OpenStack MeetUp - OpenContrail Presentation
Download as PPTX, PDF2 likes871 views
This document discusses use cases and requirements for different cloud customer segments using Contrail. It describes Contrail's ability to enable IT as a service, enterprise migration to the cloud with legacy interconnects, public cloud services, and IoT/M2M use cases. It provides an overview of how Contrail works including its components, scale out architecture, and interaction with OpenStack. It also summarizes Contrail's features such as routing, security, analytics, and gateway services.
![Compute node (vRouter)
Forwarding
Blue VRF
Flow Table
Tap Interface (vif)
FIB
VM 1
(Tenant A)
Green VRF
Flow Table
FIB
Red VRF
Flow Table
FIB
VM 2
(Tenant B)
VM 1
(Tenant B)
…eth 1 eth N
vRouter Agent
vRouter replaces the Linux Bridge or OVS
module in Hypervisor Kernel
vRouter performs bridging (E-VPN) and
routing (L3VPN)
vRouter performs networking services like
Security Policies, NAT, Multicast, Mirroring,
and Load Balancing
No need for Service Nodes or L2/L3 Gateways
for Routing, Broadcast/Multicast, NAT
Routes are automatically leaked into the VRF
based on Policies
Support for Multiple Interfaces on the Virtual
Machines
Support for Multiple Interfaces from Compute
Node to the Switching Fabric
config Policy
Table
VRFs
Overlay Tunnels:
MPLSoUDP/GRE,VXLAN
pkt
0
[kernel]
[user space]
CONTRAIL CONTROLLER](https://image.slidesharecdn.com/opencontrail-openstackmeetup-170602175325/85/OpenStack-MeetUp-OpenContrail-Presentation-13-320.jpg)
OpenStack MeetUp - OpenContrail Presentation
- 1. Use Cases and Cloud
- 2. CLOUD CUSTOMER SEGMENTS ENABLE MULTIPLE CLOUD CUSTOMER SEGMENTS SVC PROVIDER ENTERPRISE Use-cases: ITaaS cloud, Enterpr. Migration w/ Legacy Interconnect (Bare Metal, vCenter) Requirements: Dynamically connect BMS’s (or VMs) hanging from TORs into Virtual Networks Interconnect with vCenter environments Provide L3 Gateway to the Virtual Networks Provide underlay-overlay correlation CLOUD SVCS Primary Use-case: SaaS cloud, Public IaaS Cloud / Cloud Hosting, Hybrid Cloud, PaaS Requirements: Launch VMs, Containers into Virtual Networks with IPAM, DNS, DHCP. Connect the VNs with Security Policies; use VNFs (FW, LB, etc.) using Service Chaining Application launch automation like Heat (Openstack) or Kubernetes / Mesos (for Containers) RH OpenShift, Pivotal CF and homegrown PaaS Use-case: M2M / IoT, EPC, SDWAN, … Requirements: Dynamically insert VNFs in Telco Cloud DCs to for virtual EPC, M2M, IOT, ... Service Chaining of different services (L2, L3, PNF) Automated orchestration of customer driven services using OpenStack, etc.
- 3. WHAT IS CLOUD? Standard compute platform - x86 = CLOUD But … virtualization = virtual(compute + storage + network) Network virtualization = apply network policy dynamically with location independence - orchestration + API – OpenStack, …+ automation + virtualization - end-user resource management - use any host – VMware, KVM, Docker …
- 4. WHAT IS TELCO CLOUD? = TELCO CLOUD Requirement - dynamic, real-time data plane and control plane integration Support for telco standards and services - MPLS, VXLAN, L3VPN, EVPN, NAT, … - cloud fully integrated into networks + Connections to physical networks - for applications and control plane services + Insertion into physical networks - for network services Cloud - virtualization/automation
- 6. OpenContrail - Based on MPLS VPN Technology
- 7. Mapping Architectural Principles Underlay Switch vRouter Control Node Control Node Underlay Switch vRouterVM VM IBGP XMPP MPLS over GRE or VXLAN Config Node OpenStack Analytics Node SDN System Contrail P PPE PE Route Reflector Route Reflector CECE IBGP IBGP MPLS over MPLS Network Management System (NMS) DMI MPLS L3VPN / E-VPN Gateway BGP
- 8. Contrail Abstraction Architecture Orchestration, Automation Open source and partner ecosystem of orchestrators API and SDK for integration with OSS / BSS OSS Virtual Network Overlay Overlay encapsulation implemented in hypervisor Multi-tenancy for private and virtual public clouds Gateway functions - connect to virtual to physical network Service chaining (physical and virtual) Physical Network Interoperability with traditional network devices Any-to-any non-blocking low-latency fabric: Q-Fabric or Clos Control Plane - Physical, Virtual Open, standards-based, federated controller Scalable and resilient Control Plane Configuration model Automation Control Plane Control Plane Policies and requests Analytics Distributed collection Global view Consolidation Aggregation State and status
- 9. Contrail Components Physical Network (no changes) Collector OPENCONTRAIL CONTROLLER ControlConfiguration Physical Host with Hypervisor vRouter VM VM VM VM Physical Host with Hypervisor vRouter VM VM VM VM WAN, Internet Gateway Accepts and converts orchestrator requests for VM creation, translates requests, and assigns network Real-time analytics engine collects, stores and analyzes network elementsInteracts with network elements for VM network provisioning and ensures uptime vRouter: Virtualized routing element handles localized control plane and forwarding plane work on the compute node Gateway: MX Series (or other router) or EX9200 serve as gateway eliminating need for SW gateway & improving scale & performance
- 10. Scale Out, Highly Available Architecture Logically Centralized (Physically Distributed) Horizontally Scalable Highly Available (Active-Active) Federated Configuration Nodes Control Nodes Analytics Nodes IF-MAP REST REST XMPP BGP BGP, Netconf vRouters Gateways BGP Database Nodes Web UI Nodes https://github.com/Juniper/contrail-controller/wiki/Roles-Daemons-Ports HTTP
- 11. INTERACTION WITH OPENSTACK OpenStack Compute Node Horizon Compute Driver Virtual-IF Driver Nova Compute Contrail Agent vRouter (kernel) Virtual Router Nova API 1 Create an Instance (Image, Network, …) 2 Nova Scheduler Schedule an Instance on the Compute Node Neutron Driver4 VM Network Properties 3 Add Port 7 VM Interface config over XMPP Scripts Neutron Plugin Configuration Node Create VM Interface 5 6 Publish VM i/f on IF-MAP Control Node
- 12. vRouter
- 13. Compute node (vRouter) Forwarding Blue VRF Flow Table Tap Interface (vif) FIB VM 1 (Tenant A) Green VRF Flow Table FIB Red VRF Flow Table FIB VM 2 (Tenant B) VM 1 (Tenant B) …eth 1 eth N vRouter Agent vRouter replaces the Linux Bridge or OVS module in Hypervisor Kernel vRouter performs bridging (E-VPN) and routing (L3VPN) vRouter performs networking services like Security Policies, NAT, Multicast, Mirroring, and Load Balancing No need for Service Nodes or L2/L3 Gateways for Routing, Broadcast/Multicast, NAT Routes are automatically leaked into the VRF based on Policies Support for Multiple Interfaces on the Virtual Machines Support for Multiple Interfaces from Compute Node to the Switching Fabric config Policy Table VRFs Overlay Tunnels: MPLSoUDP/GRE,VXLAN pkt 0 [kernel] [user space] CONTRAIL CONTROLLER
- 14. FEATURE SUMMARY Routing & Switching (IPv4, v6) Network Services (IPAM, DNS, DHCP SNAT, FIP, QoS, BGPaaS) Load Balancing (customizable ECMP, LBaaS) Security & Policies (Policy Enf.,Distributed FW, Sec Grp, XMPP Encryp.) Perf & Scale (DPDK / SRIOV, Smart NIC, Infra scale) Gateway Services (L2, L3, vCenter GW) Rich Analytics, (Alerts, Overlay-Underlay Correlation, multi-region) Service Chaining (PNF, VNF, v6, 3rd party / TAP, Health-check, policy- based) HA, Upgrades (SFC Failover, ISSU) API Services (multi-vendor Orch., SDN-U, OpenStack, K8s, vCenter)
- 15. Creating Virtual machines with Openstack and Contrail Overlay tunnels MPLS over GRE or VXLAN Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail
- 16. Request VM, Create VRF, Allocate IP Address Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail VRF Flow Table FIB Create VRF Attach interface H1 VRF Routing Table IP VM1: NH Local i/f
- 17. Create and Boot VM (DHCP for IP address) Overlay tunnels MPLS over GRE or VXLAN Compute Node vRouter Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail VRF Virtual Machine VM1 DHCP Request IP for MAC-VM1? Flow Table FIB DHCP Response IP address Gateway IP DNS server IP H1 VRF Routing Table IP VM1: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f
- 18. vRouter Allocates Label and Advertises Route Compute Node Eth1 (IP-H1) Compute Node vRouter Eth1 (IP-H2) OpenStack Contrail MAC/IP VM1: NH IP-H1, Lbl=53 vRouter VRF Virtual Machine VM1 Flow Table FIB H1 VRF Routing Table MAC/IP VM1: NH Local i/f
- 19. Same for VM2 Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail MAC/IP VM2: NH IP-H2, Lbl=24 vRouter VRF Virtual Machine (VM1) vRouter VRF Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f Flow Table FIB Flow Table FIB H1 VRF Routing Table MAC/IP VM1: NH Local i/f
- 20. H2 VRF Routing Table MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f Contrail Pushes Routes to vRouters Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 MAC/IP VM2: NH IP-H2, Lbl=24 MAC/IP VM1: NH IP-H1, Lbl=53
- 21. H2 VRF Routing Table MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f DNS resolution Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 DNS Query IP for VM2? DNS Response VM2=IP-VM2?
