OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
Virtualization Forum 2015, Praha, 7.10.2015
sál Juniper Networks
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Cloud Network Virtualization with Juniper Contrailbuildacloud
Description: Contrail Technology will be discussed covering architecture, capabilities and use cases. It will be followed by a demonstration on current Contrail implementation on CloudStack/Openstack.
Parantap works as a Sr. Director of Solutions Engineering for Contrail Product within Juniper. Before Juniper, Parantap led the network architecture team for Microsoft Online Services (Windows Azure, MS Bing). Prior to Microsoft, Parantap worked as a core engineering manager for UUNet Technologies building Internet backbones.
Sergei Gotchev, Juniper Networks
Juniper Day, Praha, 13.5.2015
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
Secure Multi Tenant Cloud with OpenContrailPriti Desai
Building a secure multi-tenant cloud necessitates proper tenant isolation and access control. Key network and security functions must scale independently based on the dynamic resource requirements across each tenant. Additionally, On-demand and self-service provisioning are required for achieving operational efficiencies. Robust, dynamic and elastic software abstractions are imperative to support applications built to run such complex environments.
This slide deck covers:
• Architectural design choices
• Implementation blueprints
• Operational best practices
that have been made to build OpenStack cloud at Symantec.
This hands on workshop for OpenContrail will be led by Sreelakshmi Sarva & Aniket Daptari.
This is a labs session so we will have hard RSVP limits. Please RSVP only if you are confident that you will be able to attend.
About Sreelakshmi Sarva
Sree is currently working as part of solution engineering team at Juniper’s Contrail team. She is responsible for delivering & managing SDN solutions & partnerships relating to Contrail. She has been with Juniper for the last 13 years working on various Routing, Switching, Network programmability & virtualization platforms. Prior to Juniper, She worked at Nortel networks in the Systems Engineering group. Sree received her Masters in Computer Science from University of Texas at Dallas and Bachelor’s in Computer Science from India.
About Aniket Daptari
Aniket is currently working as part of Juniper Networks' Contrail Cloud Solutions team. He is responsible for delivering SDN solutions and technology partnerships related to Contrail. He has been with Juniper for the last 3 years working on various Network programmability & virtualization platforms. Prior to Juniper, he worked at Cisco Systems in the Internet Systems Business Unit (Catalyst 6500). Aniket received his Masters in Computer Science from University of Southern California and a graduate certificate in Management Science and Engineering from Stanford University.
Course Abstract
This session will be the first of a series of OpenContrail hands-on tutorials for developers who want to get deep into OpenContrail code.
This “Basic OpenContrail Programming” Hands-on Session will focus on making developers proficient in writing and contributing code for our OpenContrail Project.
Session will cover the following areas
1) Contrail Overview
· Use Cases
· Architecture recap
2) Contrail Hands on
· Demo + Hands on - Configuration , VN, VM, Network Policies etc
· DevStack introduction
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
Virtualization Forum 2015, Praha, 7.10.2015
sál Juniper Networks
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
Cloud Network Virtualization with Juniper Contrailbuildacloud
Description: Contrail Technology will be discussed covering architecture, capabilities and use cases. It will be followed by a demonstration on current Contrail implementation on CloudStack/Openstack.
Parantap works as a Sr. Director of Solutions Engineering for Contrail Product within Juniper. Before Juniper, Parantap led the network architecture team for Microsoft Online Services (Windows Azure, MS Bing). Prior to Microsoft, Parantap worked as a core engineering manager for UUNet Technologies building Internet backbones.
Sergei Gotchev, Juniper Networks
Juniper Day, Praha, 13.5.2015
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
Secure Multi Tenant Cloud with OpenContrailPriti Desai
Building a secure multi-tenant cloud necessitates proper tenant isolation and access control. Key network and security functions must scale independently based on the dynamic resource requirements across each tenant. Additionally, On-demand and self-service provisioning are required for achieving operational efficiencies. Robust, dynamic and elastic software abstractions are imperative to support applications built to run such complex environments.
This slide deck covers:
• Architectural design choices
• Implementation blueprints
• Operational best practices
that have been made to build OpenStack cloud at Symantec.
This hands on workshop for OpenContrail will be led by Sreelakshmi Sarva & Aniket Daptari.
This is a labs session so we will have hard RSVP limits. Please RSVP only if you are confident that you will be able to attend.
