5. “
”
In this business we shouldn’t forget what
the purpose of the network is: to serve
the needs of the application. And the
network stopped doing that a while
ago.
ART FEWELL, NETWORK WORLD
5
6. Today’s Network Challenges
High operational costs
Difficult to manage
Network scalability has always been a problem
Unable to adapt to changing traffic patterns and flows
Decentralized
Monolithic software
New features require an update to the entire software stack
6
7. The Push Towards SDN
SDN Definition
A technology to networking which allows centralized, programmable
control planes so that network operators can control and manage directly
their own virtualized networks.
Basic Concepts
Separation of control and data planes
Centralized, programmable control planes of network equipment
Support of multiple, isolated virtual networks
Networks must adjust and respond dynamically
Newly added features must not disrupt the network
Alleviate the need for manual configuration of individual devices
7
8. The Four Planes of Networking
Management
Configuration and management of
network devices
Services
Deep thinking of the software
Stateful firewalling, IDP, etc.
Not all devices have a services plane
Control
Brains of the software – Directs traffic
Forwarding
Brawn of the software – Forwards traffic
8
Network Planes
Management
Services
Control
Forwarding
9. Centralization
Key principal of SDN
Centralized management,
services, and control functions
Master configuration copies
Distributed forwarding layer
Local configuration copy
9
Management
Services
Controller
Centralized Functions
Network Device 1
Configuration Copy
Local Control Layer
Forwarding Layer
Network Device 2
Configuration Copy
Local Control Layer
Forwarding Layer
Network Device n
Configuration Copy
Local Control Layer
Forwarding Layer
Distributed Devices
10. SDN Software Directions
Northbound Interface
In computer networking and computer architecture, a northbound
interface of a component is an interface that conceptualizes the lower
level details (e.g., data or functions) used by, or in, the component
Examples: REST API, SMMP, CORBA, SNMP
Southbound Interface
Allows a particular network component to communicate with a lower-level
component
Example: OpenFlow, NETCONF, XMPP
East-West Interface
Communicate between groups or federations of controllers to synchronize
state for high availability
Example: BGP
10
11. What is OpenFlow?
OpenFlow is a protocol that enables programmability of the
forwarding plane across the network
OpenFlow is leveraged at the Southbound Interface between SDN
Controller and OpenFlow switch
OpenFlow attempts to abstract the implementation details of
networks and forwarding elements using simple messaging
11
Forwarding Element
Flow
Table
Flow
Table
Flow
Table
Forwarding Element
Flow
Table
Flow
Table
Flow
Table
Forwarding Element
Flow
Table
Flow
Table
Flow
Table
SDN Controller SDN Controller
East/West Federation
OpenFlow
12. Three SDN Flavors
Open SDN
Tremendous promise
A comprehensive re-engineering of how networking works.
Requires evolutionary, hybrid deployment strategies to succeed.
SDN via Overlays
Immediate and practical solution to solve datacenter issues
Doesn’t address physical network underneath.
SDN via API
Utilizes existing hardware infrastructure
Stopgap to protect investment
12
13. Open SDN
Simplified devices
All control functionality in controller
Fully distributed enforcement
Easy to innovate and evolve
Typically utilizes OpenFlow for
control plane centralization
OpenFlow allows high-level
switching decisions to be made on
a central controller
Ability to directly program flow
tables on the switch to specify
forwarding behavior
13
Controller
Data
Forwarding
Data
Forwarding
Data
Forwarding
OpenFlow
14. SDN via Overlays
Implemented in hypervisor
Independent of underlying
hardware
Still must deal with physical
network
Encapsulates traffic
VXLAN
GRE
MPLS over GRE
14
Overlay
Networks
Physical
Network
Physical
Server
Physical
Server
Physical
Server
Hypervisor Hypervisor Hypervisor
Network Device Network Device
Network Device Network Device Network Device
15. SDN via APIs
Some network programmability
“Proprietary Openness”
Little or no device simplification
Leaves most control plane
functions on the device
15
Controller
Data Forwarding
API
16. SDN Standards 16
• OpenFlow
• OF-Config
• TTP (Table Type Patterns)
• OVSDB
• I2RS
• NFV (Network Functions Virtualization)
• Open SDN Controller
17. What does the current landscape
look like?
WHO ARE THE BIG PLAYERS?
