CONTRAIL SDN AND NFV Bay Area Network Virtualization CONTRAIL CLOUD SOLUTIONS GROUP Sree Sarva, Aniket Daptari
CONTRAIL
SDN AND NFV
Bay Area Network Virtualization
CONTRAIL CLOUD SOLUTIONS GROUP
Sree Sarva, Aniket Daptari
HTTPS://63.119.251.102/OPENLAB
http://10.10.11.16/ = OpenStackhttp://10.10.11.16:8080 = Contrail
http://10.10.11.11/ = OpenStackhttp://10.10.11.11:8080 = Contrail
AGENDA
CHALLENGES & TRENDS1
2
USE CASES AND PARTNERSHIPS3
CONTRAIL4
DEMO / HANDS-ON5
NETWORK FOR CLOUD ERA
1. CHALLENGES
AND TRENDS
GENERAL CHALLENGES
OVER THE TOP
THREAT
NETWORK TO
CLOUD
TIME TO
SERVICE
PRODUCT
EVOLUTION
OSS
AGILITY
Addresses these challenges using existing assets without costly investments in network refresh and proprietary OSS systems
Lengthy service
provisioning times of
days to weeks
IP Activation process
cumbersome
Lengthy new product
introduction &
certification times
Bundles limited by
physical infrastructure
OTT cloud providers
compete using internet
Network commoditised
Lack integration of
Public and Private
cloud offerings
Leveraging network
to differentiate
Expensive to replace
or augment current
OSS systems
TIME TO SERVICE
DEPLOYMENT
Code to production launch
OPERATIONAL
COMPLEXITY# of SKUs to manage
OPERATING
EXPENSESServers managed per admin
…AND OTT PROVIDERS ARE INNOVATING FASTERDynamic network service automation is the key priority for Service Providers
AMAZON: 1 per 10,000 servers
TELCO: Less than 100
GOOGLE: Few seconds
TELCO: 10-12 Months
GOOGLE: 10s Configs
TELCO: Thousands configs
Opportunity for accelerating TTM, reducing costs and optimizing operations
2. NETWORK FOR
CLOUD ERA
HW HW
App App Network
Virtualization
& Automation
Compute &
Storage
Virtualization
Traditional (1990’s)
Management
Platform
Infrastructure
Hypervisor
App App App
HW HW
• Network functions / services available
as virtual machines
• Apps are re-architected for scalable
deployments, HA, IaaS / Paas
• App Developers have a self-service
model to get resources
Cloud (2010+)
• Apps run on dedicated
hardware
• Hardware for each
network function
App App App
Hypervisor
HW HW
Virtualization (2000’s)
• Virtualized apps have
flexibility to move
between hardware units
CLOUD CHANGES THE ARCHITECTURE
Enables Large Scale Automation & Network Function Virtualization
Capex savings through Virtualization
& higher device utilization
BenefitsOpex savings through
Agility & Automation
Benefits
PRIVATE
INFRASTRUCTURE
THE NEW NETWORK – BUILT FOR CLOUD
PROPRIETARY
HARDWARE
SERVICES
CONFIGURED,
MANAGED
TODAY
AUTOMATED &
ORCHESTRATED
VIRTUALIZED, ON DEMAND
SERVICES
HYBRID CLOUD
INFRASTRUCTURE
OPEN SOURCE, OPEN
STANDARDS
TOMMORROW
3. USE CASES &
PARTNERSHIPS
Silo’ed Resource Allocation
Manual Configuration
Static Service Chains
IT CLOUD
Dynamic Resource Allocation
Automatic Configuration
Dynamic Service Chains
CURRENT IT DATACENTER
VLANS VLANS
FINANCE HR MARKETING
Firewalls
Load-Balancer
MODERN IT DATACENTER
VIRTUALIZED
HR MARKETINGFINANCE
Virtual-Network based Orchestration (Compute, Storage, Apps)
Physical
Servers
Local Hard
Drives
CLOUD CPE SERVICE
Router Services
DHCPRoutingCGNAT
Full featured CPE
in Virtualized Services
SP Delivered
Service ProviderIP Edge
IP VPN Service
Modem / ONT
Switch
Voice
DHCPRouting FW & UTM
ManagementWirelessController
Access Point
IPS/ IDS
SECURITYPulse
Tethered CPE
Modem / ONT Switch Access
Point
VoicePulse
Decrease cost of physical CPE
Increase agility of introducing new services
Decrease cost of servicing customers
Services limited by capability of physical CPE hardware
Expensive to roll out new services
Costly customer support
RoutingUnified ThreatWAN Optimization
Firewall
DHCPManagementIPv4-v6
Caching & Video
Load BalancingPolicy Control
DDOSTraffic Detection/
DPI
Customer Value
CPE Delivered
NEXTIP VPN
Customer
Site A
SLBFW UTM CDN WAN
Opt
SELF-SERVICE ENTERPRISE SERVICES
Customer
Site B
TELCO CLOUD
Contrail SDN
2.
