Stacy Véronneau, profile picture
Uploaded byStacy Véronneau
PPTX, PDF873 views

OpenStack MeetUp - OpenContrail Presentation

This document discusses use cases and requirements for different cloud customer segments using Contrail. It describes Contrail's ability to enable IT as a service, enterprise migration to the cloud with legacy interconnects, public cloud services, and IoT/M2M use cases. It provides an overview of how Contrail works including its components, scale out architecture, and interaction with OpenStack. It also summarizes Contrail's features such as routing, security, analytics, and gateway services.

Embed presentation

Downloaded 102 times
Use Cases and Cloud
CLOUD CUSTOMER SEGMENTS ENABLE MULTIPLE CLOUD CUSTOMER SEGMENTS SVC PROVIDER ENTERPRISE Use-cases: ITaaS cloud, Enterpr. Migration w/ Legacy Interconnect (Bare Metal, vCenter) Requirements:  Dynamically connect BMS’s (or VMs) hanging from TORs into Virtual Networks  Interconnect with vCenter environments  Provide L3 Gateway to the Virtual Networks  Provide underlay-overlay correlation CLOUD SVCS Primary Use-case: SaaS cloud, Public IaaS Cloud / Cloud Hosting, Hybrid Cloud, PaaS Requirements:  Launch VMs, Containers into Virtual Networks with IPAM, DNS, DHCP.  Connect the VNs with Security Policies; use VNFs (FW, LB, etc.) using Service Chaining  Application launch automation like Heat (Openstack) or Kubernetes / Mesos (for Containers)  RH OpenShift, Pivotal CF and homegrown PaaS Use-case: M2M / IoT, EPC, SDWAN, … Requirements:  Dynamically insert VNFs in Telco Cloud DCs to for virtual EPC, M2M, IOT, ...  Service Chaining of different services (L2, L3, PNF)  Automated orchestration of customer driven services using OpenStack, etc.
WHAT IS CLOUD? Standard compute platform - x86 = CLOUD But … virtualization = virtual(compute + storage + network) Network virtualization = apply network policy dynamically with location independence - orchestration + API – OpenStack, …+ automation + virtualization - end-user resource management - use any host – VMware, KVM, Docker …
WHAT IS TELCO CLOUD? = TELCO CLOUD Requirement - dynamic, real-time data plane and control plane integration Support for telco standards and services - MPLS, VXLAN, L3VPN, EVPN, NAT, … - cloud fully integrated into networks + Connections to physical networks - for applications and control plane services + Insertion into physical networks - for network services Cloud - virtualization/automation
How OpenContrail Works
OpenContrail - Based on MPLS VPN Technology
Mapping Architectural Principles Underlay Switch vRouter Control Node Control Node Underlay Switch vRouterVM VM IBGP XMPP MPLS over GRE or VXLAN Config Node OpenStack Analytics Node SDN System Contrail P PPE PE Route Reflector Route Reflector CECE IBGP IBGP MPLS over MPLS Network Management System (NMS) DMI MPLS L3VPN / E-VPN Gateway BGP
Contrail Abstraction Architecture Orchestration, Automation Open source and partner ecosystem of orchestrators API and SDK for integration with OSS / BSS OSS Virtual Network Overlay Overlay encapsulation implemented in hypervisor Multi-tenancy for private and virtual public clouds Gateway functions - connect to virtual to physical network Service chaining (physical and virtual) Physical Network Interoperability with traditional network devices Any-to-any non-blocking low-latency fabric: Q-Fabric or Clos Control Plane - Physical, Virtual Open, standards-based, federated controller Scalable and resilient Control Plane Configuration model Automation Control Plane Control Plane Policies and requests Analytics Distributed collection Global view Consolidation Aggregation State and status
Contrail Components Physical Network (no changes) Collector OPENCONTRAIL CONTROLLER ControlConfiguration Physical Host with Hypervisor vRouter VM VM VM VM Physical Host with Hypervisor vRouter VM VM VM VM WAN, Internet Gateway Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine collects, stores and analyzes network elementsInteracts with network elements for VM network provisioning and ensures uptime vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance
Scale Out, Highly Available Architecture Logically Centralized (Physically Distributed) Horizontally Scalable Highly Available (Active-Active) Federated Configuration Nodes Control Nodes Analytics Nodes IF-MAP REST REST XMPP BGP BGP, Netconf vRouters Gateways BGP Database Nodes Web UI Nodes https://github.com/Juniper/contrail-controller/wiki/Roles-Daemons-Ports HTTP
