A PERSPECTIVE ON INFRASTRUCTURE SERVICES OUTSIDE THE ... · A PERSPECTIVE ON INFRASTRUCTURE SERVICES OUTSIDE THE NETWORKING BUBBLE Michael Langdon, Phil Goddard, Aniket Daptari Contrailersin

A PERSPECTIVE ON INFRASTRUCTURE SERVICES OUTSIDE THE NETWORKING BUBBLE

Michael Langdon, Phil Goddard, Aniket Daptari

Contrailers in the Contrail BU

Juniper Networks Proprietary and Confidential -- printed copies of this document are for reference only

This statement of direction sets forth Juniper

Networks’ current intention and is subject to

change at any time without notice. No purchases

are contingent upon Juniper Networks delivering

any feature or functionality depicted in this

presentation.

This presentation contains proprietary roadmap

information and should not be discussed or shared

without a signed non-disclosure agreement (NDA).

WHAT SHOULD YOU BE THINKING ABOUT?

• This session will show you how users of infrastructure services (compute, storage and network) view infrastructure and what do they want from it?

• This perspective is intended to provide a thought process which will assist you in evaluating what technologies should be included in target network architectures.

• One constant is change

• Infrastructure should be reusable, multi-use, agile and agnostic

MACRO TRENDS AROUND INFRASTRUCTURE SERVICES

C L O U DT R E N D S

Device Explosion

Billions of connected / IOT devices

Running applications in the cloud

Machine Learning & AI

Device Explosion leads to data explosion

ML / AI being key to monitor / detect / remediate issues (performance, security, etc.)

NLP interfaces to devices

Cloud Migration

Custom apps are being built in the Cloud

Enterprises apps migrating to SaaS

Microservices / Scale-out Apps

TTM of apps

App portability & scalability

Move from monolithic to microservices

OpenSource Adoption

Proprietary software perceived as ‘vendor lock-in’

All layers of stack are open-sourced

PUBLIC CLOUD

DISRUPTION IN ENTERPRISE: MOVE TO CLOUD

Developers

Deployers

SaaS

Enterprise Hosted Apps

Private Cloud

Monolithic Apps

Private/Colo

Private DC (IT)

IaaS / PaaS / Hybrid Cloud Usage

SaaS Usage

Time

Serv

ice

Cre

atio

n

Consumer of Services

Serv

ice

Co

nsu

mp

tio

n Enterprise Apps to SaaS

Monolithic to Scale-out Apps

Private/Colo to Hybrid Cloud

PaaS

IaaS

LET’S GET A PERSPECTIVE….

WHAT IS THE USER VIEW OF THE POWER GRID?

•Power grid is a black box of

infinite capacity

•As long as I have the right plug I

can get it anywhere

•If the socket doesn’t work, I find

another socket

•I don’t care how it works as long

as it works...

WHAT IS THE USER VIEW OF INFRASTRUCTURE?

• Infrastructure is a black box of infinite capacity

• As long as I have the right plug I can get it anywhere

• If the service isn’t easy to get and use, I find another service

• I don’t care how it works as long as it works...

WHO AND WHERE ARE THE USERS

• They are not in the network team

• They access applications

• They build applications

• They are applications

• They are anywhere they want to be

• They want what they want now or they go elsewhere to have their needs satisfied

CONTRADICTIONS AMONGST PLAYERS

• Application users just want to use the app and don’t want hurdles in the way (connectivity, security, performance, etc)

• Application developers just want their apps to work and usually just want basic isolation and security gets in the way

• Budget owners want the best bang for the buck and that may complicate everything as their view is infrastructure is like buying other services. Just change vendors to get the best price.

THE TWO MAJOR DRIVERS

User Experience

How can I manipulate infrastructure (compute, storage, networking, security) to address a user experience issue?

Infrastructure cost

Where do I want to place my workloads in relation to my users to optimize for cost in delivering those services?

This will change over time based on cost of services, scale required and application lifecycle

How do we get infrastructure to react to these changes in with minimal effort? Infrastructure is a living component of the application.

MODIFIERS OF THE PRIMARY DRIVERS

Consistent security enforcement and validation independent of how and where something is deployed

Level of security available via specific infrastructure modifies where you can deploy something

Compliance

Level of compliance validation modifies where you deploy

Cost per unit of infrastructure against budget

Modifies service provider allowed and scale

SLA/Perforformance and likely some other modifiers

SO WHAT DOES THE NETWORK NEED TO DO THEN….

DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS

Managed Virtual Private Cloud (VPC)

(Provider Portal)

Public Cloud

POP Data Center

VMG1

VMG2

VMG3

VN G

VMR1

VMR2

VMR3

VN R

Customer Premise

VMFW

VMFW

Managed Virtual Private Cloud (VPC)

(Provider Portal)

Public Cloud

POP Data Center

VMG1

VMG2

VMG3

VN G

VMR1

VMR2

VMR3

VN R

Customer Premise

VMFW

VMFW

DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS

Managed Virtual Private Cloud (VPC)

(Provider Portal)

Public Cloud

POP Data Center

VMG1

VMG2

VMG3

VN G

VMR1

VMR2

VMR3

VN R

Customer Premise

VMFW

VMFW

DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS

Managed Virtual Private Cloud (VPC)

(Provider Portal)

Public Cloud

POP Data Center

VMG1

VMG2

VMG3

VN G

VMR1

VMR2

VMR3

VN R

Customer Premise

VMFW

VMFW

DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS

Managed Virtual Private Cloud (VPC)

(Provider Portal)

Public Cloud

POP Data Center

VMG1

VMG2

VMG3

VN G

VMR1

VMR2

VMR3

VN R

Customer Premise

VMFW

VMFW

DISTRIBUTED COMPUTE SERVICES AS COST LEVERSUPPORTED BY FUNGIBLE NETWORK BUILDING BLOCKS

M a n a g e a b i l i t y & O p e r a t i o n s

S e c u r i t y

C o n n e c t i v i t y

NETWORKS ARE MORE THAN CONNECTIVITYFUNGIBLE COMPONENT OF THE APPLICATION

CPE

Remote Branch Office

Telco POPs

Apps(running in multiple environments)

…

Public Cloud (VPC’s)Multi-site DC / Private Cloud (VMs, BMS,

Containers, VNFs)

FIREWALL

VMs

Containers

IP Fabric

BMS

…

People(Developers, Net Ops, CISO, …)

V I S I O N

Provide Connectivity, Security, and Manageability for:

1. People Apps

2. Apps AppsCustom Apps

WAN GW

PHYSICAL LOCATION AGNOSTICLO

GIC

AL

PH

YSIC

AL

DC / REGION 1

IP / MPLS VPNEVPN

VMs in DC 1 VMs in DC 2

Intra-network Traffic

VIRTUAL NETWORK GREEN(Spans multiple Cloud Environments)

WAN GW

DC / REGION 2

BGP BGP

VMs in DC 1

Intra-Network Traffic

VIRTUAL NETWORK BLUE(Spans multiple Cloud Environments)

Network Policy for Inter-NW traffic

G1

G2 G3 G4 B1

B2

B3

B4

G1

G2 B2

G3

G4 B4

B3

B1

R3

R4

R1

R2

VNs span multiple cloud environments

(DCs)

Security Policies can span multiple remote

data centers

Multiple ways to federate control plane

traffic (directly through Controller or

Through MX)

Global Controller on top to orchestrate

multi-DC clusters

VMs in DC 2

VRF (RT2)

VRF (RT1)VRF

(RT2)

1. Direct Controller Federation of Control traffic

2. Gateway (MX) based Federation of Control Traffic

VRF (RT1)

Multi-Region Orchestration using service definition templates

ORCHESTRATION AND WORKLOAD AGNOSTIC

C C C

C C C

GREEN Virtual Network

Tenant POD Containers

Virtual Firewall

Physical Gateway RouterNon-Virtualized (Bare Metal) Server

Physical Network (Internet, L3VPN, ...)

RED

PhysicalNetwork

Virtual Load Balancer

Service Chain

Virtualized Server hosting Virtual Machines

HOW DOES JUNIPER ENABLE THE APPLICATION DRIVEN INFRASTRUCTURE….

INTENT DRIVEN NETWORK SERVICES

VMs (KVM / Linux)

BMSContainers

VMs (ESXi)

OpenStack Kubernetes Marathon / Mesos ICO / ICM Amdocs NCSO Juniper CSODocker Swarm Custom …

vRouter vRouter

FOR

WA

RD

ING

SER

VIC

ESO

RC

H.

DDI FW LB Svc Ch. Sec Policy QoS Health Check Analytics

CO

NTR

OL

Router / TORvRouter

L3 VNL2 VN

...

…

Config Plane: Netconf, OVSDBControl Plane: BGP (EVPN, L3VPN), OVSDB

INTENT DRIVEN SECURITYSINGLE PRODUCT INSTANCE COVERING MULTIPLE ENVIRONMENTS

CustomCustom

Single Contrail deployment(Offering connectivity & security Layer for multiple environments)

Policy Framework

1. Discovery of topology and activity within/across application tiers

2. Centralized security policies with multiple distributed enforcement points (L2-L4, L7 using Host-based firewall)

3. Single Contrail deployment providing both Security & Connectivity across multiple environments

4. Visualization for policy definition (i.e. config) and SIEM (i.e. reporting, troubleshooting, app flow discovery, etc.)

HOLISTIC

FULL-STACK OPS

MANAGEMENT

INTENT DRIVEN OPERATIONS

ANY APPS & SERVICES CLOUD INFRASTRUCTURESOFTWARE-DEFINEDINFRASTRUCTURE

PHYSICAL INFRASTRUCTURE

VALIDATION THROUGH ANALYTICS

NEXT STEPS….

27

• Take stock of who your users are• How do they want to consume resources?• Do they describe requirements in terms of

business metrics?• What is your expectation of rate change in user

requirements and use cases?• How do you want to provide infrastructure to drive

positive user experience and adaptable infrastructure economics?

• What technologies will facilitate this?

THANK YOU FOR YOUR KIND ATTENTION