瞻 博 OPEN CONTRAIL 构 建 的 智 能 SDN 网 络 Juniper Networks, APAC March, 2015
什 么 是 SDN Management/Orchestration Plane SDN Control Plane Control Plane Forwarding/Data Plane 2 Copyright 2015 Juniper Networks, Inc. www.juniper.net
SDN 的 开 放 性 特 质 OpenFlow Overlays Automation Controller Based Manipulates Forwarding Plane of devices directly Controller Based Relies on physical network underlay for connectivity. Tunnelling Based VxLAN MPLSoverGRE NVGRE STT Puppet Chef Python Ansible Junos Scripting Junos SDK 3 Copyright 2015 Juniper Networks, Inc. www.juniper.net
什 么 是 云? 数 据 中 心 演 进 传 统 方 式 虚 拟 化 Physical Servers Switches Sec. Device LB Device Standalone Applications (Dedicated Resources) FW, IPS Policies LB Policies Admin 主 要 的 挑 战 Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo ed Manual device config Custom Policy Config Deployment knowledge Virtual Machines VLANs v Security v LB Standalone Application (Virtualized Resources) VLAN Config Security Policies LB Policies VM Orchestrator Admin 解 决 了 一 些 Sub-Optimal Device Util. Static & Inflexible TCO (Capex, Opex) Physically Constrained Silo ed Manual device config Custom Policy Config Deployment knowledge Router ACLs Router ACLs End-user End-user 4 Copyright 2015 Juniper Networks, Inc. www.juniper.net
什 么 是 云? 云 数 据 中 心 云 - SDN Virtualized Resource Pools Evolving Applications (on Resource Pool) Orchestrator / Controller 所 有 挑 战 都 被 解 决 Compute All Policies (incl. ACLs) Admin Sub-Optimal Device Utilization Static & Inflexible Storage TCO (Capex, Opex) LB Virtual Network Virtual Network Physically Constrained Silo ed Large, Manual Device Config Security Custom / Complex Policy Config External Cloud Based Resources No ACLs Specialized deployment knowledge Resources Across DC s End-user 5 Copyright 2015 Juniper Networks, Inc. www.juniper.net
云 业 务 需 要 更 智 能 的 弹 性 网 络 Distributed, Real-Time Apps Continuous Infra Feedback Resource Orchestration RT Analytics Compute & Storage Events, Logs, Statistics Network Orchestration Network Services Orchestration Virtualized Network Policy & Security Framework 6 Copyright 2015 Juniper Networks, Inc. www.juniper.net
所 有 设 备 之 间 都 需 要 通 信 SDN 的 应 用 Provide SDN-to-non-SDN translation, same IP subnet SDN to IP (Layer 2) Layer2 Provide SDN-to-non-SDN translation, different IP subnet SDN to IP (Layer 3) Layer3 Provide SDN-to-SDN translation, same or different IP subnet, same or different overlay SDN to SDN SDN 7 Copyright 2015 Juniper Networks, Inc. www.juniper.net WAN Provide SDN-to-WAN translation, same or different IP subnet, same or different encapsulation SDN to WAN Remote Data Center Public Cloud Internet