INTERACTION WITH OPENSTACK OpenStack Compute Node Horizon Compute Driver Virtual-IF Driver Nova Compute Contrail Agent vRouter (kernel) Virtual Router Nova API 1 Create an Instance (Image, Network, …) 2 Nova Scheduler Schedule an Instance on the Compute Node Neutron Driver4 VM Network Properties 3 Add Port 7 VM Interface config over XMPP Scripts Neutron Plugin Configuration Node Create VM Interface 5 6 Publish VM i/f on IF-MAP Control Node
vRouter
Compute node (vRouter) Forwarding Blue VRF Flow Table Tap Interface (vif) FIB VM 1 (Tenant A) Green VRF Flow Table FIB Red VRF Flow Table FIB VM 2 (Tenant B) VM 1 (Tenant B) …eth 1 eth N vRouter Agent  vRouter replaces the Linux Bridge or OVS module in Hypervisor Kernel  vRouter performs bridging (E-VPN) and routing (L3VPN)  vRouter performs networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing  No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT  Routes are automatically leaked into the VRF based on Policies  Support for Multiple Interfaces on the Virtual Machines  Support for Multiple Interfaces from Compute Node to the Switching Fabric config Policy Table VRFs Overlay Tunnels: MPLSoUDP/GRE,VXLAN pkt 0 [kernel] [user space] CONTRAIL CONTROLLER
FEATURE SUMMARY Routing & Switching (IPv4, v6) Network Services (IPAM, DNS, DHCP SNAT, FIP, QoS, BGPaaS) Load Balancing (customizable ECMP, LBaaS) Security & Policies (Policy Enf.,Distributed FW, Sec Grp, XMPP Encryp.) Perf & Scale (DPDK / SRIOV, Smart NIC, Infra scale) Gateway Services (L2, L3, vCenter GW) Rich Analytics, (Alerts, Overlay-Underlay Correlation, multi-region) Service Chaining (PNF, VNF, v6, 3rd party / TAP, Health-check, policy- based) HA, Upgrades (SFC Failover, ISSU) API Services (multi-vendor Orch., SDN-U, OpenStack, K8s, vCenter)
Creating Virtual machines with Openstack and Contrail Overlay tunnels MPLS over GRE or VXLAN Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail
Request VM, Create VRF, Allocate IP Address Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail VRF Flow Table FIB Create VRF Attach interface H1 VRF Routing Table IP VM1: NH Local i/f
Create and Boot VM (DHCP for IP address) Overlay tunnels MPLS over GRE or VXLAN Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail VRF Virtual Machine VM1 DHCP Request IP for MAC-VM1? Flow Table FIB DHCP Response IP address Gateway IP DNS server IP H1 VRF Routing Table IP VM1: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f
vRouter Allocates Label and Advertises Route Compute Node Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail MAC/IP VM1: NH IP-H1, Lbl=53 vRouter VRF Virtual Machine VM1 Flow Table FIB H1 VRF Routing Table MAC/IP VM1: NH Local i/f
Same for VM2 Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail MAC/IP VM2: NH IP-H2, Lbl=24 vRouter VRF Virtual Machine (VM1) vRouter VRF Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f Flow Table FIB Flow Table FIB H1 VRF Routing Table MAC/IP VM1: NH Local i/f
H2 VRF Routing Table MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f Contrail Pushes Routes to vRouters Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 MAC/IP VM2: NH IP-H2, Lbl=24 MAC/IP VM1: NH IP-H1, Lbl=53
H2 VRF Routing Table MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f DNS resolution Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 DNS Query IP for VM2? DNS Response VM2=IP-VM2?
H2 VRF Routing Table MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f Proxy ARP Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 ARP Response IP-VM2 is MAC-VM2 ARP Request? Who is IP-VM2
Send Packet Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2)IP-VM2 Payload MAC-VM2 Virtual-IP2 Payload MPLS / VNI IP-H2 MAC-VM2 MAC-H2 IP-VM2 Payload MAC-VM2 IP-VM2 Payload MPLS / VNI IP-H2 MAC-VM2 MAC-H2
Contrail Working With a Gateway VRFs for public prefixes of each public network are created on gateway router manually or by Contrail VRFs contain a default route with next hop as the main routing table inet.0 S2 KVM VM2 Netconf/BGP S1 KVM VM1 Gateway VM interface is assigned a floating IP address and is connected into a VRF for the public network Tenant A Tenant B VMs Tenant C VMs A B C inet.0 BGP Public prefixes are advertised out into Internet XMPP VRFs have matching route targets to enable route exchange A A Contrail VRF A FIP-1: NAT:IP-VM1, Local i/f 0.0.0.0/0: NAT:FIP-1, NH GW, MPLSoUDP, Lbl=aaa VRF A FIP-1: NH S1, MPLSoUDP, Lbl=bbb FIP-2: NH S2, MPLSoUDP, Lbl=ccc 0.0.0.0/0: FBF inet.0 inet.0 Net-FIP-A: FBF VRF A … VRF A FIP-2:NAT:IPVM-2, Local i/f 0.0.0.0/0: NAT:FIP-2, NH GW, MPLSoUDP, Lbl=aaa
