Upload
duongnhan
View
239
Download
2
Embed Size (px)
Citation preview
USING OPENCONTRAIL TO SOLVE REAL-WORLD USE CASES
Stuart MackieContrail Solutions GroupNovember 2015
2
NETWORK/CLOUD TECHNOLOGY INTERCHANGE
Technology interchange benefits cloud and networks Cloud Technology
Common x86 platformShared service infrastructureService automation
Network TechnologyOverlay networking (MPLS/VXLAN)Control plane (BGP)Network load balancing (ECMP)
Cloud BenefitsSoftware-defined networkingNetwork scaleSecurityResilience
Network BenefitsService agilitySelf-serviceOn-demandElastic scaling
3
CONTRAIL - BASED ON MPLS VPN TECHNOLOGY
VM
Hypervisor with vRouter
Server
Tenant VRF
Encapsulation Tunnel
XMPP (BGP)
Datacenter
RouteReflectorBGP
Provider Network
L3 VPNs for Inter-Site ConnectivityTraffic segmentation in the WANMPLS over MPLS label encapsulation tunnelsBGP route signaling
Contrail Virtual Networks in DatacentersTraffic segmentation in the LANMPLS over GRE or VXLAN label encapsulation tunnelsXMPP (with BGP payload) route signaling
Protocols,Architecture
Customer Site
CE Router
PE Router
Customer VRF
Encapsulation Tunnel
OpenStack Cloud ManagerContrailController
4
UnderlaySwitch
vRouter
ControlNode
ControlNode
UnderlaySwitch
vRouterVM VM
IBGP
XMPP
MPLS over GRE or VXLAN
ConfigNode
OpenStack
AnalyticsNode
SDN System
Contrail
P PPE PE
RouteReflector
RouteReflector
CECE
IBGP
IBGP
MPLS over MPLS
Network Management System (NMS)
DMI
MPLS L3VPN / E-‐VPNGateway
BGP
5
SCALE OUT, HIGHLY AVAILABLE ARCHITECTURE
Logically Centralized(Physically Distributed)
Horizontally Scalable
Highly Available(Active-‐Active)
Federated
ConfigurationNodes
ControlNodes
AnalyticsNodes
IF-‐MAP
REST REST
XMPP
BGP
BGP, Netconf
vRouters Gateways
BGP DatabaseNodes
Web UINodes
https://github.com/Juniper/contrail-‐controller/wiki/Roles-‐Daemons-‐Ports
HTTP
6
FEDERATED DOMAINS UNIFIED CONTROL PLANE ACROSS PHYSICAL/VIRTUAL NETWORKS
Control Node
Control Node…
Config Node
x86 Host + Hypervisor x86 Host + Hypervisor
Underlay Switches
XMPP
BGP
MPLSoGRE, MPLSoUDP, VXLAN
vRouter vRouter
BGPRoute Reflector
Route Reflector …
BGP
BGP
PE PEPE
NMS
WAN Control/Mgmt
Orchestration, OSS/BSS
OpenContrail
Cloud Management
Public Network
CLOUD DCIP / MPLS VPN
7
OpenContrail Advisory Board (OCAB)§ Industry veterans and key project users/adopters§ Governance, Evangelism, Roadmap, Operational efficiency
OPENCONTRAIL OPENSOURCE APPROACH(For more info visit www.opencontrail.org)
Continuous Integration/Development
Features & Bug fixes
Single Github Source Code Repository
OpenContrail Community Release
Community Support(Email, IRC, Forums)
Juniper Contrail Releases§ Hardened for Production§ Licensed Software§ 24x7 JTAC & Engineering
Bug Fix Release
Launchpad
Open Source (Users, Devs)
Bugs,Design Blueprints
Customers
xx
OpenContrail Developer Community§ Majority Juniper, Some External developers§ Proposing features & Contribute Code§ Participate in Code review process
Community Release
8
CONTRAIL - KEY FEATURES
Routing & Switching(IPv4, v6)
IPAM, DNS, DHCPSNAT, FIP, QoS
Load BalancingSecurity Policy Enf., Distributed FW 3rd Party Netw. Svc.
