An overview of Juniper Contrail and the competitive landscape.

1. The Juniper SDN
Landscape
SDN ESSENTIALS

2. Who am I?
Chris Jones
chris@sdnessentials.com
Certifications:
• JNCIE-ENT #272
• CCIE #25655 (R&S)
• JNCIP-SP
• JNCIS-SEC
• JNCIS-QF
Author:
• Day One: Junos for IOS Engineers
• Day One: Ambassadors’ Cookbook For Enterprise
• JNCIE-ENT Preparation Workbook
Other:
• Juniper Ambassador
• Juniper Ingenious Champion
2

3. Agenda
 Why SDN
 The current landscape of SDN
 The place of OpenStack
 The value of Contrail
 How we can help
3

4. So, why SDN?
GOOD QUESTION!
4

5. “
”
In this business we shouldn’t forget what
the purpose of the network is: to serve
the needs of the application. And the
network stopped doing that a while
ago.
ART FEWELL, NETWORK WORLD
5

6. Today’s Network Challenges
 High operational costs
 Difficult to manage
 Network scalability has always been a problem
 Unable to adapt to changing traffic patterns and flows
 Decentralized
 Monolithic software
 New features require an update to the entire software stack
6

7. The Push Towards SDN
 SDN Definition
A technology to networking which allows centralized, programmable
control planes so that network operators can control and manage directly
their own virtualized networks.
 Basic Concepts
 Separation of control and data planes
 Centralized, programmable control planes of network equipment
 Support of multiple, isolated virtual networks
 Networks must adjust and respond dynamically
 Newly added features must not disrupt the network
 Alleviate the need for manual configuration of individual devices
7

8. The Four Planes of Networking
 Management
 Configuration and management of
network devices
 Services
 Deep thinking of the software
 Stateful firewalling, IDP, etc.
 Not all devices have a services plane
 Control
 Brains of the software – Directs traffic
 Forwarding
 Brawn of the software – Forwards traffic
8
Network Planes
Management
Services
Control
Forwarding

9. Centralization
 Key principal of SDN
 Centralized management,
services, and control functions
 Master configuration copies
 Distributed forwarding layer
 Local configuration copy
9
Management
Services
Controller
Centralized Functions
Network Device 1
Configuration Copy
Local Control Layer
Forwarding Layer
Network Device 2
Configuration Copy
Local Control Layer
Forwarding Layer
Network Device n
Configuration Copy
Local Control Layer
Forwarding Layer
Distributed Devices

10. SDN Software Directions
 Northbound Interface
 In computer networking and computer architecture, a northbound
interface of a component is an interface that conceptualizes the lower
level details (e.g., data or functions) used by, or in, the component
 Examples: REST API, SMMP, CORBA, SNMP
 Southbound Interface
 Allows a particular network component to communicate with a lower-level
component
 Example: OpenFlow, NETCONF, XMPP
 East-West Interface
 Communicate between groups or federations of controllers to synchronize
state for high availability
 Example: BGP
10

11. What is OpenFlow?
 OpenFlow is a protocol that enables programmability of the
forwarding plane across the network
 OpenFlow is leveraged at the Southbound Interface between SDN
Controller and OpenFlow switch
 OpenFlow attempts to abstract the implementation details of
networks and forwarding elements using simple messaging
11
Forwarding Element
Flow
Table
Flow
Table
Flow
Table
Forwarding Element
Flow
Table
Flow
Table
Flow
Table
Forwarding Element
Flow
Table
Flow
Table
Flow
Table
SDN Controller SDN Controller
East/West Federation
OpenFlow

12. Three SDN Flavors
 Open SDN
 Tremendous promise
 A comprehensive re-engineering of how networking works.
 Requires evolutionary, hybrid deployment strategies to succeed.
 SDN via Overlays
 Immediate and practical solution to solve datacenter issues
 Doesn’t address physical network underneath.
 SDN via API
 Utilizes existing hardware infrastructure
 Stopgap to protect investment
12

