Juniper-overlay-SDN方案

SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6ExecutiveIntroSlideCONTRAIL介绍---JuniperoverlaySDN解决方案SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6BlankSlideTitleandContent1-Line网络虚拟化演进方向VirtualNetworkOverlaysReactiveEnd-to-EndVLANconfiguredonphysicalswitchesRequiresprogrammingofflowsNoimpacttophysicalnetworkManualEnd-to-EndPROACTIVESOFTWAREOVERLAYOPENFLOWREACTIVEAPPOACHVLANAPPROACHSlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6BlankSlideTitleandContent1-Line需要手动在每台配置每隔VLAN的信息插入服务相对比较复杂VLANID一共只有4096个，支持的用户数量也是4096用户的流量在物理网络直接传输网络虚拟化---VLAN手工控制.低效率.扩展性低.SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6BlankSlideTitleandContent1-Line网络虚拟化----OPENFLOWOpenFlow需要底层交换机的支持OpenFlow需要编程每个用户的流量都要经过物理网络转发延迟较高.扩展性低.增加故障的考虑点.可升级.Openflow控制器每个流量的首个数据包都要去到控制器进行分析SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6BlankSlide数据包不用经过控制器，仅通过隧道进行转发通过已存在的网络转发数据用户的信息通过隧道转发，对现网没有感知，即使现网的结构在发生改变控制器运用编程手段控制虚拟的vswitch和虚拟网关网络虚拟化----OVERLAY低延迟.高扩展性.自动恢复能力.可以在任何网络上实现.SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6JUNIPERCONTRAIL的角色与作用ServiceNodesInternetVPNDCIWANGatewayRouterJunosVContrailOrchestratorComputeAPIsStorageAPIsNetworkAPIsServerVirtualMachinevRouterPhysicalSwitchesvSRX,F5…JUNIPER的CONTRAIL以OPENSTACK为基础，通过API调用OPENSTACK的组件SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6BlankSlideTitleandContent1-LineCONTRAIL组件PhysicalNetwork(nochanges)AnalyticsOPENCONTRAILCONTROLLERControlConfigurationPhysicalHostwithHypervisorvRouterVMVMVMVMPhysicalHostwithHypervisorvRouterVMVMVMVMWAN,InternetGateway通过API戒口接收VM的状态信息，包括迁移，新建等可以实时分析数据和流量通过openstack的API控制其他的节点信息vRouter:虚拟化的vswitch，为虚拟机接入提供虚拟化戒口Gateway:可以采用juniper的MX或者EX9200TODAY2014JUNIPER目前完成OPENSTACK的集成，后续还会支持VMWARE等更多的云平台系统contrail控制器Contrail节点Contrail节点SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6TitleandBulletsIPAM,VirtualDNSSecurityLoadBalancing3rdPartyNetworkServicesRichAnalyticsHighAvailabilityServiceChainingAPIServicesRoutingandSwitchingGatewayServicesCONTRAIL功能SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6CONTRAIL–控制器和节点ControlNodeBGPmoduleProxiesXMPPControlNodeControlNodeComputeNodeComputeNodeConfigurationNodeConfigurationNodeIF-MAPXMPPIBGPIF-MAPClient•控制器和节点之间可以实现控制和转发分离•控制器可以控制多个节点，包括路由器和computenode•控制层面通过BGP协议实现路由控制•转发点通过动态的GRE的隧道转发数据•物理拓扑和交换机对于用户是透明的GatewayRoutersServiceNodesSlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6CONTROLPLANE–路由发布方式10.1.1.110.1.1.270.10.10.1151.10.10.110.1.1.2:NH=151.10.10.1;LBL=1710.1.1.1:NH=70.10.10.1;LBL=3910.1.1.110.1.1.2PAYLOADVRFPriSrcIPPriDstIP10.1.1.110.1.1.2PAYLOADLBL=17GRE70.10.10.1151.10.10.1PubSrcIPPubDstIPVMVRFPriSrcIPPriDstIP10.1.1.110.1.1.2PAYLOADPriSrcIPPriDstIPVMIPNetworkAgentAgentXMPPXMPPControlNodeConfigurationNodeREST/API10.1.1.2:NH=151.10.10.1;LBL=1710.1.1.1:NH=70.10.10.1;LBL=39(DynamicTunnelEncapsulation)(DynamicTunnelDecapsulation)Server1Server2ControlPlane*OuterMACheaderwasleftoutintentionallytoreduceclutter10.1.1.1:NH=70.10.10.1;LBL=3910.1.1.2:NH=151.10.10.1;LBL=17ControlPlaneIF-MAP通过BGP协议VM的地址被宣告到控制器中转发时原始数据包经过GRE再次封装SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6应用场景—逻辑拓扑VMG1VMG2VMG3VNGVMR1VMR2VMR3VNRPNVMFW虚拟网络用户的VM虚拟防火墙物理路由器物理网络SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6应用场景—物理拓扑OpenStackContrailControllerNeutronNova虚拟VM带vrouter的Hypervisor物理交换机物理出口路由器SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6逻辑与物理拓扑对应VMG1VMG2VMG3VNGVMR1VMR2VMR3VNRL3VPNVMFWOpenStackContrailControllerNeutronNovaPHYSICALLOGICALSlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6初始化过程，网络还没有建立VMG1VMG2VMG3VNGVMR1VMR2VMR3VNRPNVMFWOpenStackContrailControllerNeutronNovaPHYSICALLOGICALSlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6用户新建虚拟网络VMG1VMG2VMG3VMR1VMR2VMR3VNRPNVMFWOpenStackContrailControllerNeutronNovaPHYSICALLOGICALVNGCreateVNGSlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6用户新建虚拟机VMG1VMG1VMG2VMG3VMR1VMR2VMR3VNRPNVMFWOpenStackContrailControllerNeutronNovaPHYSICALLOGICALVNGCreateVMG1AttachtoVNGNova:CreateVMVMG1SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6VMG1VMG2VMG3VMR1VMR2VMR3VNRPNVMFWOpenStackContrailControllerNeutronNovaPHYSICALLOGICALVNGVMG1Neutron:AttachVMtoVNCreateVMG1AttachtoVNGXMPP:Createrouting-instance用户新建虚拟机VMG1SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6用户新建VMG2VMG1VMG2VMG3VMR1VMR2VMR3VNRPNVMFWOpenStackContrailControllerNeutronNovaPHYSICALLOGICALVNGCreateVMG2AttachtoVNGVMG1Nova:CreateVMVMG2SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6用户新建VMG2VMG1VMG3VMR1VMR2VMR3VNRPNVMFWOpenStackContrailControllerNeutronNovaPHYSICALLOGICALVNGVMG1Neutron:AttachVMtoVNCreateVMG2AttachtoVNGVMG2XMPP:Createrouting-instanceVMG2SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6CONTRAIL通过指令在两个服务器之间建立隧道VMG1VMG3VMR1VMR2VMR3VNRPNVMFWOpenStackContrailControllerNeutronNovaPHYSICALLOGICALVNGVMG1CreateVMG2AttachtoVNGVMG2XMPP:ExchangeroutesCreatetunnelsVMG2SlideTypeJuniperNetworksLargeVenueTemplate/16x9/V6用户的数据包在隧道中转发的情况VMG1VMG2IPprefixNexthopVMG1VirtualethernetporttoVMG1Greenrouting-instanceIPFIBVMG2PushlabelL2+GREencapstoserverS2MPLSlabelNexthopL1Pop+Greenrouting-instanceGlobalMPLSFIBIPprefixNexthopServerS2Physicaletherne