westcon nsx eco system juniper meta …be.westcon.com/documents/55405/jun_vmware_nsx.pdf ·...

Slide Type Juniper Networks Large Venue Template / 16x9 / V6 Executive Intro Slide

WESTCON NSX ECO SYSTEM JUNIPER META FABRIC - THE INTEGRATION OF VMWARE NSX

Rick Mur

SENIOR SYSTEM ENGINEER

JUNIPER NETWORKS

JNCIE-SP #851, JNCIE-ENT #456, CCIE4 #21946

NEXT GENERATION DATA CENTER NETWORK

Slide Type Juniper Networks Large Venue Template / 16x9 / V6 Big Concept Slide

WHY?

Slide Type Juniper Networks Large Venue Template / 16x9 / V6 Blank Slide Title and Content

1-Line

WAN

DATA CENTER 2.0 collapsed core architecture, heavy virtualization

VM

ESX

VM

ESX

VM

ESX SRV SRV

VM

ESX

VM

ESX

VM

ESX

VM

ESX SRV SRV

VM

ESX

L2 stretch

Dark fiber / WDM

L2 pseudo wires

VPLS

Proprietary

L2 issues

Loops

Flooding

ARP

Broadcast storm


1-Line

WAN

DATA CENTER FABRIC fabric (spine/leaf) L3 CLOS architecture, hyper virtualization

VM

ESX

VM

ESX

VM

KVM SRV

VM

KVM

VM

KVM

VM

KVM

VM

ESX SRV

VM

ESX

VM

ESX

VM

ESX

Overlay

MAC learning

Active/Active

Independent

Multi Hypervisor

ESX

KVM

Docker


HOW?


1-Line

CLOUD STITCHING Requirements Multi Hypervisor

VMware NSX for vSphere (6.1)

Juniper Contrail / Open vSwitch (KVM)

Juniper Contrail / Open vSwitch (Docker)

Legacy hosts/networks

Multi Data Center

Optimal MAC learning

Active/Active

Optimal traffic forwarding

Automation

Provisioning

Analytics

Optimal traffic forwarding

Hardware

Best in class performance

Carrier Grade

Open and Flexible


1-Line

THE SOLUTION

L2

L3

Virtual Network

L2

VM VM

Ph

ys

ica

l L

og

ica

l

Business Agility Benefits

No network-level changes

Automated configuration

No Layer 2 protocols

Dynamic resource allocation

Logical Scaling Benefits

Network is all Layer 3

VM MACs are masked

No need to configure VLANs

Support for multi-tenancy

Similar to VRFs

Pooled resources

No need to configure VLANs

Decouple Physical and Logical Network

Underlay

Overlay

Slide Type Juniper Networks Large Venue Template / 16x9 / V6

VMWARE VIEW OF THE NETWORK WORLD

Ad

va

nce

d D

ata

Ce

nte

r N

etw

ork

Se

rvic

es

in S

oftw

are

- A

uto

mate

d

L2 Switching

L3 Routing

Firewalling/ACLs IPsec VPN L2 VPN SSLVPN

Load Balancing

Any Application

SDDC Platform

Any x86

Any Storage

Any IP network

Data Center Virtualization

Any Network Fabric

Access Port, Router, Firewall, Load Balancer Anywhere

Virtualized Network

Underlay Network

Any X86 Anywhere

Virtualized Compute

Virtualized Storage Wo

rklo

ad

An

yw

he

re

Co

mp

lete

Au

tom

atio

n

3rd Party

Open, No vendor preference


Juniper confidential, protected under NDA

VMware + Juniper – Why?

NSX Virtual Networking Physical Switching & Routing

• Maximize agility and flexibility

• DC programmatic control

• Common policy across DC

• High performance and scalable

• Robust security and reliability

• Simplified Management

VMware Compute Virtualization VM-aware Management and VNFs

+

+

SDDC: Virtualization & Automation MetaFabric: Performance & Automation

BETTER

TOGETHER

• Ultimate complimentary /clear demarcation • Mutual willingness investment to integrate • Juniper committed to integrate further with VMware than any other vendor full domain • Bridges the physical and virtual worlds • Ensuring SDDC readiness


WHAT?

