1 / 25

OPENContrail

OPENContrail. Openstack Meetup NYC NETWORK VIRTUALIZATION September 2014. Juniper Networks. Michael Langdon and Adam Ozkan. FOR HANDS-ON EXERCISE. Please connect to Juniper Openlab VPN https: //63.119.251.102/ openlab. Agenda. 1. OPENCONTRAIL RECAP. 2. USE CASES. 3.

saber
Télécharger la présentation

OPENContrail

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OPENContrail OpenstackMeetup NYC NETWORK VIRTUALIZATION September2014 Juniper Networks Michael Langdon and Adam Ozkan

  2. FOR HANDS-ON EXERCISE • Please connect to Juniper Openlab VPN https://63.119.251.102/openlab

  3. Agenda 1 OPENCONTRAIL RECAP 2 USE CASES 3 DEMO + HANDS ON 4 DEVSTACK + OPENCONTRAIL

  4. OPENCONTRAIL RECAP

  5. Contrail components – HIGH LEVEL ARCH 2014 TODAY Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network CONTRAIL CONTROLLER Standard M-BGP to talk with other Contrail controller instances vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance Real-time analytics engine collects, stores and analyzes network elements Configuration Control Analytics Interacts with network elements for VM network provisioning and ensures uptime VM VM VM VM VM VM VM VM Bi-directional real-time message bus using XMPP vRouter vRouter Physical Host with Hypervisor Physical Host with Hypervisor Physical Network(no changes) Gateway WAN, Internet

  6. OVERLAY NETWORK FW DPI LOGICAL G1 G2 G3 B1 B2 B3 Y1 Y2 Y3 Intra-network traffic Inter-network traffic traversing a service VM and virtualized Network function pool VM and virtualized Network function pool G1 B1 Y2 G3 IP fabric(switch underlay) Y1 B3 G2 PHYSICAL Y3 B2 VIRTUAL NETWORK YELLOW VIRTUAL NETWORK GREEN VIRTUAL NETWORK BLUE Host + Hypervisor Host + Hypervisor … …

  7. Use cases

  8. IT CLOUD • Dynamic Resource Allocation • Automatic Configuration • Dynamic Service Chains • Silo’ed Resource Allocation • Manual Configuration • Static Service Chains CURRENTIT DATACENTER MODERN IT DATACENTER VLANS VLANS Firewalls Load-Balancer HR MARKETING Physical Servers Local Hard Drives VIRTUALIZED FINANCE FINANCE HR MARKETING Virtual-Network based Orchestration (Compute, Storage, Apps)

  9. Cloud cpe service Firewall WAN Optimization Routing Unified Threat DHCP Traffic Detection/DPI IPv4-v6 Management VPN Policy Control DDOS Load Balancing Caching & Video Customer Value IPS/ IDS SECURITY in Virtualized Services SP Delivered CPE Delivered Service Provider IP Edge Routing FW & UTM IP VPN Service Full featured CPE Voice Management DHCP Pulse Modem / ONT Switch Access Point Voice Router Services Tethered CPE Wireless Controller Switch Modem / ONT CGNAT Routing DHCP Pulse Access Point • Services limited by capability of physical CPE hardware • Expensive to roll out new services • Costly customer support • Decrease cost of physical CPE • Increase agility of introducing new services • Decrease cost of servicing customers

  10. CDN SLB WAN Opt UTM FW • Self-service enterprise SERVICES 2. Openstack standard interfaces provision virtual services TELCO CLOUD Contrail SDN 3. Use of standard routing protocols to connect ANY SP customer to ANY service without interfacing with IP-RDM or similar 1. Standard API’s allow for simple portal control NEXTIP VPN Customer Site B Customer Site A

  11. hybrid cloud - IAAS and VPC End-to-End Virtual Network Orchestration and Automation Standards-based, seamless internetworking within/across DC’s and Enterprise private network

  12. DEMO / HANDS-ON

  13. DEMO / HANDS-ON • Connect to Juniper Openlab VPN • (http://63.119.251.102/openlab) • Creation of Virtual Overlay Networks • Attachment of Virtual Machines • Access Policy between Virtual Networks • Exercise 1: Service Insertion - NAT Gateway • Exercise 2: Floating IP • Exercise 3: Service Insertion – DDoS Secure • Exercise 4: Debug & Analytics Information