Enhanced performance options KERNEL VROUTER DPDK VROUTER SR-IOV - VROUTER SMART NIC VROUTER …VM 1 vRouter Agent VNF 2 …VM 1 vRouter Agent VM 2 …VM 1 vRouter Agent VM 2 …VM 1 vRouter Agent VM 2  DPDK for fast path Packet I/O.  VMs needs DPDK enabled  vRouter forwarding runs in NIC  Better packet throughput  Frees up CPU cores that don’t need to deal with forwarding  SR-IOV gives direct access to NIC  Bypasses vRouter  VNF can combine SR-IOV and non-SR-IOV  Normal mode  Performance enhancements o TCP Segmentation Offload o Larger Receive Offload o Multi-Q Virtio
26 Copyright © 2016 Juniper Networks, Inc. www.juniper.net ACCELERATED VROUTER PERFORMANCE Mpps 5Mpps 10Mpps 15Mpps 20Mpps 25Mpps 128 256 512 1024 1518 PacketRate(Mpps) Packet Size (Bytes) vRouter Performance - MPLS over GRE/UDP with Service Chaining Agilio vRouter Software-Only vRouter6X Gain in Performance NIC saturates the 40GbE link for packets 180B and higher SmartNIC Benefits: • 29Mpps packet rate for VNFs • 6X performance improvement • 4-8x CPU savings • Support for VXLAN, MPLS over GRE, MPLS over UDP vRouter offload
Consistent Virtual Networking Public network with floating IPs Contrail plugin for vCenter Netconf/BGP BMS Contrail vCenter plugin for Nova vCenter KVM Docker ESXiDocker Contrail Netconf/BGP BGP OVSDB XMPP inet.0 Physical Appliance XMPPXMPP XMPP BGP session with Contrail in a remote datacenter Datacenter interconnect
OpenContrail Reboot
• The OpenContrail community isn’t where we want it • The decision was made in 2016 to fix this and some plans were set in motion: • Bring in an expert on open source and strategy (Randy Bias) • Hire a community manager (TBD) • Rethinking Juniper’s community engagement model began • ON THE TABLE: SDLC model, community code contribution process, JNPR “in the open” development, commercial Contrail business model, and transition from single-entity project to multi-entity project Background
• Vibrant community-run project, not driven by a single entity • Enrich community and encourage greater participation • Leverage the community to increase quality, velocity, and adoption • Drive 100-1000x more OpenContrail deployments • Deliver on a global ubiquitous network fabric Goals
Make Open Source Licensed Contrail Easier to Consume Supported Releases Build and Package OpenContrail Advisory Board (OCAB)  Comprises industry veterans and key project contributors and adopters  No sponsorship or fees; min. 1 yr commitment  Responsible for governance, community evolution, roadmap, operational efficiency Juniper Support Gerritt Code Review / Merge Process OpenContrail Developer Community  Comprises of Juniper & external members  Proposing features & Contribute Code (features & bug-fixes)  Participate in Code review processFeatures & Bug-fixesLaunchpad End-customers Filing bugs Tracking bugs & other info Contrail SKUs Single Github Source Code Repository Open Source Packages Test
32 Copyright © 2015 Juniper Networks, Inc. www.juniper.net CONTRAIL DEMO VIDEOS  DDoS Protection (Contrail + DDoS Secure)  http://www.youtube.com/watch?v=TnvCea4fil4  NFV through Contrail (this is the Internet / Firewall NFV aka. vCPE)  http://www.youtube.com/watch?v=_64no8P2vUw  Contrail - Elastic cloud - IT as a Service  http://www.youtube.com/watch?v=9g3EWV8X64s  SSLVPN on Contrail  http://www.youtube.com/watch?v=vfZfdH4kkV4  Caching as a Service (Junos Content Encore on Contrail  https://www.youtube.com/watch?v=-_NtC34wcRw  Hybrid Cloud  https://www.youtube.com/watch?v=uC7nMW5PXdg USE CASE - DEMO VIDEOS  Bare Metal Integration through multi-vendor TOR integration  https://www.youtube.com/watch?v=PjkNt0yV3H0  IPv6 DVR (Distributed Virtual Router)  https://www.youtube.com/watch?v=RLO0uIXbDxo  OpenStack Neutron at Scale  https://www.youtube.com/watch?v=xN0rXHD_dqk  P + V Service Chaining  https://www.youtube.com/watch?v=a9HqC9x6KTg  Multi-hypervisor, Docker Integration  https://www.youtube.com/watch?v=x2n5Q_ycx6o  vRouter DPDK Demo  https://www.youtube.com/watch?v=ZGiQJrKoDQM  Physical + Overlay Correlation  https://www.youtube.com/watch?v=B8aHoY—1Zs PRODUCT CAPABILTIIES - DEMO VIDEOS
Thank you

