Upload
ozkan01
View
752
Download
1
Tags:
Embed Size (px)
Citation preview
OPENCONTRAIL
Openstack Meetup
Simple, Open and
Agile Network Virtualization Michael [email protected]
WHAT ARE THE REAL PROBLEMS…
CONFIGURED,
MANAGED
Whatever happened to Web2.0?
WHAT ARE THE REAL PROBLEMS…
Cloud? Scale-out? ….
SCALE-UP
SYSTEMS
WHAT ARE THE REAL PROBLEMS…
Virtualization? Orchestration?
HARDWARE
SERVICES
WHAT ARE THE REAL PROBLEMS…
Big Data? Analytics? ….
LOW VISIBILITY
NETWORKING PROBLEMS IN A NUTSHELL
CONFIGURED,
MANAGED
HARDWARE
SERVICES
LOW VISIBILITY
SCALE-UP
SYSTEMS
POOR MANAGE-ABILITY
INFLEXIBLE SYSTEMS
HARDWARE CENTRIC
CUSTOMER PROBLEMS
DATA-CENTER NETWORKING
LOAD BALANCER
FIREWALL
VLANS VLANS
FINANCE HR MARKETINGPhysical Servers Local Hard Drives
LOAD BALANCER
FIREWALL
Admin
Config
MARKETING FINANCE HR
VIRTUALIZED
Centralized Management & Control, Policy provisioning
Network Virtualization and Centralized Services Management
OpenContrail
SERVICE PROVIDER NETWORK
SGSN / MME
SBC
Media
Gateway
FW
SLB
DPI
CACHING
GGSN / P-
GW
Mobile Edge
Broadband
Edge
Business EdgeCore / Backbone
PCRF
Scalable Virtual Service on x86
Scalable Virtual Service on x86
Private networks
SP DATACENTER
BRAS/VPN Edge
FW – IPS – PDF – DDoS
FW – IPS – PDF – DDoS
Service Load
BalancingService Load
Balancing
L3VPN-ENABLED
SP CORE/BACKBONE
BUSINESS EDGE
BROADBAND EDGE
MOBILE EDGE
Dynamic Service Provisioning, Scaling;
Service Chaining
Services – Firefly, Web App
Secure, Ddos Secure, vSA
NFV: Virtualized Network Services with Centralized Management & Orchestration
What is network
virtualization?
L2/L3 L2/L3
L3 L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
L2/L3 L2/L3
L2 L2 L2 L2 L2 L2
L2 SwitchL2 Switch
Multi-Chassis LAGTRUNK
Routing & Filteringbetween VLANs
VLAN Span Limit
LEGACY DC - LIMITED VLAN SPAN
ToR ToR
Routing & Filteringbetween VLANs
No VLANs Across L3 FW
LB
FW
LB
L3 L3
L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3 L2/L3 L2/L3
L3 ToR
L2/L3
L3 L3 L3 L3
L3
CLOUD DC - OPENCONTRAIL L2/L3 OVERLAY
vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter vRouter
Hypervisor vRouter handles L2/L3
Hypervisor vRouter performs NAT
= multi-tenant VRF
Service Insertion Service Insertion
External Network
Servers
OPENCONTRAIL
NETWORK
VIRTUALIZATION
WHY NETWORK VIRTUALIZATION
Physical
Servers
IPS
LBs
FWs
Routers
VLAN
VLAN
VLAN
ACLs
FW
Policies
LB
Policies
Standalone Application
(Dedicated Resources)
SEGMENTED
NETWORKS
WAN
Technology Silo Evolving Applications
(on Resource Pool)
WAN
Virtual WAN
Network
VMVMVM
VMVMVM
VMVMVM
STORAGE POOL
FW Service POOL
LB Service POOL
COMPUTE POOL
Dynamic Virtual Network
+
Service Orchestration
?