13. Open SDN
 Simplified devices
 All control functionality in controller
 Fully distributed enforcement
 Easy to innovate and evolve
 Typically utilizes OpenFlow for
control plane centralization
 OpenFlow allows high-level
switching decisions to be made on
a central controller
 Ability to directly program flow
tables on the switch to specify
forwarding behavior
13
Controller
Data
Forwarding
Data
Forwarding
Data
Forwarding
OpenFlow

14. SDN via Overlays
 Implemented in hypervisor
 Independent of underlying
hardware
 Still must deal with physical
network
 Encapsulates traffic
 VXLAN
 GRE
 MPLS over GRE
14
Overlay
Networks
Physical
Network
Physical
Server
Physical
Server
Physical
Server
Hypervisor Hypervisor Hypervisor
Network Device Network Device
Network Device Network Device Network Device

15. SDN via APIs
 Some network programmability
 “Proprietary Openness”
 Little or no device simplification
 Leaves most control plane
functions on the device
15
Controller
Data Forwarding
API

16. SDN Standards 16
• OpenFlow
• OF-Config
• TTP (Table Type Patterns)
• OVSDB
• I2RS
• NFV (Network Functions Virtualization)
• Open SDN Controller

17. What does the current landscape
look like?
WHO ARE THE BIG PLAYERS?
17

18. Established Vendors:
Cisco Systems
ACI
 SDN via API
 Developed by Insieme Networks
(Cisco), acquired by Cisco in
December, 2013
 Network virtualization platform done
in hardware instead of software
 Uses Nexus 9000 switches and an
Application Policy Infrastructure
Controller (APIC)
 Application-aware network policies
 White-list policy model
18

19. Established Vendors:
Juniper Networks
Juniper Contrail
 SDN via Overlay
 Developed by Contrail Systems,
acquired by Juniper Networks in
December 2012
 Inserts vRouter into compute
hypervisor
 Creates MPLS over GRE tunnels
between vRouters
 Integrates tightly with OpenStack
Universal SDN Gateway
 Open SDN
 MX-Series routers and QFX5100
switches
 Works together with VMware to
provide SDN gateway functionality
for VMware NSX
19
NSX SDN
Pod 1
VxLAN VxLAN VxLAN VxLAN VxLAN
VxLAN VxLAN VxLAN VxLAN VxLAN
Native IP L2 Native IP L2 Native IP L2 Native IP L2
Native IP L2 Native IP L2 Native IP L2 Native IP L2
NSX
Controller
OVSDB
OVSDB

20. Established Vendors:
VMware
NSX
 SDN via Overlay
 Acquired Nicira in 2012
 Components:
 NSX Manager: web-based GUI
management dashboard. Services
provided by NSX APIs
 NSX Controller: distributed virtual
appliances that accept API requests
from an orchestrator and programs the
hypervisor NSX switches and NSX
gateways
 NSX Gateway: Path in/out of the
software defined data center
 NSX vSwitch: Added to the hypervisor to
replace traditional switches.
20

21. Smaller Players:
Brocade
Vyatta Controller
 Open SDN
 Brocade’s OpenDaylight-based
controller
 Brocade is a significant
contributor to OpenDaylight
21

22. Smaller Players:
Big Switch
Big Cloud Fabric
 Open SDN
 Uses a leaf/spine physical Clos fabric
 Big Cloud Fabric Controller
 Uses OpenFlow to communicate with
the physical and virtual switches
 Centralizes the control plane
 Switch Light Operating System on
bare-metal switches
 Switch Light vSwitch on hypervisors
 Plug-ins for OpenStack and
CloudStack
 Programmable via REST API
22

23. Smaller Players:
NEC
ProgrammableFlow Controller
 Open SDN
 NEC is a founding member of the
Open Networking Foundation
(ONF)
 First vendor commercial OpenFlow
controller (2011)
 Flat network fabric architecture
 Open, API-based network
programming
 Works with compute orchestration
such as OpenStack, with Hyper-V
23