17
18. Established Vendors:
Cisco Systems
ACI
SDN via API
Developed by Insieme Networks
(Cisco), acquired by Cisco in
December, 2013
Network virtualization platform done
in hardware instead of software
Uses Nexus 9000 switches and an
Application Policy Infrastructure
Controller (APIC)
Application-aware network policies
White-list policy model
18
19. Established Vendors:
Juniper Networks
Juniper Contrail
SDN via Overlay
Developed by Contrail Systems,
acquired by Juniper Networks in
December 2012
Inserts vRouter into compute
hypervisor
Creates MPLS over GRE tunnels
between vRouters
Integrates tightly with OpenStack
Universal SDN Gateway
Open SDN
MX-Series routers and QFX5100
switches
Works together with VMware to
provide SDN gateway functionality
for VMware NSX
19
NSX SDN
Pod 1
VxLAN VxLAN VxLAN VxLAN VxLAN
VxLAN VxLAN VxLAN VxLAN VxLAN
Native IP L2 Native IP L2 Native IP L2 Native IP L2
Native IP L2 Native IP L2 Native IP L2 Native IP L2
NSX
Controller
OVSDB
OVSDB
20. Established Vendors:
VMware
NSX
SDN via Overlay
Acquired Nicira in 2012
Components:
NSX Manager: web-based GUI
management dashboard. Services
provided by NSX APIs
NSX Controller: distributed virtual
appliances that accept API requests
from an orchestrator and programs the
hypervisor NSX switches and NSX
gateways
NSX Gateway: Path in/out of the
software defined data center
NSX vSwitch: Added to the hypervisor to
replace traditional switches.
20
22. Smaller Players:
Big Switch
Big Cloud Fabric
Open SDN
Uses a leaf/spine physical Clos fabric
Big Cloud Fabric Controller
Uses OpenFlow to communicate with
the physical and virtual switches
Centralizes the control plane
Switch Light Operating System on
bare-metal switches
Switch Light vSwitch on hypervisors
Plug-ins for OpenStack and
CloudStack
Programmable via REST API
22
23. Smaller Players:
NEC
ProgrammableFlow Controller
Open SDN
NEC is a founding member of the
Open Networking Foundation
(ONF)
First vendor commercial OpenFlow
controller (2011)
Flat network fabric architecture
Open, API-based network
programming
Works with compute orchestration
such as OpenStack, with Hyper-V
23
24. Start-Ups:
Nuage Networks
SDN via Overlay
Subsidiary of Alcatel-Lucent
Three key software-based
products:
Virtualized Services Controller
(VSC): Serves as the control plane,
maintaining a per-tenant view of
the network.
Virtualized Services Directory (VSD):
Serves as the policy, business logic
and analytics engine for the
abstract definition of network
services. Uses RESTful APIs.
Virtual Routing & Switching (VRS): A
module serving as a virtual
endpoint for network services.
24
25. Start-Ups:
Pica8
PicOS Linux-based network
operating system
Runs on commodity bare
metal switches
Adoption of Open vSwitch
(OVS)
Supports OpenFlow,
recommending the RYU
OpenFlow Controller
25
27. OpenStack Overview
Cloud software orchestration
platform designed to run on
commodity hardware
Developed by NASA and
Rackspace in 2010
Made up of a set of open source
projects in a modular architecture
Collective goal of providing
compute, storage, and networking
for an Infrastructure as a Service
(IaaS) platform
27
28. OpenStack Framework
Compute (Nova): Provisions and manages virtual machines
Networking (Neutron): Provides Network as a Service (NaaS) to
compute
Object Store (Swift): Reliable, scalable storage of various objects
that can be used by other services
Image Service (Glance): Manages library of server VM images
Dashboard (Horizon): Django-based web application used by the
cloud administrator
Authentication (Keystone): Provides authentication services for users
and other OpenStack components as well as API calls
28
30. Nova (compute)
OpenStack’s compute
component
Most complicated and distributed
component of OpenStack
Handles the creation and
management of virtual machines
Uses underlying system’s
virtualization
30
dashboard
Message
Queue
API
Scheduler Compute
Network manager Volume manager
HTTP Auth Manager
31. Keystone (identity)
OpenStack authentication
component
Generates a token (UUID) and
sends to the client
Every request includes the token
and is verified by Keystone
If valid: Returns 200 and process
request
If invalid: Returns 401 and rejects
request
31
Reject Request Process Request
HTTP 401 HTTP 200
No Yes
Send username/password
Keystone Verifies User/Pass
Generates token
token
Send API request + token
Keystone checks token
Token Valid?