More Related Content

PDF
Cloud Network Virtualization with Juniper Contrail
bybuildacloud
 
PPSX
Service Chaining - Cloud Network Services at Scale
byMarketingArrowECS_CZ
 
PDF
PLNOG 13: Nicolai van der Smagt: SDN
byPROIDEA
 
PDF
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
byeurobsdcon
 
PPTX
Secure Multi Tenant Cloud with OpenContrail
byPriti Desai
 
PPTX
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
byozkan01
 
PPTX
Cloudstack conference open_contrail v4
byozkan01
 
PPSX
Contrail Deep-dive - Cloud Network Services at Scale
byMarketingArrowECS_CZ
 
Cloud Network Virtualization with Juniper Contrail
bybuildacloud
 
Service Chaining - Cloud Network Services at Scale
byMarketingArrowECS_CZ
 
PLNOG 13: Nicolai van der Smagt: SDN
byPROIDEA
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
byeurobsdcon
 
Secure Multi Tenant Cloud with OpenContrail
byPriti Desai
 
OpenContrail Presentation at Openstack Days Tokyo Japan Feb 13 2014
byozkan01
 
Cloudstack conference open_contrail v4
byozkan01
 
Contrail Deep-dive - Cloud Network Services at Scale
byMarketingArrowECS_CZ
 

What's hot

PDF
Banv meetup-contrail
bynvirters
 
PPTX
Open contrail slides for BANV meetup
byScott Edwards
 
PPSX
Juniper Contrail VNS A BASIC introduction
byMarketingArrowECS_CZ
 
PDF
Accelerating SDN Applications with Open Source Network Overlays
byCumulus Networks
 
PPTX
SDN Controller
bytcp cloud
 
PDF
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
byozkan01
 
PDF
Kubernetes OpenContrail Meetup
byLachlan Evenson
 
PDF
[OpenStack 스터디] OpenStack With Contrail
byOpenStack Korea Community
 
PDF
Deployment of Juniper Contrail in AVG Technologies
byMarketingArrowECS_CZ
 
PPTX
Contrail Basics
byKimberly Macias
 
PDF
NFV в сетях операторов связи
byTERMILAB. Интернет - лаборатория
 
PDF
MidoNet 101
byalexbikfalvi
 
PDF
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
byPROIDEA
 
PPTX
Reference design for v mware nsx
bysolarisyougood
 
PPTX
Network Node is Not Needed Anymore - Completed Distributed Virtual Router / F...
byTakanori Miyagishi
 
PPTX
OpenContrail Silicon Valley Meetup Aug 25 2015
byScott Sneddon
 
PPTX
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
byPROIDEA
 
PPTX
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
byIndonesia Network Operators Group
 
Banv meetup-contrail
bynvirters
 
Open contrail slides for BANV meetup
byScott Edwards
 
Juniper Contrail VNS A BASIC introduction
byMarketingArrowECS_CZ
 
Accelerating SDN Applications with Open Source Network Overlays
byCumulus Networks
 
SDN Controller
bytcp cloud
 
NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
byozkan01
 
Kubernetes OpenContrail Meetup
byLachlan Evenson
 
[OpenStack 스터디] OpenStack With Contrail
byOpenStack Korea Community
 
Deployment of Juniper Contrail in AVG Technologies
byMarketingArrowECS_CZ
 
Contrail Basics
byKimberly Macias
 
NFV в сетях операторов связи
byTERMILAB. Интернет - лаборатория
 
MidoNet 101
byalexbikfalvi
 
PLNOG16: Kreowanie usług przez operatorów – SP IWAN, Krzysztof Konkowski
byPROIDEA
 
Reference design for v mware nsx
bysolarisyougood
 
Network Node is Not Needed Anymore - Completed Distributed Virtual Router / F...
byTakanori Miyagishi
 
OpenContrail Silicon Valley Meetup Aug 25 2015
byScott Sneddon
 
PLNOG16: Obsługa 100M pps na platformie PC , Przemysław Frasunek, Paweł Mała...
byPROIDEA
 
22 - IDNOG03 - Christopher Lim (Mellanox) - Efficient Virtual Network for Ser...
byIndonesia Network Operators Group
 

Similar to OpenStack MeetUp - OpenContrail Presentation

PDF
Opencontrail network virtualization
byNicolai van der Smagt
 
PDF
Banv meetup 04162014
byozkan01
 
PPT
Scalable networking in Apache CloudStack
byChiradeep Vittal
 
PPT
CloudStack and SDN
bySebastien Goasguen
 
PDF
CloudStack Networking Deepdive CCCEU13
byChiradeep Vittal
 
PDF
CloudStack In Production
byClayton Weise
 
PPTX
Understanding and deploying Network Virtualization
bySDN Hub
 
PPTX
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
byDan Mihai Dumitriu
 
PPTX
Network and Service Virtualization tutorial at ONUG Spring 2015
bySDN Hub
 
PPTX
Deploying Apache CloudStack from API to UI
byJoe Brockmeier
 
PDF
Network service in open stack cloud
byYaohui Jin
 
PDF
CloudStack-Developer-Day
byKimihiko Kitase
 
PDF
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
bymarkmcclain
 
PDF
Txlf2012
byJoe Brockmeier
 
PPTX
Apache CloudStack: API to UI (STLLUG)
byJoe Brockmeier
 
PPTX
Getting Started with Apache CloudStack
byJoe Brockmeier
 
PDF
The Future of SDN in CloudStack by Chiradeep Vittal
bybuildacloud
 
PDF
Openstack Networking Internals - first part
bylilliput12
 
PPTX
Apache CloudStack from API to UI
byCloudStack - Open Source Cloud Computing Project
 
PDF
Networking is NOT Free: Lessons in Network Design
byRandy Bias
 
Opencontrail network virtualization
byNicolai van der Smagt
 
Banv meetup 04162014
byozkan01
 
Scalable networking in Apache CloudStack
byChiradeep Vittal
 
CloudStack and SDN
bySebastien Goasguen
 
CloudStack Networking Deepdive CCCEU13
byChiradeep Vittal
 
CloudStack In Production
byClayton Weise
 
Understanding and deploying Network Virtualization
bySDN Hub
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
byDan Mihai Dumitriu
 