Common Resource Pools (Datacenter & Beyond)
External Cloud Based
Resources
Scale-Out
Model
Physical Switching Fabric ~ Physical Compute Servers Giant Pool of Resource that is Sliced based on Demand
Rack Once, Configure Once
New Applications and/or Tenants do not affect Physical Fabric Configuration
WHAT IS NETWORK VIRTUALIZATION
•Independent of Physical Network Location or State
– Logical Network across any server, any rack, any cluster, any data-center
– Virtual Machines can migrate without requiring any reworking of security policies,
load balancing, etc
– New Workloads or Networks should not require provisioning of physical network
– Nodes in Physical Network can fail without any disruption to Workload
•Full Isolation for Multi-tenancy and Fault Tolerance
– MAC and IP Addresses are completely private per tenant
– Any failures or configuration errors by tenants do not affect other applications or
tenants
– Any failures in the virtual layer do not propagate to physical layer
THE IMPORTANCE OF ABSTRACTION
BMS
R4
OpenStackOpenContrail
ControllerNeutronNova
VM
G1
VM
G2
VM
G3VM
R1
VM
R3
VM
R2
VM
FW
PHYSICAL TOPOLOGY
Complex
• Low level of abstraction
• Many vrouters
• Many routing-instances
• Many tunnels
• Many routes
Complex to configure
Complex to troubleshoot
NMS/EMS
OPENCONTRAIL –VIRTUALIZED & AUTOMATED NETWORK
CONTROL PLANE, MANAGEMENT PLANE
NETWORK PROGRAMMABILITY
ENABLING NFV (NETWORK FUNCTION VIRTUALIZATION)
VIRTUALIZED NETWORK SERVICES
INTEROPERABILITY WITH PHYSICAL
NETWORK
NETWORK VIRTUALIZATION (PRIVATE, HYBRID)
CONVERGED NETWORK ORCHESTRATION
AUTOMATION, ANALYTICS
VIRTUAL
NETWORKS
VIRTUALIZED
SERVICES
THE NEW NETWORK – BUILDING BLOCKS
GATEWAYS
NETWORK AND
PACKET POLICY
PROVIDED BY OPEN BGP VPN
TECHNOLOGIES
NETWORK POLICY FOR
TOPOLOGY AND PACKET FOR
TRAFFIC CONTROL
NETWORK FUNCTIONS AND
SERVICES STITCHED TO
TOPOLOGY
CONNECTS VIRTUAL AND
PHYSICAL DOMAINS
ROLE OF OPENCONTRAIL IN INTEGRATED STACK
Service Nodes
Internet VPN DCI WAN
Gateway Router
OpenContrail
Orchestrator
Compute APIs Storage APIsNetwork APIs
Server
Virtual Machine vRouter
Physical Switches
vSRX, F5 …
OPENCONTRAIL SOLUTION OVERVIEW
OpenContrail Controller
Configuration Analytics
Control
Server
VM VM VM
Server
VM VM VMIP fabric(underlay network)
Juniper Qfabric/QFX/EX or 3rd party underlay switches
Juniper MXor 3rd party gateway routers
Tenant VMs
BGPFederation
BGPClustering
OpenContrail Controller
REST
XMPP
CONTROLLER
Control
Orchestrator
XMPPBGP + Netconf
OpenContrail vRouter (L2 & L3)on KVM, Xen and ESXi/HyperV in 2014
2014
DEMO
2 TIER NETWORK DEMO TOPOLOGY
BACK-END
DATABASE TIER
NETWORK
FRONT-END
WEB-TIER
NETWORK
BE1 BE2 BE3 FE1 FE2 FE3
MX Gateway
Policy to connect front-end and back-end
Centralized Control, Policy provisioning
Internet
Demo Machine connecting to Openstack Horizon and Contrail GUI
Floating IP
OpenContrail
Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper.
Same features and scaling as commercial versionUses proven stable standards. Production-Ready
Permissive license Apache 2.0 (Controller), GPL (vRouter)
Integrated into open source virtualization stacksOpenStack, CloudStack
WHAT?
Run OpenStack and OpenContrail on your laptop or in a VM
WHY?
Use to build & test OpenStack and OpenContrail code
Just play with OpenStack/OpenContrail features
HOW?
Ubuntu server/VM with 4GB RAM, access to github
DEVSTACK + OPENCONTRAIL
Install packages: git-core, ant, build-essential, pkg-config
Download DevStack
(git clone [email protected]:/dsetia/devstack.git)
Edit localrc (set PHYSICAL_INTERFACE)
Run stack.sh
Installs Glance, Nova, Horizon, Keystone, Cinder
And OpenContrail (as a Neutron plugin)
DEVSTACK + OPENCONTRAIL (in-a-box)
Open architecture easily integrates with open cloud orchestration
platforms
Build on standards protocols and supporting ANY Hypervisors
Ultimate transparency and openness with OpenContrail.org
OPEN
Seamless integration with physical networks
SDN as complier hiding complexity
Service chaining for simple provisioning and management
SIMPLE
Automated provisioning and creation of virtual networks
Enables workload mobility between private, public and hybrid clouds
Unique analytics capabilities for planning and modeling
AGILE
Virtual Services & SDN Technology Partners Cloud Orchestration Partners
8 WAYS TO GET INVOLVED1. See what developers are saying about Contrail
2. Read the blog: http://opencontrail.org/blog/
3. See a demonstration: http://www.youtube.com/watch?v=TnqNNvGmfcE
4. Go to a meet-up: http://opencontrail.org/events/category/all-events/
5. Read up on SDN: http://www.sdncentral.com/
6. Join the community: http://opencontrail.org/community/
7. Download the code: www.opencontrail.org
8. Call your Juniper contact
JOIN THE DISCUSSION!
Join [email protected]
Follow Us
DOWNLOAD THE CODE!!!http://juniper.github.io/contrail-vnc/README.html