Gateway Services (L2, L3 GW)
Rich Analytics, Overlay-Underlay Correlation
Service Chaining High Availability API Services
9
VIRTUAL NETWORK GREEN
Host + Hypervisor Host + Hypervisor
FEATURE: DISTRIBUTED SECURITY POLICY
VIRTUAL NETWORK BLUE
VIRTUAL NETWORK YELLOW
Contrail Security Policy (Firewall-like e.g. allow only HTTP traffic)
Contrail Policy with a Firewall
Service
IP fabric(switch underlay)
G1 G2 G3
B3
B1B2
G1
G3
G2
Y1 Y2 Y3B1 B2 B3
Y2Y3Y1
VM and virtualized Network function pool
Intra-network traffic
Inter-network traffic traversing a service
… …
LOGICAL
(Centralized Policy Defn)
PHYSICAL
(Distrib. Policy Enforcement)
Non-HTTP traffic
10
FEATURE: SERVICE CHAININGSVC 1 VM SVC 2 VM
L4 L6
L3
L5L3
R1 R2
L4
Srvr IP = S1
Server IP = S2
Srvr IP = S4
L5 L6
Srvr IP = S3
Locally significant MPLS Labels
§ Seamless insertion of Juniper & unmodified 3rd Party services using existing L3VPN connections
§ Allows multiple Services in a chain§ Allows multiple service chains between virtual networks
§ Supports L3 services without the use of a gateway
RI for non-svc-chain traffic
LOGICAL
PHYSICAL
G1 G2
VIF 2 L2
Interf = VIF 1 Label = L1
VIF 4 L8
Interface = VIF 3 Label = L7
Dst Next Hop
G1 S2 à L3
G2 S2 à L3
R1 VIF 1
R2 VIF 2
Dst Next Hop
R1 S1 à L1
R2 S1 à L2
Dst Next Hop
G1 S3 à L5
G2 S3 à L5
Dst Next Hop
R1 S2 à L4
R2 S2 à L4
Dst Next Hop
G1 S4 à L7
G2 S4 à L8
Dst Next Hop
R1 S3 à L6
R2 S3 à L6
G1 VIF 3
G2 VIF 4
SVC 1 VM SVC 2 VM
X86 Servers
Routing Instances
R1 R2
Virtual Network Red
L2L1
Virtual NetworkGreen
G1 G2
L7 L8
IP Fabric
11
FEATURE: ANALYTICS
12
FEATURE: UNDERLAY-OVERLAY CORRELATION
§ Visual representation of topology (discovered using LLDP)
§ What underlay path are taken by flows (active or historical)
§ Delails of VMs, vRouters, and underlay components
§ Details of active flows
§ Ability to show historical flows as well
13
CUSTOMER USE-CASES
14
CONTRAIL CUSTOMERS & USE-CASES1. Greenfield Cloud Services 2. Enterprise Migration 3. Managed SP (NFV / SD-WAN)
SaaS or IT-as-a-Service Customers:§ Large SaaS (HCM Software) Enterprise (US) § Large Security Enterprise (US)§ CloudWatt§ Social Networking Software Enterprise (US)§ US-based Gaming Enterprise § Large Industrial Internet Enterprise (US) § …
Description / High-Level Requirements (HLR) § Launch VMs, Containers into Virtual Networks
with IPAM, DNS, DHCP.§ Connect the VNs with Security Policies§ Use VNFs using Service Chaining§ Application launch automation like Heat
(Openstack) or Kubernetes (for Containers)
Orchestration Systems§ OpenStack, VMware, Docker
BMaaS and Legacy Interconnect Customers:§ Large APAC based Telco§ Large US-based Telco§ Juniper IT§ …
Description / HLR§ Dynamically connect BMS’s (or VMs)
hanging from TORs into Virtual Networks (VXLAN)
§ Provide L3 Gateway to the Virtual Networks§ Drive entire provisioning through API § Provide underlay-overlay correlation
Orchestration Systems§ Not Relevant
Telco Cloud, SDWAN, NFV Customers:§ NTT I3 ESI§ US-Based Tier-1 Telco§ APAC based Telco§ EMEA Based Tier-1 Telco§ EMEA Based Tier-1 Telco§ …
Description / HLR§ Dynamically insert VNFs on a Customer
Premises Equipment§ Dynamically insert VNFs in Mobility DCs to
enable virtual EPC, etc. § Service Chaining of different services (L2, L3,
PNF)§ Automated orchestration of customer driven
services
Orchestration Systems§ OpenStack, VMware, Docker
15