开 源 的 应 用 情 况 Operating systems (e.g., Red Hat Linux, Suse, Android) Web servers (e.g., Apache, nginx) Which of the following open source Relational software DBMSes (e.g., tools/frameworks MySQL, PostgreSQL, have SQLite) you used for development or deployment in the past 57% 12 months? Development IDEs (e.g., Eclipse, NetBeans) Application server (e.g., JBoss, Tomcat) Build and release management tools (e.g., Hudson/Jenkins, Maven, Ant) Application frameworks (e.g., Spring, Rails, Zend) Content management systems (e.g., Alfresco, Drupal) SCM tools (e.g., Git, Subversion, Mercurial) Business intelligence tools (e.g., BIRT, Jasper Reports, Spago) Portals or mashup servers (e.g., Liferay, JBoss Portal, exo) Business applications (Sugar CRM, Bravo) NoSQL DBMSes (e.g., Apache Hadoop, MongoDB, Riak, Couchbase) Release/deployment management tools (e.g., Chef, Cf Engine, Puppet) Management and monitoring (e.g., Nagios, Cacti, Shinken) Have not used open source software Other (please specify) 2% 4% Base: North American and European enterprise software developers; Source: Forrsights Developer Survey, Q1 2013 8 Copyright 2015 Juniper Networks, Inc. www.juniper.net 3% 3% 4% 3% 3% 6% 6% 5% 10% 16% 16% 22% 21% 21% 20% 20% 24% 22% 26% 30% 32% 32% 31% 31% 33% 35% 35% 45% 54% 58% 66% Using cloud computing/elastic applications (N = 125) Not using cloud computing/elastic applications (N = 572)
瞻 博 的 实 现 必 须 支 持 第 三 方 产 品, 提 供 完 全 的 开 放 性 必 须 支 持 虚 拟 与 物 理 的 融 合, 提 供 一 体 化 解 决 方 案 均 衡 硬 件 的 资 源 利 用 率, 最 大 程 度 帮 用 户 节 省 投 资 成 本 多 厂 商 架 构 的 集 成 开 源 的 Orchestration Contrail & OpenStack 9 Copyright 2015 Juniper Networks, Inc. www.juniper.net
瞻 博 的 SDN 产 品 系 列 满 足 不 同 用 户 的 业 务 需 求 Orchestration, Automation (APIs) and Policy Management IaaS, VPC (CONTRAIL) CORE (NORTHSTAR) EDGE NFV (MX, CONTRAIL, NFV-O) IT CLOUD (CONTRAIL) Managed Cloud Services Global Optimization for TE Virtualized Network Functions Network Virtualization L3VPN extension into DC s Policy-based BW Allocation Juniper Services Orchestration, Automation Intra, Inter-Domain Orchestration Multi-tenancy Traffic Analytics 3 rd Party/Best of Breed Orchestration and Service Chaining Agility in Service Insertion MX & QFX SDN Gateway MX/vMX Service Control GW 10 Copyright 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL 的 产 品 形 态 INCREASING LEVELS OF INTEGRATION Contrail Networking Cloud Networking Network Virtualization Virtualized Network Services Multiple Orchestration Support Openstack, VMware ESXi, vcenter, IBM CO Contrail Cloud Cloud Orchestration Server Management Distributed & Scale-out Storage Compute Orchestration (OpenStack) Server (Ubuntu) + Contrail Networking Contrail Cloud Reference Architecture Integrated Cloud PODs Reference Architecture PODs Integrated Management + Contrail Cloud 11 Copyright 2015 Juniper Networks, Inc. www.juniper.net
什 么 是 OPEN CONTRAIL? OPENCONTRAIL IS Juniper s open-source cloud network automation initiative (Apache v2) Built using standards-based protocols API driven Implements OpenStack Neutron API, Amazon EC2 VPC API, etc. Offers APIs to apps/ orchestration systems to configure & monitor the system. Provides all components for network virtualization Overlay networks to virtual machines & Linux Containers containers and network namespaces. Built as a scalable, resilient, and carrier-grade network platform for Cloud infrastructure 12 Copyright 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL ( 多 厂 商 ) 架 构 的 开 放 和 支 持 ORCHESTRATOR Interoperates with different