About Sreelakshmi Sarva
Sree is currently working as part of solution engineering team at Juniper’s Contrail team. She is responsible for delivering & managing SDN solutions & partnerships relating to Contrail. She has been with Juniper for the last 13 years working on various Routing, Switching, Network programmability & virtualization platforms. Prior to Juniper, She worked at Nortel networks in the Systems Engineering group. Sree received her Masters in Computer Science from University of Texas at Dallas and Bachelor’s in Computer Science from India.
About Aniket Daptari
Aniket is currently working as part of Juniper Networks' Contrail Cloud Solutions team. He is responsible for delivering SDN solutions and technology partnerships related to Contrail. He has been with Juniper for the last 3 years working on various Network programmability & virtualization platforms. Prior to Juniper, he worked at Cisco Systems in the Internet Systems Business Unit (Catalyst 6500). Aniket received his Masters in Computer Science from University of Southern California and a graduate certificate in Management Science and Engineering from Stanford University.
Course Abstract
This session will be the first of a series of OpenContrail hands-on tutorials for developers who want to get deep into OpenContrail code.
This “Basic OpenContrail Programming” Hands-on Session will focus on making developers proficient in writing and contributing code for our OpenContrail Project.
Session will cover the following areas
1) Contrail Overview
· Use Cases
· Architecture recap
2) Contrail Hands on
· Demo + Hands on - Configuration , VN, VM, Network Policies etc
· DevStack introduction
Hartmut Schroeder, Consultant Systems Engineer, Juniper Networks
Virtualization Forum 2014, Prague, 22.10.2014
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
Learn the production pros and cons of operating Neutron legacy and HA routers on compute nodes in your production cloud. Not ready for DVR or third-party network overhauls? Virtual router network “hot spots” got you down? Large virtual router failure domains keeping you up late at night? Neutron reference architectures not providing a scalable routing solution? If you answered yes to any of these questions then this talk is for you.
Hartmut Schroeder, Consultant Systems Engineer, Juniper Networks
Virtualization Forum 2014, Prague, 22.10.2014
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
OpenStack: Virtual Routers On Compute Nodesclayton_oneill
Learn the production pros and cons of operating Neutron legacy and HA routers on compute nodes in your production cloud. Not ready for DVR or third-party network overhauls? Virtual router network “hot spots” got you down? Large virtual router failure domains keeping you up late at night? Neutron reference architectures not providing a scalable routing solution? If you answered yes to any of these questions then this talk is for you.
Here is the slide deck presented at our March 16, 2016 Kubernetes meetup by Aniket Daptari, Sr. Product Manager of Cloud Networking, Juniper Networks. It covers OpenContrail with Kubernetes. Sponsored by StackPointCloud and Concur.
DEVNET-1175 OpenDaylight Service Function ChainingCisco DevNet
This tutorial will overview the OpenDaylight Service Function Chaining (SFC) architecture, implementation and operation. A description of the SFC components and the Network Service Header (NSH) will be presented. This talk will conclude with a step-by-step demonstration of SFC configuration and operation using the GUI and REST interfaces.
Docker and Windows: The State of the UnionElton Stoneman
Session from Docker London, covering Docker on Windows:
- the Docker platform on Windows
- limitations and differences
- Dockerizing Windows applications
- running a hybrid swarm
Enterprise Datacenter Virtualization und Cloud Computing stellen neue Anforderungen an das Netzwerk. Traditionsgemäss wurden virtuelle Workloads über als Bridge fungierende virtuelle Switches mit VLANs auf dem physischen Netzwerk verbunden. Mit dem Wachstum der Anfordungen an Skalierung und Automatisierung stossen diese Modelle an Grenzen.
Thomas Graf bot an diesem OpenTuesday einen Einblick in Protokolle und Technologien wie OpenFlow, VXLAN, OpenStack Neutron und Open vSwitch, die eingesetzt werden, um neue automatisierte Netzwerkkonzepte der nächsten Generation, wie Software Defined Networking oder Network Function Virtualization, umzusetzen.
OpenStack Networks the Web-Scale Way - Scott Laffer, Cumulus NetworksOpenStack
Audience Level
Beginner
Synopsis
Layer 2 versus Layer 3, MLAG, Spanning-Tree, switch mechanism drivers, overlays and routing-on-the-host — What scales and what does not? The underlying plumbing of an OpenStack network is something you’d rather not have to think about. This presentation examines the network architectures of web-scale and large enterprise OpenStack users and how those same efficiencies can be used in deployments of all sizes.
Speaker Bio:
Scott is a Member of Technical Staff at Cumulus Networks where he designs, supports and deploys web-scale technologies and architectures in enterprise networks globally. Prior to becoming a founding member of the Cumulus office in Australia, Scott started his career as a network administrator before joining Cisco Systems to support their data centre products.
