software defined networking that works
TRANSCRIPT
Copyright 2015 Blue Chip Tek
Software Defined Networking That Works
Dave UngerSenior Solutions Architect
Copyright 2015 Blue Chip Tek
Agenda
• Introduction to Contrail• Physical components of Contrail reference
architecture• Contrail demo• Q & A
3 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
CONTRAIL INTRODUCTION
4 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
CONTRAIL - BASED ON MPLS VPN TECHNOLOGY
VM
Hypervisor with vRouter
Server
Tenant VRF
Encapsulation Tunnel
XMPP (BGP)
Datacenter
RouteReflector
BGP
Provider Network
L3 VPNs for Inter-Site ConnectivityTraffic segmentation in the WANMPLS over MPLS label encapsulation tunnels
BGP route signaling
Contrail Virtual Networks in DatacentersTraffic segmentation in the LANMPLS over GRE or VXLAN label encapsulation tunnelsXMPP (with BGP payload) route signaling
Protocols,Architecture
Customer Site
CE Router
PE Router
Customer VRF
Encapsulation Tunnel
OpenStack Cloud Manager
ContrailController
Copyright 2015 Blue Chip Tek
UnderlaySwitch
vRouter
ControlNode
ControlNode
UnderlaySwitch
vRouterVM VM
IBGP
XMPP
MPLS over GRE or VXLAN
ConfigNode
Orchestrator
AnalyticsNode
SDN System
Contrail
P PPE PE
RouteReflector
RouteReflector
CECE
IBGP
IBGP
MPLS over MPLS
Network Management System (NMS)
DMI
MPLS L3VPN / E-VPNGateway
BGP
Copyright 2015 Blue Chip Tek
Contrail Abstraction ArchitectureOrchestration, AutomationOpen source and partner ecosystem of orchestratorsAPI and SDK for integration with OSS / BSS
OSS
Virtual Network OverlayOverlay encapsulation implemented in hypervisorMulti-tenancy for private and virtual public cloudsGateway functions - connect to virtual to physical networkService chaining (physical and virtual)
Physical NetworkInteroperability with traditional network devicesAny-to-any non-blocking low-latency fabric: Q-Fabric or Clos
Control Plane - Physical, VirtualOpen, standards-based, federated controllerScalable and resilient
Control Plane
Configuration modelAutomation
Control Plane Control Plane
Policies and requests
AnalyticsDistributed collectionGlobal viewConsolidationAggregation
State and status
Copyright 2015 Blue Chip Tek
Contrail Components
Physical Network(no changes)
Collector
OPENCONTRAIL CONTROLLER
ControlConfiguration
Physical Host with Hypervisor
vRouter
VM VM VM VM
Physical Host with Hypervisor
vRouter
VM VM VM VM
WAN, Internet
Gateway
Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine
collects, stores and analyzes network elements
Interacts with network elements for VM network provisioning and ensures uptime
vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node
Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance
Copyright 2015 Blue Chip Tek
Scale Out, Highly Available Architecture
ConfigurationNodes
ControlNodes
CollectorNodes
IF-MAP
REST REST
XMPP
BGP
BGP, Netconf
vRouters Gateways
BGP
Logically Centralized(Physically Distributed)
Horizontally Scalable
Highly Available(Active-Active)
Federated
9 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
CONTRAIL FEATURES BY RELEASE
Copyright 2015 Blue Chip Tek
Sept 2014 (Rel 1.1)RELEASED
Feb/June 2015 (Rel 2.1 & 2.2)RELEASED
Late 2015Dec 2014 (Rel 2.0)RELEASED
CONTRAIL FEATURES BY RELEASE
NETWORK
Multiple L3 service chaining Route Target Filtering Allowed Address Pair Extn. Multiple Subnets/VN Syslog Integration Policy Logging QoS – rate limiting per VM
Contrail OpenStack – Havana OpenStack HA Neutron v2 API’s Per Tenant Quota for Neutron Piston OpenStack 3.5
SERVICES, INFRA, APIs
COMPUTE
Server Mgmt/Provisioning – CLI Cinder/Swift/Ceph – storage
mgmt DKMS Support - Ubuntu vRouter –Simple GW (for EFT’s)