NFV USE-CASE: XCPESOLUTION REQUIREMENTS
CPE Device(compute node)
Multiple LAN Interfaces (wired / wireless)
CUSTOMER SITE
…
POP
Analytics
INTERNET / CUSTOMER’s OWN ACCESS NW
Internet Access / Connectivity
On Premise Services
Services & Service Chaining on a Contrail Cloud Cluster
1
2b
2a
42a
Hypervisor
1. Initial Provisioning à Once the CPE device comes up it calls home, gets info on which DC/POP to connect to, establishes a secure connection to the PoP. Contrail Controller running in the DC/POP, manages/provisions the CPE device, assigns IP, etc., through OpenStack heat templates
2. CPE Device is just as another compute node à vRouter in the CPE device, and the DC compute nodes àa. Service Chaining: Enable services to be chained on the CPE as well as the ones in the DC. (Note that for the CPE device which cannot run vRouter in the
data plane, vRouter agent could be running in the user space and programming the data plane for forwarding.)b. Analytics: Granular flow statistics information is communicated back to the Controller (analytics node) from the vRouter (both from CPE & the DC compute
nodes)3. Centralized Portalà Policy (heat templates) definition + Monitoring, diagnostics, analytics (aggregates statistics info across all POPs/DCs) 4. Internet Connectivity à to the customer environment is provided from the DC or directly from the CPE device (through split tunneling)
3
Secure Connection over Internet or access network
Centralized Operator Portal (management/pr ovisioning + monitoring + Billing) + Customer Self Care Portal
L3VPN or Expensive Link
Management & Provisioning
16
DC / POP SITECUSTOMER SITE
CONTRAIL ARCHITECTURECPE IS NOTHING BUT A COMPUTE NODE
Physical IP Fabric(no changes)
CONTRAIL CONTROLLER
Linux Host + Hypervisor
ORCHESTRATOR
Linux Host Hypervisor
vRouter vRouter
Network orchestration
…
…
17
XCPE: PUBLIC CUSTOMER ENGAGEMENTS
ESI, an infrastructure for NFV-enabled enterprise networking, leverages Juniper Networks’ Contrail™ Cloud Platform, an OpenStack-based cloud orchestration platform
Orange Business Services has revealed details of a new offering for small and midsized businesses (SMBs) that makes use of SDN and NFV technologies and is due to become available under the EasyConnect brand.
Press Release: http://www.ntti3.com/blog//ntt-i3-introduces-elastic-service-infrastructure-to-enable-the-cloud-ready-enterprise
In the News: http://www.lightreading.com/nfv/orange-unveils-nfv-based-offering-for-smbs/d/d-id/714503
18
USE-CASE: ELASTIC SERVICE INFRASTRUCTUREENTERPRISE BRANCH NETWORKING AUTOMATION
Solution DescriptionCustomer Needs
1 Flexible Service Chaining§ Service Catalog / Marketplace with choice of services§ Service Chaining of Security and Network services§ Services run in POP or customer premises (ESE)§ APIs integration with self-service portal
§ Multi-tenant LBaaS, FWaaS, WanOpt-aaS capability§ Reduced TCO from low-cost CPE devices, (� cust support costs)§ Improved agility in introducing new (& upgrading existing) services§ Self-care portal for service enablement
Scale-out and on-demand security and connectivity services to business customers with light-weight device at customer premise
3 Open, interoperable Carrier-grade SDN Platform§ OpenContrail - scalable, performant & available SDN platform
§ BGP & other standards-based protocol for interoperability
