GEORGIA TECH SDN EVENT - Juniper...

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

sdn-and-nfv-technical---georgia-tech---sep-2013---v2

Bruno Rijsman, Distinguished Engineer

24 September 2013

2 Copyright © 2013 Juniper Networks, Inc.

Contrail Use Cases


CONTRAIL USE CASE 1: CLOUD

ENTERPRISE PRIVATE CLOUD

Finance HR Marketing

VLAN

Physical

Service

Appliances

Silo'ed resource allocation

Manual configuration

Static service deployment



ENTERPRISE PRIVATE CLOUD

Finance HR Marketing Finance HR Marketing

VLAN

Physical

Service

Appliances

Virtual

Network

Virtual

Services

(NFV)

Silo'ed resource allocation

Manual configuration

Static service deployment

Dynamic resource allocation

Automated configuration

Dynamic service chains



SERVICE PROVIDER CLOUD (IAAS, VPC)

Service Provider

Infrastructure as a Service (IaaS)

Service Provider

L3VPN, E-VPN

Public Cloud Providers,

Content Providers, ...

Service Provider

Managed Virtual Private Cloud (VPC)

Enterprise Offices

End-to-End Virtual Network Orchestration and Automation

Enterprise Data Center


CONTRAIL USE CASE 2: NETWORK FUNCTION VIRTUALIZATION (NFV)

SERVICE PROVIDER EDGE SERVICES

Edge Service Delivery and Orchestration (NFV)

• Service Provider managed network-hosted Value Added Services (VAS)

• Application-aware and subscriber aware services and charging for consumers

Business

Access

Broadband

Access

Mobile

Access

Internet

Private

Networks

Core

MX

Universal

Edge Router

Value Added Services • Incremental revenue potential

• Virtual machines on x86 servers (NFV)

• Dynamic service provisioning

• Elastic scale-out

• Service chaining


CONTRAIL POTENTIAL FUTURE USE CASE 3: CORE

PATH COMPUTATION, BANDWIDTH CALENDARING

Path Computation Element • Globally optimal paths

• Application aware

• Dynamic (e.g. time of day)

• Deterministic

Topology Discovery

Analytics Path Programming


Contrail Architecture Overview


CONTRAIL ARCHITECTURE A GENERAL PURPOSE SDN PLATFORM

Physical Network Interoperability with traditional network devices

Any-to-any non-blocking low-latency fabric: Q-Fabric or Clos

Virtual Network Overlay Multi-tenancy for private and virtual public clouds

Gateway functions - connect to virtual to physical network

Service chaining (physical and virtual)

Marketing HR Finance

Control Plane - Physical, Virtual Open, standards-based, federated controller

Scalable and resilient

Control Plane

Configuration manager, Automation

Control Plane Control Plane

Orchestration, Automation, Analytics Open source and partner eco system of orchestrators

Api and sdk for integration with OSS / BSS

OSS


ROLE OF CONTRAIL IN A VIRTUALIZED ENVIRONMENT

Orchestrator OpenStack, CloudStack

Contrail Controller "Logically Centralized, Physically Distributed"

Physical Network

(Fabric)

Physical

and

Virtual

Network

Services

VM

VM VM

VM

Server Server

Storage

Physical Network

(Gateway)

Sto

rage

Com

pute

Network (Physical and Virtual)

Com

pute

Netw

ork

High Level Abstraction

Low Level Realization

Contrail

vRouter


BUILDING BLOCK: MULTI-TENANCY

L3 Network L2 Network L3 router L2 Network L2 Network

Physical Topology

Logical Topology


BUILDING BLOCK: GATEWAY FUNCTIONS

B A C A

Data Center 1

WAN

B D D A

Data Center 2

Tenant VPN

Internet

Gateway Router Gateway

Non Virtualized

Server

Gateway Switch


BUILDING BLOCK: SERVICE CHAINING (NFV)