Orchestration systems Multi-vendor VNFs can run on the same platform Compute / Storage orchestration Network orchestration CONTRAIL CONTROLLER Automation: REST APIs to integrate with different Orchestration Systems Control Plane: BGP Control Plane (logically centralized, physically distributed Controller elements) Config Plane: Bi-directional real-time message bus using XMPP Data Plane: Overlay Tunnels (MPLSoGRE, MPLSoUDP, VXLAN) vrouter Physical IP Fabric (no changes) vrouter Linux Host + Hypervisor Linux Host Hypervisor Multi-vendor SDN Gateway (any router that can talk BGP and the aforementioned tunneling protocols) Gateway Internet / WAN Integrates with different Linux Hosts, multiple hypervisors, and multi-vendor X86 servers 13 Copyright 2015 Juniper Networks, Inc. www.juniper.net
PHYSICAL (Policy Enforcement) LOGICAL (Policy Definition) 虚 拟 化 网 络 : 逻 辑 & 物 理 VIRTUAL NETWORK GREEN Contrail Security Policy (Firewall-like) VIRTUAL NETWORK BLUE Contrail Policy with a Firewall Service VIRTUAL NETWORK YELLOW G1 G2 G3 B1 B2 B3 Y1 Y2 Y3 Intra-network traffic Inter-network traffic traversing a service VM and virtualized Network function pool VM and virtualized Network function pool G1 Y1 B1 G2 B3 IP fabric (switch underlay) G3 B2 Y3 Y2 Host + Hypervisor Host + Hypervisor 14 Copyright 2015 Juniper Networks, Inc. www.juniper.net
资 源 获 取 HTTPS://GITHUB.COM/JUNIPER 15 Copyright 2015 Juniper Networks, Inc. www.juniper.net
获 取 源 代 码 两 个 办 法 : 手 工 获 取, 通 过 git 工 具 git clone https://github.com/juniper/contrail-controller 自 动 获 取, 通 过 ruby 脚 本 ruby get_file.rb Juniper 5 sh get_juniper.sh 16 Copyright 2015 Juniper Networks, Inc. www.juniper.net
OPENCONTRAIL 架 构 图 17 Copyright 2015 Juniper Networks, Inc. www.juniper.net
物 理 连 接 图 18 Copyright 2015 Juniper Networks, Inc. www.juniper.net
CONTRAIL 安 装 准 备 工 作 1. Ubuntu 服 务 器 12.04 LTS 服 务 器 http://old-releases.ubuntu.com/releases/12.04.1/ubuntu-12.04.3- server-amd64.iso 2. Contrail 安 装 包 http://www.juniper.net/support/downloads/?p=contrail#sw 19 Copyright 2015 Juniper Networks, Inc. www.juniper.net
安 装 过 程 1. 安 装 ubutu 12.04.LTS 2. 安 装 contrail-install-packages..~havana_all.deb dpkg i contrail-install-packages..~havana_all.deb 3. 创 建 contrail package repository 和 fabric 工 具 #cd /opt/contrail/contrail_packages #./setup.sh 4. 修 改 testbed.py 文 件 #cd /opt/contrail/utils/fabfile/ #cp testbed_singlebox_example.py testbed.py 20 Copyright 2015 Juniper Networks, Inc. www.juniper.net
安 装 过 程 5. 修 改 testbed.py 文 件 修 改 ip 地 址 和 密 码, 等 等 6. 安 装 contrail #cd /opt/contrail/utils #fab -c fabric install_contrail 7 安 装 openstatck #fab setup_all 安 装 完 成 后 自 动 重 新 启 动 21 Copyright 2015 Juniper Networks, Inc. www.juniper.net
