Upload
guido-frabotti
View
309
Download
2
Tags:
Embed Size (px)
DESCRIPTION
DC architectures future proof
Citation preview
GDATA CENTER ARCHITECTURES
Guido [email protected]
APPLICATIONS ARE DRIVING IT TRANSFORMATION
CloudsVirtualization SDN
DATACENTER = METAFABRIC ARCHITECTURE PORTFOLIO
Flexible building blocks; simple switching fabricsSwitching
Universal data center gatewaysRouting
Smart automation and orchestration toolsManagement
Simple and flexible SDN capabilitiesSDN
Adaptive security to counter data center threatsData Center Security
Reference architectures and professional servicesSolutions & Services
METAFABRIC LAYERS
FOUNDATION TECHNOLOGIES
40G Optics40G OpticsMulti-Silicon StrategyMulti-Silicon Strategy
L3 L3 FAT TREEFAT TREE
Virtual Virtual Chassis FabricChassis Fabric
QFABRICQFABRIC Universal Universal SDN GatewaySDN GatewayPHYSICAL
INFRASTRUCTURE
SRX SRX Security ApplianceSecurity Appliance
VMwareVMwareNSXNSX
Juniper Juniper FireFlyFireFly
JuniperJuniperContrailContrail
OpenOpenContrailContrail
OpenOpenDaylightDaylightNETWORK
VIRTUALIZATION
NETWORK FUNCTIONVIRTUALIZATION
Service-Chaining (DPI, Caching, NAT, Firewall)Service-Chaining (DPI, Caching, NAT, Firewall)
JunOS SpaceJunOS SpaceINTEGRATEDAPPLICATION AWARENESS
METAFABRIC ARCHITECTURE PILLARS
Easy to deploy & use
Save time, improve
performance
Maximizeflexibility
Simple SmartOpen
METAFABRIC REFERENCE ARCHITECTURE
Validated and tested designs
Version 1.1 – virtualized (VMware) Enterprise data center with key partners (IBM, EMC, F5)
Reduce risk – accelerate customer adoption
SWITCHING
JUNIPER ARCHITECTURES
Juniper ArchitecturesJuniper Architectures
Open ArchitecturesOpen Architectures
MC-LAG
…
QFX5100
Virtual Chassis
Up to 10 members
QFabric
Up to 128 members
IP Fabric
L3 Fabric
Virtual Chassis Fabric
Up to 20 members
BenefitsSingle point of management and controlPurpose-built and turnkey
BenefitsFlexible deployment scenariosOpen choice of technologies and protocols
One Architecture Does Not Fit All,
QFX5100 enables Choices!
JUNIPER ARCHITECTURE SCENARIOS
Juniper ArchitecturesJuniper Architectures
Core
Distribution
Access
QFabric Virtual Chassis Fabric
DEPLOYMENT SCENARIO DETAILS
Juniper Architectures
Attribute
Control Plane
Latency
Storage Convergence
1G Copper
1G Fiber
10G Copper
10G Fiber
MAC Addresses
ARP Entries
VLANs
Technology
VXLAN L2 Gateway
QFX3000-M/G
Centralized
3 μs /5μs
Yes
768/6,144
768/6,144
768/6,144
768/6,144
1,536,000
20,000
4K
QFabric
No
VCF
Centralized
1.5μs
Yes
1,536
1,536
1,536
288,000
48,000
4K
Virtual Chassis Fabric
Yes
1,536
Control Plane: VCF (in-band) vs. QFabric (out-of-band)
QFabric for large scale only
ISSU on VCF
ComparisonComparison
OPEN ARCHITECTURE SCENARIOS
Juniper ArchitecturesJuniper Architectures
Open ArchitecturesOpen Architectures
Core
Distribution
Access
QFX5100
or
EX9214
EX4300-VC
QFX5100
or
EX9214
QFX5100
EX9214
VCF
or
QFX3000-M
QFX5100
or
EX9214
QFX5100
QFX5100 when possible, otherwise EX9214 if required for scale
DEPLOYMENT SCENARIO DETAILS
Attribute
Control Plane
Latency
Storage Convergence
1G Copper
1G Fiber
10G Copper
10G Fiber
MAC Addresses
ARP Entries
VLANs
Technology
QFX5100-96S
+
EX4300-VC
Distributed
2μs
No
4,608
3,072
No
No
288,000
48,000
4K
MC-LAG
Open Architectures with the QFX5100 Spine