OpenStack Australia Day Melbourne 2017
https://events.aptira.com/openstack-australia-day-melbourne-2017/
Join Storage Switzerland and Pluribus Networks where we will answer the following questions:
• What are the benefits of open networking and SDN in the data center?
• How can I safely migrate to a disaggregated white box architecture when I have incumbent vendors deployed throughout my network?
• How do I deploy SDN in my data center and do I need a full hardware refresh to do it?
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
This presentation for a talk at the Linux Tag 2014 has a couple of new Slides compared to earlier presentations that explain some different networking models like Flat, VLAN based, 'SDN Fabric based', etc.
Pushing Packets - How do the ML2 Mechanism Drivers Stack UpJames Denton
Architecting a private cloud to meet the use cases of its users can be a daunting task. How do you determine which of the many L2/L3 Neutron plugins and drivers to implement? Does network performance outweigh reliability? Are overlay networks just as performant as VLAN networks? The answers to these questions will drive the appropriate technology choice.
In this presentation, we will look at many of the common drivers built around the ML2 framework, including LinuxBridge, OVS, OVS+DPDK, SR-IOV, and more, and will provide performance data to help drive decisions around selecting a technology that's right for the situation. We will discuss our experience with some of these technologies, and the pros and cons of one technology over another in a production environment.
Network and Service Virtualization tutorial at ONUG Spring 2015SDN Hub
Tutorial at ONUG Spring 2015 on Network and Service Virtualization. The tutorial covers three converging trends 1) Network virtualization, 2) Service virtualization, 3) overlay networking for Docker and OpenStack. The talk concludes with pointers to the hands-on portion of the tutorial that uses LorisPack, and the operational lessons learned.
Presentation given at the 2017 LinuxCon China
With the booming of Container technology, it brings obvious advantages for cloud: simple and faster deployment, portability and lightweight cost. But the networking challenges are significant. Users need to restructure their network and support container deployment with current cloud framework, like container and VMs.
In this presentation, we will introduce new container networking solution, which provides one management framework to work with different network componenets through Open/friendly modelling mechnism. iCAN can simplify network deployment and management with most orchestration systems and a variety of data plane components, and design extendsible architect to define and validate Service Level Agreement(SLA) for cloud native applications, which is important factor for enterprise to deliver successful and stable service via containers.
Similar to Opencontrail network virtualization (20)
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Opencontrail network virtualization
1. Open
Contrail
network
virtualiza2on
Nicolai
van
der
Smagt
Solu2ons
Architect
September
2014
2. Nicolai
van
der
who?!
˥ Nicolai
van
der
Smagt:
˥ Solu2ons
Architect
@
Infradata
˥ Focus
on
datacenter
architecture
˥ GeJng
old:
15
years
of
experience
building
and
maintaining
SP
networks
Contact:
nicolai@infradata.eu
InfraInnovaData
@
TwiRer
Vandersmagt
@
Linkedin
3. SDN
>
Network
Virtualiza2on
˥ This
presenta2on
is
about
network
virtualiza2on
soVware
˥ SDN
is
an
overly
broad
and
excessively
hyped
term,
it
can
mean
anything
to
anybody
˥ Let’s
avoid
the
S-‐acronym
for
the
rest
of
the
session
˥ Let’s
talk
about
actual,
deployable
technology
4. Network
virtualiza2on?
