Nicolai van der Smagt has been in the business of designing, implementing and running SP networks for over 15 years. He has worked with DOCSIS, DSL and FTTH operators. Nowadays, Nicolai is helping Infradata’s pan-European customers build better access, aggregation and core networks, but his focus is on the data center, SDN, NFV and the whitebox switching revolution. His motto: “Simplicity is sophistication”.
Topic of Presentation: SDN
Language: English
Abstract:
Open source SDN that actually works -today
OpenContrail is an open source (Apache 2.0 licensed) project that provides network virtualization in the data center, using tried and tested open standards. It provides northbound APIs, integrates in Openstack or Cloudstack and is available today!
In this slot we’ll show you the architecture and ideas behind the technology and how OpenContrail enables you to avoid the pitfalls that other (closed) SDN solutions bring. If time permits we’ll also demo the technology.
Report
Share
Report
Share
1 of 35
Download to read offline
More Related Content
PLNOG 13: Nicolai van der Smagt: SDN
1. Open
Contrail
network
virtualiza2on
Nicolai
van
der
Smagt
Solu2ons
Architect
September
2014
2. Nicolai
van
der
who?!
˥ Nicolai
van
der
Smagt:
˥ Solu2ons
Architect
@
Infradata
˥ Focus
on
datacenter
architecture
˥ GeJng
old:
15
years
of
experience
building
and
maintaining
SP
networks
Contact:
nicolai@infradata.eu
InfraInnovaData
@
TwiRer
Vandersmagt
@
Linkedin
3. SDN
>
Network
Virtualiza2on
˥ This
presenta2on
is
about
network
virtualiza2on
soVware
˥ SDN
is
an
overly
broad
and
excessively
hyped
term,
it
can
mean
anything
to
anybody
˥ Let’s
avoid
the
S-‐acronym
for
the
rest
of
the
session
˥ Let’s
talk
about
actual,
deployable
technology
4. Network
virtualiza2on?
˥ Helps
achieve
beRer
scalability
˥ Enables
automa2on
/
“agility”
˥ Improves
and
streamlines
network
security
˥ Reduces
cost
˥ Like
MPLS
for
the
datacenter,
or
“poor
man’s”
MPLS
˥ Enables
the
underlaying
network
to
be
simple
5. Average
DC
–
L2/VLAN-‐based
Designed
for
north
<-‐>
south
traffic
L2/L3
L2/L3
L3
L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
L2/L3
L2/L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
Mul2-‐Chassis
LAG
TRUNK
VMs
ToR
ToR
Servers
6. Average
DC
–
Limited
VLAN
span
L2/L3
L2/L3
L3
L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
L2/L3
L2/L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
Mul2-‐Chassis
LAG
TRUNK
Rou2ng
&
Filtering
between
VLANs
VLAN
Span
Limit
ToR
ToR
Rou2ng
&
Filtering
between
VLANs
FW
No
VLANs
Across
L3
LB
FW
LB
7. Average
DC
–
No
built-‐in
mul2-‐tenancy
L2/L3
L2/L3
L3
L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
L2/L3
L2/L3
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
Mul2-‐Chassis
LAG
TRUNK
VLAN
Span
Limit
VMs
ToR
ToR
FW
LB
FW
LB
Single
Rou2ng
Table
(No
support
for
overlapping
mul2-‐tenant
space)