  14. SERVICE CHAIN DEMO TOPOLOGY Demo Machine connecting to Openstack Horizon and Contrail GUI Centralized Control, Policy provisioning Internet FIREFLY (INLINE NAT) MX Gateway E1 E2 E3 P1 P2 P3 ENTERPRISE NETWORK PUBLIC NETWORK NAT Service to connect Enterprise network VMs to the outside world

  15. SERVICE CHAIN DEMO TOPOLOGY – STEP 1 Demo Machine connecting to Openstack Horizon and Contrail GUI Centralized Control, Policy provisioning Internet MX Gateway Already exists PUBLIC NETWORK

  16. SERVICE CHAIN DEMO TOPOLOGY – STEP 2 Demo Machine connecting to Openstack Horizon and Contrail GUI Centralized Control, Policy provisioning Internet MX Gateway Create the Enterprise-<suffix> Virtual Network ENTERPRISE NETWORK PUBLIC NETWORK

  17. SERVICE CHAIN DEMO TOPOLOGY – STEP 3 Demo Machine connecting to Openstack Horizon and Contrail GUI Centralized Control, Policy provisioning Internet MX Gateway Ubuntu VM Spawn a Ubuntu VM in the Enterprise-<suffix> VN (OPENSTACK HORIZON UI) ENTERPRISE NETWORK PUBLIC NETWORK

  18. SERVICE CHAIN DEMO TOPOLOGY – STEP 4 Demo Machine connecting to Openstack Horizon and Contrail GUI Centralized Control, Policy provisioning Internet MX Gateway Ubuntu VM Create a policy to connect the Enterprise-<suffix> VN and the Public VN ENTERPRISE NETWORK PUBLIC NETWORK

  19. SERVICE CHAIN DEMO TOPOLOGY – STEP 5 Demo Machine connecting to Openstack Horizon and Contrail GUI Centralized Control, Policy provisioning Internet MX Gateway Ubuntu VM *Attach* the policy to the two networks ENTERPRISE NETWORK PUBLIC NETWORK

  20. Service INSERTION WORKFLOW – STEP 6 Create Service Instance from Template Service Template Edit Policy, Apply Service • Mode: In-net / transparent • Interfaces: Left / Right / Mgmt • Image: NAT-service • Flavor • Specify what traffic is serviced by service • Select Networks for interfaces • Select Scaling = 1 • Spawns the Service VM Service Template Insert Service inside Policy Enterprise (Left) Public (Right) Management (auto configured)

  21. SERVICE CHAIN DEMO TOPOLOGY Demo Machine connecting to Openstack Horizon and Contrail GUI Centralized Control, Policy provisioning Internet FIREFLY (INLINE NAT) MX Gateway Ubuntu VM ENTERPRISE NETWORK PUBLIC NETWORK NAT Service to connect Enterprise network VMs to the outside world

  22. FLOATING IP DEMO TOPOLOGY Centralized Control, Policy provisioning Demo Machine connecting to Openstack Horizon and Contrail GUI Internet MX Gateway FE3 FE2 FE1 Floating IP WEB-TIER NETWORK

  23. OVERLAY NETWORK FW DPI LOGICAL G1 G2 G3 B1 B2 B3 Y1 Y2 Y3 Intra-network traffic Inter-network traffic traversing a service VM and virtualized Network function pool VM and virtualized Network function pool G1 B1 Y2 G3 IP fabric(switch underlay) Y1 B3 G2 PHYSICAL Y3 B2 VIRTUAL NETWORK YELLOW VIRTUAL NETWORK GREEN VIRTUAL NETWORK BLUE Host + Hypervisor Host + Hypervisor … …

  24. RESOURCES • OpenContrail.org – • E-Book, Architecture documents, Blogs from developers/architects, Slides, Webinars • VIDEOS: • DDoSProtection (Contrail + DDoS Secure) • http://www.youtube.com/watch?v=TnvCea4fil4  • NFV through Contrail (this is the Internet / Firewall NFV aka. vCPE) • http://www.youtube.com/watch?v=_64no8P2vUw  • Contrail - Elastic cloud - IT as a Service • http://www.youtube.com/watch?v=9g3EWV8X64s  • SSLVPN on Contrail • http://www.youtube.com/watch?v=vfZfdH4kkV4

  25. THANK YOU!

More Related