4 Software Defined WAN§ Built on top of the Internet, using secure connection for data
and control traffic§ Integrates with existing L3VPN (wherever applicable)
2 Central management, monitoring, troubleshooting§ ESI Controller manages & monitors the environment centrally
§ OpenStack Heat to create service templates
Customer Branch
Customer DC
Software Defined WAN (L3VPN)
ESI Controller
4
2
ESE ESE
ESE ESE ESE
ESI POP
ESE ESE ESE
ESI POP
ESE ESECustomer HQ
Customer Premise
ESI POP (NTT DC)
COTS HW (X86, ARM, )
SDN / NFV Software StackVNFsMARKET PLACE
…
3
1
Internet
19
USE-CASE: ENTERPRISE NFV SERVICESolution DescriptionCustomer Needs
§Multi-tenant VPNaaS, FWaaS, WanOpt-aaS capability§ Reduced TCO from low-cost CPE devices, and reduced customer support costs
§ Improved agility in introducing new (& upgrading existing) services§ Self-care portal for service enablement
Scale-out and on-demand security and connectivity services to business customers with light-weight device at customer premise1 Contrail enabling Service Chaining on the vCPE
§ Security and connectivity services chained at the PE§ Svcs co-located with PE (no need for separate SP svc DC)§ APIs integration with self-care portal
3 Contrail’s robust L3VPN overlay architecture § Seamless integration with SP’s existing L3VPN offering§ Integrates with existing / legacy underlay networks
4 Integration with MX (PE)§ Dynamic traffic steering to services, using standards-based approach (via service policies)
§ Anchor point for service chains
2 Multi-tenant services for business customers § Separate VNF instance for separate customers§ Traffic segregation between customers using virtual networks§ Overlapping address space for tenants
Basic CE
Basic CE
PEPE
VPN IP/MPLS
VCPE VCPE
Contrail / OpenStack
Internet
4
12
3
20
USE-CASE: VIRTUALIZED MOBILITY / TELCO CLOUDSolution DescriptionCustomer Needs
1 NFV Platform (Contrail)§Modern L3-overlay based network built for scale, resiliency, automation
§ Virtualized 3rd party vEPCnetwork functions
§ Reduce operational and capital costs to run svcs in mobile core§ Simplify management of mobile packet core functions§ Reduce professional services expenses in customizing network § Ensure interoperability between different EPC functions§ Independent scale-out of 2G and 3G data path
Contrail SW offers a robust & resilient NFV platform for the mobile packet core functions
Radio Access Network
SGSN / MMEVNF
Internet
S / P -GW
Charging, Policy Control
MX
3 Simplified Management = operational efficiency§ Contrail & OpenStack used to centrally provision network elements
4 Integration with MX§ Programmatic traffic steering on MX from the VNF§MX as anchor-point for service chain
2 Reduced TCO * (Contrail)§ Standard X86 hardware, and open-source hypervisor /orchestration systems
§ Better resource utilization through automated service scale-out1
4
Contrail / Openstack3
2
* According to a recent ACG research, the estimated cost reduction is 53%
21
WAN GW
USE-CASE: MULTI- DC (DISTRIBUTED CLOUD)
LOGICAL
PHYSICAL
DC1 – VIRTUAL PRIVATE CLOUD
IP / MPLS VPNEVPN
VMs in DC 1 VMs in DC 2
Intra-network Traffic
VIRTUAL NETWORK GREEN(Spans multiple Cloud Environments)
WAN GW
DC2 – TELCO CLOUD
BGP BGP
VMs in DC 1
Intra-Network Traffic
VIRTUAL NETWORK BLUE(Spans multiple Cloud Environments)
Network Policy to control traffic between virtual networks
G1
G2
G3
G4
B1 B2 B3 B4
G1G2
B2
G3G4
B4