8. Cloud
DC
–
L3
ECMP
Clos
network
Designed
for
east-‐west
and
north-‐south
traffic
L3
L3
L2-‐SW
L3
ToR
L3
ToR
L3
ToR
L3
ToR
L3
L3
L3
L3
L3
External
Network
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
L2-‐SW
Servers
9. Average
DC
–
Mul2-‐tenancy
using
VRF
L2/L3
-‐MPLS
L3-‐MPLS
L2
L2
L2
L2
L2
L2
FW
LB
L2
Switch
L2
Switch
L3-‐MPLS
L2
L2
L2
L2
L2
L2
L2
Switch
L2
Switch
Mul2-‐Chassis
LAG
TRUNK
VLAN
Span
Limit
ToR
ToR
VRF
for
mul2-‐tenant
isola2on
Tenant-‐VRF
Tenant-‐VRF
L2/L3
-‐MPLS
L2/L3
-‐MPLS
L2/L3
-‐MPLS
MPLS
–
Enabled
links
FW
LB
FW
LB
FW
LB
FW
LB
FW
LB
Tenant
Specific
HW
Appliance
Services
11. Opencontrail?!
˥ Network
virtualiza2on
soVware
˥ Provides
a
tunneled
overlay
network
over
any
datacenter
infrastructure
˥ Tunnels
can
be
L3
(GRE,
UDP)
or
L2
(VXLAN)
˥ Tunnels
interconnect
not
just
hypervisors,
but
also
bare-‐metal
machines
and/or
network
infrastructure
(routers,
ToR)
˥ Consists
of
a
virtual
router
component
in
the
hypervisor
(vRouter)
and
centralized
control
plane
(control,
configura2on
and
analy2cs)
12. Standards-‐based
˥ Opencontrail
is
fully
programmable
via
RESTful
API
˥ Northbound
network
gateway
func2onality
is
based
on
well-‐known
and
proven
protocols
and
encaps,
such
as
BGP/MPLS
(L3VPN
or
EVPN)
and
GRE,
UDP
or
VXLAN
˥ Southbound
interface
(to
hypervisor)
based
on
XMPP
˥ No
constraints
on
the
underlay
physical
network
Overall
architecture
§ IETF
NVO3
WG
§ ETSI
NFV
ISG
Overlay
control
plane
protocols:
§ XMPP:
RFC
6120,
dra1-‐marques-‐l3vpn-‐end-‐system
§ BGP
L3VPN:
RFC
4364
§ BGP
EVPN:
dra1-‐ie@-‐l2vpn-‐evpn
§ NetConf:
RFC
6241
Overlay
data
plane
encapsula2on:
§ MPLS
over
GRE:
RFC
4797
§ VXLAN:
dra1-‐mahalingam-‐duE-‐dcops-‐vxlan
Underlay
control
plane
protocols:
Exis2ng
layer-‐2
or
layer-‐3
protocols
13. Open
Source
˥ Apache
2.0-‐licensed;
permissive
open-‐source
with
reten2on
of
copyright
˥ “Redhat
model”:
support
and
packaging
available
from
Juniper
Networks,
if
required.
˥ Juniper
provides
resources
and
core
developers,
but
the
project
is
open
for
other
developers,
reviewers
and
bug-‐squashers
˥ Code-‐review
“based
on
technical
merit
only”.
No
poli2cs.
˥ Available
today,
wai2ng
for
you
to
download
and
play
14. Opencontrail
technical
architecture
SDN
Controller
Configura2on
Analy2cs
Control
Server
VM
VM
VM
Server
IP
fabric
VM
VM
VM
(underlay
network)
Tenant
VMs
Any
underlay
network
Any
gateway
router
BGP
Clustering
Contrail
Controller
KVM
or
Xen
Hypervisor
+
Contrail
vRouter
(L2
&
L3)
REST
XMPP
Orchestrator
XMPP
BGP
+
Netconf
MPLS
over
GRE/UDP
or
VXLAN
19. Opencontrail
provides:
gateway
func2ons
A
B
A
C
Data
Center
1
Internet
WAN
D
B
A
D
Data
Center
2
Tenant
VPN
Gateway
Router
Gateway
Gateway
Switch
Non
Virtualized
Server
20. Opencontrail
is
based
on
MPLS
VPN
technology
Route
Reflector Route
Reflector
PE P P PE
CE CE
Control
Node Control
Node
Underlay
Switch vRouter
Underlay
Switch
VM
VM
VM
VM
VM vRouter VM
IBGP
IBGP
IBGP
XMPP
MPLS
over
MPLS
MPLS
over
GRE
or
VXLAN
Network
Management
System
(NMS)
DMI Config
Node
Orchestrator
Analy2cs
Node
SDN
System
MPLS
L3VPN
/
E-‐VPN Opencontrail
23. Opencontrail
provides:
service
chaining/NFV
Tenant
FW
LB
Network
A
Internet
Tenant
NAT
Network
A
Tenant
Network
B
FW
Tenant
Network
A1
Tenant
Network
A2
FW
24. Service
chaining
Green
Virtual
Network
VM
VM
VM
Red
Virtual
Network
VM
VM
VM
NAT
+
DPI
+
Cache
+
Firewall
Virtual
Service
DPI
Policy
only
HTTP
Virtual
Service
Cache
Physical
Service
Firewall
Policy
based
applica2on
of
virtual
and
physical
services
with
scale-‐out.