IPv6 – overlay (w. DHCP) Source NAT (CLI only)
IBM CO 2.4 - POC Contrail OpenStack – Icehouse Contrail NW w/ Juno – beta OpenStack Heat Template
support
Server Mgmt / Provisioning-UI Ubuntu 14.04 LTS, OIL interop RHEL 7/RHOS 5.x integ ESXi workloads (vRouter,
OpenStack)
OVSDB/VXLAN – ToR QoS – marking Control plane sec (auth) FWaaS API Support MX/vMX - VRF config via Netconf DPDK Integration with ESXi (beta) LBaaS API Support Underlay/overlay correlation
Contrail NW OpenStack – Juno/Kilo Contrail Cloud - Juno Keystone v3 API’s RBAC – Admin UI Server Monitoring Integration with IBM CO2.4 OpenStack Ceilometer, Heat
Service auto-scaling w/SSP Openstack – vCenter API’s vRouter performance w/ DPDK vRouter SW Gateway – Ph2 Docker with OpenStack PNF Service Chaining
BGP flowspec QoS - queuing Overlay ping/traceroute EVPN/VXLAN - QFX w/Netconf EVPN/VXLAN – QFX/MX w/XMPP IPv6 service chaining vRouter as distr FW Multiple L3 interfaces IPv6-Floating IP, NAT 6-4
Smart NIC (vRouter in NIC) SCG – Netconf, TLB P+V Service Chaining
Contrail Cloud – Kilo Multiple AZ’s VM affinity / anti-affinity groups Control plane (encrypt XMPP)
vRouter
Copyright 2015 Blue Chip Tek
Compute Node – Hypervisor/Container with vRouter
Compute Node
VirtualMachine
(Tenant B)
VirtualMachine
(Tenant B)
vRouter Forwarding Plane
VirtualMachine
(Tenant A)
Routing Instance
(Network X)
Routing Instance
(Network Y)
Routing Instance
(Network Z)
vRouter Agent
Flow Table
FIB
Flow Table
FIB
Flow Table
FIB
Overlay tunnelsMPLS over GRE or VXLAN
JUNOSV CONTRAIL CONTROLLERCONTRAIL CONTROLLER
XMPP
Eth1Kernel
pkt0
UserEth0 EthN
Config
VRFs Policy Table
Top of Rack Switch
XMPP
• vRouter is replaces the Linux Bridge or OVS module in Hypervisor Kernel
• vRouter performs bridging (E-VPN) and routing (L3VPN)
• vRouter performs networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing
• No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT
• Routes are automatically leaked into the VRF based on Policies
• Support for Multiple Interfaces on the Virtual Machines
• Support for Multiple Interfaces from Compute Node to the Switching Fabric
Tap Interfaces (vif)
Copyright 2015 Blue Chip Tek
Compute Node – Forwarding/Tunneling
VIRTUAL
PHYSICAL
Overlay tunnelsMPLS over GRE or VXLAN
Compute Node
vRouter Forwarding Plane
VirtualMachine(VN-IP1)
Routing Instance
Flow Table
FIB
Eth1 (Phy-IP1)
Tap Interfaces (vif)
Compute Node
vRouter Forwarding Plane
VirtualMachine(VN-IP2)
Routing Instance
Flow Table
FIB
Eth1 (Phy-IP2)
Tap Interfaces (vif)
Virtual-IP2
Payload
Virtual-IP2
Payload
MPLS / VNI
Phy-IP2
Virtual-IP2
Payload
Virtual-IP2
Payload
MPLS / VNI
Phy-IP2
Control Plane and Route Distribution
Copyright 2015 Blue Chip Tek
Contrail – control node• Control Plane Nodes federate using BGP
• Each vRouter uses XMPP to connect with multiple Control Plane nodes for redundancy
• All Control Plane Nodes are active active
• Each Control Plane Node connects to multiple configuration nodes for redundancy
• BGP is used to connect with Physical Gateway Routers or Services Nodes
• Control Nodes can run different software versions for test-before-deploy and live upgrades
Configuration Node
Configuration Node
IF-MAP
Compute Node Compute Node
XMPP
Control Node
"BGP module"
Proxies (ARP, DHCP, ..) XMPP
IF-MAP Client Control Node
Control Node
IBGP
Gateway Routers
Service Nodes
Configuration Node
Copyright 2015 Blue Chip Tek
configuration node
1. API Server provides Northbound REST Interface – Orchestration System provisions using this API service
2. DHT/NoSQL Database is used for Persistence and High Availability of Configuration
