Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
A PERSPECTIVE ON INFRASTRUCTURE SERVICES OUTSIDE THE NETWORKING BUBBLE
Michael Langdon, Phil Goddard, Aniket Daptari
Contrailers in the Contrail BU
Juniper Networks Proprietary and Confidential -- printed copies of this document are for reference only
This statement of direction sets forth Juniper
Networks’ current intention and is subject to
change at any time without notice. No purchases
are contingent upon Juniper Networks delivering
any feature or functionality depicted in this
presentation.
This presentation contains proprietary roadmap
information and should not be discussed or shared
without a signed non-disclosure agreement (NDA).
WHAT SHOULD YOU BE THINKING ABOUT?
• This session will show you how users of infrastructure services (compute, storage and network) view infrastructure and what do they want from it?
• This perspective is intended to provide a thought process which will assist you in evaluating what technologies should be included in target network architectures.
• One constant is change
• Infrastructure should be reusable, multi-use, agile and agnostic
MACRO TRENDS AROUND INFRASTRUCTURE SERVICES
C L O U DT R E N D S
Device Explosion
Billions of connected / IOT devices
Running applications in the cloud
Machine Learning & AI
Device Explosion leads to data explosion
ML / AI being key to monitor / detect / remediate issues (performance, security, etc.)
NLP interfaces to devices
Cloud Migration
Custom apps are being built in the Cloud
Enterprises apps migrating to SaaS
Microservices / Scale-out Apps
TTM of apps
App portability & scalability
Move from monolithic to microservices
OpenSource Adoption
Proprietary software perceived as ‘vendor lock-in’
All layers of stack are open-sourced
PUBLIC CLOUD
DISRUPTION IN ENTERPRISE: MOVE TO CLOUD
Developers
Deployers
SaaS
Enterprise Hosted Apps
Private Cloud
Monolithic Apps
Private/Colo
Private DC (IT)
IaaS / PaaS / Hybrid Cloud Usage
SaaS Usage
Time
Serv
ice
Cre
atio
n
Consumer of Services
Serv
ice
Co
nsu
mp
tio
n Enterprise Apps to SaaS
Monolithic to Scale-out Apps
Private/Colo to Hybrid Cloud
PaaS
IaaS
LET’S GET A PERSPECTIVE….
WHAT IS THE USER VIEW OF THE POWER GRID?
•Power grid is a black box of
infinite capacity
•As long as I have the right plug I
can get it anywhere
•If the socket doesn’t work, I find
another socket
•I don’t care how it works as long
as it works...
WHAT IS THE USER VIEW OF INFRASTRUCTURE?
• Infrastructure is a black box of infinite capacity
• As long as I have the right plug I can get it anywhere
• If the service isn’t easy to get and use, I find another service
• I don’t care how it works as long as it works...
WHO AND WHERE ARE THE USERS
• They are not in the network team
• They access applications
• They build applications
• They are applications
• They are anywhere they want to be
• They want what they want now or they go elsewhere to have their needs satisfied
CONTRADICTIONS AMONGST PLAYERS
• Application users just want to use the app and don’t want hurdles in the way (connectivity, security, performance, etc)
• Application developers just want their apps to work and usually just want basic isolation and security gets in the way
• Budget owners want the best bang for the buck and that may complicate everything as their view is infrastructure is like buying other services. Just change vendors to get the best price.
THE TWO MAJOR DRIVERS
User Experience
How can I manipulate infrastructure (compute, storage, networking, security) to address a user experience issue?
Infrastructure cost
Where do I want to place my workloads in relation to my users to optimize for cost in delivering those services?
This will change over time based on cost of services, scale required and application lifecycle
How do we get infrastructure to react to these changes in with minimal effort? Infrastructure is a living component of the application.
MODIFIERS OF THE PRIMARY DRIVERS
Consistent security enforcement and validation independent of how and where something is deployed
Level of security available via specific infrastructure modifies where you can deploy something
Compliance
Level of compliance validation modifies where you deploy
Cost per unit of infrastructure against budget
Modifies service provider allowed and scale
SLA/Perforformance and likely some other modifiers
SO WHAT DOES THE NETWORK NEED TO DO THEN….
DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS
Managed Virtual Private Cloud (VPC)
(Provider Portal)
Public Cloud
POP Data Center
VMG1
VMG2
VMG3
VN G
VMR1
VMR2
VMR3
VN R
Customer Premise
VMFW
VMFW
Managed Virtual Private Cloud (VPC)
(Provider Portal)
Public Cloud
POP Data Center
VMG1
VMG2
VMG3
VN G
VMR1
VMR2
VMR3
VN R
Customer Premise
VMFW
VMFW
DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS
Managed Virtual Private Cloud (VPC)
(Provider Portal)
Public Cloud
POP Data Center
VMG1
VMG2
VMG3
VN G
VMR1
VMR2
VMR3
VN R
Customer Premise
VMFW
VMFW
DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS
Managed Virtual Private Cloud (VPC)
(Provider Portal)
Public Cloud
POP Data Center
VMG1
VMG2
VMG3
VN G
VMR1
VMR2
VMR3
VN R
Customer Premise
VMFW
VMFW
DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS
Managed Virtual Private Cloud (VPC)
(Provider Portal)
Public Cloud
POP Data Center
VMG1
VMG2
VMG3
VN G
VMR1
VMR2
VMR3
VN R
Customer Premise
VMFW
VMFW
DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS
M a n a g e a b i l i t y & O p e r a t i o n s
S e c u r i t y
C o n n e c t i v i t y
NETWORKS ARE MORE THAN CONNECTIVITYFUNGIBLE COMPONENT OF THE APPLICATION
CPE
Remote Branch Office
Telco POPs
Apps(running in multiple environments)
…
Public Cloud (VPC’s)Multi-site DC / Private Cloud (VMs, BMS,
Containers, VNFs)
FIREWALL
VMs
Containers
IP Fabric
BMS
…
People(Developers, Net Ops, CISO, …)
V I S I O N
Provide Connectivity, Security, and Manageability for:
1. People Apps
2. Apps AppsCustom Apps
WAN GW
PHYSICAL LOCATION AGNOSTICLO
GIC
AL
PH
YSIC
AL
DC / REGION 1
IP / MPLS VPNEVPN
VMs in DC 1 VMs in DC 2
Intra-network Traffic
VIRTUAL NETWORK GREEN(Spans multiple Cloud Environments)
WAN GW
DC / REGION 2
BGP BGP
VMs in DC 1
Intra-Network Traffic
VIRTUAL NETWORK BLUE(Spans multiple Cloud Environments)
Network Policy for Inter-NW traffic
G1
G2 G3 G4 B1
B2
B3
B4
G1
G2 B2
G3
G4 B4
B3
B1
R3
R4
R1
R2
VNs span multiple cloud environments
(DCs)
Security Policies can span multiple remote
data centers
Multiple ways to federate control plane
traffic (directly through Controller or
Through MX)
Global Controller on top to orchestrate
multi-DC clusters
VMs in DC 2
VRF (RT2)
VRF (RT1)VRF
(RT2)
1. Direct Controller Federation of Control traffic
2. Gateway (MX) based Federation of Control Traffic
VRF (RT1)
Multi-Region Orchestration using service definition templates
ORCHESTRATION AND WORKLOAD AGNOSTIC
C C C
C C C
GREEN Virtual Network
Tenant POD Containers
Virtual Firewall
Physical Gateway RouterNon-Virtualized (Bare Metal) Server
Physical Network (Internet, L3VPN, ...)
RED
PhysicalNetwork
Virtual Load Balancer
Service Chain
Virtualized Server hosting Virtual Machines
HOW DOES JUNIPER ENABLE THE APPLICATION DRIVEN INFRASTRUCTURE….
INTENT DRIVEN NETWORK SERVICES
VMs (KVM / Linux)
BMSContainers
VMs (ESXi)
OpenStack Kubernetes Marathon / Mesos ICO / ICM Amdocs NCSO Juniper CSODocker Swarm Custom …
vRouter vRouter
FOR
WA
RD
ING
SER
VIC
ESO
RC
H.
DDI FW LB Svc Ch. Sec Policy QoS Health Check Analytics
CO
NTR
OL
Router / TORvRouter
L3 VNL2 VN
...
…
Config Plane: Netconf, OVSDBControl Plane: BGP (EVPN, L3VPN), OVSDB
INTENT DRIVEN SECURITYSINGLE PRODUCT INSTANCE COVERING MULTIPLE ENVIRONMENTS
CustomCustom
Single Contrail deployment(Offering connectivity & security Layer for multiple environments)
Policy Framework
1. Discovery of topology and activity within/across application tiers
2. Centralized security policies with multiple distributed enforcement points (L2-L4, L7 using Host-based firewall)
3. Single Contrail deployment providing both Security & Connectivity across multiple environments
4. Visualization for policy definition (i.e. config) and SIEM (i.e. reporting, troubleshooting, app flow discovery, etc.)
HOLISTIC
FULL-STACK OPS
MANAGEMENT
INTENT DRIVEN OPERATIONS
ANY APPS & SERVICES CLOUD INFRASTRUCTURESOFTWARE-DEFINEDINFRASTRUCTURE
PHYSICAL INFRASTRUCTURE
VALIDATION THROUGH ANALYTICS
NEXT STEPS….
27
• Take stock of who your users are• How do they want to consume resources?• Do they describe requirements in terms of
business metrics?• What is your expectation of rate change in user
requirements and use cases?• How do you want to provide infrastructure to drive
positive user experience and adaptable infrastructure economics?
• What technologies will facilitate this?
THANK YOU FOR YOUR KIND ATTENTION