- 22. H2 VRF Routing Table MAC/IP VM2: NH Local i/f H1 VRF Routing Table MAC/IP VM1: NH Local i/f Proxy ARP Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2) H2 VRF Routing Table MAC/IP VM2: NH Local i/f MAC/IP VM1: NH IP-H1, MPLSoUDP, Lbl=53 H1 VRF Routing Table MAC/IP VM1: NH Local i/f MAC/IP VM2: NH IP-H2, MPLSoUDP, Lbl=24 ARP Response IP-VM2 is MAC-VM2 ARP Request? Who is IP-VM2
- 23. Send Packet Compute Node Eth1 (IP-H1) Compute Node Eth1 (IP-H2) OpenStack Contrail vRouter VRF Flow Table FIB Virtual Machine (VM1) vRouter VRF Flow Table FIB Virtual Machine (VM2)IP-VM2 Payload MAC-VM2 Virtual-IP2 Payload MPLS / VNI IP-H2 MAC-VM2 MAC-H2 IP-VM2 Payload MAC-VM2 IP-VM2 Payload MPLS / VNI IP-H2 MAC-VM2 MAC-H2
- 24. Contrail Working With a Gateway VRFs for public prefixes of each public network are created on gateway router manually or by Contrail VRFs contain a default route with next hop as the main routing table inet.0 S2 KVM VM2 Netconf/BGP S1 KVM VM1 Gateway VM interface is assigned a floating IP address and is connected into a VRF for the public network Tenant A Tenant B VMs Tenant C VMs A B C inet.0 BGP Public prefixes are advertised out into Internet XMPP VRFs have matching route targets to enable route exchange A A Contrail VRF A FIP-1: NAT:IP-VM1, Local i/f 0.0.0.0/0: NAT:FIP-1, NH GW, MPLSoUDP, Lbl=aaa VRF A FIP-1: NH S1, MPLSoUDP, Lbl=bbb FIP-2: NH S2, MPLSoUDP, Lbl=ccc 0.0.0.0/0: FBF inet.0 inet.0 Net-FIP-A: FBF VRF A … VRF A FIP-2:NAT:IPVM-2, Local i/f 0.0.0.0/0: NAT:FIP-2, NH GW, MPLSoUDP, Lbl=aaa
- 25. Enhanced performance options KERNEL VROUTER DPDK VROUTER SR-IOV - VROUTER SMART NIC VROUTER …VM 1 vRouter Agent VNF 2 …VM 1 vRouter Agent VM 2 …VM 1 vRouter Agent VM 2 …VM 1 vRouter Agent VM 2 DPDK for fast path Packet I/O. VMs needs DPDK enabled vRouter forwarding runs in NIC Better packet throughput Frees up CPU cores that don’t need to deal with forwarding SR-IOV gives direct access to NIC Bypasses vRouter VNF can combine SR-IOV and non-SR-IOV Normal mode Performance enhancements o TCP Segmentation Offload o Larger Receive Offload o Multi-Q Virtio
- 26. 26 Copyright © 2016 Juniper Networks, Inc. www.juniper.net ACCELERATED VROUTER PERFORMANCE Mpps 5Mpps 10Mpps 15Mpps 20Mpps 25Mpps 128 256 512 1024 1518 PacketRate(Mpps) Packet Size (Bytes) vRouter Performance - MPLS over GRE/UDP with Service Chaining Agilio vRouter Software-Only vRouter6X Gain in Performance NIC saturates the 40GbE link for packets 180B and higher SmartNIC Benefits: • 29Mpps packet rate for VNFs • 6X performance improvement • 4-8x CPU savings • Support for VXLAN, MPLS over GRE, MPLS over UDP vRouter offload
- 27. Consistent Virtual Networking Public network with floating IPs Contrail plugin for vCenter Netconf/BGP BMS Contrail vCenter plugin for Nova vCenter KVM Docker ESXiDocker Contrail Netconf/BGP BGP OVSDB XMPP inet.0 Physical Appliance XMPPXMPP XMPP BGP session with Contrail in a remote datacenter Datacenter interconnect
