Upload
chris-jones
View
253
Download
3
Tags:
Embed Size (px)
Citation preview
The Juniper SDN
LandscapeSDN ESSENTIALS
Who am I?
Chris [email protected]
Certifications:
• JNCIE-ENT #272
• CCIE #25655 (R&S)
• JNCIP-SP
• JNCIS-SEC
• JNCIS-QF
Author:
• Day One: Junos for IOS Engineers
• Day One: Ambassadors’ Cookbook For Enterprise
• JNCIE-ENT Preparation Workbook
Other:
• Juniper Ambassador
• Juniper Ingenious Champion
2
Agenda
Why SDN
The current landscape of SDN
The place of OpenStack
The value of Contrail
How we can help
3
So, why SDN?GOOD QUESTION!
4
“”
In this business we shouldn’t forget what
the purpose of the network is: to serve
the needs of the application. And the
network stopped doing that a while
ago.ART FEWELL, NETWORK WORLD
5
Today’s Network Challenges
High operational costs
Difficult to manage
Network scalability has always been a problem
Unable to adapt to changing traffic patterns and flows
Decentralized
Monolithic software
New features require an update to the entire software stack
6
The Push Towards SDN
SDN Definition
A technology to networking which allows centralized, programmable
control planes so that network operators can control and manage directly
their own virtualized networks.
Basic Concepts
Separation of control and data planes
Centralized, programmable control planes of network equipment
Support of multiple, isolated virtual networks
Networks must adjust and respond dynamically
Newly added features must not disrupt the network
Alleviate the need for manual configuration of individual devices
7
The Four Planes of Networking
Management
Configuration and management of network devices
Services
Deep thinking of the software
Stateful firewalling, IDP, etc.
Not all devices have a services plane
Control
Brains of the software – Directs traffic
Forwarding
Brawn of the software – Forwards traffic
8
Network Planes
Management
Services
Control
Forwarding
Centralization
Key principal of SDN
Centralized management,
services, and control functions
Master configuration copies
Distributed forwarding layer
Local configuration copy
9
Management
Services
Controller
Centralized Functions
Network Device 1
Configuration Copy
Local Control Layer
Forwarding Layer
Network Device 2
Configuration Copy
Local Control Layer
Forwarding Layer
Network Device n
Configuration Copy
Local Control Layer
Forwarding Layer
Distributed Devices
SDN Software Directions
Northbound Interface
In computer networking and computer architecture, a northbound interface of a component is an interface that conceptualizes the lower level details (e.g., data or functions) used by, or in, the component
Examples: REST API, SMMP, CORBA, SNMP
Southbound Interface
Allows a particular network component to communicate with a lower-level component
Example: OpenFlow, NETCONF, XMPP
East-West Interface
Communicate between groups or federations of controllers to synchronize state for high availability
Example: BGP
10
What is OpenFlow?
OpenFlow is a protocol that enables programmability of the
forwarding plane across the network
OpenFlow is leveraged at the Southbound Interface between SDN Controller and OpenFlow switch
OpenFlow attempts to abstract the implementation details of
networks and forwarding elements using simple messaging
11
Forwarding Element
FlowTable
FlowTable
FlowTable
Forwarding Element
FlowTable
FlowTable
FlowTable
Forwarding Element
FlowTable
FlowTable
FlowTable
SDN Controller SDN ControllerEast/West Federation
OpenFlow
Three SDN Flavors
Open SDN
Tremendous promise
A comprehensive re-engineering of how networking works.
Requires evolutionary, hybrid deployment strategies to succeed.
SDN via Overlays
Immediate and practical solution to solve datacenter issues
Doesn’t address physical network underneath.
SDN via API
Utilizes existing hardware infrastructure
Stopgap to protect investment
12
Open SDN
Simplified devices
All control functionality in controller
Fully distributed enforcement
Easy to innovate and evolve
Typically utilizes OpenFlow for control plane centralization
OpenFlow allows high-level switching decisions to be made on a central controller
Ability to directly program flow tables on the switch to specify forwarding behavior
13
Controller
Data
Forwarding
Data
Forwarding
Data
Forwarding
OpenFlow
SDN via Overlays
Implemented in hypervisor
Independent of underlying
hardware
Still must deal with physical
network
Encapsulates traffic
VXLAN
GRE
MPLS over GRE
14
Ov
erla
y
Ne
two
rks
Ph
ysi
ca
l
Ne
two
rk
PhysicalServer
Physical
ServerPhysical
Server
Hypervisor Hypervisor Hypervisor
Network Device Network Device
Network Device Network Device Network Device
SDN via APIs
Some network programmability
“Proprietary Openness”
Little or no device simplification
Leaves most control plane
functions on the device
15
Controller
Data Forwarding
API
SDN Standards 16
• OpenFlow
• OF-Config
• TTP (Table Type Patterns)
• OVSDB
• I2RS
• NFV (Network Functions Virtualization)
• Open SDN Controller
What does the current landscape
look like?WHO ARE THE BIG PLAYERS?
