SDN van start naar finish

SDN van start naar finish Ralph Wanders Datacenter Solutions Manager Rick Mur Senior System Engineer Juniper Networks IT SECURITY IS TOPSPORT!

Beperkingen datacenter architecturen! Agility/Netwerk virtualisatie! Complex! Kosten! Operationele intelligentie/analytics! Security! Automation/Programming! Application-awareness/ Optimalisatie

Huidige requirements klanten! Verbeteren van business agility vanuit het datacenter door sneller leveren van diensten! Meer kosten efficiënt leveren van netwerk services op x86 hardware platformen! Building blocks in open architecturen die eenvoudig vervangen kunnen worden en zorgen voor hoge mate van innovatie! End-to-end controle en security door totale datacenter infrastructuur! Inzicht en intelligentie in verkeersstromen

Toekomstige datacenter architectuur! Applicatie-aware, Security Optimized en Deep Analytics! Open architecturen voor flexibiliteit en innovatie! Mogelijkheid tot SDN/ NFV functionaliteit in de toekomst! Storage/compute integratie (hyperconverged virtualisation platforms)! Automation, Agility, Simplicity en End-to-end control

Datacenter solutions Solution I Solution II Full Automation Solution III SDN/NFV Application Aware, Security Optimized & Analytics To Road S²DN

SecureLink solution-i Applicatie-aware, Security Optimized en Analytics Applicatie services Netwerkmanagement/Orchestratie Netwerk en security management/vcenter + 3 rd Party Core+WAN Edge Security services Access Analytics VM VM VM vswitch Hyper Converged VM VM VM vswitch Virtual Server VM VM VM vswitch Secure Virtual Server Bare metal Storage

SecureLink solution-ii Full automation Other? REST Ansible Openstack Ruby/Python Netconf Puppet/Chef SOAP XML Extensive protocol support for datacenter

SecureLink solution-iii S²DN (networking) Hosted/ Managed P WAN Public Cloud (Hybrid) CONTRAIL NSX VM VM VM vswitch Virtual Server VM VM VM vswitch Secure Virtual Server Private Cloud VM VM VM vswitch Hyper Converged VM VM VM vswitch Virtual Server Private Cloud VM VM VM vswitch Secure Virtual Server

SecureLink solution-iii S²DN (Application Delivery Control) Hosted/ Managed P WAN Public Cloud (Hybrid) F5 Synthesis CONTRAIL NSX VM VM VM vswitch Virtual Server VM VM VM vswitch Secure Virtual Server Private Cloud VM VM VM vswitch Hyper Converged VM VM VM vswitch Virtual Server Private Cloud VM VM VM vswitch Secure Virtual Server

Datacenter architectuur

Juniper producten/technologie! Fabric Networks! Datacenter Interconnect! Analytics! Automation

FABRIC NETWORKS

Switching architectures Juniper architectures Virtual Chassis Up to 10 members Improved Virtual Chassis Fabric Up to 32 members New QFabric Up to 128 members Improved Benefits! Single point of management and control! Purpose-built and turnkey Open architectures MC-LAG QFX5100 IP Fabric L3 Fabric Benefits! Flexible deployment scenarios! Open choice of technologies and protocols One Architecture Does Not Fit All QFX5100 enables Choices!

Topology Independent ISSU High-Level QFX5100 architecture Junos VM (Master) PFE x86 Hardware Kernal Based Virtual Machines Linux Kernel Junos VM (Backup) (Master) PFE Broadcom Trident II Challenge Downtime not acceptable during software upgrades. Legacy/competitive solutions need the support of adjacent devices during software upgrade. Solution Topology-independent ISSU Made possible by QFX5100 s unique software architecture. Benefits! No traffic loss during upgrades.! No port flap during upgrades.! Works in any switching architecture.

