14
SDN – CONTRAIL ENABLING CLOUD Parantap Lahiri Sr. Director, Solutions Engineering Suresh Balineni Staff Engineer

Contrail Cloudstack

Embed Size (px)

DESCRIPTION

Juniper

Citation preview

Page 1: Contrail Cloudstack

SDN – CONTRAIL ENABLING CLOUD Parantap Lahiri Sr. Director, Solutions Engineering

Suresh Balineni Staff Engineer

Page 2: Contrail Cloudstack

2 Copyright © 2013 Juniper Networks, Inc.

FUNDAMENTAL SHIFT: EVOLVING APPS

Physical Servers

IPS

LBs

FWs

Routers

VLAN

VLAN

VLAN

ACLs

FW Policies

LB Policies

Standalone Application (Dedicated Resources)

SEGMENTED NETWORKS

WAN

Technology Silo Evolving Applications

(on Resource Pool)

WAN

Virtual WAN Network

VM VM VM

VM VM VM

VM VM VM

STORAGE POOL

FW Service POOL

LB Service POOL

COMPUTE POOL

Dynamic Virtual Network +

Service Orchestration

?

Common Resource Pools (Datacenter & Beyond)

External Cloud Based Resources

Scale-Out Model

Page 3: Contrail Cloudstack

3 Copyright © 2013 Juniper Networks, Inc.

BRIDGING PHYSICAL/VIRTUAL NETWORKS…

CONFIDENTIAL – DO NOT DISTRIBUTE

OPEN, STANDARDS-BASED, FEDERATED CONTROLLER – SCALABLE, RESILIENT

CONTROL PLANE - PHYSICAL, VIRTUAL

PRESERVE AND INSERT DYNAMIC SERVICES (FIREWALL, LB…)

VIRTUAL NETWORK OVERLAY

INTEROPERABILITY WITH TRADITIONAL NETWORK DEVICES

PHYSICAL NETWORK

CONVERGED NETWORK ORCHESTRATION

AUTOMATION, ANALYTICS

Page 4: Contrail Cloudstack

L2/L3     L2/L3    

L3     L3    

L2     L2     L2     L2     L2     L2    

L2  Switch  L2  Switch  

L2/L3     L2/L3    

L2     L2     L2     L2     L2     L2    

L2  Switch  L2  Switch  

Mul/-­‐Chassis  LAG  TRUNK  

Legacy  Datacenter  –  Underlay  

VMs  

ToR   ToR  

Servers  

Page 5: Contrail Cloudstack

L2/L3     L2/L3    

L3     L3    

L2     L2     L2     L2     L2     L2    

L2  Switch  L2  Switch  

L2/L3     L2/L3    

L2     L2     L2     L2     L2     L2    

L2  Switch  L2  Switch  

Mul/-­‐Chassis  LAG  TRUNK  

Rou/ng  &  Filtering  between  VLANs  

VLAN  Span  Limit  

Legacy  Datacenter  –  Limited  VLAN  Span  

Servers  

VMs  

ToR   ToR  

Rou/ng  &  Filtering  between  VLANs  

No  VLANs  Across  L3      FW  

LB  

FW  

LB  

Page 6: Contrail Cloudstack

L2/L3     L2/L3    

L3     L3    

L2     L2     L2     L2     L2     L2    

L2  Switch  L2  Switch  

L2/L3     L2/L3    

L2     L2     L2     L2     L2     L2    

L2  Switch  L2  Switch  

Mul/-­‐Chassis  LAG  TRUNK  

VLAN  Span  Limit  

Legacy  Datacenter  –    No  Mul/-­‐tenant  overlapping  IP  space  support;  NAT  on  HW  Appliances      

Servers  

VMs  

ToR   ToR  

FW  

LB  

FW  

LB  Single  Rou/ng  Table    

(No  support  for  overlapping    mul/-­‐tenant  space)  

Page 7: Contrail Cloudstack

L2/L3  -­‐MPLS    

L3-­‐MPLS    

L2     L2     L2     L2     L2     L2    

L2  Switch  L2  Switch  

L2     L2     L2     L2     L2     L2    

L2  Switch  L2  Switch  

Mul/-­‐Chassis  LAG  TRUNK  

VLAN  Span  Limit  

Legacy  Datacenter  –    Mul/-­‐tenant  Support  with  MPLS  

Servers  

VMs  

ToR   ToR  

MPLS  with  VRF  for  mul/-­‐tenant  isola/on  

Tenant-­‐VRF   Tenant-­‐VRF  

L3-­‐MPLS    

L2/L3  -­‐MPLS     L2/L3  -­‐MPLS     L2/L3  -­‐MPLS    

MPLS  –  Enabled  links  

FW  LB  

FW  LB  

FW  LB  

FW  LB  

FW  LB  

FW  LB  

Tenant  Specific  HW  Appliance  

Services  

Tenant  Specific  HW  Appliance  

Services  

Page 8: Contrail Cloudstack

L3     L3    

L2-­‐SW      

L3  ToR  

   

L3  ToR  

   

L3  ToR  

   

