Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer

Similar documents
Huawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers

CloudVision Macro-Segmentation Service

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Apstra Operating System AOS

Arista 7170 series: Q&A

Cyber Security and the Evolving Datacenter

Building NFV Solutions with OpenStack and Cisco ACI

Installation runbook for

EOS CloudVision Overview Data Sheet

1V0-642.exam.30q.

Automating Cloud Networking with RedHat OpenStack

The Next Opportunity in the Data Centre

OpenStack Networking Services and Orchestration 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. COMPANY PROPRIETARY INFORMATION

EOS CloudVision Overview Data Sheet

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Arista 7300X and 7250X Series: Q&A

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

Data Centers & Clouds Network Plumbing with Palo Alto

Network flow automation and Visibility. Arista Networks France IX

IP Fabric Reference Architecture

JN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min.

Exam Name: VMware Certified Associate Network Virtualization

Provisioning Overlay Networks

DELL EMC TECHNICAL SOLUTION BRIEF

Solving the Virtualization Conundrum

Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay

Provisioning Overlay Networks

Arista 7160 series: Q&A

VMware and Arista Network Virtualization Reference Design Guide for VMware vsphere Environments

MidoNet Scalability Report

Routing Applications State of the Art and Disruptions

Cisco VTS. Enabling the Software Defined Data Center. Jim Triestman CSE Datacenter USSP Cisco Virtual Topology System

Brocade and VMware Strategic Partners. Kyle Creason Brocade Systems Engineer

Arista Telemetry. White Paper. arista.com

Virtualization Design

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

Introducing VMware Validated Designs for Software-Defined Data Center

Introduction. Network Architecture Requirements of Data Centers in the Cloud Computing Era

Attilla de Groot Attilla de Groot Sr. Systems Engineer, HCIE #3494 Cumulus Networks

Arista Solution Overview

Networking Update. August 2017

Design Guide to run VMware NSX for vsphere with Cisco ACI

Introducing VMware Validated Designs for Software-Defined Data Center

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Introducing VMware Validated Designs for Software-Defined Data Center

Cisco SDN 解决方案 ACI 的基本概念

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

Extreme Networks How to Build Scalable and Resilient Fabric Networks

Next-Generation Data Center Interconnect Powered by the Adaptive Cloud Fabric

Multi-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service

Network Configuration Example

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

End-to-end fabric visibility

Cross-vCenter NSX Installation Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

Cross-vCenter NSX Installation Guide. Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3

Openstack Networking Design

Arista 7020R Series: Q&A

ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM

Cross-vCenter NSX Installation Guide. Update 4 VMware NSX for vsphere 6.4 VMware NSX Data Center for vsphere 6.4

DELL EMC VSCALE FABRIC

Pluribus Adaptive Cloud Fabric

Software Defined Cloud Networking

Technical Brief. Achieving a Scale-Out IP Fabric with the Adaptive Cloud Fabric Architecture.

Cloud Networking (VITMMA02) Server Virtualization Data Center Gear

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

Layer-4 to Layer-7 Services

Title DC Automation: It s a MARVEL!

CONTRAIL SECURITY. Contrail Cloud Networking & Security

Introduction to Neutron. Network as a Service

Q Highlights! November 2015!

Pluribus Adaptive Cloud Fabric Powering the Software-Defined Enterprise

Junos Fusion Data Center

Welcome. Questions? Please contact or call

Hochverfügbarkeit in Campusnetzen

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Red Hat OpenStack Platform 10 Red Hat OpenDaylight Product Guide

Solution Guide. Infrastructure as a Service: EVPN and VXLAN. Modified: Copyright 2016, Juniper Networks, Inc.

