Banv meetup-contrail

Slide Type Juniper Networks Large Venue Template / 16x9 / V6 Executive Intro Slide

CONTRAIL SDN AND NFV Bay Area Network Virtualization

CONTRAIL CLOUD SOLUTIONS GROUP

Sree Sarva, Aniket Daptari

Slide Type Juniper Networks Large Venue Template / 16x9 / V6 Blank Slide Title and Content

1-Line

AGENDA

CHALLENGES & TRENDS 1

2

USE CASES AND PARTNERSHIPS 3

CONTRAIL 4

DEMO / HANDS-ON 5

NETWORK FOR CLOUD ERA

Slide Type Juniper Networks Large Venue Template / 16x9 / V6 Big Concept Slide

1. CHALLENGES AND TRENDS

Slide Type Juniper Networks Large Venue Template / 16x9 / V6 Title and Bullets

GENERAL CHALLENGES

OVER THE TOP THREAT

NETWORK TO CLOUD

TIME TO SERVICE

PRODUCT EVOLUTION

OSS AGILITY

Addresses these challenges using existing assets without costly investments in network refresh and proprietary OSS systems

§  Lengthy service provisioning times of days to weeks

§  IP Activation process cumbersome

§  Lengthy new product introduction & certification times

§  Bundles limited by physical infrastructure

§  OTT cloud providers compete using internet

§  Network commoditised

§  Lack integration of Public and Private cloud offerings

§  Leveraging network to differentiate

§  Expensive to replace or augment current OSS systems


TIME TO SERVICE DEPLOYMENT Code to production launch

OPERATIONAL COMPLEXITY # of SKUs to manage

OPERATING EXPENSES Servers managed per admin

…AND OTT PROVIDERS ARE INNOVATING FASTER Dynamic network service automation is the key priority for Service Providers

AMAZON: 1 per 10,000 servers Each admin can operate ~10,000 servers

TELCO: Less than 100 Each admin can manage up to ~100 servers = large headcount

GOOGLE: Few seconds STAT MUX Service on Existing Infrastructure

TELCO: 10-12 Months Mobile Operators quote many months per service; mostly manually

GOOGLE: 10s Configs Google: ~10 shared hardware system bundles

TELCO: Thousands configs 1000’s of SKUs to manage makes IT overly complex

Opportunity for accelerating TTM, reducing costs and optimizing operations


2. NETWORK FOR CLOUD ERA


HW HW

App App Network Virtualization & Automation

Compute & Storage

Virtualization

Traditional (1990’s)

Management

Platform

Infrastructure

Hypervisor

App App App

HW HW

•  Network functions / services available as virtual machines

•  Apps are re-architected for scalable deployments, HA, IaaS / Paas

•  App Developers have a self-service model to get resources

Cloud (2010+)

•  Apps run on dedicated hardware

•  Hardware for each network function

App App App

Hypervisor

HW HW

Virtualization (2000’s)

•  Virtualized apps have flexibility to move between hardware units

CLOUD CHANGES THE ARCHITECTURE Enables Large Scale Automation & Network Function Virtualization

Capex savings through Virtualization & higher device utilization

Benefits Opex savings through Agility & Automation

Benefits


1-Line

PRIVATE INFRASTRUCTURE

THE NEW NETWORK – BUILT FOR CLOUD

PROPRIETARY

HARDWARE SERVICES

CONFIGURED, MANAGED

TODAY AUTOMATED &

ORCHESTRATED

VIRTUALIZED, ON DEMAND SERVICES

HYBRID CLOUD INFRASTRUCTURE

OPEN SOURCE, OPEN STANDARDS

TOMMORROW


3. USE CASES & PARTNERSHIPS


1-Line

§  Silo’ed Resource Allocation §  Manual Configuration §  Static Service Chains

IT CLOUD

§  Dynamic Resource Allocation §  Automatic Configuration §  Dynamic Service Chains

CURRENT IT DATACENTER

VLANS VLANS

FINANCE HR MARKETING

Firewalls Load-Balancer

MODERN IT DATACENTER

VIRTUALIZED

HR MARKETING FINANCE

Virtual-Network based Orchestration (Compute, Storage, Apps)