Virtual Chassis Fabric APIs Switching building blocks Network Director! EX4300! QFX3500! QFX3600! QFX5100! Single point of management! Full Layer 2 and Layer 3! ECMP! Transit FCoE! Topology Independent ISSU! Plug-and-play provisioning! 4 spines and 28 leaves! VXLAN L2 gateway

DATACENTER INTERCONNECT

EVPN LAYER 2 STRETCH BETWEEN DC S EVPN (Ethernet VPN) Data Plane Control Plane With EVPN All paths are active Inter-data center traffic is load-balanced across all WAN links Layer 2 MAC tables are populated via the control plane (similar to QFabric) Eliminates flooding by maintaining MAC table synchronization between all EVPN nodes MAC VLAN Interfaces MAC VLAN Interfaces DATACENTER 1 AA 10 xe-1/0/0.10 BB 10 ge-1/0/0.10 BB 10 xe-1/0/0.10 AA 10 ge-1/0/0.10 DATACENTER 2 Router 1 s MAC Table Router 2 s MAC Table Server 1 xe-1/0/0.10 ge-1/0/0.10 ge-1/0/0.10 xe-1/0/0.10 Server 2 MAC: AA xe-1/0/0.10 PRIVATE MPLS WAN without EVPN xe-1/0/0.10 MAC: BB VLAN 10 ge-1/0/0.10 ge-1/0/0.10 VLAN 10

VISIBILITY/ANALYTICS

SMART WORKLOAD MOBILITY Network Director Applications 1 New application is launched 2 Virtual and physical network policies mapped automatically Virtual Network 2 3 5 3 Virtual and physical network policies automated Physical Network 4 Advanced analytics provide feedback about network state 4 5 Applications locationoptimized

Visibility Traffic stats

Network director 2.0

AUTOMATION

Automate Introducing Junos DevOps Features Months To Minutes: Programmability To Unify IP And IT Operations IT Domain Servers, Compute, Storage Switches App s Unified Framework Routers Puppet, Python, Etc SNMP, CLI, Scripting Common System-Wide Programmable Operations IT Services Synchronized With IP Network Eliminate Trouble Ticket Interface Shorten Time-To-Market Leverage One Of World s Largest Network Footprints IP Domain

JUNOS AUTOMATION STACK Tool built into Junos that enable automation Python Scripts Ansible Puppet Chef Ruby Scripts Around 15 years of automation history PythonEZ Framework RubyEZ Library Open architecture Netconf XML-RPC Junos Junoscript SNMP RO CLI Three key features at the platform layer XML-RPC and Netconf Junos Script Junos EZ Chassis Data Plane (PFE) Junos Platform Automation Stack

NETWORK VIRTUALIZATION

DATACENTER FABRIC fabric (spine/leaf), L3 CLOS architecture, hyper virtualization Overlay MAC learning Active/Active Independent WAN Multi hypervisor NSX KVM Docker VM KVM VM KVM VM ESX VM ESX VM ESX SRV VM ESX VM ESX VM ESX VM KVM VM KVM SRV

USG (UNIVERSAL SDN GATEWAY) Introducing four new options for SDN enablement USG (Universal SDN Gateway) Provide SDN-to-non-SDN translation, same IP subnet Layer2 USG SDN to IP (Layer 2) Provide SDN-to-non-SDN translation, different IP subnet Layer3 USG SDN to IP (Layer 3) Provide SDN-to-SDN translation, same or different IP subnet, same or different overlay SDN to SDN SDN USG Provide SDN-to-WAN translation, same or different IP subnet, same or different encapsulation SDN to WAN Remote Data Center Branch Offices Internet WAN USG

CLOUD STITCHING Multi hypervisor VMware NSX for vsphere (6.1) Juniper Contrail (KVM) Juniper Contrail (Docker) Legacy hosts/networks Multi datacenter Optimal MAC learning Active/Active Optimal traffic forwarding Automation Provisioning Analytics Optimal traffic forwarding

CLOUD STITCHING Bare Metal Plain VLANs VMware vsphere NSX-V NSX Edge Bridge EVPN KVM Juniper Contrail MX Edge integration Docker Juniper Contrail MX Edge integration

Informatie resources! www.securelink.nl, sectie datacenter solutions! www.juniper.net! Security BootCamp Demoplein! ralph.wanders@securelink.nl & rmur@juniper.net! Sales team SecureLink & Juniper

Bedankt voor uw tijd. IT SECURITY IS TOPSPORT!