Introduction Network orchestration using the overlay network tunnels Page 1 Juniper Contrail is an end to end IT solution based on the NFV/SDN applications. It not only provides the service providers and Enterprise the agility & scalability to manage the infrastructure but also provides the customers to monitor, manage and scale their virtual infrastructure in pay as you go model. One of the most key functions of Contrail is service chaining. This concept sets Juniper apart from its competitors. It s a simple concept that leads to the true meaning of the term VIaaS (Virtual Infrastructure as a service) Contrail enables an enterprise or Service provide reduce CAPEX and have on-demand- OPEX based architecture. Service chaining enables the customers to launch industry proven virtual appliances such as Firewalls, load balancers, application servers in a virtual server farm to have this networks functions available on demand. This adds flexibility and agility to the network architecture. Overview We are pleased to present a model for POC as a Service that would allow the user to visit our website and register for a trial of Juniper Contrail. We provide the infrastructure to our customers to test their use cases before they implement contrail within their organization. The POC as a Service intends to allow the customer to test the features available in Juniper Contrail, such as Service Chaining, Network Policing, Service virtualization, etc. Objectives 1. To familiarize user with Openstack and Contrail environment. 2. Provide a platform to explore the Juniper Contrail s features. 3. Give user a proof of concept of Contrail: a. How Virtual machines in various networks interact with one another. b. How Service Chaining works in Contrail and what are its capabilities. 4. Give step by step guide for various scenarios that can be created in lab. 5. Provide user the infrastructure and environment to also test his own networking scenarios. 6. By the end of this lab, user will be able to a. Create Networks b. Spin VMs and attach network to it c. Create service templates d. Launch service instances e. Devise policies with service instances f. Attach policies to networks g. Test Service Chaining in his own use case.
Page 2 Our lab scenario VM1.Blue and VM1.Green will spin on node 1 while VM2.Blue and VM2.Red will reside on node 2. The naming convention is such that, the numerical value is the node on which VM resides and the color describes its network. As VM1.Blue and VM2.Blue reside on same network therefore they will be able to ping each other regardless of the node. Service chaining will be performed between Green and Red networks using vsrx such that the traffic will be able to go from VM1.Green to VM2.Red but not the other way around. vsrx is pre-configured this way. Traditional Network topology CE PE MPLS L3VPN PE CE
Page 3 Physical network topology of our lab Overlay Tunnel MPLSoGRE / VXLAN Node 1 Node 2 JUNIPER CONTRAIL CONTROLLER Configuration Control Analytics Logical network topology of our lab VM1.Blue VM2.Blue VM1.Green vsrx VM2.Red Node 1 Node 2
Page 4 Guide Registering with ICLD will provide you a username and password to test our services for a limited amount of time. This is a step by step guide to help you create a use case of providing Juniper s VSRX as a service through contrail. Step 1: Create images in Open stack We have 4 images as shown below. In this case, Centos 6.6/Cirros can be used for VMs while other two are images of vsrx. One vsrx is preconfigured to send traffic from left to right interface and other one is unconfigured.
Page 5 Step 2: Create networks for our VMs. Here are the 3 networks (Green, red and blue) that we have created.
Page 6 Step 3: Now launch 4 instances. Images below are for VM1.Green Assign the instances their network
Page 7 Here are the 4 instances that we have created. VM1.Blue and VM1.Green reside on node 1(Dell) while VM2.Blue and VM2.Red are on node 2(NUC). Remember that color in naming convention depicts its network. Next, console into your VMs to verify that they are both up. Execute ifconfig command to check whether all of them have the correct IP addresses from the networks assigned to them
Page 8 Step 4: Now switch to Contrail dashboard and add vsrx template Here we can see that our template is created with the name of FireFly 12.1
Page 9 Step 5: Create a service instance. Assign Green to left interface and Red to right interface. A service instance (Firefly) is created, as shown below
Page 10 Step 6: Create a Policy in Contrail. In Networking>Policies, we can either block or unblock protocols like ICMP, TCP etc. from any port, between any networks. For the purpose of this example we are letting all protocols to pass between our Green and Red networks, with FireFly instance being used as a service. Below we see a policy named Green-Red, that we have created.
Step 7: Apply the policy to both networks (Green and Red) Page 11
Page 12 We can see that the policy Green-Red is attached to both our networks Step 8: Now open your VMs in console and ping each other to verify the connectivity between your VMs. The result should be: Both VM1.Blue and VM2.Blue should ping each other. While traffic should flow from VM1.Green to VM2.Red according to our configurations in vsrx. Thank You