B3B1 R3
R4
R1
R2
§ Virtual Networks spanning multiple cloud environments (DCs)
§ Security Policies can span multiple remote data centers
§ Multiple ways to federate control plane traffic (directly through Controller or Through MX)
VMs in DC 2
VRF (RT2)
VRF (RT1)VRF
(RT2)
1. Direct Controller Federation of Control traffic
2. Gateway (MX) based Federation of Control Traffic
VRF (RT1)
22
CONTRAIL CUSTOMERS & USE-CASES1. Greenfield Cloud Services 2. Enterprise Migration 3. Managed SP (NFV / SD-WAN)
SaaS or IT-as-a-Service Customers:§ Large SaaS (HCM Software) Enterprise (US) § Large Security Enterprise (US)§ CloudWatt§ Social Networking Software Enterprise (US)§ US-based Gaming Enterprise§ Large Industrial Internet Enterprise (US)§ …
Description / High-Level Requirements (HLR) § Launch VMs, Containers into Virtual Networks
with IPAM, DNS, DHCP.§ Connect the VNs with Security Policies§ Use VNFs using Service Chaining§ Application launch automation like Heat
(Openstack) or Kubernetes (for Containers)
Orchestration Systems§ OpenStack, VMware, Docker
BMaaS and Legacy Interconnect Customers:§ Large APAC based Telco§ Large US-based Telco§ Juniper IT§ …
Description / HLR§ Dynamically connect BMS’s (or VMs)
hanging from TORs into Virtual Networks (VXLAN)
§ Provide L3 Gateway to the Virtual Networks§ Drive entire provisioning through API § Provide underlay-overlay correlation
Orchestration Systems§ Not Relevant
Telco Cloud, SDWAN, NFV Customers:§ NTT I3 ESI§ US-Based Tier-1 Telco§ APAC based Telco§ EMEA Based Tier-1 Telco§ EMEA Based Tier-1 Telco§ …
Description / HLR§ Dynamically insert VNFs on a Customer
Premises Equipment§ Dynamically insert VNFs in Mobility DCs to
enable virtual EPC, etc. § Service Chaining of different services (L2, L3,
PNF)§ Automated orchestration of customer driven
services
Orchestration Systems§ OpenStack, VMware, Docker
23
USE-CASE: BMS INTEGRATIONHYBRID, MULTI-VENDOR DC
BMS Rack with QFX TOR Hybrid Rack with White box TOR
Control & Config = OVSDBControl & Config = OVSDB
Control = L3VPN / EVPN Config = Netconf (XMPP in future à requires vRouter Agent on MX)
VLAN Red
VXLAN Tunnels
VLAN Green
Redundant pair of L3 Gateway (MX)
OVSDB Client talks XMPP northbound, & OVSDB southbound to the TORs
Netconf Client used to configure Juniper Network elements
Contrail Controller
Contrail Overlay Rack with QFX TOR
VXLAN Tunnels
Existing Contrail controller extended to support NetConf
TOR Service Node (TSN) à Extension to controller to support OVSDBE(L3)VPN + Netconf
OVSDB
EVPN + XMPP
TOR Control Agent (to handle DHCP, DNS)
24
USE-CASE: BMS INTEGRATION
Bare Metal Server
Virtual Machines on any Hypervisor
Top of Rack Switch
Virtual Network
VM1
VM2
L3 GW
…
VLANGreen
PHYSICAL
VM1
VM2
WAN / Internet
L3 GW
LOGICAL
Control using EVPN (BGP) for QFXConfig using OVS-DB/XMPP / Netconf
Config using XMPP / Netconf
Control using BGP (L3VPN / EVPN)
VXLAN Tunnels
§ Contrail enables Legacy VLAN based architecture interconnecting with a Cloud architecture
§ Does not need a gateway when going from one VN to another on the Contrail overlay
VLANBlue
Green
VM4
VM5VM4
VM5
Blue
VM3
Virtual Network
VM3
Contrail allows inter-VN traffic in the overlay without having to go through the L3 GW
For traffic from VM in overlay to non-overlay VMs or BMS, traffic needs to go through the L3 GW
Intra-VN traffic from VM to BMS goes through the TOR.