24. Start-Ups:
Nuage Networks
 SDN via Overlay
 Subsidiary of Alcatel-Lucent
 Three key software-based
products:
 Virtualized Services Controller
(VSC): Serves as the control plane,
maintaining a per-tenant view of
the network.
 Virtualized Services Directory (VSD):
Serves as the policy, business logic
and analytics engine for the
abstract definition of network
services. Uses RESTful APIs.
 Virtual Routing & Switching (VRS): A
module serving as a virtual
endpoint for network services.
24

25. Start-Ups:
Pica8
 PicOS Linux-based network
operating system
 Runs on commodity bare
metal switches
 Adoption of Open vSwitch
(OVS)
 Supports OpenFlow,
recommending the RYU
OpenFlow Controller
25

26. What is OpenStack…
… AND HOW DOES IT FIT IN?
26

27. OpenStack Overview
 Cloud software orchestration
platform designed to run on
commodity hardware
 Developed by NASA and
Rackspace in 2010
 Made up of a set of open source
projects in a modular architecture
 Collective goal of providing
compute, storage, and networking
for an Infrastructure as a Service
(IaaS) platform
27

28. OpenStack Framework
 Compute (Nova): Provisions and manages virtual machines
 Networking (Neutron): Provides Network as a Service (NaaS) to
compute
 Object Store (Swift): Reliable, scalable storage of various objects
that can be used by other services
 Image Service (Glance): Manages library of server VM images
 Dashboard (Horizon): Django-based web application used by the
cloud administrator
 Authentication (Keystone): Provides authentication services for users
and other OpenStack components as well as API calls
28

29. OpenStack Architecture 29
Dashboard
Horizon
Networking
Neutron
Block Storage
Cinder
Compute
Nova
Image Storage
Glance
Identity
Keystone
Object Storage
Swift

30. Nova (compute)
 OpenStack’s compute
component
 Most complicated and distributed
component of OpenStack
 Handles the creation and
management of virtual machines
 Uses underlying system’s
virtualization
30
dashboard
Message
Queue
API
Scheduler Compute
Network manager Volume manager
HTTP Auth Manager

31. Keystone (identity)
 OpenStack authentication
component
 Generates a token (UUID) and
sends to the client
 Every request includes the token
and is verified by Keystone
 If valid: Returns 200 and process
request
 If invalid: Returns 401 and rejects
request
31
Reject Request Process Request
HTTP 401 HTTP 200
No Yes
Send username/password
Keystone Verifies User/Pass
Generates token
token
Send API request + token
Keystone checks token
Token Valid?

32. Glance (image storage)
 OpenStack’s image
management component
 Used to store images and
templates for VMs
 Can copy or snapshot disk
images that can be used as
templates
32
Web UI Glance CLI
Glance API
Glance-Registry
Image StoreGlance
Database

33. Cinder (block storage)
 Cinder provides block storage
services for OpenStack
 Provisions storage in the form of
block devices known as Cinder
volumes
 Storage can either be:
 Local using attached disks or solid-
state drives
 Remote using standard protocols
such as iSCSI, Fibre Channel and NFS
 Snapshot management and
volume cloning
33
Cinder API
Cinder Scheduler
Local
Cinder Volume
Remote
Cinder Volume
Remote
Cinder Volume
iSCSI NFS

34. Swift (object storage)
 Used for object storage in
OpenStack
 No single point of failure
 Horizontally scalable
 Ideal for storing unstructured data
that can grow without bound:
 Backups
 Video
 Pictures
 Online content
 User-generated data
34
Swift Cluster
account
Container
DB
Account
DB
Object
Store
container object
Swift Proxy