FW LB Tenant

Network A

Internet

NAT Tenant Network

A

Tenant Network

B

FW

Tenant Network

A1

Tenant Network

A2

FW


CONTRAIL MULTI-TENANCY IMPLEMENTATION

Contrail SDN Controller

OpenStack

Configuration Analytics

Control

Virtualized Server

VM VM VM

Virtualized Server

VM VM VM IP fabric (underlay network)

Quantum

VM VM VM

VM VM VM

Data Center

VM VM VM

Tenant Network

A

VM VM VM

Tenant Network

B


CONTRAIL MULTI-TENANCY IMPLEMENTATION


OpenStack


Control

Virtualized Server

VM VM VM

Virtualized Server


Quantum

OpenStack Orchestrator

Quantum Plug-in


KVM Hypervisor + Contrail vRouter

XMPP

Underlay switches

Tenant VMs

VXLAN or MPLS/GRE or MPLS/UDP


CONTRAIL IS BASED ON MPLS VPN TECHNOLOGY

P P PE PE

Route Reflector

Route Reflector

CE CE

Underlay Switch

vRouter

Control Node

Control Node

Underlay Switch

VM

VM

VM

VM

vRouter VM VM

IBGP

IBGP

IBGP

XMPP

MPLS over MPLS

MPLS over GRE or VXLAN

Network Management System (NMS)

DMI Config Node

Orchestrator

Analytics Node

SDN System

MPLS L3VPN / E-VPN Contrail


CONTRAIL GATEWAY IMPLEMENTATION


OpenStack


Control

Virtualized Server

VM VM VM

Virtualized Server


Quantum

VM VM VM

Tenant Network

A

VM VM VM

Tenant Network

B

Customer A L3VPN

Customer B L3VPN

Data Center

L3VPN


CONNECT PHYSICAL L3VPN TO VIRTUAL NETWORK FOR CLOUD ACCESS AND/OR SERVICE CHAINING

VM VM

VM VM

Green L3VPN

Red L3VPN Red VN

Green VN

WAN DC / POP Underlay

BGP Route Reflector Contrail Controller

WAN MPLS over TE-LSP

Data Center MPLS over GRE

Tenant VM or Service VM

BGP BGP BGP XMPP XMPP BGP


CONTRAIL SERVICE CHAINING IMPLEMENTATION IN THE DATA CENTER


OpenStack


Control

Virtualized Server

VM VM VM

Virtualized Server


Quantum

Virtualized Server

NAT

Virtualized Server

FW

FW

NAT

VM VM VM

Tenant Network

A

VM VM VM

Tenant Network

B

Data Center


HIGHLY AVAILABLE SCALE-OUT ARCHITECTURE

Configuration Node

Configuration Node

Control Node

Control Node

Compute Node

(Virtualized Server)

Service Node

(SRX, Firefly, JSP, ...)

Analytics Node

Analytics Node

Gateway Node

(MX, EX, QFX, ...)

XMPP

BGP

IF-MAP

Orchestrator (OpenStack)

REST

BGP, Netconf

Logically Centralized (Physically distributed)

Horizontally Scalable

Highly Available

Federated

Contrail Controller


Contrail Detailed Walk-Through


LOGICAL TOPOLOGY

VM

G1

VM

G2

VM

G3

VN G

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

BMS

R4

Virtual Network

Tenant Virtual Machines

Virtual Firewall

Physical Gateway Router Non-Virtualized (Bare Metal) Server

Physical Network (Internet, L3VPN, ...)


PHYSICAL TOPOLOGY

OpenStack Contrail

Controller Neutron Nova

Virtualized Server

Hypervisor with Contrail vRouter

Non-Virtualized (Bare Metal) Server

Underlay Switches

Gateway Router to Internet or L3VPN


MAPPING OF LOGICAL TO VIRTUAL TOPOLOGY

VM

G1

VM

G2

VM

G3

VN G

VM

R1

VM

R2

VM

R3

VN R

L3VPN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4


STARTING POINT EMPTY LOGICAL TOPOLOGY

VM

G1

VM

G2

VM

G3

VN G

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4


CREATE GREEN TENANT CREATE VIRTUAL NETWORK "GREEN"

VM

G1

VM

G2

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

Create VN G


CREATE GREEN TENANT CREATE VIRTUAL MACHINE "G1"

VM

G1

VM

G2

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

Create VM G1

Attach to VN G

Nova: Create VM

VM

G1



VM

G1

VM

G2

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

Neutron:

Attach VM to VN

Create VM G1

Attach to VN G

XMPP:

Create routing-instance



VM

G1

VM

G2

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

Create VM G2

Attach to VN G

VM

G1

Nova: Create VM

VM

G2



VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

Neutron:

Attach VM to VN

Create VM G2

Attach to VN G

VM

G2

XMPP:


VM

G2



VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

Create VM G2

Attach to VN G

VM

G2

XMPP:

Exchange routes

Create tunnels VM

G2


CREATE GREEN TENANT FORWARDING TABLES AND ENCAPSULATION

VM

G1

VM

G2

IP prefix Nexthop

VM G1 Virtual ethernet port

to VM G1

Green routing-instance IP FIB

VM G2 Push label L2 +

GRE encaps to server S2

MPLS label Nexthop

L1 Pop + Green routing-instance

Global MPLS FIB

IP prefix Nexthop

Server S2 Physical ethernet port

Global IP FIB

IP prefix Nexthop

VM G1 Push label L1

GRE encaps to server S1

Green routing-instance IP FIB

VM G2 Virtual ethernet port

to VM G2

MPLS label Nexthop

L2 Pop + Green routing-instance

Global MPLS FIB

IP prefix Nexthop

Server S1 Physical ethernet port

Global IP FIB

Inner IP header Payload

VM G1

Source IP

VM G2

Dest IP

...

MPLS

L2

Label GRE

...

Outer IP header

Server S1

Source IP

Server S2

Dest IP

Ethernet

Server S1

Source MAC

Server S2

Dest MAC

Packet

S1 S2



VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

Create VM G3

Attach to VN G

Nova: Create VM

VM

G3



VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

Create VM G3

Attach to VN G

VM

G3

Neutron:

Attach VM to VN

XMPP:




VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

Create VM G3

Attach to VN G

VM

G3

XMPP:

Exchange routes

Create tunnels


CREATE GREEN TENANT END STATE

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3


CREATE RED TENANT SAME STEPS AS GREEN TENANT

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

VM

FW

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2


CONNECT GREEN TO RED TENANT VIA FIREWALL CREATE VIRTUAL MACHINE FOR FIREWALL

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

Create VM FW

Attach to VN G

Attach to VN R

VM

FW

Nova: Create VM

VM

FW


CONNECT GREEN TO RED TENANT VIA FIREWALL ATTACH FIREWALL TO RED AND GREEN VIRTUAL NETWORKS

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

PN

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

Create VM FW

Attach to VN G

Attach to VN R

VM

FW

VM

FW

Neutron:

Attach VM to VNs

XMPP: Create

routing-instance


CONNECT GREEN TO RED TENANT VIA FIREWALL APPLY POLICY, EXCHANGE ROUTES, AND CREATE TUNNELS

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

L3VPN

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

Apply Policy

VN G ↔ VN R

XMPP:

Exchange routes

Create tunnels


CONNECT GREEN TO RED TENANT VIA FIREWALL END STATE

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

L3VPN

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW


CONNECT GREEN TO RED TENANT VIA FIREWALL DATA PLANE: RED ↔ GREEN TRAFFIC FORCED THROUGH THE FIREWALL

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

L3VPN

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW


CONNECT RED TENANT TO PHYSICAL L3VPN CONFIGURE L3VPN ROUTING INSTANCE

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

L3VPN

Apply Policy

VN R ↔ L3VPN

Netconf:

Configure

routing-instance


CONNECT RED TENANT TO PHYSICAL L3VPN EXCHANGE ROUTES WITH PHYSICAL ROUTER, CREATE TUNNELS

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

L3VPN

Apply Policy

VN R ↔ L3VPN

BGP:

Exchange routes

Create tunnels


CONNECT RED TENANT TO PHYSICAL L3VPN EXCHANGE ROUTES WITH VROUTERS, CREATE TUNNELS

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

L3VPN

Apply Policy

VN R ↔ L3VPN

XMPP:

Exchange routes

Create tunnels


CONNECT BARE METAL SERVER TO RED TENANT USE TOP-OF-RACK SWITCH AS GATEWAY

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R BMS

R4

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

L3VPN


CONNECT BARE METAL SERVER TO RED TENANT CREATE ROUTING INSTANCE

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R BMS

R4

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

L3VPN

Attach BMS R4

to VN R

using switch S

Netconf:

Configure

routing-instance


CONNECT BARE METAL SERVER TO RED TENANT EXCHANGE ROUTES WITH PHYSICAL SWITCH, CREATE TUNNELS

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R BMS

R4

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

L3VPN

Attach BMS R4

to VN R

using switch S

BGP:

Exchange routes

Create tunnels


CONNECT BARE METAL SERVER TO RED TENANT EXCHANGE ROUTES WITH VROUTERS, CREATE TUNNELS

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R BMS

R4

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

L3VPN

Attach BMS R4

to VN R

using switch S

XMPP:

Exchange routes

Create tunnels


CONNECT BARE METAL SERVER TO RED TENANT END STATE

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R BMS

R4

OpenStack Contrail


PHYSICAL LOGICAL

BMS

R4

VN G

VM

G1

VM

G2 VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

VM

FW

L3VPN


The Importance of Abstraction

"SDN as a Compiler"


THE IMPORTANCE OF ABSTRACTION

BMS

R4

OpenStack Contrail


VM

G1

VM

G2

VM

G3 VM

R1

VM

R3

VM

R2

VM

FW

PHYSICAL TOPOLOGY

Complex • Low level of abstraction

• Many vrouters

• Many routing-instances

• Many tunnels

• Many routes

Complex to configure

Complex to troubleshoot


THE IMPORTANCE OF ABSTRACTION

LOGICAL TOPOLOGY

Simple • High level of abstraction

Simple to configure

Simple to troubleshoot

Contrail provides abstraction • Configure logical layer

• Mapping to physical layer

• "SDN as a Compiler"

• Analytics at physical layer

• Mapping to logical layer

VM

G1

VM

G3

VM

R1

VM

R2

VM

R3

VN R

BMS

R4

VN G

VM

G2 VM

FW

L3VPN


"SDN AS A COMPILER"

Contrail Controller

South Bound Interfaces

South Bound Protocol 1


South Bound Protocol N

High Level (Service) Data Model

Configuration State Operational State

Transformation Engine

Low Level (Technology) Data Model


North Bound Interface (REST)

Analytics




High Level Data Model

(Service Data Model)

Low Level Data Model

(Technology Data Model)


North-Bound REST APIs

South-Bound Protocols


EXTENDING THE CONTROLLER USING PCE AS A HYPOTHETICAL EXAMPLE

Contrail Controller

South Bound Interfaces



South Bound Protocol N

High Level (Service) Data Model



Low Level (Technology) Data Model


North Bound Interface (REST)

Analytics




New Service (High Level)

Data Models

• Demand Calendar

• Constraints

New Technology Data Models

• Traffic-Engineered LSP

New Transformation Rules

New South-Bound Protocols

• PCEP (LSP programming)

• BGP-LS (Topology Discovery)

Date post:	07-Feb-2018
Category:	Documents
Upload:	lamhanh
View:	223 times
Download:	3 times

GEORGIA TECH SDN EVENT - Juniper...

Documents