contrail deep-dive - cloud network services at scale
TRANSCRIPT
CONTRAIL DEEP-DIVECloud Network Services at Scale
Sergei Gotchev [email protected]
Juniper Networks Proprietary and Confidential -- printed copies of this document are for reference only
2 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
OPEN STACK AND CONTRAIL ARCHITECTURE
3 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
OPENSTACK CLOUD PLATFORM
4 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
CONTRAIL ARCHITECTURE
Analytics
CONTRAIL CONTROLLER
ControlConfiguration
x86 Host + Hypervisor
ORCHESTRATOR
x86 Host + Hypervisor
Physical IP Network(no changes)
vRouter vRouter
Gateway
Internet / WANLegacy Infra.(VLAN, etc.)
Bi-directional real-time message bus using XMPP
Network orchestration
Standard protocol (M-BGP) to talk with other Contrail
controller instances
Compute / Storage orchestration
… Others
5 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
CONTRAIL AND OPENSTACK INTEGRATION
Horizon UI
Contrail Web UI
Nova(Compute Orchestration)
Neutron Plugin
Compute NodeStorage
Keystone(Identity / Access
Mgmt)
Cinder(Block Storage)
Swift(Object Storage)
Nova Agent
Contrail Agent
Contrail Config
Contrail Control
vRouter
Operator
User Logs in, Create tenant (projects), Create IPAM, Create virtual network, Launch VMs
VM
Get VM Image to spawn
API Srvr
Scheduler …
Select Compute node to spawn VM
Info to spawn VM
Hypervisor
VM Spawned
Block Storage Assignment Bi-directional message bus
(XMPP interaction)
Launch VM
Network related interaction
Get virtual network info
DHCP
Plug (Tap interface, Instance ID, ..)
Glance (Image Server)
Authentication, etc.
Bare MetalDocker Container
6 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
CONTRAIL STACK
Configuration Nodes
ControlPlane
ComputeNode
(Virtual Router)
ServiceNode
(SRX, Firefly, JSP, ...)
GatewayNode
(MX, EX/QFX, ...)
ControlPlane
ControlPlane
AnalyticsEngine
AnalyticsEngine
AnalyticsEngine
REST APIs (Configuration, Operational, and Analytics)
OpenstackCustomer OSS/BSS Cloudstack
7 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
COMPUTE NODE – HYPERVISOR, VROUTER
Compute Node
VirtualMachine
(Tenant B)
VirtualMachine
(Tenant C)
VirtualMachine
(Tenant C)
vRouter Forwarding Plane
VirtualMachine
(Tenant A)
Routing Instance
(Tenant A)
Routing Instance
(Tenant B)
Routing Instance
(Tenant C)
vRouter Agent
Flow Table
FIB
Flow Table
FIB
Flow Table
FIB
Overlay tunnelsMPLS over GRE, UDP or VXLAN
JUNOSV CONTRAIL CONTROLLERCONTRAIL CONTROLLER
XMPP
Eth1Kernel
Tap Interfaces (vif)
pkt0
UserEth0 EthN
Config
VRFs Policy Table
Top of Rack Switch
XMPP
• vRouter replaces the Linux Bridge or OVS module in Hypervisor Kernel
• vRouter performs bridging (E-VPN) and routing (L3VPN)
• vRouter performs networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing
• No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT
• Routes are automatically leaked into the VRF based on Policies
• Support for Multiple Interfaces on the Virtual Machines
• Support for Multiple Interfaces from Compute Node to the Switching Fabric
8 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
COMPUTE NODE – FORWARDING/TUNNELING
Overlay tunnelsMPLS over GRE or VXLAN
Compute Node 1
vRouter Forwarding Plane
VirtualMachine 1(VN-IP1)
Routing Instance 1
Flow Table
FIB
Eth1 (Phy-IP1)
Tap Interfaces (vif)
Compute Node 2
vRouter Forwarding Plane
VirtualMachine 2(VN-IP2)
Routing Instance 2
Flow Table
FIB
Eth1 (Phy-IP2)
Tap Interfaces (vif)
VIRTUAL
PHYSICAL
Virtual-IP2
Payload
Virtual-IP2
Payload
MPLS / VNI
Phy-IP2
Virtual-IP2
Payload
Virtual-IP2
Payload
MPLS / VNI
Phy-IP2
1. Guest OS ARPs for destination within subnet or default GW
2. VRouter receives the ARP and responds back with VRRP MAC
3. Guest OS sends traffic to the VRRP MAC, Vrouter encapsulates the packet with appropriate MPLS/VNI tag and GRE header
4. Physical Fabric Routers on Physical IP Address
5. Returning packets get forwarded to appropriate Routing Instance by the MPLS/VNI tag
6. VRouter de-capsulates the packet, and forwards it to the Guest OS
9 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
CONTRAIL CLOUD REFERENCE ARCHITECTURE
Compute Pool Storage Pool Network Pool…
Application/VNF Pool
+ Reference architecture design guide+ Standard COTS hardware for compute and storage+ Networking hardware(MX, vMX, QFX, EX)
Cloud hardware reference architecture
Freedom of Choice Any cloud and NFV deployment
model Best-of-breed solution
components No expensive vendor lock-in
Intelligent Automation Analytics-powered insights and
decision Policy-based infrastructure
Always-on Reliability High availability Robust security Elastic scalability
Contrail Cloud Platform
Dynamic compute, storage and network resource orchestration
Automated server management & monitoring Cloud application life cycle management Dynamic network and security service chaining Rich and prescriptive analytics
Ongoing Support for individual products – JTAC
Juniper professional services and system integration partners to assist in cloud system design
Support and Professional Services
Building Open, Intelligent and Reliable Cloud and NFV
OpenStack UI - 12GB RAM, 24GB HDD, dual-core x86/x64 CPU,2 x Control Node - 12GB RAM, 24GB HDD, dual-core x86/x64 CPU2 x Compute Node - 64GB RAM, 120GB HDD, quad-core x86/x64 CPU
10 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
CONTRAIL PRODUCT EVOLUTION
INCREASING LEVEL OF INTEGRATION
Contrail Networking
Cloud Networking Network Virtualization Virtualized Network Services Multiple Orchestration
Support OpenStack, CloudStack
Contrail Cloud Platform
Cloud Orchestration Server Management Distributed & Scale-Out
Storage Compute Orchestration + Contrail Networking
MetaFabric Cloud DC Reference Architecture
Integrated Cloud PODs Reference Architecture–PODs Integrated Management + Contrail Cloud Platform
11 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
KEY USE-CASES
12 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
WHO ARE WE TARGETTING ?
SERVICE PROVIDER
ENTERPRISE
EMERGING
Ne
w T
ec
hn
olo
gy
Ad
op
tio
n
Infrastructure Spend
Public Cloud Repatriation
Software-as-a-Service
Virtual Private Cloud
IT-as-a-Service
Infrastructure-as-a-Service
Network Functions Virtualization
Platform-as-a-Service
Move from public to private cloud as company grows; ensure flexibility across hybrid environment
Create an enterprise private cloud to run mission critical workloads
Move non-essential workloads to public clouds (hybrid cloud)
Offer ITaaS for the employees
NFV at the mobile, subscriber, business edge IaaS and PaaS: are needed for
o Offering Public cloud (ala AWS, GCE)o For their own enterprise (SP IT Cloud)
USE CASES
Hybrid Cloud
13 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
USE-CASE 1: VIRTUALIZED MOBILITYSolution DescriptionCustomer Needs
1 NFV Platform (Contrail) Modern L3-overlay based network built for scale,
resiliency, automation Virtualized 3rd party SGSN/MME network function
Reduce operational and capital costs to run services in mobile core
Simplify management of mobile packet core functions Reduce professional services expenses in customizing
network Ensure interoperability between different EPC functions Independent scale-out of 2G and 3G data path
Contrail SW offers a robust & resilient NFV platform for the mobile packet core functions
Radio Access Network
SGSN / MMEVNF
Internet
S / P -GW
Charging, Policy Control
MX
3 Simplified Management = operational efficiency Contrail, Openstack and Space used to centrally provision
network elements
4 Integration with MX Programmatic traffic steering on MX from the VNF MX as anchor-point for service chain
2 Reduced TCO * (Contrail) Standard X86 hardware, and open-source hypervisor
/orchestration systems Better resource utilization through automated service scale-out
1
4
Contrail / Openstack / Space
3
2
* According to a recent ACG research, the estimated cost reduction is 53%
14 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
Service Delivery Gateway
VPN Internet
USE CASE 2 – SERVICE CHAINING FOR MOBILE AND WIRELINE SUBCRIBERS
GGSN/PGW
Mobile accessLaptop
Smartphone
(S)Gi
Feature Phone
PCRFSPR
AAA
Wireline access
Gx
BNG
OCS
Sy
Subscriber State Machine
BSS SystemsOSS Systems
Gy
Ser
vic
e C
ard DPI
HE/URL
Caching
Gx/ Sd Gyn
PFEForwarding /
Flow Table
PFEVRF/ Tunnel
Flow control API
Data Center
Servers
VMs
VA
S A
pplic
atio
ns
eg.
