juniper in virtuellen netzen - arrow...
TRANSCRIPT
Juniper in virtuellen Netzen
Karl-Heinz Lutz Partner Development DACh
Juniper der Innovationsführer
INNOVATION • Securing more than 86% of U.S. smartphone traffic • Powering the world’s largest networks, including 97 of Fortune Global 100 • The world’s top 5 social media properties run on Juniper
TALENT • 8,800+ employees and extensive partner ecosystem • 16 around-the-clock technical support centers globally • 47 offices serving 100+ countries
FINANCIALS
• $4.6B in revenue in 2014; Non-GAAP EPS increased 13% yoy • Generated ~$842M of operating cash flow in 2014; $1.8B in cash and investments • ~$9B+ market cap
Die Anforderungen an die IT wachsen
• Mehr Flexibilität
• Apps
• Schnellere Umsetzung von Anforderungen
• Kostendruck
• Weniger Fachpersonal
• Sicherheit
Automatisierung, Virtualisierung ….. • Virtualisierung
• Virtualisierung bezeichnet in der Informatik die Erzeugung virtueller (d. h. nicht-physikalischer) Dinge wie einer emulierten Hardware, eines Betriebssystems, Datenspeichers oder einer Netzwerkressource. Dies erlaubt es etwa, Computer-Ressourcen (insbesondere im Server-Bereich) transparent zusammenzufassen oder aufzuteilen, oder ein Betriebssystem innerhalb eines anderen auszuführen.
• Automatisierung:
• „Das Ausrüsten einer Einrichtung, so daß sie ganz oder teilweise ohne Mitwirkung des Menschen bestimmungsgemäß arbeitet.“[1]
Wer steht für Virtualisierung?
VMware’s SDDC Vision Software-Defined Data Center Priorities:
Data Center Virtualization and Standardization
Streamlined and Automated Data
Center Ops
Security Controls Native to
Infrastructure
High Availability and Resilient Infrastructure
Application and Infrastructure
Delivery Automation
Software-Defined Data Center Outcomes:
CapEx Reduction OpEx Reduction Effortless Security Improved Uptime ITaaS
DAS DATA CENTER NETZ…
Internet
COMPUTE INFRASTRUKTUR….
Internet
HYPERVISOREN UND VSWITCHES…
Internet
VIRTUELLE NETZE – VERGLEICHBAR MIT LOGISCHEN SWITCHES ODER VLANS
Internet
DAS VIRTUELLE NETZ?
DAS VIRTUELLE NETZ?
DAS VIRTUELLE NETZ?
SERVICES DISTRIBUTED TO THE VIRTUAL SWITCH
PHYSICAL WORKLOADS AND LEGACY VLANS
Overlay attributes • L2 extension over Layer 3 underlay • Any to any at massive scale, up to 16
million logical segments • Overlay address are hidden from
underlay
VMware NSX Overlay Tunnels
Underlay attributes • Ideally a single element to manage
(One Fabric) • All links active 100% of the time • All features on every port • Predictable latency and performance • In Service Software Upgrade
Overlay ist maßgeblich abhängig von dem verwendeten Hypervisor
VxLAN VxLAN
VTEP – Virtual Tunnel End Point
Multiple Overlay Architekturen
Overlay Networks
Controller-less
EVPN-VxLAN Unicast VXLAN
Controller
VMware NSX OpenContrail
Scale out Networks L2 extension
Centralized & Automated Management
Polices & Service Chaining
Vmware Sicht der Netzwerk Welt
Adv
ance
d D
ata
Cen
ter N
etw
ork
Ser
vice
s in
Sof
twar
e - A
utom
ated
L2 Switching
L3 Routing
Firewalling/ACLs IPsec VPN L2 VPN SSLVPN
Load Balancing
Any Application
SDDC Platform
Any x86
Any Storage
Any IP network
Data Center Virtualization
Any Network Fabric
Access Port, Router, Firewall, Load Balancer Anywhere
Virtualized Network
Underlay Network
Any X86 Anywhere
Virtualized Compute
Virtualized Storage Wor
kloa
d A
nyw
here
C
ompl
ete
Aut
omat
ion
3rd Party
Open, No vendor preference
Ist Netzwerkvirtualisierung Hardware-Unabhängig? • Meistens ja, ABER:
• Die Grundlage muss mindestens folgende Schlüsselattribute bieten
(Beschreibung aus dem "VMware NSX Network Virtualization Design Guide”) • Scalable • High-bandwidth • Fault-tolerant • QoS • Spines / Leave topology • Equal-Cost Multipathing • …. • Why not add Simple, easy to manage, automated with strong analytics?
• Und Gateways sind notwendig (Hardware?)