25
USE-CASE: VCENTER INTEGRATION
ESXi HostKVM Host
ESXi HostKVM Host
Nova Compute
vCenter
ESXi Host
vCenter
OPTION 1:OpenStack with ESXi (Currently Supported)
OPTION 3:“vCenter as a Compute”
OPTION 4:vCenter with L2/L3 Gateway
OPTION 2:vSphere with Contrail (currently supported)
Operator
Operator
Operator
ESXi HostKVM Host
L2 / L3 GWVXLANVLAN
OVSDB
vCenterOperator
XMPPXMPP
XMPP XMPP
Network OrchestrationCompute OrchestrationAdmin UI Interaction
Nova Compute
26
CONTRAIL CUSTOMERS & USE-CASES1. Greenfield Cloud Services 2. Enterprise Migration (BMaaS) 3. Managed SP (NFV / SD-WAN)
SaaS or IT-as-a-Service Customers:§ Large SaaS (HCM Software) Enterprise (US) § Large Security Enterprise (US)§ CloudWatt§ Social Networking Software Enterprise (US)§ US-based Gaming Enterprise§ Large Industrial Internet Enterprise (US) § …
Description / High-Level Requirements (HLR) § Launch VMs, Containers into Virtual Networks
with IPAM, DNS, DHCP.§ Connect the VNs with Security Policies§ Use VNFs using Service Chaining§ Application launch automation like Heat
(Openstack) or Kubernetes (for Containers)
Orchestration Systems§ OpenStack, VMware, Docker
BMaaS and Legacy Interconnect Customers:§ Large APAC based Telco§ Large US-based Telco§ Juniper IT§ …
Description / HLR§ Dynamically connect BMS’s (or VMs)
hanging from TORs into Virtual Networks (VXLAN)
§ Provide L3 Gateway to the Virtual Networks§ Drive entire provisioning through API § Provide underlay-overlay correlation
Orchestration Systems§ Not Relevant
Telco Cloud, SDWAN, NFV Customers:§ NTT I3 ESI§ US-Based Tier-1 Telco§ APAC based Telco§ EMEA Based Tier-1 Telco§ EMEA Based Tier-1 Telco§ …
Description / HLR§ Dynamically insert VNFs on a Customer
Premises Equipment§ Dynamically insert VNFs in Mobility DCs to
enable virtual EPC, etc. § Service Chaining of different services (L2, L3,
PNF)§ Automated orchestration of customer driven
services
Orchestration Systems§ OpenStack, VMware, Docker
27
USE-CASE: PUBLIC CLOUD / IT CLOUDSolution DescriptionCustomer Needs
§ IaaS public cloud and IT cloud §Multi-tenancy§ On-demand resource allocation§ Automated network & security policy configuration / enforcement§ Self-service provisioning capability§ Role based access control (RBAC)
Contrail enabling a cloud infrastructure based on a modern virtualized data center for public IaaS cloud and private IT cloud
1 Contrail overlay on L3 underlay§ Pure L3 routing in underlay implying interoperability with legacy underlay
§ CLOS-based network architecture provides resilient IP fabric
3 Secure, multi-tenant environment§ Inter-network traffic subject to security policies with/without additional security services
§ Tenants with overlapping address space§ RBAC using Openstack Keystone
4 MX router based gateway§ Interconnect public internet & L3VPN capability
TENANT B
Self Service Provisioning
TENANT A
Modern Virtualized Data Center
Contrail / Openstack1
4
3
2
2 Scalable and Distributed architecture§ Scale-out approach for control and forwarding plane§ Distributed security, based on tenant/virtual network boundary § Efficient live migration of VMs§ Distributed and scale-out storage
28
USE-CASE: OPENSTACK PUBLIC CLOUD
User
APIs
Dashboard Image Catalog Templates File Cloud
CUSTOMER PORTAL / USER FRONT-END
RACKS OF SERVERS
INFRASTRUCTURE / OPENSTACK / CONTRAIL
END-USER APPS
CRM Ticketing
BI Monitoring Capacity Planning
BillingRating
Source: CloudWatt
ALARMS
EVENTSIDENTITY(Keystone)
METERING(Ceilometer)STORAGENETWORKCOMPUTE
§ KVM§ Bare Metal§ LXC§ ESXi
§ Contrail § Ceph§ NFS§ Glance, Swift, Cinder
…DevOps
29
USE-CASE: ENTERPRISE PRIVATE CLOUD (HADOOP)Solution DescriptionCustomer Needs
1 Contrail overlay on L3 underlay§ Pure L3 routing in underlay to the top of rack switch§ CLOS-based network architecture to provide high-bandwidth capacity between compute nodes
§ Virtualized (compute) and bare metal (Hadoop) servers
3 Centralized security policy definition, distributed enforcement§ API-based policy definition§ Security policy at virtual network level and VM level
4 Self-provisioned service / app deployment§ Controlled migration of apps from development to production clouds
§ Seamless integration of new features / apps
2 Juniper MX / SRX § MX as a gateway router to Interconnect public internet & L3VPN capability
§ SRX used as a firewall
Contrail enabling a private cloud infrastructure for Big Data application development and deployment§ Secure, multi-tenant private cloud environment
§ On-demand creation and dynamic scale-out of custom services§ Rapid, seamless deployment of new services to internal users§ Hadoop support: massive storage, on-demand data ingest, real-time stream processing, DB-as-a-Service (NoSQL / SQL)
§ ‘As-a-service’ model for network functions (LB-aaS, DNS-aaS)
Contrail / Openstack
Big Data RacksInfra RacksOpenstack Racks
MX GW
SRX Dynamically scaled application edge
Scale-out Big Data Apps
A10
2
1
43
30
IP fabric(switch underlay)
USE-CASE: CONTAINER NETWORKING§ Docker Engine container comprises just the application and its dependencies.
