 70.10.10.1; LBL = 39 10.1.1.2:NH = 151.10.10.1; LBL = 17 Control Plane IF-MAP
  • 35. CONTRAIL WITH L3VPN 10.1.1.1 10.1.1.2 70.10.10.1 151.10.10.1 10.1.1.2: NH = 80.20.20.1; LBL = 417 10.1.1.1 10.1.1.2 PAYLOAD VRF PriSrcIP PriDstIP VM VRF PriSrcIP PriDstIP VM IP Network Agent XMPP XMPP Configuration Management DC1 REST/API (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 10.1.1.1 10.1.1.2 PAYLOAD LBL=417 GRE 70.10.10.1 80.20.20.1 PubSrcIP PubDstIP PriSrcIP PriDstIP 10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 160.20.20.1 151.10.10.1 PubSrcIP PubDstIP PriSrcIP PriDstIP MX MX MPLS IP Network 80.20.20.1 160.20.20.1 Control Plane *Outer MAC header was left out intentionally to reduce clutter 10.1.1.2:NH = 80.20.20.1; LBL = 417 10.1.1.2:NH = 151.10.10.1; LBL = 17 REST/API BGP Control Nodes 10.1.1.1 10.1.1.2 PAYLOAD LBL=217 PriSrcIP PriDstIP MPLS Outer Label Control Plane I-MBGP MX I-MBGP 200.1.1.1 100.1.1.1 10.1.1.2: NH = 80.20.20.1; LBL = 417;RD;RT Configuration Management DC2 Agent BGP Control Nodes MX MX I-MBGP MX 10.1.1.2: NH = 200.1.1.1; LBL = 317;RD;RT 10.1.1.2: NH = 100.1.1.1; LBL = 217;RD;RT 10.1.1.2: NH = 160.20.20.1; LBL = 117;RD;RT 10.1.1.2: NH = 151.10.10.1; LBL = 17;RD;RT 160.20.20.1 80.20.20.1 E-MBGP E-MBGP MX MX 200.1.1.1 100.1.1.1 Service Provider 10.1.1.1 10.1.1.2 PAYLOAD
  • 36. PACKET FLOW FOR EVPN ON IP NETWORK MAC1 MAC2 70.10.10.1 151.10.10.1 MAC2: NH = 151.10.10.1; LBL = 17 MAC1: NH = 70.10.10.1; LBL = 39 VRF MAC1 MAC2 PAYLOAD SrcMAC DstMAC VM VRF MAC1 MAC2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1 PubSrcIP PubDstIP SrcMAC DstMAC VM IP Network Agent Agent XMPP XMPP BGP Based Control Plane Configuration Management REST/API MAC2:NH = 151.10.10.1; LBL = 17 MAC1:NH = 70.10.10.1; LBL = 39 (Dynamic Tunnel Encapsulation) (Dynamic Tunnel Decapsulation) Server 1 Server 2 Control Plane *Outer MAC header was left out intentionally to reduce clutter MAC1:NH = 70.10.10.1; LBL = 39 MAC2:NH = 151.10.10.1; LBL = 17 MAC1 MAC2 PAYLOAD SrcMAC DstMAC
  • 37. CONTRAIL STACK –CONFIG NODE Configuration Nodes ControlPlane ComputeNode(Virtual Router) ServiceNode(SRX, Firefly, JSP, ...) GatewayNode(MX, EX/QFX, ...) ControlPlane ControlPlane AnalyticsEngine AnalyticsEngine AnalyticsEngine REST APIs (Configuration, Operational, and Analytics) Openstack Customer OSS/BSS Cloudstack
  • 38. CONTRAIL –SDN AS A “COMPILER” OrchestrationSystem SDN System Network(Physical and Virtual) South-BoundNetwork Element Interfaces East-WestPeering Interface (BGP) Application2 ApplicationN Applications North-bound APIs Data Model 1 Data Model 2 Data Model M Data Model Extensions Interface 1 Interface 2 Interface K Plug-ins Compilergenerates APIs Compilergenerates APIs
  • 39. CONFIGURATION NODE Configuration Node REST API Server Schema Transformer Orchestrator(OpenStack) REST DHT DB IF-MAPserver Configuration Node ControlNode ControlNode IF-MAP Distributed Synchronization 1.API Server provides Northbound REST Interface –Orchestration System provisions using this API service 2.DHT/NoSQLDatabase is used for Persistence and High Availability of Configuration 3.Schema Transformer “compiles” the high level data model to low level model for vRouter, Service Nodes, and Gateway Routers 1.IF-MAP is used to represent the data-model – Control Nodes subscribe to the subset of configuration Configuration Node DHT DB DHT DB Message Bus
  • 40. LOGICAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R PN VMFW Virtual Network Tenant Virtual Machines Virtual Firewall Physical Gateway Router Physical Network (Internet, L3VPN, ...)