BEST HARDWARE


1-Line

IP FABRIC TOPOLOGIES One Size Doesn’t Fit All

S S S S

L L L L L L L L L L L L L L L L

3:1

O/S

3-Stage IP Fabric

S S S S S S S S

L L L L L L L L L L L L L L L L

A A A A A A A A

3:1

O/S

5-Stage IP Fabric

Performance

L L L L L L L L

A A A A A A A A A A A A A A A A

S S S S

3:1

O/S

3:1

O/S

3:1

O/S

3:1

O/S

24:1

O/S

5-Stage IP Fabric

Real Estate / POD

S L A Spine Leaf Access


VMWare VMWare VMWare VMWare

vswitc

h

vswitc

h

vswitc

h

vswitc

h

Spine 1 Spine 2 Spine 3 Spine 4

VCF

VMWare VMWare VMWare VMWare

vswitc

h

vswitc

h

vswitc

h

vswitc

h


VCF


VCF

Gold POD Silver POD Bronze POD

MX

EX9200

L2

L3

5-STAGE IP FABRIC Universal SDN Gateway


SWITCHING ARCHITECTURES

Juniper

Architectures

Open

Architectures

MC-LAG

…

QFX5100

Virtual Chassis

Up to 10 members

Junos Fusion

Up to 128 members

IP Fabric

L3 Fabric

Virtual Chassis

Fabric

Up to 20 members

Benefits • Single point of

management and

control

• Purpose-built and

turnkey

Benefits • Flexible deployment

scenarios

• Open choice of

technologies and

protocols

One Architecture Does Not Fit All; QFX5100 enables Choices!


Junos VM (Master) Junos VM (Master) Junos VM (Backup) Junos VM (Master)

High-Level QFX5100 Architecture

x86 Hardware Broadcom Trident II

Kernal Based Virtual Machines

Broadcom Trident II

PFE PFE

Linux Kernel

TOPOLOGY INDEPENDENT ISSU

Challenge

Solution

Benefits

Downtime not acceptable during software

upgrades. Legacy/competitive solutions need the

support of adjacent devices during software

upgrade.

Topology-independent ISSU – Made possible by

QFX5100’s unique software architecture.

• No traffic loss during upgrades

• No port flap during upgrades

• Works in any switching architecture



QFX10002 FIXED SWITCHES

QFX10002-72Q

2RU

5.76 Tbps

• 2RU Fixed Switches:

• 72 x 40G QSFP+ / 24 x 100G QSFP28 / 288 x 10G

SFP+

• 36 x 40G QSFP+ / 12 x 100G QSFP28 / 144 x 10G

SFP+

• Intel Quad Core Ivy Bridge 2.4Ghz CPU, 16GB

SDRAM

• Front-to-back airflow with 3 rear fan trays

• AC & DC Power

• QFX10002-72Q: 2+2 / 2+1 redundancy

• QFX10002-36Q: 1+1 redundancy

Elit-36Q Elit-72Q

System throughput 2.88 Tbps 5.76 Tbps

10G Density (SFP+)

(breakout)

144 288

40G Density (QSFP+) 36 72

100G Density (QSFP28) 12 24



QFX10008/QFX10016 MODULAR SWITCHES

13RU

8 Slot

48 Tbps

21RU

16 Slot

96 Tbps

• Mid plane-less orthogonal interconnect architecture

• 6 switch fabric cards with N + 1 redundancy

• Redundant Routing Engines

• Intel Quad Core Ivy Bridge 2.4Ghz CPU, 16GB SDRAM

• Front-to-back airflow with 2 rear fan trays

• AC & DC Power with N+1 redundancy

• 8-slot: 6 PSUs, 16-slot: 10 PSUs

• Line Cards:

• 36 x 40G QSFP+ / 12 x 100G QSFP28

• 30 x 100G QSFP28 / 30 x 40G QSFP+

• 60 x 10G SFP+ with 6 x 40G QSFP+ / 2 x 100G

QSFP28

QFX10008 QFX10016

10G Density (SFP+) (Native) 480 960

10G Density (SFP+) (breakout) 1152 2304

40G Density (QSFP+) 288 576

100G Density (QSFP28) 240 420

BEST SOFTWARE


1-Line

USG (UNIVERSAL SDN GATEWAY) Introducing four new options for SDN enablement

Provide SDN-to-non-SDN translation, same IP subnet

SDN to IP (Layer 2)