˥ Helps
achieve
beRer
scalability
˥ Enables
automa2on
/
“agility”
˥ Improves
and
streamlines
network
security
˥ Reduces
cost
˥ Like
MPLS
for
the
datacenter,
or
“poor
man’s”
MPLS
˥ Enables
the
underlaying
network
to
be
simple
5. Average
DC
–
L2/VLAN-‐based
Designed
for
north
<-‐>
south
traffic
L2/L3
L2/L3
L3
L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
L2/L3
L2/L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
Mul2-‐Chassis
LAG
TRUNK
VMs
ToR
ToR
Servers
6. Average
DC
–
Limited
VLAN
span
L2/L3
L2/L3
L3
L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
L2/L3
L2/L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
Mul2-‐Chassis
LAG
TRUNK
Rou2ng
&
Filtering
between
VLANs
VLAN
Span
Limit
ToR
ToR
Rou2ng
&
Filtering
between
VLANs
FW
No
VLANs
Across
L3
LB
FW
LB
7. Average
DC
–
No
built-‐in
mul2-‐tenancy
L2/L3
L2/L3
L3
L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
L2/L3
L2/L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
Mul2-‐Chassis
LAG
TRUNK
VLAN
Span
Limit
VMs
ToR
ToR
FW
LB
FW
LB
Single
Rou2ng
Table
(No
support
for
overlapping
mul2-‐tenant
space)
8. Cloud
DC
–
L3
ECMP
Clos
network
Designed
for
east-‐west
and
north-‐south
traffic
L3
L3
L2-‐SW
L3
ToR
L3
ToR
L3
ToR
L3
ToR
L3
L3
L3
L3
L3
External
Network
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
Servers
9. Average
DC
–
Mul2-‐tenancy
using
VRF
L2/L3
-‐MPLS
L3-‐MPLS
L2
L2
L2
L2
L2
L2
FW
LB
L2
Switch
L2
Switch
L3-‐MPLS
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
Mul2-‐Chassis
LAG
TRUNK
VLAN
Span
Limit
ToR
ToR
VRF
for
mul2-‐tenant
isola2on
Tenant-‐VRF
Tenant-‐VRF
L2/L3
-‐MPLS
L2/L3
-‐MPLS
L2/L3
-‐MPLS
MPLS
–
Enabled
links
FW
LB
FW
LB
FW
LB
FW
LB
FW
LB
Tenant
Specific
HW
Appliance
Services
11. Opencontrail?!
˥ Network
virtualiza2on
soVware
˥ Provides
a
tunneled
overlay
network
over
any
datacenter
infrastructure
˥ Tunnels
can
be
L3
(GRE,
UDP)
or
L2
(VXLAN)
˥ Tunnels
interconnect
not
just
hypervisors,
but
also
bare-‐metal
machines
and/or
network
infrastructure
(routers,
ToR)
˥ Consists
of
a
virtual
router
component
in
the
hypervisor
(vRouter)
and
centralized
control
plane
(control,
configura2on
and
analy2cs)
12. Standards-‐based
˥ Opencontrail
is
fully
programmable
via
RESTful
API
˥ Northbound
network
gateway
func2onality
is
based
on
well-‐known
and
proven
protocols
and
encaps,
such
as
BGP/MPLS
(L3VPN
or
EVPN)
and
GRE,
UDP
or
VXLAN
˥ Southbound
interface
(to
hypervisor)
based
on
XMPP
˥ No
constraints
on
the
underlay
physical
network
Overall
architecture
§ IETF
NVO3
WG
§ ETSI
NFV
ISG
Overlay
control
plane
protocols:
§ XMPP:
RFC
6120,
dra1-‐marques-‐l3vpn-‐end-‐system
§ BGP
L3VPN:
RFC
4364
§ BGP
EVPN:
dra1-‐ie@-‐l2vpn-‐evpn
§ NetConf:
RFC
6241
Overlay
data
plane
encapsula2on:
§ MPLS
over
GRE:
RFC
4797
§ VXLAN:
dra1-‐mahalingam-‐duE-‐dcops-‐vxlan
Underlay
control
plane
protocols:
Exis2ng
layer-‐2
or
layer-‐3
protocols
13. Open
Source
˥ Apache
2.0-‐licensed;
permissive
open-‐source
with
reten2on
of
copyright
˥ “Redhat
model”:
support
and
packaging
available
from
Juniper
Networks,
if
required.
˥ Juniper
provides
resources
and
core
developers,
but
the
project
is
open
for
other
developers,
reviewers
and
bug-‐squashers
˥ Code-‐review
“based
on
technical
merit
only”.
No
poli2cs.
˥ Available
today,
wai2ng
for
you
to
download
and
play
14. Opencontrail
technical
architecture
SDN
Controller
Configura2on
Analy2cs
Control
Server
VM
VM
VM
Server
IP
fabric
VM
VM
VM
(underlay
network)
Tenant
VMs
Any
underlay
network
Any
gateway
router
BGP
Clustering
Contrail
Controller
KVM
or
Xen
Hypervisor
+
Contrail
vRouter
(L2
&
L3)
REST
XMPP
Orchestrator
XMPP
BGP
+
Netconf
MPLS
over
GRE/UDP
or
VXLAN
19. Opencontrail
provides:
gateway
func2ons
A
B
A
C
Data
Center
1
Internet
WAN
D
B
A
D
Data
Center
2
Tenant
VPN
Gateway
Router
Gateway
Gateway
Switch
Non
Virtualized
Server
20. Opencontrail
is
based
on
MPLS
VPN
technology
Route
Reflector Route
Reflector
PE P P PE
CE CE
Control
Node Control
Node
Underlay
Switch vRouter
Underlay
Switch
VM
VM
VM
VM
VM vRouter VM
IBGP
IBGP
IBGP
XMPP
MPLS
over
MPLS
MPLS
over
GRE
or
VXLAN
Network
Management
System
(NMS)
DMI Config
Node
Orchestrator
Analy2cs
Node
SDN
System
MPLS
L3VPN
/
E-‐VPN Opencontrail
23. Opencontrail
provides:
service
chaining/NFV
Tenant
FW
LB
Network
A
Internet
Tenant
NAT
Network
A
Tenant
Network
B
FW
Tenant
Network
A1
Tenant
Network
A2
FW
24. Service
chaining
Green
Virtual
Network
VM
VM
VM
Red
Virtual
Network
VM
VM
VM
NAT
+
DPI
+
Cache
+
Firewall
Virtual
Service
DPI
Policy
only
HTTP
Virtual
Service
Cache
Physical
Service
Firewall
Policy
based
applica2on
of
virtual
and
physical
services
with
scale-‐out.
