PLNOG 13: Susmita Adhikari: The Great ‘100G Metro’ Migration
PLNOG 13: Jacek Wosz: User Defined Network
description
Transcript of PLNOG 13: Jacek Wosz: User Defined Network
![Page 1: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/1.jpg)
USER DEFINED NETWORK
Jacek Wosz JNCIE #877
![Page 2: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/2.jpg)
•Wykorzystanie SDN u operatora telekomunikacyjnego
•Wymagania do świadczenia usług w chmurze z wykorzystaniem SDN
•User Defined Network jako kolejny krok?
•User Self Care Portal
•Architektura blokowa
•Co właściwie dzieje się w sieci
Agenda
![Page 3: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/3.jpg)
•Zwiększenie marżowości świadczonych usług
•Możliwość świadczenia zaawansowanych serwisów dla klientów biznesowych (Managed
Security)
•Możliwość oferowania coraz to nowych usług w bardzo krótkim czasie
•Możliwość łatwej skalowalności usług
•Wyróżnik względem konkurencji
Współczesne potrzeby operatorów telekomunikacyjnych
![Page 4: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/4.jpg)
SDN Controller
Configuration Analytics
Control
Server (Compute)
VM VM VM
Server (Compute)
VM VM VMIP fabric(underlay network)
Juniper Qfabric/QFX/EX
or 3rd party underlay switches
Juniper MX
or 3rd party gateway routers
Tenant VMs (NVF ie. Firefly Perimeter)
Contrail Controller
REST
XMPP
Orchestrator
XMPP BGP + Netconf
Contrail vRouter (L2 & L3)
on KVM, Xen and ESXi/HyperV
2014
Cloud Systems Components
![Page 5: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/5.jpg)
• Network Address Translation (Firefly)
• Stateful Firewall (Firefly)
• Unified Threat Management (Firefly)
• Intrusion Detection / Prevention (Firefly)
• vCPE (Firefly)
• Caching (Junos Content Encore)
• SSL VPN Gateway (vSA)
• DDoS (JDDS)
• Web Intrusion Deception (Junos WebApp Secure)
NAT Intrusion
Deception
CachingDDoS vCPESSL
GW
Video
Conf.
…
DPI
Analytics
WAN
Opt.
CDN Virtual
SBC
Juniper Services 3rd Party Services
FW
IDP
• Anything !!
User Defined Networks
Centralized Cloud
Data Centers
GW Router
MOBILE
Physical Network
BUSINESS
CUSTOMER
VMs / NFVVMs / NFV
NFV NFV
Edge Clouds
MX 3D
Portal
![Page 6: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/6.jpg)
Scripts
SyslogServer
Web Portal
REST/JSON API
Block Architecture – creating a Service Instance
OpenStackControler
ContrailController
JunosSpace/ Security Director
Creating Service Instance
![Page 7: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/7.jpg)
Scripts
SyslogServer
Web Portal
REST/JSON API
OpenStackControler
ContrailController
JunosSpace/ Security Director
Adding Firefly to Space
Bind predefined policy
(WF/Appsec/AV)
Block Architecture- adding Firefly Perimeter to Security Director
![Page 8: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/8.jpg)
Scripts
SyslogServer
Web Portal
REST/JSON API
OpenStackControler
ContrailController
JunosSpace/ Security Director
Request info to draw statistics
Block Architecture – Logging System
![Page 9: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/9.jpg)
GW Router
MOBILE
Physical Network
BUSINESS
VMs / NFVVMs / NFV
NFV NFV