L3  ToR  

L3     L3     L3     L3    

L3    

Typical  L2  Overlay  

•  Hypervisor  Switch  only  forward  L2  •  Separate  VM  based  router  perform  rou/ng  •  Separate  VM  based  router  perform  NAT  

VXLAN  

VXLAN  

VXLAN  

External  Network  External  Network  

L2-­‐SW   L2-­‐SW   L2-­‐SW   L2-­‐SW   L2-­‐SW   L2-­‐SW   L2-­‐SW   L2-­‐SW   L2-­‐SW   L2-­‐SW   L2-­‐SW  

Servers  

Page 9: Contrail Cloudstack

L3     L3    

L2/L3     L2/L3        

L3  ToR  

L2/L3     L2/L3     L2/L3        

L3  ToR  

L2/L3     L2/L3     L2/L3        

L3  ToR  

L2/L3     L2/L3     L2/L3        

L3  ToR  

L2/L3    

L3     L3     L3     L3    

L3    

Contrail  Overlay  

vRouter   vRouter   vRouter   vRouter   vRouter   vRouter   vRouter   vRouter   vRouter   vRouter   vRouter   vRouter  

•  Hypervisor  Router  handles  L2/L3  •  Hypervisor  Router  perform  na/ve  rou/ng  •  Hypervisor  router  perform  na/ve  NAT  

=  mul/-­‐tenant  VRF                                    

Service  Inser/on   Service  Inser/on  

External  Network   External  Network  

Servers  

Page 10: Contrail Cloudstack

L3     L3    

L3  ToR   L3  ToR   L3  ToR   L3  ToR  

L3     L3     L3     L3    

L3    

Contrail  Overlay  Datacenter  Abstrac/on  

Tenant  1  

Tenant  2  

Tenant  3  

Tenant  4  

VN1  VN2  

VN1  VN2  

VN1   VN2  VN1   VN2  

L3VPN   Internet  Router  

Page 11: Contrail Cloudstack

Contrail  Overlay  –  Mul/-­‐DC  

L2/L3     L2/L3        L2/L3    

vRouter   vRouter   vRouter  

L3VPN   Internet  MX  

Tenant  1  

Tenant  2  

Tenant  3  

Tenant  4  

VN1  VN2  

VN1  VN2  

VN1   VN2  VN1   VN2  

Datacenter  1  

Datacenter  2  

Datacenter  3  

IP  Underlay  

Page 12: Contrail Cloudstack

12 Copyright © 2013 Juniper Networks, Inc.

CONTRAIL ON IP NETWORK

10.1.1.1 10.1.1.2

70.10.10.1 151.10.10.1

10.1.1.2: NH = 151.10.10.1; LBL = 17 10.1.1.1: NH = 70.10.10.1; LBL = 39

10.1.1.1 10.1.1.2 PAYLOAD

VRF  

PriSrcIP PriDstIP

10.1.1.1 10.1.1.2 PAYLOAD LBL=17  GRE  70.10.10.1 151.10.10.1

PubSrcIP PubDstIP

VM  

VRF  

PriSrcIP PriDstIP

10.1.1.1 10.1.1.2 PAYLOAD

PriSrcIP PriDstIP

VM  

IP Network

Agent   Agent  

XMPP   XMPP  BGP  Based  Control  Plane  

Configura/on  Management  

REST/API  

10.1.1.2:NH = 151.10.10.1; LBL = 17 10.1.1.1:NH = 70.10.10.1; LBL = 39

(Dynamic  Tunnel  Encapsula/on)   (Dynamic  Tunnel  Decapsula/on)  

Server 1 Server 2

Control  Plane  

*Outer  MAC  header  was  le_  out  inten/onally  to  reduce  clu`er  

10.1.1.1:NH = 70.10.10.1; LBL = 39 10.1.1.2:NH = 151.10.10.1; LBL = 17

Control  Plane  

Page 13: Contrail Cloudstack

13 Copyright © 2013 Juniper Networks, Inc.

CONTRAIL TECHNICAL APPROACH

Contrail  Controller

Orchestrator

Configura/on Analy/cs

Control  Plane

Virtualized  Server VM VM VM

Virtualized  Server VM VM VM IP  fabric  

(underlay  network)

Cloud Orchestration

JunosV Contrail

Hypervisor, Contrail vRouter

XMPP

BGP, Netconf

Juniper & 3rd party Services *

VXLAN or MPLSoGRE/UDP

•  = Juniper and 3rd party services can also be physical devices (e.g. SRX) or hypervisor services (e.g. vGW) ** = Other Orchestration System support like Cloudstack, Customer OSS/BSS System

External IP Network

Router Gateway

Page 14: Contrail Cloudstack

14 Copyright © 2013 Juniper Networks, Inc.

SUMMARY – SCALE-OUT NETWORKING SYSTEM

 CONTRAIL  System

Configura/on    Node Configura/on    

Node

Control    Node Control  

Node

Compute  Node  

(Virtual  Router) Service  Node  

(SRX,  Firefly,  JSP,  ...)

Analy/cs    Node Analy/cs    

Node

Gateway  Node  

(MX,  EX/QFX,  ...)

Orchestrator  (OpenStack)

REST

IBGP

IF-­‐MAP

XMPP BGP,  NETCONF