32. Glance (image storage)
OpenStack’s image
management component
Used to store images and
templates for VMs
Can copy or snapshot disk
images that can be used as
templates
32
Web UI Glance CLI
Glance API
Glance-Registry
Image StoreGlance
Database
33. Cinder (block storage)
Cinder provides block storage
services for OpenStack
Provisions storage in the form of
block devices known as Cinder
volumes
Storage can either be:
Local using attached disks or solid-
state drives
Remote using standard protocols
such as iSCSI, Fibre Channel and NFS
Snapshot management and
volume cloning
33
Cinder API
Cinder Scheduler
Local
Cinder Volume
Remote
Cinder Volume
Remote
Cinder Volume
iSCSI NFS
34. Swift (object storage)
Used for object storage in
OpenStack
No single point of failure
Horizontally scalable
Ideal for storing unstructured data
that can grow without bound:
Backups
Video
Pictures
Online content
User-generated data
34
Swift Cluster
account
Container
DB
Account
DB
Object
Store
container object
Swift Proxy
35. Neutron (networking)
Network as a Service (NaaS)
Modular, scalable, API-driven system
for managing networks and IP
addresses
Technnology agnostic – Plug-in
architecture allows connecting to
networking environment of choice
Provides REST APIs to manage
network connections for compute
and storage
35
L2 Agent
L3 Agent
neutron-server
Database
Message
Queue
DHCP Agent
Adv. Services
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agent
L3 AgentL3 AgentL3 Agent
DHCP Agent
36. Neutron Plug-Ins
Modular Layer 2 (ML2) Plugin
Framework allows variety of L2 technologies
Vendor Plug-in supports third party vendor technologies
Contrail is an example
36
Core Plug-In (ML2)
Mechanism ManagerType Manager
Type Driver Mechanism Driver
Other GRE VLAN VXLAN Other
Linux
Bridge
OvS Vendor
38. Contrail Overview
Juniper Contrail is an
overlay SDN solution
Replaces Linux bridge with
vRouter on the hypervisor
Creates tunnels between
vRouters, as necessary
MPLS over GRE
VXLAN
Uses industry standard
protocols:
BGP
MPLS
XMPP
38
Contrail Controller
Configuration Analytics
Control
Server
VM VM VM
Server
VM VM VMIP fabric
(underlay network)
Orchestrator
39. Contrail Controller Components
Configuration nodes
Configuration management and user interface
Convert high-level service data model into low-level technology data model
Publishes data model to Control nodes
Control nodes
Use data model to create desired network state
Interact with each other to maintain network state
XMPP, BGP + NetConf
Analytic nodes
Capture real-time data from network elements
Events stored in NoSQL databases
39
40. Other Contrail Components
Compute nodes
Host tenant and service VMs
Implement a vRouter which handles the forwarding plane
Gateway nodes
Physical routers or switches that connect virtual networks to physical
networks
Service nodes
Physical network devices that provide various network services
Deep Packet Inspection (DPI)
Intrusion Detection and Prevention (IDP)
Load balancing
40
41. Multi-Tenancy 41
VM VM VM
Green
Virtual
Network
VM VM VM
Red
Virtual
Network
VM
R1
VM
G1
VM
R2
VM
G2
OpenStack
Neutron
Contrail
Controller
REST APIs
XMPP
Underlay Switch
Overlay
Tunnel
Routing
Instances
vRouter
Virtualized
Servers
Hypervisor
42. Gateway To Bare-Metal Server 42
VM
R1
VM
R2
OpenStack
Neutron
Contrail
Controller
BGP + NetConf
Overlay
Tunnels
Gateway
Router/Switch
VM VM
Red
Virtual
Network
Bare Metal Server
(Non-virtualized)
43. Dynamic Virtual Services 43
VM
G
VM
R
OpenStack
Neutron
Contrail
ControllerXMPP
VM VM VM
Green
Virtual
Network
VM VM VM
Red
Virtual
Network
44. How Contrail Fits With OpenStack
Contrail utilizes a plugin for
Neutron to enable full integration
with OpenStack
The Contrail vRouter replaces the
standard Linux bridge or OVS on
the compute node (hypervisor)
The Contrail control node
translates the high level
information from the
configuration node into a model
the vRouter will understand, and
transmits the instructions to the
Contrail agent also located on
the compute node
44
Neutron
Plugin
Neutron
Plugin
ScriptsHorizon
Neutron
Plugin
Nova API
Neutron
Driver
Compute
Driver
Virtual-IF
Driver
Contrail
Agent
vRouter
(kernel)
Control
Node
Config Node
Nova
Scheduler
45. Contrail Use Case:
Internet Gateway
MX Series router configured to
peer via BGP with Contrail
Routing instances are used for
each tenant to provide true
separation
Dynamic GRE tunnels set up