35. Neutron (networking)
 Network as a Service (NaaS)
 Modular, scalable, API-driven system
for managing networks and IP
addresses
 Technnology agnostic – Plug-in
architecture allows connecting to
networking environment of choice
 Provides REST APIs to manage
network connections for compute
and storage
35
L2 Agent
L3 Agent
neutron-server
Database
Message
Queue
DHCP Agent
Adv. Services
L2 AgentL2 AgentL2 AgentL2 AgentL2 Agent
L3 AgentL3 AgentL3 Agent
DHCP Agent

36. Neutron Plug-Ins
 Modular Layer 2 (ML2) Plugin
 Framework allows variety of L2 technologies
 Vendor Plug-in supports third party vendor technologies
 Contrail is an example
36
Core Plug-In (ML2)
Mechanism ManagerType Manager
Type Driver Mechanism Driver
Other GRE VLAN VXLAN Other
Linux
Bridge
OvS Vendor

37. What about Contrail?
AND HOW DOES IT ADD VALUE?
37

38. Contrail Overview
 Juniper Contrail is an
overlay SDN solution
 Replaces Linux bridge with
vRouter on the hypervisor
 Creates tunnels between
vRouters, as necessary
 MPLS over GRE
 VXLAN
 Uses industry standard
protocols:
 BGP
 MPLS
 XMPP
38
Contrail Controller
Configuration Analytics
Control
Server
VM VM VM
Server
VM VM VMIP fabric
(underlay network)
Orchestrator

39. Contrail Controller Components
 Configuration nodes
 Configuration management and user interface
 Convert high-level service data model into low-level technology data model
 Publishes data model to Control nodes
 Control nodes
 Use data model to create desired network state
 Interact with each other to maintain network state
 XMPP, BGP + NetConf
 Analytic nodes
 Capture real-time data from network elements
 Events stored in NoSQL databases
39

40. Other Contrail Components
 Compute nodes
 Host tenant and service VMs
 Implement a vRouter which handles the forwarding plane
 Gateway nodes
 Physical routers or switches that connect virtual networks to physical
networks
 Service nodes
 Physical network devices that provide various network services
 Deep Packet Inspection (DPI)
 Intrusion Detection and Prevention (IDP)
 Load balancing
40

41. Multi-Tenancy 41
VM VM VM
Green
Virtual
Network
VM VM VM
Red
Virtual
Network
VM
R1
VM
G1
VM
R2
VM
G2
OpenStack
Neutron
Contrail
Controller
REST APIs
XMPP
Underlay Switch
Overlay
Tunnel
Routing
Instances
vRouter
Virtualized
Servers
Hypervisor

42. Gateway To Bare-Metal Server 42
VM
R1
VM
R2
OpenStack
Neutron
Contrail
Controller
BGP + NetConf
Overlay
Tunnels
Gateway
Router/Switch
VM VM
Red
Virtual
Network
Bare Metal Server
(Non-virtualized)

43. Dynamic Virtual Services 43
VM
G
VM
R
OpenStack
Neutron
Contrail
ControllerXMPP
VM VM VM
Green
Virtual
Network
VM VM VM
Red
Virtual
Network

44. How Contrail Fits With OpenStack
 Contrail utilizes a plugin for
Neutron to enable full integration
with OpenStack
 The Contrail vRouter replaces the
standard Linux bridge or OVS on
the compute node (hypervisor)
 The Contrail control node
translates the high level
information from the
configuration node into a model
the vRouter will understand, and
transmits the instructions to the
Contrail agent also located on
the compute node
44
Neutron
Plugin
Neutron
Plugin
ScriptsHorizon
Neutron
Plugin
Nova API
Neutron
Driver
Compute
Driver
Virtual-IF
Driver
Contrail
Agent
vRouter
(kernel)
Control
Node
Config Node
Nova
Scheduler

45. Contrail Use Case:
Internet Gateway
 MX Series router configured to
peer via BGP with Contrail
 Routing instances are used for
each tenant to provide true
separation
 Dynamic GRE tunnels set up
between MX gateway and
vRouters on the compute nodes
 Floating IPs are in use to allow
each of the three tenants to be
reachable from the Internet
45