Network and Service Virtualization tutorial at ONUG Spring 2015
bySDN Hub
 
Deploying Apache CloudStack from API to UI
byJoe Brockmeier
 
Network service in open stack cloud
byYaohui Jin
 
CloudStack-Developer-Day
byKimihiko Kitase
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
bymarkmcclain
 
Txlf2012
byJoe Brockmeier
 
Apache CloudStack: API to UI (STLLUG)
byJoe Brockmeier
 
Getting Started with Apache CloudStack
byJoe Brockmeier
 
The Future of SDN in CloudStack by Chiradeep Vittal
bybuildacloud
 
Openstack Networking Internals - first part
bylilliput12
 
Apache CloudStack from API to UI
byCloudStack - Open Source Cloud Computing Project
 
Networking is NOT Free: Lessons in Network Design
byRandy Bias
 

More from Stacy Véronneau

PDF
GCP Security Refresher and GKE Enterprise In Action
byStacy Véronneau
 
PDF
StarlingX - Driving Compute to the Edge with OpenStack
byStacy Véronneau
 
PDF
OpenStack Ottawa Meetup - October 2018
byStacy Véronneau
 
PDF
OpenStack Toronto UG - MeetUp - October 2018
byStacy Véronneau
 
PDF
OpenStack Ottawa Q2 MeetUp - June 2018
byStacy Véronneau
 
PDF
OpenStack Ottawa MeetUp - April 3rd 2018
byStacy Véronneau
 
PDF
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
byStacy Véronneau
 
PDF
OpenStack Toronto Q3 MeetUp - September 28th 2017
byStacy Véronneau
 
PDF
Montreal OpenStack Q3-2017 MeetUp
byStacy Véronneau
 
PDF
OpenStack Ottawa Q3 Meetup September 26th 2017
byStacy Véronneau
 
PPSX
OpenStack 7th Birthday Deck
byStacy Véronneau
 
PDF
OpenStack Toronto Q2 MeetUp - June 1st 2017
byStacy Véronneau
 
PDF
OpenStack Ottawa Q2 MeetUp - May 31st 2017
byStacy Véronneau
 
PDF
Montreal OpenStack Q2 MeetUp - May 30th 2017
byStacy Véronneau
 
PDF
OpenStack Boston Meetup - April 20th 2017
byStacy Véronneau
 
PPTX
OpenStack Ottawa Meetup - March 29th 2017
byStacy Véronneau
 
PDF
CENGN - OpenStack MeetUp - March 2017
byStacy Véronneau
 
PPTX
9 ways to consume kubernetes on open stack in 15 mins (k8s meetup)
byStacy Véronneau
 
GCP Security Refresher and GKE Enterprise In Action
byStacy Véronneau
 
StarlingX - Driving Compute to the Edge with OpenStack
byStacy Véronneau
 
OpenStack Ottawa Meetup - October 2018
byStacy Véronneau
 
OpenStack Toronto UG - MeetUp - October 2018
byStacy Véronneau
 
OpenStack Ottawa Q2 MeetUp - June 2018
byStacy Véronneau
 
OpenStack Ottawa MeetUp - April 3rd 2018
byStacy Véronneau
 
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
byStacy Véronneau
 
OpenStack Toronto Q3 MeetUp - September 28th 2017
byStacy Véronneau
 
Montreal OpenStack Q3-2017 MeetUp
byStacy Véronneau
 
OpenStack Ottawa Q3 Meetup September 26th 2017
byStacy Véronneau
 
OpenStack 7th Birthday Deck
byStacy Véronneau
 
OpenStack Toronto Q2 MeetUp - June 1st 2017
byStacy Véronneau
 
OpenStack Ottawa Q2 MeetUp - May 31st 2017
byStacy Véronneau
 
Montreal OpenStack Q2 MeetUp - May 30th 2017
byStacy Véronneau
 
OpenStack Boston Meetup - April 20th 2017
byStacy Véronneau
 
OpenStack Ottawa Meetup - March 29th 2017
byStacy Véronneau
 
CENGN - OpenStack MeetUp - March 2017
byStacy Véronneau
 
9 ways to consume kubernetes on open stack in 15 mins (k8s meetup)
byStacy Véronneau
 

Recently uploaded

PDF
Darknet Master Tor and Deep Web Secrets (Procolo Scotto).pdf
bykuldeepbauddh1
 
PDF
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
PPTX
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
PPTX
TOPFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.ppX
bycontactvidyawan
 
PPTX
Mind Sound Resonance Technique (MSRT) Teacher Training Course.pptx
byKaruna Yoga Vidya Peetham
 
PDF
AI Girlfriend Platforms Compared 2026 AI Angels Janitor AI Character AI Candy AI
byAi Angels
 
PDF
Think before you Click (Ligap Project) - SI Ebhonu at FGGC.pdf
bySylvester Ebhonu
 
Darknet Master Tor and Deep Web Secrets (Procolo Scotto).pdf
bykuldeepbauddh1
 
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
TOPFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.ppX
bycontactvidyawan
 