between MX gateway and
vRouters on the compute nodes
Floating IPs are in use to allow
each of the three tenants to be
reachable from the Internet
45
46. Contrail Use Case:
Inter-domain Gateway
Applied when multiple Contrail
domains are present in a
datacenter
MX-Series router functions as a
gateway between Contrail “pods”
Multi-tenancy is maintained
through the use of VRFs on the MX
Next-hops are automatically
configured to allow full
reachability
46
47. Contrail Use Case:
Data Center Interconnect
Use case illustrates how MX Series
routers can be used as physical
gateways between datacenters
VRFs are maintained on the MX
gateways for multi-tenancy
BGP (and optionally L3VPN or
EVPN) can be configured
between datacenters for the
tunneled traffic to flow across
GRE over MPLS tunnels created in
Contrail vRouters traverse the
physical network between
datacenters
47
48. Contrail Use Case:
Internetwork Gateway
Assets connected to physical
switches can be connected to a
Contrail domain in the
Internetwork Gateway use case
The MX Series router acts as the
gateway
Physical networks configured with
VLANs can now be reached from
the Contrail domain
Bare-metal servers directly
connected will also have
reachability
48
49. Contrail Use Case:
Service Chaining Gateway
The Service Chaining Gateway
use case allows service providers
to offer advanced services to
customers
Traffic in the Contrail domain can
be forwarded either to a virtual
service appliance or to a physical
device
Examples include:
Firewall
Load Balacing
IPS
49
50. How can SDN Essentials help?
I’M GLAD YOU ASKED!
50
51. “
”
Who Are We?
DOUG MARSCHKE, CTO/FOUNDER SDN ESSENTIALS
SDN Essentials is a professional services company focused on SDN Education &
Training, Professional Consulting and Managed Services.
We are the one-stop SDN shop to plan, build and execute your SDN strategies and
your customers’.
We provide a thorough and real world understanding of SDN and help bring
quicker service offerings, additional revenue, full visibility and control into networks.
51
With major networking vendors, start-ups and open source initiatives
presenting SDN solutions, it has become increasingly difficult for
customers to find the solution that fits their need. I feel it is important
to help customers understand how a disruptive technology like SDN
can benefit and grow their business .
52. Our Goals
To become your trusted SDN partner and channel enabler
Foster open, honest, mutually beneficial relationships
Create new revenue streams for Juniper and its partners by identifying
new opportunities for your platform during our SDN assessments
Provide high-value services to you and your customers
Be your go-to source for all professional services (education, consulting
and managed services)
Generate more awareness for Juniper by sharing product overview
information in our classes
52
53. Meet The Team!
Steve Dyer
Technical Instructor
Chris Jones
SDN Engineer
Chystina French
Director of Operations
Doug Marschke
CTO/Founder
Trisha Kincheloe
Operations Research Analyst
John Hammond
SDN Engineer
Ed McEntee
Business Development/Channel
Director
Doug Wadkins
Chief Product Officer
Darien Hirotsu
SDN Consultant
Marco Alves
SDN Consultant
Mike Risano
Web Developer/Graphic
Designer
53
54. We’re The Industry Experts
6x JNCIEs
1x CCIE
5x Juniper Ingenious Champions
4x Juniper JNCI certified instructors
Juniper JNCI Silver Award winner Steve Dyer
Juniper Ambassador Chris Jones
Authors of a number of books:
54
55. Channel Driven/Channel
Enablement
We are 100% Channel focused
We realized that many channel partners are not ready for SDN yet, so
we have a simple model
Build Trust in Traditional networking services, MX, QFX, EX, etc.
Discover cloud and automation projects for the VAR
Lead Generation with SDN Bootcamps and Webinars
Help create their SDN strategy
Provide Pre-sales services
Then teach them how to start selling SDN/NFV
White Label or SDN Essentials Branded services
Willing to also sub-contract via Juniper PS
55
56. SDN Professional Services
We offer our professional consulting services to value-added resellers
(VARs) and their customers, direct to customers (service providers and
enterprise) and to our SDN solutions partners and peers.
Our team expertise expands well beyond the classroom and
boardroom into datacenters, think-tanks, labs and international
collaboration calls.