Openstack standard
interfaces provision virtual
services
1.
Standard API’s
allow for simple
portal control
3.
Use of standard routing
protocols to connect
ANY SP customer to
ANY service without
interfacing with IP-RDM
or similar
HYBRID CLOUD - IAAS AND VPCEnd-to-End Virtual Network Orchestration and Automation
Standards-based, seamless internetworking within/across DC’s and Enterprise private network
4. CONTRAIL
CONTRAIL – VIRTUALIZED NETWORK SERVICES & AUTOMATION
CONTROL PLANE, MANAGEMENT PLANE
NETWORK PROGRAMMABILITY
ENABLING NFV (NETWORK FUNCTION VIRTUALIZATION)
VIRTUALIZED NETWORK SERVICES
INTEROPERABILITY WITH PHYSICAL
NETWORK
NETWORK VIRTUALIZATION (PRIVATE, HYBRID)
CONVERGED NETWORK ORCHESTRATION
AUTOMATION, ANALYTICS
OPENCONTRAIL COMPONENTS
Physical Network
(no changes)
Analytics
OPENCONTRAIL CONTROLLER
ControlConfiguration
Physical Host with Hypervisor
vRouter
VM VM VM VM
Physical Host with Hypervisor
vRouter
VM VM VM VM
WAN, Internet
Gateway
Accepts and converts orchestrator
requests for VM creation, translates
requests, and assigns network
Real-time analytics engine
collects, stores and analyzes
network elementsInteracts with network elements for
VM network provisioning and ensures
uptime
vRouter: Virtualized routing element
handles localized control plane and
forwarding plane work on the compute
node
Gateway: MX Series (or other router)
or EX9200 serve as gateway
eliminating need for SW gateway &
improving scale & performance
TODAY 2014
IPAM, Virtual DNS
SecurityLoadBalancing
3rd Party Network Services
Rich Analytics HighAvailability
Service Chaining APIServices
Routing and Switching
Gateway Services
KEY FEATURES
67%
67%
67%
67%
62%
57%
52%
52%
52%
52%
48%
43%
38%
CDN
Akamai, Junos Content Encore
IMS
Sonus SBC
Virtual routers & security gateways
Firefly
Mobile core, EPC
Firewalling
Firefly
DPI
Sandvine
Traffic Analysis Tools
GuavusIPS / IDS security
Firefly, DDos Secure
Network Monitoring tools
Web Security
WebApp Secure
WAN acceleration and optimization
Silver-Peak, Riverbed Steelhead
Application acceleration
Riverbed ADC
AAA Servers
UAC / Steelbelt Radius
57%
52%
VIRTUALIZED NFV SERVICES
Juniper Services or 3rd Party/Best-of-Breed
Source: Infonetics Research, 2013
PROGRAMMABILITY
NB REST APIs allows easy integration with existing OSS/BSS
Network complexity abstracted out using rich and programmatic
interface, allowing for policy-based automation
SUMMARY: CONTRAIL IS A LEADING SDN SOLUTION
Agile deployment of network services for faster time to revenue
3rd party services can run unmodified on the platform, eliminating the
need for custom development
ACCELERATED TTM
LOWER TCO
Higher utilization of existing infrastructure & cost effective X86 HW
Centralizes management reducing operational cost & complexity
Uses standard protocols obviating need for specialized knowledge