Mind Sound Resonance Technique (MSRT) Teacher Training Course.pptx
byKaruna Yoga Vidya Peetham
 
AI Girlfriend Platforms Compared 2026 AI Angels Janitor AI Character AI Candy AI
byAi Angels
 
Think before you Click (Ligap Project) - SI Ebhonu at FGGC.pdf
bySylvester Ebhonu
 

OpenStack MeetUp - OpenContrail Presentation

  • 1.
  • 2.
    CLOUD CUSTOMER SEGMENTS ENABLEMULTIPLE CLOUD CUSTOMER SEGMENTS SVC PROVIDER ENTERPRISE Use-cases: ITaaS cloud, Enterpr. Migration w/ Legacy Interconnect (Bare Metal, vCenter) Requirements:  Dynamically connect BMS’s (or VMs) hanging from TORs into Virtual Networks  Interconnect with vCenter environments  Provide L3 Gateway to the Virtual Networks  Provide underlay-overlay correlation CLOUD SVCS Primary Use-case: SaaS cloud, Public IaaS Cloud / Cloud Hosting, Hybrid Cloud, PaaS Requirements:  Launch VMs, Containers into Virtual Networks with IPAM, DNS, DHCP.  Connect the VNs with Security Policies; use VNFs (FW, LB, etc.) using Service Chaining  Application launch automation like Heat (Openstack) or Kubernetes / Mesos (for Containers)  RH OpenShift, Pivotal CF and homegrown PaaS Use-case: M2M / IoT, EPC, SDWAN, … Requirements:  Dynamically insert VNFs in Telco Cloud DCs to for virtual EPC, M2M, IOT, ...  Service Chaining of different services (L2, L3, PNF)  Automated orchestration of customer driven services using OpenStack, etc.
  • 3.
    WHAT IS CLOUD? Standardcompute platform - x86 = CLOUD But … virtualization = virtual(compute + storage + network) Network virtualization = apply network policy dynamically with location independence - orchestration + API – OpenStack, …+ automation + virtualization - end-user resource management - use any host – VMware, KVM, Docker …
  • 4.
    WHAT IS TELCOCLOUD? = TELCO CLOUD Requirement - dynamic, real-time data plane and control plane integration Support for telco standards and services - MPLS, VXLAN, L3VPN, EVPN, NAT, … - cloud fully integrated into networks + Connections to physical networks - for applications and control plane services + Insertion into physical networks - for network services Cloud - virtualization/automation
  • 5.
  • 6.
    OpenContrail - Basedon MPLS VPN Technology
  • 7.
    Mapping Architectural Principles Underlay Switch vRouter Control Node Control Node Underlay Switch vRouterVMVM IBGP XMPP MPLS over GRE or VXLAN Config Node OpenStack Analytics Node SDN System Contrail P PPE PE Route Reflector Route Reflector CECE IBGP IBGP MPLS over MPLS Network Management System (NMS) DMI MPLS L3VPN / E-VPN Gateway BGP
  • 8.
    Contrail Abstraction Architecture Orchestration,Automation Open source and partner ecosystem of orchestrators API and SDK for integration with OSS / BSS OSS Virtual Network Overlay Overlay encapsulation implemented in hypervisor Multi-tenancy for private and virtual public clouds Gateway functions - connect to virtual to physical network Service chaining (physical and virtual) Physical Network Interoperability with traditional network devices Any-to-any non-blocking low-latency fabric: Q-Fabric or Clos Control Plane - Physical, Virtual Open, standards-based, federated controller Scalable and resilient Control Plane Configuration model Automation Control Plane Control Plane Policies and requests Analytics Distributed collection Global view Consolidation Aggregation State and status
  • 9.
    Contrail Components Physical Network (nochanges) Collector OPENCONTRAIL CONTROLLER ControlConfiguration Physical Host with Hypervisor vRouter VM VM VM VM Physical Host with Hypervisor vRouter VM VM VM VM WAN, Internet Gateway Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine collects, stores and analyzes network elementsInteracts with network elements for VM network provisioning and ensures uptime vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance
  • 10.
    Scale Out, HighlyAvailable Architecture Logically Centralized (Physically Distributed) Horizontally Scalable Highly Available (Active-Active) Federated Configuration Nodes Control Nodes Analytics Nodes IF-MAP REST REST XMPP BGP BGP, Netconf vRouters Gateways BGP Database Nodes Web UI Nodes https://github.com/Juniper/contrail-controller/wiki/Roles-Daemons-Ports HTTP
  • 11.
    INTERACTION WITH OPENSTACK OpenStack ComputeNode Horizon Compute Driver Virtual-IF Driver Nova Compute Contrail Agent vRouter (kernel) Virtual Router Nova API 1 Create an Instance (Image, Network, …) 2 Nova Scheduler Schedule an Instance on the Compute Node Neutron Driver4 VM Network Properties 3 Add Port 7 VM Interface config over XMPP Scripts Neutron Plugin Configuration Node Create VM Interface 5 6 Publish VM i/f on IF-MAP Control Node