46. Contrail Use Case:
Inter-domain Gateway
 Applied when multiple Contrail
domains are present in a
datacenter
 MX-Series router functions as a
gateway between Contrail “pods”
 Multi-tenancy is maintained
through the use of VRFs on the MX
 Next-hops are automatically
configured to allow full
reachability
46

47. Contrail Use Case:
Data Center Interconnect
 Use case illustrates how MX Series
routers can be used as physical
gateways between datacenters
 VRFs are maintained on the MX
gateways for multi-tenancy
 BGP (and optionally L3VPN or
EVPN) can be configured
between datacenters for the
tunneled traffic to flow across
 GRE over MPLS tunnels created in
Contrail vRouters traverse the
physical network between
datacenters
47

48. Contrail Use Case:
Internetwork Gateway
 Assets connected to physical
switches can be connected to a
Contrail domain in the
Internetwork Gateway use case
 The MX Series router acts as the
gateway
 Physical networks configured with
VLANs can now be reached from
the Contrail domain
 Bare-metal servers directly
connected will also have
reachability
48

49. Contrail Use Case:
Service Chaining Gateway
 The Service Chaining Gateway
use case allows service providers
to offer advanced services to
customers
 Traffic in the Contrail domain can
be forwarded either to a virtual
service appliance or to a physical
device
 Examples include:
 Firewall
 Load Balacing
 IPS
49

50. How can SDN Essentials help?
I’M GLAD YOU ASKED!
50

51. “
”
Who Are We?
DOUG MARSCHKE, CTO/FOUNDER SDN ESSENTIALS
SDN Essentials is a professional services company focused on SDN Education &
Training, Professional Consulting and Managed Services.
We are the one-stop SDN shop to plan, build and execute your SDN strategies and
your customers’.
We provide a thorough and real world understanding of SDN and help bring
quicker service offerings, additional revenue, full visibility and control into networks.
51
With major networking vendors, start-ups and open source initiatives
presenting SDN solutions, it has become increasingly difficult for
customers to find the solution that fits their need. I feel it is important
to help customers understand how a disruptive technology like SDN
can benefit and grow their business .

52. Our Goals
 To become your trusted SDN partner and channel enabler
 Foster open, honest, mutually beneficial relationships
 Create new revenue streams for Juniper and its partners by identifying
new opportunities for your platform during our SDN assessments
 Provide high-value services to you and your customers
 Be your go-to source for all professional services (education, consulting
and managed services)
 Generate more awareness for Juniper by sharing product overview
information in our classes
52

53. Meet The Team!
Steve Dyer
Technical Instructor
Chris Jones
SDN Engineer
Chystina French
Director of Operations
Doug Marschke
CTO/Founder
Trisha Kincheloe
Operations Research Analyst
John Hammond
SDN Engineer
Ed McEntee
Business Development/Channel
Director
Doug Wadkins
Chief Product Officer
Darien Hirotsu
SDN Consultant
Marco Alves
SDN Consultant
Mike Risano
Web Developer/Graphic
Designer
53

54. We’re The Industry Experts
 6x JNCIEs
 1x CCIE
 5x Juniper Ingenious Champions
 4x Juniper JNCI certified instructors
 Juniper JNCI Silver Award winner Steve Dyer
 Juniper Ambassador Chris Jones
 Authors of a number of books:
54

55. Channel Driven/Channel
Enablement
 We are 100% Channel focused
 We realized that many channel partners are not ready for SDN yet, so
we have a simple model
 Build Trust in Traditional networking services, MX, QFX, EX, etc.
 Discover cloud and automation projects for the VAR
 Lead Generation with SDN Bootcamps and Webinars
 Help create their SDN strategy
 Provide Pre-sales services
 Then teach them how to start selling SDN/NFV
 White Label or SDN Essentials Branded services
 Willing to also sub-contract via Juniper PS
55