17
Established Vendors:
Cisco Systems
ACI
SDN via API
Developed by Insieme Networks (Cisco), acquired by Cisco in December, 2013
Network virtualization platform done in hardware instead of software
Uses Nexus 9000 switches and an Application Policy Infrastructure Controller (APIC)
Application-aware network policies
White-list policy model
18
Established Vendors:
Juniper Networks
Juniper Contrail
SDN via Overlay
Developed by Contrail Systems,
acquired by Juniper Networks in
December 2012
Inserts vRouter into compute
hypervisor
Creates MPLS over GRE tunnels
between vRouters
Integrates tightly with OpenStack
Universal SDN Gateway
Open SDN
MX-Series routers and QFX5100
switches
Works together with VMware to
provide SDN gateway functionality
for VMware NSX
19
NSX SDN
Pod 1
VxLAN VxLAN VxLAN VxLAN VxLAN
VxLAN VxLAN VxLAN VxLAN VxLAN
Native IP L2 Native IP L2 Native IP L2 Native IP L2
Native IP L2 Native IP L2 Native IP L2 Native IP L2
NSX Controller
OVSDB
OVSDB
Established Vendors:
VMware
NSX SDN via Overlay
Acquired Nicira in 2012
Components:
NSX Manager: web-based GUI management dashboard. Services provided by NSX APIs
NSX Controller: distributed virtual appliances that accept API requests from an orchestrator and programs the hypervisor NSX switches and NSX gateways
NSX Gateway: Path in/out of the software defined data center
NSX vSwitch: Added to the hypervisor to replace traditional switches.
20
Smaller Players:
Brocade
Vyatta Controller
Open SDN
Brocade’s OpenDaylight-based
controller
Brocade is a significant
contributor to OpenDaylight
21
Smaller Players:
Big Switch
Big Cloud Fabric Open SDN
Uses a leaf/spine physical Clos fabric
Big Cloud Fabric Controller
Uses OpenFlow to communicate with the physical and virtual switches
Centralizes the control plane
Switch Light Operating System on bare-metal switches
Switch Light vSwitch on hypervisors
Plug-ins for OpenStack and CloudStack
Programmable via REST API
22
Smaller Players:
NEC
ProgrammableFlow Controller
Open SDN
NEC is a founding member of the Open Networking Foundation (ONF)
First vendor commercial OpenFlowcontroller (2011)
Flat network fabric architecture
Open, API-based network programming
Works with compute orchestration such as OpenStack, with Hyper-V
23
Start-Ups:
Nuage Networks SDN via Overlay
Subsidiary of Alcatel-Lucent
Three key software-based products:
Virtualized Services Controller (VSC): Serves as the control plane, maintaining a per-tenant view of the network.
Virtualized Services Directory (VSD): Serves as the policy, business logic and analytics engine for the abstract definition of network services. Uses RESTful APIs.
Virtual Routing & Switching (VRS): A module serving as a virtual endpoint for network services.
24
Start-Ups:
Pica8
PicOS Linux-based network
operating system
Runs on commodity bare metal switches
Adoption of Open vSwitch
(OVS)
Supports OpenFlow,
recommending the RYU
OpenFlow Controller
25
What is OpenStack… … AND HOW DOES IT FIT IN?