QFX5100-96S
+
QFX5100-48
Distributed
2μs
No
4,608
4,608
No
No
288,000
48,000
4K
MC-LAG
QFX5100-24Q
+
QFX5100-48
Distributed
2μs
No
No
No
896
896
288,000
48,000
4K
MC-LAG
QFX5100-24Q
+
QFX5100-24Q
Distributed
2μs
No
No
No
No
1,536
288,000
48,000
4K
MC-LAG Low latency overall
Port Density varies (<4,608)
QFX5100-96S + EX4300-VC for 1G deployment
ComparisonComparison
DEPLOYMENT SCENARIO DETAILS
Attribute
Control Plane
Latency
Storage Convergence
1G Copper
1G Fiber
10G Copper
10G Fiber
MAC Addresses
ARP Entries
VLANs
Technology
EX9214
+
QFX5100-48
Distributed
19μs
No
15,360
15,360
3,840
3,840
1,000,000
256,000
24K
MC-LAG
EX9200
QFX3000-M
Distributed
19μs
Yes
4,032
4,032
4,032
4,032
1,000,000
256,000
24K
MC-LAG
Open Architectures with EX9214 Spine
EX9214
+
EX4300-VC
Distributed
19μs
No
15,360
No
No
No
1,000,000
256,000
24K
MC-LAG High Port Density
Higher logical scale
Higher latency overall
QFX9214 + EX4300-VC for 1G deployment
EX9200 + QFX3000-M for storage convergence
EX9214: 240 10G ports at line rate
ComparisonComparison
VIRTUAL CHASSIS FABRIC
VIRTUAL CHASSIS FABRIC
What and Why
switching building blocks
EX4300
QFX3500
QFX3600
QFX5100
Network DirectorNetwork Director
APIs
Single Point of Management Full Layer 2 and Layer 3 ECMP Transit FCoE
Topology Independent ISSU Plug and Play Provisioning 4 spines and 16 leaves VXLAN L2 Gateway
Virtual Chassis Fabric
SERVER AND STORAGE CONNECTIVITY
Any Ethernet Media, High Resiliency,Flexible deployment10/100/1000M Copper10/100/1000M Fiber10G Copper10G Fiber10G or 40G FabricAny-port connectivityIn-Service Software Upgraden-Way multi-homingActive-Active pathsSingle Point of ManagementFCoE TransitiSCSI / NFS / CIFSLossless Ethernet / DCBHardware SDN support
Server Storage
QFX5100 QFX5100 QFX5100 QFX5100
10GbE POD 1/10/40GbE POD 1GbE POD
Spine QFX5100-24Q QFX5100-24Q QFX5100-48SQFX5100-96S
Leaf
QFX5100-48S
QFX5100-24Q
QFX3500 & QFX3600
QFX5100-48S
QFX5100-24Q
QFX3500 & QFX3600
EX4300
EX4300
10/40GbE spine and 1/10/40GbE leaf nodes
1, 10, 40, GE – ALL IN ONE FABRIC
10GbE 1/10/40GbE 1GbE40G
10G
2 spine nodes
10G 10G10G
QFX5100-24Q
1 2 18
10G 10G
3 4
QFX5100-48S
1 2
2 X uplinks
• 18 x 10GbE racks
• 936 x 10GbE ports 6:1 OS
10G 10G10G
QFX5100-24Q
1 2 16
10G 10G
3 4
1 2 3 4
QFX5100-24Q QFX5100-96S8 X uplinks
• 16 x 10GbE racks
• 1,536 x 10GbE ports 3:1 OS
4 spine nodes
2 OR 4 SPINE NODE DEPLOYMENTS
40G 40G
Integrated Routing Engine (RE)Inline Control PlaneControl Plane
VCF INTEGRATED CONTROL PLANE
• Dual RE (routing engine) with backup’s
• Distributed In-Band Control plane• VCCPD running on all members • Automatic fabric topology discovery• Loop-free fabric forwarding path construction
• Control traffic protection for converged fabric
Master Backup
Intelligent spine and leaf nodesFederated state
Distributed Forwarding
Data Plane
Backup RE
• All Fabric links active-active
• Traffic load balanced on all links
• 1.8usec inter rack latency
Master RE
• In rack switching
• 550nsec in rack latency
• 16 way server multi-homing
VCF INTEGRATED DATA PLANE
VCF DEPLOYMENT METHODS
Auto-provisioned
• Plug and Play• Pre-provision Spine Switches using single CLI• Remaining switches will join VCF automatically as a line card
Pre-provisioned