Firewall,
Intrusion
Preven3on,
Load
balancer,
Cache,
WAN
op3mizer,
proxy,
...
29. No
VM
IP
informa2on
in
the
Underlay
Network
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Hypervisor
Leaf
Switch
Leaf
Switch
Leaf
Switch
Leaf
Switch
BGP
Leaf
Switch
Leaf
Switch
Leaf
Switch
Leaf
Switch
Spine
Switch
Spine
Switch
Spine
Switch
Gateway
Router
Gateway
Router
Control
Node
Config
Node
(Openstack)
(Cloudstack)
Analy2cs
Node
WebUI
Node
Control
Node
Config
Node
(Openstack)
(Cloudstack)
Analy2cs
Node
WebUI
Node
Network
L3
L2,
L3
OSPF
or
BGP
L3
ECMP
Op2onal
Redundancy
Compute
&
Storage
Rack
Compute
&
Storage
Rack
Orchestra2on
&
Services
Racks
Contrail
in
the
physical
datacenter
30. High
availability
–
scale-‐out
REST
Configura2on
Nodes
Control
Nodes
Analy2cs
Nodes
IF-‐MAP
REST
XMPP
BGP
BGP
BGP,
Netconf
vRouters
Gateways
Designed
to
deal
with
failures
Logically
Centralized
(Physically
Distributed)
Horizontally
Scalable
Highly
Available
(Ac3ve-‐Ac3ve)
Federated
31. Opencontrail
network
security
˥ Policies
create
distributed
security
for
virtual
and
physical
workloads
˥ Policies
enable
micro-‐segmenta2on
˥ Without
an
explicit
policy,
traffic
is
denied
by
default
˥ Service
chaining
enables
distribu2on
of
addi2onal
network
security
(such
as
DDoS
mi2ga2on,
WAF
or
applica2on
layer
firewalling)
32. Orchestra2on
op2ons
Cloudstack,
CCP
OCS
Openstack
Miran2s
Openstack,
Fuel
Redhat
Openstack
(RHOS)
UnitedStack
Openstack
SmartCloud
Orchestrator
End
of
the
year
33. Network
virtualiza2on
with
Opencontrail
˥ Scalability
˥ Upgrade
from
just
4000
to
much
higher
scale
of
tenant
networks
˥ Automa2on
/
“Agility”
˥ Spin
up/down
resources
based
on
demand
˥ Scale-‐out
instead
of
scale-‐up
˥ Automa2c
configura2on
/
DevOps
for
the
network
˥ Network
security
˥ Micro-‐segmenta2on
(smaller
networks
with
more
fine-‐grained
access
controls)
˥ Policy-‐driven
framework
(with
default-‐deny)
˥ Reduced
cost
˥ NFV
=
Virtual
network
devices
instead
of
expensive
hardware
˥ Clos
=
white
label
switches
instead
of
more
expensive
infrastructure
˥ Opencontrail
soVware
available
free
of
charge
34. Devstack
+
Opencontrail
in-‐a-‐box
setup
For
the
developers
in
the
audience:
1 Install
some
packages
(git-‐core,
ant,
build-‐essen2al,
pkg-‐config
2 Download
DevStack
(git
clone
git@github.com:/dse2a/devstack.git)
3 Edit
localrc
(set
PHYSICAL_INTERFACE)
4 Run
stack.sh
5 You’ll
end
up
with
Openstack
glance,
nova,
horizon,
keystone
and
cinder,
with
Opencontrail
(as
a
Quantum
plugin),
ready
for
use
6 ?
7 Profit!