- 29. • The OpenContrail community isn’t where we want it • The decision was made in 2016 to fix this and some plans were set in motion: • Bring in an expert on open source and strategy (Randy Bias) • Hire a community manager (TBD) • Rethinking Juniper’s community engagement model began • ON THE TABLE: SDLC model, community code contribution process, JNPR “in the open” development, commercial Contrail business model, and transition from single-entity project to multi-entity project Background
- 30. • Vibrant community-run project, not driven by a single entity • Enrich community and encourage greater participation • Leverage the community to increase quality, velocity, and adoption • Drive 100-1000x more OpenContrail deployments • Deliver on a global ubiquitous network fabric Goals
- 31. Make Open Source Licensed Contrail Easier to Consume Supported Releases Build and Package OpenContrail Advisory Board (OCAB) Comprises industry veterans and key project contributors and adopters No sponsorship or fees; min. 1 yr commitment Responsible for governance, community evolution, roadmap, operational efficiency Juniper Support Gerritt Code Review / Merge Process OpenContrail Developer Community Comprises of Juniper & external members Proposing features & Contribute Code (features & bug-fixes) Participate in Code review processFeatures & Bug-fixesLaunchpad End-customers Filing bugs Tracking bugs & other info Contrail SKUs Single Github Source Code Repository Open Source Packages Test
- 32. 32 Copyright © 2015 Juniper Networks, Inc. www.juniper.net CONTRAIL DEMO VIDEOS DDoS Protection (Contrail + DDoS Secure) http://www.youtube.com/watch?v=TnvCea4fil4 NFV through Contrail (this is the Internet / Firewall NFV aka. vCPE) http://www.youtube.com/watch?v=_64no8P2vUw Contrail - Elastic cloud - IT as a Service http://www.youtube.com/watch?v=9g3EWV8X64s SSLVPN on Contrail http://www.youtube.com/watch?v=vfZfdH4kkV4 Caching as a Service (Junos Content Encore on Contrail https://www.youtube.com/watch?v=-_NtC34wcRw Hybrid Cloud https://www.youtube.com/watch?v=uC7nMW5PXdg USE CASE - DEMO VIDEOS Bare Metal Integration through multi-vendor TOR integration https://www.youtube.com/watch?v=PjkNt0yV3H0 IPv6 DVR (Distributed Virtual Router) https://www.youtube.com/watch?v=RLO0uIXbDxo OpenStack Neutron at Scale https://www.youtube.com/watch?v=xN0rXHD_dqk P + V Service Chaining https://www.youtube.com/watch?v=a9HqC9x6KTg Multi-hypervisor, Docker Integration https://www.youtube.com/watch?v=x2n5Q_ycx6o vRouter DPDK Demo https://www.youtube.com/watch?v=ZGiQJrKoDQM Physical + Overlay Correlation https://www.youtube.com/watch?v=B8aHoY—1Zs PRODUCT CAPABILTIIES - DEMO VIDEOS
- 33. Thank you
Editor's Notes
- #27: The Agilio vRouter software and adapters provide exceptional performance. With workloads including encap/decap of MPLS over GRE and VXLAN, the vRouter data path can operate at 25Mpps. This includes I/O into and out of VMs and VNFs. As a result, you can achieve a 6x performance gain per server through Agilio vRouter. When overlaying the CPU savings, there is a two fold effect on the system with the vRouter offload: 1) Through accelerated vRouter and SR-IOV, more PPS can be delivered to applications and services 2) Because Agilio adapters handle the vRouting workload, x86 CPUs are preserved and can be repurposed for VMs, allowing more application and service instances to be deployed per server.