Layer2 USG

Remote

Data

Center

Branch

Offices Internet

Layer3 USG

Provide SDN-to-non-SDN translation, different IP subnet

SDN to IP (Layer 3)

Provide SDN-to-SDN translation, same or different IP subnet, same or different overlay

SDN USG

SDN to SDN

WAN USG

Provide SDN-to-WAN translation, same or different IP subnet, same or different encapsulation

SDN to WAN

USG (Universal SDN Gateway)


1-Line

PRIVATE MPLS WAN without EVPN

VLAN 10

PRE-EVPN: LAYER 2 STRETCH BETWEEN DATA CENTERS

EVPN (Ethernet VPN)

DATA CENTER 1

VLAN 10

DATA CENTER 2

✕

Without EVPN

Data

Plane • Only one path can be active at a given time

• Remaining links are put into standby mode

Control

Plane

• Layer 2 MAC tables are populated via the data plane

(similar to a traditional L2 switch)

• Results in flooding of packets across WAN due to

out of sync MAC tables

MAC: AA

Server 1 xe-1/0/0.10

xe-1/0/0.10 xe-1/0/0.10

xe-1/0/0.10

MAC: BB

Server 2

ge-1/0/0.10

ge-1/0/0.10

MAC VLAN Interfaces

BB 10 xe-1/0/0.10

Router 2’s MAC Table

ge-1/0/0.10

ge-1/0/0.10

MAC VLAN Interfaces

AA 10 xe-1/0/0.10



1-Line

PRIVATE MPLS WAN without EVPN

VLAN 10

EVPN: LAYER 2 STRETCH BETWEEN DC’S EVPN (Ethernet VPN)

DATA CENTER 1

VLAN 10

DATA CENTER 2

With EVPN

Data

Plane

• All paths are active

• Inter-data center traffic is load-balanced across all

WAN links

Control

Plane

• Layer 2 MAC tables are populated via the control

plane (similar to QFabric)

• Eliminates flooding by maintaining MAC table

synchronization between all EVPN nodes

MAC VLAN Interfaces

AA 10 xe-1/0/0.10

BB 10 ge-1/0/0.10


MAC: AA

Server 1 xe-1/0/0.10

xe-1/0/0.10 xe-1/0/0.10

xe-1/0/0.10

MAC: BB

Server 2

ge-1/0/0.10

ge-1/0/0.10

MAC VLAN Interfaces

BB 10 xe-1/0/0.10

AA 10 ge-1/0/0.10


ge-1/0/0.10

ge-1/0/0.10


1-Line

DC 2 VLAN 10

10.10.10.100/24

DC 3

10.10.10.200/24

VLAN 10

VLAN 20

Server 2 Server 3

Server 1

PRIVATE MPLS WAN

DC 1

20.20.20.100/24

Active VRRP

DG: 10.10.10.1

Standby VRRP

DG: 10.10.10.1

Standby VRRP

DG: 10.10.10.1

Standby VRRP

DG: 10.10.10.1

WITHOUT VMTO: TROMBONE EFFECT

Task:

Server 3 in Data Center 3 needs to send packets to

Server 1 in Data Center 1.

Problem:

Server 3’s active Default Gateway for VLAN 10 is in

Data Center 2.

Effect:

1. Traffic must travel via Layer 2 from Data Center 3 to

Data Center 2 to reach VLAN 10’s active Default

Gateway.

2. The packet must reach the Default Gateway in order

to be routed towards Data Center 1. This results in

duplicate traffic on WAN links and suboptimal routing

– hence the “Egress Trombone Effect.”

VMTO (VM Mobility

Traffic Optimizer)


1-Line

DC 2 VLAN 10

10.10.10.100/24

DC 3

10.10.10.200/24

VLAN 10

VLAN 20

Server 2 Server 3

Server 1

PRIVATE MPLS WAN

DC 1

20.20.20.100/24

WITH VMTO: NO TROMBONE EFFECT

Effect:

1. Ingress traffic destined for Server 3 is sent directly

across the WAN from Datacenter 1 to Datacenter 3.

This eliminates the “Ingress Trombone Effect” and

creates the most optimal forwarding path for the Inter-

DC traffic.

Task:

Server 1 in Datacenter 1 needs to send packets to Server

3 in Datacenter 3.