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Fully Scalable Networking with MidoNet

NSX Administration Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

Arista 7010 Series: Q&A

CloudEngine Series Data Center Switches

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Hierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017

VMware Validated Design for Micro-Segmentation Reference Architecture Guide

Data Center Configuration. 1. Configuring VXLAN

LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager

Parallel to NSX Edge Using Avi Vantage for North-South and East-West Load Balancing

Virtual Machine Manager Domains

Integrating Juniper Networks QFX5100 Switches and Junos Space into VMware NSX Environments

Creating a VMware vcloud NFV Platform R E F E R E N C E A R C H I T E C T U R E V E R S I O N 1. 5

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Arista 7500R series: Q&A

Smart Software is Indispensable, Smart Networking Hardware is Fundamental

Contrail Networking: Evolve your cloud with Containers

Arista Universal Cloud Network

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit

VXLAN Design Using Dell EMC S and Z series Switches

Transcription:

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung Alexei Agueev, Systems Engineer

ETHERNET MIGRATION 10G/40G à 25G/50G/100G

Interface Parallelism Parallelism increases the effective speed of an interface Each interface uses multiple lanes/lasers Bit Stripping ensures maximum efficiency Increased failure domain Multiplicative CapEX Cost 10G 40G

Standardizing on 25GbE Faster clock rate increases the effective speed of an interface Each interface uses a single lane/lasers 10G 25G 50G 25G & 50G Ethernet Founding Member

Cloud Servers & Storage Driving 25GbE and 50GbE Adoption PCIe Gen3 drives 25G and 50G PCIe-Gen1 2Gb/s 4x = 10GbE PCIe-Gen2 4Gb/s 8x = 40GbE PCIe-Gen3 8Gb/s 8x = 50GbE Evolution of PCI Express Technology Maximize switch and server throughput and efficiency Minimize capex fewer switch ports and cables Minimize opex lower power and cooling Minimize cost per bit by utilizing highest speed available

Example of a 2x 25G Ethernet Adapter

Evolution of the Network Leaf 2011-7050 Series 2013-7050X Series 2015-7060X Series 64 lanes 1.28Tbps 128 lanes 2.56Tbps 128 lanes 6.4Tbps 1/10GbE 10/40GbE 25/40/100GbE

OPENSTACK INTEGRATION MODELS

Arista EOS DB protobuf OpenConfig SDK CLI eapi OMI XMPP Next Gen EOS For YANG model configs For Analytics and Telemetry Mgt BGP container tracer More Application Visibility Notify MLAG SysDB states PIM Add containers in EOS Logs STP Counters Driver IGMP etc More languages (Go SDK, goapi) Hybrid Cloud integration Arista hardware abstraction Unmodified Linux. layer Kernel New protocols scaling: 1M+ Routes, 100K+ tunnels, Millisecond convergence

NetDB Custom Back-end OR CloudVision Apps Partner Apps Custom Apps Open APIs grpc ( protobuf ), HTTP, Custom (SDK, scripts), OpenConfig YANG models, RESTCONF, NETCONF Stream APIs Stream APIs Stream APIs Stream APIs Stream APIs Network state architecture Real-time state streaming Working with Network States Coalesce - network-wide states into one DB State Filtering Queries Exports Use Cases Analytics - anomalies, trends, security,... Correlation - troubleshoot, understand behaviours Telemetry - real-time counters, queues, logs, events Same publish-subscribe architecture as SysDB Network Central State Store open collection and consumption State Replication Complete network-wide real-time state streaming

Arista OpenStack Integration VLAN-based/ML2 CVX as a single point of contact CVX takes care of MLAG Dynamic VLAN creation (LLDP-based) Neutron ML2 Arista CVX MLAG Spine Create VLAN L2 Fabric Dynamic creation of VLAN on OS compute node link and uplink based on CVX LLDP table Rack 1 Rack N-1 Rack N-2 Rack N

Arista OpenStack Integration VXLAN-based Transparent VLAN or Hierarchical Port Binding Scalable IP fabric with a Layer 3 ECMP design Hardware VXLAN VTEP configured on every leaf switch Layer 2 connectivity between racks via VXLAN across the L3 fabric Neutron ML2 Arista CVX Layer 3 ECMP fabric for increased underlay scale Create VLAN VNI àvlan Layer 2 L3 ECMP IP Fabric VNI VNI VTEP VTEP VTEP VTEP Rack 1 Rack N-1 Rack N-2 Rack N