26
OpenStack Overview
Cloud software orchestration
platform designed to run on
commodity hardware
Developed by NASA and
Rackspace in 2010
Made up of a set of open source
projects in a modular architecture
Collective goal of providing
compute, storage, and networking
for an Infrastructure as a Service (IaaS) platform
27
OpenStack Framework
Compute (Nova): Provisions and manages virtual machines
Networking (Neutron): Provides Network as a Service (NaaS) to
compute
Object Store (Swift): Reliable, scalable storage of various objects
that can be used by other services
Image Service (Glance): Manages library of server VM images
Dashboard (Horizon): Django-based web application used by the
cloud administrator
Authentication (Keystone): Provides authentication services for users and other OpenStack components as well as API calls
28
OpenStack Architecture 29
Dashboard
Horizon
Networking
Neutron
Block Storage
Cinder
Compute
Nova
Image Storage
Glance
Identity
Keystone
Object Storage
Swift
Nova (compute)
OpenStack’s compute
component
Most complicated and distributed component of OpenStack
Handles the creation and
management of virtual machines
Uses underlying system’s
virtualization
30
dashboard
Message
Queue
API
Scheduler Compute
Network manager Volume manager
HTTP Auth Manager
Keystone (identity)
OpenStack authentication
component
Generates a token (UUID) and
sends to the client
Every request includes the token
and is verified by Keystone
If valid: Returns 200 and process
request
If invalid: Returns 401 and rejects
request
31
Reject Request Process Request
HTTP 401 HTTP 200
No Yes
Send username/password
Keystone Verifies User/PassGenerates token
token
Send API request + token
Keystone checks token
Token Valid?
Glance (image storage)
OpenStack’s image
management component
Used to store images and
templates for VMs
Can copy or snapshot disk
images that can be used as
templates
32
Web UI Glance CLI
Glance API
Glance-Registry
Image StoreGlance
Database
Cinder (block storage)
Cinder provides block storage
services for OpenStack
Provisions storage in the form of
block devices known as Cinder
volumes
Storage can either be:
Local using attached disks or solid-
state drives
Remote using standard protocols
such as iSCSI, Fibre Channel and NFS
Snapshot management and
volume cloning
33
Cinder API
Cinder Scheduler
Local
Cinder Volume
Remote
Cinder Volume
Remote
Cinder Volume
iSCSI NFS
Swift (object storage)
Used for object storage in
OpenStack
No single point of failure
Horizontally scalable
Ideal for storing unstructured data
that can grow without bound:
Backups
Video
Pictures
Online content
User-generated data
34
Swift Cluster
account
Container
DBAccount
DB
Object
Store
container object
Swift Proxy
Neutron (networking)
Network as a Service (NaaS)
Modular, scalable, API-driven system
for managing networks and IP addresses
Technnology agnostic – Plug-in
architecture allows connecting to
networking environment of choice
Provides REST APIs to manage
network connections for compute
and storage
35
L2 Agent
L3 Agent
neutron-server
Database
Message
Queue
DHCP Agent
Adv. Services
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agent
L3 AgentL3 AgentL3 Agent
DHCP Agent
Neutron Plug-Ins
Modular Layer 2 (ML2) Plugin
Framework allows variety of L2 technologies
Vendor Plug-in supports third party vendor technologies
Contrail is an example
36
Core Plug-In (ML2)
Mechanism ManagerType Manager
Type Driver Mechanism Driver
Other GRE VLAN VXLAN OtherLinux
BridgeOvS Vendor
What about Contrail?AND HOW DOES IT ADD VALUE?
37
Contrail Overview
Juniper Contrail is an overlay SDN solution
Replaces Linux bridge with vRouter on the hypervisor
Creates tunnels between vRouters, as necessary
MPLS over GRE
VXLAN
Uses industry standard protocols:
BGP
MPLS
XMPP
38
Contrail Controller
Configuration Analytics
Control
Server
VM VM VM
Server
VM VM VMIP fabric(underlay network)
Orchestrator
Contrail Controller Components
Configuration nodes
Configuration management and user interface
Convert high-level service data model into low-level technology data model
Publishes data model to Control nodes
Control nodes
Use data model to create desired network state
Interact with each other to maintain network state
XMPP, BGP + NetConf
Analytic nodes
Capture real-time data from network elements
Events stored in NoSQL databases
39
Other Contrail Components
Compute nodes
Host tenant and service VMs
Implement a vRouter which handles the forwarding plane
Gateway nodes
Physical routers or switches that connect virtual networks to physical networks
Service nodes
Physical network devices that provide various network services
Deep Packet Inspection (DPI)
Intrusion Detection and Prevention (IDP)
Load balancing
40
Multi-Tenancy 41
VM VM VM
Green
Virtual
Network
VM VM VM
Red
Virtual
Network
VM
R1
VM
G1
VM
R2
VM
G2
OpenStack
Neutron
ContrailController
REST APIs
XMPP
