NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
20
Network Function Virtualization (NFV) with open-contrail---nfv-and-sdn-summit-paris---21-mar-2014---v1 21 March 2014 Bruno Rijsman
-
Upload
ozkan01 -
Category
Technology
-
view
1.078 -
download
2
Transcript of NFV SDN Summit March 2014 D3 03 bruno_rijsman NFV with OpenContrail
Network Function Virtualization (NFV) with
open-contrail---nfv-and-sdn-summit-paris---21-mar-2014---v1 21 March 2014
Bruno Rijsman
2 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
OpenContrail Use Cases
Public Cloud
Private Cloud Private Cloud
VPN VPN
WAN
Gateway
Access
Core
Cloud : Network Virtualization• Private Clouds, Public Cloud, and Virtual Private Cloud
• Network Virtualization
• Tenant and Application Policies
• Network Function Virtualization and Service chaining
• Rich Analytics
Cloud : Interconnect• Connect Private Cloud to Private Cloud (DCI)
• Connect Private Cloud to Public Cloud (bursting)
• Connect Campus to Private Cloud
Network Function Virtualization• Virtualize Network Functions
• Service Chaining
• Attach Service Chain to Physical Network
• Application-Aware and Subscriber-Aware Steering
• Rich analytics
3 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
OpenContrail Use Cases
Access
Core
Network Function Virtualization• Virtualize Network Functions
• Service Chaining
• Attach Service Chain to Physical Network
• Application-Aware and Subscriber-Aware Steering
• Rich analytics
Topic of today's presentation:
Network Function Virtualization
Same technology as Cloud use cases
Tightly integrated with Cloud use cases
4 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
Service Chain
DPIDPI DPIDPIDPIDPIDPI
NFV + SDN = Dynamic Service Chaining
NFV: Virtual Network FunctionsBest in breed, from multiple vendors, including Juniper (e.g. Firefly)
Firewall IDPCache
SDN: Service ChainingOpenContrail: Dynamically program network to create service chains
NATAnchor
Router
5 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
OpenContrail Function:
Virtual Networks for Data Center Tenants / Applications
Virtual NetworksProvide isolation tenants, applications, or tiers within an application.
Physical location of virtual machine independent from logical location.
VM VM VM
Green
Virtual Network
VM VM VM
Red
Virtual Network
VM VM
Blue
Virtual Network
Bare
Metal
Server
6 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
OpenContrail Function:
Virtual Network Policies
Virtual Network PoliciesAt a high level of abstraction, applied at the boundaries of virtual networks.
VM VM VM
Green
Virtual Network
VM VM VM
Red
Virtual Network
Policy
only HTTP
NAT
7 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
OpenContrail Function:
Service Chains for Data Center Tenants / Applications
Service ChainingPolicy based application of virtual and physical services with scale-out.
Firewall, Intrusion Prevention, Load balancer, Cache, WAN optimizer, proxy, ...
VM VM VM
Green
Virtual Network
VM VM VM
Red
Virtual Network
Virtual
Service
IDS
Virtual
Service
Cache
Physical
Service
Firewall
Policy
only HTTP
NAT + IDS + Cache + Firewall
8 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
OpenContrail Function:
Service Chains for Service Providers
Access
Core
BusinessConsumer
BroadbandMobile
"Anchor" Service Chain
to Edge RouterEdge Router
9 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
Separate Service Chain for each CustomerCommon for Business Edge
Access
Core
Business
MPLS L3VPN
Service
PE Router
Separate
Service Chain and VNFs
for each customer.
Customer 1
Customer 2
Customer 3
10 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
Many Customers Share the Same Service ChainCommon for Broadband Consumer / SOHO Edge (Wireline and Mobile)
Access
Core
Subscriber-aware
Application-aware
Policy-driven
Steering
Scale-out multi-tenant
Service Chains and NFVs
"Gold" Service
"Silver" Service
11 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
Contrail Service Chain ImplementationUsing Overlay Networks
VM
G1
VM
G2
VM
G3
Green
Virtual Network
VM
R1
VM
R2
VM
R3
Red
Virtual Network
OpenContrail
Controller
VM
GVM
R
XMPP
CloudStack
OpenStack
12 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
Dynamic Steering
PCRF
OpenContrail
Controller
SCG
Policies
Thousands per second
Data Packets
Millions per second
Service Chains
New: once per month
Scale-out: once per day
13 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
OpenContrail Service Chain ImplementationIn the Gi-LAN with Service Steering
GGSN / PGW
SCG / TDF
PCRF
OpenContrail
Controller
OpenStack
CloudStack
Subscriber Awareness
Layer 3-7 Classification
Steering Capabilities
14 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
Service Chain Scale-out and Scale-in
Note: for simplicity, this example shows each service-instance on a separate compute node. In reality a single compute node can host multiple service instances.
Service Chain "Width"
Service Chain "Length"
For scale-out and scale-in
Width varies per step
For functionality
15 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
Scale-out and Load Balancing
load balancing in
Physical Router
load balancing as
Virtual Serviceload balancing in
vRouter
Mechanisms
ECMP
Flow Tables
Consistent Hashing
Challenges
Scale and performance
Stickiness
Symmetry
16 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
The Importance of Abstraction
LOGICAL TOPOLOGY
Simple• High level of abstraction
Simple to configure
Simple to troubleshoot
OpenContrail provides abstraction• Configure logical layer
• Mapping to physical layer
• "SDN as a Compiler"
• Analytics at physical layer
• Mapping to logical layer
VM
G1
VM
G3
VM
R1
VM
R2
VM
R3
VN R
BMS
R4
VN G
VM
G2VM
FW
L3VPN
17 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
The Importance of Abstraction
BMS
R4
OpenStackOpenContrail
ControllerNeutronNova
VM
G1
VM
G2
VM
G3VM
R1
VM
R3
VM
R2
VM
FW
PHYSICAL TOPOLOGY
Complex• Low level of abstraction
• Many vrouters
• Many routing-instances
• Many tunnels
• Many routes
Complex to configure
Complex to troubleshoot
18 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
SDN as a Compiler
North-Bound REST APIs
Service Data Model(Logical Abstraction)
Transformation Engine
Technology Data Model(Physical Realization)
Analytics
South-Bound Protocols
Op
enC
on
tra
il C
on
tro
ller
19 Copyright © 2014 Juniper Networks, Inc. Presented at NFV & SDN Summit, 21-March-2014.
OpenContrail
Contrail is available as Open Source www.opencontrail.org. Commercial support available from Juniper.
Same features and scaling as commercial versionUses proven stable standards. Production-Ready.
Permissive license Apache 2.0
Integrated into open source virtualization stacksOpenStack, CloudStack