Arista OpenStack Integration L2 Gateway Syncs the Neutron DB with the CVX DB via DB Integration with Ironic. Support for Security Groups Every ToR can be a HW VTEP and pass-through for VXLAN at the same time MLAG redundancy supported seemlessly Neutron L2 Gw Svc Plugin L2 Gw Agent DB CVX Create Port, VLAN à VNI Mapping Layer 2 L3 ECMP IP Fabric VNI Layer 3 ECMP fabric for increased underlay scale VNI VTEP VTEP VTEP VNI VTEP Bare Metal Security Groups Rack 1 Rack N-1 Rack N-2 Rack N

Scaling OpenStack Multiple OpenStack clusters supported per CVX instance Can be combined with other network virtualization NSX Etc VXLAN breaks out of the 4K VLAN limit 16M VNIs mapped to locally significant VLANs

Multi-Tenant OpenStack Deployment Neutron (Region1) ML2 Arista Neutron (Region2) ML2 Arista VNI Y Region 1 VNI X Region 2 VTEP VTEP VTEP VTEP Rack 1- Region1 Rack 2 Region1 Rack N-1 Region2 Rack N Region2

Routing with OpenStack L2 up until now, how do you route? Can be performed by a Network Node Allows connectivity between tenants and external networks NAT Support VRF Support Limited by software Alterative is perform this at the switch...with limitations!

OpenStack Integration L3 Plugin Arista L3 plugin provisions SVIs over eapi in response to tenant s creating logical routers Routing happens at dedicated network nodes Pair of MLAGed physical devices Active-Active HA via MLAG Performs routing for the OpenStack cluster - Can be scaled out horizontally by tenant as needed TORs can also be used as the routing nodes Neutron MLAG Spine ML2 Arista L2 Fabric Arista L3 Plugin Arista L3 node Infra / GW Rack Rack N-1 Rack N-2 Rack N

MACRO-SEGMENTATION SECURITY (MSS)

Current Approaches for DC Security Security at the perimeter north-south flows only Scaling limitations e.g. active/standby HA pairing Security policy dependent on network topology and vice versa Network & security administration are co-dependent Limited or no security of east-west flows, especially for physical devices Little or no coordination between vswitch security and physical firewalling Active vswitch vswitch Active/Standby Current approaches ill-suited to the needs of the Software Driven Cloud Data Center

Definitions Micro-Segmentation Inserting services in the path of inter-vm traffic (e.g. intra-tenant) Policies defined by VMware NSX for each workload Enforced in the Distributed vswitch based application, tag, etc., Macro-Segmentation TM Inserting services between workgroups (inter-tenant) in the physical network by defining inter-workgroup policies Arista Macro-Segmentation Security (MSS TM ) An extension in EOS that utilizes CloudVision to automate security service insertion in the network Integration with leading next-generation firewalls

Micro-Segmentation VMware NSX distributed firewalling addresses security policy and tenant isolation inside the hypervisors (Implemented by the VMware distributed virtual switch) Provides very fine-grained security policies at VM-level in conjunction with virtual instances of next generation firewalls for advanced security Utilizes the full context of the hypervisor with visibility into end-user, application, and tenant related information Challenges around physical devices Micro-segmentation is complementary to Macro-Segmentation (MSS is implemented network-wide via CloudVision and the Arista TOR switches)

Arista Macro-Segmentation Services Transparent Insertion of Firewall/ Service No new tagging or encapsulation One point of control e.g. the security policy manager For both physical and virtual firewalls Directly maps to security model zones etc. No server reconfiguration No per application overhead Virtual Virtual Physical Firewalls Physical Servers & Storage

Arista Macro-Segmentation Services Physical Topology Logical Topology Enables Logical Topology to Enable Services in the Network Instantiates logical network topology to enforce service policies No constraints on physical topology - or device placement Policy comes from the service devices themselves

Arista Macro-Segmentation Services Security Admin owns the security policies No Network Admin involvement required Network Admin owns the network configuration. PAN service is enabled within CloudVision, which: Learns security policies and associated end devices Logically instantiates them in the network

Arista Macro-Segmentation Services Dynamic Insert security between any data center physical and virtual workload Automatic and seamless service insertion Follows host and application throughout the network Open No proprietary frame formats Works in multi-vendor network architecture Open APIs Ecosystem Works with leading Security, Cloud Orchestration and Overlay Controllers

Thank You Spring 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback