The Juniper SDN

LandscapeSDN ESSENTIALS

Who am I?

Chris Joneschris@sdnessentials.com

Certifications:

• JNCIE-ENT #272

• CCIE #25655 (R&S)

• JNCIP-SP

• JNCIS-SEC

• JNCIS-QF

Author:

• Day One: Junos for IOS Engineers

• Day One: Ambassadors’ Cookbook For Enterprise

• JNCIE-ENT Preparation Workbook

Other:

• Juniper Ambassador

• Juniper Ingenious Champion

2

Agenda

Why SDN

The current landscape of SDN

The place of OpenStack

The value of Contrail

How we can help

3

So, why SDN?GOOD QUESTION!

4

“”

In this business we shouldn’t forget what

the purpose of the network is: to serve

the needs of the application. And the

network stopped doing that a while

ago.ART FEWELL, NETWORK WORLD

5

Today’s Network Challenges

High operational costs

Difficult to manage

Network scalability has always been a problem

Unable to adapt to changing traffic patterns and flows

Decentralized

Monolithic software

New features require an update to the entire software stack

6

The Push Towards SDN

SDN Definition

A technology to networking which allows centralized, programmable

control planes so that network operators can control and manage directly

their own virtualized networks.

Basic Concepts

Separation of control and data planes

Centralized, programmable control planes of network equipment

Support of multiple, isolated virtual networks

Networks must adjust and respond dynamically

Newly added features must not disrupt the network

Alleviate the need for manual configuration of individual devices

7

The Four Planes of Networking

Management

Configuration and management of network devices

Services

Deep thinking of the software

Stateful firewalling, IDP, etc.

Not all devices have a services plane

Control

Brains of the software – Directs traffic

Forwarding

Brawn of the software – Forwards traffic

8

Network Planes

Management

Services

Control

Forwarding

Centralization

Key principal of SDN

Centralized management,

services, and control functions

Master configuration copies

Distributed forwarding layer

Local configuration copy

9

Management

Services

Controller

Centralized Functions

Network Device 1

Configuration Copy

Local Control Layer

Forwarding Layer

Network Device 2

Configuration Copy

Local Control Layer

Forwarding Layer

Network Device n

Configuration Copy

Local Control Layer

Forwarding Layer

Distributed Devices

SDN Software Directions

Northbound Interface

In computer networking and computer architecture, a northbound interface of a component is an interface that conceptualizes the lower level details (e.g., data or functions) used by, or in, the component

Examples: REST API, SMMP, CORBA, SNMP

Southbound Interface

Allows a particular network component to communicate with a lower-level component

Example: OpenFlow, NETCONF, XMPP

East-West Interface

Communicate between groups or federations of controllers to synchronize state for high availability

Example: BGP

10

What is OpenFlow?

OpenFlow is a protocol that enables programmability of the

forwarding plane across the network

OpenFlow is leveraged at the Southbound Interface between SDN Controller and OpenFlow switch

OpenFlow attempts to abstract the implementation details of

networks and forwarding elements using simple messaging

11

Forwarding Element

FlowTable

FlowTable

FlowTable

Forwarding Element

FlowTable

FlowTable

FlowTable

Forwarding Element

FlowTable

FlowTable

FlowTable

SDN Controller SDN ControllerEast/West Federation

OpenFlow

Three SDN Flavors

Open SDN

Tremendous promise

A comprehensive re-engineering of how networking works.

Requires evolutionary, hybrid deployment strategies to succeed.

SDN via Overlays

Immediate and practical solution to solve datacenter issues

Doesn’t address physical network underneath.

SDN via API

Utilizes existing hardware infrastructure

Stopgap to protect investment

12

Open SDN

Simplified devices

All control functionality in controller

Fully distributed enforcement

Easy to innovate and evolve

Typically utilizes OpenFlow for control plane centralization

OpenFlow allows high-level switching decisions to be made on a central controller

Ability to directly program flow tables on the switch to specify forwarding behavior

13

Controller

Data

Forwarding

Data

Forwarding

Data

Forwarding

OpenFlow

SDN via Overlays

Implemented in hypervisor

Independent of underlying

hardware

Still must deal with physical

network

Encapsulates traffic

VXLAN

GRE

MPLS over GRE

14

Ov

erla

y

Ne

two

rks

Ph

ysi

ca

l

Ne

two

rk

PhysicalServer

Physical

ServerPhysical

Server

Hypervisor Hypervisor Hypervisor

Network Device Network Device

Network Device Network Device Network Device

SDN via APIs

Some network programmability

“Proprietary Openness”

Little or no device simplification

Leaves most control plane

functions on the device

15

Controller

Data Forwarding

API

SDN Standards 16

• OpenFlow

• OF-Config

• TTP (Table Type Patterns)

• OVSDB

• I2RS

• NFV (Network Functions Virtualization)

• Open SDN Controller

What does the current landscape

look like?WHO ARE THE BIG PLAYERS?

17

Established Vendors:

Cisco Systems

ACI

SDN via API

Developed by Insieme Networks (Cisco), acquired by Cisco in December, 2013

Network virtualization platform done in hardware instead of software

Uses Nexus 9000 switches and an Application Policy Infrastructure Controller (APIC)

Application-aware network policies

White-list policy model

18

Established Vendors:

Juniper Networks

Juniper Contrail

SDN via Overlay

Developed by Contrail Systems,

acquired by Juniper Networks in

December 2012

Inserts vRouter into compute

hypervisor

Creates MPLS over GRE tunnels

between vRouters

Integrates tightly with OpenStack

Universal SDN Gateway

Open SDN

MX-Series routers and QFX5100

switches

Works together with VMware to

provide SDN gateway functionality

for VMware NSX

19

NSX SDN

Pod 1

VxLAN VxLAN VxLAN VxLAN VxLAN

VxLAN VxLAN VxLAN VxLAN VxLAN

Native IP L2 Native IP L2 Native IP L2 Native IP L2

Native IP L2 Native IP L2 Native IP L2 Native IP L2

NSX Controller

OVSDB

OVSDB

Established Vendors:

VMware

NSX SDN via Overlay

Acquired Nicira in 2012

Components:

NSX Manager: web-based GUI management dashboard. Services provided by NSX APIs

NSX Controller: distributed virtual appliances that accept API requests from an orchestrator and programs the hypervisor NSX switches and NSX gateways

NSX Gateway: Path in/out of the software defined data center

NSX vSwitch: Added to the hypervisor to replace traditional switches.

20

Smaller Players:

Brocade

Vyatta Controller

Open SDN

Brocade’s OpenDaylight-based

controller

Brocade is a significant

contributor to OpenDaylight

21

Smaller Players:

Big Switch

Big Cloud Fabric Open SDN

Uses a leaf/spine physical Clos fabric

Big Cloud Fabric Controller

Uses OpenFlow to communicate with the physical and virtual switches

Centralizes the control plane

Switch Light Operating System on bare-metal switches

Switch Light vSwitch on hypervisors

Plug-ins for OpenStack and CloudStack

Programmable via REST API

22

Smaller Players:

NEC

ProgrammableFlow Controller

Open SDN

NEC is a founding member of the Open Networking Foundation (ONF)

First vendor commercial OpenFlowcontroller (2011)

Flat network fabric architecture

Open, API-based network programming

Works with compute orchestration such as OpenStack, with Hyper-V

23

Start-Ups:

Nuage Networks SDN via Overlay

Subsidiary of Alcatel-Lucent

Three key software-based products:

Virtualized Services Controller (VSC): Serves as the control plane, maintaining a per-tenant view of the network.

Virtualized Services Directory (VSD): Serves as the policy, business logic and analytics engine for the abstract definition of network services. Uses RESTful APIs.

Virtual Routing & Switching (VRS): A module serving as a virtual endpoint for network services.

24

Start-Ups:

Pica8

PicOS Linux-based network

operating system

Runs on commodity bare metal switches

Adoption of Open vSwitch

(OVS)

Supports OpenFlow,

recommending the RYU

OpenFlow Controller

25

What is OpenStack… … AND HOW DOES IT FIT IN?

26

OpenStack Overview

Cloud software orchestration

platform designed to run on

commodity hardware

Developed by NASA and

Rackspace in 2010

Made up of a set of open source

projects in a modular architecture

Collective goal of providing

compute, storage, and networking

for an Infrastructure as a Service (IaaS) platform

27

OpenStack Framework

Compute (Nova): Provisions and manages virtual machines

Networking (Neutron): Provides Network as a Service (NaaS) to

compute

Object Store (Swift): Reliable, scalable storage of various objects

that can be used by other services

Image Service (Glance): Manages library of server VM images

Dashboard (Horizon): Django-based web application used by the

cloud administrator

Authentication (Keystone): Provides authentication services for users and other OpenStack components as well as API calls

28

OpenStack Architecture 29

Dashboard

Horizon

Networking

Neutron

Block Storage

Cinder

Compute

Nova

Image Storage

Glance

Identity

Keystone

Object Storage

Swift

Nova (compute)

OpenStack’s compute

component

Most complicated and distributed component of OpenStack

Handles the creation and

management of virtual machines

Uses underlying system’s

virtualization

30

dashboard

Message

Queue

API

Scheduler Compute

Network manager Volume manager

HTTP Auth Manager

Keystone (identity)

OpenStack authentication

component

Generates a token (UUID) and

sends to the client

Every request includes the token

and is verified by Keystone

If valid: Returns 200 and process

request

If invalid: Returns 401 and rejects

request

31

Reject Request Process Request

HTTP 401 HTTP 200

No Yes

Send username/password

Keystone Verifies User/PassGenerates token

token

Send API request + token

Keystone checks token

Token Valid?

Glance (image storage)

OpenStack’s image

management component

Used to store images and

templates for VMs

Can copy or snapshot disk

images that can be used as

templates

32

Web UI Glance CLI

Glance API

Glance-Registry

Image StoreGlance

Database

Cinder (block storage)

Cinder provides block storage

services for OpenStack

Provisions storage in the form of

block devices known as Cinder

volumes

Storage can either be:

Local using attached disks or solid-

state drives

Remote using standard protocols

such as iSCSI, Fibre Channel and NFS

Snapshot management and

volume cloning

33

Cinder API

Cinder Scheduler

Local

Cinder Volume

Remote

Cinder Volume

Remote

Cinder Volume

iSCSI NFS

Swift (object storage)

Used for object storage in

OpenStack

No single point of failure

Horizontally scalable

Ideal for storing unstructured data

that can grow without bound:

Backups

Video

Pictures

Online content

User-generated data

34

Swift Cluster

account

Container

DBAccount

DB

Object

Store

container object

Swift Proxy

Neutron (networking)

Network as a Service (NaaS)

Modular, scalable, API-driven system

for managing networks and IP addresses

Technnology agnostic – Plug-in

architecture allows connecting to

networking environment of choice

Provides REST APIs to manage

network connections for compute

and storage

35

L2 Agent

L3 Agent

neutron-server

Database

Message

Queue

DHCP Agent

Adv. Services

L2 AgentL2 AgentL2 AgentL2 AgentL2 Agent

L3 AgentL3 AgentL3 Agent

DHCP Agent

Neutron Plug-Ins

Modular Layer 2 (ML2) Plugin

Framework allows variety of L2 technologies

Vendor Plug-in supports third party vendor technologies

Contrail is an example

36

Core Plug-In (ML2)

Mechanism ManagerType Manager

Type Driver Mechanism Driver

Other GRE VLAN VXLAN OtherLinux

BridgeOvS Vendor

What about Contrail?AND HOW DOES IT ADD VALUE?

37

Contrail Overview

Juniper Contrail is an overlay SDN solution

Replaces Linux bridge with vRouter on the hypervisor

Creates tunnels between vRouters, as necessary

MPLS over GRE

VXLAN

Uses industry standard protocols:

BGP

MPLS

XMPP

38

Contrail Controller

Configuration Analytics

Control

Server

VM VM VM

Server

VM VM VMIP fabric(underlay network)

Orchestrator

Contrail Controller Components

Configuration nodes

Configuration management and user interface

Convert high-level service data model into low-level technology data model

Publishes data model to Control nodes

Control nodes

Use data model to create desired network state

Interact with each other to maintain network state

XMPP, BGP + NetConf

Analytic nodes

Capture real-time data from network elements

Events stored in NoSQL databases

39

Other Contrail Components

Compute nodes

Host tenant and service VMs

Implement a vRouter which handles the forwarding plane

Gateway nodes

Physical routers or switches that connect virtual networks to physical networks

Service nodes

Physical network devices that provide various network services

Deep Packet Inspection (DPI)

Intrusion Detection and Prevention (IDP)

Load balancing

40

Multi-Tenancy 41

VM VM VM

Green

Virtual

Network

VM VM VM

Red

Virtual

Network

VM

R1

VM

G1

VM

R2

VM

G2

OpenStack

Neutron

ContrailController

REST APIs

XMPP

Underlay Switch

Overlay

Tunnel

Routing

Instances

vRouter

Virtualized

Servers

Hypervisor

Gateway To Bare-Metal Server 42

VM

R1

VM

R2

OpenStack

Neutron

ContrailController

BGP + NetConf

OverlayTunnels

GatewayRouter/Switch

VM VM

RedVirtual

Network

Bare Metal Server(Non-virtualized)

Dynamic Virtual Services 43

VM

G

VM

R

OpenStack

Neutron

ContrailControllerXMPP

VM VM VM

GreenVirtual

Network

VM VM VM

RedVirtual

Network

How Contrail Fits With OpenStack

Contrail utilizes a plugin for Neutron to enable full integration with OpenStack

The Contrail vRouter replaces the standard Linux bridge or OVS on the compute node (hypervisor)

The Contrail control node translates the high level information from the configuration node into a model the vRouter will understand, and transmits the instructions to the Contrail agent also located on the compute node

44

Neutron

Plugin

Neutron

Plugin

ScriptsHorizon

Neutron Plugin

Nova API

Neutron Driver

Compute Driver

Virtual-IF Driver

Contrail Agent

vRouter(kernel)

Control Node

Config Node

Nova Scheduler

Contrail Use Case:

Internet Gateway

MX Series router configured to

peer via BGP with Contrail

Routing instances are used for

each tenant to provide true

separation

Dynamic GRE tunnels set up

between MX gateway and

vRouters on the compute nodes

Floating IPs are in use to allow

each of the three tenants to be

reachable from the Internet

45

Contrail Use Case:

Inter-domain Gateway

Applied when multiple Contrail

domains are present in a

datacenter

MX-Series router functions as a

gateway between Contrail “pods”

Multi-tenancy is maintained

through the use of VRFs on the MX

Next-hops are automatically

configured to allow full

reachability

46

Contrail Use Case:

Data Center Interconnect

Use case illustrates how MX Series

routers can be used as physical

gateways between datacenters

VRFs are maintained on the MX

gateways for multi-tenancy

BGP (and optionally L3VPN or

EVPN) can be configured

between datacenters for the

tunneled traffic to flow across

GRE over MPLS tunnels created in

Contrail vRouters traverse the

physical network between

datacenters

47

Contrail Use Case:

Internetwork Gateway

Assets connected to physical

switches can be connected to a

Contrail domain in the

Internetwork Gateway use case

The MX Series router acts as the

gateway

Physical networks configured with

VLANs can now be reached from

the Contrail domain

Bare-metal servers directly

connected will also have

reachability

48

Contrail Use Case:

Service Chaining Gateway

The Service Chaining Gateway

use case allows service providers

to offer advanced services to

customers

Traffic in the Contrail domain can

be forwarded either to a virtual

service appliance or to a physical

device

Examples include:

Firewall

Load Balacing

IPS

49

How can SDN Essentials help?I’M GLAD YOU ASKED!

50

“”

Who Are We?

DOUG MARSCHKE, CTO/FOUNDER SDN ESSENTIALS

SDN Essentials is a professional services company focused on SDN Education & Training, Professional Consulting and Managed Services.

We are the one-stop SDN shop to plan, build and execute your SDN strategies and your customers’.

We provide a thorough and real world understanding of SDN and help bring quicker service offerings, additional revenue, full visibility and control into networks.

51

With major networking vendors, start-ups and open source initiatives

presenting SDN solutions, it has become increasingly difficult for

customers to find the solution that fits their need. I feel it is important

to help customers understand how a disruptive technology like SDN

can benefit and grow their business .

Our Goals

To become your trusted SDN partner and channel enabler

Foster open, honest, mutually beneficial relationships

Create new revenue streams for Juniper and its partners by identifying

new opportunities for your platform during our SDN assessments

Provide high-value services to you and your customers

Be your go-to source for all professional services (education, consulting

and managed services)

Generate more awareness for Juniper by sharing product overview

information in our classes

52

Meet The Team!

Steve DyerTechnical Instructor

Chris JonesSDN Engineer

Chystina FrenchDirector of Operations

Doug MarschkeCTO/Founder

Trisha KincheloeOperations Research Analyst

John HammondSDN Engineer

Ed McEnteeBusiness Development/Channel

Director

Doug WadkinsChief Product Officer

Darien HirotsuSDN Consultant

Marco AlvesSDN Consultant

Mike RisanoWeb Developer/Graphic

Designer

53

We’re The Industry Experts

6x JNCIEs

1x CCIE

5x Juniper Ingenious Champions

4x Juniper JNCI certified instructors

Juniper JNCI Silver Award winner Steve Dyer

Juniper Ambassador Chris Jones

Authors of a number of books:

54

Channel Driven/Channel

Enablement

We are 100% Channel focused

We realized that many channel partners are not ready for SDN yet, so

we have a simple model

Build Trust in Traditional networking services, MX, QFX, EX, etc.

Discover cloud and automation projects for the VAR

Lead Generation with SDN Bootcamps and Webinars

Help create their SDN strategy

Provide Pre-sales services

Then teach them how to start selling SDN/NFV

White Label or SDN Essentials Branded services

Willing to also sub-contract via Juniper PS

55

SDN Professional Services

We offer our professional consulting services to value-added resellers

(VARs) and their customers, direct to customers (service providers and

enterprise) and to our SDN solutions partners and peers.

Our team expertise expands well beyond the classroom and

boardroom into datacenters, think-tanks, labs and international

collaboration calls.

We have not only joined the SDN movement, we are leading it with educational books, classes, professional consulting and thought leadership among industry associations.

SDN Essentials is and will remain channel and vendor neutral, so that we

can stay focused on providing the highest-quality solutions and

maintain our competitive advantage of SDN knowledge and expertise.

56

Service Offerings

Custom Offerings

SDN Readiness Assessments and Prep Installations (Layers 2 & 3)

Examine current network and create a report that details the next steps

needed to move to a SDN architecture (could expand your list of strategic

partners and generate new sales)

SDN Architecture Design

Test Plans and Product Testing in Labs

Implementation and Migration Services

Migrate from current legacy design to SDN architecture

Configure all network elements and controllers

Create software middleware for controller and orchestration tie-in

57

Service Offerings

Custom Offerings (cont.)

Datacenter Virtualization

Implement OpenStack with Neutron

Migrate to V-switch environment with central controller using protocols like

OVSDB, OF-CONFG or XMPP

SDN Software Design and Implementation

Whitepaper Creation and Technology Writing

Resident Consultants

Knowledge Transfer

SDN Security

Assessment & Best Practices Consulting

58

Education & Training Services

Solutions to empower your team with knowledge and tools to sell

your specific SDN solutions and it’s benefits

Juniper Authorized Education Center!

Courses (via open enrollment and on-demand)

Introductory SDN classes

Vendor-Specific Training Classes and Certifications

Pre-sales Enablement Boot Camps

MDF and lead-gen event courseware

Custom course content

Pre/post technical sales pitches, materials and training

59

SDN Courses

SDN Overview

The SDN overview classes are a 1 day class with 75% lecture and 25% lab that gives a background on SDN architecture, definitions, and where the industry is heading.

This class has been designed to serve a variety of audiences from sales, project managers and network engineers.

SDN For Network Engineers

The SDN for Network Engineers

class is a 2-day class with 50%

lecture and 50% lab that gives a

background on SDN architecture,

definitions, use cases, where the

industry is heading and migration

strategies.

This class has been designed to

provide a broad and hands-on

experience for network engineers

requiring SDN knowledge.

The Lab uses a variety of

controllers including Floodlight,

Open Daylight and commercial

controllers.

SDN Foundations

The SDN Foundation class is a 3-day class with 50% lecture and 50% lab that covers the most recent developments in the SDN arena.

The added value of this offering is that it will showcase several vendor solutions in the practical component of the class.

60

Juniper SDN Courses

Lead Generation

Juniper SDN Bootcamp 1-Day Course

Developed by SDN Essentials

Agenda:

Focuses on Contrail, though also covers SDN in general as well as OpenFlow support in Juniper hardware

Details the Juniper and VMware partnership and the Universal SDN Gateway technologies

Hands-on Contrail labs including the creation of a tenant, virtual networks, virtual instances, and service chaining

Configuring & Monitoring Contrail

2-Day Official Juniper Course

Updated by SDN Essentials

Contrail deep-dive

Agenda:

SDN Overview

Contrail Architecture

Basic Configuration

Service Chaining

Analytics

Troubleshooting

Hands-on Contrail labs

61

Get In Touch

Web: http://sdnessentials.com/

Sales E-Mail:

sales@sdnessentials.com

Education E-Mail:

classes@sdnessentials.com

Sales Office:

Address: 955 Benecia Ave,

Sunnyvale CA 94085

Phone: 415-902-5702

62

/sdnessentials

/company/3601186

@SDNEssentials

63

Q & A

64

Thank You.