  • 41. PHYSICAL TOPOLOGY OpenStack ContrailController Neutron Nova Virtualized Server Hypervisor with Contrail vRouter Underlay Switches Gateway Router to Internet or L3VPN
  • 42. MAPPING OF LOGICAL TO VIRTUAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R L3VPN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL
  • 43. STARTING POINTEMPTY LOGICAL TOPOLOGY VMG1 VMG2 VMG3 VN G VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL
  • 44. CREATE GREEN TENANTCREATE VIRTUAL NETWORK "GREEN" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VN G
  • 45. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VM G1Attach to VN G Nova: Create VM VMG1
  • 46. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G1" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Neutron: Attach VM to VN Create VM G1Attach to VN G XMPP: Create routing-instance
  • 47. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG2 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G Create VM G2Attach to VN G VMG1 Nova: Create VM VMG2
  • 48. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Neutron: Attach VM to VN Create VM G2Attach to VN G VMG2 XMPP: Create routing-instance VMG2
  • 49. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G2" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 Create VM G2Attach to VN G VMG2 XMPP: Exchange routes Create tunnels VMG2
  • 50. CREATE GREEN TENANTFORWARDING TABLES AND ENCAPSULATION VMG1 VMG2 IP prefix Nexthop VM G1 Virtual ethernet port to VM G1 Green routing-instance IP FIB VM G2 Push label L2 + GRE encapsto server S2 MPLS label Nexthop L1 Pop + Green routing-instance Global MPLS FIB IP prefix Nexthop Server S2 Physical ethernet port Global IP FIB IP prefix Nexthop VM G1 Push label L1GRE encapsto server S1 Green routing-instance IP FIB VM G2 Virtual ethernet port to VM G2 MPLS label Nexthop L2 Pop + Green routing-instance Global MPLS FIB IP prefix Nexthop Server S1 Physical ethernet port Global IP FIB Inner IP header Payload VM G1 Source IP VM G2 DestIP ... MPLS L2 Label GRE ... Outer IP header Server S1 Source IP Server S2 DestIP Ethernet Server S1 Source MAC Server S2 DestMAC Packet S1 S2
  • 51. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G Nova: Create VM VMG3
  • 52. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G VMG3 Neutron: Attach VM to VN XMPP: Create routing-instance
  • 53. CREATE GREEN TENANTCREATE VIRTUAL MACHINE "G3" VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 Create VM G3Attach to VN G VMG3 XMPP: Exchange routes Create tunnels
  • 54. CREATE GREEN TENANTEND STATE VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3
  • 55. CREATE RED TENANTSAME STEPS AS GREEN TENANT VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN VMFW OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2
  • 56. CONNECT GREEN TO RED TENANT VIA FIREWALLCREATE VIRTUAL MACHINE FOR FIREWALL VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 Create VM FWAttach to VN GAttach to VN R VMFW Nova: Create VM VMFW
  • 57. CONNECT GREEN TO RED TENANT VIA FIREWALLATTACH FIREWALL TO RED AND GREEN VIRTUAL NETWORKS VMG1 VMG3 VMR1 VMR2 VMR3 VN R PN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 Create VM FWAttach to VN GAttach to VN R VMFW VMFW Neutron: Attach VM to VNs XMPP: Create routing-instance
  • 58. CONNECT GREEN TO RED TENANT VIA FIREWALLAPPLY POLICY, EXCHANGE ROUTES, AND CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW Apply Policy VN G ↔ VN R XMPP: Exchange routes Create tunnels
  • 59. CONNECT GREEN TO RED TENANT VIA FIREWALLEND STATE VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW
  • 60. CONNECT GREEN TO RED TENANT VIA FIREWALLDATA PLANE: RED ↔ GREEN TRAFFIC FORCED THROUGH THE FIREWALL VMG1 VMG3 VMR1 VMR2 VMR3 VN R L3VPN OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW
  • 61. CONNECT RED TENANT TO PHYSICAL L3VPNCONFIGURE L3VPN ROUTING INSTANCE VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN Netconf: Configure routing-instance
  • 62. CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH PHYSICAL ROUTER, CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN BGP: Exchange routes Create tunnels
  • 63. CONNECT RED TENANT TO PHYSICAL L3VPNEXCHANGE ROUTES WITH VROUTERS, CREATE TUNNELS VMG1 VMG3 VMR1 VMR2 VMR3 VN R OpenStack ContrailController Neutron Nova PHYSICAL LOGICAL VN G VMG1 VMG2 VMG2 VMG3 VMR1 VMR3 VMR2 VMFW VMFW L3VPN Apply Policy VN R ↔ L3VPN XMPP: Exchange routes Create tunnels
  • 64. VROUTERHA Discovery Server eth0 eth1 TOR SPINE Gateway LACP Linux Bonding Controller 1 Controller 2 vRouter
  • 65. CONTRAIL COMPONENT HA Controller 1 Discovery Server IFMap Neutron API IFMap Neutron API Neutron API Discovery Server Neutron API Neutron API ConfigAPI HAProxy + VIP HAProxy + VIP HAProxy + VIP Controller 1 Neutron API Cassandra Cassandra Neutron API Cassandra zookeeper Neutron API Neutron API RabbitMQ HAProxy + VIP
  • 66. HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer
  • 67. HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down
  • 68. HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down 1) Configuration node send ALL data to Control node to sync Control node information 2) Overwrite new information
  • 69. HA proxy Control Node "BGP module" Proxies XMPP IF-MAP Client Configuration Node 3 REST API Server IF-MAPserver RabbitMQ HA proxy Configuration Node 2 REST API Server IF-MAPserver RabbitMQ Configuration Node1 REST API Server DHT DB IF-MAPserver RabbitMQ Control Node "BGP module" Proxies XMPP IF-MAP Client Schema Transformer Schema Transformer Schema Transformer Down Sync!
  • 70. DEMO