• No ambiguity of member role• All switches will be pre-provisioned into VCF
Non-provisioned
• Flexible• Configure VCP ports then regular VC master election will happen
automatically
{set | delete} virtual-chassis {pre-provisioned | auto-provisioned}
SMART TRUNKS
L1
T1
T2
T12
L2
L3
S1
S2
• Automatic fabric trunks• Fabric trunk types
• Next Hop (NH)-trunks• Remote Destination (RD)-trunks
• Weights-based multi-path (instead of NH link) bandwidth ratio to avoid fabric congestion
30G30G
15G15G
15G15G
10G10G
10G10G10G
20G20G
10G10G
20G20G15G15G
25G25G
30G30G
Virtual ChassisFabric AdaptiveFlowlet Splicing
Virtual Chassis Fabric versus others
10GbE scale 1000+ 1500+
Local forwarding No Yes
Intra rack latency 1.7usec 0.550usec
Inter rack latency 2.4usec 1.8usec
ISSU No Yes
Server multi-homing 2 way 16 way
Overlay gateway No Yes
Segmentation VR VR and MPLS
Power per switch 1000W <200W
Juniper VCFOther
Attribute
Flexible Topologies
ISSU
VXLAN L2 Gateway
NSX Control Plane
Single-point of Mgmt
Other
Only MLAG
Only spine
Only leaves
Only leaves
No
Juniper QFX5100
VC,MCLAG,VCF,QF
Yes – spine and leaf
Yes – spine and leaf
Yes – spine and leaf
Network Director
ISSUNetwork DirectorOverlayArchitecture choices
Juniper AdvantageJuniper Advantage
Virtual Chassis Fabric versus others (2)
L3 IP FABRIC
SPINE AND LEAF
Spine Spine
Leaf Leaf Leaf Leaf
Ingress
Middle
Egress
Scale
CLOS REQUIREMENTS
Requirement OSPF IS-IS BGP
Advertise prefixes Yes Yes Yes
Scale Limited Limited Yes
Traffic Engineering Limited Limited Yes
Traffic Tagging Limited Limited Yes
Multi-Vendor Stability Yes Yes Even more so
MULTI-STAGE CLOS BGP OVERVIEW
Spine Leaf Access
BGP RR Cluster
eBGP
BFD
iBGP
BFD
BGP ASN 1 BGP ASN 11
vSpine
MULTI-STAGE CLOS BGP DETAIL
SpineBGP RR
iBGP Down
LeafiBGP Up
eBGP Down
AccesseBGP Up
96x10GE 96x10GE 96x10GE 96x10GE 96x10GE 96x10GE 96x10GE 96x10GE
vSpine1 – ASN 1 vSpine2 – ASN 2
32x40GE 32x40GE 32x40GE 32x40GE 32x40GE 32x40GE 32x40GE 32x40GE
BGP RR BGP RR BGP RR BGP RR
eBG
P
ASN 11 ASN 12 ASN 13 ASN 14 ASN 15 ASN 16 ASN 17 ASN 18
iBGP iBGP
ROUTING & SDN
WAN (MPLS, IP)
MX: UNIVERSAL SDN GATEWAY
Vmware NSX Based POD Contrail SDN based POD Legacy, VLAN based POD
L2: EVPN, VPLS
L3: L3VPN, NG-MVPN
Industry leading L2-L3 LAN-WAN-Overlay Gateway
Standards based, multivendor solutions
Highly scalable, virtualized, multitenant connectivity
Vmware (VxLAN) POD
Contrail (MPLS, VxLAN) POD VLAN POD
Any to any gateway Universal SDN Gateway
Building on proven track record in major DC and SP deployments
With extensible, future proof platform capabilities
GW GW GW
USG COMPARISONS
Description
QFX5100
EX9200/MX
Layer 2
USG
Provide SDN-to-non-SDN translation, same IP subnet
✔
✔
NSX or Contrail talk Layer 2 to non-SDN VMs, bare metal and L4-7 services
Use Cases
Layer 3
USG
Provide SDN-to-non-SDN translation, different IP subnet
✔
NSX or Contrail talk Layer 3 to non-SDN VMs, bare metal and L4-7 services
and Internet
SDN
USG
Provide SDN-to-SDN translation, same or different IP subnet, same
or different Overlay
✔
NSX or Contrail talk to other PODs of NSX or Contrail
WAN
USG
Provide SDN-to-WAN translation, same or different IP subnet
✔
NSX or Contrail talk to other remote locations–
branch, DCI
X86 Appliance ✔ ✔
Competing ToRs ✔
Competing Chassis ✔
USG(Universal SDN Gateway)