DP
I
VA
S A
pplic
atio
ns
eg. T
CP
Pro
xy
VSwitch
Oth
er A
pps
AnalyticsBilling
Hypervisor
VMs VMs
Oth
er A
pps
AAA
Gx
Gx
SRC
AAA
ContrailController
Can manage service chaining without an SDN Controller within the confines of SDG
Requires SDN Controller to chain services outside the confines of SDG
15 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
Fair Usage at Session LevelFair Usage at Application Level
Tethering Control
VAS Traffic SteeringTiered QoS at Session Level
Tiered QoS at Application Level
HTTP Header ManipulationApplication Based Charging
Home & Location based PCCReporting and Analytics Feed
SCG Use Cases
Policing
Steering
EnrichmentMonitoring
SubscriberAwareness
L7 Application detection
L7 metadata detection
USE CASE 2 – SERVICE CHAINING FOR MOBILE AND WIRELINE SUBCRIBERS
16 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
USE-CASE 3: ENTERPRISE NFV SERVICESolution DescriptionCustomer Needs
Multi-tenant VPNaaS, FWaaS, WAN Optimization – aaS, vCPE capability
Reduced TCO from low-cost CPE devices, and reduced customer support costs
Improved agility in introducing new (& upgrading existing) services Self-care portal for service enablement
Scale-out and on-demand security and connectivity services to business customers with light-weight device at customer premise1 Contrail enabling Service Chaining on the vCPE
Security and connectivity services chained at the PE Svcs co-located with PE (no need for separate SP svc DC) APIs integration with self-care portal
3 Contrail’s robust L3VPN overlay architecture Seamless integration with SP’s existing L3VPN offering Integrates with existing / legacy underlay networks
4 Integration with MX (PE) Dynamic traffic steering to services, using standards-based
approach (BGP Flowspec) Anchor point for service chains
2 Multi-tenant services for business customers Separate VNF instance for separate customers Traffic segregation between customers using virtual networks Overlapping address space for tenants
Basic CE
Basic CE
PEPE
P P
VPN IP/MPLS
VCPE VCPE
Contrail / Openstack /
Space
Internet
4
12
3
17 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
USE-CASE 4: HYBRID CLOUDSolution DescriptionCustomer Needs
Transparent workload migration from on-prem to cloud (cloud bursting)
‘as-a-service’ model for network/security functions (VPNaaS, LBaaS, FWaaS, etc.)
Seamless policy creation and service insertion Automated management and real-time monitoring OSS / BSS Integration
Using Contrail to offer Hybrid cloud to enable automated migration of workload from on-premise to cloud
1 Abstraction and automation through Contrail APIs Infra APIs to implement network policies Analytics APIs for network / app monitoring Allows for integration with OSS/BSS Uniform APIs for on-prem and cloud orchestration
3 Interconnect between private and public cloud (Contrail) Virtual networks spanning enterprise DC and public cloud Simplified mgmt through potential Integration with 3rd party
CMPs (Cloud Mgmt Platforms)
2 Rapid and seamless insertion of unmodified virtualized services to offer -aaS model for VNFs
DATA CENTER (P+V)
ENTERPRISE
IP VPN
Contrail / Openstack
1
InternetPublic Cloud
2
3
4 Integration (using MX Gateway) Use of virtualized services and appliance based services VMs and Bare metal servers within same virtual network
4
18 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
USE-CASE 7: PRIVATE CLOUD (SAAS)Solution DescriptionCustomer Needs
1 Dynamic DC network (Contrail) Modern L3 network for scale, resiliency, automation Virtualized on-demand services
3 Scale-out & policy configuration (Contrail) Automated scale-out of SaaS applications based on
customer demand Dynamic and intelligent configuration of network/security
policies
4 Hybrid cloud MX gateway to expose SaaS applications to customers Extensible across multiple clouds
Cloud infrastructure for SaaS On-demand service creation with dynamic resource scaling Rapid deployment of new services Automated network/security configuration Support for hybrid clouds
2 Self-provisioned service deployment (Contrail) Controlled migration of SW from development to production
cloud Seamless integration of new features
13
4
PRODUCTION
Public CloudsInternet
DEVELOP-MENT
2
Contrail SW offering, leveraging “Open Compute” and commodity hardware
19 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
USE CASES - VIRTUALIZED SERVICES (NFV)JUNIPER SERVICES OR 3RD PARTY
http://www.juniper.net/us/en/partners/technology-alliances/nfv-vnf/
20 Copyright © 2014 Juniper Networks, Inc. www.juniper.net
THANK YOU