Underlay Switch
Overlay
Tunnel
Routing
Instances
vRouter
Virtualized
Servers
Hypervisor
Gateway To Bare-Metal Server 42
VM
R1
VM
R2
OpenStack
Neutron
ContrailController
BGP + NetConf
OverlayTunnels
GatewayRouter/Switch
VM VM
RedVirtual
Network
Bare Metal Server(Non-virtualized)
Dynamic Virtual Services 43
VM
G
VM
R
OpenStack
Neutron
ContrailControllerXMPP
VM VM VM
GreenVirtual
Network
VM VM VM
RedVirtual
Network
How Contrail Fits With OpenStack
Contrail utilizes a plugin for Neutron to enable full integration with OpenStack
The Contrail vRouter replaces the standard Linux bridge or OVS on the compute node (hypervisor)
The Contrail control node translates the high level information from the configuration node into a model the vRouter will understand, and transmits the instructions to the Contrail agent also located on the compute node
44
Neutron
Plugin
Neutron
Plugin
ScriptsHorizon
Neutron Plugin
Nova API
Neutron Driver
Compute Driver
Virtual-IF Driver
Contrail Agent
vRouter(kernel)
Control Node
Config Node
Nova Scheduler
Contrail Use Case:
Internet Gateway
MX Series router configured to
peer via BGP with Contrail
Routing instances are used for
each tenant to provide true
separation
Dynamic GRE tunnels set up
between MX gateway and
vRouters on the compute nodes
Floating IPs are in use to allow
each of the three tenants to be
reachable from the Internet
45
Contrail Use Case:
Inter-domain Gateway
Applied when multiple Contrail
domains are present in a
datacenter
MX-Series router functions as a
gateway between Contrail “pods”
Multi-tenancy is maintained
through the use of VRFs on the MX
Next-hops are automatically
configured to allow full
reachability
46
Contrail Use Case:
Data Center Interconnect
Use case illustrates how MX Series
routers can be used as physical
gateways between datacenters
VRFs are maintained on the MX
gateways for multi-tenancy
BGP (and optionally L3VPN or
EVPN) can be configured
between datacenters for the
tunneled traffic to flow across
GRE over MPLS tunnels created in
Contrail vRouters traverse the
physical network between
datacenters
47
Contrail Use Case:
Internetwork Gateway
Assets connected to physical
switches can be connected to a
Contrail domain in the
Internetwork Gateway use case
The MX Series router acts as the
gateway
Physical networks configured with
VLANs can now be reached from
the Contrail domain
Bare-metal servers directly
connected will also have
reachability
48
Contrail Use Case:
Service Chaining Gateway
The Service Chaining Gateway
use case allows service providers
to offer advanced services to
customers
Traffic in the Contrail domain can
be forwarded either to a virtual
service appliance or to a physical
device
Examples include:
Firewall
Load Balacing
IPS
49
How can SDN Essentials help?I’M GLAD YOU ASKED!
50
“”
Who Are We?
DOUG MARSCHKE, CTO/FOUNDER SDN ESSENTIALS
SDN Essentials is a professional services company focused on SDN Education & Training, Professional Consulting and Managed Services.
We are the one-stop SDN shop to plan, build and execute your SDN strategies and your customers’.
We provide a thorough and real world understanding of SDN and help bring quicker service offerings, additional revenue, full visibility and control into networks.
51
With major networking vendors, start-ups and open source initiatives
presenting SDN solutions, it has become increasingly difficult for
customers to find the solution that fits their need. I feel it is important
to help customers understand how a disruptive technology like SDN
can benefit and grow their business .
Our Goals
To become your trusted SDN partner and channel enabler
Foster open, honest, mutually beneficial relationships
Create new revenue streams for Juniper and its partners by identifying
new opportunities for your platform during our SDN assessments
Provide high-value services to you and your customers
Be your go-to source for all professional services (education, consulting
and managed services)
Generate more awareness for Juniper by sharing product overview
information in our classes
52
Meet The Team!
Steve DyerTechnical Instructor
Chris JonesSDN Engineer
Chystina FrenchDirector of Operations
Doug MarschkeCTO/Founder
Trisha KincheloeOperations Research Analyst
John HammondSDN Engineer
Ed McEnteeBusiness Development/Channel
Director
Doug WadkinsChief Product Officer
Darien HirotsuSDN Consultant
Marco AlvesSDN Consultant
Mike RisanoWeb Developer/Graphic
Designer
53
We’re The Industry Experts
6x JNCIEs
1x CCIE
5x Juniper Ingenious Champions
4x Juniper JNCI certified instructors
Juniper JNCI Silver Award winner Steve Dyer
Juniper Ambassador Chris Jones
Authors of a number of books:
54
Channel Driven/Channel
Enablement
We are 100% Channel focused
We realized that many channel partners are not ready for SDN yet, so
we have a simple model
Build Trust in Traditional networking services, MX, QFX, EX, etc.