安 装 过 程 8. 从 浏 览 器 访 问 Horizon Dashboard http://ip_address/horizon/ 9. OpenContrail 的 WebUI https://ip_address:8143 密 码 都 是 admin/secret123, 这 个 密 码 是 在 testbed.py 里 面 设 置 的 22 Copyright 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL 演 示 视 频 产 品 的 能 力 - 演 示 视 频 Bare Metal Integration through multi-vendor TOR integration https://www.youtube.com/watch?v=pjknt0yv3h0 IPv6 DVR (Distributed Virtual Router) https://www.youtube.com/watch?v=rlo0uixbdxo OpenStack Neutron at Scale https://www.youtube.com/watch?v=xn0rxhd_dqk P + V Service Chaining https://www.youtube.com/watch?v=a9hqc9x6ktg Multi-hypervisor, Docker Integration https://www.youtube.com/watch?v=x2n5q_ycx6o vrouter DPDK Demo https://www.youtube.com/watch?v=zgiqjrkodqm Physical + Overlay Correlation https://www.youtube.com/watch?v=b8ahoy 1Zs 使 用 案 例 演 示 视 频 DDoS Protection (Contrail + DDoS Secure) http://www.youtube.com/watch?v=tnvcea4fil4 NFV through Contrail (this is the Internet / Firewall NFV aka. vcpe) http://www.youtube.com/watch?v=_64no8p2vuw Contrail - Elastic cloud - IT as a Service http://www.youtube.com/watch?v=9g3ewv8x64s SSLVPN on Contrail http://www.youtube.com/watch?v=vfzfdh4kkv4 Caching as a Service (Junos Content Encore on Contrail https://www.youtube.com/watch?v=-_ntc34wcrw Hybrid Cloud https://www.youtube.com/watch?v=uc7nmw5pxdg 23 Copyright 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL 的 合 作 NFV, OSS/BSS vmcg (virtualized SGSN/MME) Elastic CDN DPI (VPTS) Session Border Controller ADC / LB; Demo in progress NFV Orchestration Performance Monitoring WAN Optimization Cloud, System Integrators IBM CO 4.3 Integration Ubuntu, OpenStack, OIL RHEL and RHOS Mirantis OpenStack Scalr CMP Integration Mobility (Liquid Core) solution Piston OpenStack 24 Copyright 2015 Juniper Networks, Inc. www.juniper.net
CONTRAIL 在 OPEN 组 织 的 参 与 和 贡 献 Details Contrail s Engagement Open Platform for NFV Initiative focused on implementation of ETSI NFV standards Linux Foundation based Platinum Member Contribute $, resources, and code Initiative focused on creating a common open-source Controller Linux Foundation based OpenContrail SB Plugin part of Helium release Platinum Member; Board Member Contribute $, resources, and code Initiative focused on creating an Open Cloud Platform OpenStack Foundation based Gold Member (one of 24 gold members) Contribute $ Bug fixes, code etc. ETSI NFV = an ISG (industry specifications group) within ETSI focused on creating NFV standards Formed by Service Providers (ETSI = European Telecommunication Standards Institute) Member Contribute $, resources, and code Initiative focused on creating an Open-sourced Cloud Networking Platform OpenContrail Advisory Board (OCAB) Apache v2 license Owner / Originator Govern, drive, contribute code 25 Copyright 2015 Juniper Networks, Inc. www.juniper.net
总 结 : OPEN CONTRAIL 特 性 和 优 势 敏 捷 性 低 成 本 可 编 程 智 能 化 快 速 部 署 第 三 方 的 兼 容 和 支 持 服 务 器 资 源 的 高 效 率 使 用 集 中 化 管 理 标 准 化 的 协 议 标 准 化 REST APIs 接 口 屏 蔽 了 网 络 层 面 的 复 杂 性 允 许 基 于 策 略 的 自 动 化 配 置 可 视 化 采 集 和 分 析 大 量 网 络 数 据 并 分 析 提 供 标 准 化 APIs 接 口 为 第 三 方 提 供 数 据 ( 分 析 ) 开 放 性 & 兼 容 性 代 码 开 源 并 与 OpenStack, KVM 等 其 他 开 源 产 品 集 成 与 多 厂 商 架 构 可 以 合 作 工 作 26 Copyright 2015 Juniper Networks, Inc. www.juniper.net
OPEN CONTRAIL 开 发 相 关 信 息 参 考 www.opencontrail.org www.openstack.org www.github.org HTTPS://GITHUB.COM/JUNIPER 27 Copyright 2015 Juniper Networks, Inc. www.juniper.net
28 Copyright 2015 Juniper Networks, Inc. www.juniper.net