Download
1 / 50
550 likes | 807 Views
contrail SDN CONTROLLER. Jakub Pavlik , tcp cloud. Datacenter Use Case. contrail use case 1 : cloud enterprise private cloud. Silo'ed resource allocation Manual configuration Static service deployment. Physical Service Appliances. VLAN. Finance. HR. Marketing.
E N D
contrail SDN CONTROLLER JakubPavlik, tcp cloud
contrail use case 1: cloudenterprise private cloud Silo'ed resource allocation Manual configuration Static service deployment Physical Service Appliances VLAN Finance HR Marketing
contrail use case 1: cloudenterprise private cloud Silo'ed resource allocation Manual configuration Static service deployment Dynamic resource allocation Automated configuration Dynamic service chains Physical Service Appliances Network policies enforced as ACLs and service chains VLAN VirtualNetwork Finance HR Marketing Finance HR Marketing
contrail use case 2: cloudservice provider cloud (IaaS, VPC) End-to-End Virtual Network Orchestration and Automation Public Cloud Providers, Content Providers, ... Service Provider Infrastructure as a Service (IaaS) Service Provider Managed Virtual Private Cloud (VPC) Service Provider L3VPN, E-VPN Enterprise Offices Enterprise Data Center
Network Virtualisation----The Importance of Abstraction"SDN as a Compiler"
What Is Network Virtualization • Independent of Physical Network Location or State • Logical Network across any server, any rack, any cluster, any data-center • Virtual Machines can migrate without requiring any reworking of security policies, load balancing, etc • New Workloads or Networks should not require provisioning of physical network • Nodes in Physical Network can fail without any disruption to Workload • Full Isolation for Multi-tenancy and Fault Tolerance • MAC and IP Addresses are completely private per tenant • Any failures or configuration errors by tenants do not affect other applications or tenants • Any failures in the virtual layer do not propagate to physical layer
Contrail KEY ABSTRACTIONS"Lego Blocks" VM VM Virtual MachinesCloud Tenants and Virtual Network Functions VN VN VN Virtual Networks Connect Virtual Machines Gateway Devices Connect the Virtual to the Physical
Contrail KEY abstractionsconstructing complex use cases with simple "LEGO blocks" Virtual Network Virtual Network Service Chain VM VM VM Virtual Load Balancer Tenant Virtual Machines Virtual Firewall Virtual Network VM VM VM Non-Virtualized (Bare Metal) Server Physical Gateway Router Physical Network (Internet, L3VPN, ...) PhysicalNetwork
virtual networkaka network slicing, aka multi-tenancy OpenStackCloudStack RedVirtual Network GreenVirtual Network REST APIs ContrailController Contrail Controller VM VM VM VM VirtualizedServer XMPP VMG1 VMR1 VMG2 VMR2 VM VM VM VM Routing Instance Overlay TunnelMPLS/GRE, MPLS/UDP, VXLAN Contrail vRouter Hypervisor Underlay Switch
service chainingin the context of a data center OpenStackCloudStack GreenVirtual Network ContrailController VMG1 VMG2 VMG3 XMPP VMG VMR RedVirtual Network VMR1 VMR2 VMR3
gateway to l3vpn OpenStackCloudStack PhysicalL3VPN RedVirtual Network ContrailController VM VM VM VM BGP + Netconf VMR1 VMR2 Overlay TunnelMPLS/GRE, MPLS/UDP, VXLAN BGP Gateway Router (PE Router) Route Reflector LSP (RSVP, LDP)
gateway to bare-metal server OpenStackCloudStack RedVirtual Network ContrailController BGP + Netconf VM VM VMR1 VMR2 Overlay TunnelMPLS/GRE, MPLS/UDP, VXLAN Gateway Router or Switch Bare Metal Server(Non-Virtualized Server)
contrail architecturea general purpose SDN platform • Orchestration, Automation, AnalyticsOpen source and partner eco system of orchestrators • Api and sdk for integration with OSS / BSS OSS • Control Plane - Physical, Virtual • Open, standards-based, federated controller • Scalable and resilient Configuration manager, Automation Control Plane Control Plane Control Plane • Virtual Network Overlay • Multi-tenancy for private and virtual public clouds • Gateway functions - connect to virtual to physical network • Service chaining (physical and virtual) Finance HR Marketing • Physical Network • Interoperability with traditional network devices • Any-to-any non-blocking low-latency fabric: Q-Fabric or Clos
role of contrail in a virtualized environment Orchestrator OpenStack, CloudStack Network Storage High Level Abstraction Compute Compute Contrail Controller "Logically Centralized, Physically Distributed" Low Level Realization Network (Physical and Virtual) VM VM VM VM Storage Physical Network(Fabric) Physical and Virtual Network Services Server Server Contrail vRouter Physical Network(Gateway)
Scale-Out Network System Orchestrator(OpenStack) REST Logically Centralized(Physically Distributed) Horizontally Scalable Highly Available (Active-Active) Federated JUNOSV CONTRAIL System Analytics Node Analytics Node Configuration Node Configuration Node IF-MAP Control Node ControlNode IBGP XMPP BGP, NETCONF ComputeNode(Virtual Router) GatewayNode(MX, EX/QFX, ...) ServiceNode(SRX, Firefly, JSP, ...)
