SDN – CONTRAIL ENABLING CLOUD Parantap Lahiri Sr. Director, Solutions Engineering Suresh Balineni Staff Engineer
Jan 15, 2015
SDN – CONTRAIL ENABLING CLOUD Parantap Lahiri Sr. Director, Solutions Engineering
Suresh Balineni Staff Engineer
2 Copyright © 2013 Juniper Networks, Inc.
FUNDAMENTAL SHIFT: EVOLVING APPS
Physical Servers
IPS
LBs
FWs
Routers
VLAN
VLAN
VLAN
ACLs
FW Policies
LB Policies
Standalone Application (Dedicated Resources)
SEGMENTED NETWORKS
WAN
Technology Silo Evolving Applications
(on Resource Pool)
WAN
Virtual WAN Network
VM VM VM
VM VM VM
VM VM VM
STORAGE POOL
FW Service POOL
LB Service POOL
COMPUTE POOL
Dynamic Virtual Network +
Service Orchestration
?
Common Resource Pools (Datacenter & Beyond)
External Cloud Based Resources
Scale-Out Model
3 Copyright © 2013 Juniper Networks, Inc.
BRIDGING PHYSICAL/VIRTUAL NETWORKS…
CONFIDENTIAL – DO NOT DISTRIBUTE
OPEN, STANDARDS-BASED, FEDERATED CONTROLLER – SCALABLE, RESILIENT
CONTROL PLANE - PHYSICAL, VIRTUAL
PRESERVE AND INSERT DYNAMIC SERVICES (FIREWALL, LB…)
VIRTUAL NETWORK OVERLAY
INTEROPERABILITY WITH TRADITIONAL NETWORK DEVICES
PHYSICAL NETWORK
CONVERGED NETWORK ORCHESTRATION
AUTOMATION, ANALYTICS
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 Switch L2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 Switch L2 Switch
Mul/-‐Chassis LAG TRUNK
Legacy Datacenter – Underlay
VMs
ToR ToR
Servers
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 Switch L2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 Switch L2 Switch
Mul/-‐Chassis LAG TRUNK
Rou/ng & Filtering between VLANs
VLAN Span Limit
Legacy Datacenter – Limited VLAN Span
Servers
VMs
ToR ToR
Rou/ng & Filtering between VLANs
No VLANs Across L3 FW
LB
FW
LB
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 Switch L2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 Switch L2 Switch
Mul/-‐Chassis LAG TRUNK
VLAN Span Limit
Legacy Datacenter – No Mul/-‐tenant overlapping IP space support; NAT on HW Appliances
Servers
VMs
ToR ToR
FW
LB
FW
LB Single Rou/ng Table
(No support for overlapping mul/-‐tenant space)
L2/L3 -‐MPLS
L3-‐MPLS
L2 L2 L2 L2 L2 L2
L2 Switch L2 Switch
L2 L2 L2 L2 L2 L2
L2 Switch L2 Switch
Mul/-‐Chassis LAG TRUNK
VLAN Span Limit
Legacy Datacenter – Mul/-‐tenant Support with MPLS
Servers
VMs
ToR ToR
MPLS with VRF for mul/-‐tenant isola/on
Tenant-‐VRF Tenant-‐VRF
L3-‐MPLS
L2/L3 -‐MPLS L2/L3 -‐MPLS L2/L3 -‐MPLS
MPLS – Enabled links
FW LB
FW LB
FW LB
FW LB
FW LB
FW LB
Tenant Specific HW Appliance
Services
Tenant Specific HW Appliance
Services
L3 L3
L2-‐SW
L3 ToR
L3 ToR
L3 ToR
L3 ToR
L3 L3 L3 L3
L3
Typical L2 Overlay