  • 12.
  • 13.
    Compute node (vRouter) Forwarding BlueVRF Flow Table Tap Interface (vif) FIB VM 1 (Tenant A) Green VRF Flow Table FIB Red VRF Flow Table FIB VM 2 (Tenant B) VM 1 (Tenant B) …eth 1 eth N vRouter Agent  vRouter replaces the Linux Bridge or OVS module in Hypervisor Kernel  vRouter performs bridging (E-VPN) and routing (L3VPN)  vRouter performs networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing  No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT  Routes are automatically leaked into the VRF based on Policies  Support for Multiple Interfaces on the Virtual Machines  Support for Multiple Interfaces from Compute Node to the Switching Fabric config Policy Table VRFs Overlay Tunnels: MPLSoUDP/GRE,VXLAN pkt 0 [kernel] [user space] CONTRAIL CONTROLLER
  • 14.
    FEATURE SUMMARY Routing & Switching (IPv4,v6) Network Services (IPAM, DNS, DHCP SNAT, FIP, QoS, BGPaaS) Load Balancing (customizable ECMP, LBaaS) Security & Policies (Policy Enf.,Distributed FW, Sec Grp, XMPP Encryp.) Perf & Scale (DPDK / SRIOV, Smart NIC, Infra scale) Gateway Services (L2, L3, vCenter GW) Rich Analytics, (Alerts, Overlay-Underlay Correlation, multi-region) Service Chaining (PNF, VNF, v6, 3rd party / TAP, Health-check, policy- based) HA, Upgrades (SFC Failover, ISSU) API Services (multi-vendor Orch., SDN-U, OpenStack, K8s, vCenter)
  • 15.
    Creating Virtual machineswith Openstack and Contrail Overlay tunnels MPLS over GRE or VXLAN Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail
  • 16.
    Request VM, CreateVRF, Allocate IP Address Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail VRF Flow Table FIB Create VRF Attach interface H1 VRF Routing Table IP VM1: NH Local i/f
  • 17.
    Create and BootVM (DHCP for IP address) Overlay tunnels MPLS over GRE or VXLAN Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail VRF Virtual Machine VM1 DHCP Request IP for MAC-VM1? Flow Table FIB DHCP Response IP address Gateway IP DNS server IP H1 VRF Routing Table IP VM1: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f
  • 18.
    vRouter Allocates Labeland Advertises Route Compute Node Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail MAC/IP VM1: NH IP-H1, Lbl=53 vRouter VRF Virtual Machine VM1 Flow Table FIB H1 VRF Routing Table MAC/IP VM1: NH Local i/f
  • 19.
    Same for VM2 ComputeNode Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail MAC/IP VM2: NH IP-H2, Lbl=24 vRouter VRF Virtual Machine (VM1) vRouter VRF Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f Flow Table FIB Flow Table FIB H1 VRF Routing Table MAC/IP VM1: NH Local i/f
  • 20.
    H2 VRF RoutingTable MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f Contrail Pushes Routes to vRouters Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 MAC/IP VM2: NH IP-H2, Lbl=24 MAC/IP VM1: NH IP-H1, Lbl=53
  • 21.
    H2 VRF RoutingTable MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f DNS resolution Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 DNS Query IP for VM2? DNS Response VM2=IP-VM2?
  • 22.
    H2 VRF RoutingTable MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f Proxy ARP Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 ARP Response IP-VM2 is MAC-VM2 ARP Request? Who is IP-VM2
  • 23.
    Send Packet Compute Node Eth1(IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2)IP-VM2 Payload MAC-VM2 Virtual-IP2 Payload MPLS / VNI IP-H2 MAC-VM2 MAC-H2 IP-VM2 Payload MAC-VM2 IP-VM2 Payload MPLS / VNI IP-H2 MAC-VM2 MAC-H2
  • 24.
    Contrail Working Witha Gateway VRFs for public prefixes of each public network are created on gateway router manually or by Contrail VRFs contain a default route with next hop as the main routing table inet.0 S2 KVM VM2 Netconf/BGP S1 KVM VM1 Gateway VM interface is assigned a floating IP address and is connected into a VRF for the public network Tenant A Tenant B VMs Tenant C VMs A B C inet.0 BGP Public prefixes are advertised out into Internet XMPP VRFs have matching route targets to enable route exchange A A Contrail VRF A FIP-1: NAT:IP-VM1, Local i/f 0.0.0.0/0: NAT:FIP-1, NH GW, MPLSoUDP, Lbl=aaa VRF A FIP-1: NH S1, MPLSoUDP, Lbl=bbb FIP-2: NH S2, MPLSoUDP, Lbl=ccc 0.0.0.0/0: FBF inet.0 inet.0 Net-FIP-A: FBF VRF A … VRF A FIP-2:NAT:IPVM-2, Local i/f 0.0.0.0/0: NAT:FIP-2, NH GW, MPLSoUDP, Lbl=aaa
  • 25.