Physical Servers

Local Hard Drives


1-Line

CLOUD CPE SERVICE

Router Services

DHCP Routing CGNAT

Full featured CPE

in Virtualized Services SP Delivered

Service Provider IP Edge

IP VPN Service

Modem / ONT

Switch

Voice

DHCP Routing FW & UTM

Management Wireless Controller

Access Point

IPS/ IDS SECURITY

Pulse

Tethered CPE

Modem / ONT Switch Access Point

Voice Pulse

§  Decrease cost of physical CPE §  Increase agility of introducing new services §  Decrease cost of servicing customers

§  Services limited by capability of physical CPE hardware §  Expensive to roll out new services §  Costly customer support

Routing Unified Threat WAN Optimization

Firewall DHCP Management

IPv4-v6 Caching & Video Load Balancing Policy Control DDOS

Traffic Detection/ DPI

Customer Value CPE Delivered


NEXTIP VPN

Customer Site A

SLB FW UTM CDN WAN Opt

SELF-SERVICE ENTERPRISE SERVICES

Customer Site B

TELCO CLOUD

Contrail SDN

2. Openstack standard interfaces provision virtual services

1. Standard API’s allow for simple portal control

3. Use of standard routing

protocols to connect ANY SP customer to ANY service without

interfacing with IP-RDM or similar


HYBRID CLOUD - IAAS AND VPC End-to-End Virtual Network Orchestration and Automation

Standards-based, seamless internetworking within/across DC’s and Enterprise private network


4. CONTRAIL


1-Line

CONTRAIL – VIRTUALIZED NETWORK SERVICES & AUTOMATION

CONTROL PLANE, MANAGEMENT PLANE NETWORK PROGRAMMABILITY

ENABLING NFV (NETWORK FUNCTION VIRTUALIZATION)

VIRTUALIZED NETWORK SERVICES

INTEROPERABILITY WITH PHYSICAL NETWORK

NETWORK VIRTUALIZATION (PRIVATE, HYBRID)

CONVERGED NETWORK ORCHESTRATION AUTOMATION, ANALYTICS


1-Line

OPENCONTRAIL COMPONENTS

Physical Network (no changes)

Analytics

OPENCONTRAIL CONTROLLER

Control Configuration

Physical Host with Hypervisor

vRouter

VM VM VM VM

Physical Host with Hypervisor

vRouter

VM VM VM VM

WAN, Internet

Gateway

Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network

Real-time analytics engine collects, stores and analyzes network elements Interacts with network elements for

VM network provisioning and ensures uptime

vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node

Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance

TODAY 2014


IPAM, Virtual DNS

Security Load Balancing

3rd Party Network Services

Rich Analytics High Availability

Service Chaining API Services

Routing and Switching

Gateway Services

KEY FEATURES


67%

67%

67%

67%

62%

57%

52%

52%

52%

52%

48%

43%

38%

CDN Akamai, Junos Content Encore

IMS Sonus SBC

Virtual routers & security gateways Firefly

Mobile core, EPC

Firewalling Firefly

DPI Sandvine

Traffic Analysis Tools Guavus

IPS / IDS security Firefly, DDos Secure

Network Monitoring tools

Web Security WebApp Secure

WAN acceleration and optimization Silver-Peak, Riverbed Steelhead

Application acceleration Riverbed ADC AAA Servers

UAC / Steelbelt Radius

57%

52%

VIRTUALIZED NFV SERVICES Juniper Services or 3rd Party/Best-of-Breed

Source: Infonetics Research, 2013


1-Line

PROGRAMMABILITY § NB REST APIs allows easy integration with existing OSS/BSS § Network complexity abstracted out using rich and programmatic

interface, allowing for policy-based automation

SUMMARY: CONTRAIL IS A LEADING SDN SOLUTION

§ Agile deployment of network services for faster time to revenue § 3rd party services can run unmodified on the platform, eliminating the

need for custom development ACCELERATED TTM

LOWER TCO § Higher utilization of existing infrastructure & cost effective X86 HW § Centralizes management reducing operational cost & complexity § Uses standard protocols obviating need for specialized knowledge