§ Runs as an isolated process in user-space on the host OS,
§ Resource isolation and allocation benefits of VMs but is much more portable and efficient
§ KVM and Docker Environment can work together àVMs and containers can be part of the same virtual network
Docker Engine
C1 C2 C3 C4
Linux Host running vRouter
Containers – Apps + binaries/libs
…Linux + KVM Host
…
VM1
LOGICAL
PHYSICAL
VM2
Green Virtual Network
Blue Virtual Network
C1 C2 C3 C4VM1 VM4
Contrail Security Policy betw VNs
31
USE-CASE: HYBRID CLOUDSolution DescriptionCustomer Needs
§ Transparent workload migration from on-prem to cloud (cloud bursting)
§ ‘as-a-service’ model for network/security functions (VPNaaS, LBaaS, FWaaS, etc.)
§ Seamless policy creation and service insertion§ Automated management and real-time monitoring§ OSS / BSS Integration
Using Contrail to offer Hybrid cloud to enable automated migration of workload from on-premise to cloud
1 Abstraction and automation through Contrail APIs§ Infra APIs to implement network policies§ Analytics APIs for network / app monitoring§ Allows for integration with OSS/BSS§ Uniform APIs for on-prem and cloud orchestration
3 Interconnect between private and public cloud (Contrail) § Virtual networks spanning DC and public cloud (VPCs)§ Simplified mgmt through potential Integration with 3rd party CMPs (Cloud Mgmt Platforms)
2 Rapid and seamless insertion of unmodified virtualized services to offer -aaS model for VNFs
P + V DATA CENTER (BMaaS + IaaS)
ENTERPRISE
IP VPN
Contrail / Openstack
1
Internet Public Cloud2
3
4 P+V Integration (using L2 / L3 GW services)§ Use of virtualized services and appliance based services§ VMs and Bare metal servers within same virtual network
4
32
VNF VALIDATION PROGRAM FOR OPENCONTRAIL
Certification Tier
Basics FunctionalValidation
PerformanceBenchmarks
Customizing and API Integration
Silver ✓
Gold ✓ ✓
Platinum ✓ ✓ ✓ ✓
Launching in response to customer and VNF vendor interest
33
CONTRAIL DEMO VIDEOS
§ DDoS Protection (Contrail + DDoS Secure) à http://www.youtube.com/watch?v=TnvCea4fil4§ NFV through Contrail (this is the Internet / Firewall NFV aka. vCPE) à http://www.youtube.com/watch?v=_64no8P2vUw§ Contrail - Elastic cloud - IT as a Serviceà http://www.youtube.com/watch?v=9g3EWV8X64s§ SSLVPN on Contrail à http://www.youtube.com/watch?v=vfZfdH4kkV4§ Caching as a Service (Junos Content Encore on Contrailà https://www.youtube.com/watch?v=-_NtC34wcRw§ Hybrid Cloud à https://www.youtube.com/watch?v=uC7nMW5PXdg
USE CASE - DEMO VIDEOS
§ Bare Metal Integration through multi-vendor TOR integration à https://www.youtube.com/watch?v=PjkNt0yV3H0§ IPv6 DVR (Distributed Virtual Router) à https://www.youtube.com/watch?v=RLO0uIXbDxo§ OpenStack Neutron at Scale à https://www.youtube.com/watch?v=xN0rXHD_dqk§ P + V Service Chaining à https://www.youtube.com/watch?v=a9HqC9x6KTg§ Multi-hypervisor, Docker Integration à https://www.youtube.com/watch?v=x2n5Q_ycx6o§ vRouter DPDK Demo à https://www.youtube.com/watch?v=ZGiQJrKoDQM§ Physical + Overlay Correlation à https://www.youtube.com/watch?v=B8aHoY—1Zs
PRODUCT CAPABILTIIES - DEMO VIDEOS
Demo – Today. 1:25
34
FINAL THOUGHTS
35
blah blah blahblah blah blah
blah blah blah
blah blah blah