    Enhanced performance options KERNELVROUTER DPDK VROUTER SR-IOV - VROUTER SMART NIC VROUTER …VM 1 vRouter Agent VNF 2 …VM 1 vRouter Agent VM 2 …VM 1 vRouter Agent VM 2 …VM 1 vRouter Agent VM 2  DPDK for fast path Packet I/O.  VMs needs DPDK enabled  vRouter forwarding runs in NIC  Better packet throughput  Frees up CPU cores that don’t need to deal with forwarding  SR-IOV gives direct access to NIC  Bypasses vRouter  VNF can combine SR-IOV and non-SR-IOV  Normal mode  Performance enhancements o TCP Segmentation Offload o Larger Receive Offload o Multi-Q Virtio
  • 26.
    26 Copyright ©2016 Juniper Networks, Inc. www.juniper.net ACCELERATED VROUTER PERFORMANCE Mpps 5Mpps 10Mpps 15Mpps 20Mpps 25Mpps 128 256 512 1024 1518 PacketRate(Mpps) Packet Size (Bytes) vRouter Performance - MPLS over GRE/UDP with Service Chaining Agilio vRouter Software-Only vRouter6X Gain in Performance NIC saturates the 40GbE link for packets 180B and higher SmartNIC Benefits: • 29Mpps packet rate for VNFs • 6X performance improvement • 4-8x CPU savings • Support for VXLAN, MPLS over GRE, MPLS over UDP vRouter offload
  • 27.
    Consistent Virtual Networking Publicnetwork with floating IPs Contrail plugin for vCenter Netconf/BGP BMS Contrail vCenter plugin for Nova vCenter KVM Docker ESXiDocker Contrail Netconf/BGP BGP OVSDB XMPP inet.0 Physical Appliance XMPPXMPP XMPP BGP session with Contrail in a remote datacenter Datacenter interconnect
  • 28.
  • 29.
    • The OpenContrailcommunity isn’t where we want it • The decision was made in 2016 to fix this and some plans were set in motion: • Bring in an expert on open source and strategy (Randy Bias) • Hire a community manager (TBD) • Rethinking Juniper’s community engagement model began • ON THE TABLE: SDLC model, community code contribution process, JNPR “in the open” development, commercial Contrail business model, and transition from single-entity project to multi-entity project Background
  • 30.
    • Vibrant community-runproject, not driven by a single entity • Enrich community and encourage greater participation • Leverage the community to increase quality, velocity, and adoption • Drive 100-1000x more OpenContrail deployments • Deliver on a global ubiquitous network fabric Goals
  • 31.
    Make Open SourceLicensed Contrail Easier to Consume Supported Releases Build and Package OpenContrail Advisory Board (OCAB)  Comprises industry veterans and key project contributors and adopters  No sponsorship or fees; min. 1 yr commitment  Responsible for governance, community evolution, roadmap, operational efficiency Juniper Support Gerritt Code Review / Merge Process OpenContrail Developer Community  Comprises of Juniper & external members  Proposing features & Contribute Code (features & bug-fixes)  Participate in Code review processFeatures & Bug-fixesLaunchpad End-customers Filing bugs Tracking bugs & other info Contrail SKUs Single Github Source Code Repository Open Source Packages Test
  • 32.
    32 Copyright ©2015 Juniper Networks, Inc. www.juniper.net CONTRAIL DEMO VIDEOS  DDoS Protection (Contrail + DDoS Secure)  http://www.youtube.com/watch?v=TnvCea4fil4  NFV through Contrail (this is the Internet / Firewall NFV aka. vCPE)  http://www.youtube.com/watch?v=_64no8P2vUw  Contrail - Elastic cloud - IT as a Service  http://www.youtube.com/watch?v=9g3EWV8X64s  SSLVPN on Contrail  http://www.youtube.com/watch?v=vfZfdH4kkV4  Caching as a Service (Junos Content Encore on Contrail  https://www.youtube.com/watch?v=-_NtC34wcRw  Hybrid Cloud  https://www.youtube.com/watch?v=uC7nMW5PXdg USE CASE - DEMO VIDEOS  Bare Metal Integration through multi-vendor TOR integration  https://www.youtube.com/watch?v=PjkNt0yV3H0  IPv6 DVR (Distributed Virtual Router)  https://www.youtube.com/watch?v=RLO0uIXbDxo  OpenStack Neutron at Scale  https://www.youtube.com/watch?v=xN0rXHD_dqk  P + V Service Chaining  https://www.youtube.com/watch?v=a9HqC9x6KTg  Multi-hypervisor, Docker Integration  https://www.youtube.com/watch?v=x2n5Q_ycx6o  vRouter DPDK Demo  https://www.youtube.com/watch?v=ZGiQJrKoDQM  Physical + Overlay Correlation  https://www.youtube.com/watch?v=B8aHoY—1Zs PRODUCT CAPABILTIIES - DEMO VIDEOS
  • 33.

Editor's Notes

  • #27 The Agilio vRouter software and adapters provide exceptional performance. With workloads including encap/decap of MPLS over GRE and VXLAN, the vRouter data path can operate at 25Mpps. This includes I/O into and out of VMs and VNFs. As a result, you can achieve a 6x performance gain per server through Agilio vRouter. When overlaying the CPU savings, there is a two fold effect on the system with the vRouter offload: 1) Through accelerated vRouter and SR-IOV, more PPS can be delivered to applications and services 2) Because Agilio adapters handle the vRouting workload, x86 CPUs are preserved and can be repurposed for VMs, allowing more application and service instances to be deployed per server.