Netzarchitekturen müssen angepasst werden - Server Virtualisierung reicht nicht aus
• Silos im RZ eliminieren
• Rechenzentren miteinander verbinden
• Cloud Services integrieren
• Sicherheitskonzepte integrieren
Der Blick unter die Motorhaube…
Der Blick unter die Motorhaube…
• DC Switches • Any topology • Fabric technologies • Operational ease • Highly available • Massively scalable • Open standards • API/tool automatable
• VXLAN switching • NSX SDN-overlay
bridging gateway • In-hypervisor &
in-switch cloud analytics engine
• Adaptive load balancing of “elephant & mice” flows / flowlets
• Best-of-breed WAN and DCI routing
• VPLS and E-VPN • NSX SDN-overlay
routing gateway • Universal SDN
Gateway for multiple VXLAN & MPLS overlays
• In-VM-Router scaling to 160Gbps
• Web 2.0-style GUI • Manage DC network • Correlate physical
and virtual networks • Monitor vMotion • Analytics collector
with network and in-VM application visibility
• NSX hypervisor FW and virtual network micro-segmentation
• Juniper DC L2-7 perimeter with high-performance NGFW
• Juniper in-VM FW offers Anti-APT/UTM with vSphere-integrated management
High-Performance DC Fabrics
Virtual Networking Intelligence
Data Center Interconnect
Joint Management and Automation
Complementary Network Security
Juniper Unterscheidungsmerkmale
Cloud Networking Architekturen
Multi-tier MC-LAG
MX L2/L3
L2
• Single broadcast domain
• VLAN anywhere • MC-LAG • MAC mobility • Operational simplicity
Ethernet Fabric
L2/L3
• L2 and L3 in single fabric
• Single point of management
• Automation within the fabric
IP Fabric
• Layer 3 Routing (OSPF or BGP)
• Fabric resiliency with ECMP
• Reduced scope of L2 broadcast domains .
L3
Charles CLOS – 1953 CLOS is required when the switching needs are greater than the largest, single switch
Ingress Middle Egress http://en.wikipedia.org/wiki/Clos_network
1
n
1
m
Cloud Networking Architekturen
Multi-tier MC-LAG
MX L2/L3
L2
• Single broadcast domain
• VLAN anywhere • MC-LAG • MAC mobility • Operational simplicity
Ethernet Fabric
L2/L3
• L2 and L3 in single fabric
• Single point of management
• Automation within the fabric
IP Fabric with Overlay
Virtual Network
L3
• IP underlay fabric • Ethernet overlay • Subnets independent of
physical topology
IP Fabric
• Layer 3 Routing (OSPF or BGP)
• Fabric resiliency with ECMP
• Reduced scope of L2 broadcast domains .
L3
Juniper Switching Architekturen
Juniper Architekturen
Offene Architekturen
MC-LAG
…
QFX5100
Virtual Chassis
Up to 10 members
QFabric Up to 128 members
IP Fabric
L3 Fabric
Virtual Chassis Fabric
Up to 32 members
Vorteile Single Point of
Management Schlüsselfertig
und bedarfsgerecht
Benefits Flexible
Einsatzgebiete Offene
Technologie und Protokolle Eine einzige Architektur passt nicht überall –
Der QFX5100 bietet die Wahl !!
• Single point of management • Ethernet Fabric – L2 für das
gesamte DC oder Pods • Einfaches VTEP/L2 Gateway (mit
OVSDB Integration) • Vereinfachter Multicast support (No
need for PIM) • Flexibel in Größe, Interface Typen,
zukünftige Erweiterungen • Spine-Leaf Topology für
vorhersehbare Performance. • AFS* zur Gleichverteilung von
Datenverkehr
Virtual Chassis Fabric
Virtual Chassis Fabric
…
…
*AFS = Adaptive Flowlet Splicing
Intelligent Underlays: Adaptive Flowlet Splicing • Dynamischer Load Balancing
Algorithmus für VCF • TCP Flow Splicing • No packet re-ordering • Load und Queue Depth
Messungen für das Flowlet Balancing
• Bessere ECMP Nutzung für Overlay und Underlay Verkehr.
• Berechenbare und ausgewogene Performance
VN VN VN
…
…
overlay underlay
Virtual Chassis Fabric
Cloud Switching Portfolio Abbildung auf eine Spine-Leaf Lösung
SPINE
MODULAR
LEAF
FIXED
EX9200 QFX10000
QFX5100
QFX5100-24Q QFX10002
10 GIGABIT ETHERNET OCP NETWORKING APPLICATION INTEGRATED SWITCHING
SCALE UP ARCHITECTURE Up to 480 X 100 GbE Ports
GIGABIT ETHERNET
EX4300 QFX5100-24Q-AA QFX-PFA-4Q OCX1100
QFX10002-72Q
• Fixed platform to support transition from 10GbE to 40GbE and 100GbE
• Compact form factor with high density
Durchgängige Data Center Fabric Architektur
Q: W
hen a bear fights a shark, w
ho w
ins? A: It depends on w
hether the fight w
as on the beach or in the w
ater. W
e should pick the location w
here w
e choose to invest our energy fighting.
