1 / 32

Contrail介绍

Contrail介绍. ---Juniper overlay SDN 解决方案. 网络虚拟化演进方向. PROACTIVE SOFTWARE OVERLAY. OPENFLOW REACTIVE APPOACH. VLAN APPROACH. Reactive End-to-End. Manual End-to-End. Virtual Network Overlays. VLAN configured on physical switches. Requires programming of flows.

habib
Download Presentation

Contrail介绍

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Contrail介绍 ---Juniper overlay SDN解决方案

  2. 网络虚拟化演进方向 PROACTIVE SOFTWARE OVERLAY OPENFLOW REACTIVE APPOACH VLAN APPROACH Reactive End-to-End Manual End-to-End Virtual Network Overlays VLAN configured on physical switches Requires programming of flows No impact to physical network

  3. 网络虚拟化---VLAN 需要手动在每台配置每隔VLAN的信息 用户的流量在物理网络直接传输 VLAN ID一共只有4096个,支持的用户数量也是4096 插入服务相对比较复杂 手工控制. 低效率. 扩展性低.

  4. 网络虚拟化----Openflow 每个用户的流量都要经过物理网络转发 Openflow控制器 每个流量的首个数据包都要去到控制器进行分析 OpenFlow需要底层交换机的支持 OpenFlow需要编程 延迟较高. 扩展性低. 增加故障的考虑点. 可升级.

  5. 网络虚拟化----OVerlay 控制器运用编程手段控制虚拟的vswitch和虚拟网关 数据包不用经过控制器,仅通过隧道进行转发 通过已存在的网络转发数据 用户的信息通过隧道转发,对现网没有感知,即使现网的结构在发生改变 低延迟. 高扩展性. 自动恢复能力. 可以在任何网络上实现.

  6. Juniper CONTRAIL 的角色与作用 Orchestrator Network APIs Compute APIs Storage APIs JunosV Contrail Virtual Machine vRouter Physical Switches Server Service Nodes Gateway Router vSRX, F5 … Juniper的contrail以openstack为基础,通过API调用openstack的组件 Internet VPN DCI WAN

  7. Contrail组件 2014 TODAY 通过API戒口接收VM的状态信息, 包括迁移,新建等 OPENCONTRAIL CONTROLLER contrail控制器 vRouter: 虚拟化的vswitch,为虚拟机接入提供虚拟化戒口 Gateway: 可以采用juniper的MX或者EX9200 可以实时分析数据和流量 Configuration Control Analytics 通过openstack的API控制其他的节点信息 VM VM VM VM VM VM VM VM Contrail节点 Contrail节点 vRouter vRouter Physical Host with Hypervisor Physical Host with Hypervisor Physical Network(no changes) Gateway WAN, Internet Juniper目前完成openstack的集成,后续还会支持Vmware等更多的云平台系统

  8. LoadBalancing Service Chaining • Contrail功能 Routing and Switching 3rd Party Network Services IPAM, Virtual DNS Security Gateway Services APIServices Rich Analytics HighAvailability

  9. Contrail –控制器和节点 • 控制器和节点之间可以实现控制和转发分离 • 控制器可以控制多个节点,包括路由器和compute node • 控制层面通过BGP协议实现路由控制 • 转发点通过动态的GRE的隧道转发数据 • 物理拓扑和交换机对于用户是透明的 Configuration Node Configuration Node Control Node IF-MAP Control Node IBGP "BGP module" IF-MAP Client Control Node Proxies XMPP Gateway Routers XMPP Service Nodes Compute Node Compute Node

  10. Control plane – 路由发布方式 REST/API 通过BGP协议VM的地址被宣告到控制器中 Configuration Node IF-MAP Control Plane Control Plane Control Node XMPP XMPP 10.1.1.2:NH = 151.10.10.1; LBL = 17 10.1.1.1:NH = 70.10.10.1; LBL = 39 10.1.1.1:NH = 70.10.10.1; LBL = 39 10.1.1.2:NH = 151.10.10.1; LBL = 17 PubSrcIP PriSrcIP PubDstIP PriDstIP PAYLOAD PAYLOAD 10.1.1.1 10.1.1.1 10.1.1.2 10.1.1.2 GRE 70.10.10.1 LBL=17 10.1.1.2 10.1.1.1 PAYLOAD 151.10.10.1 IP Network 转发时原始数据包经过GRE再次封装 70.10.10.1 151.10.10.1 10.1.1.2: NH = 151.10.10.1; LBL = 17 10.1.1.1: NH = 70.10.10.1; LBL = 39 Agent Agent VRF (Dynamic Tunnel Encapsulation) VRF (Dynamic Tunnel Decapsulation) PriSrcIP PriDstIP 10.1.1.1 PriDstIP PriSrcIP 10.1.1.2 VM VM Server 1 Server 2 *Outer MAC header was left out intentionally to reduce clutter

  11. 应用场景—逻辑拓扑 VN G VN R PN 虚拟网络 VMG1 VMG2 VMG3 用户的VM VMFW 虚拟防火墙 VMR1 VMR2 VMR3 物理路由器 物理网络

  12. 应用场景—物理拓扑 ContrailController OpenStack Neutron Nova 虚拟VM 带vrouter的Hypervisor 物理交换机 物理出口路由器