APIS FIRST OSS / BSS Contrail GUI Service Orchestrator Generates REST APIs ConfigurationNodes AnalyticsNodes Service Data Model High Level of Abstraction Contrail Controller
open contrail Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper. Same features and scaling as commercial versionUses proven stable standards. Production-Ready. Permissive license Apache 2.0 Integrated into open source virtualization stacksOpenStack, CloudStack
logical topology PN VN G VN R Virtual Network VMG1 VMG2 VMG3 Tenant Virtual Machines VMFW Virtual Firewall BMSR4 VMR1 VMR2 VMR3 Non-Virtualized (Bare Metal) Server Physical Gateway Router Physical Network (Internet, L3VPN, ...)
physical topology ContrailController OpenStack Neutron Nova Virtualized Server Hypervisor with Contrail vRouter Non-Virtualized (Bare Metal) Server Underlay Switches Gateway Router to Internet or L3VPN
mapping of logical to virtual topology ContrailController OpenStack L3VPN VN R VN G Neutron Nova VMG1 VMG2 VMG3 VMFW BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
Starting pointempty logical topology ContrailController OpenStack PN VN R VN G Neutron Nova VMG1 VMG2 VMG3 VMFW BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantcreate virtual network "green" Create VN G ContrailController OpenStack VN R PN VN G Neutron Nova VMG1 VMG2 VMG3 VMFW BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantcreate virtual machine "g1" Create VM G1Attach to VN G ContrailController OpenStack VN G VN R PN Neutron Nova VMG1 VMG1 VMG2 VMG3 VMFW Nova: Create VM BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantcreate virtual machine "g1" Create VM G1Attach to VN G ContrailController OpenStack VN R PN VN G Neutron Nova VMG1 Neutron:Attach VM to VN VMG1 VMG2 VMG3 VMFW XMPP:Create routing-instance BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantcreate virtual machine "g2" Create VM G2Attach to VN G ContrailController OpenStack VN G VN R PN Neutron Nova VMG2 VMG1 VMG1 VMG2 VMG3 Nova: Create VM VMFW BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantcreate virtual machine "g2" Create VM G2Attach to VN G ContrailController OpenStack VN G PN VN R Neutron Nova VMG2 VMG1 Neutron:Attach VM to VN VMG1 VMG2 VMG3 VMFW XMPP:Create routing-instance BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantcreate virtual machine "g2" Create VM G2Attach to VN G ContrailController OpenStack VN R PN VN G Neutron Nova XMPP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantcreate virtual machine "g3" Create VM G3Attach to VN G ContrailController OpenStack VN G PN VN R Neutron Nova VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 Nova: Create VM BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantcreate virtual machine "g3" Create VM G3Attach to VN G ContrailController OpenStack VN G PN VN R Neutron Nova VMG2 VMG1 Neutron:Attach VM to VN VMG1 VMG2 VMG3 VMFW VMG3 BMSR4 VMR1 VMR2 VMR3 XMPP:Create routing-instance PHYSICAL LOGICAL
create green tenantcreate virtual machine "g3" Create VM G3Attach to VN G ContrailController OpenStack VN G PN VN R Neutron Nova XMPP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create green tenantEnd state ContrailController OpenStack VN G VN R PN Neutron Nova VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 BMSR4 VMR1 VMR2 VMR3 PHYSICAL LOGICAL
create red tenantSame steps as green tenant ContrailController OpenStack VN G PN VN R Neutron Nova VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMR3 VMR2 PHYSICAL LOGICAL
connect green to red tenant via firewallcreate virtual machine for firewall Create VM FWAttach to VN GAttach to VN R ContrailController OpenStack VN G VN R PN Neutron Nova VMG2 VMG1 Nova: Create VM VMG1 VMG2 VMG3 VMFW VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
connect green to red tenant via firewallattach firewall to red and green virtual networks Create VM FWAttach to VN GAttach to VN R ContrailController OpenStack VN R PN VN G Neutron Nova VMG2 VMG1 Neutron:Attach VM to VNs VMG1 VMG2 VMG3 VMFW VMG3 VMR1 XMPP: Create routing-instance BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
connect green to red tenant via firewallapply policy, exchange routes, and create tunnels Apply Policy VN G ↔ VN R ContrailController OpenStack VN G VN R L3VPN Neutron Nova XMPP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
connect green to red tenant via firewallend state ContrailController OpenStack VN G VN R L3VPN Neutron Nova VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
connect green to red tenant via firewalldata plane: red ↔ GREEN TRAFFIC FORCED THROUGH THE Firewall ContrailController OpenStack VN G VN R L3VPN Neutron Nova VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
connect red tenant to physical l3vpnconfigure l3vpn routing instance Apply Policy VN R ↔ L3VPN ContrailController OpenStack L3VPN VN G VN R Neutron Nova Netconf:Configure routing-instance VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
connect red tenant to physical l3vpnexchange routes with physical router, create tunnels Apply Policy VN R ↔ L3VPN ContrailController OpenStack L3VPN VN G VN R Neutron Nova BGP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
connect red tenant to physical l3vpnexchange routes with vrouters, create tunnels Apply Policy VN R ↔ L3VPN ContrailController OpenStack L3VPN VN G VN R Neutron Nova XMPP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
Connect bare metal server to red tenantuse top-of-rack switch as gateway ContrailController OpenStack VN G VN R L3VPN Neutron Nova VMG2 VMG1 VMG1 VMG2 VMG3 VMFW BMSR4 VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
Connect bare metal server to red tenantcreate routing instance Attach BMS R4 to VN Rusing switch S ContrailController OpenStack L3VPN VN G VN R Neutron Nova Netconf:Configure routing-instance VMG2 VMG1 VMG1 VMG2 VMG3 VMFW BMSR4 VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
Connect bare metal server to red tenantexchange routes with physical switch, create tunnels Attach BMS R4 to VN Rusing switch S ContrailController OpenStack L3VPN VN G VN R Neutron Nova VMG2 VMG1 BGP:Exchange routes Create tunnels VMG1 VMG2 VMG3 VMFW BMSR4 VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
Connect bare metal server to red tenantexchange routes with vrouters, create tunnels Attach BMS R4 to VN Rusing switch S ContrailController OpenStack L3VPN VN G VN R Neutron Nova XMPP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW BMSR4 VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
Connect bare metal server to red tenantend state ContrailController OpenStack VN G VN R L3VPN Neutron Nova VMG2 VMG1 VMG1 VMG2 VMG3 VMFW BMSR4 VMG3 VMR1 BMSR4 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL
contrail is based on mpls VPN technology Orchestrator Network Management System (NMS) ConfigNode AnalyticsNode DMI IBGP RouteReflector RouteReflector IBGP ControlNode ControlNode IBGP SDN System XMPP VM VM PE P P PE CE CE VM VM MPLS over MPLS UnderlaySwitch UnderlaySwitch VM VM vRouter vRouter MPLS over GRE or VXLAN MPLS L3VPN / E-VPN Contrail