Multi-tier MC-LAG VCF Junos Fusion
IP Fabric
Ethernet Fabric
JUNOS: one common operating system for all fabrics
Business Critical IT & Private Cloud SaaS, Web Services
QFabric
<4,260Servers < 1,500 Servers 10,000+ <6,000 Servers
Virtual Network
…
Internet
MX (USG)
Virtual & Physical Security
QFX, EX, and QFabic Switching
Private Cloud
Hosted/ Managed
MX (USG)
Virtual & Physical Security
QFX, EX, and QFabic Switching
Private Cloud
Public Cloud (Hybrid)
Junos Space Network Director
WAN
Multi-Data Center, Multi-Cloud, One Network Architecture
Campus and Branch
ANY NETWORK OR SDN
Networking Ende zu Ende
Overlay Architektur All Devices Need to Communicate
Provide SDN-to-non-SDN translation, same IP subnet
Layer2
SDN to IP (Layer 2)
Layer3
Provide SDN-to-non-SDN translation, different IP subnet
SDN to IP (Layer 3)
Provide SDN-to-SDN translation, same or different IP subnet, same or different overlay
SDN
SDN to SDN
WAN
Provide SDN-to-WAN translation, same or different IP subnet, same or different encapsulation
Remote Data
Center
Public Cloud Internet SDN to WAN
MX-Series – Universal SDN Gateway
VMWare NSX Pod Juniper Contrail Pod
WAN GW
Layer 2 GW
Layer 3 GW
SDN GW
Mixed Pod DC 1 DC 2
WAN
Custom DevOps/ITSM
Integriertes Management, Orchestration & Automation Network Director Overview
---------- B/OSS, ITSMs, DevOps, Platforms & Apps ---------
Junos Space
ND App
Web 2.0 GUI
Ope
n R
ESTf
ul A
PI
Junos OS
NET
CO
NF
DM
I
Integrated Management, Orchestration & Automation Network Director-to-VMware Integration Overview
controller
… …
server
VISUALIZE ANALYZE CONTROL
Holistic and correlated view Data center and campus topologies Correlated server/VM/network visibility Overlay and underlay connectivity Physical and virtualized connectivity
Smarter and Proactive Networks Built-in collection and correlation engine Heat map and root-cause analysis Telemetry for overlays & underlays Inter-VM network trace and flow analysis
Lifecycle and Workflow Automation Scalable multi-site management Provisioning templating and planning Fabric automation and management Data center fabric management
Physical & Virtual Visibility in Junos Space ND Data Center Topology and Devices
Physical to Virtual Topology
NSX Overlay Networks Topology
s1>show analytics overlay vxlan
VNI Green: VM1, VM2, VM6, VM7 VNI Blue: VM5, VM10 VNI Red: VM3, VM4, VM8, VM9
Overlay Awareness
JOINT-OPS ADVANTAGES
• VXLAN ping, traceroute, VM path
visibility
• Insightful metrics monitoring
• Faster troubleshooting and planning
• Proactive & passive application QoE
• Correlate & coordinate network and apps
Exceptional Networking Analytics
KVM
VM VM VM VM VM VM VM VM VM KVM KVM
VN VN VN
… …
overlay underlay
compute
CAE Flow/App Visibility & Analysis
VMs/Apps, Hosts, Networks Flow-path Analytics
• Network Telemetry • App Placement
• Troubleshooting • Watch lists
• Health & capacity assessment • End-to-end and per-hop
analysis • Unhealthy VMs/apps/hosts
• Physical/virtual correlation • Topology visualization • Simple end-to-end mirroring
CAE Cloud Analytics Engine
Juniper Switching
Traditional Approach
Turn-Key Simplicity
Hyper Scalability
End-to-end Consistency
Multi-Tier Ethernet
Ethernet Fabric
IP Fabric
MPLS Fabric
One Suite of Data Center Platforms (QFX and EX)
One Operating System (Junos)
1. Seamless forwarding across physical and virtual infrastructure 2. Virtualization-aware network management and orchestration 3. Analytics and visibility of both physical and virtual
BETTER TOGETHER
NSX Virtual Networking Physical-to-Virtual Switching & Routing
• Maximize agility and flexibility • DC programmatic control
• Common policy across DC
• High performance and scalable • Secure and reliable foundation
• Physical-Virtual Ops. simplification
VMware Compute Virtualization VM-aware Management and VNFs
+
+
SDDC: Virtualization & Automation MetaFabric: Performance & Automation
NOW YOUR NETWORK IS plugged into THE SDDC
HerzlichenDank