Discover cloud and automation projects for the VAR
Lead Generation with SDN Bootcamps and Webinars
Help create their SDN strategy
Provide Pre-sales services
Then teach them how to start selling SDN/NFV
White Label or SDN Essentials Branded services
Willing to also sub-contract via Juniper PS
55
SDN Professional Services
We offer our professional consulting services to value-added resellers
(VARs) and their customers, direct to customers (service providers and
enterprise) and to our SDN solutions partners and peers.
Our team expertise expands well beyond the classroom and
boardroom into datacenters, think-tanks, labs and international
collaboration calls.
We have not only joined the SDN movement, we are leading it with educational books, classes, professional consulting and thought leadership among industry associations.
SDN Essentials is and will remain channel and vendor neutral, so that we
can stay focused on providing the highest-quality solutions and
maintain our competitive advantage of SDN knowledge and expertise.
56
Service Offerings
Custom Offerings
SDN Readiness Assessments and Prep Installations (Layers 2 & 3)
Examine current network and create a report that details the next steps
needed to move to a SDN architecture (could expand your list of strategic
partners and generate new sales)
SDN Architecture Design
Test Plans and Product Testing in Labs
Implementation and Migration Services
Migrate from current legacy design to SDN architecture
Configure all network elements and controllers
Create software middleware for controller and orchestration tie-in
57
Service Offerings
Custom Offerings (cont.)
Datacenter Virtualization
Implement OpenStack with Neutron
Migrate to V-switch environment with central controller using protocols like
OVSDB, OF-CONFG or XMPP
SDN Software Design and Implementation
Whitepaper Creation and Technology Writing
Resident Consultants
Knowledge Transfer
SDN Security
Assessment & Best Practices Consulting
58
Education & Training Services
Solutions to empower your team with knowledge and tools to sell
your specific SDN solutions and it’s benefits
Juniper Authorized Education Center!
Courses (via open enrollment and on-demand)
Introductory SDN classes
Vendor-Specific Training Classes and Certifications
Pre-sales Enablement Boot Camps
MDF and lead-gen event courseware
Custom course content
Pre/post technical sales pitches, materials and training
59
SDN Courses
SDN Overview
The SDN overview classes are a 1 day class with 75% lecture and 25% lab that gives a background on SDN architecture, definitions, and where the industry is heading.
This class has been designed to serve a variety of audiences from sales, project managers and network engineers.
SDN For Network Engineers
The SDN for Network Engineers
class is a 2-day class with 50%
lecture and 50% lab that gives a
background on SDN architecture,
definitions, use cases, where the
industry is heading and migration
strategies.
This class has been designed to
provide a broad and hands-on
experience for network engineers
requiring SDN knowledge.
The Lab uses a variety of
controllers including Floodlight,
Open Daylight and commercial
controllers.
SDN Foundations
The SDN Foundation class is a 3-day class with 50% lecture and 50% lab that covers the most recent developments in the SDN arena.
The added value of this offering is that it will showcase several vendor solutions in the practical component of the class.
60
Juniper SDN Courses
Lead Generation
Juniper SDN Bootcamp 1-Day Course
Developed by SDN Essentials
Agenda:
Focuses on Contrail, though also covers SDN in general as well as OpenFlow support in Juniper hardware
Details the Juniper and VMware partnership and the Universal SDN Gateway technologies
Hands-on Contrail labs including the creation of a tenant, virtual networks, virtual instances, and service chaining
Configuring & Monitoring Contrail
2-Day Official Juniper Course
Updated by SDN Essentials
Contrail deep-dive
Agenda:
SDN Overview
Contrail Architecture
Basic Configuration
Service Chaining
Analytics
Troubleshooting
Hands-on Contrail labs
61
Get In Touch
Web: http://sdnessentials.com/
Sales E-Mail:
Education E-Mail:
Sales Office:
Address: 955 Benecia Ave,
Sunnyvale CA 94085
Phone: 415-902-5702
62
/sdnessentials
/company/3601186
@SDNEssentials
63
Q & A
64
Thank You.