NETWORK INSIGHTS
Collects & analyzes huge amounts of network state information
Offers APIs for 3rd party analytics & visualization software to integrate
with the system
OPENNESS &
INTEROPERABILITY
Contrail is open-sourced and integrates with Openstack, Cloudstack,
KVM, Xen, and other open-sourced products / components
Interoperable with other multi-vendor infrastructure and services
ORCHESTRATION PARTNERS
Cloudstack, CCP
OCS Openstack Mirantis Openstack, Fuel
Redhat Openstack(RHOS)
UnitedStackOpenstack
SmartCloudOrchestrator
2014
DEMO & HANDS-ON
DEMO / HANDS-ON
• Creation of Virtual Networks
• Attachment of Virtual Machines
• Access Policy between Virtual Networks
• Floating IP / Distributed NAT using vRouter
• Service Insertion - NAT Gateway
• Debug & Analytics Information
TIER-ED NETWORKS DEMO TOPOLOGY
BACK-END
DATABASE TIER
NETWORK
FRONT-END
WEB-TIER
NETWORK
BE1 BE2 BE3 FE1 FE2 FE3
MX Gateway
Policy to connect front-end and back-end
Centralized Control, Policy provisioning
Internet
Demo Machine connecting to Openstack Horizon and Contrail GUI
Floating IP
SERVICE CHAIN DEMO TOPOLOGY
ENTERPRISE
NETWORK
PUBLIC
NETWORK
E1 E2 E3 P1 P2 P3
FIREFLY
(INLINE NAT)
MX Gateway
NAT Service to connect Enterprise network VMs to the outside world
Internet
Centralized Control, Policy provisioning Demo Machine connecting to Openstack Horizon and Contrail GUI
OVERLAY NETWORK
Host + Hypervisor Host + Hypervisor
VIRTUAL
NETWORK
GREEN
VIRTUAL
NETWORK
BLUE
VIRTUAL
NETWORK
YELLOW
FW DPI
IP fabric
(switch underlay)
G1 G2 G3
B1
B3B2
G1
G2
G3
Y1 Y2 Y3B1 B2 B3
Y2
Y3Y1
VM and virtualized
Network function poolVM and virtualized
Network function pool
Intra-network traffic Inter-network traffic traversing a service
… …
LOGICAL
PHYSICAL
DEVSTACK +
OPENCONTRAIL
WHAT?
Run OpenStack and OpenContrail on your laptop or in a VM
WHY?
Use to build & test OpenStack and OpenContrail code
Just play with OpenStack/OpenContrail features
HOW?
Ubuntu server/VM with 4GB RAM, access to github
DEVSTACK + OPENCONTRAIL
Install packages: git-core, ant, build-essential, pkg-config
Download DevStack
(git clone [email protected]:/dsetia/devstack.git)
Edit localrc (set PHYSICAL_INTERFACE)
Run stack.sh
Installs Glance, Nova, Horizon, Keystone, Cinder
And OpenContrail (as a Neutron plugin)
DEVSTACK + OPENCONTRAIL (in-a-box)
RESOURCES
OpenContrail.org - E-Book, Architecture documents, blogs from developers/architects, slides, webinars
VIDEOS:
DDoS Protection (Contrail + DDoS Secure)
http://www.youtube.com/watch?v=TnvCea4fil4
NFV through Contrail (this is the Internet / Firewall NFV aka. vCPE)
http://www.youtube.com/watch?v=_64no8P2vUw
Contrail - Elastic cloud - IT as a Service
http://www.youtube.com/watch?v=9g3EWV8X64s
SSLVPN on Contrail
http://www.youtube.com/watch?v=vfZfdH4kkV4
THANK YOU!