We have not only joined the SDN movement, we are leading it with
educational books, classes, professional consulting and thought leadership
among industry associations.
SDN Essentials is and will remain channel and vendor neutral, so that we
can stay focused on providing the highest-quality solutions and
maintain our competitive advantage of SDN knowledge and expertise.
56
57. Service Offerings
Custom Offerings
SDN Readiness Assessments and Prep Installations (Layers 2 & 3)
Examine current network and create a report that details the next steps
needed to move to a SDN architecture (could expand your list of strategic
partners and generate new sales)
SDN Architecture Design
Test Plans and Product Testing in Labs
Implementation and Migration Services
Migrate from current legacy design to SDN architecture
Configure all network elements and controllers
Create software middleware for controller and orchestration tie-in
57
58. Service Offerings
Custom Offerings (cont.)
Datacenter Virtualization
Implement OpenStack with Neutron
Migrate to V-switch environment with central controller using protocols like
OVSDB, OF-CONFG or XMPP
SDN Software Design and Implementation
Whitepaper Creation and Technology Writing
Resident Consultants
Knowledge Transfer
SDN Security
Assessment & Best Practices Consulting
58
59. Education & Training Services
Solutions to empower your team with knowledge and tools to sell
your specific SDN solutions and it’s benefits
Juniper Authorized Education Center!
Courses (via open enrollment and on-demand)
Introductory SDN classes
Vendor-Specific Training Classes and Certifications
Pre-sales Enablement Boot Camps
MDF and lead-gen event courseware
Custom course content
Pre/post technical sales pitches, materials and training
59
60. SDN Courses
SDN Overview
The SDN overview classes are a
1 day class with 75% lecture
and 25% lab that gives a
background on SDN
architecture, definitions, and
where the industry is heading.
This class has been designed to
serve a variety of audiences
from sales, project managers
and network engineers.
SDN For Network
Engineers
The SDN for Network Engineers
class is a 2-day class with 50%
lecture and 50% lab that gives a
background on SDN architecture,
definitions, use cases, where the
industry is heading and migration
strategies.
This class has been designed to
provide a broad and hands-on
experience for network engineers
requiring SDN knowledge.
The Lab uses a variety of
controllers including Floodlight,
Open Daylight and commercial
controllers.
SDN Foundations
The SDN Foundation class is a 3-
day class with 50% lecture and
50% lab that covers the most
recent developments in the
SDN arena.
The added value of this offering
is that it will showcase several
vendor solutions in the practical
component of the class.
60
61. Juniper SDN Courses
Lead Generation
Juniper SDN Bootcamp
1-Day Course
Developed by SDN Essentials
Agenda:
Focuses on Contrail, though also
covers SDN in general as well as
OpenFlow support in Juniper
hardware
Details the Juniper and VMware
partnership and the Universal SDN
Gateway technologies
Hands-on Contrail labs including the
creation of a tenant, virtual
networks, virtual instances, and
service chaining
Configuring & Monitoring Contrail
2-Day Official Juniper Course
Updated by SDN Essentials
Contrail deep-dive
Agenda:
SDN Overview
Contrail Architecture
Basic Configuration
Service Chaining
Analytics
Troubleshooting
Hands-on Contrail labs
61
Standards bodies:
ONF – The Open Networking Foundation is an independent standardization body that focuses on the requirements of the end users as opposed to the desires of vendors. Although there are many prominent vendors involved in the group, an effort is made to ensure that the progress is guided by the community. Important developments to come out of the ONF are the OpenFlow specifications (currently version 1.3 is the most widely adopted), the OF-Config protocol (a companion protocol to OpenFlow that operates at a slower time-scale, also used to configure OpenFlow switches), and the TTP extensions that allow for added flexibility in implementing different match tables in OF switches.
IETF – A long standing organization responsible for all things related to the internet, the IETF has also put forward important contributions such as the OVSDB protocol (Open vSwitch Database Management Protocol) that is used to manage Open vSwitch implementations, as well as I2RS, or Interface To the Routing System, which defines a shim interface between legacy routing applications such as BGP and OSPF and the router’s RIB, for added programmability of the RIB.
ETSI – The Network Functions Virtualization concept is one that is as important as SDN itself. The two technologies are complimentary but independent. ETSI has spearheaded the standardization process for NFV
OpenDaylight – This organization defines a software suite that is a combination of components including a fully pluggable controller, interfaces, protocol plug-ins and applications.