Solution:

In addition to sending a summary route of

10.10.10.0/24 the datacenter edge routers also send

host routes which represent the location of local

servers.

10.10.10.0/24 Cost 5 10.10.10.0/24 Cost 10

Route Mask Cost Next Hop

10.10.10.0 24 5 Datacenter 2

10.10.10.0 24 10 Datacenter 3

10.10.10.100 32 5 Datacenter 2

10.10.10.200 32 5 Datacenter 3

DC 1’s Edge Router Table WITH VMTO

10.10.10.100/32 Cost 5 10.10.10.200/32 Cost 5

VMTO (VM Mobility

Traffic Optimizer)


1-Line

CLOUD STITCHING Connectivity Options

Bare Metal

Plain VLANs

VMware NSX-V

Virtual Networks

NSX Edge Bridge

KVM (Contrail)

Virtual Networks

MX Edge integration

Docker Containers

Virtual Networks

MX Edge integration

Roadmap

EVPN

AUTOMATION


High-IQ networks that know virtualization and automation

Juniper: The Partner For Transformation

Service delivery from months to minutes

Start small, grow fast, stay profitable

Truck rolls to mouse rolls

“Fast-Fail” To succeed quicker!

AUTOMATE: PROGRAMMABLE “DevOps”

• Reduce test cycles and time-to-market • Automate continuous operations • Unify IP+IT domains with programmability

Test = Production Infrastructure

Production Infrastructure

Test Infrastructure

Months / Years Minutes / Days

• Shorten procurement and test • Reduce start up costs • Simplify inventory and recycle assets

SCALE: OUT AND UP/DOWN

COTS

Appliances

• Centralize complexity and operations • Customize service combinations on-demand • Scale independently and elastically

Service Control

Gateway

SDN Controller

CREATE: CUSTOMIZED AND ON-DEMAND

NFV Solution

User Portal


1-Line

QUOTE

So essentially - the logical topology of servers, services and L3 GWs

are not really any different from a datacenter 10 years ago.

The difference is that we now have control over how anything is

connected by the click of a button instead of physical racking, stacking

and (re-)cabling


Automate: Introducing Junos DevOps Features Months To Minutes: Programmability To Unify IP And IT Operations

IP Domain

Routers Switches SNMP, CLI,

Scripting

Unified Framework

App

s

Servers, Compute,

Storage

IT Domain

Puppet, Python,

Etc

• Common System-Wide

Programmable Operations

• IT Services Synchronized With

IP Network

• Eliminate “Trouble Ticket”

Interface

• Shorten Time-To-Market

• Leverage One Of World’s

Largest Network Footprints

ANALYTICS



HOW CAE COMPONENTS WORK TOGETHER

Open API Open Schema

REST API

Data Center Network Infrastructure

ORCHESTRATION (ND)

DLE

QFX / EX Switches

JUNOS NDA Physical Host with Hypervisor

CA

Physical Host with Hypervisor

CA QFX / EX Switches

JUNOS NDA

QFX / EX Switches

JUNOS NDA


NETWORK DIRECTOR 2


1-Line

CLOUD STITCHING Summary

Achievements

No compromise IP Fabric

Existing hardware

Existing software

No competition for Multi Data Center

Show migration path from legacy to SDN

Seamlessly stitch SDN Overlays

Automation

Scalable

Choice of overlay



Learn More • VMware Partnership

• On juniper.net (scroll down to VMware)

• Customer Presentation • Customer Presentation – Savo

• Whitepapers • Connecting Physical and Virtual Networks with VMware NSX and Juniper Platforms – VMware Site

• Solution Brief • USING SOFTWARE-DEFINED DATA CENTERS TO ENABLE CLOUD ADOPTION– VMware Site

• LAYER 2 GATEWAY SERVICES WITH VMWARE NSX - Juniper Site

• Blogs • Juniper and VMware: Collaborating to Enable The Software-Defined Data Center – VMware Site

• Using Differentiated Services to Tame Elephants – VMware Site

• Ready to unleash your new ideas? Join Juniper Networks at VMworld 2014 – Juniper Site