Edge Clouds
MX 3D
eBGP
Centralized Cloud
Data Centers
![Page 10: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/10.jpg)
Centralized Cloud
Data Centers
GW Router
MOBILE
Physical Network
BUSINESS
VMs / NFVVMs / NFV
NFV NFV
Edge Clouds
MX 3D
eBGP
Reports
![Page 11: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/11.jpg)
MX GATEWAY
CONTRAIL vROUTER
xe-2/0/0.96
10.10.96.253
CONTRAL/OPENSTACKCONTROLER
CONTRAL/OPENSTACKCOMPUTE NODE
CONTRAIL ELEMENTS
![Page 12: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/12.jpg)
MX GATEWAY
CONTRAIL vROUTER
xe-2/0/0.96
10.10.96.253
CONTRAL/OPENSTACKCONTROLER
CONTRAL/OPENSTACKCOMPUTE NODE
BGP (XMPP)
BGP
![Page 13: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/13.jpg)
MX GATEWAY
CONTRAIL vROUTER
xe-2/0/0.96
10.10.96.253
CONTRAL/OPENSTACKCONTROLER
CONTRAL/OPENSTACKCOMPUTE NODE
1.CREATE VN NET#1 , ROUTE TARGET ASN:10000
VRF #1 RT ASN:10000
2.CREATE VM#1 in NET#1
3. VM #1 HOST ROUTE RT ASN:10000
4. ADVERTISE VM#1 HOST ROUTE with RT ASN:10000,NH > COMPUTE NODE
5. DYNAMIC GRE
6. INSTALL VM#1 HOST ROUTE in VRF#1
ROUTE ADVERTISE BETWEEN MPLS NETWORK AND CONTRAIL
![Page 14: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/14.jpg)
MX GATEWAY
CONTRAIL vROUTER
xe-2/0/0.96
10.10.96.253
CONTRAIL/OPENSTACKCONTROLER
CONTRAL/OPENSTACKCOMPUTE NODE
1.CREATE vSRX SERVICE INSTANCEIFL #1 WAN NETWORKIFL #2 LAN NETWORKIFL #3 MGMT NETWORK
VRF WAN RT ASN:66600666
2. VM vSRX HOST ROUTE RT ASN:66600666
3. ADVERTISE vSRX HOST ROUTES
6. INSTALL vSRX HOST ROUTES in VRFs
VRF CUSTOMER #1 RT ASN:10001VRF CARRIER MGMT RT ASN:950001
2. VM vSRX HOSTROUTE RT ASN:10001
2. VM vSRX HOSTROUTE RT ASN:950001
CREATING vSRX SERVICE INSTANCE
![Page 15: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/15.jpg)
MX GATEWAY
CONTRAIL vROUTER
xe-2/0/0.96
10.10.96.253
CONTRAL/OPENSTACKCONTROLER
CONTRAL/OPENSTACKCOMPUTE NODE
VRF WAN RT ASN:66600666
WAN. 0/0 -> WAN GW (CONTRAIL)
VRF CUSTOMER #1 RT ASN:10001VRF CARRIER MGMT RT ASN:950001
LAN BGP SESSION TERMINATED on MX
CONNECTING vSRX SERVICE INSTANCE TO INFRASTRUCTURE
MGMT 10.10.100/24 -> MGMT GW (CONTRAIL)
ADVERTISE -> CUSTOMER ROUTE FROM VRF
ADVERTISE -> 0/0 to MX VRF (BY CONTRAIL NOT vSRX)
![Page 16: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/16.jpg)
MX GATEWAY
CONTRAIL vROUTER
xe-2/0/0.96
10.10.96.253
CONTRAL/OPENSTACKCONTROLER
CONTRAL/OPENSTACKCOMPUTE NODE
VRF WAN RT ASN:66600666
VRF CUSTOMER #1 RT ASN:10001VRF CARRIER MGMT RT ASN:950001
PRECONFIGURING vSRX SERVICE INSTANCE TO NEW ROLE
DISOVER NEW vSRX
Security Director
PRECONFIGURE PROFILE ROLE(NGFW/WEB-FILTERING ETC)
![Page 17: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/17.jpg)
MX GATEWAY
CONTRAIL vROUTER
xe-2/0/0.96
10.10.96.253
CONTRAL/OPENSTACKCONTROLER
CONTRAL/OPENSTACKCOMPUTE NODE
VRF WAN RT ASN:66600666
VRF CUSTOMER #1 RT ASN:10001VRF CARRIER MGMT RT ASN:950001
FLOW FROM CUSTOMER IN VRF
FIREWALL/APPLICATION VISIBILITY/WEB FILTERING/AV
![Page 18: PLNOG 13: Jacek Wosz: User Defined Network](https://reader030.fdocuments.net/reader030/viewer/2022020207/55933a871a28ab072d8b466a/html5/thumbnails/18.jpg)
Q & A