SDN CONTRAIL

ENABLING CLOUD
Parantap Lahiri
Sr. Director, Solutions Engineering

Suresh Balineni
Staff Engineer

FUNDAMENTAL SHIFT: EVOLVING APPS

Standalone Application
(Dedicated Resources)

Technology
Silo

Physical
Servers
VLAN

LB
Policies

Scale-Out
Model

Evolving Applications
(on Resource Pool)

Dynamic Virtual Network

+
Service Orchestration

VM
VM
VM

VM
VM
VM

VM
VM
VM

COMPUTE POOL

LBs

VLAN

FW
Policies

IPS

STORAGE POOL

LB Service POOL

FWs
VLAN

SEGMENTED
NETWORKS

ACLs

FW Service POOL

Common Resource Pools (Datacenter & Beyond)

Routers
Virtual WAN
Network

WAN
2

WAN
Copyright 2013 Juniper Networks, Inc.

External Cloud
Based Resources

BRIDGING PHYSICAL/VIRTUAL NETWORKS

AUTOMATION, ANALYTICS
CONVERGED NETWORK ORCHESTRATION

CONTROL PLANE - PHYSICAL, VIRTUAL

OPEN, STANDARDS-BASED,
FEDERATED CONTROLLER SCALABLE, RESILIENT

VIRTUAL NETWORK OVERLAY

PRESERVE AND INSERT DYNAMIC SERVICES (FIREWALL, LB)

PHYSICAL NETWORK
INTEROPERABILITY WITH
TRADITIONAL NETWORK DEVICES

Copyright 2013 Juniper Networks, Inc.

CONFIDENTIAL DO NOT DISTRIBUTE

Legacy Datacenter Underlay

L3

L2/L3

L3

L2/L3

L2/L3

L2/L3

Mul/-Chassis LAG
TRUNK
L2 Switch

L2 Switch ToR

L2

L2

VMs
Servers

L2

L2

L2

L2 Switch

L2 Switch ToR

L2

L2

L2

L2

L2

L2

L2

Legacy Datacenter Limited VLAN Span

L3

L3

Rou/ng & Filtering

between VLANs

Rou/ng & Filtering

between VLANs

FW

L2/L3

L2/L3

No VLANs Across L3

L2/L3

FW

L2/L3

LB

LB

Mul/-Chassis LAG
TRUNK
L2 Switch

L2 Switch ToR

L2

L2

L2

L2

VMs
Servers
VLAN Span Limit

L2

L2 Switch

L2 Switch ToR

L2

L2

L2

L2

L2

L2

L2

Legacy Datacenter
No Mul/-tenant overlapping IP space support; NAT on HW Appliances

L3

FW

L2/L3

L2/L3

LB

L3

Single Rou/ng Table

(No support for overlapping
mul/-tenant space)

L2/L3

FW

L2/L3

LB

Mul/-Chassis LAG
TRUNK
L2 Switch

L2 Switch ToR

L2

L2

L2

L2

VMs
Servers
VLAN Span Limit

L2

L2 Switch

L2 Switch ToR

L2

L2

L2

L2

L2

L2

L2

Legacy Datacenter
Mul/-tenant Support with MPLS
Tenant Specic
HW Appliance
Services