3. Schema Transformer “compiles” the high level data model to low level model for vRouter, Service Nodes, and Gateway Routers
4. IF-MAP is used to represent the data-model – Control Nodes subscribe to the subset of configuration
Configuration Node
REST API Server
Schema Transformer
Orchestrator(OpenStack)
REST
DHT DB
IF-MAPserver
Configuration Node
Control Node
ControlNode
IF-MAP
Distributed Synchronization
Configuration Node
DHT DB
DHT DB
Message Bus
Non-OpenStack Use Cases
19 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
GATEWAY USE CASES
Contrail domain
Contrail
MX-Seriesrouter
Peering point
Remote datacenter
Datacenter
Hardware device (firewall/load balancer)
VMware clusters, physical servers
Other Contrail domains
Contrail
Internet Gateway
Datacenter Interconnect
Inter-Domain Gateway
Inter-Network Gateway
Appliance Insertion
Internet
Contrail
Copyright © 2014 Juniper Networks, Inc. 20
VMware Integration
Copyright © 2014 Juniper Networks, Inc. 21
Physical Server Integration with OVSDBToR Service Node
ToR Agent
OVSDBClient
ToR Agent
OVSDBClient
vRouter Forwarder
ToR Control Agent
OVSDB
OVSDB
XMPP
VM
Server
Hypervisor
VM with interface in Green VRF
Green VRF in vRouter
OVSDBOVSDB
Host OS
Host OS Host OS
VM
Contrail Controller
OpenStack
Control PlaneRoute exchange using XMPP
and OVSDB Broadcast TrafficDHCP, DNS, ARP in VXLAN
tunnels to TSN
Switches have VTEPs and runs OVSDB
Hosts connected to VTEPs directly or via VLAN
Data PlaneVXLAN tunnels between vRouters
and physical switch VTEPs
OpenStack/Contrail Domain Physical Servers
22 Copyright © 2013 Juniper Networks, Inc. www.juniper.net
CONTRAIL PACKAGING
23 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL
Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper.
Same features and scaling as commercial versionUses proven stable standards. Production-Ready.
Permissive license Apache 2.0
Integrated into open source virtualization stacksOpenStack, CloudStack
24 Copyright © 2015 Juniper Networks, Inc. www.juniper.net
COMMERCIAL PRODUCTS
Contrail Cloud Reference Architecture
Contrail CloudContrail Networking
Cloud Orchestration Server Management Distributed & Scale-out Storage Compute Orchestration
+ Contrail Networking
Integrated Cloud PODs Reference Architecture – PODs Integrated Management
+ Contrail Openstack
Cloud Networking Network Virtualization Virtualized Network Services Multiple Orchestration
Support Openstack, VMware ESXi,
vCenter, IBM CO
INCREASING LEVELS OF INTEGRATION
Copyright 2015 Blue Chip Tek
Contrail Reference Architecture
• What are the physical components?• What are the common choices?
Copyright 2015 Blue Chip Tek
Physical components (minimal)
Copyright 2015 Blue Chip Tek
Physical components (typical)
Copyright 2015 Blue Chip Tek
Server options – 4-nodes in 2RU
• Minimal:Infrastructure node / jumphost Compute / Storage nodeCloud / Contrail controller Compute / Storage node
Compute / Storage node Compute / Storage nodeCloud / Contrail controller Cloud / Contrail controller
• Our recommendation:Infrastructure node / jumphost Compute nodeCloud / Contrail controller Storage node
Compute node Compute nodeCloud / Contrail controller Storage node
Compute node Compute nodeCloud / Contrail controller Storage node
Copyright 2015 Blue Chip Tek
Network details
• Servers need a minimum of three connections• IPMI• Management network• Data network – can use multiple NICs for LAG / MLAG
connections• Layer 3 CLOS or VXLAN topology for data network• Data network can be one QFX switch, a virtual chassis, or
pair of discrete switches• Adding an MX router is optional
Copyright 2015 Blue Chip Tek
Any questions before we dive into the
demo?