NETWORK INSIGHTS § Collects & analyzes huge amounts of network state information § Offers APIs for 3rd party analytics & visualization software to integrate

with the system

OPENNESS & INTEROPERABILITY

§ Contrail is open-sourced and integrates with Openstack, Cloudstack, KVM, Xen, and other open-sourced products / components

§ Interoperable with other multi-vendor infrastructure and services


ORCHESTRATION PARTNERS

Cloudstack, CCP

OCS Openstack Mirantis Openstack, Fuel

Redhat Openstack (RHOS)

UnitedStack Openstack

SmartCloud Orchestrator

2014


DEMO & HANDS-ON

Slide Type Juniper Networks Large Venue Template / 16x9 / V6

DEMO / HANDS-ON

•  Creation of Virtual Networks •  Attachment of Virtual Machines •  Access Policy between Virtual Networks •  Floating IP / Distributed NAT using vRouter •  Service Insertion - NAT Gateway •  Debug & Analytics Information


1-Line

TIER-ED NETWORKS DEMO TOPOLOGY

BACK-END DATABASE TIER

NETWORK

FRONT-END WEB-TIER NETWORK

BE1 BE2 BE3 FE1 FE2 FE3 MX Gateway

Policy to connect front-end and back-end

Centralized Control, Policy provisioning

Internet

Demo Machine connecting to Openstack Horizon and Contrail GUI

Floating IP


1-Line

SERVICE CHAIN DEMO TOPOLOGY

ENTERPRISE NETWORK

PUBLIC NETWORK

E1 E2 E3 P1 P2 P3

FIREFLY (INLINE NAT)

MX Gateway

NAT Service to connect Enterprise network VMs to the outside world

Internet

Centralized Control, Policy provisioning Demo Machine connecting to Openstack Horizon and Contrail GUI


1-Line

OVERLAY NETWORK

Host + Hypervisor Host + Hypervisor

VIRTUAL NETWORK

GREEN

VIRTUAL NETWORK

BLUE

VIRTUAL NETWORK YELLOW

FW DPI

IP fabric (switch underlay)

G1 G2 G3

B1

B3 B2

G1

G2

G3

Y1 Y2 Y3 B1 B2 B3

Y2

Y3 Y1

VM and virtualized Network function pool

VM and virtualized Network function pool

Intra-network traffic Inter-network traffic traversing a service

… …

LOGICAL

PHYSICAL


DEVSTACK + OPENCONTRAIL


§ WHAT? §  Run OpenStack and OpenContrail on your laptop or in a VM

§ WHY? §  Use to build & test OpenStack and OpenContrail code §  Just play with OpenStack/OpenContrail features

§ HOW? §  Ubuntu server/VM with 4GB RAM, access to github

DEVSTACK + OPENCONTRAIL


§  Install packages: git-core, ant, build-essential, pkg-config

§ Download DevStack §  (git clone [email protected]:/dsetia/devstack.git)

§  Edit localrc (set PHYSICAL_INTERFACE) § Run stack.sh §  Installs Glance, Nova, Horizon, Keystone, Cinder §  And OpenContrail (as a Neutron plugin)

DEVSTACK + OPENCONTRAIL (in-a-box)


1-Line

RESOURCES

§  OpenContrail.org - E-Book, Architecture documents, blogs from developers/architects, slides, webinars

§  VIDEOS:

§  DDoS Protection (Contrail + DDoS Secure)

§  http://www.youtube.com/watch?v=TnvCea4fil4

§  NFV through Contrail (this is the Internet / Firewall NFV aka. vCPE)

§  http://www.youtube.com/watch?v=_64no8P2vUw

§  Contrail - Elastic cloud - IT as a Service

§  http://www.youtube.com/watch?v=9g3EWV8X64s §  SSLVPN on Contrail

§  http://www.youtube.com/watch?v=vfZfdH4kkV4


THANK YOU!