• Eliminate confusion. Unleash ideas. Boost agility. – Juniper Site

• Videos • QFX5100 VXLAN Integration with NSX and Ubuntu/KVM/OVS – YouTube

• Inter-VXLAN routing with Juniper switch and NSX - YouTube

http://www.juniper.net/sites/us/en/partners/technology-alliances/data-center/index.page

https://juniper.gosavo.com/Document/Document.aspx?id=34934314&view

https://communities.vmware.com/servlet/JiveServlet/previewBody/27610-102-1-37002/Technical_White_Paper_L2Gateway_VMware_Juniper_Aug_21_2014.pdf

http://www.vmware.com/files/pdf/products/nsx/Juniper-NSX-whitepaper.pdf



http://www.juniper.net/us/en/local/pdf/solutionbriefs/3510490-en.pdf

http://blogs.vmware.com/networkvirtualization/2014/04/juniper-vmware-collaborating.html



http://blogs.vmware.com/networkvirtualization/partners

http://forums.juniper.net/t5/The-Tao-of-NetComm/Ready-to-unleash-your-new-ideas-Join-Juniper-Networks-at-VMworld/ba-p/254199

http://forums.juniper.net/t5/The-Tao-of-NetComm/Eliminate-confusion-Unleash-ideas-Boost-agility/ba-p/259467

https://www.youtube.com/watch?v=Lfo8-uuOLo0

https://www.youtube.com/watch?v=VOBGfoBScJo




INFRASTRUCTURE DEMO


1-Line

DEMO Hardware

Hardware

2 ESXi 5.5 hosts

Xeon E3-1230 / Avoton C2750

32GB RAM each

128GB SSD for vFlash Cache

NFS storage (Synology DS713+)

Physical network

Juniper EX2200-C

Few VLANs

Software

Virtual MX JUNOS 14.1R2.12 with JSDN

NSX-V 6.1


1-Line

WAN

DEMO Simplified Topology

172.22.10.0/24

vBSD1 vWin1

.204 .201

App

OS

App

OS

vBSD2 vWin2

.205 .202

App

OS

App

OS

vBSD3 vWin3

.206 .203

App

OS

App

OS


1-Line

DEMO Logical Topology

Distributed vSwitch

VLAN 13 VMware NSX-V

VLAN 11

NSX Edge Bridge

EVPN

WAN

0.0.0.0/0

172.22.10.0/24

vBSD3 vWin3

App

OS

App

OS

vBSD1 vWin1

App

OS

App

OS


1-Line

WAN DEMO Detailed Topology

NAS

VLAN 1 (management)

vMX0

vMX1

VLAN 5 (transit)

vEdge

VLAN 11

VXLAN 6500

vBSD1 vWin1

.204 .201

Test network: 172.22.10.0/24

App

OS

App

OS

MPLSoGRE 5001

vBSD2 vWin2

.205 .202

App

OS

App

OS

vMX2

VLAN 13

vBSD3 vWin3

.206 .203

App

OS

App

OS

vMX3

vMX2

vESX3 vESX4

VLAN 12


AUTOMATION DEMO


1-Line

AUTOMATION WORKFLOW Step 0: Fundament

VM

ESX

VM

ESX

EVPN

VM

ESX

VM

ESX

IP IP L2 L2

NSX


1-Line

AUTOMATION WORKFLOW Step 1: Virtual Networks

VM

ESX

VM

ESX

EVPN

VM

ESX

VM

ESX

IP IP L2 L2

NSX


1-Line

AUTOMATION WORKFLOW Step 2: Bridge

VM

ESX

VM

ESX

EVPN

VM

ESX

VM

ESX

IP IP L2 L2 L2 L2

NSX

VXLAN VXLAN


1-Line

AUTOMATION WORKFLOW Step 3: Enable EVPN

VM

ESX

VM

ESX

EVPN

VM

ESX

VM

ESX

IP IP L2 L2 L2 L2

NSX

VXLAN VXLAN

Junos Space


1-Line

AUTOMATION WORKFLOW Orchestration components

VMware vCenter

vCenter Orchestrator

Junos Space

VMware NSX vRealize Automation

SOAP

REST

REST SOAP

REST

NETCONF

REST

REST

Web Portal

Slide Type Juniper Networks Large Venue Template / 16x9 / V6 Blank Slide

westcon nsx eco system juniper meta …be.westcon.com/documents/55405/jun_vmware_nsx.pdf ·...

Documents