L3-MPLS

Tenant Specic
HW Appliance
Services

L3-MPLS

FW
LB

FW
LB

FW
LB

MPLS Enabled links

L2/L3 -MPLS

L2/L3 -MPLS

FW
LB

L2

L2

L2

L2

VMs
Servers
VLAN Span Limit

L2

L2/L3 -MPLS
FW
LB

Tenant-VRF

L2 Switch

L2 Switch ToR

L2/L3 -MPLS

MPLS with VRF for mul/-tenant

isola/on

Tenant-VRF

Mul/-Chassis LAG
TRUNK

FW
LB

L2 Switch

L2 Switch ToR

L2

L2

L2

L2

L2

L2

L2

Typical L2 Overlay

L3

L3

Hypervisor Switch only forward L2

Separate VM based router perform rou/ng
Separate VM based router perform NAT

L3

External Network

External Network

L3

L3

L3 ToR

L3

L3 ToR

VXLAN

L3

VXLAN

L2-SW

L3 ToR

L3 ToR
VXLAN

L2-SW

Servers

L2-SW

L2-SW

L2-SW

L2-SW

L2-SW

L2-SW

L2-SW

L2-SW

L2-SW

L2-SW

Contrail Overlay
= mul/-tenant VRF

L3

L3

Hypervisor Router handles L2/L3

Hypervisor Router perform na/ve rou/ng
Hypervisor router perform na/ve NAT

L3

External Network

External Network

L3

L3

L3 ToR

vRouter

L2/L3

vRouter

vRouter

L2/L3

L2/L3

vRouter

L2/L3

L2/L3

L3 ToR

Servers

L3

L3 ToR

L3 ToR

vRouter

L2/L3

vRouter

vRouter

L2/L3

L2/L3

vRouter

L2/L3

vRouter

L3

Service Inser/on

Service Inser/on

vRouter

L2/L3

vRouter

L2/L3

vRouter

L2/L3

Contrail Overlay Datacenter Abstrac/on

Router

L3VPN

L3

L3

L3

Internet
L3

L3

L3 ToR

L3

L3 ToR

VN1

Tenant 1

L3

L3 ToR
VN1

Tenant 3
VN2

VN2
Tenant 4

VN1

Tenant 2
VN2

VN1

VN2

L3 ToR

Contrail Overlay Mul/-DC

MX

L3VPN

VN1

Internet
Tenant 3

VN1

Tenant 1

VN2

VN2
Tenant 4

VN1

Tenant 2

VN1

VN2

VN2

IP Underlay

vRouter

L2/L3

vRouter

L2/L3

vRouter

L2/L3

Datacenter 1
Datacenter 2

Datacenter 3

CONTRAIL ON IP NETWORK
REST/API
Congura/on Management
Control Plane

Control Plane

BGP Based Control Plane

XMPP

XMPP

10.1.1.2:NH = 151.10.10.1; LBL = 17

10.1.1.1:NH = 70.10.10.1; LBL = 39

10.1.1.1:NH = 70.10.10.1; LBL = 39

10.1.1.2:NH = 151.10.10.1; LBL = 17

PubSrcIP

PubDstIP
151.10.10.1

70.10.10.1

GRE LBL=17

PriDstIP

PriSrcIP

10.1.1.2

10.1.1.1

PAYLOAD

IP Network
70.10.10.1

Agent

151.10.10.1

10.1.1.2: NH = 151.10.10.1; LBL = 17

10.1.1.1: NH = 70.10.10.1; LBL = 39

VRF

VRF (Dynamic Tunnel Decapsula/on)

(Dynamic Tunnel Encapsula/on)

PriDstIP PriSrcIP
10.1.1.2

10.1.1.1

10.1.1.1
PAYLOAD

VM

Server 1
Copyright
clu`er 2013 Juniper Networks, Inc.
12 *Outer MAC header was le_ out inten/onally to reduce

10.1.1.2

VM

Agent

PriDstIP PriSrcIP
10.1.1.2

10.1.1.1

PAYLOAD

Server 2

CONTRAIL TECHNICAL APPROACH

Orchestrator

Cloud Orchestration

Contrail Controller
Congura/on

Analy/cs

JunosV Contrail

Control Plane

Virtualized Server
VM

VM

VM

Virtualized Server
IP fabric
(underlay network)

VM

VM

VM

Juniper & 3rd party Services *

Hypervisor, Contrail vRouter
VXLAN or MPLSoGRE/UDP

Router
Gateway

XMPP

External IP
Network

= Juniper and 3rd party services can also be physical devices (e.g. SRX) or hypervisor services (e.g. vGW)
** = Other Orchestration System support like Cloudstack, Customer OSS/BSS System

13

Copyright 2013 Juniper Networks, Inc.

BGP, Netconf

SUMMARY SCALE-OUT NETWORKING SYSTEM

Orchestrator
(OpenStack)
REST
CONTRAIL System
Analy/cs
Node

Analy/cs
Node

Congura/on
Node

Congura/on
Node

IF-MAP

Control
Node

IBGP

XMPP

Compute
Node
(Virtual Router)

14

Control
Node

BGP, NETCONF

Gateway
Node
(MX, EX/QFX, ...)
Copyright 2013 Juniper Networks, Inc.

Service
Node
(SRX, Firey, JSP, ...)