56. SDN Professional Services
 We offer our professional consulting services to value-added resellers
(VARs) and their customers, direct to customers (service providers and
enterprise) and to our SDN solutions partners and peers.
 Our team expertise expands well beyond the classroom and
boardroom into datacenters, think-tanks, labs and international
collaboration calls.
 We have not only joined the SDN movement, we are leading it with
educational books, classes, professional consulting and thought leadership
among industry associations.
 SDN Essentials is and will remain channel and vendor neutral, so that we
can stay focused on providing the highest-quality solutions and
maintain our competitive advantage of SDN knowledge and expertise.
56

57. Service Offerings
 Custom Offerings
 SDN Readiness Assessments and Prep Installations (Layers 2 & 3)
 Examine current network and create a report that details the next steps
needed to move to a SDN architecture (could expand your list of strategic
partners and generate new sales)
 SDN Architecture Design
 Test Plans and Product Testing in Labs
 Implementation and Migration Services
 Migrate from current legacy design to SDN architecture
 Configure all network elements and controllers
 Create software middleware for controller and orchestration tie-in
57

58. Service Offerings
 Custom Offerings (cont.)
 Datacenter Virtualization
 Implement OpenStack with Neutron
 Migrate to V-switch environment with central controller using protocols like
OVSDB, OF-CONFG or XMPP
 SDN Software Design and Implementation
 Whitepaper Creation and Technology Writing
 Resident Consultants
 Knowledge Transfer
 SDN Security
 Assessment & Best Practices Consulting
58

59. Education & Training Services
 Solutions to empower your team with knowledge and tools to sell
your specific SDN solutions and it’s benefits
 Juniper Authorized Education Center!
 Courses (via open enrollment and on-demand)
 Introductory SDN classes
 Vendor-Specific Training Classes and Certifications
 Pre-sales Enablement Boot Camps
 MDF and lead-gen event courseware
 Custom course content
 Pre/post technical sales pitches, materials and training
59

60. SDN Courses
SDN Overview
The SDN overview classes are a
1 day class with 75% lecture
and 25% lab that gives a
background on SDN
architecture, definitions, and
where the industry is heading.
This class has been designed to
serve a variety of audiences
from sales, project managers
and network engineers.
SDN For Network
Engineers
The SDN for Network Engineers
class is a 2-day class with 50%
lecture and 50% lab that gives a
background on SDN architecture,
definitions, use cases, where the
industry is heading and migration
strategies.
This class has been designed to
provide a broad and hands-on
experience for network engineers
requiring SDN knowledge.
The Lab uses a variety of
controllers including Floodlight,
Open Daylight and commercial
controllers.
SDN Foundations
The SDN Foundation class is a 3-
day class with 50% lecture and
50% lab that covers the most
recent developments in the
SDN arena.
The added value of this offering
is that it will showcase several
vendor solutions in the practical
component of the class.
60

61. Juniper SDN Courses
Lead Generation
Juniper SDN Bootcamp
 1-Day Course
 Developed by SDN Essentials
 Agenda:
 Focuses on Contrail, though also
covers SDN in general as well as
OpenFlow support in Juniper
hardware
 Details the Juniper and VMware
partnership and the Universal SDN
Gateway technologies
 Hands-on Contrail labs including the
creation of a tenant, virtual
networks, virtual instances, and
service chaining
Configuring & Monitoring Contrail
 2-Day Official Juniper Course
 Updated by SDN Essentials
 Contrail deep-dive
 Agenda:
 SDN Overview
 Contrail Architecture
 Basic Configuration
 Service Chaining
 Analytics
 Troubleshooting
 Hands-on Contrail labs
61

62. Get In Touch
 Web: http://sdnessentials.com/
 Sales E-Mail:
sales@sdnessentials.com
 Education E-Mail:
classes@sdnessentials.com
 Sales Office:
 Address: 955 Benecia Ave,
Sunnyvale CA 94085
 Phone: 415-902-5702
62
/sdnessentials
/company/3601186
@SDNEssentials

63. 63
Q & A

64. 64
Thank You.