• Hypervisor Switch only forward L2 • Separate VM based router perform rou/ng • Separate VM based router perform NAT
VXLAN
VXLAN
VXLAN
External Network External Network
L2-‐SW L2-‐SW L2-‐SW L2-‐SW L2-‐SW L2-‐SW L2-‐SW L2-‐SW L2-‐SW L2-‐SW L2-‐SW
Servers
L3 L3
L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3
L3 L3 L3 L3
L3
Contrail Overlay
vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter
• Hypervisor Router handles L2/L3 • Hypervisor Router perform na/ve rou/ng • Hypervisor router perform na/ve NAT
= mul/-‐tenant VRF
Service Inser/on Service Inser/on
External Network External Network
Servers
L3 L3
L3 ToR L3 ToR L3 ToR L3 ToR
L3 L3 L3 L3
L3
Contrail Overlay Datacenter Abstrac/on
Tenant 1
Tenant 2
Tenant 3
Tenant 4
VN1 VN2
VN1 VN2
VN1 VN2 VN1 VN2
L3VPN Internet Router
Contrail Overlay – Mul/-‐DC
L2/L3 L2/L3 L2/L3
vRouter vRouter vRouter
L3VPN Internet MX
Tenant 1
Tenant 2
Tenant 3
Tenant 4
VN1 VN2
VN1 VN2
VN1 VN2 VN1 VN2
Datacenter 1
Datacenter 2
Datacenter 3
IP Underlay
12 Copyright © 2013 Juniper Networks, Inc.
CONTRAIL ON IP NETWORK
10.1.1.1 10.1.1.2
70.10.10.1 151.10.10.1
10.1.1.2: NH = 151.10.10.1; LBL = 17 10.1.1.1: NH = 70.10.10.1; LBL = 39
10.1.1.1 10.1.1.2 PAYLOAD
VRF
PriSrcIP PriDstIP
10.1.1.1 10.1.1.2 PAYLOAD LBL=17 GRE 70.10.10.1 151.10.10.1
PubSrcIP PubDstIP
VM
VRF
PriSrcIP PriDstIP
10.1.1.1 10.1.1.2 PAYLOAD
PriSrcIP PriDstIP
VM
IP Network
Agent Agent
XMPP XMPP BGP Based Control Plane
Configura/on Management
REST/API
10.1.1.2:NH = 151.10.10.1; LBL = 17 10.1.1.1:NH = 70.10.10.1; LBL = 39
(Dynamic Tunnel Encapsula/on) (Dynamic Tunnel Decapsula/on)
Server 1 Server 2
Control Plane
*Outer MAC header was le_ out inten/onally to reduce clu`er
10.1.1.1:NH = 70.10.10.1; LBL = 39 10.1.1.2:NH = 151.10.10.1; LBL = 17
Control Plane
13 Copyright © 2013 Juniper Networks, Inc.
CONTRAIL TECHNICAL APPROACH
Contrail Controller
Orchestrator
Configura/on Analy/cs
Control Plane
Virtualized Server VM VM VM
Virtualized Server VM VM VM IP fabric
(underlay network)
Cloud Orchestration
JunosV Contrail
Hypervisor, Contrail vRouter
XMPP
BGP, Netconf
Juniper & 3rd party Services *
VXLAN or MPLSoGRE/UDP
• = Juniper and 3rd party services can also be physical devices (e.g. SRX) or hypervisor services (e.g. vGW) ** = Other Orchestration System support like Cloudstack, Customer OSS/BSS System
External IP Network
Router Gateway
14 Copyright © 2013 Juniper Networks, Inc.
SUMMARY – SCALE-OUT NETWORKING SYSTEM
CONTRAIL System
Configura/on Node Configura/on
Node
Control Node Control
Node
Compute Node
(Virtual Router) Service Node
(SRX, Firefly, JSP, ...)
Analy/cs Node Analy/cs
Node
Gateway Node
(MX, EX/QFX, ...)
Orchestrator (OpenStack)
REST
IBGP
IF-‐MAP
XMPP BGP, NETCONF