USG(Universal SDN Gateway)
CONTRAILEXTENDING ADVANCED NETWORKING INTO THE VIRTUAL WORLD
Physical Network(no changes)
Analytics
CONTRAIL CONTROLLER
ControlConfiguration
Physical Host with Hypervisor
vRouter
VM VM VM VM
Physical Host with Hypervisor
vRouter
VM VM VM VM
WAN, Internet
Gateway
Simple, open and agile Virtual network overlay
Developer momentum OpenContrail community
VXLAN
• Virtual eXtensible Local Area Network (VxLAN)
• L2 connections within IP overlay– Unicast &
multicast
• Allows flat DC design w/out boundaries
• Simple and elastic network
• Options to run with and without SDN controller
WAN
Overlay environment
TOR
IP overlay connections established between VxLAN end-points of a tenant
IP overlay connections established between VxLAN end-points of a tenant
Gateway between
overlay LAN: one end of the VxLAN tunnels
Gateway between
overlay LAN: one end of the VxLAN tunnels
VDSVDS
VMVM
VMVM
VMVM
VMVM
VMVM
VMVM
Hypervisor / distributed
Virtual Switch – other end of
VxLAN tunnels
Hypervisor / distributed
Virtual Switch – other end of
VxLAN tunnels
Fully meshed unicast tunnels – for known L2 unicast traffic
Fully meshed unicast tunnels – for known L2 unicast traffic
PIM signaled multicast tunnels for L2 BUM traffic
PIM signaled multicast tunnels for L2 BUM traffic
Management Station
ETHERNET VPN (EVPN)
LAG
A new standards based protocol to inter-connect L2 domains
Juniper leading the multi-vendor industry wide initiative
Improves network efficiency
Ideally suited for Datacenter Interconnectivity
Allows L2 multi-tenancy in IP fabric DC
BGP based state
exchange
EVPN router
EVPN router
LAN
WAN
WHY EVPN
Where is EVPN Applicable: – DC Interconnect – allowing L2 stretch between data centers over WAN– For multi-tenancy in DC with VxLAN or MPLS as transport– Next generation L2VPN technology that replaces VPLS
Which customers will be interested in EVPN :– Data Center Builders – SPs, Enterprises, Content providers– These customers use MX is a DC WAN Edge Router– These customers use MX as a PE router for L2 business services
USE CASE: EVPN FOR DATA CENTER INTERCONNECT
VLAN 1MAC1
VLAN 2MAC 2
VLAN 1MAC11
VLAN 2MAC22
Data Plane LearningData Plane Learning BGP Control Plane based learning on WAN
BGP Control Plane based learning on WAN Data Plane LearningData Plane Learning
MX Series MX Series
Data Center Site1 Data Center Site 2 Data Center Interconnect
EVPN CloudEVPN Cloud
Legacy L2 CloudLegacy L2 CloudVxLAN CloudVxLAN Cloud
Benefits:•Seamless interconnect between DCs - L2 stretch between DCs•Seamless Workload migration - VM mobility across DCs•Wide Applicability – Interconnects Native L2 and overlay technologies
SECURITY
SMART DATA CENTER SECURITYRAPID THREAT IDENTIFICATION AND PREVENTION
Leading high-end firewall
Proven data center scale
Virtual host and perimeter security
Smart groups—automatic policy control
Optimized for performance
FireflySRX Series
Firewall
VM
VM
VM
Virtual Physical
VM
VM
VM
Virtual Physical
Data Center Global Attacker Database
Spotlight
MANAGEMENT
JUNOS SPACESMART NETWORK MANAGEMENT FROM A SINGLE PANE OF GLASS
VirtualNetworks
PhysicalNetworks
API
Visualize Physical and virtual visualization
Analyze Smart and proactive networks
Control Lifecycle and workflow automation