  13. 逻辑与物理拓扑对应 ContrailController OpenStack Neutron Nova L3VPN VN R VN G VMG1 VMG2 VMG3 VMFW VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  14. 初始化过程,网络还没有建立 ContrailController OpenStack Neutron Nova PN VN R VN G VMG1 VMG2 VMG3 VMFW VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  15. 用户新建虚拟网络 Create VN G ContrailController OpenStack Neutron Nova VN G PN VN R VMG1 VMG2 VMG3 VMFW VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  16. 用户新建虚拟机VM G1 Create VM G1Attach to VN G ContrailController OpenStack Neutron Nova VN G VN R PN VMG1 VMG1 VMG2 VMG3 VMFW Nova: Create VM VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  17. 用户新建虚拟机VM G1 Create VM G1Attach to VN G ContrailController OpenStack Neutron Nova VN R PN VN G VMG1 Neutron:Attach VM to VN VMG1 VMG2 VMG3 VMFW XMPP:Create routing-instance VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  18. 用户新建VM G2 Create VM G2Attach to VN G ContrailController OpenStack Neutron Nova VN G VN R PN VMG2 VMG1 VMG1 VMG2 VMG3 Nova: Create VM VMFW VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  19. 用户新建VM G2 Create VM G2Attach to VN G ContrailController OpenStack Neutron Nova VN R PN VN G VMG2 VMG1 Neutron:Attach VM to VN VMG1 VMG2 VMG3 VMFW XMPP:Create routing-instance VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  20. Contrail通过指令在两个服务器之间建立隧道 Create VM G2Attach to VN G ContrailController OpenStack Neutron Nova VN R PN VN G XMPP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  21. 用户的数据包在隧道中转发的情况 MPLS GRE Outer IP header Payload Inner IP header Ethernet Label Source IP Dest IP Source IP Dest IP Source MAC Dest MAC ... L2 ... Server S1 Server S2 VM G1 VM G2 Server S1 Server S2 VMG2 VMG1 Packet Green routing-instance IP FIB Green routing-instance IP FIB S2 S1 IP prefix IP prefix Nexthop Nexthop VM G1 VM G1 Virtual ethernet port to VM G1 Push label L1GRE encaps to server S1 VM G2 VM G2 Push label L2 +GRE encaps to server S2 Virtual ethernet port to VM G2 Global MPLS FIB Global MPLS FIB MPLS label MPLS label Nexthop Nexthop L1 L2 Pop + Green routing-instance Pop + Green routing-instance Global IP FIB Global IP FIB IP prefix IP prefix Nexthop Nexthop Server S2 Server S1 Physical ethernet port Physical ethernet port

  22. 用户新建VM G3 Create VM G3Attach to VN G ContrailController OpenStack Neutron Nova VN R PN VN G VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 Nova: Create VM VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  23. 用户新建VM G3 Create VM G3Attach to VN G ContrailController OpenStack Neutron Nova VN R PN VN G VMG2 VMG1 Neutron:Attach VM to VN VMG1 VMG2 VMG3 VMFW VMG3 VMR1 VMR2 VMR3 XMPP:Create routing-instance PHYSICAL LOGICAL

  24. Contrail在物理服务器之间再搭建两条隧道 Create VM G3Attach to VN G ContrailController OpenStack Neutron Nova VN G VN R PN XMPP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  25. 用户的最终状态 ContrailController OpenStack Neutron Nova VN R PN VN G VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 VMR2 VMR3 PHYSICAL LOGICAL

  26. 两个不同用户均新建了VM以后 ContrailController OpenStack Neutron Nova VN R PN VN G VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 VMR1 VMR2 VMR3 VMR3 VMR2 PHYSICAL LOGICAL

  27. 虚拟vrouter和出口路由器之间建立隧道 Apply Policy VN R ↔ L3VPN ContrailController OpenStack Neutron Nova L3VPN VN G VN R Netconf:Configure routing-instance VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL

  28. 虚拟vrouter和出口路由器之间建立隧道 Apply Policy VN R ↔ L3VPN ContrailController OpenStack Neutron Nova L3VPN VN G VN R BGP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL

  29. 虚拟vrouter和出口路由器之间建立隧道 Apply Policy VN R ↔ L3VPN ContrailController OpenStack Neutron Nova L3VPN VN G VN R XMPP:Exchange routes Create tunnels VMG2 VMG1 VMG1 VMG2 VMG3 VMFW VMG3 VMR1 VMR1 VMR2 VMR3 VMFW VMR3 VMR2 PHYSICAL LOGICAL

  30. 所有的工作都是通过API • 界面在调用openstack的API • 所有的工作都是通过API完成 • 系统使用通过的编程语言 • Python 和 Java libraries (others can be supported as there is interest) • 也可以是curl • 数据模型是公开的,有对应的文档 • 可编程接口 • API’s 调用系统

  31. 总结: Contrail是SDN解决方案的创新者 • 可以与现有网络结合,节省升级和更换设备的成本 • SDN 的物理层面的架构简单化 • 简化网络中的组件,通过虚拟化实现 简单 • 开发那个的平台 • 所有的Hypervisors 上运行的协议都是标准的 • 可以云平台可以完好的结合 开放 • 自动更新云平台虚拟网络的结构 • 可以与云平台进行结合使用 • 自带的分析系统可以分析流量 智能化

More Related