Firewall,
Intrusion
Preven3on,
Load
balancer,
Cache,
WAN
op3mizer,
proxy,
...
29. No
VM
IP
informa2on
in
the
Underlay
Network
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Leaf
Switch
Leaf
Switch
Leaf
Switch
Leaf
Switch
BGP
Leaf
Switch
Leaf
Switch
Leaf
Switch
Leaf
Switch
Spine
Switch
Spine
Switch
Spine
Switch
Gateway
Router
Gateway
Router
Control
Node
Config
Node
(Openstack)
(Cloudstack)
Analy2cs
Node
WebUI
Node
Control
Node
Config
Node
(Openstack)
(Cloudstack)
Analy2cs
Node
WebUI
Node
Network
L3
L2,
L3
OSPF
or
BGP
L3
ECMP
Op2onal
Redundancy
Compute
&
Storage
Rack
Compute
&
Storage
Rack
Orchestra2on
&
Services
Racks
Contrail
in
the
physical
datacenter
30. High
availability
–
scale-‐out
REST
Configura2on
Nodes
Control
Nodes
Analy2cs
Nodes
IF-‐MAP
REST
XMPP
BGP
BGP
BGP,
Netconf
vRouters
Gateways
Designed
to
deal
with
failures
Logically
Centralized
(Physically
Distributed)
Horizontally
Scalable
Highly
Available
(Ac3ve-‐Ac3ve)
Federated
31. Opencontrail
network
security
˥ Policies
create
distributed
security
for
virtual
and
physical
workloads
˥ Policies
enable
micro-‐segmenta2on
˥ Without
an
explicit
policy,
traffic
is
denied
by
default
˥ Service
chaining
enables
distribu2on
of
addi2onal
network
security
(such
as
DDoS
mi2ga2on,
WAF
or
applica2on
layer
firewalling)
32. Orchestra2on
op2ons
Cloudstack,
CCP
OCS
Openstack
Miran2s
Openstack,
Fuel
Redhat
Openstack
(RHOS)
UnitedStack
Openstack
SmartCloud
Orchestrator
End
of
the
year
33. Network
virtualiza2on
with
Opencontrail
˥ Scalability
˥ Upgrade
from
just
4000
to
much
higher
scale
of
tenant
networks
˥ Automa2on
/
“Agility”
˥ Spin
up/down
resources
based
on
demand
˥ Scale-‐out
instead
of
scale-‐up
˥ Automa2c
configura2on
/
DevOps
for
the
network
˥ Network
security
˥ Micro-‐segmenta2on
(smaller
networks
with
more
fine-‐grained
access
controls)
˥ Policy-‐driven
framework
(with
default-‐deny)
˥ Reduced
cost
˥ NFV
=
Virtual
network
devices
instead
of
expensive
hardware
˥ Clos
=
white
label
switches
instead
of
more
expensive
infrastructure
˥ Opencontrail
soVware
available
free
of
charge
34. Devstack
+
Opencontrail
in-‐a-‐box
setup
For
the
developers
in
the
audience:
1 Install
some
packages
(git-‐core,
ant,
build-‐essen2al,
pkg-‐config
2 Download
DevStack
(git
clone
git@github.com:/dse2a/devstack.git)
3 Edit
localrc
(set
PHYSICAL_INTERFACE)
4 Run
stack.sh
5 You’ll
end
up
with
Openstack
glance,
nova,
horizon,
keystone
and
cinder,
with
Opencontrail
(as
a
Quantum
plugin),
ready
for
use
6 ?
7 Profit!